[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Rotation with separated keys



mån 2014-12-29 klockan 12:00 -0300 skrev Mauro Ciancio:
> I would like to know how to implement this scheme in which I have an
> append-only key backuping in the production machine. I'd prefer NOT to have
> a delete-key in this machine but keep it elsewhere (my laptop, another
> server) that performs the rotation of old backups.
> 
> This is pretty straightforward to do but I think I'm missing something.
> Every time I rotate old backups I have to run *fsck* in the production
> server so it can continue to backup. But in order to run *fsck* in the
> production server, I must have a fsck-enabled key, but this goes against my
> initial need of having only one key in the production server.

What version of tarsnap are you running? Since tarsnap 1.0.27 the --fsck
command shouldn't need the delete permission. For a more full fsck there
is then the --fsck-prune command. You still need the read permission,
which I guess disqualifies the key from being strictly append-only, but
at least you get rid of the delete danger.

Another option is to yourself copy the cache folder around.

// Andreas

Attachment: signature.asc
Description: This is a digitally signed message part