From 81c8b8b6d6f17e092b51ed79809b4bb9b34f321e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Tue, 21 Apr 2015 14:40:56 +0200 Subject: [PATCH] BackupRestore: update emergency restore instruction for Qubes R2 backup format --- BackupEmergencyRestoreV2.md | 108 ++++++++++++++++++++++++++++++++++++ BackupEmergencyRestoreV3.md | 94 +++++++++++++++++++++++++++++++ BackupRestore.md | 98 +------------------------------- 3 files changed, 203 insertions(+), 97 deletions(-) create mode 100644 BackupEmergencyRestoreV2.md create mode 100644 BackupEmergencyRestoreV3.md diff --git a/BackupEmergencyRestoreV2.md b/BackupEmergencyRestoreV2.md new file mode 100644 index 00000000..f8359783 --- /dev/null +++ b/BackupEmergencyRestoreV2.md @@ -0,0 +1,108 @@ +--- +layout: doc +title: Emergency Backup Recovery - format version 2 +permalink: /doc/BackupEmergencyRestoreV2/ +--- + +Emergency Backup Recovery without Qubes - format version 2 +========================================================== + +This page describes how to perform emergency restore of backup created on Qubes R2 Beta3 or earlier (which uses backup format 2). + +The Qubes backup system has been designed with emergency disaster recovery in mind. No special Qubes-specific tools are required to access data backed up by Qubes. In the event a Qubes system is unavailable, you can access your data on any GNU/Linux system with the following procedure. + +**Note:** In the following example, the backup file is assumed to be both encrypted and compressed. + +1. Untar the main backup file. + + {% highlight trac-wiki %} + [user@restore ~]$ tar -i -xvf qubes-backup-2013-12-26-123456 + backup-header + backup-header.hmac + qubes.xml.000 + qubes.xml.000.hmac + vm1/private.img.000 + vm1/private.img.000.hmac + vm1/icon.png.000 + vm1/icon.png.000.hmac + vm1/firewall.xml.000 + vm1/firewall.xml.000.hmac + vm1/whitelisted-appmenus.list.000 + vm1/whitelisted-appmenus.list.000.hmac + dom0-home/dom0user.000 + dom0-home/dom0user.000.hmac + {% endhighlight %} + +1. Verify the integrity of the `private.img` file which houses your data. + + {% highlight trac-wiki %} + [user@restore ~]$ cd vm1/ + [user@restore vm1]$ openssl dgst -sha512 -hmac "your_passphrase" private.img.000 + HMAC-SHA512(private.img.000)= cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e + [user@restore vm1]$ cat private.img.000.hmac + (stdin)= cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e + {% endhighlight %} + + **Note:** The hash values should match. If they do not match, then the backup file may have been tampered with, or there may have been a storage error. + + **Note:** If your backup was hashed with a message digest algorithm other than `sha512`, you must substitute the correct message digest command. A complete list of supported message digest algorithms can be found with `openssl list-message-digest-algorithms`. + +1. Decrypt the `private.img` file. + + {% highlight trac-wiki %} + [user@restore vm1]$ openssl enc -d -pass pass:your_passphrase -aes-256-cbc -in private.img.000 -out private.img.dec.000 + {% endhighlight %} + + **Note:** For multi-part files, a loop can be used: + + {% highlight trac-wiki %} + for f in private.img.*; do + openssl enc -d -pass pass:your_passphrase -aes-256-cbc -in $f -out + ${f/.img/.img.dec} + done + {% endhighlight %} + + **Note:** If your backup was encrypted with a cipher algorithm other than `aes-256-cbc`, you must substitute the correct cipher command. A complete list of supported cipher algorithms can be found with `openssl list-cipher-algorithms`. + +1. Decompress the decrypted `private.img` file. + + {% highlight trac-wiki %} + [user@restore vm1]$ zforce private.img.dec.* + [user@restore vm1]$ gunzip private.img.dec.000.gz + {% endhighlight %} + + **Note:** If your backup was compressed with a program other than `gzip`, you must substitute the correct compression program. + +1. Untar the decrypted and decompressed `private.img` file. + + {% highlight trac-wiki %} + [user@restore vm1]$ tar -M -xvf private.img.dec.000 + vm1/private.img + {% endhighlight %} + + **Note:** For multi-part files, a script is required: + + 1. Create a `new-volume-script`: + + {% highlight trac-wiki %} + #!/bin/sh + name=`expr $TAR_ARCHIVE : '\(.*\)\..*'` + suffix=`printf %03d $[ $TAR_VOLUME - 1 ]` + echo $name.$suffix >&$TAR_FD + {% endhighlight %} + + 2. `chmod +x new-volume-script`. + 3. `tar --new-volume-script=./new-volume-script -xvf private.img.dec.000`. (The `--new-volume-script` option enables multi-volume untaring.) + +1. Mount the private.img file and access your data. + + {% highlight trac-wiki %} + [user@restore vm1]$ sudo mkdir /mnt/img + [user@restore vm1]$ sudo mount -o loop vm1/private.img /mnt/img/ + [user@restore vm1]$ cat /mnt/img/home/user/your_data.txt + This data has been successfully recovered! + {% endhighlight %} + + **Note:** You may wish to store a plain text copy of these instructions with your Qubes backups in the event that you fail to recall the above procedure while this web page is inaccessible. You may obtain a plaintext version of this file in Git repository housing all the documentation at: + + https://github.com/QubesOS/qubes-doc.git diff --git a/BackupEmergencyRestoreV3.md b/BackupEmergencyRestoreV3.md new file mode 100644 index 00000000..52b3dd60 --- /dev/null +++ b/BackupEmergencyRestoreV3.md @@ -0,0 +1,94 @@ +--- +layout: doc +title: Emergency Backup Recovery - format version 3 +permalink: /doc/BackupEmergencyRestoreV3/ +--- + +Emergency Backup Recovery without Qubes - format version 3 +========================================================== + +This page describes how to perform emergency restore of backup created on Qubes R2 or later (which uses backup format 3). + +The Qubes backup system has been designed with emergency disaster recovery in mind. No special Qubes-specific tools are required to access data backed up by Qubes. In the event a Qubes system is unavailable, you can access your data on any GNU/Linux system with the following procedure. + +**Note:** In the following example, the backup file is assumed to be both encrypted and compressed. + +1. Untar the main backup file. + + [user@restore ~]$ tar -i -xvf qubes-backup-2013-12-26-123456 + backup-header + backup-header.hmac + qubes.xml.000 + qubes.xml.000.hmac + vm1/private.img.000 + vm1/private.img.000.hmac + vm1/icon.png.000 + vm1/icon.png.000.hmac + vm1/firewall.xml.000 + vm1/firewall.xml.000.hmac + vm1/whitelisted-appmenus.list.000 + vm1/whitelisted-appmenus.list.000.hmac + dom0-home/dom0user.000 + dom0-home/dom0user.000.hmac + +1. Verify the integrity of the `backup-header` file contains basic information about your backup. + [user@restore ~]$ cd vm1/ + [user@restore ~]$ openssl dgst -sha512 -hmac "your_passphrase" backup-header + HMAC-SHA512(backup-header)= 5b266783e116fe3b2601a54c249ca5f5f96d421dfe6828eeaeb2dcd014e9e945c27b3d7b0f952f5d55c927318906d9c360f387b0e1f069bb8195e96543e2969c + [user@restore ~]$ cat backup-header.hmac + (stdin)= 5b266783e116fe3b2601a54c249ca5f5f96d421dfe6828eeaeb2dcd014e9e945c27b3d7b0f952f5d55c927318906d9c360f387b0e1f069bb8195e96543e2969c + + **Note:** The hash values should match. If they do not match, then the backup file may have been tampered with, or there may have been a storage error. + + **Note:** If your backup was hashed with a message digest algorithm other than `sha512`, you must substitute the correct message digest command. A complete list of supported message digest algorithms can be found with `openssl