On 9/7/19 5:10 PM, 'Heinrich Ulbricht' via qubes-users wrote:
It could work, take in account that backup file should be exposed
directly to dom0 or it will use 'qfile-unpacker':
https://github.com/QubesOS/qubes-issues/issues/3230#issuecomment-340277836
<https://github.com/QubesOS/qubes-issues/issues/3230#issuecomment-340277836>
Good luck :)
Ok currently I'm attaching a USB drive to a temporary AppVM to restore
from there via UI. So I should rather mount something containing the
backup file to dom0 to restore from there using the command line(?).
The overall experience so far leaves room for improvement ;) Thanks for
the tip.
Its a little tough for me to read all this, since my own
Qubes-compatible backup tool with no storage overhead is nearing
release. OTOH, if I had been in your shoes (not wanting to use someone
else's pre-release tool) and faced with backups that large, I probably
would have opted for a direct 'dd' copy to the new drive, or use 'dd' +
hash for the backups.
Since you're at the point of trying to modify restore.py, you may still
want to consider the direct 'dd' option (if so, then you would have two
"backups", the one from qvm-backup plus the original work drive).
Even so, using tar directly with a small script as donoban suggested is
workable and something I've done back in the R2.0-3.0 days. So I'll
include my old verification script for you here... it could be easily
adapted to append the segments to a whole tar file (or to save space,
pipe them to tar directly).
===
#!/bin/bash
# ** Quick and dirty script to verify integrity of Qubes backup files
**
# ** Change the backup file name and 'passphrase' variable to match
yours **
# ** Should be invoked from a 'tar' command (not directly) like so...
**
#
# tar -i -xf put-your-backup-file-here \
# --to-command='./verify-qbackup $TAR_FILENAME'
passphrase="put-your-backup-passphrase-here"
fname=$1
if [ "${fname##*.}" = "hmac" ] ; then
# This file has .hmac extension; Compare with prior file's
just-calculated hmac
read hmac
echo -n "Received... " $hmac
read myhmac <verifyqb.tmp
if [ "$hmac" = "$myhmac" ] ; then
echo " OK"
else
echo " *****MISMATCH*****"
kill -SIGINT $PPID
# Stop tar/parent
fi
else
# This file is data; create an hmac from stdin for comparison with next
file
echo
echo "FOUND " $fname
echo -n "Calculating..."
openssl dgst -hmac "$passphrase" >verifyqb.tmp
read myhmac <verifyqb.tmp
echo $myhmac
fi
===
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/c95941da-f98f-19fc-f7ce-ad3b7f48b0ed%40posteo.net.