How to compile and install Tarsnap on a Ubuntu/Debian Linux

Posted on in Categories , , , , last updated January 5, 2017

A Tarsnap service is a secure online backup system for Linux, OSX, *BSD or UNIX-like system. They encrypt and store data in Amazon S3. The services also use rsync-like algorithms, and only backup data that has been changed since the last dump. The backups are protected by a security key only known to a backup operator or sysadmin. How do I install a tarsnap client on a Ubuntu or Debian Linux system?

Pre-built Ubuntu or Debian Linux binaries are not available for Tarsnap. You must download the source code and compile it on your system. So you need the following:

  1. GNU GCC and other tools
  2. OpenSSL
  3. zlib

In this quick tutorial you will learn how to install and compile tarsnap client from the source code on a Ubuntu or Debian Linux system.

Step 1: Download Tarsnap

Type the following wget command:
$ wget https://www.tarsnap.com/download/tarsnap-autoconf-1.0.37.tgz
$ wget https://www.tarsnap.com/download/tarsnap-sigs-1.0.37.asc
$ wget https://www.tarsnap.com/tarsnap-signing-key-2016.asc

Sample outputs:

Fig.01: Downloading tarsnap source code
Fig.01: Downloading tarsnap source code

Step 2: Verify Tarsnap

To verify downloaded tarballs with GnuPG, enter:
$ gpg --import tarsnap-signing-key-2016.asc
Sample outputs:

gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 3DA2BCE3: public key "Tarsnap source code signing key (Colin Percival) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: no ultimately trusted keys found

Try to verify the software signature:
$ gpg --decrypt tarsnap-sigs-1.0.37.asc
Sample outputs:

gpg: Signature made Thu 10 Mar 2016 12:57:03 AM UTC using RSA key ID 3DA2BCE3
gpg: Good signature from "Tarsnap source code signing key (Colin Percival) <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: ECAE BA77 D19D 1EE0 CAF1  628F BC5C FA09 3DA2 BCE3

Add the Web of trust for this key:
$ gpg --edit-key [email protected] trust
Now verify it again:
$ gpg --decrypt tarsnap-sigs-1.0.37.asc
Sample outputs:

SHA256 (tarsnap-autoconf-1.0.37.tgz) = fa999413651b3bd994547a10ffe3127b4a85a88b1b9a253f2de798888718dbfa
gpg: Signature made Thu 10 Mar 2016 12:57:03 AM UTC using RSA key ID 3DA2BCE3
gpg: Good signature from "Tarsnap source code signing key (Colin Percival) <[email protected]>"

Verify that the SHA256 hash of the tarball matches the value in the signed SHA256 hash file:
$ shasum -a 256 tarsnap-autoconf-1.0.37.tgz
Sample outputs:

fa999413651b3bd994547a10ffe3127b4a85a88b1b9a253f2de798888718dbfa  tarsnap-autoconf-1.0.37.tgz

Step 3: Install necessary software to compile tarsnap on a Ubuntu/Debian

Type the following command to install software:
$ sudo apt update
$ sudo apt upgrade
$ sudo apt install build-essential
$ sudo apt install libc6-dev libssl-dev zlib1g-dev e2fslibs-dev

