For a long time I have made backups of my home partition by hand, starting from time to time rdiff-backup. But as you can imagine, this approach doesn’t generate regular and reliable backups.

I couldn’t put this task into a simple cronjob because of two reasons. First I use encrypted hard disks and my backup disk is connected via USB and not always on. So before a backup starts I have to turn on my backup disk and make sure, that my home partition and my backup disk is decrypted and mounted. Second I don’t want the backup happen during my regular work. In my experience such processes often starts in the most annoying moments.

So I decided that I need an semi-automatic backup, which runs during shutdown. The result is this small script which I put in /etc/rc0.d/K05backup.sh:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

#!/bin/bash
 
currentTime=`date +%s`
timeUntilNextBackup=604800                 # 604800sec = 1week
startBackup=false
 
# check if it's time for the next backup
if [ -f /var/log/nextBackup.log ]; then
    nextBackupTime=`cat /var/log/nextBackup.log`
    if [ $(($currentTime - $nextBackupTime)) -gt 0 ]; then
        startBackup=true                       #time for the next backup
    fi
else
    startBackup=true
fi
 
if [ $startBackup == true ]; then
    echo "It's time for another Backup!"
    echo "Don't forget to switch on your backup hard disk before you start!"
    repeat=true
    while $repeat; do
        echo -n "Start backup procedure now? (y)es or (n)o? "
        read char
        case $char in
            [y,Y] ) 
                if [ ! -d /home/schiesbn ]; then
                    echo "encrypted HOME partition has to be mounted..."
                    cryptsetup luksOpen /dev/sda6 secureHome
                    mount /dev/mapper/secureHome /home
                fi
                echo "encrypted BACKUP partition has to be mounted..."
                cryptsetup luksOpen /dev/sdd1 secureBackup
                mount /dev/mapper/secureBackup /mnt/backup
                echo "Starting Backup...";
                rdiff-backup --print-statistics /home/schiesbn /mnt/backup
                echo "umount backup disk..."
                umount /mnt/backup
                cryptsetup luksClose secureBackup
                # calculate the time for the next backup and write it to the log
                nextBackup=$(($currentTime + $timeUntilNextBackup))
                echo $nextBackup > /var/log/nextBackup.log
                echo "DONE."
                sleep 10   #give me some time to look at the backup statistics
                repeat=false;;
            [n,N] )
                repeat=false;;
        esac
    done
fi

If the last backup is older than 1 week the script asks me, if I want to do another backup. Than I can decide to postpone it or to start it now. If I decide to start the backup procedure I get the opportunity to decrypt my backup and home partition before rdiff-backup starts. After that I can leave the room and be sure that the computer will shutdown after the backup is finished.

Until now this is the best and most reliable, least annoying and most automated solution I could found.

While it was quite easy to set up my Fellowship smartcard for SSH logins on Debian GNU/Linux following this instructions I never managed to get it working on Fedora GNU/Linux. At some point of time I just gave up. Today finally I found a solution in an on-line forum.

The problem was that gpg-agent always stopped with the error message:

$ gpg-agent
gpg-agent[2857]: can't connect to `/home/schiesbn/.gnupg/S.gpg-agent': No such file or directory
gpg-agent: no gpg-agent running in this session

By default the gpg-agent on Fedora creates the socket in /tmp instead of in /home/schiesbn/.gnupg. So you have to move it manually over to your home directory once gpg-agent has started.

To do this I use this script:

#!/bin/bash
 
# Decide whether to start gpg-agent daemon.
# Create necessary symbolic link in $HOME/.gnupg/S.gpg-agent
 
SOCKET=S.gpg-agent
PIDOF=`pidof gpg-agent`
RETVAL=$?
 
if [ "$RETVAL" -eq 1 ]; then
	echo "Starting gpg-agent daemon."
	eval `gpg-agent --daemon `
else
	echo "Daemon gpg-agent already running."
fi
 
# Nasty way to find gpg-agent's socket file...
GPG_SOCKET_FILE=`find /tmp/gpg-* -name $SOCKET`
echo "Updating socket file link."
cp -fs $GPG_SOCKET_FILE $HOME/.gnupg/S.gpg-agent

To execute this script during log-in I have added this to my ~/.bashrc:

# GPG-AGENT stuff
GET_TTY=`tty`
export $GET_TTY
$HOME/bin/gpg-agent-start.sh

I still wonder why it works that easy on Debian and on Fedora i need all this scripting. But for the moment I’m just happy that I have found a solution to use my smartcard for SSH login on my Fedora systems.