The short version: how can I keep an rsync backup on a truecrypt volume? The hard part is to mount/unmount this volume on the fly when it is needed for rsync.
Details
This is my current backup configuration (which works fairly well for the most part):
- backup source is on Win7 64 bit, destination is a remote Linux box (Debian)
- actual data transfer is done by rsync via ssh (cwRsync with cygwin)
- rsync daemon is started on demand via ssh
On the Linux box the backup is protected by file permissions only. I want to increase security here and put the backup into a truecrypt volume. I can fuse-mount that volume manually in the shell. The question is now how can I make rsync not only open an ssh connection and starting the rsync daemon, but also to mount the truecrypt volume before (and unmount it after)?
My money is on option --rsync-path
which can be used to pass a command line to ssh – provided that stdin and stdout still work the same. I guess that command would have to be a shell script. Is this possible, and what would the script look like?
For reference, here's a quote of that option:
--rsync-path=PROGRAM
Use this to specify what program is to be run on the remote machine to start-up rsync. Often used when rsync is not in the default remote-shell's path (e.g.
--rsync-path=/usr/local/bin/rsync
). Note thatPROGRAM
is run with the help of a shell, so it can be any program, script, or command sequence you'd care to run, so long as it does not corrupt the standard-in & standard-out that rsync is using to communicate.One tricky example is to set a different default directory on the remote machine for use with the
--relative
option. For instance:
rsync -avR --rsync-path="cd /a/b && rsync" host:c/d /e/
This is the full rsync man page.
Best Answer
Meanwhile I have worked out any issues and have a solution which works for me since a few weeks. In case anybody is interested I am posting the details here. This article by Troy Johnson has helped along the way.
Prerequisites
/home/deepc/var/backup.tc
Linux
I made two shell scripts to mount and unmount the Truecrypt container on the Linux box. Those scripts are being called remotely via ssh from the Windows machine:
~/bin/backup-mount.sh:
~/bin/backup-umount.sh:
Windows
remote-backup.cmd:
Put this batch file into the task scheduler, e.g. with a daily schedule. Be sure to adjust username, remote host, ssh port, Truecrypt container password, and of course the backup paths. Sorry but I could not bring myself to clean this up more after having wasted too much time already...
With this script Rsync will read includes and excludes from two text files, e.g.:
files-from.txt:
excludes.txt:
Done?
This is answers the original question. There is only one minor issue: special characters in filenames on Windows are mangled on Linux, with ext2 being used in the TC container on Linux. I tried all combinations for the
--iconv
parameter I could think of but to no avail. Seems I have to live with that - unless some brave soul has read until here, knows the answer, and enlightens me in a comment ;-) (NTFS in the container is not an option)