How to compile and install Tarsnap on a Ubuntu/Debian Linux

A Tarsnap service is a secure online backup system for Linux, OSX, *BSD or UNIX-like system. They encrypt and store data in Amazon S3. The services also use rsync-like algorithms, and only backup data that has been changed since the last dump. The backups are protected by a security key only known to a backup operator or sysadmin. How do I install a tarsnap client on a Ubuntu or Debian Linux system?

Pre-built Ubuntu or Debian Linux binaries are not available for Tarsnap. You must download the source code and compile it on your system. So you need the following:
  1. GNU GCC and other tools
  2. OpenSSL
  3. zlib

In this quick tutorial you will learn how to install and compile tarsnap client from the source code on a Ubuntu or Debian Linux system.

Step 1: Download Tarsnap

Type the following wget command:
$ wget https://www.tarsnap.com/download/tarsnap-autoconf-1.0.37.tgz
$ wget https://www.tarsnap.com/download/tarsnap-sigs-1.0.37.asc
$ wget https://www.tarsnap.com/tarsnap-signing-key-2016.asc

Sample outputs:

Fig.01: Downloading tarsnap source code

Step 2: Verify Tarsnap

To verify downloaded tarballs with GnuPG, enter:
$ gpg --import tarsnap-signing-key-2016.asc
Sample outputs:

gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 3DA2BCE3: public key "Tarsnap source code signing key (Colin Percival) <cperciva@tarsnap.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: no ultimately trusted keys found

Try to verify the software signature:
$ gpg --decrypt tarsnap-sigs-1.0.37.asc
Sample outputs:

gpg: Signature made Thu 10 Mar 2016 12:57:03 AM UTC using RSA key ID 3DA2BCE3
gpg: Good signature from "Tarsnap source code signing key (Colin Percival) <cperciva@tarsnap.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: ECAE BA77 D19D 1EE0 CAF1  628F BC5C FA09 3DA2 BCE3

Add the Web of trust for this key:
$ gpg --edit-key cperciva@tarsnap.com trust
Now verify it again:
$ gpg --decrypt tarsnap-sigs-1.0.37.asc
Sample outputs:

SHA256 (tarsnap-autoconf-1.0.37.tgz) = fa999413651b3bd994547a10ffe3127b4a85a88b1b9a253f2de798888718dbfa
gpg: Signature made Thu 10 Mar 2016 12:57:03 AM UTC using RSA key ID 3DA2BCE3
gpg: Good signature from "Tarsnap source code signing key (Colin Percival) <cperciva@tarsnap.com>"

Verify that the SHA256 hash of the tarball matches the value in the signed SHA256 hash file:
$ shasum -a 256 tarsnap-autoconf-1.0.37.tgz
Sample outputs:

fa999413651b3bd994547a10ffe3127b4a85a88b1b9a253f2de798888718dbfa  tarsnap-autoconf-1.0.37.tgz

Step 3: Install necessary software to compile tarsnap on a Ubuntu/Debian

Type the following command to install software:
$ sudo apt update
$ sudo apt upgrade
$ sudo apt install build-essential
$ sudo apt install libc6-dev libssl-dev zlib1g-dev e2fslibs-dev

Sample outputs:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
libc6-dev is already the newest version (2.23-0ubuntu5).
libc6-dev set to manually installed.
The following additional packages will be installed:
  comerr-dev libssl-doc
Suggested packages:
  doc-base
The following NEW packages will be installed:
  comerr-dev e2fslibs-dev libssl-dev libssl-doc zlib1g-dev
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,831 kB of archives.
After this operation, 11.5 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://mirrors.service.networklayer.com/ubuntu xenial/main amd64 zlib1g-dev amd64 1:1.2.8.dfsg-2ubuntu4 [168 kB]
Get:2 http://mirrors.service.networklayer.com/ubuntu xenial-updates/main amd64 libssl-dev amd64 1.0.2g-1ubuntu4.5 [1,344 kB]
Get:3 http://mirrors.service.networklayer.com/ubuntu xenial-updates/main amd64 libssl-doc all 1.0.2g-1ubuntu4.5 [1,078 kB]
Get:4 http://mirrors.service.networklayer.com/ubuntu xenial/main amd64 comerr-dev amd64 2.1-1.42.13-1ubuntu1 [38.2 kB]
Get:5 http://mirrors.service.networklayer.com/ubuntu xenial/main amd64 e2fslibs-dev amd64 1.42.13-1ubuntu1 [203 kB]
Fetched 2,831 kB in 0s (12.7 MB/s)
Selecting previously unselected package zlib1g-dev:amd64.
(Reading database ... 86681 files and directories currently installed.)
Preparing to unpack .../zlib1g-dev_1%3a1.2.8.dfsg-2ubuntu4_amd64.deb ...
Unpacking zlib1g-dev:amd64 (1:1.2.8.dfsg-2ubuntu4) ...
...
..
...
Setting up comerr-dev (2.1-1.42.13-1ubuntu1) ...
Setting up e2fslibs-dev (1.42.13-1ubuntu1) ...

Step 4: Extract the tar ball

Type the following tar command:
$ tar zxvf tarsnap-autoconf-1.0.37.tgz

Step 5: Compile the tarsnap software

Type the following command:
$ cd tarsnap-autoconf-1.0.37/
$ ./configure && make all

To install the software, enter:
$ sudo make install
Verify installation:
$ type -a tarsnap
tarsnap is /usr/local/bin/tarsnap

How do I use Tarsnap client?

First, you need access to the Tarsnap service and account management interface. Tarsnap operates on a prepaid basis like prepaid mobile phones. You need to add funds to your account. See this page for more info.

Setup the config file

Type the following cp command:
$ sudo cp -v /usr/local/etc/tarsnap.conf{.sample,}
Sample outputs:

'/usr/local/etc/tarsnap.conf.sample' -> '/usr/local/etc/tarsnap.conf'

Generate a key file for use with tarsnap

Use the tarsnap-keygen command to generate cryptographic keys, registers with the tarsnap server, and writes a key file for use with tarsnap:
$ sudo tarsnap-keygen \
--keyfile /root/tarsnap.key \
--user you@cyberciti.biz \
--machine apache42

Make sure you copy your /root/tarsnap.key file somewhere safe.

How to make your first backup?

The syntax is similar to the tar command. In this following example, I am backing up /root, /etc, and /var/www/html directories:
$ sudo /usr/local/bin/tarsnap -c -f apache42-20170104 /root /etc /var/www/html
Where,

  1. -c : Create a new archive
  2. -f : Archive name is made of my $HOSTNAME (apache42) and date in YYYYMMDD (20170104) format
  3. /root /etc /var/www/html : List of multiple directories to back up

How to make incremental backup?

The syntax is as follows (note only date stamp changed):
$ sudo /usr/local/bin/tarsnap -c -f apache42-20170105 /root /etc /var/www/html
For next day:
$ sudo /usr/local/bin/tarsnap -c -f apache42-20170106 /root /etc /var/www/html

How do I print a list of archives stored on backup server?

Type the following command:
$ tarsnap --list-archives
$ tarsnap --list-archives | sort

Sample outputs:

Please enter passphrase for keyfile /root/tarsnap.key: 
apache42-20160603
apache42-20160622
apache42-20160726
....
...
apache42-20170101

How do I restore archive named apache42-20160622?

The syntax is:
$ sudo tarsnap -x -f apache42-20160622
$ sudo ls /var/www/html

Conclusion

And there, you have it. Tarsnap installed and configured on a Ubuntu or Debian Linux based system. There are many other options available with tarsnap. I recommend a book called “Tarsnap Mastery Online Backup For the Truly Paranoid“.


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 2 comments so far... add one


CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
2 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum