qubes-doc/user/how-to-guides/backup-emergency-restore-v3.rst

181 lines
6.4 KiB
ReStructuredText
Raw Normal View History

2024-05-21 14:59:46 -04:00
==============================
Emergency backup recovery (v3)
==============================
This page describes how to perform an emergency restore of a backup
created on Qubes R2 or later (which uses backup format version 3).
The Qubes backup system has been designed with emergency disaster
recovery in mind. No special Qubes-specific tools are required to access
data backed up by Qubes. In the event a Qubes system is unavailable, you
can access your data on any GNU/Linux system with the following
procedure.
**Note:** In the following example, the backup file is both *encrypted*
and *compressed*.
1. Untar the main backup file.
.. code:: bash
[user@restore ~]$ tar -i -xvf qubes-backup-2015-06-05T123456
backup-header
backup-header.hmac
qubes.xml.000
qubes.xml.000.hmac
vm1/private.img.000
vm1/private.img.000.hmac
vm1/icon.png.000
vm1/icon.png.000.hmac
vm1/firewall.xml.000
vm1/firewall.xml.000.hmac
vm1/whitelisted-appmenus.list.000
vm1/whitelisted-appmenus.list.000.hmac
dom0-home/dom0user.000
dom0-home/dom0user.000.hmac
2. Set the backup passphrase environment variable. While this isnt
strictly required, it will be handy later and will avoid saving the
passphrase in the shells history.
.. code:: bash
[user@restore ~]$ read -r backup_pass
3. Verify the integrity of the ``backup-header`` file, which contains
basic information about your backup.
.. code:: bash
[user@restore ~]$ openssl dgst -sha512 -hmac "$backup_pass" backup-header
HMAC-SHA512(backup-header)= 5b266783e116fe3b2601a54c249ca5f5f96d421dfe6828eeaeb2dcd014e9e945c27b3d7b0f952f5d55c927318906d9c360f387b0e1f069bb8195e96543e2969c
[user@restore ~]$ cat backup-header.hmac
(stdin)= 5b266783e116fe3b2601a54c249ca5f5f96d421dfe6828eeaeb2dcd014e9e945c27b3d7b0f952f5d55c927318906d9c360f387b0e1f069bb8195e96543e2969c
**Note:** The hash values should match. If they do not match, then
the backup file may have been tampered with, or there may have been
a storage error.
**Note:** If your backup was hashed with a message digest algorithm
other than ``sha512``, you must substitute the correct message
digest command. This information is contained in the
``backup-header`` file (see step 4), however it is not recommended
to open this file until its integrity and authenticity has been
verified (the current step). A complete list of supported message
digest algorithms can be found with
``openssl list-message-digest-algorithms``.
4. Read the ``backup-header``. Youll need some of this information
later. The file will look similar to this:
.. code:: bash
[user@restore ~]$ cat backup-header
version=3
hmac-algorithm=SHA512
crypto-algorithm=aes-256-cbc
encrypted=True
compressed=True
compression-filter=gzip
**Note:** If you see ``version=2`` here, go to :doc:`Emergency Backup Recovery - format version 2 </user/how-to-guides/backup-emergency-restore-v2>`
instead.
5. Verify the integrity of the ``private.img`` file which houses your
data.
.. code:: bash
[user@restore ~]$ cd vm1/
[user@restore vm1]$ openssl dgst -sha512 -hmac "$backup_pass" private.img.000
HMAC-SHA512(private.img.000)= cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
[user@restore vm1]$ cat private.img.000.hmac
(stdin)= cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
**Note:** The hash values should match. If they do not match, then
the backup file may have been tampered with, or there may have been
a storage error.
**Note:** If your backup was hashed with a message digest algorithm
other than ``sha512``, you must substitute the correct message
digest command. This information is contained in the
``backup-header`` file (see step 4). A complete list of supported
message digest algorithms can be found with
``openssl list-message-digest-algorithms``.
6. Decrypt the ``private.img`` file.
.. code:: bash
[user@restore vm1]$ find -name 'private.img.*[0-9]' | sort -V | xargs cat | openssl enc -d -md MD5 -pass pass:"$backup_pass" -aes-256-cbc -out private.img.dec
**Note:** If your backup was encrypted with a cipher algorithm other
than ``aes-256-cbc``, you must substitute the correct cipher
command. This information is contained in the ``backup-header`` file
(see step 4). A complete list of supported cipher algorithms can be
found with ``openssl list-cipher-algorithms``.
7. Decompress the decrypted ``private.img`` file.
.. code:: bash
[user@restore vm1]$ zforce private.img.dec
private.img.dec -- replaced with private.img.dec.gz
[user@restore vm1]$ gunzip private.img.dec.gz
**Note:** If your backup was compressed with a program other than
``gzip``, you must substitute the correct compression program. This
information is contained in the ``backup-header`` file (see step 4).
For example, if you used ``bzip2``, then you should do this:
.. code:: bash
[user@restore vm1]$ mv private.img.dec private.img.dec.bz2
[user@restore vm1]$ bunzip2 private.img.dec.bz2
8. Untar the decrypted and decompressed ``private.img`` file.
.. code:: bash
[user@restore vm1]$ tar -xvf private.img.dec
vm1/private.img
9. Mount the private.img file and access your data.
.. code:: bash
[user@restore vm1]$ sudo mkdir /mnt/img
[user@restore vm1]$ sudo mount -o loop vm1/private.img /mnt/img/
[user@restore vm1]$ cat /mnt/img/home/user/your_data.txt
This data has been successfully recovered!
10. Success! If you wish to recover data from more than one VM in your
backup, simply repeat steps 59 for each additional VM.
**Note:** You may wish to store a copy of these instructions with
your Qubes backups in the event that you fail to recall the above
procedure while this web page is inaccessible. All Qubes
documentation, including this page, is available in plain text
format in the following Git repository:
.. code:: bash
https://github.com/QubesOS/qubes-doc.git