cloud-sync

Timemachine/cloud-sync

Fork 0

Commit Graph

Author	SHA1	Message	Date
claude-timemachine	49d1cb3280	drop restic repo encryption; rely on TLS + append-only + LUKS CI / test (3.10) (push) Successful in 8s Details CI / test (3.11) (push) Successful in 8s Details CI / test (3.12) (push) Successful in 7s Details CI / build-pyz (push) Successful in 4s Details CI / release (push) Has been skipped Details User credentials now serve HTTP basic auth only. Repos init with --insecure-no-password. Removes: - RESTIC_PASSWORD env in client subprocess - Per-repo password coordination story - Multi-key restic setup (user key + operator-master key) - Two-password recovery edge cases Operator-side prune now runs over the filesystem path (-r /srv/.../<user>/) which bypasses rest-server's HTTP-layer append-only enforcement. No password needed at all. Protection model stays: - TLS in transit (reverse proxy) - HTTP basic per-user (htpasswd) for read/write authorization - --private-repos for per-user URL isolation - --append-only for client-side delete protection - LUKS / disk-level for at-rest encryption (operator's responsibility) Verified end-to-end on john: pull → push → restore round-trip works, DELETE on bogus snapshot still returns 403 (append-only intact), operator can read repo via filesystem path (prune-mode access works). 33 pytest still green.	2026-06-04 22:23:40 +02:00
claude-timemachine	ffdfb1f9b6	pivot to Python: replace Kotlin/JVM with stdlib zipapp CI / test (3.10) (push) Successful in 40s Details CI / test (3.11) (push) Successful in 19s Details CI / test (3.12) (push) Successful in 23s Details CI / build-pyz (push) Successful in 4s Details CI / release (push) Has been skipped Details Reasons stacked up: - AV: unsigned JARs that auto-download binaries + upload files trigger Windows Defender false-positives more often than Python scripts invoked by code-signed python.exe. - Qt UI option: PySide6 opens a path to a real Qt UI (matching Prism's look) if needed later. JVM Qt bindings are abandoned. - frazclient already needs Python; inlining as 'import cloud_sync' is zero overhead vs the launcher always shelling out to java. Implementation: - cloud_sync package: cli.py (argparse), creds.py, scope.py, restic.py (binary discovery + auto-download + sha256 verify), sync.py (pull/push subprocess restic). - pyproject.toml with hatchling backend; pip-installable. - Makefile builds cloud-sync.pyz via python -m zipapp (~53 KB). - 33 pytest tests, stdlib only on runtime. - CI workflow runs pytest matrix (3.10/3.11/3.12) + builds pyz. - DESIGN.md + README.md updated to reflect Python. E2E verified against local restic-rest-server: pull empty → push initial → rm -rf local → pull restores → modify+push creates second snapshot → client forget --prune blocked by --append-only. Throws away ~565 LOC of Kotlin (and 18 jar tests) committed earlier in this same session. Net result is ~250 LOC Python + 33 tests = smaller and more aligned with the rest of the stack.	2026-06-03 01:11:47 +02:00

Author

SHA1

Message

Date

claude-timemachine

49d1cb3280

drop restic repo encryption; rely on TLS + append-only + LUKS

CI / test (3.10) (push) Successful in 8s

Details

CI / test (3.11) (push) Successful in 8s

Details

CI / test (3.12) (push) Successful in 7s

Details

CI / build-pyz (push) Successful in 4s

Details

CI / release (push) Has been skipped

Details

User credentials now serve HTTP basic auth only. Repos init with
--insecure-no-password. Removes:
  - RESTIC_PASSWORD env in client subprocess
  - Per-repo password coordination story
  - Multi-key restic setup (user key + operator-master key)
  - Two-password recovery edge cases

Operator-side prune now runs over the filesystem path (-r /srv/.../<user>/)
which bypasses rest-server's HTTP-layer append-only enforcement. No
password needed at all.

Protection model stays:
  - TLS in transit (reverse proxy)
  - HTTP basic per-user (htpasswd) for read/write authorization
  - --private-repos for per-user URL isolation
  - --append-only for client-side delete protection
  - LUKS / disk-level for at-rest encryption (operator's responsibility)

Verified end-to-end on john: pull → push → restore round-trip works,
DELETE on bogus snapshot still returns 403 (append-only intact),
operator can read repo via filesystem path (prune-mode access works).

33 pytest still green.

2026-06-04 22:23:40 +02:00

claude-timemachine

ffdfb1f9b6

pivot to Python: replace Kotlin/JVM with stdlib zipapp

CI / test (3.10) (push) Successful in 40s

Details

CI / test (3.11) (push) Successful in 19s

Details

CI / test (3.12) (push) Successful in 23s

Details

CI / build-pyz (push) Successful in 4s

Details

CI / release (push) Has been skipped

Details

Reasons stacked up:
  - AV: unsigned JARs that auto-download binaries + upload files trigger
    Windows Defender false-positives more often than Python scripts
    invoked by code-signed python.exe.
  - Qt UI option: PySide6 opens a path to a real Qt UI (matching Prism's
    look) if needed later. JVM Qt bindings are abandoned.
  - frazclient already needs Python; inlining as 'import cloud_sync' is
    zero overhead vs the launcher always shelling out to java.

Implementation:
  - cloud_sync package: cli.py (argparse), creds.py, scope.py,
    restic.py (binary discovery + auto-download + sha256 verify),
    sync.py (pull/push subprocess restic).
  - pyproject.toml with hatchling backend; pip-installable.
  - Makefile builds cloud-sync.pyz via python -m zipapp (~53 KB).
  - 33 pytest tests, stdlib only on runtime.
  - CI workflow runs pytest matrix (3.10/3.11/3.12) + builds pyz.
  - DESIGN.md + README.md updated to reflect Python.

E2E verified against local restic-rest-server:
  pull empty → push initial → rm -rf local → pull restores → modify+push
  creates second snapshot → client forget --prune blocked by --append-only.

Throws away ~565 LOC of Kotlin (and 18 jar tests) committed earlier in
this same session. Net result is ~250 LOC Python + 33 tests = smaller
and more aligned with the rest of the stack.

2026-06-03 01:11:47 +02:00

2 Commits