diff --git a/changelog/unreleased/issue-2388 b/changelog/unreleased/issue-2388 new file mode 100644 index 00000000..3b4f1e76 --- /dev/null +++ b/changelog/unreleased/issue-2388 @@ -0,0 +1,7 @@ +Enhancement: Add warning for S3 if partial credentials are provided + +Check if both the AWS key ID and secret environment variables are set +before connecting to the remote server and report an error if not. + +https://github.com/restic/restic/issues/2388 +https://github.com/restic/restic/pull/3532 diff --git a/cmd/restic/cmd_self_update.go b/cmd/restic/cmd_self_update.go index f71bdf16..6d604c79 100644 --- a/cmd/restic/cmd_self_update.go +++ b/cmd/restic/cmd_self_update.go @@ -71,7 +71,7 @@ func runSelfUpdate(opts SelfUpdateOptions, gopts GlobalOptions, args []string) e } } - Printf("writing restic to %v\n", opts.Output) + Verbosef("writing restic to %v\n", opts.Output) v, err := selfupdate.DownloadLatestStableRelease(gopts.ctx, opts.Output, version, Verbosef) if err != nil { diff --git a/cmd/restic/global.go b/cmd/restic/global.go index e86fa78e..4ce67b83 100644 --- a/cmd/restic/global.go +++ b/cmd/restic/global.go @@ -555,6 +555,12 @@ func parseConfig(loc location.Location, opts options.Options) (interface{}, erro cfg.Secret = os.Getenv("AWS_SECRET_ACCESS_KEY") } + if cfg.KeyID == "" && cfg.Secret != "" { + return nil, errors.Fatalf("unable to open S3 backend: Key ID ($AWS_ACCESS_KEY_ID) is empty") + } else if cfg.KeyID != "" && cfg.Secret == "" { + return nil, errors.Fatalf("unable to open S3 backend: Secret ($AWS_SECRET_ACCESS_KEY) is empty") + } + if cfg.Region == "" { cfg.Region = os.Getenv("AWS_DEFAULT_REGION") } diff --git a/doc/080_examples.rst b/doc/080_examples.rst index cc332874..5aa10be2 100644 --- a/doc/080_examples.rst +++ b/doc/080_examples.rst @@ -309,7 +309,7 @@ the backups: .. code-block:: console - root@a3e580b6369d:/# useradd -m restic + root@a3e580b6369d:/# useradd --system --create-home --shell /sbin/nologin restic Then we download and install the restic binary into the user's home directory (please adjust the URL to refer to the latest restic version). @@ -317,7 +317,7 @@ directory (please adjust the URL to refer to the latest restic version). .. code-block:: console root@a3e580b6369d:/# mkdir ~restic/bin - root@a3e580b6369d:/# curl -L https://github.com/restic/restic/releases/download/v0.9.6/restic_0.9.6_linux_amd64.bz2 | bunzip2 > ~restic/bin/restic + root@a3e580b6369d:/# curl -L https://github.com/restic/restic/releases/download/v0.12.1/restic_0.12.1_linux_amd64.bz2 | bunzip2 > ~restic/bin/restic Before we assign any special capability to the restic binary we restrict its permissions so that only root and the newly created diff --git a/internal/backend/s3/s3.go b/internal/backend/s3/s3.go index d94e7be8..be183097 100644 --- a/internal/backend/s3/s3.go +++ b/internal/backend/s3/s3.go @@ -69,6 +69,15 @@ func open(ctx context.Context, cfg Config, rt http.RoundTripper) (*Backend, erro }, }) + c, err := creds.Get() + if err != nil { + return nil, errors.Wrap(err, "creds.Get") + } + + if c.SignerType == credentials.SignatureAnonymous { + debug.Log("using anonymous access for %#v", cfg.Endpoint) + } + options := &minio.Options{ Creds: creds, Secure: !cfg.UseHTTP, diff --git a/internal/bloblru/cache.go b/internal/bloblru/cache.go index dc977e65..b524f870 100644 --- a/internal/bloblru/cache.go +++ b/internal/bloblru/cache.go @@ -47,7 +47,7 @@ func New(size int) *Cache { func (c *Cache) Add(id restic.ID, blob []byte) (old []byte) { debug.Log("bloblru.Cache: add %v", id) - size := len(blob) + overhead + size := cap(blob) + overhead if size > c.size { return } @@ -66,7 +66,7 @@ func (c *Cache) Add(id restic.ID, blob []byte) (old []byte) { for size > c.free { _, val, _ := c.c.RemoveOldest() b := val.([]byte) - if len(b) > len(old) { + if cap(b) > cap(old) { // We can only return one buffer, so pick the largest. old = b } @@ -91,6 +91,6 @@ func (c *Cache) Get(id restic.ID) ([]byte, bool) { func (c *Cache) evict(key, value interface{}) { blob := value.([]byte) - debug.Log("bloblru.Cache: evict %v, %d bytes", key, len(blob)) - c.free += len(blob) + overhead + debug.Log("bloblru.Cache: evict %v, %d bytes", key, cap(blob)) + c.free += cap(blob) + overhead } diff --git a/internal/bloblru/cache_test.go b/internal/bloblru/cache_test.go index c257a95e..34280e35 100644 --- a/internal/bloblru/cache_test.go +++ b/internal/bloblru/cache_test.go @@ -28,9 +28,11 @@ func TestCache(t *testing.T) { rtest.Equals(t, exp, blob) } - addAndCheck(id1, make([]byte, 32*kiB)) - addAndCheck(id2, make([]byte, 30*kiB)) - addAndCheck(id3, make([]byte, 10*kiB)) + // Our blobs have len 1 but larger cap. The cache should check the cap, + // since it more reliably indicates the amount of memory kept alive. + addAndCheck(id1, make([]byte, 1, 32*kiB)) + addAndCheck(id2, make([]byte, 1, 30*kiB)) + addAndCheck(id3, make([]byte, 1, 10*kiB)) _, ok := c.Get(id2) rtest.Assert(t, ok, "blob %v not present", id2)