ruborg 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1233e04a2f95e8e8aadb9ad97d043b2d9b52c446821ff89495073a6a8762b6cc
-  data.tar.gz: ee3fd1ae2256299120d7f78aac3243c2de44f8f3c072c4c29dd44cb761caf769
+  metadata.gz: 821f1707180870ec6b2ffccda4ef4d901b3ee274d7402c26170ca294e80efb8b
+  data.tar.gz: 62e2a5ee53cd75024b78e08e32295c34cf1829cd3bd34be9d6403c7ec1dfb810
 SHA512:
-  metadata.gz: 59d6ad7e5797cbbd964390d0425bf1392695c24f938a40978ddea371552da84604bf0a8eb189b207318ed68dba966311d45659f2b6abd3a59711f766465a5b36
-  data.tar.gz: 6c77a312c9b820dd22d7f0396dbb24fac70da4654023c89eebc94c962d367b963a448a923ce23574862276452c441e3ebd723601fd58a2634e3337d402a9c066
+  metadata.gz: acd1bcd0b6da0914888c11d50299ea2f365e2bf5a81423edbfc7e935a17d020b841de9043900ca86ed1df2ab8e50e1359806ad2857de3bd849b8f040c2909549
+  data.tar.gz: 799d52c64a3bf858b2324f5101255a77dd428778b1eced9bfa11e54d9c2ef23642645a886902f83c05336c89a61d1a80b02ad83185fecf3cf0cac866d18e7c09

data/CHANGELOG.md

@@ -7,6 +7,34 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.6.0] - 2025-10-08
+
+### Added
+- **Configuration Validation Command**: New `ruborg validate` command to check configuration files for type errors
+- **Automatic Schema Validation**: All commands now validate configuration on startup to catch errors early
+- **Strict Boolean Type Checking**: All boolean config values (auto_init, auto_prune, allow_remove_source, etc.) now require actual boolean types
+  - Prevents type confusion attacks where strings like `'true'` or `"false"` bypass security checks
+  - Clear error messages show actual type vs expected type
+  - Validation runs automatically on config load
+- Comprehensive validation test suite (10 new test cases)
+- Documentation for configuration validation in README
+
+### Changed
+- Boolean configuration values now use strict type checking throughout the codebase
+  - `auto_init`: only boolean `true` enables, everything else disables
+  - `auto_prune`: only boolean `true` enables, everything else disables
+  - `allow_remove_source`: strict checking - only `TrueClass` enables (security-critical)
+  - `allow_relocated_repo`: permissive normalization - only `false` disables (backward compatible)
+  - `allow_unencrypted_repo`: permissive normalization - only `false` disables (backward compatible)
+- Config class now validates schema by default (can be disabled with `validate_types: false`)
+
+### Security
+- **Type Confusion Protection (CWE-843)**: Strict boolean type checking prevents configuration bypass attacks
+  - Before: `allow_remove_source: 'false'` (string) would be truthy and enable deletion
+  - After: Only `allow_remove_source: true` (boolean) enables the dangerous operation
+- Enhanced error messages guide users to fix type errors correctly
+- SECURITY.md updated with type confusion findings and mitigations
+
 ## [0.5.0] - 2025-10-08
 
 ### Added

data/README.md

@@ -25,7 +25,7 @@ e- ⏰ **Retention Policies** - Configure backup retention (hourly, daily, weekl
 - 📈 **Summary View** - Quick overview of all repositories and their configurations
 - 🔧 **Custom Borg Path** - Support for custom Borg executable paths per repository
 - 🏠 **Hostname Validation** - NEW! Restrict backups to specific hosts (global or per-repository)
-- ✅ **Well-tested** - Comprehensive test suite with RSpec (153 tests)
+- ✅ **Well-tested** - Comprehensive test suite with RSpec (178+ tests)
 - 🔒 **Security-focused** - Path validation, safe YAML loading, command injection protection
 
 ## Prerequisites
@@ -162,15 +162,55 @@ repositories:
 ```
 
 **Configuration Features:**
+- **Automatic Type Validation**: Configuration is validated on startup to catch type errors early
+- **Validation Command**: Run `ruborg validate` to check configuration files for errors
 - **Descriptions**: Add `description` field to document each repository's purpose
