Merge pull request #7798 from ThomasWaldmann/check-improve-TAM-loggin…

…g-1.2 check: improve logging for TAM issues, fixes #7797
borgbackup · Sep 1, 2023 · ee6a8e2 · ee6a8e2
2 parents 65d75c1 + 7fd91f4
commit ee6a8e2
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/src/borg/archive.py b/src/borg/archive.py
@@ -1820,13 +1820,17 @@ def valid_archive(obj):
                 # are likely looking at an archive item here, also check the TAM authentication:
                 try:
                     archive, verified, _ = self.key.unpack_and_verify_archive(data, force_tam_not_required=False)
-                except IntegrityError:
+                except IntegrityError as integrity_error:
                     # TAM issues - do not accept this archive!
                     # either somebody is trying to attack us with a fake archive data or
                     # we have an ancient archive made before TAM was a thing (borg < 1.0.9) **and** this repo
                     # was not correctly upgraded to borg 1.2.5 (see advisory at top of the changelog).
                     # borg can't tell the difference, so it has to assume this archive might be an attack
                     # and drops this archive.
+                    name = archive.get(b'name', b'<unknown>').decode('ascii', 'replace')
+                    logger.error('Archive TAM authentication issue for archive %s: %s', name, integrity_error)
+                    logger.error('This archive will *not* be added to the rebuilt manifest! It will be deleted.')
+                    self.error_found = True
                     continue
                 # note: if we get here and verified is False, a TAM is not required.
                 archive = ArchiveItem(internal_dict=archive)
@@ -2071,6 +2075,7 @@ def valid_item(obj):
                     # when upgrading to borg 1.2.5, users are expected to TAM-authenticate all archives they
                     # trust, so there shouldn't be any without TAM.
                     logger.error('Archive TAM authentication issue for archive %s: %s', info.name, integrity_error)
+                    logger.error('This archive will be *removed* from the manifest! It will be deleted.')
                     self.error_found = True
                     del self.manifest.archives[info.name]
                     continue