Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New security changes broke remote access to repos #292

Open
lockheed opened this issue Apr 21, 2015 · 6 comments
Open

New security changes broke remote access to repos #292

lockheed opened this issue Apr 21, 2015 · 6 comments

Comments

@lockheed
Copy link

If I have a backup server which can be accessed with public IP and LAN IP, updating a repo from public IP makes it inaccessible from LAN IP (and vice-versa):

Warning: The repository at location ssh://[email protected]/mnt/hdd/attic/main.attic was previously located at ssh://attic-test@publicip:26332/mnt/hdd/attic/main.attic
attic: Error: Repository access aborted'
@jborg
Copy link
Owner

jborg commented Apr 22, 2015

Right, I sort of expected that somebody would run into something like this. We could always extend this feature to a list of known locations.
Could you explain a little more about your particular setup that triggers this. Is this triggered by an automated backup script or by manual usage?

@lockheed
Copy link
Author

It is triggered by the script, but when I try to do it manually, its the same things.
Both script and manual backup work when accessing the server on its interface the repo was created on - say, public IP - and neither works when accessing the sever on its LAN ip.

Furthermore, even if it gets fixed, I would suggest that the list of secure locations is an opt-in feature. For people who travel a lot with their laptops, it makes attic not work on its defaults.

@Shuro
Copy link

Shuro commented May 12, 2015

Same problem here. Created the repository like that:

~> mkdir /backup && cd /backup
/backup> attic init backup.attic

Now, if I try something like the following:

/backup> attic create --stats /backup/backup.attic::`date +%Y-%m-%d--%H:%M:%S` / --exclude "/backup/*" --exclude /tmp --exclude /sys --exclude /mnt --exclude /dev --exclude /media --exclude /lost+found --exclude /proc --exclude /run
Warning: The repository at location /backup/backup.attic was previously located at backup.attic
attic: Error: Repository access aborted

@Shuro Shuro mentioned this issue May 12, 2015
Open
@maltefiala maltefiala mentioned this issue May 14, 2015
Closed
@drieskimpe
Copy link

Attic-0.15 (and possibly earlier -- didn't check when it was introduced) checks if an environment variable ATTIC_RELOCATED_REPO_ACCESS_IS_OK is set, and if it is, warns but continues even if the repo was moved.

@cgag
Copy link

cgag commented Sep 18, 2015

I just ran into this after rsyncing an attic repo to a different vps. I was able to fix it using that environment variable. ATTIC_RELOCATED_REPO_ACCESS_IS_OK=true ./backup

I'm on 0.16.

@ThomasWaldmann
Copy link
Contributor

If one is consistently using same pathes (always absolute xor always relative (with same amount of dir levels)) and also is consistent about using or not using trailing slashes, this issue does not happen.

os.path.normpath could solve some of these cases, but not all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@jborg @ThomasWaldmann @cgag @Shuro @lockheed @drieskimpe