Downloading and verifying tarsnap
- Visit the Tarsnap download page to find the latest version (look for “source tarball”). At the time of writing, this command downloads the latest version for Linux:
- Visit the Tarsnap download page to find the latest version of the “signed SHA256 hash file”. At the time of writing, this command downloads the latest version of the signed SHA256 hash file:
- Visit the Tarsnap compiling page to find the latest version of the signing key (look for “Tarsnap 20XX code signing GPG key”). At the time of writing, this command downloads the latest version of the signing key:
- If you have never run “gpg” before (or are not sure whether you have), run it once:
…then press CTRL+C to exit gpg.
- Import the previously downloaded signing key into gpg. At the time of writing, this was achieved using the following command:’
gpg --import tarsnap-signing-key-2015.asc
- Verify the signature of the SHA256 hash file. At the time of writing, this was achieved using the following command:
gpg --decrypt tarsnap-sigs-18.104.22.168.asc
- Verify that the output of the previous command included a line similar to the following (with emphasis on the word “Good”):
gpg: Good signature from “Tarsnap source code signing key (Colin Percival) <email@example.com>”
You will likely also see this warning:
gpg: WARNING: This key is not certified with a trusted signature!
Ignoring this warning is a slight security risk, unfortunately avoiding it requires knowledge of the “web of trust” and GnuPG which is outside the scope of this document. Ignore it at your own peril or see the Tarsnap compiling page for more links in the section “Download verification”.
- Verify the hash (signature) of the “source tarball” you downloaded during the first step. At the time of writing, this was achieved using the following command:
shasum -a 256 tarsnap-autoconf-22.214.171.124.tgz
Now compare the output of this command with the output of the previous command and make sure that the hash (long string of digits and characters) matches. At the time of writing, the displayed hash was “a2909e01e2f983179d63ef2094c42102c92c716032864e66ef25ae341ea28690″.
- Install a couple of software packages that are required to build tarsnap from the downloaded source code:
sudo apt-get install -y gcc libc6-dev make libssl-dev zlib1g-dev e2fslibs-dev
- Extract the source code from the downloaded file, replacing the file name with the one you downloaded during the first step. At the time of writing, this was achieved using the following command:
tar -xf tarsnap-autoconf-126.96.36.199.tgz
- Change to the directory with the same name as the file downloaded during the first step. At the time of writing, this was achieved using the following command:
- Prepare for building the source code:
- Build the source code:
- Install the binary (application) to the default directories:
sudo make install
- Change to the parent directory:
- Optionally clean up (delete the downloaded and extracted files); replace the file names in the commands with those matching the files you downloaded. At the time of writing, the following commands were valid:
rm -r tarsnap-autoconf-188.8.131.52
- Move the sample configuration file to the location of the “real” configuration file:
sudo mv /usr/local/etc/tarsnap.conf.sample /usr/local/etc/tarsnap.conf
- If you haven’t already, create a tarsnap account and deposit some funds (tarsnap is a prepaid service). Visit the Tarsnap Getting started page for more details. If you already have an account (i.e. you are using tarsnap on another machine or server), this can be skipped. One tarsnap account can be used to backup multiple devices.
- Create a key file for this machine. In the command below, replace “firstname.lastname@example.org” with your e-mail address (the one used when you registered on the tarsnap web site) and replace “mybox” with a name that helps you identify this machine (hostname or IP recommended):
sudo tarsnap-keygen --keyfile /root/tarsnap.key --user email@example.com --machine mybox
When asked, enter the password for your tarsnap account (the one you used when registering on the tarsnap web site).
- Copy the generated key file (path “/root/tarsnap.key”) to another machine and keep it safe. The importance of this step cannot be stretched enough! Remember, you are setting up a backup for this machine because something bad might happen to it. If it does, you will need your key file to restore your backup from the tarsnap servers. Some suggestions for possible methods of backing up your key file are mentioned in the section “Keep your key file safe” of the Getting started with tarsnap page. If you don’t backup the key file now, you might as well skip the remaining steps.
Downloading and installing acts
Tarsnap follows the UNIX philosophy of keeping things simple, it tries to do only a few things (namely encrypting, decrypting and transferring backups) and do them well. Scheduling backups and removing old backups are not features included in tarsnap itself. Fortunately a number of helper scripts/applications exist for those tasks. I recommend acts (short for “Another Calendar-based Tarsnap Script”).
- Visit the Latest acts release page to find the link to the latest stable version of acts.
- Download acts using the link at the bottom of the page you just opened. At the time of writing, this was achieved using the following command:
- Extract the contents of the downloaded archive. At the time of writing, this was achieved using the following command:
tar xzf 1.2.tar.gz
- Change to the directory containing the extracted files. At the time of writing, this was achieved using the following command:
- Move the sample configuration to the location of the “real” configuration file:
sudo mv acts.conf.sample /etc/acts.conf
- Move acts (the script itself) to a more permanent location:
sudo mv acts /usr/local/bin/
- Edit acts’ configuration file:
sudo nano /etc/acts.conf
Find the line starting with “backuptargets” and delete everything between the two double quotes on that line, so that it reads:
Now add the directories you want to backup inside those double quotes. Each path is relative to the root path of the machine, but should not start with a forward slash. However, forward slashes can be used to backup only specific directories, even though the sample does not use them. For example, to backup the directories “/root” and “/home/claus”, you would edit the line as follows:
- Schedule a task to run acts daily:
sudo crontab -u root -e
If the dialog “Select an editor” appears, press Enter to select “nano”.
At the bottom of the file, add these lines, replacing “firstname.lastname@example.org” with your email address:
0 2 * * * acts
This would run acts every day at 2:00 AM and send an email with the result to “email@example.com”.
Save and close the file to activate the scheduled task. When using nano as your text editor, this could be achieved by pressing CTRL+X followed by Y and followed by pressing Enter.