[Borgbackup] borg outputs "Failed to securely erase old repository config file" twice in borg check
Thomas Waldmann
tw at waldmann-edv.de
Wed Sep 27 11:21:59 EDT 2023
> Remote: Failed to securely erase old repository config file (hardlinks
> not supported). Old repokey data, if any, might persist on physical
> storage.
That's usually not a security problem, except if you changed your
passphrase to re-protect the key after a passphrase disclosure.
> and that is really annoying because - as you can guess - this triggers
> an email if the "check" job is run by cron.
Ah, I see.
> After reading the discussion in various github issues (especially
> https://github.com/borgbackup/borg/issues/3591#issuecomment-363362442) I
> think I have a rough idea why borg outputs the warning but I think it is
> not relevant in our case (not using repokeys).
Yeah, in that case you are not affected.
> - Is there a way silence the warning?
IIRC not in borg, but you could use this to filter it out:
borg ... | grep -v Failed.to.securely.erase.old.repository.config
> - Why does "borg check" want to rewrite the config?
Not sure why precisely it is in that case, but some of the reasons are:
- keeping the state of progress of some repo-level operations (e.g. borg
check - but not sure if that was already in 1.1.x)
- change of passphrase with repokey
- borg config commands that change repo config values
There is a ticket about splitting the config into usually-static and
dynamic parts, but it is not done yet.
--
GPG Fingerprint: 6D5B EF9A DD20 7580 5747 B70F 9F88 FB52 FAF7 B393
More information about the Borgbackup
mailing list