Skip to content

Add --archive.tar.binary parameter #286

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Dec 4, 2018
Merged

Add --archive.tar.binary parameter #286

merged 2 commits into from
Dec 4, 2018

Conversation

dschneller
Copy link
Contributor

Allows specifying a custom location of the tar command to use.
Also, the flags sent to ta" are sent individually (tar -cf becomes tar -c -f).

This allows easily customizing how the archiving is performed without having to add
lots of new options. For example, you could encrypt backup data via a simple shell script
and specify via --archive.tar.binary:

#!/bin/bash
gpg_pubkey_id=XXXXXXX
new_args=""

while [ "${#}" -gt 0 ]; do
  case "$1" in
    -f)
      shift;
      original_output_file="${1}"
      shift
      new_args="${new_args} --to-stdout"
      ;;
    *)
      new_args="${new_args} ${1}"
      shift
      ;;
  esac
done

tar ${new_args} | gpg --always-trust --encrypt --recipient ${gpg_pubkey_id} -z 0 --output ${original_output_file}

This has several advantages:

  • Backups are never written to disk unencrypted
  • Encryption can be done in one go, instead of causing the potentially heavy additional
    I/O a separate encryption step would incur.
  • It's transparent for the upload stages, so you can still benefit from the integrated
    S3 (or other) uploads.

@dschneller
Add --archive.tar.binary parameter
e095859 
Allows specifying a custom location of the "tar" command to use.
Also, the flags sent to "tar" are sent individually (`tar -cf` becomes `tar -c -f`).

This allows easily customizing how the archiving is performed without having to add
lots of new options. For example, you could encrypt backup data via a simple shell script
and specify it for --archive.tar.binary:

```
#!/bin/bash
gpg_pubkey_id=XXXXXXX
new_args=""

while [ "${#}" -gt 0 ]; do
  case "$1" in
    -f)
      shift;
      original_output_file="${1}"
      shift
      new_args="${new_args} --to-stdout"
      ;;
    *)
      new_args="${new_args} ${1}"
      shift
      ;;
  esac
done

tar ${new_args} | gpg --always-trust --encrypt --recipient ${gpg_pubkey_id} -z 0 --output ${original_output_file}
```

This has several advantages:

* Backups are never written to disk unencrypted
* Encryption can be done in one go, instead of causing the potentially heavy additional
  I/O a separate encryption step would incur.
* It's transparent for the upload stages, so you can still benefit from the integrated
  S3 (or other) uploads.
@dschneller
Related: Fix flake8: Make regex a raw string
70826b7
@timvaillancourt
Copy link
Contributor

LGTM, thanks @dschneller

@timvaillancourt timvaillancourt merged commit d771961 into Percona-Lab:master Dec 4, 2018
@dschneller dschneller deleted the tar-gpg branch December 13, 2018 12:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@timvaillancourt timvaillancourt timvaillancourt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dschneller @timvaillancourt