Provided by: borgbackup_1.0.13-0ubuntu1.16.04.1_amd64 bug

NAME

       borg  -  BorgBackup  is  a  deduplicating  backup  program  with  optional compression and
       authenticated encryption.

       Borg consists of a number of commands. Each command accepts  a  number  of  arguments  and
       options. The following sections will describe each command in detail.

GENERAL

   Positional Arguments and Options: Order matters
       Borg  only  supports taking options (-v and --list in the example) to the left or right of
       all positional arguments (repo::archive and path in the example), but not in between them:

          borg extract -v --list repo::archive path  # good and preferred
          borg extract repo::archive path -v --list  # also works
          borg extract -v repo::archive path --list  # works, but ugly
          borg extract repo::archive -v --list path  # BAD

       This is due to a problem in the argparse module: http://bugs.python.org/issue15112

   Repository URLs
       Local filesystem (or locally mounted network filesystem):

       /path/to/repo - filesystem path to repo directory, absolute path

       path/to/repo - filesystem path to repo directory, relative path

       Also, stuff like ~/path/to/repo or ~other/path/to/repo works (this  is  expanded  by  your
       shell).

       Note: you may also prepend a file:// to a filesystem path to get URL style.

       Remote repositories accessed via ssh user@host:

       user@host:/path/to/repo - remote repo, absolute path

       ssh://user@host:port/path/to/repo - same, alternative syntax, port can be given

       Remote repositories with relative pathes can be given using this syntax:

       user@host:path/to/repo - path relative to current directory

       user@host:~/path/to/repo - path relative to user's home directory

       user@host:~other/path/to/repo - path relative to other's home directory

       Note:     giving     user@host:/./path/to/repo     or     user@host:/~/path/to/repo     or
       user@host:/~other/path/to/repo is also supported, but not required here.

       Remote repositories with relative pathes, alternative syntax with port:

       ssh://user@host:port/./path/to/repo - path relative to current directory

       ssh://user@host:port/~/path/to/repo - path relative to user's home directory

       ssh://user@host:port/~other/path/to/repo - path relative to other's home directory

       If you frequently need the same repo  URL,  it  is  a  good  idea  to  set  the  BORG_REPO
       environment variable to set a default for the repo URL:

          export BORG_REPO='ssh://user@host:port/path/to/repo'

       Then  just  leave  away  the repo URL if only a repo URL is needed and you want to use the
       default - it will be read from BORG_REPO then.

       Use :: syntax to give the repo URL when syntax requires giving a positional  argument  for
       the repo (e.g. borg mount :: /mnt).

   Repository / Archive Locations
       Many  commands  want either a repository (just give the repo URL, see above) or an archive
       location, which is a repo URL followed by ::archive_name.

       Archive names must not contain the / (slash) character. For simplicity, maybe  also  avoid
       blanks or other characters that have special meaning on the shell or in a filesystem (borg
       mount will use the archive name as directory name).

       If  you  have  set  BORG_REPO  (see  above)  and  an  archive  location  is  needed,   use
       ::archive_name - the repo URL part is then read from BORG_REPO.

   Type of log output
       The  log  level of the builtin logging configuration defaults to WARNING.  This is because
       we want Borg to be mostly silent and only output warnings, errors and critical messages.

       Log levels: DEBUG < INFO < WARNING < ERROR < CRITICAL

       Use --debug to set DEBUG log level - to get debug, info, warning, error and critical level
       output.

       Use  --info  (or  -v or --verbose) to set INFO log level - to get info, warning, error and
       critical level output.

       Use --warning (default) to set WARNING log level - to  get  warning,  error  and  critical
       level output.

       Use --error to set ERROR log level - to get error and critical level output.

       Use --critical to set CRITICAL log level - to get critical level output.

       While  you  can set misc. log levels, do not expect that every command will give different
       output on different log levels - it's just a possibility.

       WARNING:
          Options --critical and --error are  provided  for  completeness,  their  usage  is  not
          recommended as you might miss important information.

       WARNING:
          While  some options (like --stats or --list) will emit more informational messages, you
          have to use INFO (or lower) log level to make them show up in log output. Use -v  or  a
          logging configuration.

   Return codes
       Borg can exit with the following return codes (rc):

          0 = success (logged as INFO)
          1 = warning (operation reached its normal end, but there were warnings -
              you should check the log, logged as WARNING)
          2 = error (like a fatal error, a local or remote exception, the operation
              did not reach its normal end, logged as ERROR)
          128+N = killed by signal N (e.g. 137 == kill -9)

       If  you  use  --show-rc, the return code is also logged at the indicated level as the last
       log entry.

   Environment Variables
       Borg uses some environment variables for automation:

       General:

              BORG_REPO
                     When set, use the value to  give  the  default  repository  location.  If  a
                     command  needs  an  archive parameter, you can abbreviate as ::archive. If a
                     command needs a repository parameter,  you  can  either  leave  it  away  or
                     abbreviate as ::, if a positional parameter is required.

              BORG_PASSPHRASE
                     When  set,  use  the  value  to answer the passphrase question for encrypted
                     repositories.  It is used when a passphrase is needed to access an encrypted
                     repo  as  well  as  when  a  new  passphrase  should  be  initially set when
                     initializing an encrypted repo.

              BORG_PASSCOMMAND
                     When set, use the standard output of  the  command  (trailing  newlines  are
                     stripped)  to answer the passphrase question for encrypted repositories.  It
                     is used when a passphrase is needed to access an encrypted repo as  well  as
                     when a new passphrase should be initially set when initializing an encrypted
                     repo.  If BORG_PASSPHRASE is also set, it takes precedence.

              BORG_PASSPHRASE_FD
                     When set, specifies a file descriptor to read a  passphrase  from.  Programs
                     starting  borg  may  choose  to  open an anonymous pipe and use it to pass a
                     passphrase. This is safer than passing via BORG_PASSPHRASE, because on  some
                     systems  (e.g.  Linux)  environment  can be examined by other processes.  If
                     BORG_PASSPHRASE or BORG_PASSCOMMAND are also set, they take precedence.

              BORG_DISPLAY_PASSPHRASE
                     When  set,  use  the  value  to  answer  the  "display  the  passphrase  for
                     verification"   question  when  defining  a  new  passphrase  for  encrypted
                     repositories.

              BORG_LOGGING_CONF
                     When set, use the given filename as INI-style logging configuration.

              BORG_RSH
                     When set, use this command instead of ssh. This can be used to  specify  ssh
                     options, such as a custom identity file ssh -i /path/to/private/key. See man
                     ssh for other options.

              BORG_REMOTE_PATH
                     When set, use the given path as borg executable on the remote  (defaults  to
                     "borg" if unset).  Using --remote-path PATH commandline option overrides the
                     environment variable.

              BORG_FILES_CACHE_TTL
                     When set to a numeric value, this determines the maximum "time to live"  for
                     the  files  cache  entries (default: 20). The files cache is used to quickly
                     determine whether a file is unchanged.  The FAQ explains this more  detailed
                     in: always_chunking

              TMPDIR where  temporary  files  are stored (might need a lot of temporary space for
                     some operations)

       Some automatic answerers (if set, they automatically answer confirmation questions):

              BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=no (or =yes)
                     For  "Warning:  Attempting  to  access  a  previously  unknown   unencrypted
                     repository"

              BORG_RELOCATED_REPO_ACCESS_IS_OK=no (or =yes)
                     For "Warning: The repository at location ... was previously located at ..."

              BORG_CHECK_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
                     For  "Warning: 'check --repair' is an experimental feature that might result
                     in data loss."

              BORG_DELETE_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
                     For "You  requested  to  completely  DELETE  the  repository  including  all
                     archives it contains:"

              Note: answers are case sensitive. setting an invalid answer value might either give
              the default answer or ask you  interactively,  depending  on  whether  retries  are
              allowed  (they  by  default are allowed). So please test your scripts interactively
              before making them a non-interactive script.

       Directories:

              BORG_KEYS_DIR
                     Default to '~/.config/borg/keys'. This directory contains keys for encrypted
                     repositories.

              BORG_SECURITY_DIR
                     Default  to  '~/.config/borg/security'.  This  directory  is used by Borg to
                     track various pieces of security-related data.

              BORG_CACHE_DIR
                     Default to '~/.cache/borg'. This directory  contains  the  local  cache  and
                     might need a lot of space for dealing with big repositories).

       Building:

              BORG_OPENSSL_PREFIX
                     Adds   given   OpenSSL  header  file  directory  to  the  default  locations
                     (setup.py).

              BORG_LZ4_PREFIX
                     Adds given LZ4 header file directory to the default locations (setup.py).

       Please note:

       • be very careful when using the "yes" sayers, the warnings with prompt exist for  your  /
         your data's security/safety

       • also  be  very  careful  when  putting  your  passphrase into a script, make sure it has
         appropriate file permissions (e.g. mode 600, root:root).

   Resource Usage
       Borg might use a lot of resources depending on the size of the  data  set  it  is  dealing
       with.

       If  one  uses  Borg  in  a  client/server way (with a ssh: repository), the resource usage
       occurs in part on the client and in another part on the server.

       If one uses Borg as a single process (with a filesystem  repo),  all  the  resource  usage
       occurs in that one process, so just add up client + server to get the approximate resource
       usage.

       CPU client:
              borg create: does chunking, hashing, compression, crypto (high  CPU  usage)  chunks
              cache  sync: quite heavy on CPU, doing lots of hashtable operations.  borg extract:
              crypto, decompression (medium to high CPU usage) borg check:  similar  to  extract,
              but  depends on options given.  borg prune / borg delete archive: low to medium CPU
              usage borg delete repo: done on the server It won't go beyond 100% of 1 core as the
              code  is  currently  single-threaded.   Especially higher zlib and lzma compression
              levels use significant amounts of CPU cycles. Crypto might be cheap on the CPU  (if
              hardware accelerated) or expensive (if not).

       CPU server:
              It  usually  doesn't  need  much  CPU,  it  just  deals  with  the  key/value store
              (repository) and uses the repository index for that.

              borg check: the repository check computes the checksums of all chunks  (medium  CPU
              usage) borg delete repo: low CPU usage

       CPU (only for client/server operation):
              When  using  borg  in  a client/server way with a ssh:-type repo, the ssh processes
              used for the transport layer will need some CPU on the client and on the server due
              to the crypto they are doing - esp. if you are pumping big amounts of data.

       Memory (RAM) client:
              The  chunks index and the files index are read into memory for performance reasons.
              Might need big amounts of memory (see below).  Compression, esp.  lzma  compression
              with high levels might need substantial amounts of memory.

       Memory (RAM) server:
              The  server  process  will  load  the  repository  index  into  memory.  Might need
              considerable amounts of memory, but less than on the client (see below).

       Chunks index (client only):
              Proportional to the amount of data chunks in your repo. Lots of chunks in your repo
              imply  a  big chunks index.  It is possible to tweak the chunker params (see create
              options).

       Files index (client only):
              Proportional to the amount of files in your last backups. Can be switched off  (see
              create options), but next backup might be much slower if you do.  The speed benefit
              of using the files cache is proportional to file size.

       Repository index (server only):
              Proportional to the amount of data chunks in your repo. Lots of chunks in your repo
              imply  a  big  repository  index.   It is possible to tweak the chunker params (see
              create options) to influence the amount of chunks being created.

       Temporary files (client):
              Reading data and metadata from a FUSE mounted repository will  consume  up  to  the
              size  of  all  deduplicated,  small  chunks  in the repository. Big chunks won't be
              locally cached.

       Temporary files (server):
              None.

       Cache files (client only):
              Contains the chunks index and files index (plus a  collection  of  single-  archive
              chunk  indexes  which  might  need huge amounts of disk space, depending on archive
              count and size - see FAQ about how to reduce).

       Network (only for client/server operation):
              If  your  repository  is  remote,  all  deduplicated  (and  optionally  compressed/
              encrypted)  data  of  course has to go over the connection (ssh: repo url).  If you
              use a locally mounted network filesystem, additionally some  copy  operations  used
              for transaction support also go over the connection. If you backup multiple sources
              to one target repository, additional traffic happens for cache resynchronization.

       In case you are interested in more details (like formulas), please see internals.

   Units
       To display quantities, Borg takes care of respecting the usual conventions of scale.  Disk
       sizes  are  displayed in decimal, using powers of ten (so kB means 1000 bytes). For memory
       usage, binary prefixes are used, and are indicated using the IEC  binary  prefixes,  using
       powers of two (so KiB means 1024 bytes).

   Date and Time
       We  format  date  and  time  conforming to ISO-8601, that is: YYYY-MM-DD and HH:MM:SS (24h
       clock).

       For more information about that, see: https://xkcd.com/1179/

       Unless otherwise noted, we display local date and time.  Internally, we store and  process
       date and time as UTC.

BORG INIT

          usage: borg init [-h] [--critical] [--error] [--warning] [--info] [--debug]
                           [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                           [--remote-path PATH] [-e {none,keyfile,repokey}] [-a]
                           [REPOSITORY]

          Initialize an empty repository

          positional arguments:
            REPOSITORY            repository to create

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")
            -e {none,keyfile,repokey}, --encryption {none,keyfile,repokey}
                                  select encryption key mode (default: "repokey")
            -a, --append-only     create an append-only mode repository

   Description
       This  command  initializes  an  empty  repository.  A repository is a filesystem directory
       containing the deduplicated data from zero or more archives.  Encryption can be enabled at
       repository init time.

   Examples
          # Local repository (default is to use encryption in repokey mode)
          $ borg init /path/to/repo

          # Local repository (no encryption)
          $ borg init --encryption=none /path/to/repo

          # Remote repository (accesses a remote borg via ssh)
          $ borg init user@hostname:backup

          # Remote repository (store the key your home dir)
          $ borg init --encryption=keyfile user@hostname:backup

       Important notes about encryption:

       It  is  not  recommended  to  disable  encryption. Repository encryption protects you e.g.
       against the case that an attacker has access to your backup repository.

       But be careful with the key / the passphrase:

       If you want "passphrase-only" security, use the repokey  mode.  The  key  will  be  stored
       inside  the  repository  (in  its  "config" file). In above mentioned attack scenario, the
       attacker will have the key (but not the passphrase).

       If you want "passphrase and having-the-key" security, use the keyfile mode.  The key  will
       be  stored  in  your  home  directory  (in .config/borg/keys). In the attack scenario, the
       attacker who has just  access  to  your  repo  won't  have  the  key  (and  also  not  the
       passphrase).

       Make  a  backup copy of the key file (keyfile mode) or repo config file (repokey mode) and
       keep it at a safe place, so you still have the key in case it gets corrupted or lost. Also
       keep  the  passphrase  at  a safe place.  The backup that is encrypted with that key won't
       help you with that, of course.

       Make sure you use a good passphrase. Not too short, not too simple. The real encryption  /
       decryption  key  is  encrypted with / locked by your passphrase.  If an attacker gets your
       key, he can't unlock and use it without knowing the passphrase.

       Be careful with special or non-ascii characters in your passphrase:

       • Borg processes the passphrase as unicode (and encodes it as utf-8), so it does not  have
         problems dealing with even the strangest characters.

       • BUT: that does not necessarily apply to your OS / VM / keyboard configuration.

       So  better  use  a  long  passphrase  made  from simple ascii chars than one that includes
       non-ascii stuff or characters that are hard/impossible to enter on  a  different  keyboard
       layout.

       You  can  change  your  passphrase  for  existing  repos  at any time, it won't affect the
       encryption/decryption key or other secrets.

BORG CREATE

          usage: borg create [-h] [--critical] [--error] [--warning] [--info] [--debug]
                             [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                             [--remote-path PATH] [-s] [-p] [--list]
                             [--filter STATUSCHARS] [-e PATTERN]
                             [--exclude-from EXCLUDEFILE] [--exclude-caches]
                             [--exclude-if-present FILENAME] [--keep-tag-files]
                             [-c SECONDS] [-x] [--numeric-owner] [--noatime] [--noctime]
                             [--timestamp yyyy-mm-ddThh:mm:ss]
                             [--chunker-params CHUNK_MIN_EXP,CHUNK_MAX_EXP,HASH_MASK_BITS,HASH_WINDOW_SIZE]
                             [--ignore-inode] [-C COMPRESSION] [--read-special] [-n]
                             ARCHIVE PATH [PATH ...]

          Create new archive

          positional arguments:
            ARCHIVE               name of archive to create (must be also a valid
                                  directory name)
            PATH                  paths to archive

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")
            -s, --stats           print statistics for the created archive. Requires
                                  -v/--verbose.
            -p, --progress        show progress display while creating the archive,
                                  showing Original, Compressed and Deduplicated sizes,
                                  followed by the Number of files seen and the path
                                  being processed, default: False
            --list                output verbose list of items (files, dirs, ...).
                                  Requires -v/--verbose.
            --filter STATUSCHARS  only display items with the given status characters
            -e PATTERN, --exclude PATTERN
                                  exclude paths matching PATTERN
            --exclude-from EXCLUDEFILE
                                  read exclude patterns from EXCLUDEFILE, one per line
            --exclude-caches      exclude directories that contain a CACHEDIR.TAG file
                                  (http://www.brynosaurus.com/cachedir/spec.html)
            --exclude-if-present FILENAME
                                  exclude directories that contain the specified file
            --keep-tag-files      keep tag files of excluded caches/directories
            -c SECONDS, --checkpoint-interval SECONDS
                                  write checkpoint every SECONDS seconds (Default: 1800)
            -x, --one-file-system
                                  stay in same file system
            --numeric-owner       only store numeric user and group identifiers
            --noatime             do not store atime into archive
            --noctime             do not store ctime into archive
            --timestamp yyyy-mm-ddThh:mm:ss
                                  manually specify the archive creation date/time (UTC).
                                  alternatively, give a reference file/directory.
            --chunker-params CHUNK_MIN_EXP,CHUNK_MAX_EXP,HASH_MASK_BITS,HASH_WINDOW_SIZE
                                  specify the chunker parameters. default: 19,23,21,4095
            --ignore-inode        ignore inode data in the file metadata cache used to
                                  detect unchanged files.
            -C COMPRESSION, --compression COMPRESSION
                                  select compression algorithm (and level): none == no
                                  compression (default), lz4 == lz4, zlib == zlib
                                  (default level 6), zlib,0 .. zlib,9 == zlib (with
                                  level 0..9), lzma == lzma (default level 6), lzma,0 ..
                                  lzma,9 == lzma (with level 0..9).
            --read-special        open and read block and char device files as well as
                                  FIFOs as if they were regular files. Also follows
                                  symlinks pointing to these kinds of files.
            -n, --dry-run         do not create a backup archive

   Description
       This command creates a  backup  archive  containing  all  files  found  while  recursively
       traversing  all  paths  specified.  Paths are added to the archive as they are given, that
       means if relative paths are desired, the command has to be run from the correct directory.

       When giving '-' as path, borg will read data from standard input and create a file 'stdin'
       in the created archive from that data.

       The  archive  will  consume  almost  no  disk  space for files or parts of files that have
       already been stored in other archives.

       The archive name needs to be unique. It must not end in '.checkpoint'  or  '.checkpoint.N'
       (with  N  being  a  number),  because  these names are used for checkpoints and treated in
       special ways.

       In the archive name, you may use the  following  placeholders:  {now},  {utcnow},  {fqdn},
       {hostname}, {user} and some others.

       To  speed  up  pulling  backups  over  sshfs and similar network file systems which do not
       provide correct inode information the --ignore-inode flag can be  used.  This  potentially
       decreases  reliability  of  change  detection,  while avoiding always reading all files on
       these file systems.

       The mount points of filesystems or filesystem snapshots  should  be  the  same  for  every
       creation of a new archive to ensure fast operation. This is because the file cache that is
       used to determine changed files quickly uses absolute filenames.  If this is not possible,
       consider creating a bind mount to a stable location.

       See the output of the "borg help patterns" command for more help on exclude patterns.  See
       the output of the "borg help placeholders" command for more help on placeholders.

       Borg respects the nodump flag. Files flagged nodump will be  marked  as  excluded  (x)  in
       --list output.

   Examples
          # Backup ~/Documents into an archive named "my-documents"
          $ borg create /path/to/repo::my-documents ~/Documents

          # same, but verbosely list all files as we process them
          $ borg create -v --list /path/to/repo::my-documents ~/Documents

          # Backup ~/Documents and ~/src but exclude pyc files
          $ borg create /path/to/repo::my-files \
              ~/Documents                       \
              ~/src                             \
              --exclude '*.pyc'

          # Backup home directories excluding image thumbnails (i.e. only
          # /home/*/.thumbnails is excluded, not /home/*/*/.thumbnails)
          $ borg create /path/to/repo::my-files /home \
              --exclude 're:^/home/[^/]+/\.thumbnails/'

          # Do the same using a shell-style pattern
          $ borg create /path/to/repo::my-files /home \
              --exclude 'sh:/home/*/.thumbnails'

          # Backup the root filesystem into an archive named "root-YYYY-MM-DD"
          # use zlib compression (good, but slow) - default is no compression
          $ borg create -C zlib,6 --one-file-system /path/to/repo::root-{now:%Y-%m-%d} /

          # Make a big effort in fine granular deduplication (big chunk management
          # overhead, needs a lot of RAM and disk space, see formula in internals
          # docs - same parameters as borg < 1.0 or attic):
          $ borg create --chunker-params 10,23,16,4095 /path/to/repo::small /smallstuff

          # Backup a raw device (must not be active/in use/mounted at that time)
          $ dd if=/dev/sdx bs=10M | borg create /path/to/repo::my-sdx -

          # No compression (default)
          $ borg create /path/to/repo::arch ~

          # Super fast, low compression
          $ borg create --compression lz4 /path/to/repo::arch ~

          # Less fast, higher compression (N = 0..9)
          $ borg create --compression zlib,N /path/to/repo::arch ~

          # Even slower, even higher compression (N = 0..9)
          $ borg create --compression lzma,N /path/to/repo::arch ~

          # Use short hostname, user name and current time in archive name
          $ borg create /path/to/repo::{hostname}-{user}-{now} ~
          # Similar, use the same datetime format as borg 1.1 will have as default
          $ borg create /path/to/repo::{hostname}-{user}-{now:%Y-%m-%dT%H:%M:%S} ~
          # As above, but add nanoseconds
          $ borg create /path/to/repo::{hostname}-{user}-{now:%Y-%m-%dT%H:%M:%S.%f} ~

          # Backing up relative paths by moving into the correct directory first
          $ cd /home/user/Documents
          # The root directory of the archive will be "projectA"
          $ borg create /path/to/repo::daily-projectA-{now:%Y-%m-%d} projectA

   Notes
       • the  --exclude  patterns  are  not like tar. In tar --exclude .bundler/gems will exclude
         foo/.bundler/gems. In borg it will not, you need to use --exclude  '*/.bundler/gems'  to
         get the same effect. See borg help patterns for more information.

BORG EXTRACT

          usage: borg extract [-h] [--critical] [--error] [--warning] [--info] [--debug]
                              [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                              [--remote-path PATH] [--list] [-n] [-e PATTERN]
                              [--exclude-from EXCLUDEFILE] [--numeric-owner]
                              [--strip-components NUMBER] [--stdout] [--sparse]
                              ARCHIVE [PATH [PATH ...]]

          Extract archive contents

          positional arguments:
            ARCHIVE               archive to extract
            PATH                  paths to extract; patterns are supported

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")
            --list                output verbose list of items (files, dirs, ...).
                                  Requires -v/--verbose.
            -n, --dry-run         do not actually change any files
            -e PATTERN, --exclude PATTERN
                                  exclude paths matching PATTERN
            --exclude-from EXCLUDEFILE
                                  read exclude patterns from EXCLUDEFILE, one per line
            --numeric-owner       only obey numeric user and group identifiers
            --strip-components NUMBER
                                  Remove the specified number of leading path elements.
                                  Pathnames with fewer elements will be silently
                                  skipped.
            --stdout              write all extracted data to stdout
            --sparse              create holes in output sparse file from all-zero
                                  chunks

   Description
       This  command  extracts  the  contents  of  an  archive.  By default the entire archive is
       extracted but a subset of files and directories can be selected by passing a list of PATHs
       as arguments. The file selection can further be restricted by using the --exclude option.

       See the output of the "borg help patterns" command for more help on exclude patterns.

   Examples
          # Extract entire archive
          $ borg extract /path/to/repo::my-files

          # Extract entire archive and list files while processing
          $ borg extract -v --list /path/to/repo::my-files

          # Extract the "src" directory
          $ borg extract /path/to/repo::my-files home/USERNAME/src

          # Extract the "src" directory but exclude object files
          $ borg extract /path/to/repo::my-files home/USERNAME/src --exclude '*.o'

          # Restore a raw device (must not be active/in use/mounted at that time)
          $ borg extract --stdout /path/to/repo::my-sdx | dd of=/dev/sdx bs=10M

       Note: currently, extract always writes into the current working directory ("."),
              so make sure you cd to the right place before calling borg extract.

BORG CHECK

          usage: borg check [-h] [--critical] [--error] [--warning] [--info] [--debug]
                            [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                            [--remote-path PATH] [--repository-only] [--archives-only]
                            [--repair] [--save-space] [--last N] [-P PREFIX]
                            [REPOSITORY_OR_ARCHIVE]

          Check repository consistency

          positional arguments:
            REPOSITORY_OR_ARCHIVE
                                  repository or archive to check consistency of

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")
            --repository-only     only perform repository checks
            --archives-only       only perform archives checks
            --repair              attempt to repair any inconsistencies found
            --save-space          work slower, but using less space
            --last N              only check last N archives (Default: all)
            -P PREFIX, --prefix PREFIX
                                  only consider archive names starting with this prefix

   Description
       The check command verifies the consistency of a repository and the corresponding archives.

       First, the underlying repository data files are checked:

       • For all segments the segment magic (header) is checked

       • For all objects stored in the segments, all metadata (e.g. crc and size) and all data is
         read. The read data is checked by size and CRC. Bit rot and other  types  of  accidental
         damage can be detected this way.

       • If  we  are  in  repair  mode and a integrity error is detected for a segment, we try to
         recover as many objects from the segment as possible.

       • In repair mode, it makes sure that the index is consistent with the data stored  in  the
         segments.

       • If  you use a remote repo server via ssh:, the repo check is executed on the repo server
         without causing significant network traffic.

       • The repository check can be skipped using the --archives-only option.

       Second, the consistency and correctness of the archive metadata is verified:

       • Is the repo manifest present? If not, it is rebuilt from archive metadata  chunks  (this
         requires reading and decrypting of all metadata and data).

       • Check if archive metadata chunk is present. if not, remove archive from manifest.

       • For all files (items) in the archive, for all chunks referenced by these files, check if
         chunk is present.  If a chunk is not present and we are in repair mode, replace it  with
         a  same-size replacement chunk of zeros.  If a previously lost chunk reappears (e.g. via
         a later backup) and we are in repair  mode,  the  all-zero  replacement  chunk  will  be
         replaced  by the correct chunk.  This requires reading of archive and file metadata, but
         not data.

       • If we are in repair mode and we checked all the archives: delete  orphaned  chunks  from
         the repo.

       • if  you  use  a remote repo server via ssh:, the archive check is executed on the client
         machine (because if encryption is enabled, the checks will require decryption  and  this
         is always done client-side, because key access will be required).

       • The   archive   checks   can   be   time  consuming,  they  can  be  skipped  using  the
         --repository-only option.

BORG RENAME

          usage: borg rename [-h] [--critical] [--error] [--warning] [--info] [--debug]
                             [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                             [--remote-path PATH]
                             ARCHIVE NEWNAME

          Rename an existing archive

          positional arguments:
            ARCHIVE               archive to rename
            NEWNAME               the new archive name to use

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")

   Description
       This command renames an archive in the repository.

   Examples
          $ borg create /path/to/repo::archivename ~
          $ borg list /path/to/repo
          archivename                          Mon, 2016-02-15 19:50:19

          $ borg rename /path/to/repo::archivename newname
          $ borg list /path/to/repo
          newname                              Mon, 2016-02-15 19:50:19

BORG LIST

          usage: borg list [-h] [--critical] [--error] [--warning] [--info] [--debug]
                           [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                           [--remote-path PATH] [--short] [--list-format LISTFORMAT]
                           [-P PREFIX]
                           [REPOSITORY_OR_ARCHIVE]

          List archive or repository contents

          positional arguments:
            REPOSITORY_OR_ARCHIVE
                                  repository/archive to list contents of

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")
            --short               only print file/directory names, nothing else
            --list-format LISTFORMAT
                                  specify format for archive file listing (default:
                                  "{mode} {user:6} {group:6} {size:8d} {isomtime}
                                  {path}{extra}{NEWLINE}") Special "{formatkeys}" exists
                                  to list available keys
            -P PREFIX, --prefix PREFIX
                                  only consider archive names starting with this prefix

   Description
       This command lists the contents of a repository or an archive.

   Examples
          $ borg list /path/to/repo
          Monday                               Mon, 2016-02-15 19:15:11
          repo                                 Mon, 2016-02-15 19:26:54
          root-2016-02-15                      Mon, 2016-02-15 19:36:29
          newname                              Mon, 2016-02-15 19:50:19
          ...

          $ borg list /path/to/repo::root-2016-02-15
          drwxr-xr-x root   root          0 Mon, 2016-02-15 17:44:27 .
          drwxrwxr-x root   root          0 Mon, 2016-02-15 19:04:49 bin
          -rwxr-xr-x root   root    1029624 Thu, 2014-11-13 00:08:51 bin/bash
          lrwxrwxrwx root   root          0 Fri, 2015-03-27 20:24:26 bin/bzcmp -> bzdiff
          -rwxr-xr-x root   root       2140 Fri, 2015-03-27 20:24:22 bin/bzdiff
          ...

          $ borg list /path/to/repo::archiveA --list-format="{mode} {user:6} {group:6} {size:8d} {isomtime} {path}{extra}{NEWLINE}"
          drwxrwxr-x user   user          0 Sun, 2015-02-01 11:00:00 .
          drwxrwxr-x user   user          0 Sun, 2015-02-01 11:00:00 code
          drwxrwxr-x user   user          0 Sun, 2015-02-01 11:00:00 code/myproject
          -rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.ext
          ...

          # see what is changed between archives, based on file modification time, size and file path
          $ borg list /path/to/repo::archiveA --list-format="{mtime:%s}{TAB}{size}{TAB}{path}{LF}" |sort -n > /tmp/list.archiveA
          $ borg list /path/to/repo::archiveB --list-format="{mtime:%s}{TAB}{size}{TAB}{path}{LF}" |sort -n > /tmp/list.archiveB
          $ diff -y /tmp/list.archiveA /tmp/list.archiveB
          1422781200      0       .                                       1422781200      0       .
          1422781200      0       code                                    1422781200      0       code
          1422781200      0       code/myproject                          1422781200      0       code/myproject
          1422781200      1416192 code/myproject/file.ext               | 1454664653      1416192 code/myproject/file.ext
          ...

BORG DELETE

          usage: borg delete [-h] [--critical] [--error] [--warning] [--info] [--debug]
                             [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                             [--remote-path PATH] [-p] [-s] [-c] [--force]
                             [--save-space]
                             [TARGET]

          Delete an existing repository or archive

          positional arguments:
            TARGET                archive or repository to delete

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")
            -p, --progress        show progress display while deleting a single archive
            -s, --stats           print statistics for the deleted archive. Requires
                                  -v/--verbose.
            -c, --cache-only      delete only the local cache for the given repository
            --force               force deletion of corrupted archives, use --force
                                  --force in case --force does not work.
            --save-space          work slower, but using less space

   Description
       This command deletes an archive from the repository  or  the  complete  repository.   Disk
       space is reclaimed accordingly. If you delete the complete repository, the local cache for
       it (if any) is also deleted.

   Examples
          # delete a single backup archive:
          $ borg delete /path/to/repo::Monday

          # delete the whole repository and the related local cache:
          $ borg delete /path/to/repo
          You requested to completely DELETE the repository *including* all archives it contains:
          repo                                 Mon, 2016-02-15 19:26:54
          root-2016-02-15                      Mon, 2016-02-15 19:36:29
          newname                              Mon, 2016-02-15 19:50:19
          Type 'YES' if you understand this and want to continue: YES

BORG PRUNE

          usage: borg prune [-h] [--critical] [--error] [--warning] [--info] [--debug]
                            [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                            [--remote-path PATH] [-n] [--force] [-s] [--list]
                            [--keep-within INTERVAL] [-H HOURLY] [-d DAILY] [-w WEEKLY]
                            [-m MONTHLY] [-y YEARLY] [-P PREFIX] [--save-space]
                            [REPOSITORY]

          Prune repository archives according to specified rules

          positional arguments:
            REPOSITORY            repository to prune

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")
            -n, --dry-run         do not change repository
            --force               force pruning of corrupted archives
            -s, --stats           print statistics for the deleted archive. Requires
                                  -v/--verbose.
            --list                output verbose list of archives it keeps/prunes.
                                  Requires -v/--verbose.
            --keep-within INTERVAL
                                  keep all archives within this time interval
            -H HOURLY, --keep-hourly HOURLY
                                  number of hourly archives to keep
            -d DAILY, --keep-daily DAILY
                                  number of daily archives to keep
            -w WEEKLY, --keep-weekly WEEKLY
                                  number of weekly archives to keep
            -m MONTHLY, --keep-monthly MONTHLY
                                  number of monthly archives to keep
            -y YEARLY, --keep-yearly YEARLY
                                  number of yearly archives to keep
            -P PREFIX, --prefix PREFIX
                                  only consider archive names starting with this prefix
            --save-space          work slower, but using less space

   Description
       The prune command prunes a repository by deleting all archives not  matching  any  of  the
       specified  retention  options.  This  command is normally used by automated backup scripts
       wanting to keep a certain number of historic backups.

       As an example, "-d 7" means to keep the latest backup on each day, up  to  7  most  recent
       days  with backups (days without backups do not count).  The rules are applied from hourly
       to yearly, and backups selected by previous rules do not  count  towards  those  of  later
       rules.  The time that each backup starts is used for pruning purposes. Dates and times are
       interpreted in the local timezone, and weeks  go  from  Monday  to  Sunday.  Specifying  a
       negative number of archives to keep means that there is no limit.

       The "--keep-within" option takes an argument of the form "<int><char>", where char is "H",
       "d", "w", "m", "y". For example, "--keep-within 2d" means to keep all archives  that  were
       created  within  the  past  48 hours.  "1m" is taken to mean "31d". The archives kept with
       this option do not count towards the totals specified by any other options.

       If a prefix is set with -P, then only archives that start with the prefix  are  considered
       for  deletion  and  only  those  archives count towards the totals specified by the rules.
       Otherwise, all archives in the repository  are  candidates  for  deletion!   There  is  no
       automatic  distinction  between archives representing different contents. These need to be
       distinguished by specifying matching prefixes.

   Examples
       Be careful, prune is a potentially dangerous command, it will remove backup archives.

       The default of prune is to apply to all archives in the repository unless you restrict its
       operation  to a subset of the archives using --prefix.  When using --prefix, be careful to
       choose a good prefix - e.g. do not use a prefix "foo" if you do not  also  want  to  match
       "foobar".

       It  is strongly recommended to always run prune -v --list --dry-run ...  first so you will
       see what it would do without it actually doing anything.

       There is also a visualized prune example in docs/misc/prune-example.txt.

          # Keep 7 end of day and 4 additional end of week archives.
          # Do a dry-run without actually deleting anything.
          $ borg prune -v --list --dry-run --keep-daily=7 --keep-weekly=4 /path/to/repo

          # Same as above but only apply to archive names starting with the hostname
          # of the machine followed by a "-" character:
          $ borg prune -v --list --keep-daily=7 --keep-weekly=4 --prefix='{hostname}-' /path/to/repo

          # Keep 7 end of day, 4 additional end of week archives,
          # and an end of month archive for every month:
          $ borg prune -v --list --keep-daily=7 --keep-weekly=4 --keep-monthly=-1 /path/to/repo

          # Keep all backups in the last 10 days, 4 additional end of week archives,
          # and an end of month archive for every month:
          $ borg prune -v --list --keep-within=10d --keep-weekly=4 --keep-monthly=-1 /path/to/repo

BORG INFO

          usage: borg info [-h] [--critical] [--error] [--warning] [--info] [--debug]
                           [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                           [--remote-path PATH]
                           ARCHIVE

          Show archive details such as disk space used

          positional arguments:
            ARCHIVE               archive to display information about

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")

   Description
       This command displays some detailed information about the specified archive.

       Please note that the deduplicated sizes of the individual archives do not add  up  to  the
       deduplicated  size  of  the  repository  ("all  archives"),  because  the  two are meaning
       different things:

       This archive / deduplicated size = amount of data stored ONLY for this archive
              = unique chunks of this archive.

       All archives / deduplicated size = amount of data stored in the repo
              = all chunks in the repository.

   Examples
          $ borg info /path/to/repo::root-2016-02-15
          Name: root-2016-02-15
          Fingerprint: 57c827621f21b000a8d363c1e163cc55983822b3afff3a96df595077a660be50
          Hostname: myhostname
          Username: root
          Time (start): Mon, 2016-02-15 19:36:29
          Time (end):   Mon, 2016-02-15 19:39:26
          Command line: /usr/local/bin/borg create -v --list -C zlib,6 /path/to/repo::root-2016-02-15 / --one-file-system
          Number of files: 38100

                                 Original size      Compressed size    Deduplicated size
          This archive:                1.33 GB            613.25 MB            571.64 MB
          All archives:                1.63 GB            853.66 MB            584.12 MB

                                 Unique chunks         Total chunks
          Chunk index:                   36858                48844

BORG MOUNT

          usage: borg mount [-h] [--critical] [--error] [--warning] [--info] [--debug]
                            [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                            [--remote-path PATH] [-f] [-o OPTIONS]
                            REPOSITORY_OR_ARCHIVE MOUNTPOINT

          Mount archive or an entire repository as a FUSE filesystem

          positional arguments:
            REPOSITORY_OR_ARCHIVE
                                  repository/archive to mount
            MOUNTPOINT            where to mount filesystem

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")
            -f, --foreground      stay in foreground, do not daemonize
            -o OPTIONS            Extra mount options

   Description
       This command mounts an archive as a FUSE filesystem. This can be useful  for  browsing  an
       archive or restoring individual files. Unless the --foreground option is given the command
       will run in the background until the filesystem is umounted.

       The BORG_MOUNT_DATA_CACHE_ENTRIES environment variable is  meant  for  advanced  users  to
       tweak  the  performance. It sets the number of cached data chunks; additional memory usage
       can be up to ~8 MiB times this number. The default is the number of CPU cores.

       For FUSE configuration and mount options, see the mount.fuse(8) manual page.

       Additional mount options supported by borg:  -  allow_damaged_files:  by  default  damaged
       files (where missing chunks were
          replaced  with  runs  of  zeros by borg check --repair) are not readable and return EIO
          (I/O error). Set this option to read such files.

       • ignore_permissions: for security  reasons  the  "default_permissions"  mount  option  is
         internally   enforced  by  borg.  "ignore_permissions"  can  be  given  to  not  enforce
         "default_permissions".

       When the daemonized process receives a signal or crashes, it does not unmount.  Unmounting
       in  these  cases  could cause an active rsync or similar process to unintentionally delete
       data.

       When running in the foreground ^C/SIGINT unmounts cleanly, but other signals or crashes do
       not.

BORG UMOUNT

          usage: borg umount [-h] [--critical] [--error] [--warning] [--info] [--debug]
                             [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                             [--remote-path PATH]
                             MOUNTPOINT

          un-mount the FUSE filesystem

          positional arguments:
            MOUNTPOINT            mountpoint of the filesystem to umount

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")

   Description
       This command un-mounts a FUSE filesystem that was mounted with borg mount.

       This  is  a  convenience  wrapper  that  just  calls the platform-specific shell command -
       usually this is either umount or fusermount -u.

   Examples
          $ borg mount /path/to/repo::root-2016-02-15 /tmp/mymountpoint
          $ ls /tmp/mymountpoint
          bin  boot  etc      home  lib  lib64  lost+found  media  mnt  opt  root  sbin  srv  tmp  usr  var
          $ borg umount /tmp/mymountpoint

BORG KEY EXPORT

          usage: borg key export [-h] [--critical] [--error] [--warning] [--info]
                                 [--debug] [--lock-wait N] [--show-rc]
                                 [--no-files-cache] [--umask M] [--remote-path PATH]
                                 [--paper] [--qr-html]
                                 [REPOSITORY] [PATH]

          Export the repository key for backup

          positional arguments:
            REPOSITORY
            PATH                  where to store the backup

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")
            --paper               Create an export suitable for printing and later type-
                                  in
            --qr-html             Create an html file suitable for printing and later
                                  type-in or qr scan

   Description
       If repository encryption is used, the repository is inaccessible  without  the  key.  This
       command  allows  to  backup  this  essential  key.  Note that the backup produced does not
       include the passphrase itself (i.e. the exported key stays encrypted). In order to  regain
       access to a repository, one needs both the exported key and the original passphrase.

       There  are two backup formats. The normal backup format is suitable for digital storage as
       a file. The --paper backup format is optimized for printing and typing in while importing,
       with per line checks to reduce problems with manual input.

       For  repositories  using keyfile encryption the key is saved locally on the system that is
       capable of doing backups. To guard against loss of this key, the key needs to be backed up
       independently of the main data backup.