Sample outputs:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
libc6-dev is already the newest version (2.23-0ubuntu5).
libc6-dev set to manually installed.
The following additional packages will be installed:
  comerr-dev libssl-doc
Suggested packages:
  doc-base
The following NEW packages will be installed:
  comerr-dev e2fslibs-dev libssl-dev libssl-doc zlib1g-dev
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,831 kB of archives.
After this operation, 11.5 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://mirrors.service.networklayer.com/ubuntu xenial/main amd64 zlib1g-dev amd64 1:1.2.8.dfsg-2ubuntu4 [168 kB]
Get:2 http://mirrors.service.networklayer.com/ubuntu xenial-updates/main amd64 libssl-dev amd64 1.0.2g-1ubuntu4.5 [1,344 kB]
Get:3 http://mirrors.service.networklayer.com/ubuntu xenial-updates/main amd64 libssl-doc all 1.0.2g-1ubuntu4.5 [1,078 kB]
Get:4 http://mirrors.service.networklayer.com/ubuntu xenial/main amd64 comerr-dev amd64 2.1-1.42.13-1ubuntu1 [38.2 kB]
Get:5 http://mirrors.service.networklayer.com/ubuntu xenial/main amd64 e2fslibs-dev amd64 1.42.13-1ubuntu1 [203 kB]
Fetched 2,831 kB in 0s (12.7 MB/s)
Selecting previously unselected package zlib1g-dev:amd64.
(Reading database ... 86681 files and directories currently installed.)
Preparing to unpack .../zlib1g-dev_1%3a1.2.8.dfsg-2ubuntu4_amd64.deb ...
Unpacking zlib1g-dev:amd64 (1:1.2.8.dfsg-2ubuntu4) ...
...
..
...
Setting up comerr-dev (2.1-1.42.13-1ubuntu1) ...
Setting up e2fslibs-dev (1.42.13-1ubuntu1) ...

Step 4: Extract the tar ball

Type the following tar command:
$ tar zxvf tarsnap-autoconf-1.0.37.tgz

Step 5: Compile the tarsnap software

Type the following command:
$ cd tarsnap-autoconf-1.0.37/
$ ./configure && make all

To install the software, enter:
$ sudo make install
Verify installation:
$ type -a tarsnap
tarsnap is /usr/local/bin/tarsnap

How do I use Tarsnap client?

First, you need access to the Tarsnap service and account management interface. Tarsnap operates on a prepaid basis like prepaid mobile phones. You need to add funds to your account. See this page for more info.

Setup the config file

Type the following cp command:
$ sudo cp -v /usr/local/etc/tarsnap.conf{.sample,}
Sample outputs:

'/usr/local/etc/tarsnap.conf.sample' -> '/usr/local/etc/tarsnap.conf'

Generate a key file for use with tarsnap

Use the tarsnap-keygen command to generate cryptographic keys, registers with the tarsnap server, and writes a key file for use with tarsnap:
$ sudo tarsnap-keygen \
--keyfile /root/tarsnap.key \
--user [email protected] \
--machine apache42

Make sure you copy your /root/tarsnap.key file somewhere safe.

How to make your first backup?

The syntax is similar to the tar command. In this following example, I am backing up /root, /etc, and /var/www/html directories:
$ sudo /usr/local/bin/tarsnap -c -f apache42-20170104 /root /etc /var/www/html
Where,

  1. -c : Create a new archive
  2. -f : Archive name is made of my $HOSTNAME (apache42) and date in YYYYMMDD (20170104) format
  3. /root /etc /var/www/html : List of multiple directories to back up

How to make incremental backup?

The syntax is as follows (note only date stamp changed):
$ sudo /usr/local/bin/tarsnap -c -f apache42-20170105 /root /etc /var/www/html
For next day:
$ sudo /usr/local/bin/tarsnap -c -f apache42-20170106 /root /etc /var/www/html

How do I print a list of archives stored on backup server?

Type the following command:
$ tarsnap --list-archives
$ tarsnap --list-archives | sort

Sample outputs:

Please enter passphrase for keyfile /root/tarsnap.key: 
apache42-20160603
apache42-20160622
apache42-20160726
....
...
apache42-20170101

How do I restore archive named apache42-20160622?

The syntax is:
$ sudo tarsnap -x -f apache42-20160622
$ sudo ls /var/www/html

Conclusion

And there, you have it. Tarsnap installed and configured on a Ubuntu or Debian Linux based system. There are many other options available with tarsnap. I recommend a book called “Tarsnap Mastery Online Backup For the Truly Paranoid“.

2 comment

Leave a Comment