aws-glacier-backup/backup.sh

#!/usr/bin/env bash

set -o nounset
set -o errexit
set -o xtrace

dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"

if [[ ! -e "${dir}/venv" ]] ; then
    python3 -m venv "${dir}/venv"
fi
source "${dir}/venv/bin/activate"
command -v aws || pip install -r "${dir}/requirements.txt"

export GNUPGHOME="$(mktemp -d)"

bucket="${1}" ; shift
name="${1}" ; shift
filelist_script="${1}" ; shift
gpg_pubkey_file="${1}" ; shift
gpg_pubkey_id="${1}" ; shift

install --directory --owner $(id -u) --group $(id -g) --mode 700 "${GNUPGHOME}"

cleanup() {
    rm -rf "${GNUPGHOME}"
}

trap cleanup EXIT

tmpgpg() {
    gpg \
        --batch \
        --keyid-format=0xlong \
        --no-default-keyring \
        --no-options \
        --trust-model always \
        "${@}"
}

tmpgpg --import "${gpg_pubkey_file}"
tmpgpg -k

timestamp="$(date --utc -Iseconds)"

"${filelist_script}" | while read filelist ; do
    filepath="$(echo "$filelist" | cut -d ':' -f 1)"
    fifo="$(echo "$filelist" | cut -d ':' -f 2)"
    mkdir -p "$(dirname "${filepath}")"
    echo "$fifo"
    <"$fifo" tar \
        --create \
        --verbose \
        --no-auto-compress \
        --ignore-failed-read \
        --acls \
        --selinux \
        --xattrs \
        --null \
        --force-local \
        --no-recursion \
        --files-from - \
        --file - \
    | gzip \
        --to-stdout \
    | tmpgpg \
        --output - \
        --encrypt \
        --compress-algo none \
        --cipher-algo AES256 \
        --digest-algo SHA256 \
        --recipient "${gpg_pubkey_id}" \
    | aws \
        s3 cp \
        --storage-class DEEP_ARCHIVE \
        - \
        "s3://${bucket}/${name}-${timestamp}/${filepath##*(/)}.tar.gz.gpg"
done
tmp 2019-04-13 20:40:37 +02:00			`#!/usr/bin/env bash`

			`set -o nounset`
			`set -o errexit`
tmp 2019-04-13 20:51:27 +02:00			`set -o xtrace`

Handle project root correctly 2019-04-13 22:10:45 +02:00			`dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"`

			`if [[ ! -e "${dir}/venv" ]] ; then`
			`python3 -m venv "${dir}/venv"`
Add dynamic venv setup 2019-04-13 22:04:29 +02:00			`fi`
Handle project root correctly 2019-04-13 22:10:45 +02:00			`source "${dir}/venv/bin/activate"`
			`command -v aws \|\| pip install -r "${dir}/requirements.txt"`
Add dynamic venv setup 2019-04-13 22:04:29 +02:00
Handle project root correctly 2019-04-13 22:10:45 +02:00			`export GNUPGHOME="$(mktemp -d)"`
tmp 2019-04-13 21:10:58 +02:00
tmp 2019-04-13 20:51:27 +02:00			`bucket="${1}" ; shift`
			`name="${1}" ; shift`
Use dynamic file listing script 2019-04-28 20:28:18 +02:00			`filelist_script="${1}" ; shift`
Do not hardcode GPG pubkey 2019-04-24 20:52:12 +02:00			`gpg_pubkey_file="${1}" ; shift`
			`gpg_pubkey_id="${1}" ; shift`
Enabling reading dirlist from file 2019-04-18 18:58:35 +02:00
tmp 2019-04-13 21:10:58 +02:00			`install --directory --owner $(id -u) --group $(id -g) --mode 700 "${GNUPGHOME}"`

tmp 2019-04-13 20:40:37 +02:00			`cleanup() {`
tmp 2019-04-13 21:10:58 +02:00			`rm -rf "${GNUPGHOME}"`
tmp 2019-04-13 20:40:37 +02:00			`}`

			`trap cleanup EXIT`

			`tmpgpg() {`
			`gpg \`
			`--batch \`
Enabling reading dirlist from file 2019-04-18 18:58:35 +02:00			`--keyid-format=0xlong \`
tmp 2019-04-13 20:40:37 +02:00			`--no-default-keyring \`
			`--no-options \`
tmp 2019-04-13 21:10:58 +02:00			`--trust-model always \`
tmp 2019-04-13 20:40:37 +02:00			`"${@}"`
			`}`

Do not hardcode GPG pubkey 2019-04-24 20:52:12 +02:00			`tmpgpg --import "${gpg_pubkey_file}"`
Enabling reading dirlist from file 2019-04-18 18:58:35 +02:00			`tmpgpg -k`

			`timestamp="$(date --utc -Iseconds)"`

Use dynamic file listing script 2019-04-28 20:28:18 +02:00			`"${filelist_script}" \| while read filelist ; do`
			`filepath="$(echo "$filelist" \| cut -d ':' -f 1)"`
			`fifo="$(echo "$filelist" \| cut -d ':' -f 2)"`
			`mkdir -p "$(dirname "${filepath}")"`
			`echo "$fifo"`
			`<"$fifo" tar \`
			`--create \`
			`--verbose \`
			`--no-auto-compress \`
			`--ignore-failed-read \`
			`--acls \`
			`--selinux \`
			`--xattrs \`
			`--null \`
			`--force-local \`
			`--no-recursion \`
			`--files-from - \`
			`--file - \`
			`\| gzip \`
			`--to-stdout \`
			`\| tmpgpg \`
			`--output - \`
			`--encrypt \`
Disable redundant compression in gpg 2019-05-20 22:42:30 +02:00			`--compress-algo none \`
Specify cipher algos explicitly 2019-05-20 22:42:51 +02:00			`--cipher-algo AES256 \`
			`--digest-algo SHA256 \`
Use dynamic file listing script 2019-04-28 20:28:18 +02:00			`--recipient "${gpg_pubkey_id}" \`
			`\| aws \`
			`s3 cp \`
Use DEEP_ARCHIVE storage class 2019-05-20 22:02:41 +02:00			`--storage-class DEEP_ARCHIVE \`
Use dynamic file listing script 2019-04-28 20:28:18 +02:00			`- \`
Fix path combination to prevent "empty" parts 2019-05-20 22:34:38 +02:00			`"s3://${bucket}/${name}-${timestamp}/${filepath##*(/)}.tar.gz.gpg"`
Enabling reading dirlist from file 2019-04-18 18:58:35 +02:00			`done`