Running borg init via a borg serve --append-only server will not create an append-only repository. #5497
Comments
|
In other words, I don't understand the use cases of Do we have to run |
|
Also, what about |
|
According to my experiments, initializing a repo using If the above is true, the following statement in the docs is misleading or incorrect.
Once consensus is reached, I will submit a PR to improve the docs. |
|
Check what's in the That way, you can have "append-only" for one ssh key and "not append-only" for another, e.g. if you want to run prune from a trusted client machine. |
|
Thanks for the follow-up @ThomasWaldmann. I am putting together a Borg episode for the privacy guides (see https://www.youtube.com/sunknudsen). I take fact checking very seriously and I am having a hard time figuring out the docs. My experiments point to conflicting results. I would love to pick your brain over a call to make sure I understand Borg correctly. Once I do, I would be happy to submit a Pr to improve the docs. If you are down, please get in touch via https://sunknudsen.com/. |
append_only = 0 |
|
Yup, and that is what is meant in the docs. |
|
@ThomasWaldmann But using If so, the following statement is misleading for the above use case.
|
|
@ThomasWaldmann Perhaps that line should be changed to something like the following.
|
|
How about: Running But, |
|
Q: Do we have to run borg config "backup" append_only 0 and borg config "backup" append_only 1 on the sever to switch append only mode A: You could do that, but using different ssh keys and different entries in authorized_keys is much easier and also maybe has less potential of thing going wrong somehow. |
@ThomasWaldmann I like it! This makes using Btw, thanks for Borg! Impressed by how thorough the project is. |
|
Thanks, you're welcome! Do you want to make a PR against master branch? |
|
Yes, on it! |
|
Just forked the repo and noticed the docs are generated using a framework I don't know so I would likely submit a shitty PR. Best if you take care of updating the docs. I will focus on the video... that I can manage. Btw, I developed a very lightweight Swift macOS app that runs Borg in the background complying with Apple permissions so Borg can access restricted file paths (such as The app also displays notifications when backups start, complete or fail and, when clicked, a log file is displayed using the "Console" app. $ cat ~/Library/LaunchAgents/local.borg-backup.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Borg Backup.app</string>
<key>ProgramArguments</key>
<array>
<string>open</string>
<string>/Applications/Borg Backup.app</string>
</array>
<key>RunAtLoad</key>
<false/>
<key>StartCalendarInterval</key>
<dict>
<key>Minute</key>
<integer>0</integer>
</dict>
</dict>
</plist>I would like to call the app "Borg Backup" and use the Borg logo (as the app is essentially a wrapper for Borg). The Borg project would be credited and the app would be open sourced. Are you comfortable with the above? Thanks again for your help! |
|
Forgot to mention the Borg python code would not be distributed with the app... it's really just a wrapper that runs commands in the background. showNotification("Backup initiated...")
// Run borg-backup.sh and log output
let command = "set -o pipefail; PATH=\"$PATH:/usr/local/bin\" borg-backup.sh 2>&1 | tee -a \(logFile)"
shell(command) {(status: Int32, output: String?) in
if (status == 0) {
showNotification("Backup completed")
// Truncate log file to last 1000 lines
shell("echo \"$(tail -n 1000 \(logFile))\" > \(logFile)") {(status: Int32, output: String?) in
terminate()
}
} else {
showNotification("Backup failed")
terminate()
}
} |
|
Okay I can take this one then? @sunknudsen |
|
Yes @Gu1nness, thanks! |
improve docs/FAQ about append-only remote repos, fixes #5497
Have you checked borgbackup docs, FAQ, and open Github issues?
Yes
Is this a BUG / ISSUE report or a QUESTION?
QUESTION
Describe the problem you're observing.
What exactly does the following mean?
My understanding is that if the server is configured using the following
authorized_keys, when initializing a repo usingborg init --encryption=keyfile-blake2 "borg@server:backup",--append-onlyon the server is ignored.command="borg serve --append-only --restrict-to-repository /home/borg/backup --storage-quota 10G",restrict ssh-rsa ...This doesn't feel logical to me as the server config should supersede client (for security reasons). Also, I would like to use two SSH keys, one with
--append-onlyand one without (using a key that requires a YubiKey for increased security).command="borg serve --append-only --restrict-to-repository /home/borg/backup --storage-quota 10G",restrict ssh-rsa ...vs
command="borg serve --restrict-to-repository /home/borg/backup --storage-quota 10G",restrict ssh-rsa ...Can someone please confirm how this works?
The text was updated successfully, but these errors were encountered: