ruborg 0.4.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 263e32d62c24714f299a20218bc96733cf6f13cffa0e0d844ef5b37c5470dbdf
-  data.tar.gz: f020b2b5714fd3c02d9372414de7494e7beb637d5312bcf34f05e2be5bf1ecd1
+  metadata.gz: 821f1707180870ec6b2ffccda4ef4d901b3ee274d7402c26170ca294e80efb8b
+  data.tar.gz: 62e2a5ee53cd75024b78e08e32295c34cf1829cd3bd34be9d6403c7ec1dfb810
 SHA512:
-  metadata.gz: 1ad51dcadf03ca1958ff6ecd10b24846d6e501219dd59637280eaf6d37a2d6b6a505ff0bbb9401d5f7ebfd361c24a3e1c3b09bc71f40bf788c6581da2a98832a
-  data.tar.gz: 5679385c1369eb161235c998dd69526a3bc27dca1cfc13acc22bd0602184f15438c042542495300b1752eb8ce810dfbc467bfe83d10b492641063e84381f3881
+  metadata.gz: acd1bcd0b6da0914888c11d50299ea2f365e2bf5a81423edbfc7e935a17d020b841de9043900ca86ed1df2ab8e50e1359806ad2857de3bd849b8f040c2909549
+  data.tar.gz: 799d52c64a3bf858b2324f5101255a77dd428778b1eced9bfa11e54d9c2ef23642645a886902f83c05336c89a61d1a80b02ad83185fecf3cf0cac866d18e7c09

data/CHANGELOG.md

@@ -7,6 +7,49 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.6.0] - 2025-10-08
+
+### Added
+- **Configuration Validation Command**: New `ruborg validate` command to check configuration files for type errors
+- **Automatic Schema Validation**: All commands now validate configuration on startup to catch errors early
+- **Strict Boolean Type Checking**: All boolean config values (auto_init, auto_prune, allow_remove_source, etc.) now require actual boolean types
+  - Prevents type confusion attacks where strings like `'true'` or `"false"` bypass security checks
+  - Clear error messages show actual type vs expected type
+  - Validation runs automatically on config load
+- Comprehensive validation test suite (10 new test cases)
+- Documentation for configuration validation in README
+
+### Changed
+- Boolean configuration values now use strict type checking throughout the codebase
+  - `auto_init`: only boolean `true` enables, everything else disables
+  - `auto_prune`: only boolean `true` enables, everything else disables
+  - `allow_remove_source`: strict checking - only `TrueClass` enables (security-critical)
+  - `allow_relocated_repo`: permissive normalization - only `false` disables (backward compatible)
+  - `allow_unencrypted_repo`: permissive normalization - only `false` disables (backward compatible)
+- Config class now validates schema by default (can be disabled with `validate_types: false`)
+
+### Security
+- **Type Confusion Protection (CWE-843)**: Strict boolean type checking prevents configuration bypass attacks
+  - Before: `allow_remove_source: 'false'` (string) would be truthy and enable deletion
+  - After: Only `allow_remove_source: true` (boolean) enables the dangerous operation
+- Enhanced error messages guide users to fix type errors correctly
+- SECURITY.md updated with type confusion findings and mitigations
+
+## [0.5.0] - 2025-10-08
+
+### Added
+- **Hostname Validation**: Optional `hostname` configuration key to restrict backup operations to specific hosts
+  - Can be configured globally or per-repository
+  - Repository-specific hostname overrides global setting
+  - Validates system hostname before backup, list, restore, check operations
+  - Prevents accidental execution of backups on wrong machines
+  - Displayed in `info` command output
+- Comprehensive test coverage for hostname validation (6 new test cases)
+- Documentation for hostname feature in example config and README
+
+### Changed
+- `info` command now displays hostname when configured (global or per-repository)
+
 ## [0.4.0] - 2025-10-06
 
 ### Added

data/README.md

@@ -24,7 +24,8 @@ e- ⏰ **Retention Policies** - Configure backup retention (hourly, daily, weekl
 - 📋 **Repository Descriptions** - Document each repository's purpose
 - 📈 **Summary View** - Quick overview of all repositories and their configurations
 - 🔧 **Custom Borg Path** - Support for custom Borg executable paths per repository
-- ✅ **Well-tested** - Comprehensive test suite with RSpec (147 tests)
+- 🏠 **Hostname Validation** - NEW! Restrict backups to specific hosts (global or per-repository)
