Difference between pages "Clang" and "Cloud Backup"

From Funtoo
(Difference between pages)
Jump to navigation Jump to search
 
 
Line 1: Line 1:
== Introduction ==
This howto will describe a method for automatically backing up your funtoo install to the internet, in this case dropbox, but any online storage will do. Gentoo describes a method of creating a stage 4 archive. The problem with a stage 4 is that it is large and it archives a lot of unnecessary files. Such as applications that can be reinstalled from an emerge world. Instead, this method will aim for more of a "stage 3.5."
LLVM can be used as an alternative to GNU's compiler, GCC. The main benefit of using LLVM compilers instead of GCC is their lower memory usage, faster compile time and better diagnostics. There are some Benchmarks on the [http://clang.llvm.org/features.html#performance Clang] and [http://www.phoronix.com/scan.php?page=article&item=llvm3_gcc_open64 Phoronix] homepages.


It may happen that some programs do not compile (like glibc) because they depend on GCC-specific language extensions [http://gcc.gnu.org/onlinedocs/gcc/C-Extensions.html] (this is why the whole BSD code can be compiled with LLVM but some GNU code cannot) or segfault after successful compilation with LLVM (like xorg-server) but after following this guide, the system will still be able to compile packages with gcc. So if something goes wrong, it can be switched back to gcc for the particular package by uncommenting lines in /etc/make.conf and the bug should be reported.
{{fancynote| This method does not attempt to backup everything. The intention is only to backup the system. Optionally you can also archive and copy your <tt>/home</tt> folder if you have enough online storage.}}


LLVM's C/C++ frontends clang and clang++ version 3.0 are stable enough to be self-hosting [http://blog.llvm.org/2010/02/clang-successfully-self-hosts.html] and compile Boost [http://blog.llvm.org/2010/05/clang-builds-boost.html], Qt [http://labs.qt.nokia.com/2010/10/29/compiling-qt-with-clang/], LibreOffice [http://wiki.documentfoundation.org/Development/Building_LibreOffice_with_Clang], FreeBSD [http://wiki.freebsd.org/BuildingFreeBSDWithClang], some parts of the Linux kernel [http://lwn.net/Articles/411654/] and more.
== Use Case ==
A backup machine currently provides network drives on a home LAN to allow clients on the LAN to backup to, using apps such as Time Machine (Mac) and Genie Timeline (Windows). As this machine ''is'' the backup machine it doesn't have anywhere to backup to itself. In this situation a backup solution is provided by backing up to somewhere online - dropbox. If a restore from the backup is required, the client machine's backups would be trashed, and the backup machine restored.


Further, using LLVM 3.0 and up, there is a third way to compile with LLVM: the dragonegg package creates a gcc-plugin, that uses LLVM's optimizers but parses the code and creates binaries with gcc, which means that everything that compiles and works with gcc should work with dragonegg also. This plugin can be enabled by using a single CFLAG. Since LLVM 3.0 the old llvm-gcc package is deprecated and replaced by dragonegg, so it will disappear from portage with llvm version 2.9.
== Automatic Backup Archives With Etckeeper ==
Etckeeper is a tool that is used to save versions of <tt>/etc</tt>, including meta-data in a version control repository such as git.
As etckeeper is not in the funtoo portage tree, layman is used to provide an overlay.
=== Install etckeeper via layman ===
Before you install layman it is worth mentioning that you probably want <tt>USE="git subversion"</tt> in <tt>/etc/portage/make.conf</tt>. After adjusting use flags, to install layman you run:
<console>
###i## emerge layman
</console>
In order to backup the layman configuration, but not the portage overlay trees, make the following modifications to the default install.
Tell Portage about layman-fetched repositories by adding the following line to <tt>/etc/portage/make.conf</tt>:


==LLVM Frontends==
<pre>
To be able to compile some sourcecode of a specific language, LLVM needs an appropriate frontend. There are clang, llvm-gcc and dragonegg in portage.
source /etc/layman/make.conf
</pre>


The goal of the Clang project is to create a new C, C++, Objective C and Objective C++ front-end for the LLVM compiler.
Modify the following lines in <tt>/etc/layman/layman.cfg</tt>:


llvm-gcc is a modified version of gcc that compiles C/ObjC programs into native objects, LLVM bitcode or LLVM assembly language, depending upon the options. As written in the previous section, dragonegg replaced llvm-gcc in version 3.0.
<pre>
 
storage  : /var/lib/layman
So after installing llvm, clang and dragonegg, you will be able to choose between gcc and llvm whenever you like or use them both at the same time.
installed : /etc/layman/installed.xml
make_conf : /etc/layman/make.conf
</pre>


