[Tails-dev] Add simple GUI to back up persistent volume (att…

Delete this message

Reply to this message
Author: David A. Wheeler
Date:  
To: tails-dev
Subject: [Tails-dev] Add simple GUI to back up persistent volume (attached)
All: Some Tails users (such as journalists in certain countries) will want to use a persistent volume, yet there's no simple GUI to back up the persistent volume. That's a problem; all media fails eventually. Many users are not comfortable using a command line (the current solution).

Below are 2 short files that add a simple GUI to back up the persistent volume. It's a trivial shell script to do the backup, along with a .desktop file to kick off the shell script. They should require no future maintenance (unless you radically change how persistent volumes work). They're short & should be easy to review.

A few notes:
* The .desktop file runs GNOME terminal, which then runs the shell script that does all the work. I thought it'd be helpful for users to see what's getting backed up while it's happening. Running the program via GNOME terminal was a simple way to do that. You can just run the backup program directly if this monitoring is not desired. Change /home/amnesia/Persistent/tails-backup to the script's "real" absolute location.
* The shell script is defensively written (e.g., $VARIABLEs are quoted). It can be directly started from the command line. It uses zenity to show GUI interactions, and it's internationalized using gettext. It calls sync 3 times and THEN tells the user it's done, to make sure the backup is actually written out.
* I've tested this backup script mostly by running it directly. I've tested the backup shell script more than the .desktop file, as it's challenging to test .desktop files without a Tails development environment, but both work for me.
* The user has to use the separate "Files" application to decrypt & later eject the backup volume. I think that's fine, as that's the normal GUI application for doing this. In addition, the script helps the user do that.
* As is currently true, the user must unlock persistent storage & set an admin password.

I'm not sure copyright is even claimable with such trivial code. However, to be clear, I disclaim all copyright on the file contents below using the Creative Commons CC0 license. Use it any way you wish, if you'd like, and I hope you'll like it.

I don't have a Tails development environment (it looks like it'd take effort to set up), which is why I'm posting this as an email instead of as a commit.

I'll be happy to answer questions. Let me know if this is or isn't acceptable.

--- David A. Wheeler

==== tails-backup.desktop ====
[Desktop Entry]
Type=Application
Name=Backup persistent volume
Comment=Backup the Tails persistent volume to another TailsData volume
Exec=gnome-/usr/bin/gnome-terminal --title 'Log for Backing up Tails persistent volume' --hide-menubar -- /home/amnesia/Persistent/tails-backup
Terminal=false
Categories=Utilities
StartupNotify=false
#
# Test with:
# xdg-desktop-menu install tails-backup.desktop


==== tails-backup ====
#!/bin/sh
# tails-backup: Back up Tails' persistent disk into the mounted backup region.
# Persistent storage & backup storage must already be unlocked, and
# there must be an admin password set

set -eu

export TEXTDOMAIN='tails'

SOURCE='/live/persistence/TailsData_unlocked/'
DEST='/media/amnesia/TailsData/'
LOG="$HOME/backup-log.txt"

# Newline
NL="$(printf '\nX')"
NL="${NL%X}"

if [ ! -d "$SOURCE" ]; then
        msg="$(gettext -s 'Encrypted persistent storage must be unlocked first.  Please reboot, then unlock encrypted persistent storage and under additional settings set an administrative password.')"
        zenity --error --ellipsize --text "$msg"
        exit 1
fi


if [ ! -d "$DEST" ]; then
        msg="$(gettext -s 'Backup storage area must be unlocked first. Please run Applications ▸ Accessories ▸ Files, select the backup encrypted volume (TailsData), and unlock it with your passphrase.')"
        zenity --error --ellipsize --text "$msg"
        exit 1
fi


title="$(gettext -s 'Alert')"
msg="$(gettext -s 'Would you like to back up your persistent encrypted storage to the backup storage area? This will replace all data in the backup storage area.'"$NL"'If you agree, you will then need to enter your administrator password to actually run the backup.')"
if ! zenity --question --ellipsize --title "$title" --text "$msg"; then
        exit 1
fi


# Run real backup command. This requires privileges.
if pkexec /usr/bin/rsync -PaSHAXv --del "$SOURCE" "$DEST" ; then
        # Ensure RAM buffers are written out
        sync; sync; sync
        sleep 1
        msg="$(gettext -s 'Backup succeeded. Please eject (unmount) the backup storage area media.'"$NL"'You can do this by running Applications ▸ Accessories ▸ Files, selecting the backup encrypted volume (TailsData), and ejecting it.')"
        zenity --info --ellipsize --text "$msg"
        rm -fr "${LOG}"
else
        msg="$(gettext -s "Backup failed. See details in log file ${LOG}")"
        zenity --error --ellipsize --text "$msg"
        exit 1
fi