+- ✅ **Well-tested** - Comprehensive test suite with RSpec (178+ tests)
 - 🔒 **Security-focused** - Path validation, safe YAML loading, command injection protection
 
 ## Prerequisites
@@ -127,6 +128,7 @@ repositories:
   - name: databases
     description: "MySQL and PostgreSQL database dumps"
     path: /mnt/backup/databases
+    hostname: dbserver.local  # Optional: repository-specific hostname override
     # Repository-specific passbolt (overrides global)
     passbolt:
       resource_id: "db-specific-passbolt-id"
@@ -160,14 +162,55 @@ repositories:
 ```
 
 **Configuration Features:**
+- **Automatic Type Validation**: Configuration is validated on startup to catch type errors early
+- **Validation Command**: Run `ruborg validate` to check configuration files for errors
 - **Descriptions**: Add `description` field to document each repository's purpose
-- **Global Settings**: Compression, encryption, auto_init, log_file, borg_path, borg_options, and retention apply to all repositories
-- **Per-Repository Overrides**: Any global setting can be overridden at the repository level (including custom borg_path per repository)
+- **Hostname Validation**: Optional `hostname` field to restrict backups to specific hosts (global or per-repository)
+- **Source Deletion Safety**: `allow_remove_source` flag to explicitly enable `--remove-source` option (default: disabled)
+- **Type-Safe Booleans**: Strict boolean validation prevents configuration errors (must use `true`/`false`, not strings)
+- **Global Settings**: Hostname, compression, encryption, auto_init, allow_remove_source, log_file, borg_path, borg_options, and retention apply to all repositories
+- **Per-Repository Overrides**: Any global setting can be overridden at the repository level (including hostname, allow_remove_source, and custom borg_path)
 - **Custom Borg Path**: Specify a custom Borg executable path if borg is not in PATH or to use a specific version
 - **Retention Policies**: Define how many backups to keep (hourly, daily, weekly, monthly, yearly)
 - **Multiple Sources**: Each repository can have multiple backup sources with their own exclude patterns
 - **Flexible Organization**: Organize backups by type (documents, databases, media) with different policies
 
+## Configuration Validation
+
+Ruborg automatically validates your configuration on startup. All commands check for type errors and structural issues before executing.
+
+### Validate Configuration
+
+Check your configuration file for errors:
+
+```bash
+ruborg validate --config ruborg.yml
+```
+
+**Validation checks:**
+- Boolean types (must be `true` or `false`, not strings like `'true'`)
+- Valid compression values (lz4, zstd, zlib, lzma, none)
+- Valid encryption modes
+- Required repository fields (name, path)
+- Correct borg_options values
+
+**Example validation output:**
+
+```
+✓ Configuration is valid
+  No type errors or warnings found
+```
+
+Or with errors:
+
+```
+❌ ERRORS FOUND (2):
+  - global/auto_init: must be boolean (true or false), got String: "true"
+  - test-repo/allow_remove_source: must be boolean (true or false), got Integer: 1
+
+Configuration has errors that must be fixed.
+```
+
 ## Usage
 
 ### Initialize a Repository
@@ -195,10 +238,48 @@ ruborg backup --repository databases --name "db-backup-2025-10-05"
 # Using custom configuration file
 ruborg backup --config /path/to/config.yml --repository documents
 
-# Remove source files after successful backup
+# Remove source files after successful backup (requires allow_remove_source: true)
 ruborg backup --repository documents --remove-source
 ```
 
+**IMPORTANT: Source File Deletion Safety**
+
+The `--remove-source` option is disabled by default for safety. To use it, you must explicitly enable it in your configuration:
+
+```yaml
+# Global setting - applies to all repositories
+allow_remove_source: true
+
+# OR per-repository setting
+repositories:
+  - name: temp-backups
+    allow_remove_source: true  # Only for this repository
+    ...
