After a year of development, the release of the restic 0.13 backup system is presented, which provides tools for saving backup copies in a versioned repository, which can be hosted on external servers and in cloud storage. The data is stored in encrypted form. You can define flexible rules to include and exclude files and directories when creating a backup. Supports work on Linux, macOS, Windows, FreeBSD and OpenBSD. The project code is written in Go and distributed under the BSD license.
Key features:
- Support for storing backups in a local file system, on an external server with access via SFTP/SSH or HTTP REST, in Amazon S3, OpenStack Swift, BackBlaze B2, Microsoft Azure Blob Storage and Google Cloud Storage clouds, as well as in any storage for which there are backends rclone. A special rest server can also be used to organize storage, which provides higher performance compared to other backends and can operate in append-only mode, which will not allow you to delete or change backups if the source server and access to the encryption keys are compromised.
- Support for defining flexible rules to exclude files and directories when creating backups (for example, to exclude logs, temporary files, and easily reproducible data from backups). The format of the ignore rules is familiar and resembles rsync or gitignore.
- Easy to install, use and restore information. To work with backups, it is enough to copy one executable file, which can be used without additional settings. A repeatable build is provided for the executable file itself, allowing you to verify for yourself that the binary assembly is formed from the source code provided.
- Snapshots are supported, reflecting the state of a specific directory with all files and subdirectories at a certain point in time. Each time a new backup is created, an associated snapshot is created, allowing you to restore the state at that moment. It is possible to copy snapshots between different repositories.
- To save traffic, only changed data is copied during the backup process. To ensure efficient storage, data in the repository is not duplicated, and additional snapshots cover only changed data. The system does not manipulate entire files, but floating-size blocks selected using the Rabin signature. Information is stored in relation to content, not file names (data-associated names and objects are defined at the block metadata level). Based on the SHA-256 hash of the content, deduplication is performed and unnecessary data copying is eliminated.
- To visually assess the contents of the repository and simplify recovery, a snapshot with a backup copy can be mounted in the form of a virtual partition (mounting is carried out using FUSE). Commands for analyzing changes and selectively extracting files are also provided.
- Information on external servers is stored in encrypted form (SHA-256 is used for checksums, AES-256-CTR is used for encryption, and Poly1305-AES-based authentication codes are used to guarantee integrity). The system was initially designed to ensure that backup copies are stored in untrustworthy environments and that if a backup copy falls into the wrong hands, it should not compromise the system. Encryption can be provided using both access keys and passwords.
- It is possible to verify the backup copy using checksums and authentication codes to confirm that the integrity of the files is not compromised and the necessary files can be restored and do not include hidden modifications.
In the new version:
- Added support for negative exclusion patterns. For example, "--exclude '/home/user/*' --exclude '!/home/user/.config'" to exclude all contents of /home/user except the /home/user/.config directory.
- A β--dry-runβ mode has been added to the βbackupβ command, which, when run with the β--verboseβ option, allows you to track which files will be included in the backup without actually making any changes.
- Support for checksums has been added to various storage backends for additional verification of downloaded data.
- The βrestoreβ command has been optimized, making it work twice as fast. The performance of the "copy" command has also been improved.
Source: opennet.ru