list-message-digest-algorithms`. + +1. Read the `backup-header`. You'll need some of this information later. The file will look similar to this: + version=3 + hmac-algorithm=SHA512 + crypto-algorithm=aes-256-cbc + encrypted=True + compressed=True + + If you see `version=2` here, go to [Emergency Backup Recovery - format version 2](/doc/BackupEmergencyRestoreV2/) page instead. + +1. Verify the integrity of the `private.img` file which houses your data. + + [user@restore ~]$ cd vm1/ + [user@restore vm1]$ openssl dgst -sha512 -hmac "your_passphrase" private.img.000 + HMAC-SHA512(private.img.000)= cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e + [user@restore vm1]$ cat private.img.000.hmac + (stdin)= cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e + + **Note:** The hash values should match. If they do not match, then the backup file may have been tampered with, or there may have been a storage error. + + **Note:** If your backup was hashed with a message digest algorithm other than `sha512`, you must substitute the correct message digest command. A complete list of supported message digest algorithms can be found with `openssl list-message-digest-algorithms`. You can check `backup-header` file for the hash used to create the backup. + +1. Decrypt the `private.img` file. + + cat private.img.??? | openssl enc -d -pass pass:your_passphrase -aes-256-cbc -out private.img.dec + + **Note:** If your backup was encrypted with a cipher algorithm other than `aes-256-cbc`, you must substitute the correct cipher command. A complete list of supported cipher algorithms can be found with `openssl list-cipher-algorithms`. You can check `backup-header` file to get that information. + +1. Decompress the decrypted `private.img` file. + + [user@restore vm1]$ zforce private.img.dec + [user@restore vm1]$ gunzip private.img.dec.gz + + **Note:** If your backup was compressed with a program other than `gzip`, you must substitute the correct compression program. `backup-header` file contains name of program used to compress the data. + +1. Untar the decrypted and decompressed `private.img` file. + + [user@restore vm1]$ tar -xvf private.img.dec + vm1/private.img + +1. Mount the private.img file and access your data. + + [user@restore vm1]$ sudo mkdir /mnt/img + [user@restore vm1]$ sudo mount -o loop vm1/private.img /mnt/img/ + [user@restore vm1]$ cat /mnt/img/home/user/your_data.txt + This data has been successfully recovered! + + **Note:** You may wish to store a plain text copy of these instructions with your Qubes backups in the event that you fail to recall the above procedure while this web page is inaccessible. You may obtain a plaintext version of this file in Git repository housing all the documentation at: + + https://github.com/QubesOS/qubes-doc.git + diff --git a/BackupRestore.md b/BackupRestore.md index 75930ead..14e0aa2b 100644 --- a/BackupRestore.md +++ b/BackupRestore.md @@ -79,103 +79,7 @@ Emergency Backup Recovery without Qubes The Qubes backup system has been designed with emergency disaster recovery in mind. No special Qubes-specific tools are required to access data backed up by Qubes. In the event a Qubes system is unavailable, you can access your data on any GNU/Linux system with the following procedure. -> **Note:** In the following example, the backup file is assumed to be both encrypted and compressed. - -1. Untar the main backup file. - - {% highlight trac-wiki %} - [user@restore ~]$ tar -i -xvf qubes-backup-2013-12-26-123456 - backup-header - backup-header.hmac - qubes.xml.000 - qubes.xml.000.hmac - vm1/private.img.000 - vm1/private.img.000.hmac - vm1/icon.png.000 - vm1/icon.png.000.hmac - vm1/firewall.xml.000 - vm1/firewall.xml.000.hmac - vm1/whitelisted-appmenus.list.000 - vm1/whitelisted-appmenus.list.000.hmac - dom0-home/dom0user.000 - dom0-home/dom0user.000.hmac - {% endhighlight %} - -1. Verify the integrity of the `private.img` file which houses your data. - - {% highlight trac-wiki %} - [user@restore ~]$ cd vm1/ - [user@restore vm1]$ openssl dgst -sha512 -hmac "your_passphrase" private.img.000 - HMAC-SHA512(private.img.000)= cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e - [user@restore vm1]$ cat private.img.000.hmac - (stdin)= cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e - {% endhighlight %} - -> **Note:** The hash values should match. If they do not match, then the backup file may have been tampered with, or there may have been a storage error. - -> **Note:** If your backup was hashed with a message digest algorithm other than `sha512`, you must substitute the correct message digest command. A complete list of supported message digest algorithms can be found with `openssl list-message-digest-algorithms`. - -1. Decrypt the `private.img` file. - - {% highlight trac-wiki %} - [user@restore vm1]$ openssl enc -d -pass pass:your_passphrase -aes-256-cbc -in private.img.000 -out private.img.dec.000 - {% endhighlight %} - -> **Note:** For multi-part files, a loop can be used: -> -> {% highlight trac-wiki %} -> for f in private.img.*; do -> openssl enc -d -pass pass:your_passphrase -aes-256-cbc -in $f -out -> ${f/.img/.img.dec} -> done -> {% endhighlight %} - -> **Note:** If your backup was encrypted with a cipher algorithm other than `aes-256-cbc`, you must substitute the correct cipher command. A complete list of supported cipher algorithms can be found with `openssl list-cipher-algorithms`. - -1. Decompress the decrypted `private.img` file. - - {% highlight trac-wiki %} - [user@restore vm1]$ zforce private.img.dec.* - [user@restore vm1]$ gunzip private.img.dec.000.gz - {% endhighlight %} - -> **Note:** If your backup was compressed with a program other than `gzip`, you must substitute the correct compression program. - -1. Untar the decrypted and decompressed `private.img` file. - - {% highlight trac-wiki %} - [user@restore vm1]$ tar -M -xvf private.img.dec.000 - vm1/private.img - {% endhighlight %} - - **Note:** For multi-part files, a script is required: - - 1. Create a `new-volume-script`: - - {% highlight trac-wiki %} - #!/bin/sh - name=`expr $TAR_ARCHIVE : '\(.*\)\..*'` - suffix=`printf %03d $[ $TAR_VOLUME - 1 ]` - echo $name.$suffix >&$TAR_FD - {% endhighlight %} - - 2. `chmod +x new-volume-script`. - 3. `tar --new-volume-script=./new-volume-script -xvf private.img.dec.000`. (The `--new-volume-script` option enables multi-volume untaring.) - -1. Mount the private.img file and access your data. - - {% highlight trac-wiki %} - [user@restore vm1]$ sudo mkdir /mnt/img - [user@restore vm1]$ sudo mount -o loop vm1/private.img /mnt/img/ - [user@restore vm1]$ cat /mnt/img/home/user/your_data.txt - This data has been successfully recovered! - {% endhighlight %} - -> **Note:** You may wish to store a plain text copy of these instructions with your Qubes backups in the event that you fail to recall the above procedure while this web page is inaccessible. You may download a plain text copy of this page by clicking the `Plain Text` link at the bottom of this page (as with every page on this wiki). In addition, the whole wiki is synced hourly with a public Git repo at: -> -> {% highlight trac-wiki %} -> git://gitorious.org/qubes-os/wiki.git -> {% endhighlight %} +For emergency restore of backup created on Qubes R2 or newer take a look [here](/doc/BackupEmergencyRestoreV3/). For backups created on earlier Qubes version, take a look [here](/doc/BackupEmergencyRestoreV2/). Migrating Between Two Physical Machines ---------------------------------------