 - **Hostname Validation**: Optional `hostname` field to restrict backups to specific hosts (global or per-repository)
-- **Global Settings**: Hostname, compression, encryption, auto_init, log_file, borg_path, borg_options, and retention apply to all repositories
-- **Per-Repository Overrides**: Any global setting can be overridden at the repository level (including hostname and custom borg_path)
+- **Source Deletion Safety**: `allow_remove_source` flag to explicitly enable `--remove-source` option (default: disabled)
+- **Type-Safe Booleans**: Strict boolean validation prevents configuration errors (must use `true`/`false`, not strings)
+- **Global Settings**: Hostname, compression, encryption, auto_init, allow_remove_source, log_file, borg_path, borg_options, and retention apply to all repositories
+- **Per-Repository Overrides**: Any global setting can be overridden at the repository level (including hostname, allow_remove_source, and custom borg_path)
 - **Custom Borg Path**: Specify a custom Borg executable path if borg is not in PATH or to use a specific version
 - **Retention Policies**: Define how many backups to keep (hourly, daily, weekly, monthly, yearly)
 - **Multiple Sources**: Each repository can have multiple backup sources with their own exclude patterns
 - **Flexible Organization**: Organize backups by type (documents, databases, media) with different policies
 
+## Configuration Validation
+
+Ruborg automatically validates your configuration on startup. All commands check for type errors and structural issues before executing.
+
+### Validate Configuration
+
+Check your configuration file for errors:
+
+```bash
+ruborg validate --config ruborg.yml
+```
+
+**Validation checks:**
+- Boolean types (must be `true` or `false`, not strings like `'true'`)
+- Valid compression values (lz4, zstd, zlib, lzma, none)
+- Valid encryption modes
+- Required repository fields (name, path)
+- Correct borg_options values
+
+**Example validation output:**
+
+```
+✓ Configuration is valid
+  No type errors or warnings found
+```
+
+Or with errors:
+
+```
+❌ ERRORS FOUND (2):
+  - global/auto_init: must be boolean (true or false), got String: "true"
+  - test-repo/allow_remove_source: must be boolean (true or false), got Integer: 1
+
+Configuration has errors that must be fixed.
+```
+
 ## Usage
 
 ### Initialize a Repository
@@ -198,10 +238,48 @@ ruborg backup --repository databases --name "db-backup-2025-10-05"
 # Using custom configuration file
 ruborg backup --config /path/to/config.yml --repository documents
 
-# Remove source files after successful backup
+# Remove source files after successful backup (requires allow_remove_source: true)
 ruborg backup --repository documents --remove-source
 ```
 
+**IMPORTANT: Source File Deletion Safety**
+
+The `--remove-source` option is disabled by default for safety. To use it, you must explicitly enable it in your configuration:
+
+```yaml
+# Global setting - applies to all repositories
+allow_remove_source: true
+
+# OR per-repository setting
+repositories:
+  - name: temp-backups
+    allow_remove_source: true  # Only for this repository
+    ...
+```
+
+**⚠️ TYPE SAFETY WARNING:** The value MUST be a boolean `true`, not a string:
+
+```yaml
+# ✅ CORRECT - Boolean true
+allow_remove_source: true
+
+# ❌ WRONG - String 'true' (will be rejected)
+allow_remove_source: 'true'
+allow_remove_source: "true"
+
+# ❌ WRONG - Other truthy values (will be rejected)
+allow_remove_source: 1
+allow_remove_source: yes
+```
+
+Ruborg uses strict type checking to prevent configuration errors. Only the boolean value `true` (unquoted) will enable source deletion. Any other value, including string `'true'` or `"true"`, will be rejected with a detailed error message showing the actual type received.
+
+Without `allow_remove_source: true` configured, using `--remove-source` will result in an error:
+```
+Error: Cannot use --remove-source: 'allow_remove_source' must be true (boolean).
+Current value: "true" (String). Set 'allow_remove_source: true' in configuration.
+```
+
 ### List Archives
 
 ```bash
@@ -437,6 +515,7 @@ See [SECURITY.md](SECURITY.md) for detailed security information and best practi
 | Command | Description | Options |
 |---------|-------------|---------|
 | `init REPOSITORY` | Initialize a new Borg repository | `--passphrase`, `--passbolt-id`, `--log` |
+| `validate` | Validate configuration file for type errors | `--config`, `--log` |
 | `backup` | Create a backup using config file | `--config`, `--repository`, `--all`, `--name`, `--remove-source`, `--log` |
 | `list` | List all archives in repository | `--config`, `--repository`, `--log` |
 | `restore ARCHIVE` | Restore files from archive | `--config`, `--repository`, `--destination`, `--path`, `--log` |

data/SECURITY.md

@@ -66,6 +66,15 @@ Ruborg implements several security measures to protect your backup operations:
 - Integrated into development workflow
 - Run: `bundle exec bundle-audit check`
 
+### 13. Boolean Type Safety (Type Confusion Protection)
+- **Critical safety flag validation** for `allow_remove_source` configuration
+- Uses strict type checking (`is_a?(TrueClass)`) to prevent type confusion attacks
+- Rejects truthy values like strings `'true'`, `"false"`, integers `1`, or `"yes"`
+- Only boolean `true` enables dangerous operations like `--remove-source`
+- Provides detailed error messages showing actual type received vs expected
+- Prevents configuration errors that could lead to unintended data loss
+- **CWE-843 Mitigation**: Protects against type confusion vulnerabilities
+
 ## Security Best Practices
 
 ### When Using `--remove-source`
@@ -76,6 +85,16 @@ Ruborg implements several security measures to protect your backup operations:
 2. **Never use on symlinks** to critical system directories
 3. **Verify backups** before using this flag in production
 4. **Use absolute paths** in configuration to avoid ambiguity
+5. **Use boolean values** for `allow_remove_source` - NEVER use quoted strings:
+   ```yaml
+   # ✅ CORRECT
+   allow_remove_source: true
+
+   # ❌ WRONG - Will be rejected
+   allow_remove_source: 'true'
+   allow_remove_source: "true"
+   allow_remove_source: 1
+   ```
 
 ### Configuration File Security
 
@@ -144,6 +163,19 @@ We will respond within 48 hours and work with you to address the issue.
 
 ## Security Audit History
 
+- **v0.6.0** (2025-10-08): Configuration validation and type confusion protection
+  - **SECURITY FIX**: Implemented strict boolean type checking for `allow_remove_source`
+  - Prevents type confusion attacks (CWE-843) where string values bypass safety checks
+  - Added configuration validation command (`ruborg validate`) for proactive error detection
+  - Automatic schema validation on config load catches type errors early
+  - Added 10 comprehensive test cases for validation and type confusion scenarios
+  - Enhanced error messages to show actual type vs expected type
+  - Updated documentation with type safety warnings and examples
+
+- **v0.5.0** (2025-10-08): Hostname validation
+  - Added hostname validation feature (optional global or per-repository)
+  - Prevents accidental execution of backups on wrong machines
+
 - **v0.4.0** (2025-10-06): Complete command injection elimination
   - **CRITICAL**: Fixed all remaining command injection vulnerabilities in repository.rb
   - Replaced all backtick execution with Open3.capture3/capture2e methods
@@ -210,3 +242,5 @@ Before deploying ruborg in production:
 - [ ] Configure borg_options for your security requirements
 - [ ] Use default archive names or sanitized custom names only
 - [ ] Ensure backup paths don't contain empty or nil values
+- [ ] Use boolean `true` (not strings) for `allow_remove_source` configuration
+- [ ] Configure hostname validation for multi-server environments

data/lib/ruborg/cli.rb

@@ -81,7 +81,9 @@ module Ruborg
       repo = Repository.new(repo_config["path"], passphrase: passphrase, borg_options: borg_opts, borg_path: borg_path)
 
       # Auto-initialize repository if configured
-      auto_init = merged_config["auto_init"] || false
+      # Use strict boolean checking: only true enables, everything else disables
+      auto_init = merged_config["auto_init"]
+      auto_init = false unless auto_init == true
       if auto_init && !repo.exists?
         @logger.info("Auto-initializing repository at #{repo_config["path"]}")
         repo.create
@@ -157,7 +159,9 @@ module Ruborg
       repo = Repository.new(repo_config["path"], passphrase: passphrase, borg_options: borg_opts, borg_path: borg_path)
 
       # Auto-initialize repository if configured
-      auto_init = merged_config["auto_init"] || false
+      # Use strict boolean checking: only true enables, everything else disables
+      auto_init = merged_config["auto_init"]
+      auto_init = false unless auto_init == true
       if auto_init && !repo.exists?
         @logger.info("Auto-initializing repository at #{repo_config["path"]}")
         repo.create
@@ -171,6 +175,78 @@ module Ruborg
       error_exit(e)
     end
 
+    desc "validate", "Validate configuration file for errors and type issues"
+    def validate_config
+      @logger.info("Validating configuration file: #{options[:config]}")
+      config = Config.new(options[:config])
+
+      puts "\n═══════════════════════════════════════════════════════════════"
+      puts "  CONFIGURATION VALIDATION"
+      puts "═══════════════════════════════════════════════════════════════\n\n"
+
+      errors = []
+      warnings = []
+
+      # Validate global boolean settings
+      global_settings = config.global_settings
+      errors.concat(validate_boolean_setting(global_settings, "auto_init", "global"))
+      errors.concat(validate_boolean_setting(global_settings, "auto_prune", "global"))
+      errors.concat(validate_boolean_setting(global_settings, "allow_remove_source", "global"))
+
+      # Validate borg_options booleans
+      if global_settings["borg_options"]
+        warnings.concat(validate_borg_option(global_settings["borg_options"], "allow_relocated_repo", "global"))
+        warnings.concat(validate_borg_option(global_settings["borg_options"], "allow_unencrypted_repo", "global"))
+      end
+
+      # Validate per-repository settings
+      config.repositories.each do |repo|
+        repo_name = repo["name"]
+        errors.concat(validate_boolean_setting(repo, "auto_init", repo_name))
+        errors.concat(validate_boolean_setting(repo, "auto_prune", repo_name))
+        errors.concat(validate_boolean_setting(repo, "allow_remove_source", repo_name))
+
+        if repo["borg_options"]
+          warnings.concat(validate_borg_option(repo["borg_options"], "allow_relocated_repo", repo_name))
+          warnings.concat(validate_borg_option(repo["borg_options"], "allow_unencrypted_repo", repo_name))
+        end
+      end
+
+      # Display results
+      if errors.empty? && warnings.empty?
+        puts "✓ Configuration is valid"
+        puts "  No type errors or warnings found\n\n"
+      else
+        unless errors.empty?
+          puts "❌ ERRORS FOUND (#{errors.size}):"
+          errors.each do |error|
+            puts "  - #{error}"
+          end
+          puts ""
+        end
+
+        unless warnings.empty?
+          puts "⚠️  WARNINGS (#{warnings.size}):"
+          warnings.each do |warning|
+            puts "  - #{warning}"
+          end
+          puts ""
+        end
+
+        if errors.any?
