diff --git a/doc/Design.md b/doc/Design.md index c78f4d94e..6e9cd39af 100644 --- a/doc/Design.md +++ b/doc/Design.md @@ -62,11 +62,13 @@ overhead is 32 bytes. For each file, a new random IV is selected. The file `config` is encrypted this way and contains a JSON document like the following: - { - "version": 1, - "id": "5956a3f67a6230d4a92cefb29529f10196c7d92582ec305fd71ff6d331d6271b", - "chunker_polynomial": "25b468838dcb75" - } +```json +{ + "version": 1, + "id": "5956a3f67a6230d4a92cefb29529f10196c7d92582ec305fd71ff6d331d6271b", + "chunker_polynomial": "25b468838dcb75" +} +``` After decryption, restic first checks that the version field contains a version number that it understands, otherwise it aborts. At the moment, the version is @@ -102,7 +104,9 @@ The basic layout of a sample restic repository is shown here: A repository can be initialized with the `restic init` command, e.g.: - $ restic -r /tmp/restic-repo init +```console +$ restic -r /tmp/restic-repo init +``` Pack Format ----------- @@ -163,35 +167,37 @@ used to reconstruct the index. The files are encrypted and authenticated like Data and Tree Blobs, so the outer structure is `IV || Ciphertext || MAC` again. The plaintext consists of a JSON document like the following: +```json +{ + "supersedes": [ + "ed54ae36197f4745ebc4b54d10e0f623eaaaedd03013eb7ae90df881b7781452" + ], + "packs": [ { - "supersedes": [ - "ed54ae36197f4745ebc4b54d10e0f623eaaaedd03013eb7ae90df881b7781452" - ], - "packs": [ + "id": "73d04e6125cf3c28a299cc2f3cca3b78ceac396e4fcf9575e34536b26782413c", + "blobs": [ { - "id": "73d04e6125cf3c28a299cc2f3cca3b78ceac396e4fcf9575e34536b26782413c", - "blobs": [ - { - "id": "3ec79977ef0cf5de7b08cd12b874cd0f62bbaf7f07f3497a5b1bbcc8cb39b1ce", - "type": "data", - "offset": 0, - "length": 25 - },{ - "id": "9ccb846e60d90d4eb915848add7aa7ea1e4bbabfc60e573db9f7bfb2789afbae", - "type": "tree", - "offset": 38, - "length": 100 - }, - { - "id": "d3dc577b4ffd38cc4b32122cabf8655a0223ed22edfd93b353dc0c3f2b0fdf66", - "type": "data", - "offset": 150, - "length": 123 - } - ] - }, [...] + "id": "3ec79977ef0cf5de7b08cd12b874cd0f62bbaf7f07f3497a5b1bbcc8cb39b1ce", + "type": "data", + "offset": 0, + "length": 25 + },{ + "id": "9ccb846e60d90d4eb915848add7aa7ea1e4bbabfc60e573db9f7bfb2789afbae", + "type": "tree", + "offset": 38, + "length": 100 + }, + { + "id": "d3dc577b4ffd38cc4b32122cabf8655a0223ed22edfd93b353dc0c3f2b0fdf66", + "type": "data", + "offset": 150, + "length": 123 + } ] - } + }, [...] + ] +} +``` This JSON document lists Packs and the blobs contained therein. In this example, the Pack `73d04e61` contains two data Blobs and one Tree blob, the @@ -258,14 +264,16 @@ document which contains the master encryption and message authentication keys for this repository (encoded in Base64). The command `restic cat masterkey` can be used as follows to decrypt and pretty-print the master key: - $ restic -r /tmp/restic-repo cat masterkey - { - "mac": { - "k": "evFWd9wWlndL9jc501268g==", - "r": "E9eEDnSJZgqwTOkDtOp+Dw==" - }, - "encrypt": "UQCqa0lKZ94PygPxMRqkePTZnHRYh1k1pX2k2lM2v3Q=", - } +```console +$ restic -r /tmp/restic-repo cat masterkey +{ + "mac": { + "k": "evFWd9wWlndL9jc501268g==", + "r": "E9eEDnSJZgqwTOkDtOp+Dw==" + }, + "encrypt": "UQCqa0lKZ94PygPxMRqkePTZnHRYh1k1pX2k2lM2v3Q=", +} +``` All data in the repository is encrypted and authenticated with these master keys. For encryption, the AES-256 algorithm in Counter mode is used. For message @@ -286,17 +294,19 @@ string is unique and used within restic to uniquely identify a snapshot. The command `restic cat snapshot` can be used as follows to decrypt and pretty-print the contents of a snapshot file: - $ restic -r /tmp/restic-repo cat snapshot 22a5af1b - enter password for repository: - { - "time": "2015-01-02T18:10:50.895208559+01:00", - "tree": "2da81727b6585232894cfbb8f8bdab8d1eccd3d8f7c92bc934d62e62e618ffdf", - "dir": "/tmp/testdata", - "hostname": "kasimir", - "username": "fd0", - "uid": 1000, - "gid": 100 - } +```console +$ restic -r /tmp/restic-repo cat snapshot 22a5af1b +enter password for repository: +{ + "time": "2015-01-02T18:10:50.895208559+01:00", + "tree": "2da81727b6585232894cfbb8f8bdab8d1eccd3d8f7c92bc934d62e62e618ffdf", + "dir": "/tmp/testdata", + "hostname": "kasimir", + "username": "fd0", + "uid": 1000, + "gid": 100 +} +``` Here it can be seen that this snapshot represents the contents of the directory `/tmp/testdata`. The most important field is `tree`. @@ -319,26 +329,28 @@ subdirectory of the directory `data`. The command `restic cat tree` can be used to inspect the tree referenced above: - $ restic -r /tmp/restic-repo cat tree b8138ab08a4722596ac89c917827358da4672eac68e3c03a8115b88dbf4bfb59 - enter password for repository: +```console +$ restic -r /tmp/restic-repo cat tree b8138ab08a4722596ac89c917827358da4672eac68e3c03a8115b88dbf4bfb59 +enter password for repository: +{ + "nodes": [ { - "nodes": [ - { - "name": "testdata", - "type": "dir", - "mode": 493, - "mtime": "2014-12-22T14:47:59.912418701+01:00", - "atime": "2014-12-06T17:49:21.748468803+01:00", - "ctime": "2014-12-22T14:47:59.912418701+01:00", - "uid": 1000, - "gid": 100, - "user": "fd0", - "inode": 409704562, - "content": null, - "subtree": "b26e315b0988ddcd1cee64c351d13a100fedbc9fdbb144a67d1b765ab280b4dc" - } - ] + "name": "testdata", + "type": "dir", + "mode": 493, + "mtime": "2014-12-22T14:47:59.912418701+01:00", + "atime": "2014-12-06T17:49:21.748468803+01:00", + "ctime": "2014-12-22T14:47:59.912418701+01:00", + "uid": 1000, + "gid": 100, + "user": "fd0", + "inode": 409704562, + "content": null, + "subtree": "b26e315b0988ddcd1cee64c351d13a100fedbc9fdbb144a67d1b765ab280b4dc" } + ] +} +``` A tree contains a list of entries (in the field `nodes`) which contain meta data like a name and timestamps. When the entry references a directory, the @@ -347,30 +359,32 @@ field `subtree` contains the plain text ID of another tree object. When the command `restic cat tree` is used, the storage hash is needed to print a tree. The tree referenced above can be dumped as follows: - $ restic -r /tmp/restic-repo cat tree 8b238c8811cc362693e91a857460c78d3acf7d9edb2f111048691976803cf16e - enter password for repository: +```console +$ restic -r /tmp/restic-repo cat tree 8b238c8811cc362693e91a857460c78d3acf7d9edb2f111048691976803cf16e +enter password for repository: +{ + "nodes": [ { - "nodes": [ - { - "name": "testfile", - "type": "file", - "mode": 420, - "mtime": "2014-12-06T17:50:23.34513538+01:00", - "atime": "2014-12-06T17:50:23.338468713+01:00", - "ctime": "2014-12-06T17:50:23.34513538+01:00", - "uid": 1000, - "gid": 100, - "user": "fd0", - "inode": 416863351, - "size": 1234, - "links": 1, - "content": [ - "50f77b3b4291e8411a027b9f9b9e64658181cc676ce6ba9958b95f268cb1109d" - ] - }, - [...] + "name": "testfile", + "type": "file", + "mode": 420, + "mtime": "2014-12-06T17:50:23.34513538+01:00", + "atime": "2014-12-06T17:50:23.338468713+01:00", + "ctime": "2014-12-06T17:50:23.34513538+01:00", + "uid": 1000, + "gid": 100, + "user": "fd0", + "inode": 416863351, + "size": 1234, + "links": 1, + "content": [ + "50f77b3b4291e8411a027b9f9b9e64658181cc676ce6ba9958b95f268cb1109d" ] - } + }, + [...] + ] +} +``` This tree contains a file entry. This time, the `subtree` field is not present and the `content` field contains a list with one plain text SHA-256 hash. @@ -378,9 +392,11 @@ and the `content` field contains a list with one plain text SHA-256 hash. The command `restic cat data` can be used to extract and decrypt data given a plaintext ID, e.g. for the data mentioned above: - $ restic -r /tmp/restic-repo cat blob 50f77b3b4291e8411a027b9f9b9e64658181cc676ce6ba9958b95f268cb1109d | sha256sum - enter password for repository: - 50f77b3b4291e8411a027b9f9b9e64658181cc676ce6ba9958b95f268cb1109d - +```console +$ restic -r /tmp/restic-repo cat blob 50f77b3b4291e8411a027b9f9b9e64658181cc676ce6ba9958b95f268cb1109d | sha256sum +enter password for repository: +50f77b3b4291e8411a027b9f9b9e64658181cc676ce6ba9958b95f268cb1109d - +``` As can be seen from the output of the program `sha256sum`, the hash matches the plaintext hash from the map included in the tree above, so the correct data has @@ -404,15 +420,17 @@ A lock is a file in the subdir `locks` whose filename is the storage ID of the contents. It is encrypted and authenticated the same way as other files in the repository and contains the following JSON structure: - { - "time": "2015-06-27T12:18:51.759239612+02:00", - "exclusive": false, - "hostname": "kasimir", - "username": "fd0", - "pid": 13607, - "uid": 1000, - "gid": 100 - } +```json +{ + "time": "2015-06-27T12:18:51.759239612+02:00", + "exclusive": false, + "hostname": "kasimir", + "username": "fd0", + "pid": 13607, + "uid": 1000, + "gid": 100 +} +``` The field `exclusive` defines the type of lock. When a new lock is to be created, restic checks all locks in the repository. When a lock is found, it diff --git a/doc/Manual.md b/doc/Manual.md index 6db8c6572..fa74bceb1 100644 --- a/doc/Manual.md +++ b/doc/Manual.md @@ -6,16 +6,22 @@ functionality provided by restic. If you are using Mac OS X, you can install restic using the [homebrew](http://brew.sh/) packet manager: - $ brew tap restic/restic - $ brew install restic +```console +$ brew tap restic/restic +$ brew install restic +``` On archlinux, there is a package called `restic-git` which can be installed from AUR, e.g. with `pacaur`: - $ pacaur -S restic-git +```console +$ pacaur -S restic-git +``` At debian stable you can install 'go' directly from the repositories (as root): - $ apt-get install golang-go +```console +$ apt-get install golang-go +``` after installation of 'go' go straight forward to 'git clone [...]' @@ -28,80 +34,84 @@ instructions how to install Go. In order to build restic from source, execute the following steps: - $ git clone https://github.com/restic/restic - [...] +```console +$ git clone https://github.com/restic/restic +[...] - $ cd restic +$ cd restic - $ go run build.go +$ go run build.go +``` At the moment, the only tested compiler for restic is the official Go compiler. Building restic with gccgo may work, but is not supported. Usage help is available: - $ ./restic --help - Usage: - restic [OPTIONS] +```console +$ ./restic --help +restic is a backup program which allows saving multiple revisions of files and +directories in an encrypted repository stored on different backends. - Application Options: - -r, --repo= Repository directory to backup to/restore from - --cache-dir= Directory to use as a local cache - -q, --quiet Do not output comprehensive progress report (false) - --no-lock Do not lock the repo, this allows some operations on read-only repos. (false) - -o, --option= Specify options in the form 'foo.key=value' +Usage: + restic [command] - Help Options: - -h, --help Show this help message +Available Commands: + backup create a new backup of files and/or directories + cat print internal objects to stdout + check check the repository for errors + find find a file or directory + forget forget removes snapshots from the repository + init initialize a new repository + key manage keys (passwords) + list list items in the repository + ls list files in a snapshot + mount mount the repository + prune remove unneeded data from the repository + rebuild-index build a new index file + restore extract the data from a snapshot + snapshots list all snapshots + unlock remove locks other processes created + version Print version information - Available commands: - backup save file/directory - cat dump something - check check the repository - find find a file/directory - forget removes snapshots from a repository - init create repository - key manage keys - list lists data - ls list files - mount mount a repository - prune removes content from a repository - rebuild-index rebuild the index - restore restore a snapshot - snapshots show snapshots - unlock remove locks - version display version +Flags: + --no-lock do not lock the repo, this allows some operations on read-only repos + -p, --password-file string read the repository password from a file + -q, --quiet do not outputcomprehensive progress report + -r, --repo string repository to backup to or restore from (default: $RESTIC_REPOSITORY) + +Use "restic [command] --help" for more information about a command. +``` Similar to programs such as `git`, restic has a number of sub-commands. You can see these commands in the listing above. Each sub-command may have own command-line options, and there is a help option for each command which lists them, e.g. for the `backup` command: - $ ./restic backup --help - Usage: - restic [OPTIONS] backup DIR/FILE [DIR/FILE] [...] +```console +$ ./restic backup --help +The "backup" command creates a new snapshot and saves the files and directories +given as the arguments. - The backup command creates a snapshot of a file or directory +Usage: + restic backup [flags] FILE/DIR [FILE/DIR] ... - Application Options: - -r, --repo= Repository directory to backup to/restore from (/tmp/repo) - -p, --password-file= Read the repository password from a file - --cache-dir= Directory to use as a local cache - -q, --quiet Do not output comprehensive progress report (false) - --no-lock Do not lock the repo, this allows some operations on read-only repos. (false) - -o, --option= Specify options in the form 'foo.key=value' +Flags: + -e, --exclude pattern exclude a pattern (can be specified multiple times) + --exclude-file string read exclude patterns from a file + -f, --force force re-reading the target files/directories. Overrides the "parent" flag + -x, --one-file-system Exclude other file systems + --parent string use this parent snapshot (default: last snapshot in the repo that has the same target files/directories) + --stdin read backup from stdin + --stdin-filename string file name to use when reading from stdin + --tag tag add a tag for the new snapshot (can be specified multiple times) - Help Options: - -h, --help Show this help message - - [backup command options] - -p, --parent= use this parent snapshot (default: last snapshot in repo that has the same target) - -f, --force Force re-reading the target. Overrides the "parent" flag - -e, --exclude= Exclude a pattern (can be specified multiple times) - --exclude-file= Read exclude-patterns from file - --stdin read backup data from stdin - --stdin-filename= file name to use when reading from stdin (stdin) - --tag= Add a tag (can be specified multiple times) +Global Flags: + --no-lock do not lock the repo, this allows some operations on read-only repos + -p, --password-file string read the repository password from a file + -q, --quiet do not outputcomprehensive progress report + -r, --repo string repository to backup to or restore from (default: $RESTIC_REPOSITORY) +``` Subcommand that support showing progress information such as `backup`, `check` and `prune` will do so unless the quiet flag `-q` or `--quiet` is set. When running from a non-interactive console progress reporting will @@ -119,12 +129,14 @@ will be saved at. In order to create a repository at `/tmp/backup`, run the following command and enter the same password twice: - $ restic init --repo /tmp/backup - enter password for new backend: - enter password again: - created restic backend 085b3c76b9 at /tmp/backup - Please note that knowledge of your password is required to access the repository. - Losing your password means that your data is irrecoverably lost. +```console +$ restic init --repo /tmp/backup +enter password for new backend: +enter password again: +created restic backend 085b3c76b9 at /tmp/backup +Please note that knowledge of your password is required to access the repository. +Losing your password means that your data is irrecoverably lost. +``` Remembering your password is important! If you lose it, you won't be able to access data stored in the repository. @@ -146,8 +158,10 @@ You can workaround this by using a special tool called `winpty` (look [here](https://github.com/rprichard/winpty) for detail information). On MSYS2, you can install `winpty` as follows: - $ pacman -S winpty - $ winpty restic -r /tmp/backup init +```console +$ pacman -S winpty +$ winpty restic -r /tmp/backup init +``` # Create a snapshot @@ -155,13 +169,15 @@ Now we're ready to backup some data. The contents of a directory at a specific point in time is called a "snapshot" in restic. Run the following command and enter the repository password you chose above again: - $ restic -r /tmp/backup backup ~/work - enter password for repository: - scan [/home/user/work] - scanned 764 directories, 1816 files in 0:00 - [0:29] 100.00% 54.732 MiB/s 1.582 GiB / 1.582 GiB 2580 / 2580 items 0 errors ETA 0:00 - duration: 0:29, 54.47MiB/s - snapshot 40dc1520 saved +```console +$ restic -r /tmp/backup backup ~/work +enter password for repository: +scan [/home/user/work] +scanned 764 directories, 1816 files in 0:00 +[0:29] 100.00% 54.732 MiB/s 1.582 GiB / 1.582 GiB 2580 / 2580 items 0 errors ETA 0:00 +duration: 0:29, 54.47MiB/s +snapshot 40dc1520 saved +``` As you can see, restic created a backup of the directory and was pretty fast! The specific snapshot just created is identified by a sequence of hexadecimal @@ -170,40 +186,46 @@ characters, `40dc1520` in this case. If you run the command again, restic will create another snapshot of your data, but this time it's even faster. This is de-duplication at work! - $ restic -r /tmp/backup backup ~/shared/work/web - enter password for repository: - using parent snapshot 40dc1520aa6a07b7b3ae561786770a01951245d2367241e71e9485f18ae8228c - scan [/home/user/work] - scanned 764 directories, 1816 files in 0:00 - [0:00] 100.00% 0B/s 1.582 GiB / 1.582 GiB 2580 / 2580 items 0 errors ETA 0:00 - duration: 0:00, 6572.38MiB/s - snapshot 79766175 saved +```console +$ restic -r /tmp/backup backup ~/shared/work/web +enter password for repository: +using parent snapshot 40dc1520aa6a07b7b3ae561786770a01951245d2367241e71e9485f18ae8228c +scan [/home/user/work] +scanned 764 directories, 1816 files in 0:00 +[0:00] 100.00% 0B/s 1.582 GiB / 1.582 GiB 2580 / 2580 items 0 errors ETA 0:00 +duration: 0:00, 6572.38MiB/s +snapshot 79766175 saved +``` You can even backup individual files in the same repository. - $ restic -r /tmp/backup backup ~/work.txt - scan [~/work.txt] - scanned 0 directories, 1 files in 0:00 - [0:00] 100.00% 0B/s 220B / 220B 1 / 1 items 0 errors ETA 0:00 - duration: 0:00, 0.03MiB/s - snapshot 31f7bd63 saved +```console +$ restic -r /tmp/backup backup ~/work.txt +scan [~/work.txt] +scanned 0 directories, 1 files in 0:00 +[0:00] 100.00% 0B/s 220B / 220B 1 / 1 items 0 errors ETA 0:00 +duration: 0:00, 0.03MiB/s +snapshot 31f7bd63 saved +``` In fact several hosts may use the same repository to backup directories and files leading to a greater de-duplication. -You can exclude folders and files by specifying exclude-patterns. +You can exclude folders and files by specifying exclude-patterns. Either specify them with multiple `--exclude`'s or one `--exclude-file` - $ cat exclude - # exclude go-files - *.go - # exclude foo/x/y/z/bar foo/x/bar foo/bar - foo/**/bar - $ restic -r /tmp/backup backup ~/work --exclude=*.c --exclude-file=exclude +```console +$ cat exclude +# exclude go-files +*.go +# exclude foo/x/y/z/bar foo/x/bar foo/bar +foo/**/bar +$ restic -r /tmp/backup backup ~/work --exclude=*.c --exclude-file=exclude +``` Patterns use [`filepath.Glob`](https://golang.org/pkg/path/filepath/#Glob) internally, see [`filepath.Match`](https://golang.org/pkg/path/filepath/#Match) for syntax. -Additionally `**` exludes arbitrary subdirectories. +Additionally `**` exludes arbitrary subdirectories. Environment-variables in exclude-files are expanded with [`os.ExpandEnv`](https://golang.org/pkg/os/#ExpandEnv). By specifying the option `--one-file-system` you can instruct restic to only @@ -211,7 +233,9 @@ backup files from the file systems the initially specified files or directories reside on. For example, calling restic like this won't backup `/sys` or `/dev` on a Linux system: - $ restic -r /tmp/backup backup --one-file-system / +```console +$ restic -r /tmp/backup backup --one-file-system / +``` ## Reading data from stdin @@ -219,7 +243,9 @@ Sometimes it can be nice to directly save the output of a program, e.g. `mysqldump` so that the SQL can later be restored. Restic supports this mode of operation, just supply the option `--stdin` to the `backup` command like this: - $ mysqldump [...] | restic -r /tmp/backup backup --stdin +```console +$ mysqldump [...] | restic -r /tmp/backup backup --stdin +``` This creates a new snapshot of the output of `mysqldump`. You can then use e.g. the fuse mounting option (see below) to mount the repository and read the file. @@ -227,15 +253,19 @@ the fuse mounting option (see below) to mount the repository and read the file. By default, the file name `stdin` is used, a different name can be specified with `--stdin-filename`, e.g. like this: - $ mysqldump [...] | restic -r /tmp/backup backup --stdin --stdin-filename production.sql +```console +$ mysqldump [...] | restic -r /tmp/backup backup --stdin --stdin-filename production.sql +``` ## Tags Snapshots can have one or more tags, short strings which add identifying information. Just specify the tags for a snapshot with `--tag`: - $ restic -r /tmp/backup backup --tag projectX ~/shared/work/web - [...] +```console +$ restic -r /tmp/backup backup --tag projectX ~/shared/work/web +[...] +``` The tags can later be used to keep (or forget) snapshots. @@ -243,52 +273,62 @@ The tags can later be used to keep (or forget) snapshots. Now, you can list all the snapshots stored in the repository: - $ restic -r /tmp/backup snapshots - enter password for repository: - ID Date Host Tags Directory - ---------------------------------------------------------------------- - 40dc1520 2015-05-08 21:38:30 kasimir /home/user/work - 79766175 2015-05-08 21:40:19 kasimir /home/user/work - bdbd3439 2015-05-08 21:45:17 luigi /home/art - 590c8fc8 2015-05-08 21:47:38 kazik /srv - 9f0bc19e 2015-05-08 21:46:11 luigi /srv +```console +$ restic -r /tmp/backup snapshots +enter password for repository: +ID Date Host Tags Directory +---------------------------------------------------------------------- +40dc1520 2015-05-08 21:38:30 kasimir /home/user/work +79766175 2015-05-08 21:40:19 kasimir /home/user/work +bdbd3439 2015-05-08 21:45:17 luigi /home/art +590c8fc8 2015-05-08 21:47:38 kazik /srv +9f0bc19e 2015-05-08 21:46:11 luigi /srv +``` You can filter the listing by directory path: - $ restic -r /tmp/backup snapshots --path="/srv" - enter password for repository: - ID Date Host Tags Directory - ---------------------------------------------------------------------- - 590c8fc8 2015-05-08 21:47:38 kazik /srv - 9f0bc19e 2015-05-08 21:46:11 luigi /srv +```console +$ restic -r /tmp/backup snapshots --path="/srv" +enter password for repository: +ID Date Host Tags Directory +---------------------------------------------------------------------- +590c8fc8 2015-05-08 21:47:38 kazik /srv +9f0bc19e 2015-05-08 21:46:11 luigi /srv +``` Or filter by host: - $ restic -r /tmp/backup snapshots --host luigi - enter password for repository: - ID Date Host Tags Directory - ---------------------------------------------------------------------- - bdbd3439 2015-05-08 21:45:17 luigi /home/art - 9f0bc19e 2015-05-08 21:46:11 luigi /srv +```console +$ restic -r /tmp/backup snapshots --host luigi +enter password for repository: +ID Date Host Tags Directory +---------------------------------------------------------------------- +bdbd3439 2015-05-08 21:45:17 luigi /home/art +9f0bc19e 2015-05-08 21:46:11 luigi /srv +``` -Combining filters is also possible. +Combining filters is also possible. # Restore a snapshot Restoring a snapshot is as easy as it sounds, just use the following command to restore the contents of the latest snapshot to `/tmp/restore-work`: - $ restic -r /tmp/backup restore 79766175 --target ~/tmp/restore-work - enter password for repository: - restoring to /tmp/restore-work +```console +$ restic -r /tmp/backup restore 79766175 --target ~/tmp/restore-work +enter password for repository: +restoring to /tmp/restore-work +``` Use the word `latest` to restore the last backup. You can also combine `latest` with the `--host` and `--path` filters to choose the last backup for a specific host, path or both. - $ restic -r /tmp/backup restore latest --target ~/tmp/restore-work --path "/home/art" --host luigi - enter password for repository: - restoring to /tmp/restore-work +```console +$ restic -r /tmp/backup restore latest --target ~/tmp/restore-work --path "/home/art" --host luigi +enter password for repository: +restoring to /tmp/restore-work +``` # Manage repository keys @@ -297,24 +337,26 @@ The `key` command allows you to set multiple access keys or passwords per repository. In fact, you can use the `list`, `add`, `remove` and `passwd` sub-commands to manage these keys very precisely: - $ restic -r /tmp/backup key list - enter password for repository: - ID User Host Created - ---------------------------------------------------------------------- - *eb78040b username kasimir 2015-08-12 13:29:57 +```console +$ restic -r /tmp/backup key list +enter password for repository: + ID User Host Created +---------------------------------------------------------------------- +*eb78040b username kasimir 2015-08-12 13:29:57 - $ restic -r /tmp/backup key add - enter password for repository: - enter password for new key: - enter password again: - saved new key as +$ restic -r /tmp/backup key add +enter password for repository: +enter password for new key: +enter password again: +saved new key as - $ restic -r backup key list - enter password for repository: - ID User Host Created - ---------------------------------------------------------------------- - 5c657874 username kasimir 2015-08-12 13:35:05 - *eb78040b username kasimir 2015-08-12 13:29:57 +$ restic -r backup key list +enter password for repository: + ID User Host Created +---------------------------------------------------------------------- + 5c657874 username kasimir 2015-08-12 13:35:05 +*eb78040b username kasimir 2015-08-12 13:29:57 +``` # Check integrity and consistency @@ -322,22 +364,28 @@ Imagine your repository is saved on a server that has a faulty hard drive, or even worse, attackers get privileged access and modify your backup with the intention to make you restore malicious data: - $ sudo echo "boom" >> backup/index/d795ffa99a8ab8f8e42cec1f814df4e48b8f49129360fb57613df93739faee97 +```console +$ sudo echo "boom" >> backup/index/d795ffa99a8ab8f8e42cec1f814df4e48b8f49129360fb57613df93739faee97 +``` In order to detect these things, it is a good idea to regularly use the `check` command to test whether everything is alright, your precious backup data is consistent and the integrity is unharmed: - $ restic -r /tmp/backup check - Load indexes - ciphertext verification failed +```console +$ restic -r /tmp/backup check +Load indexes +ciphertext verification failed +``` Trying to restore a snapshot which has been modified as shown above will yield the same error: - $ restic -r /tmp/backup restore 79766175 --target ~/tmp/restore-work - Load indexes - ciphertext verification failed +```console +$ restic -r /tmp/backup restore 79766175 --target ~/tmp/restore-work +Load indexes +ciphertext verification failed +``` # Mount a repository @@ -345,11 +393,13 @@ Browsing your backup as a regular file system is also very easy. First, create a mount point such as `/mnt/restic` and then use the following command to serve the repository with FUSE: - $ mkdir /mnt/restic - $ restic -r /tmp/backup mount /mnt/restic - enter password for repository: - Now serving /tmp/backup at /tmp/restic - Don't forget to umount after quitting! +```console +$ mkdir /mnt/restic +$ restic -r /tmp/backup mount /mnt/restic +enter password for repository: +Now serving /tmp/backup at /tmp/restic +Don't forget to umount after quitting! +``` Mounting repositories via FUSE is not possible on Windows and OpenBSD. @@ -363,12 +413,14 @@ credentials. Once the server is configured, the setup of the SFTP repository can simply be achieved by changing the URL scheme in the `init` command: - $ restic -r sftp:user@host:/tmp/backup init - enter password for new backend: - enter password again: - created restic backend f1c6108821 at sftp:user@host:/tmp/backup - Please note that knowledge of your password is required to access the repository. - Losing your password means that your data is irrecoverably lost. +```console +$ restic -r sftp:user@host:/tmp/backup init +enter password for new backend: +enter password again: +created restic backend f1c6108821 at sftp:user@host:/tmp/backup +Please note that knowledge of your password is required to access the repository. +Losing your password means that your data is irrecoverably lost. +``` You can also specify a relative (read: no slash (`/`) character at the beginning) directory, in this case the dir is relative to the remote user's @@ -378,17 +430,21 @@ home directory. Restic can backup data to any Amazon S3 bucket. However, in this case, changing the URL scheme is not enough since Amazon uses special security credentials to sign HTTP requests. By consequence, you must first setup the following environment variables with the credentials you obtained while creating the bucket. - $ export AWS_ACCESS_KEY_ID= - $ export AWS_SECRET_ACCESS_KEY= +```console +$ export AWS_ACCESS_KEY_ID= +$ export AWS_SECRET_ACCESS_KEY= +``` You can then easily initialize a repository that uses your Amazon S3 as a backend. - $ restic -r s3:eu-central-1/bucket_name init - enter password for new backend: - enter password again: - created restic backend eefee03bbd at s3:eu-central-1/bucket_name - Please note that knowledge of your password is required to access the repository. - Losing your password means that your data is irrecoverably lost. +```console +$ restic -r s3:eu-central-1/bucket_name init +enter password for new backend: +enter password again: +created restic backend eefee03bbd at s3:eu-central-1/bucket_name +Please note that knowledge of your password is required to access the repository. +Losing your password means that your data is irrecoverably lost. +``` Fro an s3-compatible server that is not Amazon (like Minio, see below), or is only available via HTTP, you can specify the URL to the server like this: @@ -400,22 +456,26 @@ only available via HTTP, you can specify the URL to the server like this: ### Pre-Requisites -* Download and Install [Minio Server](https://minio.io/download/). +* Download and Install [Minio Server](https://minio.io/download/). * You can also refer to [https://docs.minio.io](https://docs.minio.io) for step by step guidance on installation and getting started on Minio CLient and Minio Server. You must first setup the following environment variables with the credentials of your running Minio Server. - $ export AWS_ACCESS_KEY_ID= - $ export AWS_SECRET_ACCESS_KEY= +```console +$ export AWS_ACCESS_KEY_ID= +$ export AWS_SECRET_ACCESS_KEY= +``` Now you can easily initialize restic to use Minio server as backend with this command. - $ ./restic -r s3:http://localhost:9000/restic init - enter password for new backend: - enter password again: - created restic backend 6ad29560f5 at s3:http://localhost:9000/restic1 - Please note that knowledge of your password is required to access - the repository. Losing your password means that your data is irrecoverably lost. +```console +$ ./restic -r s3:http://localhost:9000/restic init +enter password for new backend: +enter password again: +created restic backend 6ad29560f5 at s3:http://localhost:9000/restic1 +Please note that knowledge of your password is required to access +the repository. Losing your password means that your data is irrecoverably lost. +``` # Removing old snapshots @@ -430,54 +490,62 @@ the repository. The command `snapshots` can be used to list all snapshots in a repository like this: - $ restic -r /tmp/backup snapshots - enter password for repository: - ID Date Host Tags Directory - ---------------------------------------------------------------------- - 40dc1520 2015-05-08 21:38:30 kasimir /home/user/work - 79766175 2015-05-08 21:40:19 kasimir /home/user/work - bdbd3439 2015-05-08 21:45:17 luigi /home/art - 590c8fc8 2015-05-08 21:47:38 kazik /srv - 9f0bc19e 2015-05-08 21:46:11 luigi /srv +```console +$ restic -r /tmp/backup snapshots +enter password for repository: +ID Date Host Tags Directory +---------------------------------------------------------------------- +40dc1520 2015-05-08 21:38:30 kasimir /home/user/work +79766175 2015-05-08 21:40:19 kasimir /home/user/work +bdbd3439 2015-05-08 21:45:17 luigi /home/art +590c8fc8 2015-05-08 21:47:38 kazik /srv +9f0bc19e 2015-05-08 21:46:11 luigi /srv +``` In order to remove the snapshot of `/home/art`, use the `forget` command and specify the snapshot ID on the command line: - $ restic -r /tmp/backup forget bdbd3439 - enter password for repository: - removed snapshot d3f01f63 +```console +$ restic -r /tmp/backup forget bdbd3439 +enter password for repository: +removed snapshot d3f01f63 +``` Afterwards this snapshot is removed: - $ restic -r /tmp/backup snapshots - enter password for repository: - ID Date Host Tags Directory - ---------------------------------------------------------------------- - 40dc1520 2015-05-08 21:38:30 kasimir /home/user/work - 79766175 2015-05-08 21:40:19 kasimir /home/user/work - 590c8fc8 2015-05-08 21:47:38 kazik /srv - 9f0bc19e 2015-05-08 21:46:11 luigi /srv +```console +$ restic -r /tmp/backup snapshots +enter password for repository: +ID Date Host Tags Directory +---------------------------------------------------------------------- +40dc1520 2015-05-08 21:38:30 kasimir /home/user/work +79766175 2015-05-08 21:40:19 kasimir /home/user/work +590c8fc8 2015-05-08 21:47:38 kazik /srv +9f0bc19e 2015-05-08 21:46:11 luigi /srv +``` But the data that was referenced by files in this snapshot is still stored in the repository. To cleanup unreferenced data, the `prune` command must be run: - $ restic -r /tmp/backup prune - enter password for repository: +```console +$ restic -r /tmp/backup prune +enter password for repository: - counting files in repo - building new index for repo - [0:00] 100.00% 22 / 22 files - repository contains 22 packs (8512 blobs) with 100.092 MiB bytes - processed 8512 blobs: 0 duplicate blobs, 0B duplicate - load all snapshots - find data that is still in use for 1 snapshots - [0:00] 100.00% 1 / 1 snapshots - found 8433 of 8512 data blobs still in use - will rewrite 3 packs - creating new index - [0:00] 86.36% 19 / 22 files - saved new index as 544a5084 - done +counting files in repo +building new index for repo +[0:00] 100.00% 22 / 22 files +repository contains 22 packs (8512 blobs) with 100.092 MiB bytes +processed 8512 blobs: 0 duplicate blobs, 0B duplicate +load all snapshots +find data that is still in use for 1 snapshots +[0:00] 100.00% 1 / 1 snapshots +found 8433 of 8512 data blobs still in use +will rewrite 3 packs +creating new index +[0:00] 86.36% 19 / 22 files +saved new index as 544a5084 +done +``` Afterwards the repository is smaller. @@ -530,12 +598,16 @@ all snapshots! The program can be built with debug support like this: - $ go run build.go -tags debug +```console +$ go run build.go -tags debug +``` Afterwards, extensive debug messages are written to the file in environment variable `DEBUG_LOG`, e.g.: - $ DEBUG_LOG=/tmp/restic-debug.log restic backup ~/work +```console +$ DEBUG_LOG=/tmp/restic-debug.log restic backup ~/work +``` If you suspect that there is a bug, you can have a look at the debug log. Please be aware that the debug log might contain sensitive information such as @@ -551,23 +623,29 @@ separated by commas. Patterns are case sensitive. Printing all log messages to the console can be achieved by setting the file filter to `*`: - $ DEBUG_FILES=* restic check +```console +$ DEBUG_FILES=* restic check +``` If you want restic to just print all debug log messages from the files -`main.go` and `lock.go`, set the environment variable `DEBUG_FILES` like this: +`main.go` and `lock.go`, set the environment variable `DEBUG_FILES` like this: - $ DEBUG_FILES=main.go,lock.go restic check +```console +$ DEBUG_FILES=main.go,lock.go restic check +``` The following command line instructs restic to only print debug statements originating in functions that match the pattern `*unlock*` (case sensitive): - $ DEBUG_FUNCS=*unlock* restic check +```console +$ DEBUG_FUNCS=*unlock* restic check +``` # Under the hood: Browse repository objects Internally, a repository stores data of several different types described in the [design documentation](https://github.com/restic/restic/blob/master/doc/Design.md). You can `list` objects such as blobs, packs, index, snapshots, keys or locks with the following command: -```shell +```console $ restic -r /tmp/backup list snapshots d369ccc7d126594950bf74f0a348d5d98d9e99f3215082eb69bf02dc9b3e464c ``` @@ -575,26 +653,30 @@ d369ccc7d126594950bf74f0a348d5d98d9e99f3215082eb69bf02dc9b3e464c The `find` command searches for a given [pattern](http://golang.org/pkg/path/filepath/#Match) in the repository. - $ restic -r backup find test.txt - debug log file restic.log - debug enabled - enter password for repository: - found 1 matching entries in snapshot 196bc5760c909a7681647949e80e5448e276521489558525680acf1bd428af36 - -rw-r--r-- 501 20 5 2015-08-26 14:09:57 +0200 CEST path/to/test.txt +```console +$ restic -r backup find test.txt +debug log file restic.log +debug enabled +enter password for repository: +found 1 matching entries in snapshot 196bc5760c909a7681647949e80e5448e276521489558525680acf1bd428af36 + -rw-r--r-- 501 20 5 2015-08-26 14:09:57 +0200 CEST path/to/test.txt +``` The `cat` command allows you to display the JSON representation of the objects or its raw content. - $ restic -r /tmp/backup cat snapshot d369ccc7d126594950bf74f0a348d5d98d9e99f3215082eb69bf02dc9b3e464c - enter password for repository: - { - "time": "2015-08-12T12:52:44.091448856+02:00", - "tree": "05cec17e8d3349f402576d02576a2971fc0d9f9776ce2f441c7010849c4ff5af", - "paths": [ - "/home/user/work" - ], - "hostname": "kasimir", - "username": "username", - "uid": 501, - "gid": 20 - } +```console +$ restic -r /tmp/backup cat snapshot d369ccc7d126594950bf74f0a348d5d98d9e99f3215082eb69bf02dc9b3e464c +enter password for repository: +{ + "time": "2015-08-12T12:52:44.091448856+02:00", + "tree": "05cec17e8d3349f402576d02576a2971fc0d9f9776ce2f441c7010849c4ff5af", + "paths": [ + "/home/user/work" + ], + "hostname": "kasimir", + "username": "username", + "uid": 501, + "gid": 20 +} +``` diff --git a/doc/code.css b/doc/code.css new file mode 100644 index 000000000..2a73b3a93 --- /dev/null +++ b/doc/code.css @@ -0,0 +1,124 @@ +code { + font-size: 90%; +} + +/* based on https://github.com/mkdocs/mkdocs/issues/1019 */ + +.codehilite code, .codehilite pre { + color:#3F3F3F;background-color:#F7F7F7; + overflow: auto; + box-sizing: border-box; + + padding: 0.01em 4px; + padding-top: 0.01em; + padding-right-value: 4px; + padding-bottom: 0.01em; + padding-left-value: 4px; + padding-left-ltr-source: physical; + padding-left-rtl-source: physical; + padding-right-ltr-source: physical; + padding-right-rtl-source: physical; + + border-radius: 4px !important; + border-top-left-radius: 4px; + border-top-right-radius: 4px; + border-bottom-right-radius: 4px; + border-bottom-left-radius: 4px; + + border: 1px solid #CCC !important; + border-top-width: 1px; + border-right-width-value: 1px; + border-right-width-ltr-source: physical; + border-right-width-rtl-source: physical; + border-bottom-width: 1px; + border-left-width-value: 1px; + border-left-width-ltr-source: physical; + border-left-width-rtl-source: physical; + border-top-style: solid; + border-right-style-value: solid; + border-right-style-ltr-source: physical; + border-right-style-rtl-source: physical; + border-bottom-style: solid; + border-left-style-value: solid; + border-left-style-ltr-source: physical; + border-left-style-rtl-source: physical; + border-top-color: #CCC; + border-right-color-value: #CCC; + border-right-color-ltr-source: physical; + border-right-color-rtl-source: physical; + border-bottom-color: #CCC; + border-left-color-value: #CCC; + border-left-color-ltr-source: physical; + border-left-color-rtl-source: physical; + -moz-border-top-colors: none; + -moz-border-right-colors: none; + -moz-border-bottom-colors: none; + -moz-border-left-colors: none; + border-image-source: none; + border-image-slice: 100% 100% 100% 100%; + border-image-width: 1 1 1 1; + border-image-outset: 0 0 0 0; + border-image-repeat: stretch stretch; +} + +.codehilite .hll { background-color: #ffffcc } +.codehilite .c { color: #999988; font-style: italic } /* Comment */ +.codehilite .err { color: #a61717; background-color: #e3d2d2 } /* Error */ +.codehilite .k { color: #000000; font-weight: bold } /* Keyword */ +.codehilite .o { color: #000000; font-weight: bold } /* Operator */ +.codehilite .cm { color: #999988; font-style: italic } /* Comment.Multiline */ +.codehilite .cp { color: #999999; font-weight: bold; font-style: italic } /* Comment.Preproc */ +.codehilite .c1 { color: #999988; font-style: italic } /* Comment.Single */ +.codehilite .cs { color: #999999; font-weight: bold; font-style: italic } /* Comment.Special */ +.codehilite .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */ +.codehilite .ge { color: #000000; font-style: italic } /* Generic.Emph */ +.codehilite .gr { color: #aa0000 } /* Generic.Error */ +.codehilite .gh { color: #999999 } /* Generic.Heading */ +.codehilite .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */ +.codehilite .go { color: #888888 } /* Generic.Output */ +.codehilite .gp { color: #555555 } /* Generic.Prompt */ +.codehilite .gs { font-weight: bold } /* Generic.Strong */ +.codehilite .gu { color: #aaaaaa } /* Generic.Subheading */ +.codehilite .gt { color: #aa0000 } /* Generic.Traceback */ +.codehilite .kc { color: #000000; font-weight: bold } /* Keyword.Constant */ +.codehilite .kd { color: #000000; font-weight: bold } /* Keyword.Declaration */ +.codehilite .kn { color: #000000; font-weight: bold } /* Keyword.Namespace */ +.codehilite .kp { color: #000000; font-weight: bold } /* Keyword.Pseudo */ +.codehilite .kr { color: #000000; font-weight: bold } /* Keyword.Reserved */ +.codehilite .kt { color: #445588; font-weight: bold } /* Keyword.Type */ +.codehilite .m { color: #009999 } /* Literal.Number */ +.codehilite .s { color: #d01040 } /* Literal.String */ +.codehilite .na { color: #008080 } /* Name.Attribute */ +.codehilite .nb { color: #0086B3 } /* Name.Builtin */ +.codehilite .nc { color: #445588; font-weight: bold } /* Name.Class */ +.codehilite .no { color: #008080 } /* Name.Constant */ +.codehilite .nd { color: #3c5d5d; font-weight: bold } /* Name.Decorator */ +.codehilite .ni { color: #800080 } /* Name.Entity */ +.codehilite .ne { color: #990000; font-weight: bold } /* Name.Exception */ +.codehilite .nf { color: #990000; font-weight: bold } /* Name.Function */ +.codehilite .nl { color: #990000; font-weight: bold } /* Name.Label */ +.codehilite .nn { color: #555555 } /* Name.Namespace */ +.codehilite .nt { color: #000080 } /* Name.Tag */ +.codehilite .nv { color: #008080 } /* Name.Variable */ +.codehilite .ow { color: #000000; font-weight: bold } /* Operator.Word */ +.codehilite .w { color: #bbbbbb } /* Text.Whitespace */ +.codehilite .mf { color: #009999 } /* Literal.Number.Float */ +.codehilite .mh { color: #009999 } /* Literal.Number.Hex */ +.codehilite .mi { color: #009999 } /* Literal.Number.Integer */ +.codehilite .mo { color: #009999 } /* Literal.Number.Oct */ +.codehilite .sb { color: #d01040 } /* Literal.String.Backtick */ +.codehilite .sc { color: #d01040 } /* Literal.String.Char */ +.codehilite .sd { color: #d01040 } /* Literal.String.Doc */ +.codehilite .s2 { color: #d01040 } /* Literal.String.Double */ +.codehilite .se { color: #d01040 } /* Literal.String.Escape */ +.codehilite .sh { color: #d01040 } /* Literal.String.Heredoc */ +.codehilite .si { color: #d01040 } /* Literal.String.Interpol */ +.codehilite .sx { color: #d01040 } /* Literal.String.Other */ +.codehilite .sr { color: #009926 } /* Literal.String.Regex */ +.codehilite .s1 { color: #d01040 } /* Literal.String.Single */ +.codehilite .ss { color: #990073 } /* Literal.String.Symbol */ +.codehilite .bp { color: #999999 } /* Name.Builtin.Pseudo */ +.codehilite .vc { color: #008080 } /* Name.Variable.Class */ +.codehilite .vg { color: #008080 } /* Name.Variable.Global */ +.codehilite .vi { color: #008080 } /* Name.Variable.Instance */ +.codehilite .il { color: #009999 } /* Literal.Number.Integer.Long */ diff --git a/doc/index.md b/doc/index.md index c66b1ac25..20603840c 100644 --- a/doc/index.md +++ b/doc/index.md @@ -20,10 +20,12 @@ this page, where you can select the version. The restic documentation is built with [MkDocs](http://www.mkdocs.org). After installing it, you can edit and view the documentation locally by running: - $ mkdocs serve - INFO - Building documentation... - INFO - Cleaning site directory - [I 160221 12:33:57 server:271] Serving on http://127.0.0.1:8000 +```console +$ mkdocs serve +INFO - Building documentation... +INFO - Cleaning site directory +[I 160221 12:33:57 server:271] Serving on http://127.0.0.1:8000 +``` Afterwards visit the URL with a browser. diff --git a/mkdocs.yml b/mkdocs.yml index 7ff238920..0ffd21185 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -1,5 +1,9 @@ site_name: Documentation for restic theme: readthedocs +markdown_extensions: + - codehilite: +extra_css: + - code.css docs_dir: doc pages: - Getting Started: index.md