Visit the Tarsnap compiling page to find the latest version of the signing key (look for “Tarsnap 20XX code signing GPG key”). At the time of writing, this command downloads the latest version of the signing key:
If you have never run “gpg” before (or are not sure whether you have), run it once:
…then press CTRL+C to exit gpg.
Import the previously downloaded signing key into gpg. At the time of writing, this was achieved using the following command:
gpg --import tarsnap-signing-key-2015.asc
Verify the signature of the SHA256 hash file. At the time of writing, this was achieved using the following command:
gpg --decrypt tarsnap-sigs-188.8.131.52.asc
Verify that the output of the previous command included a line similar to the following (with emphasis on the word “Good”):
gpg: Good signature from “Tarsnap source code signing key (Colin Percival)”
You will likely also see this warning:
gpg: WARNING: This key is not certified with a trusted signature!
Ignoring this warning is a slight security risk, unfortunately avoiding it requires knowledge of the “web of trust” and GnuPG which is outside the scope of this document. Ignore it at your own peril or see the Tarsnap compiling page for more links in the section “Download verification”.
Verify the hash (signature) of the “source tarball” you downloaded during the first step. At the time of writing, this was achieved using the following command:
shasum -a 256 tarsnap-autoconf-184.108.40.206.tgz
Now compare the output of this command with the output of the previous command and make sure that the hash (long string of digits and characters) matches. At the time of writing, the displayed hash was “a2909e01e2f983179d63ef2094c42102c92c716032864e66ef25ae341ea28690”.
Install a couple of software packages that are required to build tarsnap from the downloaded source code:
sudo apt-get install-y gcc libc6-dev make libssl-dev zlib1g-dev e2fslibs-dev
Extract the source code from the downloaded file, replacing the file name with the one you downloaded during the first step. At the time of writing, this was achieved using the following command:
Change to the directory with the same name as the file downloaded during the first step. At the time of writing, this was achieved using the following command:
Prepare for building the source code:
Build the source code:
Install the binary (application) to the default directories:
sudo make install
Change to the parent directory:
Optionally clean up (delete the downloaded and extracted files); replace the file names in the commands with those matching the files you downloaded. At the time of writing, the following commands were valid:
If you haven’t already, create a tarsnap account and deposit some funds (tarsnap is a prepaid service). Visit the Tarsnap Getting started page for more details. If you already have an account (i.e. you are using tarsnap on another machine or server), this can be skipped. One tarsnap account can be used to backup multiple devices.
Create a key file for this machine. In the command below, replace “email@example.com” with your e-mail address (the one used when you registered on the tarsnap web site) and replace “mybox” with a name that helps you identify this machine (hostname or IP recommended):
When asked, enter the password for your tarsnap account (the one you used when registering on the tarsnap web site).
Copy the generated key file (path “/root/tarsnap.key”) to another machine and keep it safe. The importance of this step cannot be stretched enough! Remember, you are setting up a backup for this machine because something bad might happen to it. If it does, you will need your key file to restore your backup from the tarsnap servers. Some suggestions for possible methods of backing up your key file are mentioned in the section “Keep your key file safe” of the Getting started with tarsnap page. If you don’t backup the key file now, you might as well skip the remaining steps.
Downloading and installing acts
Tarsnap follows the UNIX philosophy of keeping things simple, it tries to do only a few things (namely encrypting, decrypting and transferring backups) and do them well. Scheduling backups and removing old backups are not features included in tarsnap itself. Fortunately a number of helper scripts/applications exist for those tasks. I recommend acts (short for “Another Calendar-based Tarsnap Script”).
Extract the contents of the downloaded archive. At the time of writing, this was achieved using the following command:
tar xzf 1.2.tar.gz
Change to the directory containing the extracted files. At the time of writing, this was achieved using the following command:
Move the sample configuration to the location of the “real” configuration file:
sudo mv acts.conf.sample /etc/acts.conf
Move acts (the script itself) to a more permanent location:
sudo mv acts /usr/local/bin/
Edit acts’ configuration file:
sudo nano /etc/acts.conf
Find the line starting with “backuptargets” and delete everything between the two double quotes on that line, so that it reads: backuptargets=”“
Now add the directories you want to backup inside those double quotes. Each path is relative to the root path of the machine, but should not start with a forward slash. However, forward slashes can be used to backup only specific directories, even though the sample does not use them. For example, to backup the directories “/root” and “/home/claus”, you would edit the line as follows: backuptargets=”root home/claus”
Schedule a task to run acts daily:
sudo crontab -u root -e
If the dialog “Select an editor” appears, press Enter to select “nano”.
At the bottom of the file, add these lines, replacing “firstname.lastname@example.org” with your email address: