blob: 51d593eae8090d72ba1e68468007bbc3b0058be9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
#!/bin/bash
set -e
USAGE="Usage: $0 {backup /dir [user@host:]/dest | restore file.tar.gz}"
dnf install -y tar pigz pv openssh-clients &>/dev/null || exit 1
case "${1:?$USAGE}" in
backup)
SRC="${2:?$USAGE}" DEST="${3:?$USAGE}" NAME="$(basename "$SRC").tar.gz"
[ ! -d "$SRC" ] && echo "Error: not a directory: $SRC" && exit 1
du -sh "$SRC"; SIZE=$(du -sb "$SRC" | awk '{print $1}'); LHASH=$(mktemp); trap "rm -f $LHASH" EXIT
# tar+pigz stream over ssh, hash both sides in one connection, abort on mismatch
# ssh-agent bash -c 'ssh-add ~/keyfile && tar cf - /backup_dir | pv | pigz -1 | ssh root@host "tee /dest/backup_dir.tar.gz | sha256sum"'
if [[ "$DEST" == *:* ]]; then
H="${DEST%%:*}" D="${DEST#*:}"; echo "→ ${H}:${D}/${NAME}"
RHASH=$(tar cf - "$SRC" | pv -s "$SIZE" | pigz -1 | tee >(sha256sum | awk '{print $1}' > "$LHASH") | ssh "$H" "h=\$(tee ${D}/${NAME} | sha256sum | awk '{print \$1}'); echo \$h > ${D}/${NAME}.sha256; echo \$h")
L=$(cat "$LHASH"); echo "Local: $L"; echo "Remote: $RHASH"
[ "$L" = "$RHASH" ] && echo "Checksum OK" || { echo "CHECKSUM MISMATCH!"; exit 1; }
echo "Verify: ssh $H \"sha256sum ${D}/${NAME}\""
# tar+pigz to local file, write .sha256 sidecar next to it
# tar cf - /backup_dir | pv | pigz -1 > /tmp/backup_dir.tar.gz && sha256sum /tmp/backup_dir.tar.gz
else
echo "→ $DEST/$NAME"
tar cf - "$SRC" | pv -s "$SIZE" | pigz -1 > "$DEST/$NAME"
sha256sum "$DEST/$NAME" | awk '{print $1}' > "$DEST/$NAME.sha256"
echo "Checksum: $(cat "$DEST/$NAME.sha256")"
echo "Verify: sha256sum $DEST/$NAME"
fi ;;
restore)
FILE="${2:?$USAGE}"
[[ "$FILE" == *.tar.gz ]] && [ -f "$FILE" ] || { echo "Error: not a .tar.gz file: $FILE"; exit 1; }
echo "$FILE ($(numfmt --to=iec $(stat -c%s "$FILE"))) → $(pwd)"
# verify .sha256 sidecar matches archive, then decompress+extract to current dir
# sha256sum -c backup_dir.tar.gz.sha256 && pv backup_dir.tar.gz | pigz -d | tar xf -
if [ -f "$FILE.sha256" ]; then
echo "Verifying..."; EXP=$(cat "$FILE.sha256"); ACT=$(sha256sum "$FILE" | awk '{print $1}')
[ "$EXP" = "$ACT" ] && echo "Checksum OK" || { echo "CHECKSUM MISMATCH!"; exit 1; }
else echo "Warning: no .sha256 file, skipping verification"; fi
pv "$FILE" | pigz -d | tar xf - ;;
*) echo "$USAGE"; exit 1 ;;
esac
echo "Done"
|
