published the release of the backup system RESTIC 0.15 , providing storage of backups in an encrypted form in a versioned repository. The system is originally designed that backup copies are preserved surrounded by non -trusting and a backup of the reserve copy in other hands should not compromise the system. It is possible to determine flexible rules for turning on and excluding files and catalogs when creating a backup (the format of the rules resembles Rsync or Gitignore). Work is supported in Linux, MacOS, Windows, FreeBSD and OpenBSD. The project code is written in GO and is distributed under the license BSD.
Reserve copies can be stored in the local fs, on an external server with access by SFTP/SSH or HTTP REST, in Amazon S3 clouds,
OpenStack Swift, BackBlaze B2, Microsoft Azure Blob Storage and Google Cloud Storage, as well as in any storage facilities for which there are RCLONE basindes. To organize storage, a special REST Server can also be used, providing higher performance compared to other backens and capable of working in mode only For a supplement that will not allow you to remove or change backups in case of compromising the source server and access to encryption keys.
Snapshots are supported that reflect the condition of a certain catalog with all files and invested catalogs at a certain point in time. Each creation of a new backup, a snapshot associated with it is created to restore the condition at the moment. It is possible to copy snapshots between different repositories. To save traffic in the process of creating backup copies, only changed data are copied. For a visual assessment of the contents of the repository and simplifying the recovery, the snapshot with a backup can be targeted in the form of a virtual section (mounting is carried out using Fuse). Teams are also provided for analyzing changes and selective file extraction.
The system is manipulated not by whole files, but by blocking size blocks selected using Rabin’s signatures . Information is stored in reference to the contents, and not the names of files (the names and objects associated with data are determined at the level of the metadata block). Based on the Sha-256, the hash from the contents performs deduplication and exclusion of excess data copying. On external servers, the information is stored in an encrypted form (for control sums used sha-256, for encryption AES-256 -CTR, and to guarantee integrity -authentication codes based on Poly1305 -AES). The possibility of verification of the backup of the control amounts and authentication codes is provided to confirm that the integrity of the files is not violated.
In the new version: