From 575c8234c31a591062ab2f07b615462ac7fe4bde Mon Sep 17 00:00:00 2001 From: Rusty Bird Date: Thu, 8 Oct 2020 15:17:27 +0000 Subject: [PATCH 1/4] Emergency restore v4: Drop obsolete part carried over from v3 --- user/common-tasks/backup-emergency-restore-v4.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/user/common-tasks/backup-emergency-restore-v4.md b/user/common-tasks/backup-emergency-restore-v4.md index ec9731d4..3dc2d22a 100644 --- a/user/common-tasks/backup-emergency-restore-v4.md +++ b/user/common-tasks/backup-emergency-restore-v4.md @@ -163,11 +163,7 @@ Emergency Recovery Instructions **Note:** If your backup was compressed with a program other than `gzip`, you must substitute the correct compression program. This information is - contained in `backup-header` (see step 4). For example, if you used `bzip2`, - then you should do this: - - [user@restore vm1]$ mv private.img.dec private.img.dec.bz2 - [user@restore vm1]$ bunzip2 private.img.dec.bz2 + contained in `backup-header` (see step 4). 8. Mount `private.img` and access your data. From 2de76f9553b45cd48b3c22866134b6340b8b0423 Mon Sep 17 00:00:00 2001 From: Rusty Bird Date: Thu, 8 Oct 2020 15:22:54 +0000 Subject: [PATCH 2/4] Emergency restore: Don't fail on large VMs VMs whose backup size exceeds 100 GiB have more than a thousand chunks, i.e. private.img.999 is succeeded by private.img.1000 and so on. Ensure that these are all processed, and in the right numerical order. Fixes QubesOS/qubes-issues#6113 --- user/common-tasks/backup-emergency-restore-v2.md | 2 +- user/common-tasks/backup-emergency-restore-v3.md | 2 +- user/common-tasks/backup-emergency-restore-v4.md | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/user/common-tasks/backup-emergency-restore-v2.md b/user/common-tasks/backup-emergency-restore-v2.md index 159607f7..6c03bd3e 100644 --- a/user/common-tasks/backup-emergency-restore-v2.md +++ b/user/common-tasks/backup-emergency-restore-v2.md @@ -68,7 +68,7 @@ encrypted and compressed. **Note:** For multi-part files, a loop can be used: ~~~ - for f in private.img.*; do + find -name 'private.img.*' | sort -V | while read f; do openssl enc -d -pass pass:your_passphrase -aes-256-cbc -in $f -out ${f/.img/.img.dec} done diff --git a/user/common-tasks/backup-emergency-restore-v3.md b/user/common-tasks/backup-emergency-restore-v3.md index c2774ee9..2718b5d4 100644 --- a/user/common-tasks/backup-emergency-restore-v3.md +++ b/user/common-tasks/backup-emergency-restore-v3.md @@ -93,7 +93,7 @@ any GNU/Linux system with the following procedure. 5. Decrypt the `private.img` file. - [user@restore vm1]$ cat private.img.??? | openssl enc -d -pass pass:your_passphrase -aes-256-cbc -out private.img.dec + [user@restore vm1]$ find -name 'private.img.*[0-9]' | sort -V | xargs cat | openssl enc -d -pass pass:your_passphrase -aes-256-cbc -out private.img.dec **Note:** If your backup was encrypted with a cipher algorithm other than `aes-256-cbc`, you must substitute the correct cipher command. This diff --git a/user/common-tasks/backup-emergency-restore-v4.md b/user/common-tasks/backup-emergency-restore-v4.md index 3dc2d22a..6824c65c 100644 --- a/user/common-tasks/backup-emergency-restore-v4.md +++ b/user/common-tasks/backup-emergency-restore-v4.md @@ -148,7 +148,7 @@ Emergency Recovery Instructions 6. Verify the integrity of and decrypt the `private.img` file that houses your data. - [user@restore ~]$ for f_enc in vm1/private.img.???.enc; do \ + [user@restore ~]$ find vm1 -name 'private.img.*.enc' | sort -V | while read f_enc; do \ f_dec=${f_enc%.enc}; \ echo "$backup_id!$f_dec!$backup_pass" | scrypt dec -P $f_enc $f_dec || break; \ done @@ -158,7 +158,7 @@ Emergency Recovery Instructions 7. Decompress and untar the decrypted `private.img` file. - [user@restore ~]$ cat vm1/private.img.??? | gzip -d | tar -xv + [user@restore ~]$ find vm1 -name 'private.img.*[0-9]' | sort -V | xargs cat | gzip -d | tar -xv vm1/private.img **Note:** If your backup was compressed with a program other than `gzip`, From ef940956ed543ef58b6c5b8a6d938420d9b78a27 Mon Sep 17 00:00:00 2001 From: Rusty Bird Date: Fri, 9 Oct 2020 11:07:48 +0000 Subject: [PATCH 3/4] Emergency restore v4: Don't store decrypted chunks as files Instead of storing the verified+decrypted chunks as intermediate files on disk, pipe them straight into decompression+extraction. This saves a lot of disk space and typing. --- .../backup-emergency-restore-v4.md | 23 ++++++++----------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/user/common-tasks/backup-emergency-restore-v4.md b/user/common-tasks/backup-emergency-restore-v4.md index 6824c65c..0685379d 100644 --- a/user/common-tasks/backup-emergency-restore-v4.md +++ b/user/common-tasks/backup-emergency-restore-v4.md @@ -145,35 +145,30 @@ Emergency Recovery Instructions [user@restore ~]$ backup_id=20161020T123455-1234 - 6. Verify the integrity of and decrypt the `private.img` file that houses your - data. + 6. Verify the integrity of your data, decrypt, decompress, and extract `private.img`: [user@restore ~]$ find vm1 -name 'private.img.*.enc' | sort -V | while read f_enc; do \ f_dec=${f_enc%.enc}; \ - echo "$backup_id!$f_dec!$backup_pass" | scrypt dec -P $f_enc $f_dec || break; \ - done - - **Note:** If this command fails, it is likely that the backup is corrupted - or has been tampered with. - - 7. Decompress and untar the decrypted `private.img` file. - - [user@restore ~]$ find vm1 -name 'private.img.*[0-9]' | sort -V | xargs cat | gzip -d | tar -xv + echo "$backup_id!$f_dec!$backup_pass" | scrypt dec -P $f_enc || break; \ + done | gzip -d | tar -xv vm1/private.img + If this pipeline fails, it is likely that the backup is corrupted or has + been tampered with. + **Note:** If your backup was compressed with a program other than `gzip`, you must substitute the correct compression program. This information is contained in `backup-header` (see step 4). - 8. Mount `private.img` and access your data. + 7. Mount `private.img` and access your data. [user@restore vm1]$ sudo mkdir /mnt/img [user@restore vm1]$ sudo mount -o loop vm1/private.img /mnt/img/ [user@restore vm1]$ cat /mnt/img/home/user/your_data.txt This data has been successfully recovered! - 9. Success! If you wish to recover data from more than one VM in your backup, - simply repeat steps 6--8 for each additional VM. + 8. Success! If you wish to recover data from more than one VM in your backup, + simply repeat steps 6 and 7 for each additional VM. **Note:** You may wish to store a copy of these instructions with your Qubes backups in the event that you fail to recall the above procedure From 086a2f582482daa509370aa2951e8da779b9bd98 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Fri, 9 Oct 2020 06:29:27 -0500 Subject: [PATCH 4/4] Clarify alternate compression program instructions --- user/common-tasks/backup-emergency-restore-v4.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/user/common-tasks/backup-emergency-restore-v4.md b/user/common-tasks/backup-emergency-restore-v4.md index 0685379d..fa607e78 100644 --- a/user/common-tasks/backup-emergency-restore-v4.md +++ b/user/common-tasks/backup-emergency-restore-v4.md @@ -157,8 +157,10 @@ Emergency Recovery Instructions been tampered with. **Note:** If your backup was compressed with a program other than `gzip`, - you must substitute the correct compression program. This information is - contained in `backup-header` (see step 4). + you must substitute the correct compression program in the command above. + This information is contained in `backup-header` (see step 4). For example, + if your backup is compressed with `bzip2`, use `bzip2 -d` instead in the + command above. 7. Mount `private.img` and access your data.