Howto: Automatic backup to LUKS-encrypted USB Drive
today, I wanted to make advantage of my new Quickport Pro fitted with a Spinpoint F1 HD103UJ.
I want to connect the Quickport with this specific disk to my Computer, after that a script should start and backup my personal data.
So I partitioned and crypted / formatted the disk (referred as /dev/sdc) as follows:
/dev/sdc1 50GiB Transfer (FAT32)
/dev/sdc2 Rest Datastorage (ext4) with one folder called “Backup” and a few others. My backup should be saved in “Backup” (obvious ^^).
First, make sure Gnome ask for your password and mounts the disk. I use the keyring to save my password, so I don’t have to type it in various times. Now the interesting steps:
1) Make sure your partition is mounted to the same Mountpoint every time it is mounted
You have two options:
- Give your partition a name:
tune2fs -L "MyFunkyPartitionName"
This will cause Gnome to mount it to /media/MyFunkyPartitionName. Everyday, every week. For EVER 
- Check /dev/mapper/ for an entry like “luks_crypto_SOME_UNIQUE_ID”. This is the mapped device which is created by Gnome when it has decrypted your disk. Now edit your fstab as follows:
sudo vi /etc/fstab
and add the line
/dev/mapper/luks_crypto_SOME_UNIQUE_ID /media/MyFunkyPartitionName ext4 defaults,user 0 0
After that, create the mount point:
sudo mkdir /media/MyFunkyPartitionName && chown MyUserName.MyGroupName /media/MyFunkyPartitionName
I prefer option two, because I hate to give my partitions names like datastorage_2009.01
2) Add udev rule to execute the backup script
This is the tricky part: you can make a udev rule to be fired whenever the HDD is connected – but then the partition is not decrypted and mounted, yet So we have to do it the tricky way.
First, get the serial number of your disk:
udevadm info -a --path=`udevadm info -q path -n /dev/sdc` | grep ATTRS{serial}
Since I am running Ubuntu 9.04 Jaunty Jablabla, this is the command of choice, because “udevinfo” doesn’t exist anymore.
This command should give you the serial number of the disk (kind of 24 characters long).
Now we have a target for our rule. Add a rule file:
sudo vi /etc/udev/rules.d/99-backuphdd.rules
and insert
ACTION=="add", BUS=="usb", ATTRS{serial}=="SERIAL_FROM_ABOVE", KERNEL=="sd?2", NAME="%k", GROUP="storage", RUN+="/etc/crypto/startBackup.sh", ENV{ACTION}="add"
Notice “sd?2″ – the rule will match sdb2, sdc2 and so on. I don’t know, if the disk will be sdc every time. Perhaps I will be using a USB Stick or something similar at the same time
This rule will execute the script /etc/crypto/startBackup.sh when ever the disk gets connected to the computer. The script is blocking and the partition will not be mounted until this script stops blocking udev. So we get to our next trick:
3) The startBackup script
This one is easy, it is the script which will start the real backup script. You may also pur your backup stuff here, I wanted to have a more or less copy & paste solution. Perhaps I will write some other useful scripts, that should be started
sudo vi /etc/crypto/startBackup.sh && chmod u+x /etc/crypto/startBackup.sh
and insert
#!/bin/bash
{
export XAUTHORITY=/home/MyUserName/.Xauthority
xterm -display :0 -e "/home/MyUserName/scripts/backup.sh"
} &
This is so cute – udev will start a xterm window and you will see it, although udev runs as root and you (and your XSession) “are not belong to root”. In the xterm, we will execute the real backup script. the parenthesis and “&” are nessesary to let the script run non-blocking.
4) The backup script
Last part: the script that does the backup.
Create
vi /home/MyUserName/scripts/backup.sh && chmod u+x /home/MyUserName/scripts/backup.sh
and insert
#!/bin/bash
# mount point for backup partition
BACKUPMOUNTPOINT=”/media/MyFunkyPartitionName”# folder for backups (remember beginning, mine was “Backup”)
BACKUPFOLDER=”Backup”# file containing one folder to be backed up per line
FILE=”/home/MyUserName/scripts/.backupfolders.lst”# real backupfolder, consisting of path and foldername WITH TRAILING SLASH
BACKUPFOLDER=”${BACKUPMOUNTPOINT}/${BACKUPFOLDER}/”# wait for gnome-mount to finish mounting
while [ ! -e ${BACKUPFOLDER} ]
do
echo “Backuplocation not mounted yet…”
sleep 1
doneecho
echo “${BACKUPFOLDER} is now mounted, ready for backup data to ${BACKUPFOLDER}…”
echo# 10 seconds to interrupt the backup process (useful if you want to restore the backup files and don’t want to override with crap
read -p “Interrupt backup procedure (y/N)? ” -t 10 interrupt
tmp=$?if [ "${interrupt}" == "y" ]
then
echo “Backup procedure interrupted”
exit
else
if [ $tmp == 1 ]
then
echo
fi
fi
echo “Starting backup…”while read line
do
# exclude comment lines, beginning with “#”
case ${line} in
\#*)
continue
;;
esac
rsync -rvvlpogtbKz –progress –backup-dir=_backup –delete –ignore-errors ${line} ${BACKUPFOLDER}
done < ${FILE}