+          puts "Configuration has errors that must be fixed.\n\n"
+          exit 1
+        else
+          puts "Configuration is valid but has warnings.\n\n"
+        end
+      end
+
+      @logger.info("Configuration validation completed")
+    rescue Error => e
+      @logger.error("Validation failed: #{e.message}")
+      error_exit(e)
+    end
+
     desc "check", "Check repository integrity and compatibility"
     option :verify_data, type: :boolean, default: false, desc: "Verify repository data (slower)"
     option :all, type: :boolean, default: false, desc: "Check all repositories"
@@ -404,7 +480,9 @@ module Ruborg
       repo = Repository.new(repo_config["path"], passphrase: passphrase, borg_options: borg_opts, borg_path: borg_path)
 
       # Auto-initialize if configured
-      auto_init = merged_config["auto_init"] || false
+      # Use strict boolean checking: only true enables, everything else disables
+      auto_init = merged_config["auto_init"]
+      auto_init = false unless auto_init == true
       if auto_init && !repo.exists?
         @logger.info("Auto-initializing repository at #{repo_config["path"]}")
         repo.create
@@ -414,6 +492,17 @@ module Ruborg
       # Get retention mode (defaults to standard)
       retention_mode = merged_config["retention_mode"] || "standard"
 
+      # Validate remove_source permission with strict type checking
+      if options[:remove_source]
+        allow_remove_source = merged_config["allow_remove_source"]
+        unless allow_remove_source.is_a?(TrueClass)
+          raise ConfigError,
+                "Cannot use --remove-source: 'allow_remove_source' must be true (boolean). " \
+                "Current value: #{allow_remove_source.inspect} (#{allow_remove_source.class}). " \
+                "Set 'allow_remove_source: true' in configuration to allow source deletion."
+        end
+      end
+
       # Create backup config wrapper
       backup_config = BackupConfig.new(repo_config, merged_config)
       backup = Backup.new(repo, config: backup_config, retention_mode: retention_mode, repo_name: repo_name)
@@ -435,7 +524,9 @@ module Ruborg
       puts "  Sources removed" if options[:remove_source]
 
       # Auto-prune if configured and retention policy exists
-      auto_prune = merged_config["auto_prune"] || false
+      # Use strict boolean checking: only true enables, everything else disables
+      auto_prune = merged_config["auto_prune"]
+      auto_prune = false unless auto_prune == true
       retention_policy = merged_config["retention"]
 
       return unless auto_prune && retention_policy && !retention_policy.empty?
@@ -480,6 +571,34 @@ module Ruborg
             "but current hostname is '#{current_hostname}'"
     end
 
+    # Validate boolean configuration settings
+    def validate_boolean_setting(config, key, context)
+      errors = []
+      value = config[key]
+
+      return errors if value.nil? # Not set is OK
+
+      unless value.is_a?(TrueClass) || value.is_a?(FalseClass)
+        errors << "#{context}/#{key}: must be boolean (true/false), got #{value.class}: #{value.inspect}"
+      end
+
+      errors
+    end
+
+    # Validate borg_options boolean settings (these have different defaults)
+    def validate_borg_option(borg_options, key, context)
+      warnings = []
+      value = borg_options[key]
+
+      return warnings if value.nil? # Not set is OK (uses default)
+
+      unless value.is_a?(TrueClass) || value.is_a?(FalseClass)
+        warnings << "#{context}/borg_options/#{key}: should be boolean (true/false), got #{value.class}: #{value.inspect}"
+      end
+
+      warnings
+    end
+
