[buug] Backups :-) (& CD-R[W], etc.)

Michael Paoli Michael.Paoli at cal.berkeley.edu
Sun Apr 10 20:46:56 PDT 2011

Yes, rather what I was going to say.  It doesn't "do" encryption, but
it plays nice with it.  On the transport side, Bup works very nicely
with ssh(1), and on the storage side, nothing prevents one from using
some type of encrypted storage (e.g. encrypted filesystem).
If one doesn't trust the backup storage side "that much" with one's
data, the encryption layer can be at or closer to the client side, so
the backup storage side can just be storage, and the filesystem and
encryption layer(s) at or much closer to the backup client side, so
backup server/storage never need store (or have access to) clear-text
backup data.

As for my backup program
I mentioned in:
it doesn't "do" encryption, but again, it plays nice with it.  I've
used part/much of those programs to do backup remotely (over ssh), and
- not sure if I did it with those programs or not, but also nicely
added encryption to storage of backups - and easily can with those
scripts/programs, if I didn't already.  In that particular set of
programs, doing the backup - part of the architecture generates a list
of filesystems, along with some metadata about them (e.g. filesystem
type).  Another part takes that data, and from it produces a stream of
backup data - one can easily insert encryption there (I'm pretty sure I
did so with later version of, or based upon that software), that
"older" version, from there, just takes that stream of data and handles
backing it up to the backup media - to the program, it's just a stream
of bytes, it doesn't particularly care what's in it. It just knows that
stream of bytes correlates to a particular filesystem, and when the
stream ends and it's written that data, it then adds that
meta-information to its index of which filesystems start at what offset
on what media - and writes the index out at the very end, and to the
media at the end.  Not a very detailed index, but covers to filesystem
level anyway (other data or indexes that can be added as part of the
backup may cover more detail, and in some cases, actually do - e.g.
first thing that gets backed up with that collection is a fair chunk of
metadata - if I recall correctly, including a list of all the files
targeted for backup, among other things (like filesystem types and
sizes, and partitioning and logical volume configuration information).

So ... "plays nice with" (e.g. encryption) is often as or more
important than "includes".

For quite a while now, I've been encrypting my offsite backups - at
least most or all of that data, anyway.

> From: "Tony Godshall" <togo at of.net>
> Subject: Re: [buug] Backups :-) (& CD-R[W], etc.)
> Date: Sun, 10 Apr 2011 18:16:05 -0700

> On Sun, Apr 10, 2011 at 12:19, Ian Zimmerman <itz at buug.org> wrote:
>> Michael> I did also attend the Bup presentation yesterday:
>> Michael> http://www.weak.org/pipermail/buug/2011-April/003749.html
>> Michael> ... from that I might be inclined to add a wee bit more to my
>> Michael> "wish list" of features/capabilities for backup software :-)
>> But it doesn't seem to do encryption yet.
> Well, you can certainly backup over SSH to an encrypted remote drive.

More information about the buug mailing list