attic icon indicating copy to clipboard operation
attic copied to clipboard

Published 20 hours ago verified publisher icon jborg

New security changes broke remote access to repos

Open lockheed opened this issue 10 years ago • 6 comments

If I have a backup server which can be accessed with public IP and LAN IP, updating a repo from public IP makes it inaccessible from LAN IP (and vice-versa):

Warning: The repository at location ssh://[email protected]/mnt/hdd/attic/main.attic was previously located at ssh://attic-test@publicip:26332/mnt/hdd/attic/main.attic attic: Error: Repository access aborted'

lockheed avatar Apr 21 '15 21:04 lockheed

Right, I sort of expected that somebody would run into something like this. We could always extend this feature to a list of known locations. Could you explain a little more about your particular setup that triggers this. Is this triggered by an automated backup script or by manual usage?

jborg avatar Apr 22 '15 19:04 jborg

It is triggered by the script, but when I try to do it manually, its the same things. Both script and manual backup work when accessing the server on its interface the repo was created on - say, public IP - and neither works when accessing the sever on its LAN ip.

Furthermore, even if it gets fixed, I would suggest that the list of secure locations is an opt-in feature. For people who travel a lot with their laptops, it makes attic not work on its defaults.

lockheed avatar Apr 22 '15 21:04 lockheed

Same problem here. Created the repository like that:

~> mkdir /backup && cd /backup
/backup> attic init backup.attic

Now, if I try something like the following:

/backup> attic create --stats /backup/backup.attic::`date +%Y-%m-%d--%H:%M:%S` / --exclude "/backup/*" --exclude /tmp --exclude /sys --exclude /mnt --exclude /dev --exclude /media --exclude /lost+found --exclude /proc --exclude /run
Warning: The repository at location /backup/backup.attic was previously located at backup.attic
attic: Error: Repository access aborted

Shuro avatar May 12 '15 13:05 Shuro

Attic-0.15 (and possibly earlier -- didn't check when it was introduced) checks if an environment variable ATTIC_RELOCATED_REPO_ACCESS_IS_OK is set, and if it is, warns but continues even if the repo was moved.

drieskimpe avatar May 20 '15 20:05 drieskimpe

I just ran into this after rsyncing an attic repo to a different vps. I was able to fix it using that environment variable. ATTIC_RELOCATED_REPO_ACCESS_IS_OK=true ./backup

I'm on 0.16.

cgag avatar Sep 18 '15 20:09 cgag

If one is consistently using same pathes (always absolute xor always relative (with same amount of dir levels)) and also is consistent about using or not using trailing slashes, this issue does not happen.

os.path.normpath could solve some of these cases, but not all.

ThomasWaldmann avatar Jan 30 '16 00:01 ThomasWaldmann