diff --git a/borg.backup.file.sh b/borg.backup.file.sh index 600ff08..5801ea9 100755 --- a/borg.backup.file.sh +++ b/borg.backup.file.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + # Plain file backup # set last edit date + time @@ -35,7 +38,7 @@ FOLDERS=(); # this if for debug output with quoted folders FOLDERS_Q=(); # include list -while read include_folder; do +while read -r include_folder; do # strip any leading spaces from that folder include_folder=$(echo "${include_folder}" | sed -e 's/^[ \t]*//'); # check that those folders exist, warn on error, @@ -111,7 +114,7 @@ if [ -s "${BASE_FOLDER}${EXCLUDE_FILE}" ]; then if [ -n "${exclude_folder}" ]; then # if it DOES NOT start with a / we assume free folder and add as is if [[ "${exclude_folder}" != /* ]]; then - echo "${exclude_folder}" >> ${TMP_EXCLUDE_FILE}; + echo "${exclude_folder}" >> "${TMP_EXCLUDE_FILE}"; echo "+ [E] General exclude: '${exclude_folder}'"; # if this is a glob, do a double check that the base folder actually exists (?) elif [[ "${exclude_folder}" =~ $REGEX_GLOB ]]; then @@ -121,7 +124,7 @@ if [ -s "${BASE_FOLDER}${EXCLUDE_FILE}" ]; then if [ ! -d "${_exclude_folder}" ]; then echo "- [E] Exclude folder with glob '${exclude_folder}' does not exist or is not accessable"; else - echo "${exclude_folder}" >> ${TMP_EXCLUDE_FILE}; + echo "${exclude_folder}" >> "${TMP_EXCLUDE_FILE}"; echo "+ [E] Exclude folder with glob '${exclude_folder}'"; fi; # do a warning for a possible invalid folder @@ -129,7 +132,7 @@ if [ -s "${BASE_FOLDER}${EXCLUDE_FILE}" ]; then elif [ ! -d "${exclude_folder}" ] && [ ! -e "${exclude_folder}" ]; then echo "- [E] Exclude folder or file '${exclude_folder}' does not exist or is not accessable"; else - echo "${exclude_folder}" >> ${TMP_EXCLUDE_FILE}; + echo "${exclude_folder}" >> "${TMP_EXCLUDE_FILE}"; # if it is a folder, remove the last / or the symlink check will not work if [ -d "${exclude_folder}" ]; then _exclude_folder=${exclude_folder%/*}; diff --git a/borg.backup.functions.check.sh b/borg.backup.functions.check.sh index a695248..cb38293 100644 --- a/borg.backup.functions.check.sh +++ b/borg.backup.functions.check.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + if [ -z "${MODULE}" ]; then echo "Script cannot be run on its own"; exit 1; @@ -18,13 +21,13 @@ if [ $# -ge 1 ] && [ "$1" = "auto" ]; then # get current date timestmap CURRENT_DATE=$(date +%s); # if =1 always ok - if [ ${CHECK_INTERVAL} -eq 1 ]; then + if [ "${CHECK_INTERVAL}" -eq 1 ]; then RUN_CHECK=1; # always add verify data for automatic check OPT_CHECK_VERIFY_DATA="--verify-data"; # set new check time here - echo ${CURRENT_DATE} > "${BASE_FOLDER}${BACKUP_CHECK_FILE}"; - elif [ ${CHECK_INTERVAL} -gt 1 ]; then + echo "${CURRENT_DATE}" > "${BASE_FOLDER}${BACKUP_CHECK_FILE}"; + elif [ "${CHECK_INTERVAL}" -gt 1 ]; then # else load last timestamp and check if today - last time stamp > days if [ -z "${LAST_CHECK_DATE}" ]; then LAST_CHECK_DATE=$(cat "${BASE_FOLDER}${BACKUP_CHECK_FILE}" 2>/dev/null | sed -e 's/ //g'); @@ -34,19 +37,19 @@ if [ $# -ge 1 ] && [ "$1" = "auto" ]; then LAST_CHECK_DATE=0; fi; # if the difference greate than check date, run. CHECK INTERVAL is in days - if [ $(($CURRENT_DATE-$LAST_CHECK_DATE)) -ge $((${CHECK_INTERVAL}*86400)) ]; then + if [ $((CURRENT_DATE - LAST_CHECK_DATE)) -ge $((CHECK_INTERVAL * 86400)) ]; then RUN_CHECK=1; # always add verify data for automatic check OPT_CHECK_VERIFY_DATA="--verify-data"; # set new check time here - echo ${CURRENT_DATE} > "${BASE_FOLDER}${BACKUP_CHECK_FILE}"; + echo "${CURRENT_DATE}" > "${BASE_FOLDER}${BACKUP_CHECK_FILE}"; fi; fi; -elif [ ${CHECK} -eq 1 ]; then +elif [ "${CHECK}" -eq 1 ]; then RUN_CHECK=1; fi; -if [ ${RUN_CHECK} -eq 1 ]; then +if [ "${RUN_CHECK}" -eq 1 ]; then # run borg check command IFS=${_IFS}; printf "${PRINTF_SUB_BLOCK}" "CHECK" "$(date +'%F %T')" "${MODULE}"; @@ -58,21 +61,21 @@ if [ ${RUN_CHECK} -eq 1 ]; then OPT_GLOB="-P ${CHECK_PREFIX}"; fi; # debug/dryrun - if [ ${DEBUG} -eq 1 ] || [ ${DRYRUN} -eq 1 ]; then + if [ "${DEBUG}" -eq 1 ] || [ "${DRYRUN}" -eq 1 ]; then echo "export BORG_BASE_DIR=\"${BASE_FOLDER}\";${BORG_COMMAND} check ${OPT_REMOTE} ${OPT_PROGRESS} ${OPT_CHECK_VERIFY_DATA} ${OPT_GLOB} ${REPOSITORY}"; fi; # run info command if not a dry drun - if [ ${DRYRUN} -eq 0 ]; then + if [ "${DRYRUN}" -eq 0 ]; then # if glob add glob command directly if [[ "${CHECK_PREFIX}" =~ $REGEX_GLOB ]]; then - ${BORG_COMMAND} check ${OPT_REMOTE} ${OPT_PROGRESS} ${OPT_CHECK_VERIFY_DATA} -a "${CHECK_PREFIX}" ${REPOSITORY}; + ${BORG_COMMAND} check ${OPT_REMOTE} ${OPT_PROGRESS} ${OPT_CHECK_VERIFY_DATA} -a "${CHECK_PREFIX}" "${REPOSITORY}"; else - ${BORG_COMMAND} check ${OPT_REMOTE} ${OPT_PROGRESS} ${OPT_CHECK_VERIFY_DATA} ${OPT_GLOB} ${REPOSITORY}; + ${BORG_COMMAND} check ${OPT_REMOTE} ${OPT_PROGRESS} ${OPT_CHECK_VERIFY_DATA} ${OPT_GLOB} "${REPOSITORY}"; fi; fi; # print additional info for use --repair command # but only for manual checks - if [ ${VERBOSE} -eq 1 ] && [ ${CHECK} -eq 1 ]; then + if [ "${VERBOSE}" -eq 1 ] && [ "${CHECK}" -eq 1 ]; then echo ""; echo "In case of needed repair: " echo "export BORG_BASE_DIR=\"${BASE_FOLDER}\";${BORG_COMMAND} check ${OPT_REMOTE} ${OPT_PROGRESS} --repair ${OPT_GLOB} ${REPOSITORY}"; diff --git a/borg.backup.functions.close.sh b/borg.backup.functions.close.sh index 2168311..446857d 100644 --- a/borg.backup.functions.close.sh +++ b/borg.backup.functions.close.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + if [ -z "${MODULE}" ]; then echo "Script cannot be run on its own"; exit 1; @@ -16,7 +19,7 @@ if [ $# -ge 1 ] && [ "$1" = "1" ]; then printf "${PRINTF_MASTER_BLOCK}" "ERROR" "$(date +'%F %T')" "${MODULE}"; else # running time calculation - DURATION=$(( $(date +'%s')-START )); + DURATION=$(( $(date +'%s') - START )); echo "=== [Run time: $(convert_time ${DURATION})]"; printf "${PRINTF_MASTER_BLOCK}" "END" "$(date +'%F %T')" "${MODULE}"; fi; diff --git a/borg.backup.functions.compact.sh b/borg.backup.functions.compact.sh index 3ed0f49..ff5b2b4 100644 --- a/borg.backup.functions.compact.sh +++ b/borg.backup.functions.compact.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + if [ -z "${MODULE}" ]; then echo "Script cannot be run on its own"; exit 1; @@ -7,6 +10,7 @@ fi; # compact (only if BORG COMPACT is set) # only for borg 1.2 +if [ "$(version "$BORG_VERSION")" -ge "$(version "1.2.0")" ]; then if [ "$(version "$BORG_VERSION")" -ge "$(version "1.2.0")" ]; then RUN_COMPACT=0; if [ $# -ge 1 ] && [ "$1" = "auto" ]; then @@ -18,10 +22,13 @@ if [ "$(version "$BORG_VERSION")" -ge "$(version "1.2.0")" ]; then fi; # get current date timestmap CURRENT_DATE=$(date +%s); + if [ "${COMPACT_INTERVAL}" -eq 1 ]; then if [ "${COMPACT_INTERVAL}" -eq 1 ]; then RUN_COMPACT=1; # set new compact time here echo "${CURRENT_DATE}" > "${BASE_FOLDER}${BACKUP_COMPACT_FILE}"; + elif [ "${COMPACT_INTERVAL}" -gt 1 ]; then + echo "${CURRENT_DATE}" > "${BASE_FOLDER}${BACKUP_COMPACT_FILE}"; elif [ "${COMPACT_INTERVAL}" -gt 1 ]; then # else load last timestamp and check if today - last time stamp > days if [ -z "${LAST_COMPACT_DATE}" ]; then @@ -32,7 +39,7 @@ if [ "$(version "$BORG_VERSION")" -ge "$(version "1.2.0")" ]; then LAST_COMPACT_DATE=0; fi; # if the difference greate than compact date, run. COMPACT INTERVAL is in days - if [ $((CURRENT_DATE-LAST_COMPACT_DATE)) -ge $((COMPACT_INTERVAL*86400)) ]; then + if [ $((CURRENT_DATE - LAST_COMPACT_DATE)) -ge $((COMPACT_INTERVAL * 86400)) ]; then RUN_COMPACT=1; # set new compact time here echo "${CURRENT_DATE}" > "${BASE_FOLDER}${BACKUP_COMPACT_FILE}"; @@ -42,7 +49,7 @@ if [ "$(version "$BORG_VERSION")" -ge "$(version "1.2.0")" ]; then RUN_COMPACT=1; fi; - if [ ${RUN_COMPACT} -eq 1 ]; then + if [ "${RUN_COMPACT}" -eq 1 ]; then # reset to normal IFS, so command works here IFS=${_IFS}; # shellcheck disable=SC2059 diff --git a/borg.backup.functions.info.sh b/borg.backup.functions.info.sh index 9e584ce..40ce9e7 100644 --- a/borg.backup.functions.info.sh +++ b/borg.backup.functions.info.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + if [ -z "${MODULE}" ]; then echo "Script cannot be run on its own"; exit 1; @@ -13,10 +16,15 @@ if [ "${INFO}" -eq 1 ]; then fi; # run info command if not a dry drun if [ "${DRYRUN}" -eq 0 ]; then - ${BORG_COMMAND} info ${OPT_REMOTE} ${REPOSITORY}; + ${BORG_COMMAND} info ${OPT_REMOTE} "${REPOSITORY}"; + if [ "${VERBOSE}" -eq 1 ]; then + # print key information + echo "------------------------------------------------------------------------------"; + ${BORG_COMMAND} key export "${REPOSITORY}"; + fi; fi; if [ "${MODULE}" = "files" ]; then - if [ "$FOLDER_OK" -eq 1 ]; then + if [ "${FOLDER_OK}" -eq 1 ]; then echo "--- [Run command]:"; #IFS="#"; echo "export BORG_BASE_DIR=\"${BASE_FOLDER}\";${COMMAND} ${FOLDERS_Q[*]}"; diff --git a/borg.backup.functions.init.sh b/borg.backup.functions.init.sh index 61abc5a..687571e 100644 --- a/borg.backup.functions.init.sh +++ b/borg.backup.functions.init.sh @@ -125,7 +125,7 @@ COMPRESSION_LEVEL=""; SUB_COMPRESSION=""; SUB_COMPRESSION_LEVEL=""; # encryption settings -DEFAULT_ENCRYPTION="none"; +DEFAULT_ENCRYPTION="keyfile"; ENCRYPTION=""; # force verify always DEFAULT_FORCE_VERIFY="false"; @@ -334,12 +334,12 @@ if [ ${VERIFY} -eq 1 ] || [ ${INIT} -eq 1 ] && [ ${INFO} -eq 1 ]; then exit 1; fi; # print -P cannot be run with -i/-C/-I together -if [ ${PRINT} -eq 1 ] && ([ ${INIT} -eq 1 ] || [ ${VERIFY} -eq 1 ] || [ ${INFO} -eq 1 ]); then +if [ ${PRINT} -eq 1 ] && { [ ${INIT} -eq 1 ] || [ ${VERIFY} -eq 1 ] || [ ${INFO} -eq 1 ]; }; then echo "Cannot have -P print option and -i info, -V verify or -I initizalize option at the same time"; exit 1; fi; # if tag is set, you can't have init, verify, info, etc -if [ -n "${ONE_TIME_TAG}" ] && ([ ${PRINT} -eq 1 ] || [ ${INIT} -eq 1 ] || [ ${VERIFY} -eq 1 ] || [ ${INFO} -eq 1 ]); then +if [ -n "${ONE_TIME_TAG}" ] && { [ ${PRINT} -eq 1 ] || [ ${INIT} -eq 1 ] || [ ${VERIFY} -eq 1 ] || [ ${INFO} -eq 1 ]; }; then echo "Cannot have -T '${ONE_TIME_TAG}' option with -i info, -V verify, -I initialize or -P print option at the same time"; exit 1; fi; @@ -352,7 +352,7 @@ elif [ -n "${ONE_TIME_TAG}" ]; then ONE_TIME_TAG=${ONE_TIME_TAG}"."; fi; # if -D, cannot be with -T, -i, -C, -I, -P -if [ -n "${DELETE_ONE_TIME_TAG}" ] && ([ -n "${ONE_TIME_TAG}" ] || [ ${PRINT} -eq 1 ] || [ ${INIT} -eq 1 ] || [ ${VERIFY} -eq 1 ] || [ ${INFO} -eq 1 ]); then +if [ -n "${DELETE_ONE_TIME_TAG}" ] && { [ -n "${ONE_TIME_TAG}" ] || [ ${PRINT} -eq 1 ] || [ ${INIT} -eq 1 ] || [ ${VERIFY} -eq 1 ] || [ ${INFO} -eq 1 ]; }; then echo "Cannot have -D delete tag option with -T one time tag, -i info, -V verify, -I initialize or -P print option at the same time"; exit 1; fi; @@ -599,11 +599,26 @@ fi; # if ENCRYPTION is empty or not in the valid list fall back to none # NOTE This is currently set in default and doesn't need to be set on empty # only ivalid should be checked -#if [ -z "${ENCRYPTION}" ]; then -# ENCRYPTION="none"; -#else - # TODO check for invalid encryption string -#fi; +if + [ "${ENCRYPTION}" = "authenticated" ] || + [ "${ENCRYPTION}" = "repokey" ] || + [ "${ENCRYPTION}" = "authenticated-blake2" ] || + [ "${ENCRYPTION}" = "repokey-blake2" ] ; +then + # if "authenticated" or "repokey" a password must be set + if [[ ! -v BORG_PASSPHRASE ]] && [[ ! -v BORG_PASSCOMMAND ]] && [[ ! -v BORG_PASSPHRASE_FD ]]; then + echo "Encryption method '${ENCRYPTION}' requires a BORG_PASSPHRASE, BORG_PASSCOMMAND or BORG_PASSPHRASE_FD to be set."; + exit 1; + fi; +elif [ "${ENCRYPTION}" = "keyfile" ] || [ "${ENCRYPTION}" = "keyfile-blake2" ]; then + # if no password, set empty password + if [[ ! -v BORG_PASSPHRASE ]] && [[ ! -v BORG_PASSCOMMAND ]] && [[ ! -v BORG_PASSPHRASE_FD ]]; then + export BORG_PASSPHRASE=""; + fi; +elif [ "${ENCRYPTION}" != "none" ]; then + echo "Encryption method '${ENCRYPTION}' is not valid."; + exit 1; +fi; ## FUNCTIONS @@ -618,22 +633,22 @@ function convert_time { timestamp=${1}; # round to four digits for ms - timestamp=$(printf "%1.4f" $timestamp); + timestamp=$(printf "%1.4f" "$timestamp"); # get the ms part and remove any leading 0 - ms=$(echo ${timestamp} | cut -d "." -f 2 | sed -e 's/^0*//'); - timestamp=$(echo ${timestamp} | cut -d "." -f 1); + ms=$(echo "${timestamp}" | cut -d "." -f 2 | sed -e 's/^0*//'); + timestamp=$(echo "${timestamp}" | cut -d "." -f 1); timegroups=(86400 3600 60 1); # day, hour, min, sec timenames=("d" "h" "m" "s"); # day, hour, min, sec output=( ); time_string=; - for timeslice in ${timegroups[@]}; do + for timeslice in "${timegroups[@]}"; do # floor for the division, push to output output[${#output[*]}]=$(awk "BEGIN {printf \"%d\", ${timestamp}/${timeslice}}"); timestamp=$(awk "BEGIN {printf \"%d\", ${timestamp}%${timeslice}}"); done; for ((i=0; i<${#output[@]}; i++)); do - if [ ${output[$i]} -gt 0 ] || [ -n "$time_string" ]; then + if [ "${output[$i]}" -gt 0 ] || [ -n "$time_string" ]; then if [ -n "${time_string}" ]; then time_string=${time_string}" "; fi; diff --git a/borg.backup.functions.verify.sh b/borg.backup.functions.verify.sh index b13005e..56d7fe7 100644 --- a/borg.backup.functions.verify.sh +++ b/borg.backup.functions.verify.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + if [ -z "${MODULE}" ]; then echo "Script cannot be run on its own"; exit 1; @@ -10,7 +13,7 @@ START=$(date +'%s'); # set init date, or today if not file is set BACKUP_INIT_DATE=''; if [ -f "${BASE_FOLDER}${BACKUP_INIT_FILE}" ]; then - BACKUP_INIT_DATE=$(printf '%(%c)T' $(cat "${BASE_FOLDER}${BACKUP_INIT_FILE}" 2>/dev/null)); + BACKUP_INIT_DATE=$(printf '%(%c)T' "$(cat "${BASE_FOLDER}${BACKUP_INIT_FILE}" 2>/dev/null)"); fi; # start logging from here exec &> >(tee -a "${LOG}"); @@ -36,7 +39,7 @@ if [ "$(version "$BORG_VERSION")" -ge "$(version "1.2.0")" ]; then if [ -f "${BASE_FOLDER}${BACKUP_COMPACT_FILE}" ]; then LAST_COMPACT_DATE=$(cat "${BASE_FOLDER}${BACKUP_COMPACT_FILE}" 2>/dev/null); printf "${PRINTF_INFO_STRING}" "Module last compact" \ - "$(printf '%(%c)T' ${LAST_COMPACT_DATE}) ($(convert_time $(($(date +%s)-${LAST_COMPACT_DATE}))) ago)"; + "$(printf '%(%c)T' "${LAST_COMPACT_DATE}") ($(convert_time $(($(date +%s) - LAST_COMPACT_DATE))) ago)"; else printf "${PRINTF_INFO_STRING}" "Module last compact" "No compact run yet" fi; @@ -49,7 +52,7 @@ if [ "${CHECK_INTERVAL##*[!0-9]*}" ]; then if [ -f "${BASE_FOLDER}${BACKUP_CHECK_FILE}" ]; then LAST_CHECK_DATE=$(cat "${BASE_FOLDER}${BACKUP_CHECK_FILE}" 2>/dev/null); printf "${PRINTF_INFO_STRING}" "Module last check" \ - "$(printf '%(%c)T' ${LAST_CHECK_DATE}) ($(convert_time $(($(date +%s)-${LAST_CHECK_DATE}))) ago)"; + "$(printf '%(%c)T' "${LAST_CHECK_DATE}") ($(convert_time $(($(date +%s) - LAST_CHECK_DATE))) ago)"; else printf "${PRINTF_INFO_STRING}" "Module last check" "No check run yet"; fi; @@ -152,10 +155,10 @@ if [ -n "${COMPRESSION}" ]; then # fi; error_message="[! $(date +'%F %T')] Compression level for ${COMPRESSION} needs to be a numeric value between ${MIN_COMPRESSION} and ${MAX_COMPRESSION}: ${COMPRESSION_LEVEL}"; if ! [[ "${COMPRESSION_LEVEL}" =~ ${REGEX_NUMERIC} ]]; then - echo ${error_message}; + echo "${error_message}"; exit 1; - elif [ ${COMPRESSION_LEVEL} -lt ${MIN_COMPRESSION} ] || [ ${COMPRESSION_LEVEL} -gt ${MAX_COMPRESSION} ]; then - echo ${error_message}; + elif [ "${COMPRESSION_LEVEL}" -lt "${MIN_COMPRESSION}" ] || [ "${COMPRESSION_LEVEL}" -gt "${MAX_COMPRESSION}" ]; then + echo "${error_message}"; exit 1; else OPT_COMPRESSION=${OPT_COMPRESSION}","${COMPRESSION_LEVEL}; @@ -288,6 +291,7 @@ COMMAND_INFO="${COMMAND_EXPORT}${BORG_COMMAND} info ${OPT_REMOTE} ${REPOSITORY}" # if this is user@host, we need to use ssh command to verify if the file is there # else a normal verify is ok # unless explicit given, verify is skipped +# MARK: VERIFY / INFO if [ "${VERIFY}" -eq 1 ] || [ "${INIT}" -eq 1 ]; then printf "${PRINTF_SUB_BLOCK}" "VERIFY" "$(date +'%F %T')" "${MODULE}"; if [ -n "${TARGET_SERVER}" ]; then @@ -295,7 +299,7 @@ if [ "${VERIFY}" -eq 1 ] || [ "${INIT}" -eq 1 ]; then echo "${BORG_COMMAND} info ${OPT_REMOTE} ${REPOSITORY} 2>&1|grep \"Repository ID:\""; fi; # use borg info and verify if it returns "Repository ID:" in the first line - REPO_VERIFY=$(${BORG_COMMAND} info ${OPT_REMOTE} ${REPOSITORY} 2>&1|grep "Repository ID:"); + REPO_VERIFY=$(${BORG_COMMAND} info ${OPT_REMOTE} "${REPOSITORY}" 2>&1|grep "Repository ID:"); # this is currently a hack to work round the error code in borg info # this checks if REPO_VERIFY holds this error message and then starts init if [[ -z "${REPO_VERIFY}" ]] || [[ "${REPO_VERIFY}" =~ ${REGEX_ERROR} ]]; then @@ -325,14 +329,29 @@ if [ "${VERIFY}" -eq 1 ] || [ "${INIT}" -eq 1 ]; then exit; fi; fi; +# MARK: INIT if [ "${INIT}" -eq 1 ] && [ "${INIT_REPOSITORY}" -eq 1 ]; then + printf "${PRINTF_SUB_BLOCK}" "INIT" "$(date +'%F %T')" "${MODULE}"; if [ "${DEBUG}" -eq 1 ] || [ "${DRYRUN}" -eq 1 ]; then echo "${BORG_COMMAND} init ${OPT_REMOTE} -e ${ENCRYPTION} ${OPT_VERBOSE} ${REPOSITORY}"; + echo "${BORG_COMMAND} key export ${REPOSITORY}"; + echo "${BORG_COMMAND} key export --paper ${REPOSITORY}"; fi if [ "${DRYRUN}" -eq 0 ]; then # should trap and exit properly here - ${BORG_COMMAND} init ${OPT_REMOTE} -e ${ENCRYPTION} ${OPT_VERBOSE} ${REPOSITORY}; + ${BORG_COMMAND} init ${OPT_REMOTE} -e "${ENCRYPTION}" ${OPT_VERBOSE} "${REPOSITORY}"; + # show the key file + if [ "${ENCRYPTION}" = "keyfile" ]; then + echo "--- [ENCRYPTION KEY] --[START]-------------------------------------------------->"; + echo "Store the key and password in a safe place"; + echo "export BORG_BASE_DIR=\"${BASE_FOLDER}\";borg key export [--paper] ${REPOSITORY}"; + echo "----[BORG KEY] -------------------------------->"; + ${BORG_COMMAND} key export "${REPOSITORY}"; + echo "----[BORG KEY:paper] -------------------------->"; + ${BORG_COMMAND} key export --paper "${REPOSITORY}"; + echo "--- [ENCRYPTION KEY] --[END ]-------------------------------------------------->"; + fi; # write init file date +%s > "${BASE_FOLDER}${BACKUP_INIT_FILE}"; echo "Repository initialized"; @@ -358,6 +377,7 @@ if [ ! -f "${BASE_FOLDER}${BACKUP_INIT_FILE}" ]; then exit 1; fi; +# MARK: LIST / PRINT # PRINT OUT current data, only do this if REPO exists if [ "${PRINT}" -eq 1 ]; then printf "${PRINTF_SUB_BLOCK}" "PRINT" "$(date +'%F %T')" "${MODULE}"; @@ -368,7 +388,7 @@ if [ "${PRINT}" -eq 1 ]; then fi; # run info command if not a dry drun if [ "${DRYRUN}" -eq 0 ]; then - ${BORG_COMMAND} list ${OPT_REMOTE} --format "${FORMAT}" ${REPOSITORY} ; + ${BORG_COMMAND} list ${OPT_REMOTE} --format "${FORMAT}" "${REPOSITORY}" ; fi; if [ "${VERBOSE}" -eq 1 ]; then echo ""; @@ -434,7 +454,7 @@ if [ -n "${DELETE_ONE_TIME_TAG}" ]; then # not that compact only works on borg 1.2 if [ "$(version "$BORG_VERSION")" -ge "$(version "1.2.0")" ]; then if [ "${DRYRUN}" -eq 0 ]; then - ${BORG_COMMAND} compact ${OPT_REMOTE} ${REPOSITORY}; + ${BORG_COMMAND} compact ${OPT_REMOTE} "${REPOSITORY}"; fi; if [ "${DEBUG}" -eq 1 ]; then echo "${BORG_COMMAND} compact ${OPT_REMOTE} ${REPOSITORY}"; diff --git a/borg.backup.gitea.sh b/borg.backup.gitea.sh index 46c4c8a..adc77fb 100755 --- a/borg.backup.gitea.sh +++ b/borg.backup.gitea.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + # Backup gitea database, all git folders and gitea settings MODULE="gitea" @@ -93,7 +96,7 @@ if [ ${DRYRUN} -eq 0 ]; then fi; chown -R ${GIT_USER}: "${GITEA_WORKING_DIR}"; # this needs to be run in a folder that can be stat by git user - cd "${GITEA_WORKING_DIR}"; + cd "${GITEA_WORKING_DIR}" || exit 1; sudo -u ${GIT_USER} ${GITEA_BIN} dump -c ${GITEA_CONFIG} -w ${GITEA_WORKING_DIR} -t ${GITEA_TEMP_DIR} --type ${GITEA_EXPORT_TYPE} -L -f - | ${BORG_CALL}; ) 2>&1 | sed 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' # remove all ESC strings fi; diff --git a/borg.backup.mysql.sh b/borg.backup.mysql.sh index 637fbb3..cf67829 100755 --- a/borg.backup.mysql.sh +++ b/borg.backup.mysql.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + # Backup MySQL/MariaDB # default is per table dump, can be set to one full dump # config override set in borg.backup.mysql.settings @@ -62,10 +65,11 @@ if [ -z "${_MYSQL_OK}" ]; then fi; # below is for file name only # set DB_VERSION (Distrib n.n.n-type) -# NEW: mysql Ver 15.1 Distrib 10.5.12-MariaDB, for debian-linux-gnu (x86_64) using EditLine wrapper -# OLD: mysql Ver 14.14 Distrib 5.7.35, for Linux (x86_64) using EditLine wrapper +# OLD: mysql Ver 14.14 Distrib 5.7.35, for Linux (x86_64) using EditLine wrapper +# NEW: mysql Ver 15.1 Distrib 10.5.12-MariaDB, for debian-linux-gnu (x86_64) using EditLine wrapper +# VARIANT: mysql from 11.8.3-MariaDB, client 15.2 for debian-linux-gnu (x86_64) using EditLine wrapper _DB_VERSION_TYPE=$("${MYSQL_CMD}" --version); -_DB_VERSION=$(echo "${_DB_VERSION_TYPE}" | sed 's/.*Distrib \([0-9]\{1,\}\.[0-9]\{1,\}\)\.[0-9]\{1,\}.*/\1/'); +_DB_VERSION=$(echo "${_DB_VERSION_TYPE}" | sed 's/.*\(Distrib\|from\) \([0-9]\{1,\}\.[0-9]\{1,\}\)\.[0-9]\{1,\}.*/\2/'); DB_VERSION=$(echo "${_DB_VERSION}" | cut -d " " -f 1); # temporary until correct type detection is set DB_TYPE="mysql"; @@ -125,11 +129,11 @@ if [ -n "${DATABASE_FULL_DUMP}" ]; then echo "Prune repository with keep${KEEP_INFO:1}"; ${BORG_PRUNE}; fi; - DURATION=$[ $(date +'%s')-$LOCAL_START ]; + DURATION=$(( $(date +'%s') - LOCAL_START )); printf "${PRINTF_DB_RUN_TIME_SUB_BLOCK}" "DONE" "all databases" "${MODULE}" "$(convert_time ${DURATION})"; else ${MYSQL_CMD} ${MYSQL_DB_CONFIG_PARAM} -B -N -e "show databases" | - while read db; do + while read -r db; do LOCAL_START=$(date +'%s'); printf "${PRINTF_DB_SUB_BLOCK}" "DB" "${db}" "${MODULE}"; printf "${PRINTF_SUBEXT_BLOCK}" "BACKUP" "${db}" "$(date +'%F %T')" "${MODULE}"; @@ -147,7 +151,7 @@ else fi; exclude=0; if [ -f "${BASE_FOLDER}${EXCLUDE_FILE}" ]; then - while read excl_db; do + while read -r excl_db; do if [ "${db}" = "${excl_db}" ]; then exclude=1; break; @@ -177,7 +181,7 @@ else SCHEMA_ONLY=''; # empty for all schema_flag='data'; # or data if [ -s "${BASE_FOLDER}${SCHEMA_ONLY_FILE}" ]; then - while read schema_db; do + while read -r schema_db; do if [ "${db}" = "${schema_db}" ]; then SCHEMA_ONLY='--no-data'; schema_flag='schema'; @@ -217,7 +221,7 @@ else else echo "- [E] ${db}"; fi; - DURATION=$[ $(date +'%s')-$LOCAL_START ]; + DURATION=$(( $(date +'%s') - LOCAL_START )); printf "${PRINTF_DB_RUN_TIME_SUB_BLOCK}" "DONE" "${db}" "${MODULE}" "$(convert_time ${DURATION})"; done; fi; diff --git a/borg.backup.settings-default b/borg.backup.settings-default index 07940d1..393a407 100644 --- a/borg.backup.settings-default +++ b/borg.backup.settings-default @@ -23,10 +23,13 @@ COMPRESSION_LEVEL=""; # encryption settings: # SHA-256: 'none', 'authenticated', 'repokey', 'keyfile' # BLAKE2b: 'authenticated-blake2', 'repokey-blake2', 'keyfile-blake2' -# Note: none or empty does not encrypt +# Note: none does not encrypt # Blank passwords allowed for only key (if used, use keyfile) +# Default is keyfile +# passwords have to be set via BORG_PASSPHRASE or BORG_PASSCOMMAND +# keyfile can have blank passwords # See: http://borgbackup.readthedocs.io/en/stable/faq.html#how-can-i-specify-the-encryption-passphrase-programmatically -ENCRYPTION=""; +ENCRYPTION="" # force repository verify, default is off, set to true for verify on every run FORCE_VERIFY=""; # compact interval, only if using borg 1.2 or higher diff --git a/borg.backup.zabbix.sh b/borg.backup.zabbix.sh index 9cedca2..c58d0b3 100755 --- a/borg.backup.zabbix.sh +++ b/borg.backup.zabbix.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + # Backup zabbix config and settings only MODULE="zabbix"