== Install LLVM and its Frontends ==
Add the bgo-overlay. As described on their web page, [http://bgo.zugaina.org/ bgo.zugaina.org].  
Simply emerge the packages on ~arch systems. On arch systems you have to unmask some packages first. dragonegg requires gcc's ''lto'' USE-flag to be set and works with gcc 4.5 and gcc 4.6.
<console>
<console>
###i## emerge llvm clang dragonegg
###i## layman -o http://gpo.zugaina.org/lst/gpo-repositories.xml -L
###i## layman -a bgo-overlay -o http://gpo.zugaina.org/lst/gpo-repositories.xml
</console>
</console>
Note, that for clang++ the C++ headers search path is hardcoded to the active gcc profile.
If you change the active gcc profile, or update gcc to a new version, you will have to remerge clang to update the search path.


To use dragonegg, run gcc as usual, with an extra command line argument <tt>-fplugin=/usr/lib/llvm/dragonegg.so</tt>
More information about layman can be found here: http://www.gentoo.org/proj/en/overlays/userguide.xml
If you change the active gcc profile, or update gcc to a new version, you will have to remerge dragonegg to update the plugin.


After the installation, check which CPUs are supported by using the command
Then unmask and install etckeeper.
<console>
<console>
###i## llvm-as < /dev/null | llc -mcpu=help
###i## emerge etckeeper --autounmask-write
###i## emerge etckeeper
</console>
</console>
and then add the following lines to <code>/etc/make.conf</code> (uncommenting the lines you need) to enable compilation via LLVM, adapting the march-option according to the previous command:


in <code>/etc/portage/make.conf</code>:
{{fancynote| To update layman overlays do:}}
<console>
###i## layman -S
</console>


<pre>
# LLVM
#CC="/usr/bin/clang"
#CXX="/usr/bin/clang++"


# llvm-gcc for C++ code and fortran
If you see the following error -- apply this fix:
# llvm-gcc is deprecated and only used with LLVM 2.9
<console>
#CC="/usr/bin/llvm-gcc"
###i## emerge etckeeper
#CXX="/usr/bin/llvm-g++"
Calculating dependencies... done!
#CPP="/usr/bin/llvm-cpp"
>>> Verifying ebuild manifests
#F77="/usr/bin/llvm-gfortran"
!!! A file is not listed in the Manifest: '/var/lib/layman/bgo-overlay/sys-apps/etckeeper/files/etckeeper-gentoo-0.58.patch'


# Flags for clang: Insert your arch here instead of k8 and have a look at the manpage of clang for flag descriptions.
###i## cd /var/lib/layman/bgo-overlay/sys-apps/etckeeper
# Some gcc flags like -pipe and -pthread also work, though they might be ignored by clang.
###i## ebuild etckeeper-0.58-r2.ebuild manifest
#CFLAGS="-march=k8 -O2"
###i## emerge etckeeper
</console>


# Flags for dragonegg; just use all the gcc flags you like and append -fplugin=/path/to/dragonegg.so
== Configure etckeeper ==
#CFLAGS="-march=k8 -O2 -fplugin=/usr/lib64/llvm/dragonegg.so"
Move any config files that do not live in <tt>/etc</tt>. i.e.  
</pre>
Check <tt>/root</tt> for any files to be archive, such as iptables scripts and move them to <tt>/etc</tt>.


{{Fancynote| Have a look at clang's manpages for additional information. If you get errors that your compiler cannot produce code, you should check your flags, e.g. don't use <tt>-O4 -flto -S</tt> or stuff like that; the examples above will work.}}
{{fancynote| because funtoo uses [[Boot-Update]], this means <tt>/boot/grub/grub.cfg</tt> does not need to be archived.}}


== Using clang with portage ==
To ensure your portage world file is archived, make the following link:
<console>
###i## ln /var/lib/portage/world /etc/world
</console>


Although Gentoo package tree is not designed to be used with compiler other than GCC, clang can be enforced on most of the packages through ''CC'' and ''CXX'' variables.
Initialise the git repository.
<console>
###i## etckeeper init
Initialized empty Git repository in /etc/.git/
###i## etckeeper commit "Initial commit."
</console>


Please note, however, that many of Gentoo packages still don't build with clang and a few don't work correctly after being built. That's why we suggest using <tt>/etc/portage/env</tt> file to enable the use of clang per-package.
If you don't already have cron installed, emerge it now.
<console>
###i## emerge vixie-cron
</console>
And write the cron job to save an hourly version of <tt>/etc</tt>.


