Librem 5 Backup and Restore – Purism


#1

couldn’t resist the AWESOME-ness of the above blog-article … @Kyle_Rankin thank you for this ! highly appreciated … learned new commands and the explanations are very clearly laid out and not to complex for the mortal in me :wink: … in short better than a quick av tutorial online with easy copy and pasting where required … sublime !

If you have ever performed a backup and restore on a Linux system, my process probably seems pretty familiar to you–and that’s the point! You can treat a Librem 5 phone like a standard Linux system and any know-how you already possess instantly translates over.

and that’s why i’ve posted under “PureOS” forum-category … one word - UNIVERSAL !


#2

I’m so glad you liked it! I’m loving just how easy it is to do things on the Librem 5 since as you mention, it’s all PureOS and universal. I plan on writing many more articles that describe how I’ve solved problems using standard PureOS tools. The main limitations I’ve hit up to this point have been due to applications that don’t take the screen size into account. Outside of that though I can just treat it like a standard Linux desktop and take advantage of my two decades’ experience with Linux.

To (mis)quote Jurassic Park: “This is Linux, I know this.”


#3

the day that you’ll be writing that article from an L5 connected to desktop keyboard and a computer monitor (possibly even a dedicated docking-station :open_mouth: ) are fast approaching …

but most of all … i’m excited about the day i’ll be READING your article on the SAME setup :joy:


#4

This is cool to read. As someone who is just really getting into the GNU/Linux world and starting to use PureOS, it’s always cool to me how using the command line is so damn fast and convenient for a lot of tasks vs having to browse the web or click endlessly through a GUI. It’s great to follow a guide, type in the commands suggested and see everything just work/install/etc.


#5

well heck … why not glorify this some more ?

the bomb

Before I did a backup, I first wanted to get a list of all of the packages I had installed on the phone so I could reinstall them as part of the restore. To do this I typed:

dpkg --get-selections | grep -v deinstall | cut -f1 > ~/pkglist

This dumped the list of installed packages, one line at a time, into /home/purism/pkglist.


#6

I’m glad you’ve covered backup and restore because that would be one of the first things that I would want to do after initial config and setup i.e. backup - just in case.

Quick question: Do you need -z on the tar x command to restore or is tar smart enough to see automatically that it needs it? (Yeah I know that I could test that myself but …)


#7

one more … tar stands for tape-archive which brings me to ask - is it a coincidence or do you guys ACTUALLY use tape-archiving as storage at Purism ?


#8

Pretty sure the command was just never modified to be a more generic archive command. tar has been used for so long that changing the command name would likely be met with so much resistance it’s just not a battle worth fighting.

I’ve seen tar used to archive all sorts of things and only in one instance was it to tape, almost always I see it used to archive to some form of disk medium with a gzip compression.

Maybe it should be renamed from “Tape Archive” to “To Archive” that way the command can stay tar…


#9

In addition to clicking the heart in the first message, I have to thank kyle for these wonderful articles which, waiting for my dogwood, are useful for me who am not a programmer.


#10

My understanding is that most current versions of tar are “smart enough” to figure out when an archive is zipped when extracting but you still need to specify it when creating an archive.

Old habits die hard though after using the same set of tar arguments for twenty years :slight_smile:


#11

When I started using tar professionally, I used it to backup directly to raw tape devices. Since then though I just use it as a convenient way to combine a bunch of files and directories into a single file while preserving the directory structure and file system permissions. As I hint in the article, there’s more than one way to do it, and I would take an entirely different approach if I were transferring everything from one hard drive to a new empty one.


#12

as far as i know tar doesn’t support archiving with passwords … i have several OLD 7zip password-ed files from the M$-era that need unpacking and was wondering if that’s going to change in the future or do i have to use 7zip on GNU/Linux for those ?

oh i see that Linux-Journal is still in business … i thought they were gone. what happened ? were they bought ?


#13

well that’s the beauty of linux that you don’t need each software to be MFU and bring alll the dependecies with it (although it’s coming to that point with flatpak)
So if you need to encrypt tar archive you can just pass it further via the pipe to openssl.

ruff@ubox:~$ tar -cz . | openssl aes256 | cat > home.tar.gz.aes
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
ruff@ubox:~$ ls -la home.tar.gz.aes
-rw-rw-r-- 1 ruff ruff 121872 Feb  5 13:06 home.tar.gz.aes
ruff@ubox:~$ openssl aes256 -d < home.tar.gz.aes | tar tzv
enter aes-256-cbc decryption password:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
drwxr-xr-x ruff/ruff         0 2020-02-05 13:05 ./
-rw------- ruff/ruff     10891 2020-01-28 16:56 ./.viminfo
-rw-r--r-- ruff/ruff       220 2019-05-05 04:06 ./.bash_logout
drwxrwxr-x ruff/ruff         0 2020-01-28 16:22 ./.ansible/
drwx------ ruff/ruff         0 2020-01-28 17:02 ./.ansible/tmp/
-rw-r--r-- ruff/ruff         0 2020-01-24 01:19 ./.sudo_as_admin_successful
-rw-r--r-- ruff/ruff      3771 2019-05-05 04:06 ./.bashrc

Or you can use convenience wrapper from gnupg like gpgtar


#14

what is that WARNING for ?


#15

for exactly what it is saying :slight_smile: the default encryption key derivation algorithm is considered unsafe and depricated hence if you want better security on your encrypted blob it advises you to use new method.

 -iter +int          Specify the iteration count and force use of PBKDF2
 -pbkdf2             Use password-based key derivation function 2

But bear in mind aes256 will offer you comparable security to what zip rpovides, if you want to be safe than sorry use gpg as it is specifically created to encrypt file archives using strong cryptography rather than just symmetric encryption.


#16

oh now i see ! well it’s there just mostly for the password ! don’t really need strong asymmetric encryption for this … i only access that HDD in offline mode and the contents are not sensitive but i’d rather not make it too easy if somebody gets his hands on that HDD besides me …


#17

They are sadly out of business but the parent company that bought them two years ago is keeping the site up. You can read my goodbye post here: https://www.linuxjournal.com/content/linux-journal-ceases-publication-awkward-goodbye


#18

It’s a great article, backup and restore is something that gives a lot of people anxiety.

I believe it’s worth noting that had there been a significant system update between the factory restored state and where system was when the backup takes place, backing up the entire /etc directory could cause problems when it’s restored.

The article is pretty clear on what the use case is, so this is in no way a meant as a criticism, just a side note to make the process that much more universal.

You could list any configuration files which have been modified from their installation state, which functions like a checklist of what has been changed.

dpkg-query -W -f='${Conffiles}\n' '*' | awk 'OFS="  "{print $2,$1}' | md5sum -c 2>/dev/null | awk -F': ' '$2 !~ /OK$/{print $1}' | sort 

Then you could limit the backup to the specific files and/or directories under /etc which you’ve changed. Thereby limiting the chance of inadvertently clobbering configurations you haven’t touched between different versions of those applications.

I find it’s always nice to have reminders of what I’ve fiddled with. Might remind me of scripts of I’ve also stuck in /usr/local/bin or something else not in my home directory.

It also might be helpful in 6 months, after Evergreen has been out a while and is seeing regular updates. Someone without a lot of Linux experience will use the article as a “How To” guide and freak out when their restore fails. Even if there is documentation which explicitly explains it, that might not be what the user finds first. :roll_eyes: :laughing:


#19

3 pipes in a SINGLE line ? meh GUI can do that … :stuck_out_tongue_winking_eye:

with that last one we are very close to writing a full blown script here …


#20

You will note though that he is using a selective restore, partly for that reason I would suppose.

However even a selective restore could cause a problem with an unfriendly update to some component. (It would therefore, and otherwise, be desirable to refresh the backup frequently.)

I prefer to use dd for backup and restore, as I will always get a known valid state. It is unclear how one could do that on the L5. I have previously hinted to Purism :slight_smile: that I would like to be able to boot from µSD card, at least for the purpose of backup and restore of the eMMC drive.