Fossil

Check-in [fc300d5a9a]
Login

Check-in [fc300d5a9a]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Factored the iteration count out of the encrypted backup solution in backup.md, so it isn't repeated between the backup and restore cases.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: fc300d5a9aaeb54745fc466492948611d63439bf4e4d67a84d138a6f89438a1c
User & Date: wyoung 2020-12-13 05:32:58.424
Context
2020-12-13
19:37
Updates to the fossil-v-git documentation to reduce the amount of Git-bashing and to try to make the document less confrontational. ... (check-in: 358d7d8f0e user: drh tags: trunk)
17:57
fix duplication of QUERY_STRING in the redirection URL in login_needed function, append "?anon" or "&anon" as needed to the g parameter ... (Closed-Leaf check-in: 204e5992e4 user: sdr tags: fix-login-needed-esc-anon)
05:32
Factored the iteration count out of the encrypted backup solution in backup.md, so it isn't repeated between the backup and restore cases. ... (check-in: fc300d5a9a user: wyoung tags: trunk)
2020-12-12
19:48
merged forks ... (check-in: 0872ecbef7 user: sdr tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to www/backup.md. 
199
200
201
202
203
204
205

206
207
208
209
210
211
212
213
214
215
216

leak your information. This addition to the prior scripts will encrypt
the resulting backup in such a way that the cloud copy is a useless blob
of noise to anyone without the key:

----

```shell

pass="h8TixP6Mt6edJ3d6COaexiiFlvAM54auF2AjT7ZYYn"
gd="$HOME/Google Drive/Fossil Backups/$bf.xz.enc"
fossil sql -R ~/museum/backups/"$bf" .dump | xz -9 |
    openssl enc -e -aes-256-cbc -pbkdf2 -iter 52830 -pass pass:"$pass" -out "$gd"
```

----

If you’re adding this to the first script above, remove the
“`-R repo-name`” bit so you get a dump of the repository backing the
current working directory.








>



|








199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217

leak your information. This addition to the prior scripts will encrypt
the resulting backup in such a way that the cloud copy is a useless blob
of noise to anyone without the key:

----

```shell
iter=52830
pass="h8TixP6Mt6edJ3d6COaexiiFlvAM54auF2AjT7ZYYn"
gd="$HOME/Google Drive/Fossil Backups/$bf.xz.enc"
fossil sql -R ~/museum/backups/"$bf" .dump | xz -9 |
    openssl enc -e -aes-256-cbc -pbkdf2 -iter $iter -pass pass:"$pass" -out "$gd"
```

----

If you’re adding this to the first script above, remove the
“`-R repo-name`” bit so you get a dump of the repository backing the
current working directory.

245
246
247
248
249
250
251
252
253
254
255
256
257
258
259


The “restore” script for the above fragment is basically an inverse of
it, but it’s worth showing it because there are some subtleties to take
care of. If all variables defined in earlier scripts are available, then
restoration is:

```
openssl enc -d -aes-256-cbc -pbkdf2 -iter 52830 -pass pass:"$pass" -in "$gd" |
    xz -d | fossil sql --no-repository ~/museum/restored-repo.fossil
```

We changed the `-e` to `-d` on the `openssl` command to get decryption,
and we changed the `-out` to `-in` so it reads from the encrypted backup
file and writes the result to stdout.









|








246
247
248
249
250
251
252
253
254
255
256
257
258
259
260


The “restore” script for the above fragment is basically an inverse of
it, but it’s worth showing it because there are some subtleties to take
care of. If all variables defined in earlier scripts are available, then
restoration is:

```
openssl enc -d -aes-256-cbc -pbkdf2 -iter $iter -pass pass:"$pass" -in "$gd" |
    xz -d | fossil sql --no-repository ~/museum/restored-repo.fossil
```

We changed the `-e` to `-d` on the `openssl` command to get decryption,
and we changed the `-out` to `-in` so it reads from the encrypted backup
file and writes the result to stdout.