This is how I solved my first backup task. An overview of my backup project is found here.

The task is to make incremental backup’s of my subversion repository and store the backup on Amazon S3. I found a blog post by Damon Timm describing how to do incremental backups to S3 using a piece of software called Duplicity. Damon’s is based on OS X or Ubuntu, so it is quite similar to my install, since my server runs Debian. There are a few differences however, such as no sudo command and i had to generate the gpg key on another machine.

Installation of the software

First thing first. Log in as root and issue an apt-get update:

su root
apt-get update

Time to install Duplicity. The latest version at time I installed the software was 0.5.16. Check Duplicity’s download page to see if there has been a new version made available:

apt-get build-dep duplicity
aptitude install python-boto ncftp
wget http://savannah.nongnu.org/download/duplicity/duplicity-0.5.16.tar.gz
tar xvzf duplicity-0.5.16.tar.gz
cd duplicity-0.5.16/
python setup.py install

We also need a piece of software called s3cmd, so that is installed next

apt-get install s3cmd

Encryption

As mentioned earlier i couldn’t get the server to generate a new key for me. It just kept hanging with a message that it needed more entropy. To overcome this problem i generated the key on a different machine, exported it, imported it to the server and changed the trust, so I could use it.

Generate and export the key

I booted Ubuntu 9.04 from a Live CD and once logged in I generated the key with the default choices:

gpg --gen-key

To export the key run the following command, substituting NAME with the name from the key and FILE with the file to save the key in.

gpg -a --export-secret-keys NAME > FILE

Import the key

After copying the key to the server, it is loaded with the following command,  substituting  FILE as described above.

gpg --allow-secret-key-import --import FILE

Next is to change the trust level on the key, otherwise Duplicity will complain and quit, rendering encrypted use of Duplicity useless. Substitute NAME with the name from the key.

gpg --edit-key NAME

This will put you in a console. Type “trust” and choose 5, I trust ultimately. After the trust have been set, you leave the console again by typing “quit”.

Passphrase

The last thing to consider is the passphrase used for the key. I have my key stored in a file that has been chmod’ed to 0600.

nano ~/.gnupg/.gpg-passphrase

Enter the passphrase and press Ctrl^O to save and then Ctrl^X to exit. Finally the rights on the file has to be modified.

chmod 0600 ~/.gnupg/.gpg-passphrase

The Script

Now that all the software bits have been set up, it is time to make a script that can take care of the backup procedure. And that script is described here .