(a fork of Attic)
"The holy grail of backup software"
Thomas Waldmann @ 32c3
authenticated encryption
easy pruning of old backups
simple backend (k/v, fs, via ssh)
FOSS (BSD license)
good docs
good platform / arch support
xattr / acl support
FUSE support ("mount a backup")
Borg Backup is a fork of Attic:
currently tracking attic dev.
plus a lot of conservative PRs
(stuff from attic/merge branch "merge")
bug and scalability fixes
plus a lot of new stuff in "experimental" branch ("exp.")
not compatible to Attic
developed by "The Borg Collective"
more open development
new developers are welcome!
quicker development
redesign where needed
changes, new features
incompatible changes with good reason
thus: less "sta(b)le"
scalability improvements
speed improvements
architectural changes
pull backups? backup-only mode?
better logging / exception handling
more backends? http / ftp / aws / google / ...
other platforms / architectures
BorgWeb GUI (for daily user needs)
<you name it>
test scalability / reliability / security
be careful!
file bugs
file feature requests
improve docs
contribute code
spread the word
create dist packages
care for misc. platforms
borgbackup.github.io
#borgbackup on chat.freenode.net
Just grab me at the conference!
Thomas J Waldmann @ twitter
GIL? No (big) problem, just release the GIL:
I/O: python file read, write/fsync
C: reader / chunker
C: id hashing
C: compression
C: encryption
CPU usage (i5, 2 Cores + HT)
no MT: 30-80%
with MT: 300%
but: thread safety, race conditions!
slow:
sha256 (and hmac-sha256)
crc32
faster:
poly1305-AES
siphash (only 64bit result)
blake2
xxhash (not cryptographic)
sha512-256
crc32c (intel cpu instr.)
authenticated encryption with associated data
slow:
aes-ctr + hmac-sha256 (= 2 passes)
openssl + py stdlib
faster (TODO / exp. branch):
aes-gcm (1 pass, intel + amd cpu instr.)
openssl
but: rare aes-gcm issue with weak keys
Nonce / IV / Counter generation / management
session keys (per worker thread per backup)
use libsodium? no aes256-ctr support there.
high RAM usage to achieve high speed (
chunker bitmask default N=16, 64kiB)
repo index (id -> storage segment, offset)
chunks cache (id -> refcnt, size, csize)
files cache (H(path) -> mtime, size, inode, chunks)
chunk_count ~= total_file_size / 2^N repo_index = chunk_count * 40 chunks_cache = chunk_count * 44 files_cache = total_file_count * 240 + chunk_count * 80
1 Mi files, 1 TiB data -> 2.8 GiB RAM
use custom chunker params for little RAM + large storage -> N=20, up to 1/16 RAM consumption
maybe switch off the files cache
use multiple repos, purge often
use smaller ids (128 instead of 256 bits)
help fixing this:
use different data structure than hash table?
mmaped-file?
provide on-disk fallback code?
I'll show borgbackup using the
"all inclusive" binary.
You could also use:
Source code checkout from github
Release packages from PyPi
Linux / BSD / ... packages
# download the binary and the gpg signature.
...
# verify the gpg signature
gpg --verify borgbackup-linux64.asc
# install / fix permissions
cp borg-linux64 /usr/local/bin/borg
chmod 755 /usr/local/bin/borg
chown root.root /usr/local/bin/borg
# initialize a repository:
borg init /tmp/borg
# create a "first" archive inside this repo (verbose):
borg create --stats /tmp/borg::first ~/Desktop
# create a "second" archive (less verbose):
borg create /tmp/borg::second ~/Desktop
# even more verbose:
borg create -v --stats /tmp/borg::third ~/Desktop
# list repo / archive contents:
borg list /tmp/borg
borg list /tmp/borg::first
# extract ("restore") from an archive to cwd:
mkdir test ; cd test
borg extract /tmp/borg::third
# simulate extraction (good test):
borg extract -v --dry-run /tmp/borg::third
# check consistency of repo:
borg check /tmp/borg
# info about archive:
borg info /tmp/borg::first
# delete archive:
borg delete /tmp/borg::first
# delete repo:
borg delete /tmp/borg
# options, options, options, ...
borg init --help
# create a encrypted repo
# (pw protected key file stored locally)
borg init -e keyfile /tmp/borg-enc
# create a encrypted repo
# (pw-protected key file stored in repo):
borg init -e keyfile /tmp/borg-enc
# ... (same as before, but you need to give passphrase)
# connect to remote borg via ssh:
# remote borg needs to be compatible with local
borg init ssh://user@host:22/mnt/backup/borg
borg create ssh://user@host:22/mnt/backup/borg::first ~
# also possible: using sshfs or other locally mounted
# network filesystems, but be careful: worse performance
borgbackup.github.io
#borgbackup on chat.freenode.net
Just grab me at the conference!
Thomas J Waldmann @ twitter