upstream/borgbackup
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2026-06-21 23:48:57 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
borgbackup/docs/quickstart_example.rst.inc
Thomas Waldmann d2bc45f56d
key: unify keyfile/repokey classes, locate key independent of type byte (#9743) 
Borg used to read the manifest's key-type byte and then look for the key in
exactly one place (keyfile or repokey) depending on the key class that byte
selected. As a result every crypto suite was duplicated into a keyfile class
and a repokey class that differed only in TYPE, NAME, ARG_NAME and STORAGE.

Now key *location* is independent of the type byte: detection tries keyfiles
first and repokeys afterwards until a passphrase unlocks a key. The type byte
still selects the crypto suite (id hash, MAC, cipher) to instantiate. Where a
key is stored (keyfile vs repokey) is therefore a per-key property
(self.storage), not a separate class, so a repository may even hold a mix of
keyfile- and repo-stored borg keys.

With storage decoupled from class identity, the keyfile/repokey class pairs
collapse into one class per crypto suite:
- modern AEAD: AESOCBKey, CHPOKey, Blake3AESOCBKey, Blake3CHPOKey
- legacy borg 1.x (read-only): AESCTRKey, Blake2AESCTRKey
There is now exactly one type byte per modern crypto suite (the old separate
repokey type bytes 0x11/0x21/0x31/0x41 were removed; borg2 is beta and only
needs to read repos it created). identify_key() matches on TYPES_ACCEPTABLE.

CLI: --encryption selects only the crypto suite (aes-ocb, chacha20-poly1305,
blake3-aes-ocb, blake3-chacha20-poly1305, authenticated*, none); the storage
location is chosen with the new --key-location=repokey|keyfile (default
repokey). The old combined modes (repokey-aes-ocb etc.) were removed.
borg key import also gained --key-location. borg key change-location no longer
swaps key classes or rewrites the manifest; it just re-saves the unlocked key
at the new location.

Keyfile removal (key remove, change-location) now overwrites the keyfile with
random data via secure_erase() before unlinking, consistent with save().

borg 1.x legacy read compatibility is preserved (the legacy class merge is a
behavior-preserving rename; the legacy type bytes incl. PASSPHRASE stay in
TYPES_ACCEPTABLE).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-12 23:48:45 +02:00

63 lines
2.5 KiB
PHP
Raw Blame History

1. Before a backup can be made, a repository has to be initialized::
$ borg -r /path/to/repo repo-create --encryption=aes-ocb
2. Back up the ``~/src`` and ``~/Documents`` directories into an archive called
*docs*::
$ borg -r /path/to/repo create docs ~/src ~/Documents
3. The next day, create a new archive using the same archive name::
$ borg -r /path/to/repo create --stats docs ~/src ~/Documents
This backup will be much quicker and much smaller, since only new,
never-before-seen data is stored. The ``--stats`` option causes Borg to
output statistics about the newly created archive such as the deduplicated
size (the amount of unique data not shared with other archives)::
Repository: /path/to/repo
Archive name: docs
Archive fingerprint: bcd1b53f9b4991b7afc2b339f851b7ffe3c6d030688936fe4552eccc1877718d
Time (start): Sat, 2022-06-25 20:21:43
Time (end): Sat, 2022-06-25 20:21:43
Duration: 0.07 seconds
Utilization of maximum archive size: 0%
Number of files: 699
Original size: 31.14 MB
Deduplicated size: 502 B
4. List all archives in the repository::
$ borg -r /path/to/repo repo-list
docs Sat, 2022-06-25 20:21:14 [b80e24d2...b179f298]
docs Sat, 2022-06-25 20:21:43 [bcd1b53f...1877718d]
5. List the contents of the first archive::
$ borg -r /path/to/repo list aid:b80e24d2
drwxr-xr-x user group 0 Mon, 2016-02-15 18:22:30 home/user/Documents
-rw-r--r-- user group 7961 Mon, 2016-02-15 18:22:30 home/user/Documents/Important.doc
...
6. Restore the first archive by extracting the files relative to the current directory::
$ borg -r /path/to/repo extract aid:b80e24d2
7. Delete the first archive (please note that this does **not** free repository disk space)::
$ borg -r /path/to/repo delete aid:b80e24d2
Be careful if you use an archive NAME (and not an archive ID), as it might match multiple archives.
Always use ``--dry-run`` and ``--list`` first!
8. Recover disk space by compacting the segment files in the repository::
$ borg -r /path/to/repo compact -v
.. Note::
Borg is quiet by default (it defaults to WARNING log level).
You can use options like ``--progress`` or ``--list`` to get specific
reports during command execution. You can also add the ``-v`` (or
``--verbose`` or ``--info``) option to adjust the log level to INFO to
get other informational messages.
Reference in a new issue View git blame Copy permalink