.\" Man page generated from reStructuredText. . .TH "BORG" "1" "2016-12-31" "1.0.9" "Borg - Deduplicating Archiver" .SH NAME borg \- BorgBackup is a deduplicating backup program with optional compression and authenticated encryption. . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .sp Borg consists of a number of commands. Each command accepts a number of arguments and options. The following sections will describe each command in detail. .SH GENERAL .SS Repository URLs .sp \fBLocal filesystem\fP (or locally mounted network filesystem): .sp \fB/path/to/repo\fP \- filesystem path to repo directory, absolute path .sp \fBpath/to/repo\fP \- filesystem path to repo directory, relative path .sp Also, stuff like \fB~/path/to/repo\fP or \fB~other/path/to/repo\fP works (this is expanded by your shell). .sp Note: you may also prepend a \fBfile://\fP to a filesystem path to get URL style. .sp \fBRemote repositories\fP accessed via ssh \fI\%user@host\fP: .sp \fBuser@host:/path/to/repo\fP \- remote repo, absolute path .sp \fBssh://user@host:port/path/to/repo\fP \- same, alternative syntax, port can be given .sp \fBRemote repositories with relative pathes\fP can be given using this syntax: .sp \fBuser@host:path/to/repo\fP \- path relative to current directory .sp \fBuser@host:~/path/to/repo\fP \- path relative to user\(aqs home directory .sp \fBuser@host:~other/path/to/repo\fP \- path relative to other\(aqs home directory .sp Note: giving \fBuser@host:/./path/to/repo\fP or \fBuser@host:/~/path/to/repo\fP or \fBuser@host:/~other/path/to/repo\fP is also supported, but not required here. .sp \fBRemote repositories with relative pathes, alternative syntax with port\fP: .sp \fBssh://user@host:port/./path/to/repo\fP \- path relative to current directory .sp \fBssh://user@host:port/~/path/to/repo\fP \- path relative to user\(aqs home directory .sp \fBssh://user@host:port/~other/path/to/repo\fP \- path relative to other\(aqs home directory .sp If you frequently need the same repo URL, it is a good idea to set the \fBBORG_REPO\fP environment variable to set a default for the repo URL: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C export BORG_REPO=\(aqssh://user@host:port/path/to/repo\(aq .ft P .fi .UNINDENT .UNINDENT .sp Then just leave away the repo URL if only a repo URL is needed and you want to use the default \- it will be read from BORG_REPO then. .sp Use \fB::\fP syntax to give the repo URL when syntax requires giving a positional argument for the repo (e.g. \fBborg mount :: /mnt\fP). .SS Repository / Archive Locations .sp Many commands want either a repository (just give the repo URL, see above) or an archive location, which is a repo URL followed by \fB::archive_name\fP\&. .sp Archive names must not contain the \fB/\fP (slash) character. For simplicity, maybe also avoid blanks or other characters that have special meaning on the shell or in a filesystem (borg mount will use the archive name as directory name). .sp If you have set BORG_REPO (see above) and an archive location is needed, use \fB::archive_name\fP \- the repo URL part is then read from BORG_REPO. .SS Type of log output .sp The log level of the builtin logging configuration defaults to WARNING. This is because we want Borg to be mostly silent and only output warnings, errors and critical messages. .sp Log levels: DEBUG < INFO < WARNING < ERROR < CRITICAL .sp Use \fB\-\-debug\fP to set DEBUG log level \- to get debug, info, warning, error and critical level output. .sp Use \fB\-\-info\fP (or \fB\-v\fP or \fB\-\-verbose\fP) to set INFO log level \- to get info, warning, error and critical level output. .sp Use \fB\-\-warning\fP (default) to set WARNING log level \- to get warning, error and critical level output. .sp Use \fB\-\-error\fP to set ERROR log level \- to get error and critical level output. .sp Use \fB\-\-critical\fP to set CRITICAL log level \- to get critical level output. .sp While you can set misc. log levels, do not expect that every command will give different output on different log levels \- it\(aqs just a possibility. .sp \fBWARNING:\fP .INDENT 0.0 .INDENT 3.5 Options \-\-critical and \-\-error are provided for completeness, their usage is not recommended as you might miss important information. .UNINDENT .UNINDENT .sp \fBWARNING:\fP .INDENT 0.0 .INDENT 3.5 While some options (like \fB\-\-stats\fP or \fB\-\-list\fP) will emit more informational messages, you have to use INFO (or lower) log level to make them show up in log output. Use \fB\-v\fP or a logging configuration. .UNINDENT .UNINDENT .SS Return codes .sp Borg can exit with the following return codes (rc): .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C 0 = success (logged as INFO) 1 = warning (operation reached its normal end, but there were warnings \- you should check the log, logged as WARNING) 2 = error (like a fatal error, a local or remote exception, the operation did not reach its normal end, logged as ERROR) 128+N = killed by signal N (e.g. 137 == kill \-9) .ft P .fi .UNINDENT .UNINDENT .sp If you use \fB\-\-show\-rc\fP, the return code is also logged at the indicated level as the last log entry. .SS Environment Variables .sp Borg uses some environment variables for automation: .INDENT 0.0 .TP .B General: .INDENT 7.0 .TP .B BORG_REPO When set, use the value to give the default repository location. If a command needs an archive parameter, you can abbreviate as \fI::archive\fP\&. If a command needs a repository parameter, you can either leave it away or abbreviate as \fI::\fP, if a positional parameter is required. .TP .B BORG_PASSPHRASE When set, use the value to answer the passphrase question for encrypted repositories. .TP .B BORG_DISPLAY_PASSPHRASE When set, use the value to answer the "display the passphrase for verification" question when defining a new passphrase for encrypted repositories. .TP .B BORG_LOGGING_CONF When set, use the given filename as \fI\%INI\fP\-style logging configuration. .TP .B BORG_RSH When set, use this command instead of \fBssh\fP\&. This can be used to specify ssh options, such as a custom identity file \fBssh \-i /path/to/private/key\fP\&. See \fBman ssh\fP for other options. .TP .B BORG_REMOTE_PATH When set, use the given path/filename as remote path (default is "borg"). Using \fB\-\-remote\-path PATH\fP commandline option overrides the environment variable. .TP .B BORG_FILES_CACHE_TTL When set to a numeric value, this determines the maximum "time to live" for the files cache entries (default: 20). The files cache is used to quickly determine whether a file is unchanged. The FAQ explains this more detailed in: \fIalways_chunking\fP .TP .B TMPDIR where temporary files are stored (might need a lot of temporary space for some operations) .UNINDENT .TP .B Some automatic "answerers" (if set, they automatically answer confirmation questions): .INDENT 7.0 .TP .B BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=no (or =yes) For "Warning: Attempting to access a previously unknown unencrypted repository" .TP .B BORG_RELOCATED_REPO_ACCESS_IS_OK=no (or =yes) For "Warning: The repository at location ... was previously located at ..." .TP .B BORG_CHECK_I_KNOW_WHAT_I_AM_DOING=NO (or =YES) For "Warning: \(aqcheck \-\-repair\(aq is an experimental feature that might result in data loss." .TP .B BORG_DELETE_I_KNOW_WHAT_I_AM_DOING=NO (or =YES) For "You requested to completely DELETE the repository \fIincluding\fP all archives it contains:" .UNINDENT .sp Note: answers are case sensitive. setting an invalid answer value might either give the default answer or ask you interactively, depending