Provided by: borgbackup_1.2.6-2_amd64 bug

NAME

       borg-upgrade - upgrade a repository from a previous version

SYNOPSIS

       borg [common options] upgrade [options] [REPOSITORY]

DESCRIPTION

       Upgrade an existing, local Borg repository.

   When you do not need borg upgrade
       Not every change requires that you run borg upgrade.

       You do not need to run it when:

       • moving your repository to a different place

       • upgrading to another point release (like 1.0.x to 1.0.y), except when noted otherwise in
         the changelog

       • upgrading from 1.0.x to 1.1.x, except when noted otherwise in the changelog

   Borg 1.x.y upgrades
       Archive TAM authentication:

       Use borg upgrade --archives-tam REPO to add archive TAMs to all archives that are not  TAM
       authenticated yet.  This is a convenient method to just trust all archives present - if an
       archive does not have TAM authentication yet, a TAM will be added.   Archives  created  by
       old borg versions < 1.0.9 do not have TAMs.  Archives created by newer borg version should
       have TAMs already.  If you have a high risk environment, you should not just run this, but
       first verify that the archives are authentic and not malicious (== have good content, have
       a good timestamp).  Borg 1.2.5+ needs all archives to  be  TAM  authenticated  for  safety
       reasons.

       This upgrade needs to be done once per repository.

       Manifest TAM authentication:

       Use  borg upgrade --tam REPO to require manifest authentication introduced with Borg 1.0.9
       to address security issues. This means that modifying the repository after doing this with
       a version prior to 1.0.9 will raise a validation error, so only perform this upgrade after
       updating all clients using the repository to 1.0.9 or newer.

       This upgrade should be done on each client for safety reasons.

       If a repository is accidentally modified with a pre-1.0.9 client after this  upgrade,  use
       borg upgrade --tam --force REPO to remedy it.

       If  you  routinely do this you might not want to enable this upgrade (which will leave you
       exposed to the security issue). You can  reverse  the  upgrade  by  issuing  borg  upgrade
       --disable-tam REPO.

       See
       https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
       for details.

   Attic and Borg 0.xx to Borg 1.x
       This  currently  supports  converting  an  Attic  repository  to  Borg and also helps with
       converting Borg 0.xx to 1.0.

       Currently, only LOCAL repositories can be upgraded (issue #465).

       Please note that borg create (since 1.0.0) uses bigger chunks by default than old borg  or
       attic  did,  so  the  new  chunks  won't  deduplicate  with the old chunks in the upgraded
       repository.  See --chunker-params option of borg create and borg recreate.

       borg upgrade will change the magic strings in the repository's segments to match  the  new
       Borg  magic  strings. The keyfiles found in $ATTIC_KEYS_DIR or ~/.attic/keys/ will also be
       converted and copied to $BORG_KEYS_DIR or ~/.config/borg/keys.

       The cache files are converted, from $ATTIC_CACHE_DIR or ~/.cache/attic to  $BORG_CACHE_DIR
       or  ~/.cache/borg,  but the cache layout between Borg and Attic changed, so it is possible
       the first backup after the conversion takes longer than expected due to the cache resync.

       Upgrade should be able to resume if interrupted, although it will still iterate  over  all
       segments. If you want to start from scratch, use borg delete over the copied repository to
       make sure the cache files are also removed:

          borg delete borg

       Unless --inplace is specified, the upgrade process first creates  a  backup  copy  of  the
       repository,  in  REPOSITORY.before-upgrade-DATETIME,  using hardlinks.  This requires that
       the repository and its parent directory reside on same filesystem so the hardlink copy can
       work.   This  takes  longer  than  in place upgrades, but is much safer and gives progress
       information (as opposed to cp -al). Once you are satisfied with the  conversion,  you  can
       safely destroy the backup copy.

       WARNING:  Running  the  upgrade  in  place  will make the current copy unusable with older
       version, with no way of going back to previous versions. This can PERMANENTLY DAMAGE  YOUR
       REPOSITORY!   Attic CAN NOT READ BORG REPOSITORIES, as the magic strings have changed. You
       have been warned.

OPTIONS

       See borg-common(1) for common options of Borg commands.

   arguments
       REPOSITORY
              path to the repository to be upgraded

   options
       -n, --dry-run
              do not change repository

       --inplace
              rewrite repository in place, with no chance of going back to older versions of  the
              repository.

       --force
              Force upgrade

       --tam  Enable manifest authentication (in key and cache) (Borg 1.0.9 and later).

       --disable-tam
              Disable manifest authentication (in key and cache).

       --archives-tam
              add TAM authentication for all archives.

EXAMPLES

          # Upgrade the borg repository to the most recent version.
          $ borg upgrade -v /path/to/repo
          making a hardlink copy in /path/to/repo.before-upgrade-2016-02-15-20:51:55
          opening attic repository with borg and converting
          no key file found for repository
          converting repo index /path/to/repo/index.0
          converting 1 segments...
          converting borg 0.xx to borg current
          no key file found for repository

   Upgrading a passphrase encrypted attic repo
       attic  offered  a  "passphrase"  encryption  mode,  but  this  was removed in borg 1.0 and
       replaced by the "repokey" mode (which stores the passphrase-protected encryption key  into
       the repository config).

       Thus,  to  upgrade a "passphrase" attic repo to a "repokey" borg repo, 2 steps are needed,
       in this order:

       • borg upgrade repo

       • borg key migrate-to-repokey repo

SEE ALSO

       borg-common(1)

AUTHOR

       The Borg Collective

                                            2023-08-30                            BORG-UPGRADE(1)