In order to do that, first create a new environment override to use in <code>/etc/portage/env/clang</code>:
{{fancynote| git will only create a new version (commit) if there are changes from the previous one.}}
Edit the file <tt>/etc/cron.hourly/etckeeper:


<pre>
<pre>
CC=clang
#! /bin/bash
CXX=clang++
etckeeper commit "Hourly auto-commit"
</pre>
</pre>


Then you can enable use of clang for packages using the [[:/etc/portage/env|/etc/portage/package.env]] file:
== Encrypt and copy backups online ==
=== Copy To Dropbox ===
<console>
###i## emerge dropbox
</console>
 
Add a dropbox user:
<console>
###i## useradd dropbox
</console>
 
Write the dropbox init files in <tt>/etc/conf.d/dropbox</tt>:


<pre>
<pre>
app-foo/bar clang
DROPBOX_USERS="dropbox"
app-bar/baz clang
</pre>
</pre>
<br>
<pre>
#!/sbin/runscript
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License, v2 or later
# $Header: /var/cvsroot/gentoo-x86/sys-fs/dropbox/files/dropbox.init-1.0,v 1.4 2007/04/04 13:35:25 cardoe Exp $
NICENESS=5
depend() {
    need localmount net
    after bootmisc
}
start() {
    ebegin "Starting dropbox..."
    for dbuser in $DROPBOX_USERS; do
        start-stop-daemon -S -b -m --pidfile /var/run/dropbox-$dbuser.pid  -N $NICENESS -u $dbuser -v -e HOME="/home/$dbuser" -x /opt/dropbox/dropboxd
    done
    eend $?
}


If you want to use clang by default you can and need to specify some core packages. Here is small list of core packages that are currently failing on clang, but not that could be outdated:
stop() {
    ebegin "Stopping dropbox..."
    for dbuser in $DROPBOX_USERS; do
        start-stop-daemon --stop --pidfile /var/run/dropbox-$dbuser.pid
    done
    eend $?
}


<pre>
status() {
CC=gcc
    for dbuser in $DROPBOX_USERS; do
CXX=g++
        if [ -e /var/run/dropbox-$dbuser.pid ] ; then
            echo "dropboxd for USER $dbuser: running."
        else
            echo "dropboxd for USER $dbuser: not running."
        fi
    done
    eend $?
}
</pre>
</pre>
Start dropbox now and at boot time:
<console>
###i## chmod 0755 /etc/init.d/dropbox
###i## /etc/init.d/dropbox start
###i## rc-update add dropbox default
</console>


in addition, it is recommended to add compiler flags there (<tt>/etc/portage/env/gcc</tt>:
After starting the dropbox daemon, it will provide a http link. You will need to visit this site just once to associate your computer with your dropbox account.
 
Write the cron job to make the backup archive and move it online. Edit the file <tt>/etc/cron.daily/backup</tt>:


<pre>
<pre>
CFLAGS="-O2 -march=native -mtune=native -pipe"
#! /bin/bash
CXXFLAGS="-O2 -march=native -mtune=native -pipe"
cd /etc
LDFLAGS="-Wl,--as-needed"
git bundle create /tmp/backup.bundle --all
#You can disable gold link here
cd /tmp
#EXTRA_ECONF="--enable-gold=default"
mv -v -f backup.bundle /home/dropbox/Dropbox/Private/
</pre>
</pre>


And in <code>/etc/portage/package.env</code>:
Make the script executable:
<console>
###i## chmod +x /etc/cron.daily/backup
</console>
 
=== Encrypt Backups ===
It is a good idea to encrypt your backup before moving it online. This can be done with gpg, using a symmetric (password only) or public/private key encryption. Additionally you can chose to sign the backup to check its integrity before restoring.
<console>
###i## emerge gpg
</console>
 
==== Symmetric Encryption ====
There is no preparation required to use a symmetric key as all that is required is simply a passphrase.  Just modify the cron job. Edit <tt>/etc/cron.daily/backup</tt>:


<pre>
<pre>
#---------------CORE PACKAGES TO BUILD WITH GCC:
#! /bin/bash
sys-apps/which gcc
cd /etc
sys-fs/reiserfsprogs gcc
git bundle create /tmp/backup.bundle --all
sys-libs/ncurses gcc
cd /tmp
sys-libs/zlib gcc
echo 'encryption_password' | gpg -o backup.gpg --batch --homedir /root/.gnupg -vvv  --passphrase-fd 0 --yes -c backup.bundle
sys-apps/busybox gcc
mv -v -f router.gpg /home/dropbox/Dropbox/Private/
sys-fs/e2fsprogs gcc
sys-devel/binutils gcc
sys-libs/glibc gcc
sys-devel/dragonegg gcc
dev-libs/openssl gcc
sys-boot/grub gcc
#---------------USER PACKAGES TO BUILD WITH GCC:
sys-apps/pacman gcc
www-client/firefox gcc
x11-libs/cairo gcc
media-libs/mesa gcc
</pre>
</pre>
{{fancyimportant| Remember to change "encryption_password"}}


If you have {{Package|app-portage/flaggie}} installed, you can modify <code>/etc/portage/package.env</code> by running the following:
{{fancywarning| If you forget this password the backup will be unusable. Lose the password and you lose the backup.}}
 
As there is now sensitive information in this file, you might want to remove read permission:
<console>
<console>
###i## flaggie app-foo/bar app-bar/baz +clang
###i## chmod og-r /etc/cron.daily/backup
</console>
</console>


== Enabling link-time optimizations ==
==== Private/Public key Encryption ====
Make a private/public encryption/decryptions key pair. The public key will be used to encrypt and the private key to decrypt.
<console>
###i## gpg --gen-key
</console>
The public key is used to create the encrypted backup and needs to live on the computer being backed up. A copy of the private key needs to be made and stored securely in another place. If this machine becomes unbootable, and this is the only place the private key lives, the backup dies with it.
The private key should not be kept:
# In the same place as the back up
# On the machine being backed up
{{fancynote| The private key is the only key that will decrypt the backup. Lose this key and/or it's password and you lose the backup.}}


The ''link-time optimization'' feature defers optimizing the resulting executables to linking phase. This can result in better optimization of packages but is unsupported in Gentoo, and many packages simply fail to build.
List the private keys:
<console>
###i## gpg -K
/root/.gnupg/secring.gpg
------------------------
sec  2048R/0EF13559 2012-01-21
uid                  my_key <noone@example.com>
ssb  2048R/67417FEB 2012-01-21
</console>


When using LTO, clang compiles units into LLVM byte-code rather than machine code. In order to support linking such object files, the [[gold]] linker must be installed and set as the default linker, as it does support plugins.
The private key can be exported using either the key name or key number. In this case "my_key" or "0EF13559".
To cut and paste the key. Ie, if logging in remotely.
<console>
###i## gpg -a --export-secret-key 0EF13559
</console>


Similarly, ''ar'' needs plugin support as well. Sadly, binutils ar doesn't support passing '--plugin'' option before the actual command. Thus, we need to create a wrapper for it in <code>/usr/local/bin/clang-ar</code>:
To create a key file:
<console>
###i## gpg -o private_decryption.gpgkey --export-secret-key 0EF13559
</console>
 
Now store this key somewhere secure. The backup is only as secure as the private key.
 
Modify the cron job at <tt>/etc/cron.daily/backup</tt>:


<pre>
<pre>
#!/bin/sh
#! /bin/bash
firstarg=${1}
cd /etc
shift
git bundle create /tmp/backup.bundle --all
cd /tmp
gpg -o backup.gpg -r 'my-key' --batch --homedir /root/.gnupg -vvv  --passphrase-fd 0 --yes -e backup.bundle
mv -v -f backup.gpg /home/dropbox/Dropbox/Private/
</pre>
 
Replace "my-key" with the appropriate name from the key list.
Also note the change from -c for symmetric encryption to -e for private/public key encryption
 
==== Sign Backups ====
Create a 2nd private/public (signing) key pair. The private key is used to sign and the public key is used to check the authenticity/integrity.
<console>
###i## gpg --gen-key
</console>
 
{{fancynote| The password for this key will be required in the script below.}}
In this case the private key is required to sign the backup and the public key is used to check the integrity of the backup.
Follow a similar process as above to copy the public key to to another computer/storage media.
 
List the private keys:
<console>
###i## gpg -k
</console>
{{fancynote| <tt>-K</tt> lists private keys while <tt>-k</tt> lists public keys.}}
 
Then export this public key via cut and paste:
<console>
###i## gpg -a --export <key name or number>
</console>
 
Or to create a key file:
<console>
###i## gpg -o public_signing.gpgkey --export <key name or number>
</console>


exec /usr/bin/ar "${firstarg}" --plugin /usr/lib/llvm/LLVMgold.so "${@}"
Now store this key somewhere secure.
</pre>


If that's done, you can create a new environment override profile for LTO-enabled clang in <code>/etc/portage/env/clang-lt</code>:
Modify the backup cron job at <tt>/etc/cron.daily/backup</tt>:


<pre>
<pre>
CC='clang'
#! /bin/bash
CXX='clang++'
cd /etc
CFLAGS="${CFLAGS} -O4"
git bundle create /tmp/backup.bundle --all
CXXFLAGS="${CXXFLAGS} -O4"
cd /tmp
LDFLAGS="${LDFLAGS} -O4 -Wl,-plugin,/usr/lib/llvm/LLVMgold.so"
echo 'signing_key_password' | gpg -s -o backup.gpg -r 'my-encryption-key' --batch --homedir /root/.gnupg -vvv  --passphrase-fd 0 --yes -e backup.bundle
AR='/usr/local/bin/clang-ar'
mv -v -f backup.gpg /home/dropbox/Dropbox/Private/
RANLIB=':'
NM='nm --plugin /usr/lib64/llvm/LLVMgold.so'
</pre>
</pre>


Note that the link-time optimizations were indirectly enabled here via ''-O4''. If you don't want to enable other optimizations enforced by ''-O3'', please use ''-flto'' instead. You need to also pass optimization flags when linking because that's where clang needs them.
{{fancynote| the script will require the password for your private (signing) key to sign the backup. Replace "password" with the password for your signing private key.
And as there is sensitive information in this file don't forget to remove read permission.}}
<console>
###i## chmod og-r /etc/cron.daily/backup
</console>
 
== To Restore From A Backup ==
This restore will assume your are starting with a new blank disk.
Start by performing a stage 3 install, upto and including section 5 "Chroot into your new system." http://www.funtoo.org/wiki/Funtoo_Linux_Installation
 
Then the restore process is:
# Download backup from dropbox
# Decrypt
# Clone
# Link world file
# Emerge world
# Compile the kernel
# Restore grub bootloader
# Reboot
 
== Download backup from dropbox ==
Log into your dropbox account and find your backup file. Move it to a public area if it isn't already in one. Then right click on it and click "copy public link."
Now on the computer to be restored, delete the contents of the /etc folder and download the backup file.
 
(Need to check if this needs done before chrooting into the new install).
<console>
###i## cd /etc
###i## rm -rf *
###i## cd /tmp
###i## wget http://dl.dropbox.com/link-to-backup-file/backup.gpg
</console>
 
{{fancynote| if you have to copy the link from another computer and therefore can not cut and paste it, there is a "shorten link" option.}}
 
== Decrypt ==
If you used a public/private key to encrypt, and optionally signed the backup, import the decryption and signing keys.
 
Note:
# The decryption key is the private key of the encryption key pair - private_decryption.gpgkey
# The signing key is the public key of the signing key pair - public_signing.gpgkey
 
To import the keys by cut and paste:
<console>
###i## gpg --import <<EOF
</console>
{{fancynote| The last line after pasting the key should be "EOF"}}
Repeat for both keys.
 
To import the keys by file:
<console>
###i## gpg --import private_decryption.gpgkey
###i## gpg --import public_signing.gpgkey
</console>
 
Decrypt the backup:
<console>
###i## gpg -d backup.gpg > backup.bundle
</console>
 
If the backup was signed and you have correctly imported the signing public key you should see a message similar to:
<console>
gpg: Good signature from "my_signing_key <noone@example.com>"
</console>


You may also need to adjust the libdir path to plugin. Newer (live) versions of clang add `-plugin` when linking automatically, so `-Wl,-plugin`… is no longer necessary.
== Clone ==
<console>
###i## git clone /tmp/backup.bundle /etc/
</console>


== Using clang with distcc ==
== Link world file ==
<console>
###i## ln /etc/world /var/lib/portage/world
</console>


In order to use clang on distcc client, additional symlinks have to be created in <code>/usr/lib*/distcc/bin</code>:
== Emerge world ==
<console>
<console>
###i## ln -s /usr/bin/distcc /usr/lib/distcc/bin/clang
###i## emerge --sync
###i## ln -s /usr/bin/distcc /usr/lib/distcc/bin/clang++
###i## layman -S
###i## emerge -uDaNv world
</console>
</console>


{{GLW|src=http://wiki.gentoo.org/wiki/Clang}}
== Compile the kernel (genkernel)==
If you have genkernel set to save config files (the default):
<console>
###i## cp /etc/kernels/kernel-config-x86_64-<latest version>-gentoo /usr/src/linux/.config
</console>
 
Otherwise use the currently loaded kernel's config:
<console>
###i## zcat /proc/config.gz > /usr/src/linux/.config
</console>
 
Then compile the kernel:
<console>
###i## genkernel --oldconfig --no-mrproper all
</console>
 
== Restore grub bootloader ==
<console>
###i## grub-install --no-floppy /dev/sda
###i## boot-update
</console>
 
Adjust the device as required if installing to another location.
 
== Reboot ==
<console>
###i## reboot
</console>


[[Category:First Steps]]
[[Category:HOWTO]]
[[Category:HOWTO]]

Revision as of 18:14, June 27, 2014

This howto will describe a method for automatically backing up your funtoo install to the internet, in this case dropbox, but any online storage will do. Gentoo describes a method of creating a stage 4 archive. The problem with a stage 4 is that it is large and it archives a lot of unnecessary files. Such as applications that can be reinstalled from an emerge world. Instead, this method will aim for more of a "stage 3.5."

   Note
This method does not attempt to backup everything. The intention is only to backup the system. Optionally you can also archive and copy your /home folder if you have enough online storage.

Use Case

A backup machine currently provides network drives on a home LAN to allow clients on the LAN to backup to, using apps such as Time Machine (Mac) and Genie Timeline (Windows). As this machine is the backup machine it doesn't have anywhere to backup to itself. In this situation a backup solution is provided by backing up to somewhere online - dropbox. If a restore from the backup is required, the client machine's backups would be trashed, and the backup machine restored.

Automatic Backup Archives With Etckeeper

Etckeeper is a tool that is used to save versions of /etc, including meta-data in a version control repository such as git. As etckeeper is not in the funtoo portage tree, layman is used to provide an overlay.

Install etckeeper via layman

Before you install layman it is worth mentioning that you probably want USE="git subversion" in /etc/portage/make.conf. After adjusting use flags, to install layman you run: 

root # emerge layman

In order to backup the layman configuration, but not the portage overlay trees, make the following modifications to the default install. Tell Portage about layman-fetched repositories by adding the following line to /etc/portage/make.conf: 

source /etc/layman/make.conf

Modify the following lines in /etc/layman/layman.cfg: 

storage   : /var/lib/layman
installed : /etc/layman/installed.xml
make_conf : /etc/layman/make.conf

Add the bgo-overlay. As described on their web page, bgo.zugaina.org. 

root # layman -o http://gpo.zugaina.org/lst/gpo-repositories.xml -L
root # layman -a bgo-overlay -o http://gpo.zugaina.org/lst/gpo-repositories.xml

More information about layman can be found here: http://www.gentoo.org/proj/en/overlays/userguide.xml

Then unmask and install etckeeper. 

root # emerge etckeeper --autounmask-write
root # emerge etckeeper
   Note
To update layman overlays do:

root # layman -S


If you see the following error -- apply this fix: 

root # emerge etckeeper
Calculating dependencies... done!
>>> Verifying ebuild manifests
!!! A file is not listed in the Manifest: '/var/lib/layman/bgo-overlay/sys-apps/etckeeper/files/etckeeper-gentoo-0.58.patch'

root # cd /var/lib/layman/bgo-overlay/sys-apps/etckeeper
root # ebuild etckeeper-0.58-r2.ebuild manifest
root # emerge etckeeper

Configure etckeeper

Move any config files that do not live in /etc. i.e. Check /root for any files to be archive, such as iptables scripts and move them to /etc.

   Note
because funtoo uses Boot-Update, this means /boot/grub/grub.cfg does not need to be archived.

To ensure your portage world file is archived, make the following link: 

root # ln /var/lib/portage/world /etc/world

Initialise the git repository. 

root # etckeeper init
Initialized empty Git repository in /etc/.git/
root # etckeeper commit "Initial commit."

If you don't already have cron installed, emerge it now. 

root # emerge vixie-cron

And write the cron job to save an hourly version of /etc.

   Note
git will only create a new version (commit) if there are changes from the previous one.

Edit the file /etc/cron.hourly/etckeeper: 

#! /bin/bash
etckeeper commit "Hourly auto-commit"

Encrypt and copy backups online

Copy To Dropbox

root # emerge dropbox

Add a dropbox user: 

root # useradd dropbox

Write the dropbox init files in /etc/conf.d/dropbox: 

DROPBOX_USERS="dropbox" 



#!/sbin/runscript 
# Copyright 1999-2004 Gentoo Foundation 
# Distributed under the terms of the GNU General Public License, v2 or later 
# $Header: /var/cvsroot/gentoo-x86/sys-fs/dropbox/files/dropbox.init-1.0,v 1.4 2007/04/04 13:35:25 cardoe Exp $ 

NICENESS=5 

depend() { 
    need localmount net 
    after bootmisc 
} 

start() { 
    ebegin "Starting dropbox..." 
    for dbuser in $DROPBOX_USERS; do 
        start-stop-daemon -S -b -m --pidfile /var/run/dropbox-$dbuser.pid  -N $NICENESS -u $dbuser -v -e HOME="/home/$dbuser" -x /opt/dropbox/dropboxd 
    done 
    eend $? 
} 

stop() { 
    ebegin "Stopping dropbox..." 
    for dbuser in $DROPBOX_USERS; do 
        start-stop-daemon --stop --pidfile /var/run/dropbox-$dbuser.pid 
    done 
    eend $? 
} 

status() { 
    for dbuser in $DROPBOX_USERS; do 
        if [ -e /var/run/dropbox-$dbuser.pid ] ; then 
            echo "dropboxd for USER $dbuser: running." 
        else 
            echo "dropboxd for USER $dbuser: not running." 
        fi 
    done 
    eend $? 
}

Start dropbox now and at boot time: 

root # chmod 0755 /etc/init.d/dropbox 
root # /etc/init.d/dropbox start
root # rc-update add dropbox default

After starting the dropbox daemon, it will provide a http link. You will need to visit this site just once to associate your computer with your dropbox account.

Write the cron job to make the backup archive and move it online. Edit the file /etc/cron.daily/backup: 

#! /bin/bash
cd /etc
git bundle create /tmp/backup.bundle --all
cd /tmp
mv -v -f backup.bundle /home/dropbox/Dropbox/Private/

Make the script executable: 

root # chmod +x /etc/cron.daily/backup

Encrypt Backups

It is a good idea to encrypt your backup before moving it online. This can be done with gpg, using a symmetric (password only) or public/private key encryption. Additionally you can chose to sign the backup to check its integrity before restoring. 

root # emerge gpg

Symmetric Encryption

There is no preparation required to use a symmetric key as all that is required is simply a passphrase. Just modify the cron job. Edit /etc/cron.daily/backup: 

#! /bin/bash
cd /etc
git bundle create /tmp/backup.bundle --all
cd /tmp
echo 'encryption_password' | gpg -o backup.gpg --batch --homedir /root/.gnupg -vvv  --passphrase-fd 0 --yes -c backup.bundle
mv -v -f router.gpg /home/dropbox/Dropbox/Private/
   Important
Remember to change "encryption_password"
   Warning
If you forget this password the backup will be unusable. Lose the password and you lose the backup.

As there is now sensitive information in this file, you might want to remove read permission: 

root # chmod og-r /etc/cron.daily/backup

Private/Public key Encryption

Make a private/public encryption/decryptions key pair. The public key will be used to encrypt and the private key to decrypt. 

root # gpg --gen-key

The public key is used to create the encrypted backup and needs to live on the computer being backed up. A copy of the private key needs to be made and stored securely in another place. If this machine becomes unbootable, and this is the only place the private key lives, the backup dies with it. The private key should not be kept:

  1. In the same place as the back up
  2. On the machine being backed up
   Note
The private key is the only key that will decrypt the backup. Lose this key and/or it's password and you lose the backup.

List the private keys: 

root # gpg -K
/root/.gnupg/secring.gpg
------------------------
sec   2048R/0EF13559 2012-01-21
uid                  my_key <noone@example.com>
ssb   2048R/67417FEB 2012-01-21

The private key can be exported using either the key name or key number. In this case "my_key" or "0EF13559". To cut and paste the key. Ie, if logging in remotely. 

root # gpg -a --export-secret-key 0EF13559

To create a key file: 

root # gpg -o private_decryption.gpgkey --export-secret-key 0EF13559

Now store this key somewhere secure. The backup is only as secure as the private key.

Modify the cron job at /etc/cron.daily/backup: 

#! /bin/bash
cd /etc
git bundle create /tmp/backup.bundle --all
cd /tmp
gpg -o backup.gpg -r 'my-key' --batch --homedir /root/.gnupg -vvv  --passphrase-fd 0 --yes -e backup.bundle
mv -v -f backup.gpg /home/dropbox/Dropbox/Private/

Replace "my-key" with the appropriate name from the key list. Also note the change from -c for symmetric encryption to -e for private/public key encryption

Sign Backups

Create a 2nd private/public (signing) key pair. The private key is used to sign and the public key is used to check the authenticity/integrity. 

root # gpg --gen-key
   Note
The password for this key will be required in the script below.

In this case the private key is required to sign the backup and the public key is used to check the integrity of the backup. Follow a similar process as above to copy the public key to to another computer/storage media.

List the private keys: 

root # gpg -k
   Note
-K lists private keys while -k lists public keys.

Then export this public key via cut and paste: 

root # gpg -a --export <key name or number>

Or to create a key file: 

root # gpg -o public_signing.gpgkey --export <key name or number>

Now store this key somewhere secure.

Modify the backup cron job at /etc/cron.daily/backup: 

#! /bin/bash
cd /etc
git bundle create /tmp/backup.bundle --all
cd /tmp
echo 'signing_key_password' | gpg -s -o backup.gpg -r 'my-encryption-key' --batch --homedir /root/.gnupg -vvv  --passphrase-fd 0 --yes -e backup.bundle 
mv -v -f backup.gpg /home/dropbox/Dropbox/Private/
   Note
the script will require the password for your private (signing) key to sign the backup. Replace "password" with the password for your signing private key.

And as there is sensitive information in this file don't forget to remove read permission. 

root # chmod og-r /etc/cron.daily/backup

To Restore From A Backup

This restore will assume your are starting with a new blank disk. Start by performing a stage 3 install, upto and including section 5 "Chroot into your new system." http://www.funtoo.org/wiki/Funtoo_Linux_Installation

Then the restore process is:

  1. Download backup from dropbox
  2. Decrypt
  3. Clone
  4. Link world file
  5. Emerge world
  6. Compile the kernel
  7. Restore grub bootloader
  8. Reboot

Download backup from dropbox

Log into your dropbox account and find your backup file. Move it to a public area if it isn't already in one. Then right click on it and click "copy public link." Now on the computer to be restored, delete the contents of the /etc folder and download the backup file.

(Need to check if this needs done before chrooting into the new install). 

root # cd /etc
root # rm -rf *
root # cd /tmp
root # wget http://dl.dropbox.com/link-to-backup-file/backup.gpg
   Note
if you have to copy the link from another computer and therefore can not cut and paste it, there is a "shorten link" option.

Decrypt

If you used a public/private key to encrypt, and optionally signed the backup, import the decryption and signing keys.

Note:

  1. The decryption key is the private key of the encryption key pair - private_decryption.gpgkey
  2. The signing key is the public key of the signing key pair - public_signing.gpgkey

To import the keys by cut and paste: 

root # gpg --import <<EOF
   Note
The last line after pasting the key should be "EOF"

Repeat for both keys.

To import the keys by file: 

root # gpg --import private_decryption.gpgkey
root # gpg --import public_signing.gpgkey

Decrypt the backup: 

root # gpg -d backup.gpg > backup.bundle

If the backup was signed and you have correctly imported the signing public key you should see a message similar to: 

gpg: Good signature from "my_signing_key <noone@example.com>"

Clone

root # git clone /tmp/backup.bundle /etc/

Link world file

root # ln /etc/world /var/lib/portage/world

Emerge world

root # emerge --sync
root # layman -S
root # emerge -uDaNv world

Compile the kernel (genkernel)

If you have genkernel set to save config files (the default): 

root # cp /etc/kernels/kernel-config-x86_64-<latest version>-gentoo /usr/src/linux/.config

Otherwise use the currently loaded kernel's config: 

root # zcat /proc/config.gz > /usr/src/linux/.config

Then compile the kernel: 

root # genkernel --oldconfig --no-mrproper all

Restore grub bootloader

root # grub-install --no-floppy /dev/sda
root # boot-update

Adjust the device as required if installing to another location.

Reboot

root # reboot
Retrieved from "https://www.funtoo.org/index.php?title=Clang&oldid=4641"