+```
+
+**⚠️ TYPE SAFETY WARNING:** The value MUST be a boolean `true`, not a string:
+
+```yaml
+# ✅ CORRECT - Boolean true
+allow_remove_source: true
+
+# ❌ WRONG - String 'true' (will be rejected)
+allow_remove_source: 'true'
+allow_remove_source: "true"
+
+# ❌ WRONG - Other truthy values (will be rejected)
+allow_remove_source: 1
+allow_remove_source: yes
+```
+
+Ruborg uses strict type checking to prevent configuration errors. Only the boolean value `true` (unquoted) will enable source deletion. Any other value, including string `'true'` or `"true"`, will be rejected with a detailed error message showing the actual type received.
+
+Without `allow_remove_source: true` configured, using `--remove-source` will result in an error:
+```
+Error: Cannot use --remove-source: 'allow_remove_source' must be true (boolean).
+Current value: "true" (String). Set 'allow_remove_source: true' in configuration.
+```
+
 ### List Archives
 
 ```bash
@@ -338,6 +419,70 @@ repositories:
 
 When enabled, ruborg will automatically run `borg init` if the repository doesn't exist when you run `backup`, `list`, or `info` commands. The passphrase will be retrieved from Passbolt if configured.
 
+## Hostname Validation
+
+Restrict backup operations to specific hosts using the optional `hostname` configuration key. This prevents accidental execution of backups on the wrong machine.
+
+### Global Hostname
+
+Apply hostname restriction to all repositories:
+
+```yaml
+# Global hostname - applies to all repositories
+hostname: myserver.local
+
+repositories:
+  - name: documents
+    path: /mnt/backup/documents
+    sources:
+      - name: main
+        paths:
+          - /home/user/documents
+```
+
+### Per-Repository Hostname
+
+Override global hostname for specific repositories:
+
+```yaml
+# Global hostname for most repositories
+hostname: mainserver.local
+
+repositories:
+  # Uses global hostname (mainserver.local)
+  - name: documents
+    path: /mnt/backup/documents
+    sources:
+      - name: main
+        paths:
+          - /home/user/documents
+
+  # Override with repository-specific hostname
+  - name: databases
+    hostname: dbserver.local  # Only runs on dbserver.local
+    path: /mnt/backup/databases
+    sources:
+      - name: mysql
+        paths:
+          - /var/lib/mysql/dumps
+```
+
+**How it works:**
+- Before backup, list, restore, or check operations, Ruborg validates the system hostname
+- If configured hostname doesn't match the current hostname, the operation fails with an error
+- Repository-specific hostname takes precedence over global hostname
+- If no hostname is configured, validation is skipped
+
+**Example error:**
+```
+Error: Hostname mismatch: configuration is for 'dbserver.local' but current hostname is 'mainserver.local'
+```
+
+**Use cases:**
+- **Multi-server environments**: Different servers backup to different repositories
+- **Development vs Production**: Prevent production config from running on dev machines
+- **Safety**: Avoid accidentally running wrong backups on shared configuration files
+
 ## Security Configuration
 
 Ruborg provides configurable security options via `borg_options`:
@@ -370,6 +515,7 @@ See [SECURITY.md](SECURITY.md) for detailed security information and best practi
 | Command | Description | Options |
 |---------|-------------|---------|
 | `init REPOSITORY` | Initialize a new Borg repository | `--passphrase`, `--passbolt-id`, `--log` |
+| `validate` | Validate configuration file for type errors | `--config`, `--log` |
 | `backup` | Create a backup using config file | `--config`, `--repository`, `--all`, `--name`, `--remove-source`, `--log` |
 | `list` | List all archives in repository | `--config`, `--repository`, `--log` |
 | `restore ARCHIVE` | Restore files from archive | `--config`, `--repository`, `--destination`, `--path`, `--log` |

data/SECURITY.md

@@ -66,6 +66,15 @@ Ruborg implements several security measures to protect your backup operations:
 - Integrated into development workflow
 - Run: `bundle exec bundle-audit check`
 
+### 13. Boolean Type Safety (Type Confusion Protection)
+- **Critical safety flag validation** for `allow_remove_source` configuration
+- Uses strict type checking (`is_a?(TrueClass)`) to prevent type confusion attacks
+- Rejects truthy values like strings `'true'`, `"false"`, integers `1`, or `"yes"`
+- Only boolean `true` enables dangerous operations like `--remove-source`
+- Provides detailed error messages showing actual type received vs expected
+- Prevents configuration errors that could lead to unintended data loss
+- **CWE-843 Mitigation**: Protects against type confusion vulnerabilities
+
 ## Security Best Practices
 
 ### When Using `--remove-source`
@@ -76,6 +85,16 @@ Ruborg implements several security measures to protect your backup operations:
 2. **Never use on symlinks** to critical system directories
 3. **Verify backups** before using this flag in production
 4. **Use absolute paths** in configuration to avoid ambiguity
+5. **Use boolean values** for `allow_remove_source` - NEVER use quoted strings:
+   ```yaml
+   # ✅ CORRECT
+   allow_remove_source: true
+
+   # ❌ WRONG - Will be rejected
+   allow_remove_source: 'true'
+   allow_remove_source: "true"
+   allow_remove_source: 1
+   ```
 
 ### Configuration File Security
 
@@ -144,6 +163,19 @@ We will respond within 48 hours and work with you to address the issue.
 
 ## Security Audit History
 
+- **v0.6.0** (2025-10-08): Configuration validation and type confusion protection
+  - **SECURITY FIX**: Implemented strict boolean type checking for `allow_remove_source`
+  - Prevents type confusion attacks (CWE-843) where string values bypass safety checks
+  - Added configuration validation command (`ruborg validate`) for proactive error detection
+  - Automatic schema validation on config load catches type errors early
+  - Added 10 comprehensive test cases for validation and type confusion scenarios
+  - Enhanced error messages to show actual type vs expected type
+  - Updated documentation with type safety warnings and examples
+
+- **v0.5.0** (2025-10-08): Hostname validation
+  - Added hostname validation feature (optional global or per-repository)
+  - Prevents accidental execution of backups on wrong machines
+
 - **v0.4.0** (2025-10-06): Complete command injection elimination
   - **CRITICAL**: Fixed all remaining command injection vulnerabilities in repository.rb
   - Replaced all backtick execution with Open3.capture3/capture2e methods
@@ -210,3 +242,5 @@ Before deploying ruborg in production:
 - [ ] Configure borg_options for your security requirements
 - [ ] Use default archive names or sanitized custom names only
 - [ ] Ensure backup paths don't contain empty or nil values
+- [ ] Use boolean `true` (not strings) for `allow_remove_source` configuration
+- [ ] Configure hostname validation for multi-server environments

data/lib/ruborg/cli.rb

@@ -54,6 +54,7 @@ module Ruborg
     def backup
       @logger.info("Starting backup operation with config: #{options[:config]}")
       config = Config.new(options[:config])
+      validate_hostname(config.global_settings)
       backup_repositories(config)
     rescue Error => e
       @logger.error("Backup failed: #{e.message}")
@@ -72,6 +73,7 @@ module Ruborg
 
       global_settings = config.global_settings
       merged_config = global_settings.merge(repo_config)
+      validate_hostname(merged_config)
       passphrase = fetch_passphrase_for_repo(merged_config)
       borg_opts = merged_config["borg_options"] || {}
       borg_path = merged_config["borg_path"]
@@ -79,7 +81,9 @@ module Ruborg
       repo = Repository.new(repo_config["path"], passphrase: passphrase, borg_options: borg_opts, borg_path: borg_path)
 
       # Auto-initialize repository if configured
-      auto_init = merged_config["auto_init"] || false
+      # Use strict boolean checking: only true enables, everything else disables
+      auto_init = merged_config["auto_init"]
+      auto_init = false unless auto_init == true
       if auto_init && !repo.exists?
         @logger.info("Auto-initializing repository at #{repo_config["path"]}")
         repo.create
@@ -108,6 +112,7 @@ module Ruborg
 
       global_settings = config.global_settings
       merged_config = global_settings.merge(repo_config)
+      validate_hostname(merged_config)
       passphrase = fetch_passphrase_for_repo(merged_config)
       borg_opts = merged_config["borg_options"] || {}
       borg_path = merged_config["borg_path"]
@@ -154,7 +159,9 @@ module Ruborg
       repo = Repository.new(repo_config["path"], passphrase: passphrase, borg_options: borg_opts, borg_path: borg_path)
 
       # Auto-initialize repository if configured
-      auto_init = merged_config["auto_init"] || false
+      # Use strict boolean checking: only true enables, everything else disables
+      auto_init = merged_config["auto_init"]
+      auto_init = false unless auto_init == true
       if auto_init && !repo.exists?
         @logger.info("Auto-initializing repository at #{repo_config["path"]}")
         repo.create
@@ -168,6 +175,78 @@ module Ruborg
       error_exit(e)
     end
 
+    desc "validate", "Validate configuration file for errors and type issues"
+    def validate_config
+      @logger.info("Validating configuration file: #{options[:config]}")
+      config = Config.new(options[:config])
+
+      puts "\n═══════════════════════════════════════════════════════════════"
+      puts "  CONFIGURATION VALIDATION"
+      puts "═══════════════════════════════════════════════════════════════\n\n"
+
+      errors = []
+      warnings = []
+
+      # Validate global boolean settings
+      global_settings = config.global_settings
+      errors.concat(validate_boolean_setting(global_settings, "auto_init", "global"))
+      errors.concat(validate_boolean_setting(global_settings, "auto_prune", "global"))
+      errors.concat(validate_boolean_setting(global_settings, "allow_remove_source", "global"))
+
+      # Validate borg_options booleans
+      if global_settings["borg_options"]
+        warnings.concat(validate_borg_option(global_settings["borg_options"], "allow_relocated_repo", "global"))
+        warnings.concat(validate_borg_option(global_settings["borg_options"], "allow_unencrypted_repo", "global"))
+      end
+
+      # Validate per-repository settings
+      config.repositories.each do |repo|
+        repo_name = repo["name"]
+        errors.concat(validate_boolean_setting(repo, "auto_init", repo_name))
+        errors.concat(validate_boolean_setting(repo, "auto_prune", repo_name))
+        errors.concat(validate_boolean_setting(repo, "allow_remove_source", repo_name))
+
+        if repo["borg_options"]
+          warnings.concat(validate_borg_option(repo["borg_options"], "allow_relocated_repo", repo_name))
+          warnings.concat(validate_borg_option(repo["borg_options"], "allow_unencrypted_repo", repo_name))
+        end
+      end
+
+      # Display results
+      if errors.empty? && warnings.empty?
+        puts "✓ Configuration is valid"
+        puts "  No type errors or warnings found\n\n"
+      else
+        unless errors.empty?
+          puts "❌ ERRORS FOUND (#{errors.size}):"
+          errors.each do |error|
+            puts "  - #{error}"
+          end
+          puts ""
+        end
+
+        unless warnings.empty?
+          puts "⚠️  WARNINGS (#{warnings.size}):"
+          warnings.each do |warning|
+            puts "  - #{warning}"
+          end
+          puts ""
+        end
+
+        if errors.any?
+          puts "Configuration has errors that must be fixed.\n\n"
+          exit 1
+        else
+          puts "Configuration is valid but has warnings.\n\n"
+        end
+      end
+
+      @logger.info("Configuration validation completed")
+    rescue Error => e
+      @logger.error("Validation failed: #{e.message}")
+      error_exit(e)
+    end
+
     desc "check", "Check repository integrity and compatibility"
     option :verify_data, type: :boolean, default: false, desc: "Verify repository data (slower)"
     option :all, type: :boolean, default: false, desc: "Check all repositories"
@@ -175,6 +254,7 @@ module Ruborg
       @logger.info("Checking repository compatibility")
       config = Config.new(options[:config])
       global_settings = config.global_settings
+      validate_hostname(global_settings)
 
       # Show Borg version first
       borg_version = Repository.borg_version
@@ -207,6 +287,7 @@ module Ruborg
       @logger.info("Checking repository: #{repo_name}")
 
       merged_config = global_settings.merge(repo_config)
+      validate_hostname(merged_config)
       passphrase = fetch_passphrase_for_repo(merged_config)
       borg_opts = merged_config["borg_options"] || {}
       borg_path = merged_config["borg_path"]
@@ -267,6 +348,7 @@ module Ruborg
 
       # Show global settings
       puts "Global Settings:"
+      puts "  Hostname:       #{global_settings["hostname"]}" if global_settings["hostname"]
       puts "  Compression:    #{global_settings["compression"] || "lz4 (default)"}"
       puts "  Encryption:     #{global_settings["encryption"] || "repokey (default)"}"
       puts "  Auto-init:      #{global_settings["auto_init"] || false}"
@@ -284,6 +366,7 @@ module Ruborg
         puts "   Description: #{repo["description"]}" if repo["description"]
 
         # Show repo-specific overrides
+        puts "   Hostname:    #{repo["hostname"]}" if repo["hostname"]
         puts "   Compression: #{repo["compression"]}" if repo["compression"]
         puts "   Encryption:  #{repo["encryption"]}" if repo["encryption"]
         puts "   Auto-init:   #{repo["auto_init"]}" unless repo["auto_init"].nil?
@@ -389,6 +472,7 @@ module Ruborg
 
       # Merge global settings with repo-specific settings (repo-specific takes precedence)
       merged_config = global_settings.merge(repo_config)
+      validate_hostname(merged_config)
 
       passphrase = fetch_passphrase_for_repo(merged_config)
       borg_opts = merged_config["borg_options"] || {}
@@ -396,7 +480,9 @@ module Ruborg
       repo = Repository.new(repo_config["path"], passphrase: passphrase, borg_options: borg_opts, borg_path: borg_path)
 
       # Auto-initialize if configured
-      auto_init = merged_config["auto_init"] || false
+      # Use strict boolean checking: only true enables, everything else disables
+      auto_init = merged_config["auto_init"]
+      auto_init = false unless auto_init == true
       if auto_init && !repo.exists?
         @logger.info("Auto-initializing repository at #{repo_config["path"]}")
         repo.create
@@ -406,6 +492,17 @@ module Ruborg
       # Get retention mode (defaults to standard)
       retention_mode = merged_config["retention_mode"] || "standard"
 
+      # Validate remove_source permission with strict type checking
+      if options[:remove_source]
+        allow_remove_source = merged_config["allow_remove_source"]
+        unless allow_remove_source.is_a?(TrueClass)
+          raise ConfigError,
+                "Cannot use --remove-source: 'allow_remove_source' must be true (boolean). " \
+                "Current value: #{allow_remove_source.inspect} (#{allow_remove_source.class}). " \
+                "Set 'allow_remove_source: true' in configuration to allow source deletion."
+        end
+      end
+
       # Create backup config wrapper
       backup_config = BackupConfig.new(repo_config, merged_config)
       backup = Backup.new(repo, config: backup_config, retention_mode: retention_mode, repo_name: repo_name)
@@ -427,7 +524,9 @@ module Ruborg
       puts "  Sources removed" if options[:remove_source]
 
       # Auto-prune if configured and retention policy exists
-      auto_prune = merged_config["auto_prune"] || false
+      # Use strict boolean checking: only true enables, everything else disables
+      auto_prune = merged_config["auto_prune"]
+      auto_prune = false unless auto_prune == true
       retention_policy = merged_config["retention"]
 
       return unless auto_prune && retention_policy && !retention_policy.empty?
@@ -460,6 +559,46 @@ module Ruborg
       name.gsub(/[^a-zA-Z0-9._-]/, "_")
     end
 
+    def validate_hostname(config)
+      configured_hostname = config["hostname"]
+      return if configured_hostname.nil? || configured_hostname.empty?
+
+      current_hostname = `hostname`.strip
+      return if current_hostname == configured_hostname
+
+      raise ConfigError,
+            "Hostname mismatch: configuration is for '#{configured_hostname}' " \
+            "but current hostname is '#{current_hostname}'"
+    end
+
+    # Validate boolean configuration settings
+    def validate_boolean_setting(config, key, context)
+      errors = []
+      value = config[key]
+
+      return errors if value.nil? # Not set is OK
+
+      unless value.is_a?(TrueClass) || value.is_a?(FalseClass)
+        errors << "#{context}/#{key}: must be boolean (true/false), got #{value.class}: #{value.inspect}"
+      end
+
+      errors
+    end
+
+    # Validate borg_options boolean settings (these have different defaults)
+    def validate_borg_option(borg_options, key, context)
+      warnings = []
+      value = borg_options[key]
+
+      return warnings if value.nil? # Not set is OK (uses default)
+
+      unless value.is_a?(TrueClass) || value.is_a?(FalseClass)
+        warnings << "#{context}/borg_options/#{key}: should be boolean (true/false), got #{value.class}: #{value.inspect}"
