--extra-clean makes old backups unrestorable

Bug #1236248 reported by az on 2013-10-07
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Duplicity
Medium
Kenneth Loafman

Bug Description

cleanup --extra-clean removes old backup chains' signature files, which i'd argue is dangerous:

- it makes those older chains unrestorable. the claim in the manpage about signatures not being needed
  for restoration is a bit unhelpful, as restore silently ignores a --time pointing to such a chain and simply
  restores from the oldest chain with signatures.
- those unusable chains still show up in collection-status, which is quite confusing
- cleanup with --extra-clean performs removal-related operations that should be handled by remove-*
  and not cleanup.

the not-overly-prominent documentation of this feature has recently caught out a debian user, see
debian bug #724594.

i'd suggest that either the manpage be amended with a bit more warning about extra-clean (see attached patch),
or that extra-clean be removed altogether.

regards,
az

az (az-debian) wrote :
edso (ed.so) wrote :

az,

your assessment reads that old chains are unrestorable.

1. is this still valid to your knowledge?
2. if so, does it make a difference if --file-to-restore is given?

..ede/duply.net

az (az-debian) wrote :

1. TTBOMK yes. the reporter of https://bugs.debian.org/cgi-bin/724594 used 0.6.22 and the changelog doesn't show anything relevant for .23 and 24.
2. i don't know as i'm not exactly eager to destroy my backup chains for neither fun nor profit; however, given that i couldn't restore anything whatsoever from a --extra-clean'd older chain i don't see how file-to-restore would affect this.

edso (ed.so) wrote :

1. thx

2. using file-to-restore might take another code path but that's just a wild guess.

generally duplicity should be able to at least restore _everything_ from the volumes alone. signatures should only be needed for incrementals and list-current-files listing.
i bet duplicity could theoretically even restore single files but would have to bandwidth-inefficiently download all volumes until it finds the entry.

..ede

Changed in duplicity:
status: New → Fix Committed
importance: Undecided → Medium
milestone: none → 0.7.01
edso (ed.so) wrote :

hey Ken,

not sure this is the proper solution. if --extra-clean makes old backups unusable we should either
1. remove --extra-clean
or
2. make backups restorable w/o need for signatures (is that possible?)

..ede

Changed in duplicity:
status: Fix Committed → Opinion
status: Opinion → In Progress
assignee: nobody → Kenneth Loafman (kenneth-loafman)

--extra-clean itself is not at fault. The fault is somewhere in duplicity. We should be able to recover complete backup sets without their signature files. I checked that out a long time ago and now it's broken. I suspect an errant assumption somewhere with all the additions we've made.

We should put the warning in, still, but perhaps add another bug report related to recovery w/o signature files.

On 01.12.2014 22:40, Kenneth Loafman wrote:
> --extra-clean itself is not at fault. The fault is somewhere in
> duplicity. We should be able to recover complete backup sets without
> their signature files. I checked that out a long time ago and now it's
> broken. I suspect an errant assumption somewhere with all the additions
> we've made.
>
> We should put the warning in, still, but perhaps add another bug report
> related to recovery w/o signature files.
>

let's just simply leave this bug report open. the comments say it all, and we'll close it if the issue is properly fixed later.

..ede

Changed in duplicity:
milestone: 0.7.01 → 0.7.02
Changed in duplicity:
milestone: 0.7.02 → none
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.