Merge branch 'restic:master' into natsio

2025-06-27 08:38:24 +00:00 · 2021-10-14 12:40:12 +08:00 · 2021-10-14 12:40:12 +08:00 · 14b62f5dfa
commit 14b62f5dfa
parent 82fca6d76a 46d08d9404
7 changed files with 34 additions and 10 deletions
--- a/changelog/unreleased/issue-2388
+++ b/changelog/unreleased/issue-2388
@ -0,0 +1,7 @@
+Enhancement: Add warning for S3 if partial credentials are provided
+
+Check if both the AWS key ID and secret environment variables are set
+before connecting to the remote server and report an error if not.
+
+https://github.com/restic/restic/issues/2388
+https://github.com/restic/restic/pull/3532
--- a/cmd/restic/cmd_self_update.go
+++ b/cmd/restic/cmd_self_update.go
@ -71,7 +71,7 @@ func runSelfUpdate(opts SelfUpdateOptions, gopts GlobalOptions, args []string) e
 		}
 	}

-	Printf("writing restic to %v\n", opts.Output)
+	Verbosef("writing restic to %v\n", opts.Output)

 	v, err := selfupdate.DownloadLatestStableRelease(gopts.ctx, opts.Output, version, Verbosef)
 	if err != nil {
--- a/cmd/restic/global.go
+++ b/cmd/restic/global.go
@ -555,6 +555,12 @@ func parseConfig(loc location.Location, opts options.Options) (interface{}, erro
 			cfg.Secret = os.Getenv("AWS_SECRET_ACCESS_KEY")
 		}

+		if cfg.KeyID == "" && cfg.Secret != "" {
+			return nil, errors.Fatalf("unable to open S3 backend: Key ID ($AWS_ACCESS_KEY_ID) is empty")
+		} else if cfg.KeyID != "" && cfg.Secret == "" {
+			return nil, errors.Fatalf("unable to open S3 backend: Secret ($AWS_SECRET_ACCESS_KEY) is empty")
+		}
+
 		if cfg.Region == "" {
 			cfg.Region = os.Getenv("AWS_DEFAULT_REGION")
 		}
--- a/doc/080_examples.rst
+++ b/doc/080_examples.rst
@ -309,7 +309,7 @@ the backups:

 .. code-block:: console

-   root@a3e580b6369d:/# useradd -m restic
+   root@a3e580b6369d:/# useradd --system --create-home --shell /sbin/nologin restic

 Then we download and install the restic binary into the user's home 
 directory (please adjust the URL to refer to the latest restic version).
@ -317,7 +317,7 @@ directory (please adjust the URL to refer to the latest restic version).
 .. code-block:: console

   root@a3e580b6369d:/# mkdir ~restic/bin
-   root@a3e580b6369d:/# curl -L https://github.com/restic/restic/releases/download/v0.9.6/restic_0.9.6_linux_amd64.bz2 | bunzip2 > ~restic/bin/restic
+   root@a3e580b6369d:/# curl -L https://github.com/restic/restic/releases/download/v0.12.1/restic_0.12.1_linux_amd64.bz2 | bunzip2 > ~restic/bin/restic

 Before we assign any special capability to the restic binary we
 restrict its permissions so that only root and the newly created
--- a/internal/backend/s3/s3.go
+++ b/internal/backend/s3/s3.go
@ -69,6 +69,15 @@ func open(ctx context.Context, cfg Config, rt http.RoundTripper) (*Backend, erro
 		},
 	})

+	c, err := creds.Get()
+	if err != nil {
+		return nil, errors.Wrap(err, "creds.Get")
+	}
+
+	if c.SignerType == credentials.SignatureAnonymous {
+		debug.Log("using anonymous access for %#v", cfg.Endpoint)
+	}
+
 	options := &minio.Options{
 		Creds:     creds,
 		Secure:    !cfg.UseHTTP,
--- a/internal/bloblru/cache.go
+++ b/internal/bloblru/cache.go
@ -47,7 +47,7 @@ func New(size int) *Cache {
 func (c *Cache) Add(id restic.ID, blob []byte) (old []byte) {
 	debug.Log("bloblru.Cache: add %v", id)

-	size := len(blob) + overhead
+	size := cap(blob) + overhead
 	if size > c.size {
 		return
 	}
@ -66,7 +66,7 @@ func (c *Cache) Add(id restic.ID, blob []byte) (old []byte) {
 	for size > c.free {
 		_, val, _ := c.c.RemoveOldest()
 		b := val.([]byte)
-		if len(b) > len(old) {
+		if cap(b) > cap(old) {
 			// We can only return one buffer, so pick the largest.
 			old = b
 		}
@ -91,6 +91,6 @@ func (c *Cache) Get(id restic.ID) ([]byte, bool) {

 func (c *Cache) evict(key, value interface{}) {
 	blob := value.([]byte)
-	debug.Log("bloblru.Cache: evict %v, %d bytes", key, len(blob))
-	c.free += len(blob) + overhead
+	debug.Log("bloblru.Cache: evict %v, %d bytes", key, cap(blob))
+	c.free += cap(blob) + overhead
 }
--- a/internal/bloblru/cache_test.go
+++ b/internal/bloblru/cache_test.go
@ -28,9 +28,11 @@ func TestCache(t *testing.T) {
 		rtest.Equals(t, exp, blob)
 	}

-	addAndCheck(id1, make([]byte, 32*kiB))
-	addAndCheck(id2, make([]byte, 30*kiB))
-	addAndCheck(id3, make([]byte, 10*kiB))
+	// Our blobs have len 1 but larger cap. The cache should check the cap,
+	// since it more reliably indicates the amount of memory kept alive.
+	addAndCheck(id1, make([]byte, 1, 32*kiB))
+	addAndCheck(id2, make([]byte, 1, 30*kiB))
+	addAndCheck(id3, make([]byte, 1, 10*kiB))

 	_, ok := c.Get(id2)
 	rtest.Assert(t, ok, "blob %v not present", id2)