+      end
+
+      warnings
+    end
+
     # Wrapper class to adapt repository config to existing Backup class
     class BackupConfig
       def initialize(repo_config, merged_settings)

data/lib/ruborg/config.rb

@@ -9,10 +9,12 @@ module Ruborg
   class Config
     attr_reader :data
 
-    def initialize(config_path)
+    def initialize(config_path, validate_types: true)
       @config_path = config_path
+      @validate_types = validate_types
       load_config
       validate_format
+      validate_schema if @validate_types
     end
 
     def load_config
@@ -39,7 +41,7 @@ module Ruborg
 
     def global_settings
       @data.slice("passbolt", "compression", "encryption", "auto_init", "borg_options", "log_file", "retention",
-                  "auto_prune")
+                  "auto_prune", "hostname", "allow_remove_source")
     end
 
     private
@@ -84,5 +86,78 @@ module Ruborg
 
       patterns
     end
+
+    # Validate YAML schema for type correctness
+    def validate_schema
+      errors = []
+
+      # Validate global boolean settings
+      errors.concat(validate_boolean_config(@data, "auto_init", "global"))
+      errors.concat(validate_boolean_config(@data, "auto_prune", "global"))
+      errors.concat(validate_boolean_config(@data, "allow_remove_source", "global"))
+
+      # Validate global borg_options
+      if @data["borg_options"]
+        errors.concat(validate_boolean_config(@data["borg_options"], "allow_relocated_repo", "global/borg_options"))
+        errors.concat(validate_boolean_config(@data["borg_options"], "allow_unencrypted_repo", "global/borg_options"))
+      end
+
+      # Validate compression and encryption if present
+      if @data["compression"] && !VALID_COMPRESSION.include?(@data["compression"])
+        errors << "global/compression: invalid value '#{@data["compression"]}'"
+      end
+
+      if @data["encryption"] && !VALID_ENCRYPTION.include?(@data["encryption"])
+        errors << "global/encryption: invalid value '#{@data["encryption"]}'"
+      end
+
+      # Validate per-repository settings
+      repositories.each do |repo|
+        repo_name = repo["name"] || "unnamed"
+
+        errors.concat(validate_boolean_config(repo, "auto_init", repo_name))
+        errors.concat(validate_boolean_config(repo, "auto_prune", repo_name))
+        errors.concat(validate_boolean_config(repo, "allow_remove_source", repo_name))
+
+        if repo["borg_options"]
+          errors.concat(validate_boolean_config(repo["borg_options"], "allow_relocated_repo",
+                                                "#{repo_name}/borg_options"))
+          errors.concat(validate_boolean_config(repo["borg_options"], "allow_unencrypted_repo",
+                                                "#{repo_name}/borg_options"))
+        end
+
+        # Validate compression and encryption if present
+        if repo["compression"] && !VALID_COMPRESSION.include?(repo["compression"])
+          errors << "#{repo_name}/compression: invalid value '#{repo["compression"]}'"
+        end
+
+        if repo["encryption"] && !VALID_ENCRYPTION.include?(repo["encryption"])
+          errors << "#{repo_name}/encryption: invalid value '#{repo["encryption"]}'"
+        end
+
+        # Validate repository structure
+        errors << "#{repo_name}: missing 'path' key" unless repo["path"]
+        errors << "#{repo_name}: 'sources' must be an array" if repo["sources"] && !repo["sources"].is_a?(Array)
+      end
+
+      return if errors.empty?
+
+      raise ConfigError,
+            "Configuration validation failed:\n  - #{errors.join("\n  - ")}\n\n" \
+            "Run 'ruborg validate' for detailed validation information."