     # Wrapper class to adapt repository config to existing Backup class
     class BackupConfig
       def initialize(repo_config, merged_settings)

data/lib/ruborg/config.rb

@@ -9,10 +9,12 @@ module Ruborg
   class Config
     attr_reader :data
 
-    def initialize(config_path)
+    def initialize(config_path, validate_types: true)
       @config_path = config_path
+      @validate_types = validate_types
       load_config
       validate_format
+      validate_schema if @validate_types
     end
 
     def load_config
@@ -39,7 +41,7 @@ module Ruborg
 
     def global_settings
       @data.slice("passbolt", "compression", "encryption", "auto_init", "borg_options", "log_file", "retention",
-                  "auto_prune", "hostname")
+                  "auto_prune", "hostname", "allow_remove_source")
     end
 
     private
@@ -84,5 +86,78 @@ module Ruborg
 
       patterns
     end
+
+    # Validate YAML schema for type correctness
+    def validate_schema
+      errors = []
+
+      # Validate global boolean settings
+      errors.concat(validate_boolean_config(@data, "auto_init", "global"))
+      errors.concat(validate_boolean_config(@data, "auto_prune", "global"))
+      errors.concat(validate_boolean_config(@data, "allow_remove_source", "global"))
+
+      # Validate global borg_options
+      if @data["borg_options"]
+        errors.concat(validate_boolean_config(@data["borg_options"], "allow_relocated_repo", "global/borg_options"))
+        errors.concat(validate_boolean_config(@data["borg_options"], "allow_unencrypted_repo", "global/borg_options"))
+      end
+
+      # Validate compression and encryption if present
+      if @data["compression"] && !VALID_COMPRESSION.include?(@data["compression"])
+        errors << "global/compression: invalid value '#{@data["compression"]}'"
+      end
+
+      if @data["encryption"] && !VALID_ENCRYPTION.include?(@data["encryption"])
+        errors << "global/encryption: invalid value '#{@data["encryption"]}'"
+      end
+
+      # Validate per-repository settings
+      repositories.each do |repo|
+        repo_name = repo["name"] || "unnamed"
+
+        errors.concat(validate_boolean_config(repo, "auto_init", repo_name))
+        errors.concat(validate_boolean_config(repo, "auto_prune", repo_name))
+        errors.concat(validate_boolean_config(repo, "allow_remove_source", repo_name))
+
+        if repo["borg_options"]
+          errors.concat(validate_boolean_config(repo["borg_options"], "allow_relocated_repo",
+                                                "#{repo_name}/borg_options"))
+          errors.concat(validate_boolean_config(repo["borg_options"], "allow_unencrypted_repo",
+                                                "#{repo_name}/borg_options"))
+        end
+
+        # Validate compression and encryption if present
+        if repo["compression"] && !VALID_COMPRESSION.include?(repo["compression"])
+          errors << "#{repo_name}/compression: invalid value '#{repo["compression"]}'"
+        end
+
+        if repo["encryption"] && !VALID_ENCRYPTION.include?(repo["encryption"])
+          errors << "#{repo_name}/encryption: invalid value '#{repo["encryption"]}'"
+        end
+
+        # Validate repository structure
+        errors << "#{repo_name}: missing 'path' key" unless repo["path"]
+        errors << "#{repo_name}: 'sources' must be an array" if repo["sources"] && !repo["sources"].is_a?(Array)
+      end
+
+      return if errors.empty?
+
+      raise ConfigError,
+            "Configuration validation failed:\n  - #{errors.join("\n  - ")}\n\n" \
+            "Run 'ruborg validate' for detailed validation information."
