3…2…1… Backup

wmaker · January 4, 2025, 7:02pm

See my reply #49 above

Protoncek · January 4, 2025, 7:09pm

The main “wrong” here is that dev’s obviously believe that backups are here for HA crash occasion only, which can’t be further away from truth. In all years of my HA existence i never had a HA crash yet (ok, call me lucky…), so i never needed a backup for this reason. But i did mess up a piece of yaml code many times, and extracting a piece of old working one from my backup saved me hundred’s of times.

pove · January 4, 2025, 7:13pm

Already commented on the other thread, maybe what we need is a version control of those yaml files…

HBK1 · January 4, 2025, 7:31pm

For those planning to use encryption a read up of this issue is recommended.
Not only is non standard used for encryption but it also may have unwanted side effects that may put the backups at risk of corruption if I understood the issue correctly.
Comment to prove I understood it wrong is welcome!

github.com/pvizeli/securetar

Question about padding and the file format

opened 08:34PM - 24 Mar 23 UTC

mxmlnkn

Hello, Someone requested support for securetar archives for ratarmount. That… got me to look into the file format. Why was it decided to only call [padding.PKCS7](https://github.com/pvizeli/securetar/blob/0f1405a6ab104e59dcc9af5bd589f13215fae305/securetar/__init__.py#L96) in some circumstances instead of just always? If it had been always called, then the [PKCS method](https://www.ibm.com/docs/en/zos/2.4.0?topic=rules-pkcs-padding-method) would have ensured that at least 1 padding byte is added. This is important because it makes removing the padding deterministic and easy. In the current state, it is impossible to remove the padding with certainty because it might be that no padding was added and that the encrypted data just looks like padding, e.g., it ends with a `0x01` byte or two `0x02 0x02` bytes. Therefore, there is at least a 1 in 256*16 chance for a false positive when trying to remove the padding. For uncompressed bytes, it doesn't even matter because a TAR file consists of 512 B blocks but for compressed TARs it does matter. Note that gzip and bzip2 allow multiple streams to be concatenated to each other. Therefore, [gzip](https://github.com/golang/go/issues/47809) and [bzip2](https://unix.stackexchange.com/questions/158501/tar-exits-with-bzip2-stdin-trailing-garbage-after-eof-ignored-after-extract) decompressors will try to keep reading the padding bytes and should give a warning if they are garbage. Is it possible to still change this in the format specification? Some magic bytes for file format identification also would have been nice.

minhplaystudio · January 4, 2025, 8:20pm

Shit, I upgrade to this stupid version and now it enforce the stupid backup encryption fuckery on me. How do I downgrade Home assistant?

the-mentor · January 4, 2025, 8:26pm

Great release but for the love of god make the backup time configurable !!!

minhplaystudio · January 4, 2025, 8:28pm

No one gonna hack a home assistant in another country, what they gonna do? turn on my light when I’m not at home?
Now there is another layer of stupidity where I can forget the key and I essentially lost all my backup forever.
This is just pure stupid.

phlepper · January 4, 2025, 8:55pm

I also want the backup time to be configurable. I currently back up HA so that the backup is done and in a location to then be backed up by a separate computer system with all my other data (and other backups are scheduled to be done by the time the “main” backup is performed). I’m not going to change all my backup times just because HA does it later than I need.

Please add this as an option.

nickrout · January 4, 2025, 9:44pm

Is it feasible to start the nas nightly at, say 4:40 and go back to sleep when the backup is finished? Perhaps waking via WOL.

nickrout · January 4, 2025, 9:49pm

ha core upgrade --version 2024.12.4

dumbdevice · January 4, 2025, 9:55pm

Option to disable encryption for local backups in the next release please.

ncd · January 4, 2025, 10:40pm

I’ve had a TODO to explore writing an integration that does that with a git account but there are prob a fair number of hurdles. Prob an addon. But def no time right now.

ncd · January 4, 2025, 10:47pm

Thanks this is cool but I always encrypt my backups using the Google Drive addon anyway. It is absolutely incredible and has richer functionality than even this current backup enhancement. You should check it out. (You don’t need to do cloud backups).
So I’ve dealt with the opaque encrypted issued for almost two years.
I’m hopeful they will finally add the ability to browse and single-file restore from backups. It’s really frustrating we cannot.

Lordlinhey · January 4, 2025, 10:57pm

No I don’t want to do that, surely it is a simple matter of a programing option to be able to change the time, after all there is an option to select a day, what’s the difference, why make it difficult, what’s the point of the restriction?
It’s just a pointless thing to have set in stone

mucki · January 4, 2025, 11:01pm

Unfortunately, I have now updated to 2025.1 and am considering a downgrade (my fault, I must have misread the release notes or understood the heading “Encrypted Backups BY DEFAULT” as an option).

Am I summarizing this correctly:

automatic backups are always encrypted?
manually initiated backups are also encrypted?
Addon Samba Backup will no longer work like this?
The time of the backup is hard-coded?

Mmhh,
can I somehow create an automation that uses hassio.backup_full as the action and saves the unencrypted backup to a Samba share at a freely configurable time?

So the new “Backing Up into 2025!” function is on the verge of being unusable and I’m wondering what that has to do with “we listen to the users”.

Lordlinhey · January 4, 2025, 11:03pm

wmaker, your backup observation works for me.
I will update the Core to the latest version and setup an auto backup option that way, on my Main HA system.

Thanks, for your help

Lordlinhey · January 4, 2025, 11:09pm

Yep thank wmaker for the observation.

mucki · January 5, 2025, 12:24am

Great!
Then I can give it even a better name:

actions:
  - action: hassio.backup_full
    metadata: {}
    data:
      compressed: true
      homeassistant_exclude_database: false
      location: SynoBackup
      name: >-
        Backup with no encryption {{
        state_attr('update.home_assistant_core_update','installed_version') }}
        {{ now().strftime('%Y-%m-%d') }}

However, the name only affects the view in HA. The file name on the share then remains random:

github.com/home-assistant/supervisor

User configurable backup filename

opened 11:41AM - 07 Mar 24 UTC

jamesgeddes

bug

### The problem The backup service currently provides the user with the optio…n to configure a `name`. Counterintuitively, this does _not_ set the filename. Even when the `name` is set, the backup file is seemingly given a random string as a filename, such as, - `969fad88.tar` - `a1467f82.tar` - `70344a3d.tar` I assume it is random because it seems unlikely that these are hex dates; - 969fad88 = 2050-01-29T05:30:48 - a1467f82 = 2055-09-28T13:45:38 - 70344a3d = 2029-08-29T21:44:29 According to [community members](https://community.home-assistant.io/t/how-do-i-name-the-backup-file/699449/2?u=jamesgeddes), it is not currently possible to set the file name. This limitation poses several challenges for users who rely on backup management systems or external services for storage and versioning. ### Use cases - AWS S3 Integration: AWS S3, a commonly used cloud storage service, relies on consistent filenames for accurate versioning and retrieval of backup files. Enabling customizable filenames in Home Assistant would enhance compatibility with AWS S3 and similar services, ensuring seamless integration and reliable backup management. - Backup System Compatibility: Various backup solutions, including rsync, BorgBackup, and Synology Hyper Backup, require filenames to adhere to specific formats for effective backup management and versioning. Allowing users to configure filenames in Home Assistant would facilitate seamless integration with these backup systems, enhancing overall backup efficiency and reliability. ### Proposed Solution Allow users to customize backup filenames according to their preferences. ### What version of Home Assistant Core has the issue? core-2024.2.5 ### What was the last working version of Home Assistant Core? _No response_ ### What type of installation are you running? Home Assistant OS ### Integration causing the issue Home Assistant Supervisor: Create a full backup. ### Link to integration documentation on our website _No response_ ### Diagnostics information _No response_ ### Example YAML snippet ```yaml service: hassio.backup_full metadata: {} data: compressed: true location: nas name: habak ``` ### Anything in the logs that might be useful for us? _No response_ ### Additional information For context, my own daily backup process is as follows. 1. 0100: Output home assistant full backup to NAS 2. 0400: NAS backs up to AWS S3 With every backup getting a unique filename, it is not possible to use the AWS S3 built-in versioning capabilities. I will instead have to write a script that deletes the old backups from the NAS. If I was able to set a consistent filename, new backups would overwrite the previous backup, which would ensure that - my NAS does not fill up with old backup files. - AWS S3 sees a new version of the same file. I will gladly take this ticket if someone is able to, - assign it to me. - point me in the right direction! --- _First reported by Tankegroda on 2020-04-03 in forum thread [Snapshot naming + Filename](https://community.home-assistant.io/t/snapshot-naming-filename/191348). Issue persists. I could not find a ticket here so apologies in advance if this is a duplicate._

nickrout · January 5, 2025, 1:28am

There is a database purge at around 4 am, and this backup is designed to run after that. So there is a point to it. But you are right, it should be movable.

CaptTom · January 5, 2025, 1:48am

Also mentioned on the other thread, I do exactly that already. First of all, I maintain a copy of the “config” directory on my laptop, which I synch up as part of my routine backups. That in turn gets copied to the NAS, so there’s always another copy there. That’s backed up off-site.

But whenever I make a significant change to a .yaml file, I first copy the “old” version off to a dedicated directory, renaming it to include the date it was last changed. So I always have archival copies I can go back to.

In other words, I have no need to ever open the backup .tar file. I also have no need for it to be encrypted, but I think we’ve beaten that issue to death already.