mån 2014-12-29 klockan 12:00 -0300 skrev Mauro Ciancio: > I would like to know how to implement this scheme in which I have an > append-only key backuping in the production machine. I'd prefer NOT to have > a delete-key in this machine but keep it elsewhere (my laptop, another > server) that performs the rotation of old backups. > > This is pretty straightforward to do but I think I'm missing something. > Every time I rotate old backups I have to run *fsck* in the production > server so it can continue to backup. But in order to run *fsck* in the > production server, I must have a fsck-enabled key, but this goes against my > initial need of having only one key in the production server. What version of tarsnap are you running? Since tarsnap 1.0.27 the --fsck command shouldn't need the delete permission. For a more full fsck there is then the --fsck-prune command. You still need the read permission, which I guess disqualifies the key from being strictly append-only, but at least you get rid of the delete danger. Another option is to yourself copy the cache folder around. // Andreas
Attachment:
signature.asc
Description: This is a digitally signed message part