+    end
+
+    def validate_boolean_config(config, key, context)
+      errors = []
+      value = config[key]
+
+      return errors if value.nil? # Not set is OK
+
+      unless value.is_a?(TrueClass) || value.is_a?(FalseClass)
+        errors << "#{context}/#{key}: must be boolean (true or false), got #{value.class}: #{value.inspect}"
+      end
+
+      errors
+    end
   end
 end

data/lib/ruborg/repository.rb

@@ -189,8 +189,12 @@ module Ruborg
       env = {}
       env["BORG_PASSPHRASE"] = @passphrase if @passphrase
 
+      # Use strict boolean checking (only true/false allowed, default to true for backward compatibility)
       allow_relocated = @borg_options.fetch("allow_relocated_repo", true)
+      allow_relocated = true unless allow_relocated == false # Normalize: only false disables, everything else enables
+
       allow_unencrypted = @borg_options.fetch("allow_unencrypted_repo", true)
+      allow_unencrypted = true unless allow_unencrypted == false # Normalize: only false disables, everything else enables
 
       env["BORG_RELOCATED_REPO_ACCESS_IS_OK"] = allow_relocated ? "yes" : "no"
       env["BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK"] = allow_unencrypted ? "yes" : "no"
@@ -327,8 +331,12 @@ module Ruborg
       env["BORG_PASSPHRASE"] = @passphrase if @passphrase
 
       # Apply Borg environment options from config (defaults to yes for backward compatibility)
+      # Use strict boolean checking (only true/false allowed, default to true for backward compatibility)
       allow_relocated = @borg_options.fetch("allow_relocated_repo", true)
+      allow_relocated = true unless allow_relocated == false # Normalize: only false disables, everything else enables
+
       allow_unencrypted = @borg_options.fetch("allow_unencrypted_repo", true)
+      allow_unencrypted = true unless allow_unencrypted == false # Normalize: only false disables, everything else enables
 
       env["BORG_RELOCATED_REPO_ACCESS_IS_OK"] = allow_relocated ? "yes" : "no"
       env["BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK"] = allow_unencrypted ? "yes" : "no"

data/lib/ruborg/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Ruborg
-  VERSION = "0.4.0"
+  VERSION = "0.6.0"
 end

data/ruborg.gemspec

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require_relative "lib/ruborg/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "ruborg"
+  spec.version = Ruborg::VERSION
+  spec.authors = ["Michail Pantelelis"]
+  spec.email = ["mpantel@aegean.gr"]
+
+  spec.summary = "A friendly Ruby frontend for Borg backup"
+  spec.description = "Ruborg provides a user-friendly interface to Borg backup. " \
+                     "It reads YAML configuration files and orchestrates backup operations, " \
+                     "supporting repository creation, backup management, and Passbolt integration."
+  spec.homepage = "https://github.com/mpantel/ruborg"
+  spec.license = "MIT"
+  spec.required_ruby_version = ">= 3.2.0"
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "#{spec.homepage}.git"
+  spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/main/CHANGELOG.md"
+  spec.metadata["rubygems_mfa_required"] = "true"
+
+  # Specify which files should be added to the gem when it is released.
+  spec.files = Dir.chdir(__dir__) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (File.expand_path(f) == __FILE__) ||
+        f.start_with?(*%w[bin/ test/ spec/ features/ .git .github appveyor Gemfile])
+    end
+  end
+  spec.bindir = "exe"
+  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  # Dependencies
+  spec.add_dependency "psych", "~> 5.0"
+  spec.add_dependency "thor", "~> 1.3"
+
+  # Development dependencies
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "bundler-audit", "~> 0.9"
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "rubocop", "~> 1.0"
+  spec.add_development_dependency "rubocop-rspec", "~> 3.0"
+end

data/ruborg.yml.example

@@ -6,10 +6,12 @@
 #   # Edit ruborg.yml with your settings
 
 # Global settings (applied to all repositories unless overridden)
+hostname: myserver.local  # Optional: restrict configuration to specific hostname
 compression: lz4          # Options: lz4 (fast), zstd (balanced), lzma (high compression), none
 encryption: repokey       # Options: repokey, keyfile, none (NOT recommended)
 auto_init: true           # Automatically initialize repositories on first use
 auto_prune: true          # Automatically prune old backups after each backup
+allow_remove_source: false # Allow --remove-source flag to delete source files after backup (default: false)
 log_file: ~/.ruborg/logs/ruborg.log  # Log file path (optional)
 
 # Custom Borg executable path (optional)
@@ -65,6 +67,7 @@ repositories:
   - name: databases
     description: "MySQL and PostgreSQL database dumps"
     path: /mnt/backup/borg-databases
+    hostname: dbserver.local  # Optional: repository-specific hostname override
     retention_mode: per_file  # Each file gets its own archive
     # Repository-specific passbolt (overrides global)
     passbolt:

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruborg
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Michail Pantelelis
@@ -148,6 +148,7 @@ files:
 - lib/ruborg/passbolt.rb
 - lib/ruborg/repository.rb
 - lib/ruborg/version.rb
+- ruborg.gemspec
 - ruborg.yml.example
 homepage: https://github.com/mpantel/ruborg
 licenses: