librelist archives

« back to archive

borgbackup 0.25.0 released

borgbackup 0.25.0 released

From:
Thomas Waldmann
Date:
2015-08-29 @ 13:50
Hi,

just wanted to tell that there is a fresh release with a lot of
improvements and fixes:

https://github.com/borgbackup/borg/blob/0.25.0/CHANGES.rst what's new

https://pypi.python.org/pypi/borgbackup/0.25.0 pip package

https://github.com/borgbackup/borg/issues/147 binary wheels (soon)

All releases are signed by me (like this message), please check the
signature.

Cheers,

Thomas
-- 

GPG ID: FAF7B393
GPG FP: 6D5B EF9A DD20 7580 5747 B70F 9F88 FB52 FAF7 B393

Re: [borgbackup] borgbackup 0.25.0 released

From:
Marc Haber
Date:
2015-08-30 @ 20:37
Hi,

On Sat, Aug 29, 2015 at 03:50:19PM +0200, Thomas Waldmann wrote:
> just wanted to tell that there is a fresh release with a lot of
> improvements and fixes:
> 
> https://github.com/borgbackup/borg/blob/0.25.0/CHANGES.rst what's new
> 
> https://pypi.python.org/pypi/borgbackup/0.25.0 pip package
> 
> https://github.com/borgbackup/borg/issues/147 binary wheels (soon)

thanks for keeping the development running. A few questions about
compression: Is there any reason why xz compression is not (yet)
supported? Is the compression done on the client or on the server?

And while I'm asking, are there plans to add a connection scheme that
allows the TCP connection to go from the server (the machine holding
the actual backup) to the client (the machine being backed up)? There
are places with a security policy that says "no connections to the
backup server". One possible solution would be a "ssh
-R10222:localhost:22 client borg create foo" with the repository being
on "localhost:10022" so that the connection from the client to the
server is tunneled through the outgoing ssh session from the server.

Greetings
Marc


-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

Re: [borgbackup] borgbackup 0.25.0 released

From:
Thomas Waldmann
Date:
2015-08-31 @ 10:27
Moin Marc,

> thanks for keeping the development running. A few questions about
> compression: Is there any reason why xz compression is not (yet)
> supported?

It is, see "lzma".

> Is the compression done on the client or on the server?

Client-side (must be first compressed, then encrypted, then transmitted).

> And while I'm asking, are there plans to add a connection scheme that
> allows the TCP connection to go from the server (the machine holding
> the actual backup) to the client (the machine being backed up)? There
> are places with a security policy that says "no connections to the
> backup server". One possible solution would be a "ssh
> -R10222:localhost:22 client borg create foo" with the repository being
> on "localhost:10022" so that the connection from the client to the
> server is tunneled through the outgoing ssh session from the server.

Well, sounds interesting.

Doesn't help 100% against the "hacked production server" issue (see that
ticket in the issue tracker), though, as at specific times, the client
will be able to connect to the server (through localhost:10022) and do
whatever it wants, right?

-- 

GPG Fingerprint: 6D5B EF9A DD20 7580 5747  B70F 9F88 FB52 FAF7 B393
Encrypted E-Mail is preferred / Verschluesselte E-Mail wird bevorzugt.

Re: [borgbackup] borgbackup 0.25.0 released

From:
Marc Haber
Date:
2015-08-31 @ 10:45
On Mon, Aug 31, 2015 at 12:27:40PM +0200, Thomas Waldmann wrote:
> > thanks for keeping the development running. A few questions about
> > compression: Is there any reason why xz compression is not (yet)
> > supported?
> 
> It is, see "lzma".

At least on Linux, lzma is different from xz.

> > Is the compression done on the client or on the server?
> 
> Client-side (must be first compressed, then encrypted, then transmitted).

Sounds fair enough. When thinking about it, the server only sees the
encrypted data stream and thus cannot compress any more. Stupid me.

> > And while I'm asking, are there plans to add a connection scheme that
> > allows the TCP connection to go from the server (the machine holding
> > the actual backup) to the client (the machine being backed up)? There
> > are places with a security policy that says "no connections to the
> > backup server". One possible solution would be a "ssh
> > -R10222:localhost:22 client borg create foo" with the repository being
> > on "localhost:10022" so that the connection from the client to the
> > server is tunneled through the outgoing ssh session from the server.
> 
> Well, sounds interesting.
> 
> Doesn't help 100% against the "hacked production server" issue (see that
> ticket in the issue tracker), though, as at specific times, the client
> will be able to connect to the server (through localhost:10022) and do
> whatever it wants, right?

Yes, but there are some things that need to be done. ;-)  I trust ssh
enough so that a borgbackup account that has its authorized_keys
restricted to "borg serve --restrict-to-path" is secure enough. It's
just that many security/firewall people will open a can of worms if
connections go the wrong direction.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

Re: [borgbackup] borgbackup 0.25.0 released

From:
Thomas Waldmann
Date:
2015-08-31 @ 13:22
>>> Is there any reason why xz compression is not (yet) supported?
>> It is, see "lzma".
> At least on Linux, lzma is different from xz.

https://docs.python.org/3/library/lzma.html

Search for XZ on that page. The default format is what we use.

-- 

GPG ID: FAF7B393
GPG FP: 6D5B EF9A DD20 7580 5747 B70F 9F88 FB52 FAF7 B393

Re: [borgbackup] borgbackup 0.25.0 released

From:
Alex Gorbachev
Date:
2015-08-31 @ 03:13
Thank you for adding lz4!
Question also on create using lz4, the new output is like this:

A /vjob/snap_vtst1/random.bin
U /vjob/snap_vtst1/dupel.bck

What do A and U mean in the beginning?

Thanks,
Alex

On Sat, Aug 29, 2015 at 9:50 AM, Thomas Waldmann <tw@waldmann-edv.de> wrote:
>
> Hi,
>
> just wanted to tell that there is a fresh release with a lot of
> improvements and fixes:
>
> https://github.com/borgbackup/borg/blob/0.25.0/CHANGES.rst what's new
>
> https://pypi.python.org/pypi/borgbackup/0.25.0 pip package
>
> https://github.com/borgbackup/borg/issues/147 binary wheels (soon)
>
> All releases are signed by me (like this message), please check the
> signature.
>
> Cheers,
>
> Thomas
> --
>
> GPG ID: FAF7B393
> GPG FP: 6D5B EF9A DD20 7580 5747 B70F 9F88 FB52 FAF7 B393
>
>

Re: [borgbackup] borgbackup 0.25.0 released

From:
Thomas Waldmann
Date:
2015-08-31 @ 09:53
> Thank you for adding lz4!

You're welcome. :)

> Question also on create using lz4, the new output is like this:
> 
> A /vjob/snap_vtst1/random.bin
> U /vjob/snap_vtst1/dupel.bck

That's unrelated to lz4, it is just the verbose output (-v).

A is added (new file), M is modified, U is unchanged regular file.
The lowercase letters are not regular files, but other stuff.

Guess this needs to be documented. :)

-- 

GPG Fingerprint: 6D5B EF9A DD20 7580 5747  B70F 9F88 FB52 FAF7 B393
Encrypted E-Mail is preferred / Verschluesselte E-Mail wird bevorzugt.