fd0 released this
Apr 23, 2019
· 3 commits to master since this release
We're very pleased to present you restic 0.9.5! restic is distributed as a standalone binary: download the correct file for your operating system and architecture, extract the file and just run it. If you run into any issues, please report them at the GitHub issue tracker or visit the forum. If you already have restic >= 0.9.3, you can use restic self-update to get the latest version in a secure way.
The binaries released with each restic version are reproducible, which means that you can easily reproduce a byte identical version from the source code for that release. Instructions on how to do that in the Developer Documentation.
The following sections list the changes in restic 0.9.5 relevant to restic users. The changes are ordered by importance.
Bugfix #2135: Return error when no bytes could be read from stdin
We assume that users reading backup data from stdin want to know when no data could be read, so now restic returns an error when backup --stdin is called but no bytes could be read. Usually, this means that an earlier command in a pipe has failed. The documentation was amended and now recommends setting the pipefail option (set -o pipefail).
set -o pipefail
Bugfix #2181: Don't cancel timeout after 30 seconds for self-update
Bugfix #2203: Fix reading passwords from stdin
Passwords for the init, key add, and key passwd commands can now be read from non-terminal stdin.
Bugfix #2224: Don't abort the find command when a tree can't be loaded
Change the find command so that missing trees don't result in a crash. Instead, the error is logged to the debug log, and the tree ID is displayed along with the snapshot it belongs to. This makes it possible to recover repositories that are missing trees by forgetting the snapshots they are used in.
Enhancement #1895: Add case insensitive include & exclude options
The backup and restore commands now have --iexclude and --iinclude flags as case insensitive variants of --exclude and --include.
Enhancement #1937: Support streaming JSON output for backup
We've added support for getting machine-readable status output during backup, just pass the flag --json for restic backup and restic will output a stream of JSON objects which contain the current progress.
Enhancement #2155: Add Openstack application credential auth for Swift
Since Openstack Queens Identity (auth V3) service supports an application credential auth method. It allows to create a technical account with the limited roles. This commit adds an application credential authentication method for the Swift backend.
Enhancement #2184: Add --json support to forget command
The forget command now supports the --json argument, outputting the information about what is (or would-be) kept and removed from the repository.
Enhancement #2037: Add group-by option to snapshots command
We have added an option to group the output of the snapshots command, similar to the output of the forget command. The option has been called "--group-by" and accepts any combination of the values "host", "paths" and "tags", separated by commas. Default behavior (not specifying --group-by) has not been changed. We have added support of the grouping to the JSON output.
Enhancement #2124: Ability to dump folders to tar via stdout
We've added the ability to dump whole folders to stdout via the dump command. Restic now requires at least Go 1.10 due to a limitation of the standard library for Go <= 1.9.
Enhancement #2139: Return error if no bytes could be read for backup --stdin
When restic is used to backup the output of a program, like mysqldump | restic backup --stdin, it now returns an error if no bytes could be read at all. This catches the failure case when mysqldump failed for some reason and did not output any data to stdout.
mysqldump | restic backup --stdin
Enhancement #2205: Add --ignore-inode option to backup cmd
This option handles backup of virtual filesystems that do not keep fixed inodes for files, like Fuse-based, pCloud, etc. Ignoring inode changes allows to consider the file as unchanged if last modification date and size are unchanged.
#1631 #2205 #2047
Enhancement #2220: Add config option to set S3 storage class
The s3.storage-class option can be passed to restic (using -o) to specify the storage class to be used for S3 objects created by restic.
The storage class is passed as-is to S3, so it needs to be understood by the API. On AWS, it can be one of STANDARD, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING and REDUCED_REDUNDANCY. If unspecified, the default storage class is used (STANDARD on AWS).
You can mix storage classes in the same bucket, and the setting isn't stored in the restic repository, so be sure to specify it with each command that writes to S3.
fd0 released this
Jan 6, 2019
· 1 commit to master since this release
We're very pleased to present you restic 0.9.4! restic is distributed as a standalone binary: download the correct file for your operating system and architecture, extract the file and just run it. If you run into any issues, please report them at the GitHub issue tracker or visit the forum.
The following sections list the changes in restic 0.9.4 relevant to restic users. The changes are ordered by importance.
Bugfix #1989: Google Cloud Storage: Respect bandwidth limit
The GCS backend did not respect the bandwidth limit configured, a previous commit accidentally removed support for it.
Bugfix #2040: Add host name filter shorthand flag for stats command
The default value for --host flag was set to 'H' (the shorthand version of the flag), this caused the lookup for the latest snapshot to fail.
Add shorthand flag -H for --host (with empty default so if these flags are not specified the latest snapshot will not filter by host name).
Also add shorthand -H for backup command.
Bugfix #2068: Correctly return error loading data
In one case during prune and check, an error loading data from the backend is not returned properly. This is now corrected.
Bugfix #2095: Consistently use local time for snapshots times
By default snapshots created with restic backup were set to local time, but when the --time flag was used the provided timestamp was parsed as UTC. With this change all snapshots times are set to local time.
Enhancement #1605: Concurrent restore
This change significantly improves restore performance, especially when using high-latency remote repositories like B2.
The implementation now uses several concurrent threads to download and process multiple remote files concurrently. To further reduce restore time, each remote file is downloaded using a single repository request.
Enhancement #2089: Increase granularity of the "keep within" retention policy
The keep-within option of the forget command now accepts time ranges with an hourly granularity. For example, running restic forget --keep-within 3d12h will keep all the snapshots made within three days and twelve hours from the time of the latest snapshot.
restic forget --keep-within 3d12h
Enhancement #2097: Add key hinting
Added a new option --key-hint and corresponding environment variable RESTIC_KEY_HINT. The key hint is a key ID to try decrypting first, before other keys in the repository.
This change will benefit repositories with many keys; if the correct key hint is supplied then restic only needs to check one key. If the key hint is incorrect (the key does not exist, or the password is incorrect) then restic will check all keys, as usual.
Enhancement #2017: Mount: Enforce FUSE Unix permissions with allow-other
The fuse mount (restic mount) now lets the kernel check the permissions of the files within snapshots (this is done through the DefaultPermissions FUSE option) when the option --allow-other is specified.
To restore the old behavior, we've added the --no-default-permissions option. This allows all users that have access to the mount point to access all files within the snapshots.
Enhancement #2070: Make all commands display timestamps in local time
Restic used to drop the timezone information from displayed timestamps, it now converts timestamps to local time before printing them so the times can be easily compared to.
Enhancement #2085: Allow --files-from to be specified multiple times
Before, restic took only the last file specified with --files-from into account, this is now corrected.
Enhancement #2094: Run command to get password
We've added the --password-command option which allows specifying a command that restic runs every time the password for the repository is needed, so it can be integrated with a password manager or keyring. The option can also be set via the environment variable $RESTIC_PASSWORD_COMMAND.
fd0 released this
Aug 6, 2018
We're very pleased to announce restic 0.9.2! restic is distributed as a standalone binary: download the correct file for your operating system and architecture, extract the file and just run it. If you run into any issues, please report them at the GitHub issue tracker or visit the forum.
The binaries released with each restic version are reproducible, which means that you can easily reproduce a byte identical version from the source code for that release. Instructions on how to do that are contained in the builder repository.
The following sections list the changes in restic 0.9.2 relevant to restic users. The changes are ordered by importance.
restic key list
Bugfix #1854: Allow saving files/dirs on different fs with --one-file-system
Restic now allows saving files/dirs on a different file system in a subdir correctly even when --one-file-system is specified.
The first thing the restic archiver code does is to build a tree of the target files/directories. If it detects that a parent directory is already included (e.g. restic backup /foo /foo/bar/baz), it'll ignore the latter argument.
restic backup /foo /foo/bar/baz
Without --one-file-system, that's perfectly valid: If /foo is to be archived, it will include /foo/bar/baz. But with --one-file-system, /foo/bar/baz may reside on a different file system, so it won't be included with /foo.
Bugfix #1870: Fix restore with --include
We fixed a bug which prevented restic to restore files with an include filter.
Bugfix #1880: Use --cache-dir argument for check command
check command now uses a temporary sub-directory of the specified directory if set using the --cache-dir argument. If not set, the cache directory is created in the default temporary directory as before. In either case a temporary cache is used to ensure the actual repository is checked (rather than a local copy).
The --cache-dir argument was not used by the check command, instead a cache directory was created in the temporary directory.
Bugfix #1893: Return error when exclude file cannot be read
A bug was found: when multiple exclude files were passed to restic and one of them could not be read, an error was printed and restic continued, ignoring even the existing exclude files. Now, an error message is printed and restic aborts when an exclude file cannot be read.
Bugfix #1861: Fix case-insensitive search with restic find
We've fixed the behavior for restic find -i PATTERN, which was broken in v0.9.1.
restic find -i PATTERN
Enhancement #1906: Add support for B2 application keys
Restic can now use so-called "application keys" which can be created in the B2 dashboard and were only introduced recently. In contrast to the "master key", such keys can be restricted to a specific bucket and/or path.
Enhancement #874: Add stats command to get information about a repository
Enhancement #1772: Add restore --verify to verify restored file content
Restore will print error message if restored file content does not match expected SHA256 checksum
Enhancement #1853: Add JSON output support to restic key list
This PR enables users to get the output of restic key list in JSON in addition to the existing table format.
Enhancement #1477: S3 backend: accept AWS_SESSION_TOKEN
Before, it was not possible to use s3 backend with AWS temporary security credentials(with AWS_SESSION_TOKEN). This change gives higher priority to credentials.EnvAWS credentials provider.
#1477 #1479 #1647
Enhancement #1901: Update the Backblaze B2 library
We've updated the library we're using for accessing the Backblaze B2 service to 0.5.0 to include support for upcoming so-called "application keys". With this feature, you can create access credentials for B2 which are restricted to e.g. a single bucket or even a sub-directory of a bucket.
fd0 released this
Jun 10, 2018
We're very pleased to announce restic 0.9.1! restic is distributed as a standalone binary: download the correct file for your operating system and architecture, extract the file and just run it. If you run into any issues, please report them at the GitHub issue tracker or visit the forum.
The following sections list the changes in restic 0.9.1 relevant to restic users. The changes are ordered by importance.
Bugfix #1801: Add limiting bandwidth to the rclone backend
The rclone backend did not respect --limit-upload or --limit-download. Oftentimes it's not necessary to use this, as the limiting in rclone itself should be used because it gives much better results, but in case a remote instance of rclone is used (e.g. called via ssh), it is still relevant to limit the bandwidth from restic to rclone.
Bugfix #1822: Allow uploading large files to MS Azure
Sometimes, restic creates files to be uploaded to the repository which are quite large, e.g. when saving directories with many entries or very large files. The MS Azure API does not allow uploading files larger that 256MiB directly, rather restic needs to upload them in blocks of 100MiB. This is now implemented.
Bugfix #1825: Correct find to not skip snapshots
Under certain circumstances, the find command was found to skip snapshots containing directories with files to look for when the directories haven't been modified at all, and were already printed as part of a different snapshot. This is now corrected.
In addition, we've switched to our own matching/pattern implementation, so now things like restic find "/home/user/foo/**/main.go" are possible.
restic find "/home/user/foo/**/main.go"
Bugfix #1833: Fix caching files on error
During check it may happen that different threads access the same file in the backend, which is then downloaded into the cache only once. When that fails, only the thread which is responsible for downloading the file signals the correct error. The other threads just assume that the file has been downloaded successfully and then get an error when they try to access the cached file.
Bugfix #1834: Resolve deadlock
When the "scanning" process restic runs to find out how much data there is does not finish before the backup itself is done, restic stops doing anything. This is resolved now.
fd0 released this
May 21, 2018
· 5 commits to master since this release
We're very pleased to announce restic 0.9.0! restic is distributed as a standalone binary: download the correct file for your operating system and architecture, extract the file and just run it. If you run into any issues, please report them at the GitHub issue tracker or visit the forum.
The following sections list the changes in restic 0.9.0 relevant to restic users. The changes are ordered by importance.
Bugfix #1608: Respect time stamp for new backup when reading from stdin
When reading backups from stdin (via restic backup --stdin), restic now uses the time stamp for the new backup passed in --time.
restic backup --stdin
Bugfix #1652: Ignore/remove invalid lock files
This corrects a bug introduced recently: When an invalid lock file in the repo is encountered (e.g. if the file is empty), the code used to ignore that, but now returns the error. Now, invalid files are ignored for the normal lock check, and removed when restic unlock --remove-all is run.
restic unlock --remove-all
Bugfix #1730: Ignore sockets for restore
We've received a report and correct the behavior in which the restore code aborted restoring a directory when a socket was encountered. Unix domain socket files cannot be restored (they are created on the fly once a process starts listening). The error handling was corrected, and in addition we're now ignoring sockets during restore.
Bugfix #1684: Fix backend tests for rest-server
The REST server for restic now requires an explicit parameter (--no-auth) if no authentication should be allowed. This is fixed in the tests.
Bugfix #1745: Correctly parse the argument to --tls-client-cert
Previously, the --tls-client-cert method attempt to read ARGV (hardcoded) instead of the argument that was passed to it. This has been corrected.
Enhancement #1433: Support UTF-16 encoding and process Byte Order Mark
On Windows, text editors commonly leave a Byte Order Mark at the beginning of the file to define which encoding is used (oftentimes UTF-16). We've added code to support processing the BOMs in text files, like the exclude files, the password file and the file passed via --files-from. This does not apply to any file being saved in a backup, those are not touched and archived as they are.
#1433 #1738 #1748
Enhancement #1561: Allow using rclone to access other services
We've added the ability to use rclone to store backup data on all backends that it supports. This was done in collaboration with Nick, the author of rclone. You can now use it to first configure a service, then restic manages the rest (starting and stopping rclone). For details, please see the manual.
#1561 #1657 https://rclone.org
Enhancement #1665: Improve cache handling for restic check
For safety reasons, restic does not use a local metadata cache for the restic check command, so that data is loaded from the repository and restic can check it's in good condition. When the cache is disabled, restic will fetch each tiny blob needed for checking the integrity using a separate backend request. For non-local backends, that will take a long time, and depending on the backend (e.g. B2) may also be much more expensive.
This PR adds a few commits which will change the behavior as follows:
When restic check is called without any additional parameters, it will build a new cache in a temporary directory, which is removed at the end of the check. This way, we'll get readahead for metadata files (so restic will fetch the whole file when the first blob from the file is requested), but all data is freshly fetched from the storage backend. This is the default behavior and will work for almost all users.
When restic check is called with --with-cache, the default on-disc cache is used. This behavior hasn't changed since the cache was introduced.
When --no-cache is specified, restic falls back to the old behavior, and read all tiny blobs in separate requests.
#1665 #1694 #1696
Enhancement #1721: Add cache command to list cache dirs
The command cache was added, it allows listing restic's cache directoriers together with the last usage. It also allows removing old cache dirs without having to access a repo, via restic cache --cleanup
restic cache --cleanup
Enhancement #1758: Allow saving OneDrive folders in Windows
Restic now contains a bugfix to two libraries, which allows saving OneDrive folders in Windows. In order to use the newer versions of the libraries, the minimal version required to compile restic is now Go 1.9.
Enhancement #549: Rework archiver code
The core archiver code and the complementary code for the backup command was rewritten completely. This resolves very annoying issues such as 549. The first backup with this release of restic will likely result in all files being re-read locally, so it will take a lot longer. The next backup after that will be fast again.
Basically, with the old code, restic took the last path component of each to-be-saved file or directory as the top-level file/directory within the snapshot. This meant that when called as restic backup /home/user/foo, the snapshot would contain the files in the directory /home/user/foo as /foo.
restic backup /home/user/foo
This is not the case any more with the new archiver code. Now, restic works very similar to what tar does: When restic is called with an absolute path to save, then it'll preserve the directory structure within the snapshot. For the example above, the snapshot would contain the files in the directory within /home/user/foo in the snapshot. For relative directories, it only preserves the relative path components. So restic backup user/foo will save the files as /user/foo in the snapshot.
restic backup user/foo
While we were at it, the status display and notification system was completely rewritten. By default, restic now shows which files are currently read (unless --quiet is specified) in a multi-line status display.
The backup command also gained a new option: --verbose. It can be specified once (which prints a bit more detail what restic is doing) or twice (which prints a line for each file/directory restic encountered, together with some statistics).
Another issue that was resolved is the new code only reads two files at most. The old code would read way too many files in parallel, thereby slowing down the backup process on spinning discs a lot.
#549 #1286 #446 #1344 #1416 #1456 #1145 #1160 #1494
Enhancement #1552: Use Google Application Default credentials
Google provide libraries to generate appropriate credentials with various fallback sources. This change uses the library to generate our GCS client, which allows us to make use of these extra methods.
This should be backward compatible with previous restic behaviour while adding the additional capabilities to auth from Google's internal metadata endpoints. For users running restic in GCP this can make authentication far easier than it was before.
Enhancement #1477: Accept AWS_SESSION_TOKEN for the s3 backend
Enhancement #1648: Ignore AWS permission denied error when creating a repository
It's not possible to use s3 backend scoped to a subdirectory(with specific permissions). Restic doesn't try to create repository in a subdirectory, when 'bucket exists' of parent directory check fails due to permission issues.
Enhancement #1649: Add illumos/Solaris support
Enhancement #1709: Improve messages restic check prints
Some messages restic check prints are not really errors, so from now on restic does not treat them as errors any more and exits cleanly.
Enhancement #827: Add --new-password-file flag for non-interactive password changes
This makes it possible to change a repository password without being prompted.
#827 #1720 https://forum.restic.net/t/changing-repo-password-without-prompt/591
Enhancement #1735: Allow keeping a time range of snaphots
We've added the --keep-within option to the forget command. It instructs restic to keep all snapshots within the given duration since the newest snapshot. For example, running restic forget --keep-within 5m7d will keep all snapshots which have been made in the five months and seven days since the latest snapshot.
restic forget --keep-within 5m7d
Enhancement #1782: Use default AWS credentials chain for S3 backend
Adds support for file credentials to the S3 backend (e.g. ~/.aws/credentials), and reorders the credentials chain for the S3 backend to match AWS's standard, which is static credentials, env vars, credentials file, and finally remote.
fd0 released this
Feb 26, 2018
· 2 commits to master since this release
We're very pleased to announce restic 0.8.3! restic is distributed as a standalone binary: download the correct file for your operating system and architecture, extract the file and just run it. If you run into any issues, please report them at the GitHub issue tracker or visit the forum.
The following sections list the changes in restic 0.8.3 relevant to restic users. The changes are ordered by importance.
Bugfix #1633: Fixed unexpected 'pack file cannot be listed' error
Due to a regression introduced in 0.8.2, the rebuild-index and prune commands failed to read pack files with size of 587, 588, 589 or 590 bytes.
Bugfix #1641: Ignore files with invalid names in the repo
The release 0.8.2 introduced a bug: when restic encounters files in the repo which do not have a valid name, it tries to load a file with a name of lots of zeroes instead of ignoring it. This is now resolved, invalid file names are just ignored.
Bugfix #1638: Handle errors listing files in the backend
A user reported in the forum that restic completes a backup although a concurrent prune operation was running. A few error messages were printed, but the backup was attempted and completed successfully. No error code was returned.
This should not happen: The repository is exclusively locked during prune, so when restic backup is run in parallel, it should abort and return an error code instead.
It was found that the bug was in the code introduced only recently, which retries a List() operation on the backend should that fail. It is now corrected.
Enhancement #1497: Add --read-data-subset flag to check command
This change introduces ability to check integrity of a subset of repository data packs. This can be used to spread integrity check of larger repositories over a period of time.
Enhancement #1560: Retry all repository file download errors
Restic will now retry failed downloads, similar to other operations.
Enhancement #1623: Don't check for presence of files in the backend before writing
Before, all backend implementations were required to return an error if the file that is to be written already exists in the backend. For most backends, that means making a request (e.g. via HTTP) and returning an error when the file already exists.
This is not accurate, the file could have been created between the HTTP request testing for it, and when writing starts, so we've relaxed this requeriment, which saves one additional HTTP request per newly added file.
Enhancement #1634: Upgrade B2 client library, reduce HTTP requests
We've upgraded the B2 client library restic uses to access BackBlaze B2. This reduces the number of HTTP requests needed to upload a new file from two to one, which should improve throughput to B2.
fd0 released this
Feb 17, 2018
· 16 commits to master since this release
We're very pleased to announce restic 0.8.2! restic is distributed as a standalone binary: download the correct file for your operating system and architecture, extract the file and just run it. If you run into any issues, please report them at the GitHub issue tracker or visit the forum.
The following sections list the changes in restic 0.8.2 relevant to restic users. The changes are ordered by importance.
Bugfix #1506: Limit bandwith at the http.RoundTripper for HTTP based backends
Bugfix #1512: Restore directory permissions as the last step
This change allows restoring into directories that were not writable during backup. Before, restic created the directory, set the read-only mode and then failed to create files in the directory. This change now restores the directory (with its permissions) as the very last step.
Bugfix #1528: Correctly create missing subdirs in data/
Bugfix #1590: Strip spaces for lines read via --files-from
Leading and trailing spaces in lines read via --files-from are now stripped, so it behaves the same as with lines read via --exclude-file.
Bugfix #1589: Complete intermediate index upload
After a user posted a comprehensive report of what he observed, we were able to find a bug and correct it: During backup, restic uploads so-called "intermediate" index files. When the backup finishes during a transfer of such an intermediate index, the upload is cancelled, but the backup is finished without an error. This leads to an inconsistent state, where the snapshot references data that is contained in the repo, but is not referenced in any index.
The situation can be resolved by building a new index with rebuild-index, but looks very confusing at first. Since all the data got uploaded to the repo successfully, there was no risk of data loss, just minor inconvenience for our users.
Bugfix #1594: Google Cloud Storage: Use generic HTTP transport
It was discovered that the Google Cloud Storage backend did not use the generic HTTP transport, so things such as bandwidth limiting with --limit-upload did not work. This is resolved now.
Bugfix #1595: Backup: Remove bandwidth display
This commit removes the bandwidth displayed during backup process. It is misleading and seldomly correct, because it's neither the "read bandwidth" (only for the very first backup) nor the "upload bandwidth". Many users are confused about (and rightly so), c.f. #1581, #1033, #1591
We'll eventually replace this display with something more relevant when the new archiver code is ready.
Enhancement #1522: Add support for TLS client certificate authentication
Support has been added for using a TLS client certificate for authentication to HTTP based backend. A file containing the PEM encoded private key and certificate can be set using the --tls-client-cert option.
Enhancement #1541: Reduce number of remote requests during repository check
This change eliminates redundant remote repository calls and significantly improves repository check time.
Enhancement #1567: Reduce number of backend requests for rebuild-index and prune
We've found a way to reduce then number of backend requests for the rebuild-index and prune operations. This significantly speeds up the operations for high-latency backends.
#1567 #1574 #1575
Enhancement #1507: Only reload snapshots once per minute for fuse mount
Enhancement #1538: Reduce memory allocations for querying the index
This change reduces the internal memory allocations when the index data structures in memory are queried if a blob (part of a file) already exists in the repo. It should speed up backup a bit, and maybe even reduce RAM usage.
Enhancement #1549: Speed up querying across indices and scanning existing files
This change increases the whenever a blob (part of a file) is searched for in a restic repository. This will reduce cpu usage some when backing up files already backed up by restic. Cpu usage is further decreased when scanning files.
Enhancement #1554: Fuse/mount: Correctly handle EOF, add template option
We've added the --snapshot-template string, which can be used to specify a template for a snapshot directory. In addition, accessing data after the end of a file via the fuse mount is now handled correctly.
Enhancement #1564: Don't terminate ssh on SIGINT
We've reworked the code which runs the ssh login for the sftp backend so that it can prompt for a password (if needed) but does not exit when the user presses CTRL+C (SIGINT) e.g. during backup. This allows restic to properly shut down when it receives SIGINT and remove the lock file from the repo, afterwards exiting the ssh process.
Enhancement #1579: Retry Backend.List() in case of errors
Enhancement #1584: Limit index file size
Before, restic would create a single new index file on prune or rebuild-index, this may lead to memory problems when this huge index is created and loaded again. We're now limiting the size of the index file, and split newly created index files into several smaller ones. This allows restic to be more memory-efficient.
#1412 #979 #526 #1584