From afab5b2f0b4e06a5c41f064d10f65ead063ab5af Mon Sep 17 00:00:00 2001 From: Nicolas Schodet Date: Mon, 27 Jul 2020 17:36:14 +0200 Subject: Borg.init: add the now required encryption type parameter The encryption type is now a required parameter when creating a repository. Unless you use no encryption, you must provide the repository passphrase, for example: withPrivData (Password "backups") (Context "borg") $ \getdata -> property' "borg repo" $ \w -> getdata $ \privdata -> ensureProperty w $ Borg.init (Borg.BorgRepoUsing [Borg.UsesEnvVar ("BORG_PASSPHRASE", privDataVal privdata)] "/path/to/backups") Borg.BorgEncKeyfile --- src/Propellor/Property/Borg.hs | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) (limited to 'src/Propellor/Property/Borg.hs') diff --git a/src/Propellor/Property/Borg.hs b/src/Propellor/Property/Borg.hs index f662c8ee..075e53bc 100644 --- a/src/Propellor/Property/Borg.hs +++ b/src/Propellor/Property/Borg.hs @@ -6,6 +6,7 @@ module Propellor.Property.Borg ( BorgParam , BorgRepo(..) , BorgRepoOpt(..) + , BorgEnc(..) , installed , repoExists , init @@ -40,6 +41,27 @@ data BorgRepoOpt -- borg on a BorgRepo. | UsesEnvVar (String, String) +-- | Borg Encryption type. +data BorgEnc + -- | No encryption, no authentication. + = BorgEncNone + -- | Authenticated, using SHA-256 for hash/MAC. + | BorgEncAuthenticated + -- | Authenticated, using Blake2b for hash/MAC. + | BorgEncAuthenticatedBlake2 + -- | Encrypted, storing the key in the repository, using SHA-256 for + -- hash/MAC. + | BorgEncRepokey + -- | Encrypted, storing the key in the repository, using Blake2b for + -- hash/MAC. + | BorgEncRepokeyBlake2 + -- | Encrypted, storing the key outside of the repository, using + -- SHA-256 for hash/MAC. + | BorgEncKeyfile + -- | Encrypted, storing the key outside of the repository, using + -- Blake2b for hash/MAC. + | BorgEncKeyfileBlake2 + repoLoc :: BorgRepo -> String repoLoc (BorgRepo s) = s repoLoc (BorgRepoUsing _ s) = s @@ -74,13 +96,14 @@ repoExists :: BorgRepo -> IO Bool repoExists repo = runBorg repo [Param "list", Param (repoLoc repo)] -- | Inits a new borg repository -init :: BorgRepo -> Property DebianLike -init repo = check (not <$> repoExists repo) +init :: BorgRepo -> BorgEnc -> Property DebianLike +init repo enc = check (not <$> repoExists repo) (cmdPropertyEnv "borg" initargs (runBorgEnv repo)) `requires` installed where initargs = [ "init" + , encParam enc , repoLoc repo ] @@ -202,3 +225,13 @@ data KeepPolicy | KeepWeeks Int | KeepMonths Int | KeepYears Int + +-- | Construct the encryption type parameter. +encParam :: BorgEnc -> BorgParam +encParam BorgEncNone = "--encryption=none" +encParam BorgEncAuthenticated = "--encryption=authenticated" +encParam BorgEncAuthenticatedBlake2 = "--encryption=authenticated-blake2" +encParam BorgEncRepokey = "--encryption=repokey" +encParam BorgEncRepokeyBlake2 = "--encryption=repokey-blake2" +encParam BorgEncKeyfile = "--encryption=keyfile" +encParam BorgEncKeyfileBlake2 = "--encryption=keyfile-blake2" -- cgit v1.2.3