From 02d595baab3e3c5ed5a223a8d63774da0d453e07 Mon Sep 17 00:00:00 2001
From: Ben <ben@wainei.net>
Date: Sun, 30 Jul 2017 10:39:01 +0200
Subject: [PATCH] [borg] added encryption support (credit to @mxroo and
 @leoberry)

---
 examples/example.borg   | 24 ++++++++++++++++++++++++
 handlers/borg.helper.in | 19 +++++++++++++------
 handlers/borg.in        | 10 +++++++---
 3 files changed, 44 insertions(+), 9 deletions(-)

diff --git a/examples/example.borg b/examples/example.borg
index 5d5212a2..60d0aadd 100644
--- a/examples/example.borg
+++ b/examples/example.borg
@@ -121,3 +121,27 @@ exclude = /var/lib/mysql
 ##
 ## Default:
 # compression = lz4
+
+## encryption mode to use for repository creation
+##
+## can be "none", "repokey" or "repofile"
+## - "none" = no encryption
+## - "repokey" = encryption with key stored inside the repository
+## - "repofile" = encryption with key stored in ~/.config/borg/keys/
+##
+## for more info see :
+## https://github.com/borgbackup/borg/blob/master/docs/quickstart.rst#repository-encryption
+##
+## Default:
+# encryption = none
+
+## passphrase of the key used for repository encryptions
+##
+## must be set if encryption != none
+## encryption is disabled by default
+##
+## for more info see :
+## https://github.com/borgbackup/borg/blob/master/docs/quickstart.rst#repository-encryption
+##
+## Default:
+# passphrase =
diff --git a/handlers/borg.helper.in b/handlers/borg.helper.in
index 177d4fc2..88c1e64b 100644
--- a/handlers/borg.helper.in
+++ b/handlers/borg.helper.in
@@ -8,8 +8,6 @@
 # the Free Software Foundation; either version 2 of the License, or
 # (at your option) any later version.
 #
-# TODO: encryption support
-#
 
 HELPERS="$HELPERS borg:deduplicated_archive_based_backup"
 
@@ -81,7 +79,7 @@ do_borg_dest() {
 
    set -o noglob
    REPLY=
-   while [ -z "$REPLY" -o -z "$borg_directory" -o -z "$borg_host" -o -z "$borg_user" -o -z "$borg_archive" -o -z "$borg_compression" ]
+   while [ -z "$REPLY" -o -z "$borg_directory" -o -z "$borg_host" -o -z "$borg_user" -o -z "$borg_archive" -o -z "$borg_compression" -o -z "$borg_encryption" -o -z "$borg_passphrase" ]
    do
      formBegin "$borg_title - destination"
         formItem "directory" "$borg_directory"
@@ -89,6 +87,9 @@ do_borg_dest() {
         formItem "user" "$borg_user"
         formItem "archive_name" "$borg_archive"
         formItem "compression" "$borg_compression"
+        formItem "encryption" "$borg_encryption"
+        formItem "passphrase" "$borg_passphrase"
+
         formDisplay
      [ $? = 0 ] || return
      tmp_array=($REPLY)
@@ -97,6 +98,8 @@ do_borg_dest() {
      borg_user=${tmp_array[2]}
      borg_archive=${tmp_array[3]}
      borg_compression=${tmp_array[4]}
+     borg_encryption=${tmp_array[5]}
+     borg_passphrase=${tmp_array[6]}
   done
   set +o noglob
 
@@ -227,7 +230,7 @@ do_borg_con() {
       return
    fi
 
-   if [ "$borg_host" != "localhost"]; then
+   if [ "$borg_host" != "localhost" ]; then
       do_borg_ssh_con
    else
       do_borg_local_dir
@@ -298,8 +301,10 @@ keepmonthly = $borg_keepmonthly
 directory = $borg_directory
 host = $borg_host
 user = $borg_user
-compression = $borg_compression
 archive = $borg_archive
+compression = $borg_compression
+encryption = $borg_encryption
+passphrase = $borg_passphrase
 EOF
 
    chmod 600 $next_filename
@@ -348,8 +353,10 @@ borg_wizard() {
    borg_directory=/backup/`hostname`
    borg_user=root
    borg_host=localhost
-   borg_compression=lz4
    borg_archive='{now:%Y-%m-%d}'
+   borg_compression=lz4
+   borg_encryption=none
+   borg_passphrase=
    borg_keepdaily=7
    borg_keepweekly=4
    borg_keepmonthly=-1
diff --git a/handlers/borg.in b/handlers/borg.in
index 67410fef..f98050ca 100644
--- a/handlers/borg.in
+++ b/handlers/borg.in
@@ -12,7 +12,6 @@
 # terms of the Do What The Fuck You Want To Public License, Version 2,
 # as published by Sam Hocevar. See the http://www.wtfpl.net/ file for more details.
 #
-# TODO: encryption support
 #
 
 export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes
@@ -37,6 +36,9 @@ getconf directory
 directory=${directory%/}
 getconf archive {now:%Y-%m-%d}
 getconf compression lz4
+getconf encryption
+getconf passphrase
+
 
 ### CHECK CONFIG ###
 
@@ -63,9 +65,9 @@ execstr_archive="$archive"
 
 ### INIT IF NEEDED ###
 
-# :TODO:maethor:160509: Manage encryption
+export BORG_PASSPHRASE="$passphrase"
+initstr="borg init --encryption=$encryption $execstr_repository"
 
-initstr="borg init --encryption=none $execstr_repository"
 debug "$initstr"
 
 if [ $test = 0 ]; then
@@ -135,4 +137,6 @@ if [ $test = 0 ]; then
    fi
 fi
 
+unset BORG_PASSPHRASE
+
 return 0
-- 
GitLab