on whether retries are allowed (they by default are allowed). So please test your scripts interactively before making them a non\-interactive script. .TP .B Directories: .INDENT 7.0 .TP .B BORG_KEYS_DIR Default to \(aq~/.config/borg/keys\(aq. This directory contains keys for encrypted repositories. .TP .B BORG_SECURITY_DIR Default to \(aq~/.config/borg/security\(aq. This directory is used by Borg to track various pieces of security\-related data. .TP .B BORG_CACHE_DIR Default to \(aq~/.cache/borg\(aq. This directory contains the local cache and might need a lot of space for dealing with big repositories). .UNINDENT .TP .B Building: .INDENT 7.0 .TP .B BORG_OPENSSL_PREFIX Adds given OpenSSL header file directory to the default locations (setup.py). .TP .B BORG_LZ4_PREFIX Adds given LZ4 header file directory to the default locations (setup.py). .UNINDENT .UNINDENT .sp Please note: .INDENT 0.0 .IP \(bu 2 be very careful when using the "yes" sayers, the warnings with prompt exist for your / your data\(aqs security/safety .IP \(bu 2 also be very careful when putting your passphrase into a script, make sure it has appropriate file permissions (e.g. mode 600, root:root). .UNINDENT .SS Resource Usage .sp Borg might use a lot of resources depending on the size of the data set it is dealing with. .sp If one uses Borg in a client/server way (with a ssh: repository), the resource usage occurs in part on the client and in another part on the server. .sp If one uses Borg as a single process (with a filesystem repo), all the resource usage occurs in that one process, so just add up client + server to get the approximate resource usage. .INDENT 0.0 .TP .B CPU client: borg create: does chunking, hashing, compression, crypto (high CPU usage) chunks cache sync: quite heavy on CPU, doing lots of hashtable operations. borg extract: crypto, decompression (medium to high CPU usage) borg check: similar to extract, but depends on options given. borg prune / borg delete archive: low to medium CPU usage borg delete repo: done on the server It won\(aqt go beyond 100% of 1 core as the code is currently single\-threaded. Especially higher zlib and lzma compression levels use significant amounts of CPU cycles. Crypto might be cheap on the CPU (if hardware accelerated) or expensive (if not). .TP .B CPU server: It usually doesn\(aqt need much CPU, it just deals with the key/value store (repository) and uses the repository index for that. .sp borg check: the repository check computes the checksums of all chunks (medium CPU usage) borg delete repo: low CPU usage .TP .B CPU (only for client/server operation): When using borg in a client/server way with a \fI\%ssh:\-type\fP repo, the ssh processes used for the transport layer will need some CPU on the client and on the server due to the crypto they are doing \- esp. if you are pumping big amounts of data. .TP .B Memory (RAM) client: The chunks index and the files index are read into memory for performance reasons. Might need big amounts of memory (see below). Compression, esp. lzma compression with high levels might need substantial amounts of memory. .TP .B Memory (RAM) server: The server process will load the repository index into memory. Might need considerable amounts of memory, but less than on the client (see below). .TP .B Chunks index (client only): Proportional to the amount of data chunks in your repo. Lots of chunks in your repo imply a big chunks index. It is possible to tweak the chunker params (see create options). .TP .B Files index (client only): Proportional to the amount of files in your last backups. Can be switched off (see create options), but next backup might be much slower if you do. The speed benefit of using the files cache is proportional to file size. .TP .B Repository index (server only): Proportional to the amount of data chunks in your repo. Lots of chunks in your repo imply a big repository index. It is possible to tweak the chunker params (see create options) to influence the amount of chunks being created. .TP .B Temporary files (client): Reading data and metadata from a FUSE mounted repository will consume up to the size of all deduplicated, small chunks in the repository. Big chunks won\(aqt be locally cached. .TP .B Temporary files (server): None. .TP .B Cache files (client only): Contains the chunks index and files index (plus a collection of single\- archive chunk indexes which might need huge amounts of disk space, depending on archive count and size \- see FAQ about how to reduce). .TP .B Network (only for client/server operation): If your repository is remote, all deduplicated (and optionally compressed/ encrypted) data of course has to go over the connection (ssh: repo url). If you use a locally mounted network filesystem, additionally some copy operations used for transaction support also go over the connection. If you backup multiple sources to one target repository, additional traffic happens for cache resynchronization. .UNINDENT .sp In case you are interested in more details (like formulas), please see \fIinternals\fP\&. .SS Units .sp To display quantities, Borg takes care of respecting the usual conventions of scale. Disk sizes are displayed in \fI\%decimal\fP, using powers of ten (so \fBkB\fP means 1000 bytes). For memory usage, \fI\%binary prefixes\fP are used, and are indicated using the \fI\%IEC binary prefixes\fP, using powers of two (so \fBKiB\fP means 1024 bytes). .SS Date and Time .sp We format date and time conforming to ISO\-8601, that is: YYYY\-MM\-DD and HH:MM:SS (24h clock). .sp For more information about that, see: \fI\%https://xkcd.com/1179/\fP .sp Unless otherwise noted, we display local date and time. Internally, we store and process date and time as UTC. .SH BORG INIT .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg init [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] [\-e {none,keyfile,repokey}] [\-a] [REPOSITORY] Initialize an empty repository positional arguments: REPOSITORY repository to create optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") \-e {none,keyfile,repokey}, \-\-encryption {none,keyfile,repokey} select encryption key mode (default: "repokey") \-a, \-\-append\-only create an append\-only mode repository .ft P .fi .UNINDENT .UNINDENT .SS Description .sp This command initializes an empty repository. A repository is a filesystem directory containing the deduplicated data from zero or more archives. Encryption can be enabled at repository init time. .SS Examples .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C # Local repository (default is to use encryption in repokey mode) $ borg init /path/to/repo # Local repository (no encryption) $ borg init \-\-encryption=none /path/to/repo # Remote repository (accesses a remote borg via ssh) $ borg init user@hostname:backup # Remote repository (store the key your home dir) $ borg init \-\-encryption=keyfile user@hostname:backup .ft P .fi .UNINDENT .UNINDENT .sp Important notes about encryption: .sp It is not recommended to disable encryption. Repository encryption protects you e.g. against the case that an attacker has access to your backup repository. .sp But be careful with the key / the passphrase: .sp If you want "passphrase\-only" security, use the \fBrepokey\fP mode. The key will be stored inside the repository (in its "config" file). In above mentioned attack scenario, the attacker will have the key (but not the passphrase). .sp If you want "passphrase and having\-the\-key" security, use the \fBkeyfile\fP mode. The key will be stored in your home directory (in \fB\&.config/borg/keys\fP). In the attack scenario, the attacker who has just access to your repo won\(aqt have the key (and also not the passphrase). .sp Make a backup copy of the key file (\fBkeyfile\fP mode) or repo config file (\fBrepokey\fP mode) and keep it at a safe place, so you still have the key in case it gets corrupted or lost. Also keep the passphrase at a safe place. The backup that is encrypted with that key won\(aqt help you with that, of course. .sp Make sure you use a good passphrase. Not too short, not too simple. The real encryption / decryption key is encrypted with / locked by your passphrase. If an attacker gets your key, he can\(aqt unlock and use it without knowing the passphrase. .sp Be careful with special or non\-ascii characters in your passphrase: .INDENT 0.0 .IP \(bu 2 Borg processes the passphrase as unicode (and encodes it as utf\-8), so it does not have problems dealing with even the strangest characters. .IP \(bu 2 BUT: that does not necessarily apply to your OS / VM / keyboard configuration. .UNINDENT .sp So better use a long passphrase made from simple ascii chars than one that includes non\-ascii stuff or characters that are hard/impossible to enter on a different keyboard layout. .sp You can change your passphrase for existing repos at any time, it won\(aqt affect the encryption/decryption key or other secrets. .SH BORG CREATE .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg create [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] [\-s] [\-p] [\-\-list] [\-\-filter STATUSCHARS] [\-e PATTERN] [\-\-exclude\-from EXCLUDEFILE] [\-\-exclude\-caches] [\-\-exclude\-if\-present FILENAME] [\-\-keep\-tag\-files] [\-c SECONDS] [\-x] [\-\-numeric\-owner] [\-\-noatime] [\-\-noctime] [\-\-timestamp yyyy\-mm\-ddThh:mm:ss] [\-\-chunker\-params CHUNK_MIN_EXP,CHUNK_MAX_EXP,HASH_MASK_BITS,HASH_WINDOW_SIZE] [\-\-ignore\-inode] [\-C COMPRESSION] [\-\-read\-special] [\-n] ARCHIVE PATH [PATH ...] Create new archive positional arguments: ARCHIVE name of archive to create (must be also a valid directory name) PATH paths to archive optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") \-s, \-\-stats print statistics for the created archive \-p, \-\-progress show progress display while creating the archive, showing Original, Compressed and Deduplicated sizes, followed by the Number of files seen and the path being processed, default: False \-\-list output verbose list of items (files, dirs, ...) \-\-filter STATUSCHARS only display items with the given status characters \-e PATTERN, \-\-exclude PATTERN exclude paths matching PATTERN \-\-exclude\-from EXCLUDEFILE read exclude patterns from EXCLUDEFILE, one per line \-\-exclude\-caches exclude directories that contain a CACHEDIR.TAG file (http://www.brynosaurus.com/cachedir/spec.html) \-\-exclude\-if\-present FILENAME exclude directories that contain the specified file \-\-keep\-tag\-files keep tag files of excluded caches/directories \-c SECONDS, \-\-checkpoint\-interval SECONDS write checkpoint every SECONDS seconds (Default: 300) \-x, \-\-one\-file\-system stay in same file system, do not cross mount points \-\-numeric\-owner only store numeric user and group identifiers \-\-noatime do not store atime into archive \-\-noctime do not store ctime into archive \-\-timestamp yyyy\-mm\-ddThh:mm:ss manually specify the archive creation date/time (UTC). alternatively, give a reference file/directory. \-\-chunker\-params CHUNK_MIN_EXP,CHUNK_MAX_EXP,HASH_MASK_BITS,HASH_WINDOW_SIZE specify the chunker parameters. default: 19,23,21,4095 \-\-ignore\-inode ignore inode data in the file metadata cache used to detect unchanged files. \-C COMPRESSION, \-\-compression COMPRESSION select compression algorithm (and level): none == no compression (default), lz4 == lz4, zlib == zlib (default level 6), zlib,0 .. zlib,9 == zlib (with level 0..9), lzma == lzma (default level 6), lzma,0 .. lzma,9 == lzma (with level 0..9). \-\-read\-special open and read block and char device files as well as FIFOs as if they were regular files. Also follows symlinks pointing to these kinds of files. \-n, \-\-dry\-run do not create a backup archive .ft P .fi .UNINDENT .UNINDENT .SS Description .sp This command creates a backup archive containing all files found while recursively traversing all paths specified. The archive will consume almost no disk space for files or parts of files that have already been stored in other archives. .sp The archive name needs to be unique. It must not end in \(aq.checkpoint\(aq or \(aq.checkpoint.N\(aq (with N being a number), because these names are used for checkpoints and treated in special ways. .sp In the archive name, you may use the following placeholders: {now}, {utcnow}, {fqdn}, {hostname}, {user} and some others. .sp To speed up pulling backups over sshfs and similar network file systems which do not provide correct inode information the \-\-ignore\-inode flag can be used. This potentially decreases reliability of change detection, while avoiding always reading all files on these file systems. .sp See the output of the "borg help patterns" command for more help on exclude patterns. See the output of the "borg help placeholders" command for more help on placeholders. .SS Examples .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C # Backup ~/Documents into an archive named "my\-documents" $ borg create /path/to/repo::my\-documents ~/Documents # same, but verbosely list all files as we process them $ borg create \-v \-\-list /path/to/repo::my\-documents ~/Documents # Backup ~/Documents and ~/src but exclude pyc files $ borg create /path/to/repo::my\-files \e ~/Documents \e ~/src \e \-\-exclude \(aq*.pyc\(aq # Backup home directories excluding image thumbnails (i.e. only # /home/*/.thumbnails is excluded, not /home/*/*/.thumbnails) $ borg create /path/to/repo::my\-files /home \e \-\-exclude \(aqre:^/home/[^/]+/\e.thumbnails/\(aq # Do the same using a shell\-style pattern $ borg create /path/to/repo::my\-files /home \e \-\-exclude \(aqsh:/home/*/.thumbnails\(aq # Backup the root filesystem into an archive named "root\-YYYY\-MM\-DD" # use zlib compression (good, but slow) \- default is no compression $ borg create \-C zlib,6 /path/to/repo::root\-{now:%Y\-%m\-%d} / \-\-one\-file\-system # Make a big effort in fine granular deduplication (big chunk management # overhead, needs a lot of RAM and disk space, see formula in internals # docs \- same parameters as borg < 1.0 or attic): $ borg create \-\-chunker\-params 10,23,16,4095 /path/to/repo::small /smallstuff # Backup a raw device (must not be active/in use/mounted at that time) $ dd if=/dev/sdx bs=10M | borg create /path/to/repo::my\-sdx \- # No compression (default) $ borg create /path/to/repo::arch ~ # Super fast, low compression $ borg create \-\-compression lz4 /path/to/repo::arch ~ # Less fast, higher compression (N = 0..9) $ borg create \-\-compression zlib,N /path/to/repo::arch ~ # Even slower, even higher compression (N = 0..9) $ borg create \-\-compression lzma,N /path/to/repo::arch ~ # Use short hostname, user name and current time in archive name $ borg create /path/to/repo::{hostname}\-{user}\-{now} ~ # Similar, use the same datetime format as borg 1.1 will have as default $ borg create /path/to/repo::{hostname}\-{user}\-{now:%Y\-%m\-%dT%H:%M:%S} ~ # As above, but add nanoseconds $ borg create /path/to/repo::{hostname}\-{user}\-{now:%Y\-%m\-%dT%H:%M:%S.%f} ~ .ft P .fi .UNINDENT .UNINDENT .SS Notes .INDENT 0.0 .IP \(bu 2 the \-\-exclude patterns are not like tar. In tar \-\-exclude .bundler/gems will exclude foo/.bundler/gems. In borg it will not, you need to use \-\-exclude \(aq*/.bundler/gems\(aq to get the same effect. See \fBborg help patterns\fP for more information. .UNINDENT .SH BORG EXTRACT .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg extract [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] [\-\-list] [\-n] [\-e PATTERN] [\-\-exclude\-from EXCLUDEFILE] [\-\-numeric\-owner] [\-\-strip\-components NUMBER] [\-\-stdout] [\-\-sparse] ARCHIVE [PATH [PATH ...]] Extract archive contents positional arguments: ARCHIVE archive to extract PATH paths to extract; patterns are supported optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") \-\-list output verbose list of items (files, dirs, ...) \-n, \-\-dry\-run do not actually change any files \-e PATTERN, \-\-exclude PATTERN exclude paths matching PATTERN \-\-exclude\-from EXCLUDEFILE read exclude patterns from EXCLUDEFILE, one per line \-\-numeric\-owner only obey numeric user and group identifiers \-\-strip\-components NUMBER Remove the specified number of leading path elements. Pathnames with fewer elements will be silently skipped. \-\-stdout write all extracted data to stdout \-\-sparse create holes in output sparse file from all\-zero chunks .ft P .fi .UNINDENT .UNINDENT .SS Description .sp This command extracts the contents of an archive. By default the entire archive is extracted but a subset of files and directories can be selected by passing a list of \fBPATHs\fP as arguments. The file selection can further be restricted by using the \fB\-\-exclude\fP option. .sp See the output of the "borg help patterns" command for more help on exclude patterns. .SS Examples .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C # Extract entire archive $ borg extract /path/to/repo::my\-files # Extract entire archive and list files while processing $ borg extract \-v \-\-list /path/to/repo::my\-files # Extract the "src" directory $ borg extract /path/to/repo::my\-files home/USERNAME/src # Extract the "src" directory but exclude object files $ borg extract /path/to/repo::my\-files home/USERNAME/src \-\-exclude \(aq*.o\(aq # Restore a raw device (must not be active/in use/mounted at that time) $ borg extract \-\-stdout /path/to/repo::my\-sdx | dd of=/dev/sdx bs=10M .ft P .fi .UNINDENT .UNINDENT .INDENT 0.0 .TP .B Note: currently, extract always writes into the current working directory ("."), so make sure you \fBcd\fP to the right place before calling \fBborg extract\fP\&. .UNINDENT .SH BORG CHECK .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg check [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] [\-\-repository\-only] [\-\-archives\-only] [\-\-repair] [\-\-save\-space] [\-\-last N] [\-P PREFIX] [REPOSITORY_OR_ARCHIVE] Check repository consistency positional arguments: REPOSITORY_OR_ARCHIVE repository or archive to check consistency of optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") \-\-repository\-only only perform repository checks \-\-archives\-only only perform archives checks \-\-repair attempt to repair any inconsistencies found \-\-save\-space work slower, but using less space \-\-last N only check last N archives (Default: all) \-P PREFIX, \-\-prefix PREFIX only consider archive names starting with this prefix .ft P .fi .UNINDENT .UNINDENT .SS Description .sp The check command verifies the consistency of a repository and the corresponding archives. .sp First, the underlying repository data files are checked: .INDENT 0.0 .IP \(bu 2 For all segments the segment magic (header) is checked .IP \(bu 2 For all objects stored in the segments, all metadata (e.g. crc and size) and all data is read. The read data is checked by size and CRC. Bit rot and other types of accidental damage can be detected this way. .IP \(bu 2 If we are in repair mode and a integrity error is detected for a segment, we try to recover as many objects from the segment as possible. .IP \(bu 2 In repair mode, it makes sure that the index is consistent with the data stored in the segments. .IP \(bu 2 If you use a remote repo server via ssh:, the repo check is executed on the repo server without causing significant network traffic. .IP \(bu 2 The repository check can be skipped using the \-\-archives\-only option. .UNINDENT .sp Second, the consistency and correctness of the archive metadata is verified: .INDENT 0.0 .IP \(bu 2 Is the repo manifest present? If not, it is rebuilt from archive metadata chunks (this requires reading and decrypting of all metadata and data). .IP \(bu 2 Check if archive metadata chunk is present. if not, remove archive from manifest. .IP \(bu 2 For all files (items) in the archive, for all chunks referenced by these files, check if chunk is present. If a chunk is not present and we are in repair mode, replace it with a same\-size replacement chunk of zeros. If a previously lost chunk reappears (e.g. via a later backup) and we are in repair mode, the all\-zero replacement chunk will be replaced by the correct chunk. This requires reading of archive and file metadata, but not data. .IP \(bu 2 If we are in repair mode and we checked all the archives: delete orphaned chunks from the repo. .IP \(bu 2 if you use a remote repo server via ssh:, the archive check is executed on the client machine (because if encryption is enabled, the checks will require decryption and this is always done client\-side, because key access will be required). .IP \(bu 2 The archive checks can be time consuming, they can be skipped using the \-\-repository\-only option. .UNINDENT .SH BORG RENAME .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg rename [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] ARCHIVE NEWNAME Rename an existing archive positional arguments: ARCHIVE archive to rename NEWNAME the new archive name to use optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") .ft P .fi .UNINDENT .UNINDENT .SS Description .sp This command renames an archive in the repository. .SS Examples .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C $ borg create /path/to/repo::archivename ~ $ borg list /path/to/repo archivename Mon, 2016\-02\-15 19:50:19 $ borg rename /path/to/repo::archivename newname $ borg list /path/to/repo newname Mon, 2016\-02\-15 19:50:19 .ft P .fi .UNINDENT .UNINDENT .SH BORG LIST .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg list [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] [\-\-short] [\-\-list\-format LISTFORMAT] [\-P PREFIX] [REPOSITORY_OR_ARCHIVE] List archive or repository contents positional arguments: REPOSITORY_OR_ARCHIVE repository/archive to list contents of optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") \-\-short only print file/directory names, nothing else \-\-list\-format LISTFORMAT specify format for archive file listing (default: "{mode} {user:6} {group:6} {size:8d} {isomtime} {path}{extra}{NEWLINE}") Special "{formatkeys}" exists to list available keys \-P PREFIX, \-\-prefix PREFIX only consider archive names starting with this prefix .ft P .fi .UNINDENT .UNINDENT .SS Description .sp This command lists the contents of a repository or an archive. .SS Examples .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C $ borg list /path/to/repo Monday Mon, 2016\-02\-15 19:15:11 repo Mon, 2016\-02\-15 19:26:54 root\-2016\-02\-15 Mon, 2016\-02\-15 19:36:29 newname Mon, 2016\-02\-15 19:50:19 \&... $ borg list /path/to/repo::root\-2016\-02\-15 drwxr\-xr\-x root root 0 Mon, 2016\-02\-15 17:44:27 . drwxrwxr\-x root root 0 Mon, 2016\-02\-15 19:04:49 bin \-rwxr\-xr\-x root root 1029624 Thu, 2014\-11\-13 00:08:51 bin/bash lrwxrwxrwx root root 0 Fri, 2015\-03\-27 20:24:26 bin/bzcmp \-> bzdiff \-rwxr\-xr\-x root root 2140 Fri, 2015\-03\-27 20:24:22 bin/bzdiff \&... $ borg list /path/to/repo::archiveA \-\-list\-format="{mode} {user:6} {group:6} {size:8d} {isomtime} {path}{extra}{NEWLINE}" drwxrwxr\-x user user 0 Sun, 2015\-02\-01 11:00:00 . drwxrwxr\-x user user 0 Sun, 2015\-02\-01 11:00:00 code drwxrwxr\-x user user 0 Sun, 2015\-02\-01 11:00:00 code/myproject \-rw\-rw\-r\-\- user user 1416192 Sun, 2015\-02\-01 11:00:00 code/myproject/file.ext \&... # see what is changed between archives, based on file modification time, size and file path $ borg list /path/to/repo::archiveA \-\-list\-format="{mtime:%s}{TAB}{size}{TAB}{path}{LF}" |sort \-n > /tmp/list.archiveA $ borg list /path/to/repo::archiveB \-\-list\-format="{mtime:%s}{TAB}{size}{TAB}{path}{LF}" |sort \-n > /tmp/list.archiveB $ diff \-y /tmp/list.archiveA /tmp/list.archiveB 1422781200 0 . 1422781200 0 . 1422781200 0 code 1422781200 0 code 1422781200 0 code/myproject 1422781200 0 code/myproject 1422781200 1416192 code/myproject/file.ext | 1454664653 1416192 code/myproject/file.ext \&... .ft P .fi .UNINDENT .UNINDENT .SH BORG DELETE .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg delete [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] [\-p] [\-s] [\-c] [\-\-force] [\-\-save\-space] [TARGET] Delete an existing repository or archive positional arguments: TARGET archive or repository to delete optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") \-p, \-\-progress show progress display while deleting a single archive \-s, \-\-stats print statistics for the deleted archive \-c, \-\-cache\-only delete only the local cache for the given repository \-\-force force deletion of corrupted archives \-\-save\-space work slower, but using less space .ft P .fi .UNINDENT .UNINDENT .SS Description .sp This command deletes an archive from the repository or the complete repository. Disk space is reclaimed accordingly. If you delete the complete repository, the local cache for it (if any) is also deleted. .SS Examples .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C # delete a single backup archive: $ borg delete /path/to/repo::Monday # delete the whole repository and the related local cache: $ borg delete /path/to/repo You requested to completely DELETE the repository *including* all archives it contains: repo Mon, 2016\-02\-15 19:26:54 root\-2016\-02\-15 Mon, 2016\-02\-15 19:36:29 newname Mon, 2016\-02\-15 19:50:19 Type \(aqYES\(aq if you understand this and want to continue: YES .ft P .fi .UNINDENT .UNINDENT .SH BORG PRUNE .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg prune [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] [\-n] [\-\-force] [\-s] [\-\-list] [\-\-keep\-within WITHIN] [\-H HOURLY] [\-d DAILY] [\-w WEEKLY] [\-m MONTHLY] [\-y YEARLY] [\-P PREFIX] [\-\-save\-space] [REPOSITORY] Prune repository archives according to specified rules positional arguments: REPOSITORY repository to prune optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") \-n, \-\-dry\-run do not change repository \-\-force force pruning of corrupted archives \-s, \-\-stats print statistics for the deleted archive \-\-list output verbose list of archives it keeps/prunes \-\-keep\-within WITHIN keep all archives within this time interval \-H HOURLY, \-\-keep\-hourly HOURLY number of hourly archives to keep \-d DAILY, \-\-keep\-daily DAILY number of daily archives to keep \-w WEEKLY, \-\-keep\-weekly WEEKLY number of weekly archives to keep \-m MONTHLY, \-\-keep\-monthly MONTHLY number of monthly archives to keep \-y YEARLY, \-\-keep\-yearly YEARLY number of yearly archives to keep \-P PREFIX, \-\-prefix PREFIX only consider archive names starting with this prefix \-\-save\-space work slower, but using less space .ft P .fi .UNINDENT .UNINDENT .SS Description .sp The prune command prunes a repository by deleting all archives not matching any of the specified retention options. This command is normally used by automated backup scripts wanting to keep a certain number of historic backups. .sp As an example, "\-d 7" means to keep the latest backup on each day, up to 7 most recent days with backups (days without backups do not count). The rules are applied from hourly to yearly, and backups selected by previous rules do not count towards those of later rules. The time that each backup starts is used for pruning purposes. Dates and times are interpreted in the local timezone, and weeks go from Monday to Sunday. Specifying a negative number of archives to keep means that there is no limit. .sp The "\-\-keep\-within" option takes an argument of the form "", where char is "H", "d", "w", "m", "y". For example, "\-\-keep\-within 2d" means to keep all archives that were created within the past 48 hours. "1m" is taken to mean "31d". The archives kept with this option do not count towards the totals specified by any other options. .sp If a prefix is set with \-P, then only archives that start with the prefix are considered for deletion and only those archives count towards the totals specified by the rules. Otherwise, \fIall\fP archives in the repository are candidates for deletion! There is no automatic distinction between archives representing different contents. These need to be distinguished by specifying matching prefixes. .SS Examples .sp Be careful, prune is a potentially dangerous command, it will remove backup archives. .sp The default of prune is to apply to \fBall archives in the repository\fP unless you restrict its operation to a subset of the archives using \fB\-\-prefix\fP\&. When using \fB\-\-prefix\fP, be careful to choose a good prefix \- e.g. do not use a prefix "foo" if you do not also want to match "foobar". .sp It is strongly recommended to always run \fBprune \-v \-\-list \-\-dry\-run ...\fP first so you will see what it would do without it actually doing anything. .sp There is also a visualized prune example in \fBdocs/misc/prune\-example.txt\fP\&. .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C # Keep 7 end of day and 4 additional end of week archives. # Do a dry\-run without actually deleting anything. $ borg prune \-v \-\-list \-\-dry\-run \-\-keep\-daily=7 \-\-keep\-weekly=4 /path/to/repo # Same as above but only apply to archive names starting with the hostname # of the machine followed by a "\-" character: $ borg prune \-v \-\-list \-\-keep\-daily=7 \-\-keep\-weekly=4 \-\-prefix=\(aq{hostname}\-\(aq /path/to/repo # Keep 7 end of day, 4 additional end of week archives, # and an end of month archive for every month: $ borg prune \-v \-\-list \-\-keep\-daily=7 \-\-keep\-weekly=4 \-\-keep\-monthly=\-1 /path/to/repo # Keep all backups in the last 10 days, 4 additional end of week archives, # and an end of month archive for every month: $ borg prune \-v \-\-list \-\-keep\-within=10d \-\-keep\-weekly=4 \-\-keep\-monthly=\-1 /path/to/repo .ft P .fi .UNINDENT .UNINDENT .SH BORG INFO .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg info [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] ARCHIVE Show archive details such as disk space used positional arguments: ARCHIVE archive to display information about optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") .ft P .fi .UNINDENT .UNINDENT .SS Description .sp This command displays some detailed information about the specified archive. .sp Please note that the deduplicated sizes of the individual archives do not add up to the deduplicated size of the repository ("all archives"), because the two are meaning different things: .INDENT 0.0 .TP .B This archive / deduplicated size = amount of data stored ONLY for this archive = unique chunks of this archive. .TP .B All archives / deduplicated size = amount of data stored in the repo = all chunks in the repository. .UNINDENT .SS Examples .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C $ borg info /path/to/repo::root\-2016\-02\-15 Name: root\-2016\-02\-15 Fingerprint: 57c827621f21b000a8d363c1e163cc55983822b3afff3a96df595077a660be50 Hostname: myhostname Username: root Time (start): Mon, 2016\-02\-15 19:36:29 Time (end): Mon, 2016\-02\-15 19:39:26 Command line: /usr/local/bin/borg create \-v \-\-list \-C zlib,6 /path/to/repo::root\-2016\-02\-15 / \-\-one\-file\-system Number of files: 38100 Original size Compressed size Deduplicated size This archive: 1.33 GB 613.25 MB 571.64 MB All archives: 1.63 GB 853.66 MB 584.12 MB Unique chunks Total chunks Chunk index: 36858 48844 .ft P .fi .UNINDENT .UNINDENT .SH BORG MOUNT .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg mount [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] [\-f] [\-o OPTIONS] REPOSITORY_OR_ARCHIVE MOUNTPOINT Mount archive or an entire repository as a FUSE filesystem positional arguments: REPOSITORY_OR_ARCHIVE repository/archive to mount MOUNTPOINT where to mount filesystem optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") \-f, \-\-foreground stay in foreground, do not daemonize \-o OPTIONS Extra mount options .ft P .fi .UNINDENT .UNINDENT .SS Description .sp This command mounts an archive as a FUSE filesystem. This can be useful for browsing an archive or restoring individual files. Unless the \fB\-\-foreground\fP option is given the command will run in the background until the filesystem is \fBumounted\fP\&. .sp The BORG_MOUNT_DATA_CACHE_ENTRIES environment variable is meant for advanced users to tweak the performance. It sets the number of cached data chunks; additional memory usage can be up to ~8 MiB times this number. The default is the number of CPU cores. .sp For mount options, see the fuse(8) manual page. Additional mount options supported by borg: .INDENT 0.0 .IP \(bu 2 allow_damaged_files: by default damaged files (where missing chunks were replaced with runs of zeros by borg check \-\-repair) are not readable and return EIO (I/O error). Set this option to read such files. .UNINDENT .SH BORG UMOUNT .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg umount [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] MOUNTPOINT un\-mount the FUSE filesystem positional arguments: MOUNTPOINT mountpoint of the filesystem to umount optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") .ft P .fi .UNINDENT .UNINDENT .SS Description .sp This command un\-mounts a FUSE filesystem that was mounted with \fBborg mount\fP\&. .sp This is a convenience wrapper that just calls the platform\-specific shell command \- usually this is either umount or fusermount \-u. .SS Examples .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C $ borg mount /path/to/repo::root\-2016\-02\-15 /tmp/mymountpoint $ ls /tmp/mymountpoint bin boot etc home lib lib64 lost+found media mnt opt root sbin srv tmp usr var $ borg umount /tmp/mymountpoint .ft P .fi .UNINDENT .UNINDENT .SH BORG KEY EXPORT .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg key export [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] [\-\-paper] [REPOSITORY] [PATH] Export the repository key for backup positional arguments: REPOSITORY PATH where to store the backup optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") \-\-paper Create an export suitable for printing and later type\- in .ft P .fi .UNINDENT .UNINDENT .SS Description .sp If repository encryption is used, the repository is inaccessible without the key. This command allows to backup this essential key. .sp There are two backup formats. The normal backup format is suitable for digital storage as a file. The \fB\-\-paper\fP backup format is optimized for printing and typing in while importing, with per line checks to reduce problems with manual input. .sp For repositories using keyfile encryption the key is saved locally on the system that is capable of doing backups. To guard against loss of this key, the key needs to be backed up independently of the main data backup. .sp For repositories using the repokey encryption the key is saved in the repository in the config file. A backup is thus not strictly needed, but guards against the repository becoming inaccessible if the file is damaged for some reason. .SH BORG KEY IMPORT .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg key import [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] [\-\-paper] [REPOSITORY] [PATH] Import the repository key from backup positional arguments: REPOSITORY PATH path to the backup optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") \-\-paper interactively import from a backup done with \-\-paper .ft P .fi .UNINDENT .UNINDENT .SS Description .sp This command allows to restore a key previously backed up with the export command. .sp If the \fB\-\-paper\fP option is given, the import will be an interactive process in which each line is checked for plausibility before proceeding to the next line. For this format PATH must not be given. .SH BORG CHANGE-PASSPHRASE .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg change\-passphrase [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] [REPOSITORY] Change repository key file passphrase positional arguments: REPOSITORY optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") .ft P .fi .UNINDENT .UNINDENT .SS Description .sp The key files used for repository encryption are optionally passphrase protected. This command can be used to change this passphrase. .SS Examples .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C # Create a key file protected repository $ borg init \-\-encryption=keyfile \-v /path/to/repo Initializing repository at "/path/to/repo" Enter new passphrase: Enter same passphrase again: Remember your passphrase. Your data will be inaccessible without it. Key in "/root/.config/borg/keys/mnt_backup" created. Keep this key safe. Your data will be inaccessible without it. Synchronizing chunks cache... Archives: 0, w/ cached Idx: 0, w/ outdated Idx: 0, w/o cached Idx: 0. Done. # Change key file passphrase $ borg change\-passphrase \-v /path/to/repo Enter passphrase for key /root/.config/borg/keys/mnt_backup: Enter new passphrase: Enter same passphrase again: Remember your passphrase. Your data will be inaccessible without it. Key updated .ft P .fi .UNINDENT .UNINDENT .SH BORG SERVE .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg serve [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] [\-\-restrict\-to\-path PATH] [\-\-append\-only] Start in server mode. This command is usually not used manually. optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") \-\-restrict\-to\-path PATH restrict repository access to PATH. Can be specified multiple times to allow the client access to several directories. Access to all sub\-directories is granted implicitly; PATH doesn\(aqt need to directly point to a repository. \-\-append\-only only allow appending to repository segment files .ft P .fi .UNINDENT .UNINDENT .SS Description .sp This command starts a repository server process. This command is usually not used manually. .SS Examples .sp borg serve has special support for ssh forced commands (see \fBauthorized_keys\fP example below): it will detect that you use such a forced command and extract the value of the \fB\-\-restrict\-to\-path\fP option(s). It will then parse the original command that came from the client, makes sure that it is also \fBborg serve\fP and enforce path restriction(s) as given by the forced command. That way, other options given by the client (like \fB\-\-info\fP or \fB\-\-umask\fP) are preserved (and are not fixed by the forced command). .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C # Allow an SSH keypair to only run borg, and only have access to /path/to/repo. # Use key options to disable unneeded and potentially dangerous SSH functionality. # This will help to secure an automated remote backup system. $ cat ~/.ssh/authorized_keys command="borg serve \-\-restrict\-to\-path /path/to/repo",no\-pty,no\-agent\-forwarding,no\-port\-forwarding,no\-X11\-forwarding,no\-user\-rc ssh\-rsa AAAAB3[...] .ft P .fi .UNINDENT .UNINDENT .SH BORG UPGRADE .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg upgrade [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] [\-p] [\-n] [\-i] [\-\-force] [\-\-tam] [\-\-disable\-tam] [REPOSITORY] upgrade a repository from a previous version positional arguments: REPOSITORY path to the repository to be upgraded optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") \-p, \-\-progress show progress display while upgrading the repository \-n, \-\-dry\-run do not change repository \-i, \-\-inplace rewrite repository in place, with no chance of going back to older versions of the repository. \-\-force Force upgrade \-\-tam Enable manifest authentication (in key and cache) (Borg 1.0.9 and later) \-\-disable\-tam Disable manifest authentication (in key and cache) .ft P .fi .UNINDENT .UNINDENT .SS Description .sp Upgrade an existing Borg repository. .SH BORG 1.X.Y UPGRADES .sp Use \fBborg upgrade \-\-tam REPO\fP to require manifest authentication introduced with Borg 1.0.9 to address security issues. This means that modifying the repository after doing this with a version prior to 1.0.9 will raise a validation error, so only perform this upgrade after updating all clients using the repository to 1.0.9 or newer. .sp This upgrade should be done on each client for safety reasons. .sp If a repository is accidentally modified with a pre\-1.0.9 client after this upgrade, use \fBborg upgrade \-\-tam \-\-force REPO\fP to remedy it. .sp If you routinely do this you might not want to enable this upgrade (which will leave you exposed to the security issue). You can reverse the upgrade by issuing \fBborg upgrade \-\-disable\-tam REPO\fP\&. .sp See \fI\%https://borgbackup.readthedocs.io/en/stable/changes.html#pre\-1\-0\-9\-manifest\-spoofing\-vulnerability\fP for details. .SH ATTIC AND BORG 0.XX TO BORG 1.X .sp This currently supports converting an Attic repository to Borg and also helps with converting Borg 0.xx to 1.0. .sp Currently, only LOCAL repositories can be upgraded (issue #465). .sp It will change the magic strings in the repository\(aqs segments to match the new Borg magic strings. The keyfiles found in $ATTIC_KEYS_DIR or ~/.attic/keys/ will also be converted and copied to $BORG_KEYS_DIR or ~/.config/borg/keys. .sp The cache files are converted, from $ATTIC_CACHE_DIR or ~/.cache/attic to $BORG_CACHE_DIR or ~/.cache/borg, but the cache layout between Borg and Attic changed, so it is possible the first backup after the conversion takes longer than expected due to the cache resync. .sp Upgrade should be able to resume if interrupted, although it will still iterate over all segments. If you want to start from scratch, use \fIborg delete\fP over the copied repository to make sure the cache files are also removed: .INDENT 0.0 .INDENT 3.5 borg delete borg .UNINDENT .UNINDENT .sp Unless \fB\-\-inplace\fP is specified, the upgrade process first creates a backup copy of the repository, in REPOSITORY.upgrade\-DATETIME, using hardlinks. This takes longer than in place upgrades, but is much safer and gives progress information (as opposed to \fBcp \-al\fP). Once you are satisfied with the conversion, you can safely destroy the backup copy. .sp WARNING: Running the upgrade in place will make the current copy unusable with older version, with no way of going back to previous versions. This can PERMANENTLY DAMAGE YOUR REPOSITORY! Attic CAN NOT READ BORG REPOSITORIES, as the magic strings have changed. You have been warned. .SS Examples .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C # Upgrade the borg repository to the most recent version. $ borg upgrade \-v /path/to/repo making a hardlink copy in /path/to/repo.upgrade\-2016\-02\-15\-20:51:55 opening attic repository with borg and converting no key file found for repository converting repo index /path/to/repo/index.0 converting 1 segments... converting borg 0.xx to borg current no key file found for repository .ft P .fi .UNINDENT .UNINDENT .SS Upgrading a passphrase encrypted attic repo .sp attic offered a "passphrase" encryption mode, but this was removed in borg 1.0 and replaced by the "repokey" mode (which stores the passphrase\-protected encryption key into the repository config). .sp Thus, to upgrade a "passphrase" attic repo to a "repokey" borg repo, 2 steps are needed, in this order: .INDENT 0.0 .IP \(bu 2 borg upgrade repo .IP \(bu 2 borg migrate\-to\-repokey repo .UNINDENT .SH BORG BREAK-LOCK .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: borg break\-lock [\-h] [\-\-critical] [\-\-error] [\-\-warning] [\-\-info] [\-\-debug] [\-\-lock\-wait N] [\-\-show\-rc] [\-\-no\-files\-cache] [\-\-umask M] [\-\-remote\-path PATH] [REPOSITORY] Break the repository lock (e.g. in case it was left by a dead borg. positional arguments: REPOSITORY repository for which to break the locks optional arguments: \-h, \-\-help show this help message and exit \-\-critical work on log level CRITICAL \-\-error work on log level ERROR \-\-warning work on log level WARNING (default) \-\-info, \-v, \-\-verbose work on log level INFO \-\-debug work on log level DEBUG \-\-lock\-wait N wait for the lock, but max. N seconds (default: 1). \-\-show\-rc show/log the return code (rc) \-\-no\-files\-cache do not load/update the file metadata cache used to detect unchanged files \-\-umask M set umask to M (local and remote, default: 0077) \-\-remote\-path PATH set remote path to executable (default: "borg") .ft P .fi .UNINDENT .UNINDENT .SS Description .sp This command breaks the repository and cache locks. Please use carefully and only while no borg process (on any machine) is trying to access the Cache or the Repository. .SH MISCELLANEOUS HELP .SS borg help patterns .sp Exclusion patterns support four separate styles, fnmatch, shell, regular expressions and path prefixes. By default, fnmatch is used. If followed by a colon (\(aq:\(aq) the first two characters of a pattern are used as a style selector. Explicit style selection is necessary when a non\-default style is desired or when the desired pattern starts with two alphanumeric characters followed by a colon (i.e. \fIaa:something/*\fP). .sp \fI\%Fnmatch\fP, selector \fIfm:\fP .INDENT 0.0 .INDENT 3.5 This is the default style. These patterns use a variant of shell pattern syntax, with \(aq*\(aq matching any number of characters, \(aq?\(aq matching any single character, \(aq[...]\(aq matching any single character specified, including ranges, and \(aq[!...]\(aq matching any character not specified. For the purpose of these patterns, the path separator (\(aq\(aq for Windows and \(aq/\(aq on other systems) is not treated specially. Wrap meta\-characters in brackets for a literal match (i.e. \fI[?]\fP to match the literal character \fI?\fP). For a path to match a pattern, it must completely match from start to end, or must match from the start to just before a path separator. Except for the root path, paths will never end in the path separator when matching is attempted. Thus, if a given pattern ends in a path separator, a \(aq*\(aq is appended before matching is attempted. .UNINDENT .UNINDENT .sp Shell\-style patterns, selector \fIsh:\fP .INDENT 0.0 .INDENT 3.5 Like fnmatch patterns these are similar to shell patterns. The difference is that the pattern may include \fI**/\fP for matching zero or more directory levels, \fI*\fP for matching zero or more arbitrary characters with the exception of any path separator. .UNINDENT .UNINDENT .sp Regular expressions, selector \fIre:\fP .INDENT 0.0 .INDENT 3.5 Regular expressions similar to those found in Perl are supported. Unlike shell patterns regular expressions are not required to match the complete path and any substring match is sufficient. It is strongly recommended to anchor patterns to the start (\(aq^\(aq), to the end (\(aq$\(aq) or both. Path separators (\(aq\(aq for Windows and \(aq/\(aq on other systems) in paths are always normalized to a forward slash (\(aq/\(aq) before applying a pattern. The regular expression syntax is described in the \fI\%Python documentation for the re module\fP\&. .UNINDENT .UNINDENT .sp Prefix path, selector \fIpp:\fP .INDENT 0.0 .INDENT 3.5 This pattern style is useful to match whole sub\-directories. The pattern \fIpp:/data/bar\fP matches \fI/data/bar\fP and everything therein. .UNINDENT .UNINDENT .sp Exclusions can be passed via the command line option \fI\-\-exclude\fP\&. When used from within a shell the patterns should be quoted to protect them from expansion. .sp The \fI\-\-exclude\-from\fP option permits loading exclusion patterns from a text file with one pattern per line. Lines empty or starting with the number sign (\(aq#\(aq) after removing whitespace on both ends are ignored. The optional style selector prefix is also supported for patterns loaded from a file. Due to whitespace removal paths with whitespace at the beginning or end can only be excluded using regular expressions. .sp Examples: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C # Exclude \(aq/home/user/file.o\(aq but not \(aq/home/user/file.odt\(aq: $ borg create \-e \(aq*.o\(aq backup / # Exclude \(aq/home/user/junk\(aq and \(aq/home/user/subdir/junk\(aq but # not \(aq/home/user/importantjunk\(aq or \(aq/etc/junk\(aq: $ borg create \-e \(aq/home/*/junk\(aq backup / # Exclude the contents of \(aq/home/user/cache\(aq but not the directory itself: $ borg create \-e /home/user/cache/ backup / # The file \(aq/home/user/cache/important\(aq is *not* backed up: $ borg create \-e /home/user/cache/ backup / /home/user/cache/important # The contents of directories in \(aq/home\(aq are not backed up when their name # ends in \(aq.tmp\(aq $ borg create \-\-exclude \(aqre:^/home/[^/]+\e.tmp/\(aq backup / # Load exclusions from file $ cat >exclude.txt < lvdisplay.txt $ borg create \-\-read\-special /path/to/repo::arch lvdisplay.txt /dev/vg0/*\-snapshot $ # remove snapshots here .ft P .fi .UNINDENT .UNINDENT .sp Now, let\(aqs see how to restore some LVs from such a backup. .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C $ borg extract /path/to/repo::arch lvdisplay.txt $ # create empty LVs with correct sizes here (look into lvdisplay.txt). $ # we assume that you created an empty root and home LV and overwrite it now: $ borg extract \-\-stdout /path/to/repo::arch dev/vg0/root\-snapshot > /dev/vg0/root $ borg extract \-\-stdout /path/to/repo::arch dev/vg0/home\-snapshot > /dev/vg0/home .ft P .fi .UNINDENT .UNINDENT .SS Append\-only mode .sp A repository can be made "append\-only", which means that Borg will never overwrite or delete committed data. This is useful for scenarios where multiple machines back up to a central backup server using \fBborg serve\fP, since a hacked machine cannot delete backups permanently. .sp To activate append\-only mode, edit the repository \fBconfig\fP file and add a line \fBappend_only=1\fP to the \fB[repository]\fP section (or edit the line if it exists). .sp In append\-only mode Borg will create a transaction log in the \fBtransactions\fP file, where each line is a transaction and a UTC timestamp. .sp In addition, \fBborg serve\fP can act as if a repository is in append\-only mode with its option \fB\-\-append\-only\fP\&. This can be very useful for fine\-tuning access control in \fB\&.ssh/authorized_keys\fP .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C command="borg serve \-\-append\-only ..." ssh\-rsa command="borg serve ..." ssh\-rsa .ft P .fi .UNINDENT .UNINDENT .SS Example .sp Suppose an attacker remotely deleted all backups, but your repository was in append\-only mode. A transaction log in this situation might look like this: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C transaction 1, UTC time 2016\-03\-31T15:53:27.383532 transaction 5, UTC time 2016\-03\-31T15:53:52.588922 transaction 11, UTC time 2016\-03\-31T15:54:23.887256 transaction 12, UTC time 2016\-03\-31T15:55:54.022540 transaction 13, UTC time 2016\-03\-31T15:55:55.472564 .ft P .fi .UNINDENT .UNINDENT .sp From your security logs you conclude the attacker gained access at 15:54:00 and all the backups where deleted or replaced by compromised backups. From the log you know that transactions 11 and later are compromised. Note that the transaction ID is the name of the \fIlast\fP file in the transaction. For example, transaction 11 spans files 6 to 11. .sp In a real attack you\(aqll likely want to keep the compromised repository intact to analyze what the attacker tried to achieve. It\(aqs also a good idea to make this copy just in case something goes wrong during the recovery. Since recovery is done by deleting some files, a hard link copy (\fBcp \-al\fP) is sufficient. .sp The first step to reset the repository to transaction 5, the last uncompromised transaction, is to remove the \fBhints.N\fP and \fBindex.N\fP files in the repository (these two files are always expendable). In this example N is 13. .sp Then remove or move all segment files from the segment directories in \fBdata/\fP starting with file 6: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C rm data/**/{6..13} .ft P .fi .UNINDENT .UNINDENT .sp That\(aqs all to it. .SS Drawbacks .sp As data is only appended, and nothing removed, commands like \fBprune\fP or \fBdelete\fP won\(aqt free disk space, they merely tag data as deleted in a new transaction. .sp Be aware that as soon as you write to the repo in non\-append\-only mode (e.g. prune, delete or create archives from an admin machine), it will remove the deleted objects permanently (including the ones that were already marked as deleted, but not removed, in append\-only mode). .sp Note that you can go back\-and\-forth between normal and append\-only operation by editing the configuration file, it\(aqs not a "one way trip". .SS Further considerations .sp Append\-only mode is not respected by tools other than Borg. \fBrm\fP still works on the repository. Make sure that backup client machines only get to access the repository via \fBborg serve\fP\&. .sp Ensure that no remote access is possible if the repository is temporarily set to normal mode for e.g. regular pruning. .sp Further protections can be implemented, but are outside of Borgs scope. For example, file system snapshots or wrapping \fBborg serve\fP to set special permissions or ACLs on new data files. .SH AUTHOR The Borg Collective (see AUTHORS file) .SH COPYRIGHT 2010-2014 Jonas Borgström, 2015-2016 The Borg Collective (see AUTHORS file) .\" Generated by docutils manpage writer. .