Simple Encrypted Backup to Gdrive

Posted on by Dan Davis

When I had my computer stolen out of my home it wasn’t the machine I missed. My boxes usually have pretty unspectacular specs. I did however miss the data. Even the policy number I needed to give to the insurance company to report the loss was in my Documents directory on a drive in a computer in the back of some theif’s truck on its way to a pawn shop in another town. With this lesson learned I began to make periodic commits to cloud storage but even that’s leaving a lot to chance. What if I forget or get lazy? Did I back up this week?

A script, on the other hand, doesn’t become lazy or forgetful. It just runs and reports back its results.

To this end I wrote a short Python3 script, available on !LH’s github at: github.com/linuxhistoryblg/adminscripts that will tar and compress a given directory (/home/user/Documents by default), encrypt it with the user’s gpg key, and upload the result to Google Drive.

It looks like a shell script, and it should. I’ve been making an effort to reach for python rather than bash to build simple admin automation. I feel like the performance is nearly as good as if it were written as a shell script but the script’s readability after several months have passed is significantly better in python.

There are two dependencies.

The meat and potatoes of the script is a utility called rclone, that allows uploading to google drive from a linux machine. Google has repeatedly promised OS integration between Gdrive and Linux but unfortunately, at the time of this writing, hasn’t delivered on that promise. Rclone is available from rclone.org and the author provides a setup guide for use with Gdrive at rclone.org/drive. I created a directory on the root of my GDrive account called backup and ran rclone’s setup script for Google Drive.

You’re also going to need a valid gpg key. If you’ve generated one already, it should be visible if you run:

        $ gpg --list-keys

If you come up empty handed here do:

        $ gpg --gen-key

and follow the instructions.

Once you have the dependencies resolved and simplebackup.py downloaded from github. Open up the script in an editor, there is one or two things you’re going to want to check. In reality, you’re going to want to check the whole thing. You don’t blindly execute scripts you download from the internet written by strangers, do you!?

Just inside the main() method is a variable declaration which sets up which directory will be backed up. If you want /home/yourusername/Documents to be captured, there’s nothing to do here. If you want to capture a different directory, or your Documents directory is somewhere else, you’ll want to modify this:

            #Get user's home Directory and append /Documents
            home = environ['HOME'] + '/Documents'

Right after that we set the gpguser variable, which will be used as the recipient (-r) argument to gpg. I set this to my user name this way:

            #Set gpguser, most likely the owner of $home
            gpguser = environ['USER']

Probably safe to be left alone, but if echo $USER works differently at your bash prompt than it does at mine you may want to change this.

Finally, open up Google Drive in a browser and navigate to your backup directory. Set the execute bit on your script with chmod u+x simplebackup.py and give it a trial run in the shell. If it is successful you should see output telling you so, and will be able to locate two files in /tmp. One called day_month_year_user_Documents.tgz and another called day_month_year_user_Documents.tgz.pgp. After some time, depending on your upstream internet speed, you should see day_month_year_user_Documents.tgz.pgp in your backup directory on Google Drive. You could then be completely pedantic and download the file, decrypt it and view its contents to verify that they match up with the contents of your existing Documents directory:

            gpg -o aout.tgz -d 3_2_2019_LinuxHistory_Documents.tgz.pgp
            tar -z --list -f aout.tgz

Now that implementation and testing are out of the way you’ll be able to schedule the script to run whether you’re home or out late at a Superbowl after party with cron:

            crontab -e
            <insert>
            0 0 * * * /path/to/your/simpleBackup.py > /home/user/backup_log
            <ESC>
            <wq>

This schedule will have the script run at midnight every night and send the console output to /home/user/backup_log for later perusal.

dcd

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.