Duplicity 0.4.2 review
DownloadDuplicity backs directories by producing encrypted tar-format volumes and uploading them to a remote or local file server. Because
|
|
Duplicity backs directories by producing encrypted tar-format volumes and uploading them to a remote or local file server.
Because duplicity uses librsync, the incremental archives are space efficient and only record the parts of files that have changed since the last backup. Because duplicity uses GnuPG to encrypt and/or sign these archives, they will be safe from spying and/or modification by the server.
The duplicity package also includes the rdiffdir utility. Rdiffdir is an extension of librsync's rdiff to directories---it can be used to produce signatures and deltas of directories as well as regular files. These signatures and deltas are in GNU tar format.
Here are some key features of "Duplicity":
Easy to use: Although duplicity is a command-line utility, the semantics are relative simply. To take a basic example, this command:
duplicity /usr scp://host.net/target_dir
backs up the /usr directory to the remost host host.net via scp.
Encrypted and signed archives: The archives that duplicity produces can be encrypted and signed using GnuPG, the standard for free software cryptology. The remote location will not be able to infer much about the backups other than their size and when they are uploaded. Also, if the archives are modified on the remote side, this will be detected when restoring.
Bandwidth and space efficient: Duplicity uses the rsync algorithm so only the changed parts of files are sent to the archive when doing an incremental backup. For instance, if a long log file increases by just a few lines of text, a small diff will be sent to and saved in the archive. Other backup programs may save a complete copy of the file.
Standard file format: Athough archive data will be encrypted, inside it is in standard GNU-tar format archives. A full backup contains normal tarballs, and incremental backups are tar archives of new files and the deltas from previous backups. The deltas are in the format produced by librsync's command-line utility rdiff.
Although you should never have to look at a duplicity archive manually, if the need should arise they can be produced and processed using GnuPG, rdiff, and tar.
Choice of remote protocol: Duplicity does not make many demands on its archive server. As long as files can be saved to, read from, listed, and deleted from a location, that location can be used as a duplicity backend. Besides increasing choice for the user, it can make a server more secure, as clients only require minimal access.
Currently local file storage, scp/ssh, ftp, rsync, and Amazon S3 are supported, and others shouldn't be difficult to add.
Requirements:
Python v2.2 or later
Librsync v0.9.6 or later
GnuPG for encryption
What's New in This Release:
Mathias de Riese's substantial patch or patches appear to have been applied to CVS years ago, but not released yet. Sorry about that.
Followed suggestion by David Rigel, make user type passphrase twice to confirm.
Eric Hanchrow's patch makes sure duplicity deletes older signatures when using --remove-older-than.
Jiri Taylor's patch may fix some scp/sftp problems.
asdf's patch makes sure uids or gids over 2097151 don't corrupt the tarfiles.
Cleaned up and documented --collection-status option, which lists the backup chains and sets found in the repository.
FTP error 450 when listing a directory now understood to mean the directory is empty (duplicity will not exit with error).
--remove-older-than now cannot delete the active backup chain, even if you specify a time later than the chain (e.g. "--remove-older-than now").
Duplicity 0.4.2 keywords