+    end
+
+    def validate_boolean_config(config, key, context)
+      errors = []
+      value = config[key]
+
+      return errors if value.nil? # Not set is OK
+
+      unless value.is_a?(TrueClass) || value.is_a?(FalseClass)
+        errors << "#{context}/#{key}: must be boolean (true or false), got #{value.class}: #{value.inspect}"
+      end
+
+      errors
+    end
   end
 end

data/lib/ruborg/repository.rb

@@ -189,8 +189,12 @@ module Ruborg
       env = {}
       env["BORG_PASSPHRASE"] = @passphrase if @passphrase
 
+      # Use strict boolean checking (only true/false allowed, default to true for backward compatibility)
       allow_relocated = @borg_options.fetch("allow_relocated_repo", true)
+      allow_relocated = true unless allow_relocated == false # Normalize: only false disables, everything else enables
+
       allow_unencrypted = @borg_options.fetch("allow_unencrypted_repo", true)
+      allow_unencrypted = true unless allow_unencrypted == false # Normalize: only false disables, everything else enables
 
       env["BORG_RELOCATED_REPO_ACCESS_IS_OK"] = allow_relocated ? "yes" : "no"
       env["BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK"] = allow_unencrypted ? "yes" : "no"
@@ -327,8 +331,12 @@ module Ruborg
       env["BORG_PASSPHRASE"] = @passphrase if @passphrase
 
       # Apply Borg environment options from config (defaults to yes for backward compatibility)
+      # Use strict boolean checking (only true/false allowed, default to true for backward compatibility)
       allow_relocated = @borg_options.fetch("allow_relocated_repo", true)
+      allow_relocated = true unless allow_relocated == false # Normalize: only false disables, everything else enables
+
       allow_unencrypted = @borg_options.fetch("allow_unencrypted_repo", true)
+      allow_unencrypted = true unless allow_unencrypted == false # Normalize: only false disables, everything else enables
 
       env["BORG_RELOCATED_REPO_ACCESS_IS_OK"] = allow_relocated ? "yes" : "no"
       env["BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK"] = allow_unencrypted ? "yes" : "no"

data/lib/ruborg/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Ruborg
-  VERSION = "0.5.0"
+  VERSION = "0.6.0"
 end

data/ruborg.gemspec

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require_relative "lib/ruborg/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "ruborg"
+  spec.version = Ruborg::VERSION
+  spec.authors = ["Michail Pantelelis"]
+  spec.email = ["mpantel@aegean.gr"]
+
+  spec.summary = "A friendly Ruby frontend for Borg backup"
+  spec.description = "Ruborg provides a user-friendly interface to Borg backup. " \
+                     "It reads YAML configuration files and orchestrates backup operations, " \
+                     "supporting repository creation, backup management, and Passbolt integration."
+  spec.homepage = "https://github.com/mpantel/ruborg"
+  spec.license = "MIT"
+  spec.required_ruby_version = ">= 3.2.0"
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "#{spec.homepage}.git"
+  spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/main/CHANGELOG.md"
+  spec.metadata["rubygems_mfa_required"] = "true"
+
+  # Specify which files should be added to the gem when it is released.
+  spec.files = Dir.chdir(__dir__) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (File.expand_path(f) == __FILE__) ||
+        f.start_with?(*%w[bin/ test/ spec/ features/ .git .github appveyor Gemfile])
+    end
+  end
+  spec.bindir = "exe"
+  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  # Dependencies
+  spec.add_dependency "psych", "~> 5.0"
+  spec.add_dependency "thor", "~> 1.3"
+
+  # Development dependencies
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "bundler-audit", "~> 0.9"
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "rubocop", "~> 1.0"
+  spec.add_development_dependency "rubocop-rspec", "~> 3.0"
+end

data/ruborg.yml.example

@@ -11,6 +11,7 @@ compression: lz4          # Options: lz4 (fast), zstd (balanced), lzma (high com
 encryption: repokey       # Options: repokey, keyfile, none (NOT recommended)
 auto_init: true           # Automatically initialize repositories on first use
 auto_prune: true          # Automatically prune old backups after each backup
+allow_remove_source: false # Allow --remove-source flag to delete source files after backup (default: false)
 log_file: ~/.ruborg/logs/ruborg.log  # Log file path (optional)
 
 # Custom Borg executable path (optional)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruborg
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Michail Pantelelis
@@ -148,6 +148,7 @@ files:
 - lib/ruborg/passbolt.rb
 - lib/ruborg/repository.rb
 - lib/ruborg/version.rb
+- ruborg.gemspec
 - ruborg.yml.example
 homepage: https://github.com/mpantel/ruborg
 licenses: