Provided by: borgbackup_1.0.2-1_amd64 bug

NAME

       borg  -  BorgBackup  is  a  deduplicating  backup  program  with  optional compression and
       authenticated encryption.

       Borg consists of a number of commands. Each command accepts  a  number  of  arguments  and
       options. The following sections will describe each command in detail.

GENERAL

   Type of log output
       The  log  level of the builtin logging configuration defaults to WARNING.  This is because
       we want Borg to be mostly silent and only output warnings, errors and critical messages.

       Log levels: DEBUG < INFO < WARNING < ERROR < CRITICAL

       Use --debug to set DEBUG log level - to get debug, info, warning, error and critical level
       output.

       Use  --info  (or  -v or --verbose) to set INFO log level - to get info, warning, error and
       critical level output.

       Use --warning (default) to set WARNING log level - to  get  warning,  error  and  critical
       level output.

       Use --error to set ERROR log level - to get error and critical level output.

       Use --critical to set CRITICAL log level - to get critical level output.

       While  you  can set misc. log levels, do not expect that every command will give different
       output on different log levels - it's just a possibility.

       WARNING:
          Options --critical and --error are  provided  for  completeness,  their  usage  is  not
          recommended as you might miss important information.

       WARNING:
          While  some options (like --stats or --list) will emit more informational messages, you
          have to use INFO (or lower) log level to make them show up in log output. Use -v  or  a
          logging configuration.

   Return codes
       Borg can exit with the following return codes (rc):

          0 = success (logged as INFO)
          1 = warning (operation reached its normal end, but there were warnings -
              you should check the log, logged as WARNING)
          2 = error (like a fatal error, a local or remote exception, the operation
              did not reach its normal end, logged as ERROR)
          128+N = killed by signal N (e.g. 137 == kill -9)

       If  you  use  --show-rc, the return code is also logged at the indicated level as the last
       log entry.

   Environment Variables
       Borg uses some environment variables for automation:

       General:

              BORG_REPO
                     When set, use the value to  give  the  default  repository  location.  If  a
                     command  needs  an  archive parameter, you can abbreviate as ::archive. If a
                     command needs a repository parameter,  you  can  either  leave  it  away  or
                     abbreviate as ::, if a positional parameter is required.

              BORG_PASSPHRASE
                     When  set,  use  the  value  to answer the passphrase question for encrypted
                     repositories.

              BORG_DISPLAY_PASSPHRASE
                     When  set,  use  the  value  to  answer  the  "display  the  passphrase  for
                     verification"   question  when  defining  a  new  passphrase  for  encrypted
                     repositories.

              BORG_LOGGING_CONF
                     When set, use the given filename as INI-style logging configuration.

              BORG_RSH
                     When set, use this command instead of ssh. This can be used to  specify  ssh
                     options, such as a custom identity file ssh -i /path/to/private/key. See man
                     ssh for other options.

              TMPDIR where temporary files are stored (might need a lot of  temporary  space  for
                     some operations)

       Some automatic answerers (if set, they automatically answer confirmation questions):

              BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=no (or =yes)
                     For   "Warning:  Attempting  to  access  a  previously  unknown  unencrypted
                     repository"

              BORG_RELOCATED_REPO_ACCESS_IS_OK=no (or =yes)
                     For "Warning: The repository at location ... was previously located at ..."

              BORG_CHECK_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
                     For "Warning: 'check --repair' is an experimental feature that might  result
                     in data loss."

              BORG_DELETE_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
                     For  "You  requested  to  completely  DELETE  the  repository  including all
                     archives it contains:"

              Note: answers are case sensitive. setting an invalid answer value might either give
              the  default  answer  or  ask  you  interactively, depending on whether retries are
              allowed (they by default are allowed). So please test  your  scripts  interactively
              before making them a non-interactive script.

       Directories:

              BORG_KEYS_DIR
                     Default to '~/.config/borg/keys'. This directory contains keys for encrypted
                     repositories.

              BORG_CACHE_DIR
                     Default to '~/.cache/borg'. This directory  contains  the  local  cache  and
                     might need a lot of space for dealing with big repositories).

       Building:

              BORG_OPENSSL_PREFIX
                     Adds   given   OpenSSL  header  file  directory  to  the  default  locations
                     (setup.py).

              BORG_LZ4_PREFIX
                     Adds given LZ4 header file directory to the default locations (setup.py).

       Please note:

       · be very careful when using the "yes" sayers, the warnings with prompt exist for  your  /
         your data's security/safety

       · also  be  very  careful  when  putting  your  passphrase into a script, make sure it has
         appropriate file permissions (e.g. mode 600, root:root).

   Resource Usage
       Borg might use a lot of resources depending on the size of the  data  set  it  is  dealing
       with.

       CPU:   It  won't  go  beyond  100%  of  1  core  as the code is currently single-threaded.
              Especially higher zlib and lzma compression levels use significant amounts  of  CPU
              cycles.

       Memory (RAM):
              The  chunks index and the files index are read into memory for performance reasons.
              Compression, esp. lzma compression with high levels might need substantial  amounts
              of memory.

       Temporary files:
              Reading  data  and  metadata  from a FUSE mounted repository will consume about the
              same space as the deduplicated chunks used to represent them in the repository.

       Cache files:
              Contains the chunks  index  and  files  index  (plus  a  compressed  collection  of
              single-archive chunk indexes).

       Chunks index:
              Proportional to the amount of data chunks in your repo. Lots of chunks in your repo
              imply a big chunks index.  It is possible to tweak the chunker params  (see  create
              options).

       Files index:
              Proportional  to  the amount of files in your last backup. Can be switched off (see
              create options), but next backup will be much slower if you do.

       Network:
              If  your  repository  is  remote,  all  deduplicated  (and  optionally  compressed/
              encrypted)  data  of  course has to go over the connection (ssh: repo url).  If you
              use a locally mounted network filesystem, additionally some  copy  operations  used
              for transaction support also go over the connection. If you backup multiple sources
              to one target repository, additional traffic happens for cache resynchronization.

       In case you are interested in more details, please read the internals documentation.

   Units
       To display quantities, Borg takes care of respecting the usual conventions of scale.  Disk
       sizes  are  displayed in decimal, using powers of ten (so kB means 1000 bytes). For memory
       usage, binary prefixes are used, and are indicated using the IEC  binary  prefixes,  using
       powers of two (so KiB means 1024 bytes).

   Date and Time
       We  format  date  and  time  conforming to ISO-8601, that is: YYYY-MM-DD and HH:MM:SS (24h
       clock).

       For more information about that, see: https://xkcd.com/1179/

       Unless otherwise noted, we display local date and time.  Internally, we store and  process
       date and time as UTC.

BORG INIT

          usage: borg init [-h] [--critical] [--error] [--warning] [--info] [--debug]
                           [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                           [--remote-path PATH] [-e {none,keyfile,repokey}]
                           [REPOSITORY]

          Initialize an empty repository

          positional arguments:
            REPOSITORY            repository to create

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    set remote path to executable (default: "borg")
            -e {none,keyfile,repokey}, --encryption {none,keyfile,repokey}
                                  select encryption key mode (default: "repokey")

   Description
       This  command  initializes  an  empty  repository.  A repository is a filesystem directory
       containing the deduplicated data from zero or more archives.  Encryption can be enabled at
       repository init time.

   Examples
          # Local repository (default is to use encryption in repokey mode)
          $ borg init /path/to/repo

          # Local repository (no encryption)
          $ borg init --encryption=none /path/to/repo

          # Remote repository (accesses a remote borg via ssh)
          $ borg init user@hostname:backup

          # Remote repository (store the key your home dir)
          $ borg init --encryption=keyfile user@hostname:backup

       Important notes about encryption:

       It  is  not  recommended  to  disable  encryption. Repository encryption protects you e.g.
       against the case that an attacker has access to your backup repository.

       But be careful with the key / the passphrase:

       If you want "passphrase-only" security, use the repokey  mode.  The  key  will  be  stored
       inside  the  repository  (in  its  "config" file). In above mentioned attack scenario, the
       attacker will have the key (but not the passphrase).

       If you want "passphrase and having-the-key" security, use the keyfile mode.  The key  will
       be  stored  in  your  home  directory  (in .config/borg/keys). In the attack scenario, the
       attacker who has just  access  to  your  repo  won't  have  the  key  (and  also  not  the
       passphrase).

       Make  a  backup copy of the key file (keyfile mode) or repo config file (repokey mode) and
       keep it at a safe place, so you still have the key in case it gets corrupted or lost. Also
       keep  the  passphrase  at  a safe place.  The backup that is encrypted with that key won't
       help you with that, of course.

       Make sure you use a good passphrase. Not too short, not too simple. The real encryption  /
       decryption  key  is  encrypted with / locked by your passphrase.  If an attacker gets your
       key, he can't unlock and use it without knowing the passphrase.

       Be careful with special or non-ascii characters in your passphrase:

       · Borg processes the passphrase as unicode (and encodes it as utf-8), so it does not  have
         problems dealing with even the strangest characters.

       · BUT: that does not necessarily apply to your OS / VM / keyboard configuration.

       So  better  use  a  long  passphrase  made  from simple ascii chars than one that includes
       non-ascii stuff or characters that are hard/impossible to enter on  a  different  keyboard
       layout.

       You  can  change  your  passphrase  for  existing  repos  at any time, it won't affect the
       encryption/decryption key or other secrets.

BORG CREATE

          usage: borg create [-h] [--critical] [--error] [--warning] [--info] [--debug]
                             [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                             [--remote-path PATH] [-s] [-p] [--list]
                             [--filter STATUSCHARS] [-e PATTERN]
                             [--exclude-from EXCLUDEFILE] [--exclude-caches]
                             [--exclude-if-present FILENAME] [--keep-tag-files]
                             [-c SECONDS] [-x] [--numeric-owner]
                             [--timestamp yyyy-mm-ddThh:mm:ss]
                             [--chunker-params CHUNK_MIN_EXP,CHUNK_MAX_EXP,HASH_MASK_BITS,HASH_WINDOW_SIZE]
                             [--ignore-inode] [-C COMPRESSION] [--read-special] [-n]
                             ARCHIVE PATH [PATH ...]

          Create new archive

          positional arguments:
            ARCHIVE               name of archive to create (must be also a valid
                                  directory name)
            PATH                  paths to archive

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    set remote path to executable (default: "borg")
            -s, --stats           print statistics for the created archive
            -p, --progress        show progress display while creating the archive,
                                  showing Original, Compressed and Deduplicated sizes,
                                  followed by the Number of files seen and the path
                                  being processed, default: False
            --list                output verbose list of items (files, dirs, ...)
            --filter STATUSCHARS  only display items with the given status characters
            -e PATTERN, --exclude PATTERN
                                  exclude paths matching PATTERN
            --exclude-from EXCLUDEFILE
                                  read exclude patterns from EXCLUDEFILE, one per line
            --exclude-caches      exclude directories that contain a CACHEDIR.TAG file
                                  (http://www.brynosaurus.com/cachedir/spec.html)
            --exclude-if-present FILENAME
                                  exclude directories that contain the specified file
            --keep-tag-files      keep tag files of excluded caches/directories
            -c SECONDS, --checkpoint-interval SECONDS
                                  write checkpoint every SECONDS seconds (Default: 300)
            -x, --one-file-system
                                  stay in same file system, do not cross mount points
            --numeric-owner       only store numeric user and group identifiers
            --timestamp yyyy-mm-ddThh:mm:ss
                                  manually specify the archive creation date/time (UTC).
                                  alternatively, give a reference file/directory.
            --chunker-params CHUNK_MIN_EXP,CHUNK_MAX_EXP,HASH_MASK_BITS,HASH_WINDOW_SIZE
                                  specify the chunker parameters. default: 19,23,21,4095
            --ignore-inode        ignore inode data in the file metadata cache used to
                                  detect unchanged files.
            -C COMPRESSION, --compression COMPRESSION
                                  select compression algorithm (and level): none == no
                                  compression (default), lz4 == lz4, zlib == zlib
                                  (default level 6), zlib,0 .. zlib,9 == zlib (with
                                  level 0..9), lzma == lzma (default level 6), lzma,0 ..
                                  lzma,9 == lzma (with level 0..9).
            --read-special        open and read special files as if they were regular
                                  files
            -n, --dry-run         do not create a backup archive

   Description
       This command creates a  backup  archive  containing  all  files  found  while  recursively
       traversing all paths specified. The archive will consume almost no disk space for files or
       parts of files that have already been stored in other archives.

       To speed up pulling backups over sshfs and similar  network  file  systems  which  do  not
       provide  correct  inode  information the --ignore-inode flag can be used. This potentially
       decreases reliability of change detection, while avoiding  always  reading  all  files  on
       these file systems.

       See the output of the "borg help patterns" command for more help on exclude patterns.

   Examples
          # Backup ~/Documents into an archive named "my-documents"
          $ borg create /path/to/repo::my-documents ~/Documents

          # same, but verbosely list all files as we process them
          $ borg create -v --list /path/to/repo::my-documents ~/Documents

          # Backup ~/Documents and ~/src but exclude pyc files
          $ borg create /path/to/repo::my-files \
              ~/Documents                       \
              ~/src                             \
              --exclude '*.pyc'

          # Backup home directories excluding image thumbnails (i.e. only
          # /home/*/.thumbnails is excluded, not /home/*/*/.thumbnails)
          $ borg create /path/to/repo::my-files /home \
              --exclude 're:^/home/[^/]+/\.thumbnails/'

          # Do the same using a shell-style pattern
          $ borg create /path/to/repo::my-files /home \
              --exclude 'sh:/home/*/.thumbnails'

          # Backup the root filesystem into an archive named "root-YYYY-MM-DD"
          # use zlib compression (good, but slow) - default is no compression
          $ borg create -C zlib,6 /path/to/repo::root-{now:%Y-%m-%d} / --one-file-system

          # Make a big effort in fine granular deduplication (big chunk management
          # overhead, needs a lot of RAM and disk space, see formula in internals
          # docs - same parameters as borg < 1.0 or attic):
          $ borg create --chunker-params 10,23,16,4095 /path/to/repo::small /smallstuff

          # Backup a raw device (must not be active/in use/mounted at that time)
          $ dd if=/dev/sdx bs=10M | borg create /path/to/repo::my-sdx -

          # No compression (default)
          $ borg create /path/to/repo::arch ~

          # Super fast, low compression
          $ borg create --compression lz4 /path/to/repo::arch ~

          # Less fast, higher compression (N = 0..9)
          $ borg create --compression zlib,N /path/to/repo::arch ~

          # Even slower, even higher compression (N = 0..9)
          $ borg create --compression lzma,N /path/to/repo::arch ~

          # Format tags available for archive name:
          # {now}, {utcnow}, {fqdn}, {hostname}, {user}, {pid}
          # add short hostname, backup username and current unixtime (seconds from epoch)
          $ borg create  /path/to/repo::{hostname}-{user}-{now:%s} ~

BORG EXTRACT

          usage: borg extract [-h] [--critical] [--error] [--warning] [--info] [--debug]
                              [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                              [--remote-path PATH] [--list] [-n] [-e PATTERN]
                              [--exclude-from EXCLUDEFILE] [--numeric-owner]
                              [--strip-components NUMBER] [--stdout] [--sparse]
                              ARCHIVE [PATH [PATH ...]]

          Extract archive contents

          positional arguments:
            ARCHIVE               archive to extract
            PATH                  paths to extract; patterns are supported

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    set remote path to executable (default: "borg")
            --list                output verbose list of items (files, dirs, ...)
            -n, --dry-run         do not actually change any files
            -e PATTERN, --exclude PATTERN
                                  exclude paths matching PATTERN
            --exclude-from EXCLUDEFILE
                                  read exclude patterns from EXCLUDEFILE, one per line
            --numeric-owner       only obey numeric user and group identifiers
            --strip-components NUMBER
                                  Remove the specified number of leading path elements.
                                  Pathnames with fewer elements will be silently
                                  skipped.
            --stdout              write all extracted data to stdout
            --sparse              create holes in output sparse file from all-zero
                                  chunks

   Description
       This  command  extracts  the  contents  of  an  archive.  By default the entire archive is
       extracted but a subset of files and directories can be selected by passing a list of PATHs
       as arguments. The file selection can further be restricted by using the --exclude option.

       See the output of the "borg help patterns" command for more help on exclude patterns.

   Examples
          # Extract entire archive
          $ borg extract /path/to/repo::my-files

          # Extract entire archive and list files while processing
          $ borg extract -v --list /path/to/repo::my-files

          # Extract the "src" directory
          $ borg extract /path/to/repo::my-files home/USERNAME/src

          # Extract the "src" directory but exclude object files
          $ borg extract /path/to/repo::my-files home/USERNAME/src --exclude '*.o'

          # Restore a raw device (must not be active/in use/mounted at that time)
          $ borg extract --stdout /path/to/repo::my-sdx | dd of=/dev/sdx bs=10M

       Note: currently, extract always writes into the current working directory ("."),
              so make sure you cd to the right place before calling borg extract.

BORG CHECK

          usage: borg check [-h] [--critical] [--error] [--warning] [--info] [--debug]
                            [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                            [--remote-path PATH] [--repository-only] [--archives-only]
                            [--repair] [--save-space] [--last N] [-P PREFIX]
                            [REPOSITORY_OR_ARCHIVE]

          Check repository consistency

          positional arguments:
            REPOSITORY_OR_ARCHIVE
                                  repository or archive to check consistency of

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    set remote path to executable (default: "borg")
            --repository-only     only perform repository checks
            --archives-only       only perform archives checks
            --repair              attempt to repair any inconsistencies found
            --save-space          work slower, but using less space
            --last N              only check last N archives (Default: all)
            -P PREFIX, --prefix PREFIX
                                  only consider archive names starting with this prefix

   Description
       The check command verifies the consistency of a repository and the corresponding archives.

       First, the underlying repository data files are checked:

       · For all segments the segment magic (header) is checked

       · For all objects stored in the segments, all metadata (e.g. crc and size) and all data is
         read. The read data is checked by size and CRC. Bit rot and other  types  of  accidental
         damage can be detected this way.

       · If  we  are  in  repair  mode and a integrity error is detected for a segment, we try to
         recover as many objects from the segment as possible.

       · In repair mode, it makes sure that the index is consistent with the data stored  in  the
         segments.

       · If  you use a remote repo server via ssh:, the repo check is executed on the repo server
         without causing significant network traffic.

       · The repository check can be skipped using the --archives-only option.

       Second, the consistency and correctness of the archive metadata is verified:

       · Is the repo manifest present? If not, it is rebuilt from archive metadata  chunks  (this
         requires reading and decrypting of all metadata and data).

       · Check if archive metadata chunk is present. if not, remove archive from manifest.

       · For all files (items) in the archive, for all chunks referenced by these files, check if
         chunk is present (if not and we are in repair mode, replace it with a same-size chunk of
         zeros). This requires reading of archive and file metadata, but not data.

       · If  we  are  in repair mode and we checked all the archives: delete orphaned chunks from
         the repo.

       · if you use a remote repo server via ssh:, the archive check is executed  on  the  client
         machine  (because  if encryption is enabled, the checks will require decryption and this
         is always done client-side, because key access will be required).

       · The  archive  checks  can  be  time  consuming,  they   can   be   skipped   using   the
         --repository-only option.

BORG RENAME

          usage: borg rename [-h] [--critical] [--error] [--warning] [--info] [--debug]
                             [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                             [--remote-path PATH]
                             ARCHIVE NEWNAME

          Rename an existing archive

          positional arguments:
            ARCHIVE               archive to rename
            NEWNAME               the new archive name to use

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    set remote path to executable (default: "borg")

   Description
       This command renames an archive in the repository.

   Examples
          $ borg create /path/to/repo::archivename ~
          $ borg list /path/to/repo
          archivename                          Mon, 2016-02-15 19:50:19

          $ borg rename /path/to/repo::archivename newname
          $ borg list /path/to/repo
          newname                              Mon, 2016-02-15 19:50:19

BORG LIST

          usage: borg list [-h] [--critical] [--error] [--warning] [--info] [--debug]
                           [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                           [--remote-path PATH] [--short] [--list-format LISTFORMAT]
                           [-P PREFIX]
                           [REPOSITORY_OR_ARCHIVE]

          List archive or repository contents

          positional arguments:
            REPOSITORY_OR_ARCHIVE
                                  repository/archive to list contents of

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    set remote path to executable (default: "borg")
            --short               only print file/directory names, nothing else
            --list-format LISTFORMAT
                                  specify format for archive file listing (default:
                                  "{mode} {user:6} {group:6} {size:8d} {isomtime}
                                  {path}{extra}{NEWLINE}") Special "{formatkeys}" exists
                                  to list available keys
            -P PREFIX, --prefix PREFIX
                                  only consider archive names starting with this prefix

   Description
       This command lists the contents of a repository or an archive.

   Examples
          $ borg list /path/to/repo
          Monday                               Mon, 2016-02-15 19:15:11
          repo                                 Mon, 2016-02-15 19:26:54
          root-2016-02-15                      Mon, 2016-02-15 19:36:29
          newname                              Mon, 2016-02-15 19:50:19
          ...

          $ borg list /path/to/repo::root-2016-02-15
          drwxr-xr-x root   root          0 Mon, 2016-02-15 17:44:27 .
          drwxrwxr-x root   root          0 Mon, 2016-02-15 19:04:49 bin
          -rwxr-xr-x root   root    1029624 Thu, 2014-11-13 00:08:51 bin/bash
          lrwxrwxrwx root   root          0 Fri, 2015-03-27 20:24:26 bin/bzcmp -> bzdiff
          -rwxr-xr-x root   root       2140 Fri, 2015-03-27 20:24:22 bin/bzdiff
          ...

          $ borg list /path/to/repo::archiveA --list-format="{mode} {user:6} {group:6} {size:8d} {isomtime} {path}{extra}{NEWLINE}"
          drwxrwxr-x user   user          0 Sun, 2015-02-01 11:00:00 .
          drwxrwxr-x user   user          0 Sun, 2015-02-01 11:00:00 code
          drwxrwxr-x user   user          0 Sun, 2015-02-01 11:00:00 code/myproject
          -rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.ext
          ...

          # see what is changed between archives, based on file modification time, size and file path
          $ borg list /path/to/repo::archiveA --list-format="{mtime:%s}{TAB}{size}{TAB}{path}{LF}" |sort -n > /tmp/list.archiveA
          $ borg list /path/to/repo::archiveB --list-format="{mtime:%s}{TAB}{size}{TAB}{path}{LF}" |sort -n > /tmp/list.archiveB
          $ diff -y /tmp/list.archiveA /tmp/list.archiveB
          1422781200      0       .                                       1422781200      0       .
          1422781200      0       code                                    1422781200      0       code
          1422781200      0       code/myproject                          1422781200      0       code/myproject
          1422781200      1416192 code/myproject/file.ext               | 1454664653      1416192 code/myproject/file.ext
          ...

BORG DELETE

          usage: borg delete [-h] [--critical] [--error] [--warning] [--info] [--debug]
                             [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                             [--remote-path PATH] [-p] [-s] [-c] [--save-space]
                             [TARGET]

          Delete an existing repository or archive

          positional arguments:
            TARGET                archive or repository to delete

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    set remote path to executable (default: "borg")
            -p, --progress        show progress display while deleting a single archive
            -s, --stats           print statistics for the deleted archive
            -c, --cache-only      delete only the local cache for the given repository
            --save-space          work slower, but using less space

   Description
       This  command  deletes  an  archive  from the repository or the complete repository.  Disk
       space is reclaimed accordingly. If you delete the complete repository, the local cache for
       it (if any) is also deleted.

   Examples
          # delete a single backup archive:
          $ borg delete /path/to/repo::Monday

          # delete the whole repository and the related local cache:
          $ borg delete /path/to/repo
          You requested to completely DELETE the repository *including* all archives it contains:
          repo                                 Mon, 2016-02-15 19:26:54
          root-2016-02-15                      Mon, 2016-02-15 19:36:29
          newname                              Mon, 2016-02-15 19:50:19
          Type 'YES' if you understand this and want to continue: YES

BORG PRUNE

          usage: borg prune [-h] [--critical] [--error] [--warning] [--info] [--debug]
                            [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                            [--remote-path PATH] [-n] [-s] [--list]
                            [--keep-within WITHIN] [-H HOURLY] [-d DAILY] [-w WEEKLY]
                            [-m MONTHLY] [-y YEARLY] [-P PREFIX] [--save-space]
                            [REPOSITORY]

          Prune repository archives according to specified rules

          positional arguments:
            REPOSITORY            repository to prune

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    set remote path to executable (default: "borg")
            -n, --dry-run         do not change repository
            -s, --stats           print statistics for the deleted archive
            --list                output verbose list of archives it keeps/prunes
            --keep-within WITHIN  keep all archives within this time interval
            -H HOURLY, --keep-hourly HOURLY
                                  number of hourly archives to keep
            -d DAILY, --keep-daily DAILY
                                  number of daily archives to keep
            -w WEEKLY, --keep-weekly WEEKLY
                                  number of weekly archives to keep
            -m MONTHLY, --keep-monthly MONTHLY
                                  number of monthly archives to keep
            -y YEARLY, --keep-yearly YEARLY
                                  number of yearly archives to keep
            -P PREFIX, --prefix PREFIX
                                  only consider archive names starting with this prefix
            --save-space          work slower, but using less space

   Description
       The  prune  command  prunes  a  repository  by  deleting  archives not matching any of the
       specified retention options. This command is normally used  by  automated  backup  scripts
       wanting to keep a certain number of historic backups.

       As  an  example,  "-d  7" means to keep the latest backup on each day, up to 7 most recent
       days with backups (days without backups do not count).  The rules are applied from  hourly
       to  yearly,  and  backups  selected  by previous rules do not count towards those of later
       rules. The time that each backup completes is used for pruning purposes. Dates  and  times
       are  interpreted  in  the local timezone, and weeks go from Monday to Sunday. Specifying a
       negative number of archives to keep means that there is no limit.

       The "--keep-within" option takes an argument of the form "<int><char>", where char is "H",
       "d",  "w",  "m", "y". For example, "--keep-within 2d" means to keep all archives that were
       created within the past 48 hours.  "1m" is taken to mean "31d".  The  archives  kept  with
       this option do not count towards the totals specified by any other options.

       If  a  prefix is set with -P, then only archives that start with the prefix are considered
       for deletion and only those archives count towards the  totals  specified  by  the  rules.
       Otherwise, all archives in the repository are candidates for deletion!

   Examples
       Be careful, prune is a potentially dangerous command, it will remove backup archives.

       The default of prune is to apply to all archives in the repository unless you restrict its
       operation to a subset of the archives using --prefix.  When using --prefix, be careful  to
       choose  a  good  prefix  - e.g. do not use a prefix "foo" if you do not also want to match
       "foobar".

       It is strongly recommended to always run prune --dry-run ... first so you will see what it
       would do without it actually doing anything.

          # Keep 7 end of day and 4 additional end of week archives.
          # Do a dry-run without actually deleting anything.
          $ borg prune --dry-run --keep-daily=7 --keep-weekly=4 /path/to/repo

          # Same as above but only apply to archive names starting with "foo":
          $ borg prune --keep-daily=7 --keep-weekly=4 --prefix=foo /path/to/repo

          # Keep 7 end of day, 4 additional end of week archives,
          # and an end of month archive for every month:
          $ borg prune --keep-daily=7 --keep-weekly=4 --keep-monthly=-1 /path/to/repo

          # Keep all backups in the last 10 days, 4 additional end of week archives,
          # and an end of month archive for every month:
          $ borg prune --keep-within=10d --keep-weekly=4 --keep-monthly=-1 /path/to/repo

BORG INFO

          usage: borg info [-h] [--critical] [--error] [--warning] [--info] [--debug]
                           [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                           [--remote-path PATH]
                           ARCHIVE

          Show archive details such as disk space used

          positional arguments:
            ARCHIVE               archive to display information about

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    set remote path to executable (default: "borg")

   Description
       This command displays some detailed information about the specified archive.

   Examples
          $ borg info /path/to/repo::root-2016-02-15
          Name: root-2016-02-15
          Fingerprint: 57c827621f21b000a8d363c1e163cc55983822b3afff3a96df595077a660be50
          Hostname: myhostname
          Username: root
          Time (start): Mon, 2016-02-15 19:36:29
          Time (end):   Mon, 2016-02-15 19:39:26
          Command line: /usr/local/bin/borg create -v --list -C zlib,6 /path/to/repo::root-2016-02-15 / --one-file-system
          Number of files: 38100

                                 Original size      Compressed size    Deduplicated size
          This archive:                1.33 GB            613.25 MB            571.64 MB
          All archives:                1.63 GB            853.66 MB            584.12 MB

                                 Unique chunks         Total chunks
          Chunk index:                   36858                48844

BORG MOUNT

          usage: borg mount [-h] [--critical] [--error] [--warning] [--info] [--debug]
                            [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                            [--remote-path PATH] [-f] [-o OPTIONS]
                            REPOSITORY_OR_ARCHIVE MOUNTPOINT

          Mount archive or an entire repository as a FUSE fileystem

          positional arguments:
            REPOSITORY_OR_ARCHIVE
                                  repository/archive to mount
            MOUNTPOINT            where to mount filesystem

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    set remote path to executable (default: "borg")
            -f, --foreground      stay in foreground, do not daemonize
            -o OPTIONS            Extra mount options

   Description
       This  command  mounts  an archive as a FUSE filesystem. This can be useful for browsing an
       archive or restoring individual files. Unless the --foreground option is given the command
       will run in the background until the filesystem is umounted.

   Examples
          $ borg mount /path/to/repo::root-2016-02-15 /tmp/mymountpoint
          $ ls /tmp/mymountpoint
          bin  boot  etc      home  lib  lib64  lost+found  media  mnt  opt  root  sbin  srv  tmp  usr  var
          $ fusermount -u /tmp/mymountpoint

BORG CHANGE-PASSPHRASE

          usage: borg change-passphrase [-h] [--critical] [--error] [--warning] [--info]
                                        [--debug] [--lock-wait N] [--show-rc]
                                        [--no-files-cache] [--umask M]
                                        [--remote-path PATH]
                                        [REPOSITORY]

          Change repository key file passphrase

          positional arguments:
            REPOSITORY

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    set remote path to executable (default: "borg")

   Description
       The  key  files  used  for repository encryption are optionally passphrase protected. This
       command can be used to change this passphrase.

   Examples
          # Create a key file protected repository
          $ borg init --encryption=keyfile -v /path/to/repo
          Initializing repository at "/path/to/repo"
          Enter new passphrase:
          Enter same passphrase again:
          Remember your passphrase. Your data will be inaccessible without it.
          Key in "/root/.config/borg/keys/mnt_backup" created.
          Keep this key safe. Your data will be inaccessible without it.
          Synchronizing chunks cache...
          Archives: 0, w/ cached Idx: 0, w/ outdated Idx: 0, w/o cached Idx: 0.
          Done.

          # Change key file passphrase
          $ borg change-passphrase -v /path/to/repo
          Enter passphrase for key /root/.config/borg/keys/mnt_backup:
          Enter new passphrase:
          Enter same passphrase again:
          Remember your passphrase. Your data will be inaccessible without it.
          Key updated

BORG SERVE

          usage: borg serve [-h] [--critical] [--error] [--warning] [--info] [--debug]
                            [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                            [--remote-path PATH] [--restrict-to-path PATH]

          Start in server mode. This command is usually not used manually.

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    set remote path to executable (default: "borg")
            --restrict-to-path PATH
                                  restrict repository access to PATH

   Description
       This command starts a  repository  server  process.  This  command  is  usually  not  used
       manually.

   Examples
       borg  serve  has  special  support  for  ssh  forced commands (see authorized_keys example
       below): it will detect that you use such a forced command and extract  the  value  of  the
       --restrict-to-path  option(s).  It will then parse the original command that came from the
       client, makes sure that it is also borg serve and enforce path restriction(s) as given  by
       the  forced  command. That way, other options given by the client (like --info or --umask)
       are preserved (and are not fixed by the forced command).

          # Allow an SSH keypair to only run borg, and only have access to /path/to/repo.
          # Use key options to disable unneeded and potentially dangerous SSH functionality.
          # This will help to secure an automated remote backup system.
          $ cat ~/.ssh/authorized_keys
          command="borg serve --restrict-to-path /path/to/repo",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc ssh-rsa AAAAB3[...]

BORG UPGRADE

          usage: borg upgrade [-h] [--critical] [--error] [--warning] [--info] [--debug]
                              [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                              [--remote-path PATH] [-p] [-n] [-i]
                              [REPOSITORY]

          upgrade a repository from a previous version

          positional arguments:
            REPOSITORY            path to the repository to be upgraded

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    set remote path to executable (default: "borg")
            -p, --progress        show progress display while upgrading the repository
            -n, --dry-run         do not change repository
            -i, --inplace         rewrite repository in place, with no chance of going
                                  back to older versions of the repository.

   Description
       Upgrade an  existing  Borg  repository.   This  currently  supports  converting  an  Attic
       repository to Borg and also helps with converting Borg 0.xx to 1.0.

       Currently, only LOCAL repositories can be upgraded (issue #465).

       It  will change the magic strings in the repository's segments to match the new Borg magic
       strings. The keyfiles found in $ATTIC_KEYS_DIR or ~/.attic/keys/ will  also  be  converted
       and copied to $BORG_KEYS_DIR or ~/.config/borg/keys.

       The  cache files are converted, from $ATTIC_CACHE_DIR or ~/.cache/attic to $BORG_CACHE_DIR
       or ~/.cache/borg, but the cache layout between Borg and Attic changed, so it  is  possible
       the first backup after the conversion takes longer than expected due to the cache resync.

       Upgrade  should  be able to resume if interrupted, although it will still iterate over all
       segments. If you want to start from scratch, use borg delete over the copied repository to
       make sure the cache files are also removed:
          borg delete borg

       Unless  --inplace  is  specified,  the  upgrade process first creates a backup copy of the
       repository, in REPOSITORY.upgrade-DATETIME, using hardlinks. This  takes  longer  than  in
       place  upgrades,  but is much safer and gives progress information (as opposed to cp -al).
       Once you are satisfied with the conversion, you can safely destroy the backup copy.

       WARNING: Running the upgrade in place will make  the  current  copy  unusable  with  older
       version,  with no way of going back to previous versions. This can PERMANENTLY DAMAGE YOUR
       REPOSITORY!  Attic CAN NOT READ BORG REPOSITORIES, as the magic strings have changed.  You
       have been warned.

   Examples
          # Upgrade the borg repository to the most recent version.
          $ borg upgrade -v /path/to/repo
          making a hardlink copy in /path/to/repo.upgrade-2016-02-15-20:51:55
          opening attic repository with borg and converting
          no key file found for repository
          converting repo index /path/to/repo/index.0
          converting 1 segments...
          converting borg 0.xx to borg current
          no key file found for repository

MISCELLANEOUS HELP

   borg help patterns
       Exclusion  patterns  support four separate styles, fnmatch, shell, regular expressions and
       path prefixes. If followed by a colon (':') the first two characters of a pattern are used
       as  a  style  selector.  Explicit style selection is necessary when a non-default style is
       desired or when the desired pattern starts with two alphanumeric characters followed by  a
       colon (i.e. aa:something/*).

       Fnmatch, selector fm:
          These  patterns  use a variant of shell pattern syntax, with '*' matching any number of
          characters, '?' matching any single character, '[...]' matching  any  single  character
          specified, including ranges, and '[!...]' matching any character not specified. For the
          purpose of these patterns, the path separator ('' for Windows and '/' on other systems)
          is  not  treated  specially. Wrap meta-characters in brackets for a literal match (i.e.
          [?] to match the literal character  ?).  For  a  path  to  match  a  pattern,  it  must
          completely  match from start to end, or must match from the start to just before a path
          separator. Except for the root path, paths will never end in the  path  separator  when
          matching  is  attempted.   Thus,  if a given pattern ends in a path separator, a '*' is
          appended before matching is attempted.

       Shell-style patterns, selector sh:
          Like fnmatch patterns these are similar to shell patterns. The difference is  that  the
          pattern may include **/ for matching zero or more directory levels, * for matching zero
          or more arbitrary characters with the exception of any path separator.

       Regular expressions, selector re:
          Regular expressions similar to those found in Perl are supported. Unlike shell patterns
          regular expressions are not required to match the complete path and any substring match
          is sufficient. It is strongly recommended to anchor patterns to the start ('^'), to the
          end  ('$')  or both. Path separators ('' for Windows and '/' on other systems) in paths
          are always normalized to a forward slash ('/') before applying a pattern.  The  regular
          expression syntax is described in the Python documentation for the re module.

       Prefix path, selector pp:
          This  pattern  style is useful to match whole sub-directories. The pattern pp:/data/bar
          matches /data/bar and everything therein.

       Exclusions can be passed via the command line option --exclude. When used  from  within  a
       shell the patterns should be quoted to protect them from expansion.

       The  --exclude-from  option  permits  loading exclusion patterns from a text file with one
       pattern per line. Lines empty or starting  with  the  number  sign  ('#')  after  removing
       whitespace  on both ends are ignored. The optional style selector prefix is also supported
       for patterns loaded from a file. Due to whitespace removal paths with  whitespace  at  the
       beginning or end can only be excluded using regular expressions.

       Examples:

       # Exclude '/home/user/file.o' but not '/home/user/file.odt': $ borg create -e '
       *
       .o' backup /

       #     Exclude     '/home/user/junk'     and    '/home/user/subdir/junk'    but    #    not
       '/home/user/importantjunk' or '/etc/junk': $ borg create -e '/home/
       *
       /junk' backup /

       # Exclude the contents of '/home/user/cache' but not the directory itself: $  borg  create
       -e /home/user/cache/ backup /

       #   The   file   '/home/user/cache/important'   is   not  backed  up:  $  borg  create  -e
       /home/user/cache/ backup / /home/user/cache/important

       # The contents of directories in '/home' are not backed up  when  their  name  #  ends  in
       '.tmp' $ borg create --exclude 're:^/home/[^/]+.tmp/' backup /

       #  Load  exclusions  from  file  $ cat >exclude.txt <<EOF # Comment line /home//junk *.tmp
       fm:aa:something/ re:^/home/[^/].tmp/ sh:/home/
       *
       /.thumbnails EOF $ borg create --exclude-from exclude.txt backup /

DEBUG COMMANDS

       There are some more commands (all starting with "debug-") which are all not  intended  for
       normal use and potentially very dangerous if used incorrectly.

       They  exist  to improve debugging capabilities without direct system access, e.g.  in case
       you ever run into some severe malfunction. Use them only if you know what you are doing or
       if a trusted Borg developer tells you what to do.

ADDITIONAL NOTES

       Here are misc. notes about topics that are maybe not covered in enough detail in the usage
       section.

   Item flags
       borg create -v --list outputs a verbose list of all  files,  directories  and  other  file
       system  items  it considered (no matter whether they had content changes or not). For each
       item, it prefixes a single-letter flag that indicates type and/or status of the item.

       If you are interested only in a subset of that output, you can give e.g.  --filter=AME and
       it will only show regular files with A, M or E status (see below).

       A  uppercase  character  represents  the  status of a regular file relative to the "files"
       cache (not relative to the repo -- this is an issue if  the  files  cache  is  not  used).
       Metadata  is  stored  in any case and for 'A' and 'M' also new data chunks are stored. For
       'U' all data chunks refer to already existing chunks.

       · 'A' = regular file, added (see also a_status_oddity in the FAQ)

       · 'M' = regular file, modified

       · 'U' = regular file, unchanged

       · 'E' = regular file, an error happened while accessing/reading this file

       A lowercase character means a file type other than  a  regular  file,  borg  usually  just
       stores their metadata:

       · 'd' = directory

       · 'b' = block device

       · 'c' = char device

       · 'h' = regular file, hardlink (to already seen inodes)

       · 's' = symlink

       · 'f' = fifo

       Other flags used include:

       · 'i' = backup data was read from standard input (stdin)

       · '-' = dry run, item was not backed up

       · '?' = missing status code (if you see this, please file a bug report!)

   --chunker-params
       The  chunker  params influence how input files are cut into pieces (chunks) which are then
       considered for deduplication. They also have a big impact on resource usage (RAM and  disk
       space)  as  the  amount  of  resources  needed is (also) determined by the total amount of
       chunks in the repository (see Indexes / Caches memory usage for details).

       --chunker-params=10,23,16,4095 results in a fine-grained deduplication and creates  a  big
       amount  of  chunks  and  thus  uses  a  lot  of resources to manage them. This is good for
       relatively small data volumes and if the machine has a good amount of free  RAM  and  disk
       space.

       --chunker-params=19,23,21,4095  (default)  results  in  a coarse-grained deduplication and
       creates a much smaller amount of chunks and thus uses less resources.  This  is  good  for
       relatively big data volumes and if the machine has a relatively low amount of free RAM and
       disk space.

       If you already have made some archives in a repository and you then change chunker params,
       this of course impacts deduplication as the chunks will be cut differently.

       In the worst case (all files are big and were touched in between backups), this will store
       all content into the repository again.

       Usually, it is not that bad though:

       · usually most files are not touched, so it will just re-use the old chunks it already has
         in the repo

       · files  smaller  than  the  (both old and new) minimum chunksize result in only one chunk
         anyway, so the resulting chunks are same and deduplication will apply

       If you switch chunker params to save resources for an existing repo that already has  some
       backup  archives,  you  will  see an increasing effect over time, when more and more files
       have been touched and stored again using the bigger chunksize and all  references  to  the
       smaller older chunks have been removed (by deleting / pruning archives).

       If  you  want  to  see  an  immediate big effect on resource usage, you better start a new
       repository when changing chunker params.

       For more details, see chunker_details.

   --read-special
       The  option  --read-special  is  not  intended  for  normal,  filesystem-level  (full   or
       partly-recursive)  backups.  You  only give this option if you want to do something rather
       ... special -- and if you have hand-picked some files that you want to treat that way.

       borg create --read-special will  open  all  files  without  doing  any  special  treatment
       according to the file type (the only exception here are directories: they will be recursed
       into). Just imagine what happens if you do cat filename --- the content you will see there
       is what borg will backup for that filename.

       So, for example, symlinks will be followed, block device content will be read, named pipes
       / UNIX domain sockets will be read.

       You need to be careful with what you give as filename when using --read-special,  e.g.  if
       you give /dev/zero, your backup will never terminate.

       The  given  files' metadata is saved as it would be saved without --read-special (e.g. its
       name, its size [might be 0], its mode, etc.) -- but additionally, also  the  content  read
       from it will be saved for it.

       Restoring  such  files'  content  is  currently  only supported one at a time via --stdout
       option (and you have to redirect stdout to where ever it shall go, maybe directly into  an
       existing device file of your choice or indirectly via dd).

   Example
       Imagine you have made some snapshots of logical volumes (LVs) you want to backup.

       NOTE:
          For  some  scenarios,  this is a good method to get "crash-like" consistency (I call it
          crash-like because it is the same as you would get if you just hit the reset button  or
          your  machine would abrubtly and completely crash).  This is better than no consistency
          at all and a good method for some use cases, but likely not good  enough  if  you  have
          databases running.

       Then  you  create  a  backup archive of all these snapshots. The backup process will see a
       "frozen" state of the logical volumes, while the processes working in the original volumes
       continue changing the data stored there.

       You  also  add the output of lvdisplay to your backup, so you can see the LV sizes in case
       you ever need to recreate and restore them.

       After the backup has completed, you remove the snapshots again.

          $ # create snapshots here
          $ lvdisplay > lvdisplay.txt
          $ borg create --read-special /path/to/repo::arch lvdisplay.txt /dev/vg0/*-snapshot
          $ # remove snapshots here

       Now, let's see how to restore some LVs from such a backup.

          $ borg extract /path/to/repo::arch lvdisplay.txt
          $ # create empty LVs with correct sizes here (look into lvdisplay.txt).
          $ # we assume that you created an empty root and home LV and overwrite it now:
          $ borg extract --stdout /path/to/repo::arch dev/vg0/root-snapshot > /dev/vg0/root
          $ borg extract --stdout /path/to/repo::arch dev/vg0/home-snapshot > /dev/vg0/home

   Append-only mode
       A repository can be made "append-only", which means that  Borg  will  never  overwrite  or
       delete  committed  data. This is useful for scenarios where multiple machines back up to a
       central backup server using borg serve, since  a  hacked  machine  cannot  delete  backups
       permanently.

       To activate append-only mode, edit the repository config file and add a line append_only=1
       to the [repository] section (or edit the line if it exists).

       In append-only mode Borg will create a transaction log in  the  transactions  file,  where
       each line is a transaction and a UTC timestamp.

   Example
       Suppose  an  attacker remotely deleted all backups, but your repository was in append-only
       mode. A transaction log in this situation might look like this:

          transaction 1, UTC time 2016-03-31T15:53:27.383532
          transaction 5, UTC time 2016-03-31T15:53:52.588922
          transaction 11, UTC time 2016-03-31T15:54:23.887256
          transaction 12, UTC time 2016-03-31T15:55:54.022540
          transaction 13, UTC time 2016-03-31T15:55:55.472564

       From your security logs you conclude the attacker gained access at 15:54:00  and  all  the
       backups  where  deleted  or  replaced  by  compromised backups. From the log you know that
       transactions 11 and later are compromised. Note that the transaction ID is the name of the
       last file in the transaction. For example, transaction 11 spans files 6 to 11.

       In  a  real attack you'll likely want to keep the compromised repository intact to analyze
       what the attacker tried to achieve. It's also a good idea to make this copy just  in  case
       something goes wrong during the recovery. Since recovery is done by deleting some files, a
       hard link copy (cp -al) is sufficient.

       The first  step  to  reset  the  repository  to  transaction  5,  the  last  uncompromised
       transaction, is to remove the hints.N and index.N files in the repository (these two files
       are always expendable). In this example N is 13.

       Then remove or move all segment files from the segment directories in data/ starting  with
       file 6:

          rm data/**/{6..13}

       That's all to it.

   Drawbacks
       As  data  is  only appended, and nothing deleted, commands like prune or delete won't free
       disk space, they merely tag data as deleted in a new transaction.

       Note that you can go back-and-forth between normal and append-only  operation  by  editing
       the configuration file, it's not a "one way trip".

   Further considerations
       Append-only  mode  is  not  respected  by  tools  other  than  Borg. rm still works on the
       repository. Make sure that backup client machines only get to access  the  repository  via
       borg serve.

       Ensure  that  no  remote access is possible if the repository is temporarily set to normal
       mode for e.g. regular pruning.

       Further protections can be implemented, but are outside of Borgs scope. For example,  file
       system  snapshots  or  wrapping  borg serve to set special permissions or ACLs on new data
       files.

AUTHOR

       The Borg Collective (see AUTHORS file)

COPYRIGHT

       2010-2014 Jonas Borgström, 2015-2016 The Borg Collective (see AUTHORS file)