       For  repositories  using  the repokey encryption the key is saved in the repository in the
       config file. A backup is thus not strictly  needed,  but  guards  against  the  repository
       becoming inaccessible if the file is damaged for some reason.

BORG KEY IMPORT

          usage: borg key import [-h] [--critical] [--error] [--warning] [--info]
                                 [--debug] [--lock-wait N] [--show-rc]
                                 [--no-files-cache] [--umask M] [--remote-path PATH]
                                 [--paper]
                                 [REPOSITORY] [PATH]

          Import the repository key from backup

          positional arguments:
            REPOSITORY
            PATH                  path to the backup

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")
            --paper               interactively import from a backup done with --paper

   Description
       This command allows to restore a key previously backed up with the export command.

       If  the  --paper  option is given, the import will be an interactive process in which each
       line is checked for plausibility before proceeding to the next line. For this format  PATH
       must not be given.

BORG CHANGE-PASSPHRASE

          usage: borg change-passphrase [-h] [--critical] [--error] [--warning] [--info]
                                        [--debug] [--lock-wait N] [--show-rc]
                                        [--no-files-cache] [--umask M]
                                        [--remote-path PATH]
                                        [REPOSITORY]

          Change repository key file passphrase

          positional arguments:
            REPOSITORY

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")

   Description
       The  key  files  used  for repository encryption are optionally passphrase protected. This
       command can be used to change this passphrase.

       Please note that this command only changes the passphrase, but not any secret protected by
       it  (like  e.g. encryption/MAC keys or chunker seed).  Thus, changing the passphrase after
       passphrase and borg key got compromised does not protect future (nor past) backups to  the
       same repository.

   Examples
          # Create a key file protected repository
          $ borg init --encryption=keyfile -v /path/to/repo
          Initializing repository at "/path/to/repo"
          Enter new passphrase:
          Enter same passphrase again:
          Remember your passphrase. Your data will be inaccessible without it.
          Key in "/root/.config/borg/keys/mnt_backup" created.
          Keep this key safe. Your data will be inaccessible without it.
          Synchronizing chunks cache...
          Archives: 0, w/ cached Idx: 0, w/ outdated Idx: 0, w/o cached Idx: 0.
          Done.

          # Change key file passphrase
          $ borg change-passphrase -v /path/to/repo
          Enter passphrase for key /root/.config/borg/keys/mnt_backup:
          Enter new passphrase:
          Enter same passphrase again:
          Remember your passphrase. Your data will be inaccessible without it.
          Key updated

BORG SERVE

          usage: borg serve [-h] [--critical] [--error] [--warning] [--info] [--debug]
                            [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                            [--remote-path PATH] [--restrict-to-path PATH]
                            [--append-only]

          Start in server mode. This command is usually not used manually.

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")
            --restrict-to-path PATH
                                  restrict repository access to PATH. Can be specified
                                  multiple times to allow the client access to several
                                  directories. Access to all sub-directories is granted
                                  implicitly; PATH doesn't need to directly point to a
                                  repository.
            --append-only         only allow appending to repository segment files

   Description
       This  command  starts  a  repository  server  process.  This  command  is usually not used
       manually.

   Examples
       borg serve has special support  for  ssh  forced  commands  (see  authorized_keys  example
       below):  it  will  detect  that you use such a forced command and extract the value of the
       --restrict-to-path option(s).  It will then parse the original command that came from  the
       client,  makes sure that it is also borg serve and enforce path restriction(s) as given by
       the forced command. That way, other options given by the client (like --info  or  --umask)
       are preserved (and are not fixed by the forced command).

          # Allow an SSH keypair to only run borg, and only have access to /path/to/repo.
          # Use key options to disable unneeded and potentially dangerous SSH functionality.
          # This will help to secure an automated remote backup system.
          $ cat ~/.ssh/authorized_keys
          command="borg serve --restrict-to-path /path/to/repo",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc ssh-rsa AAAAB3[...]

BORG UPGRADE

          usage: borg upgrade [-h] [--critical] [--error] [--warning] [--info] [--debug]
                              [--lock-wait N] [--show-rc] [--no-files-cache] [--umask M]
                              [--remote-path PATH] [-p] [-n] [-i] [--force] [--tam]
                              [--disable-tam]
                              [REPOSITORY]

          upgrade a repository from a previous version

          positional arguments:
            REPOSITORY            path to the repository to be upgraded

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")
            -p, --progress        show progress display while upgrading the repository
            -n, --dry-run         do not change repository
            -i, --inplace         rewrite repository in place, with no chance of going
                                  back to older versions of the repository.
            --force               Force upgrade
            --tam                 Enable manifest authentication (in key and cache)
                                  (Borg 1.0.9 and later)
            --disable-tam         Disable manifest authentication (in key and cache)

   Description
       Upgrade an existing, local Borg repository.

   When you do not need borg upgrade
       Not every change requires that you run borg upgrade.

       You do not need to run it when:

       • moving your repository to a different place

       • upgrading to another point release (like 1.0.x to 1.0.y), except when noted otherwise in
         the changelog

       • upgrading from 1.0.x to 1.1.x, except when noted otherwise in the changelog

   Borg 1.x.y upgrades
       Use borg upgrade --tam REPO to require manifest authentication introduced with Borg  1.0.9
       to address security issues. This means that modifying the repository after doing this with
       a version prior to 1.0.9 will raise a validation error, so only perform this upgrade after
       updating all clients using the repository to 1.0.9 or newer.

       This upgrade should be done on each client for safety reasons.

       If  a  repository is accidentally modified with a pre-1.0.9 client after this upgrade, use
       borg upgrade --tam --force REPO to remedy it.

       If you routinely do this you might not want to enable this upgrade (which will  leave  you
       exposed  to  the  security  issue).  You  can  reverse the upgrade by issuing borg upgrade
       --disable-tam REPO.

       See
       https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
       for details.

   Attic and Borg 0.xx to Borg 1.x
       This currently supports converting an  Attic  repository  to  Borg  and  also  helps  with
       converting Borg 0.xx to 1.0.

       Currently, only LOCAL repositories can be upgraded (issue #465).

       Please  note that borg create (since 1.0.0) uses bigger chunks by default than old borg or
       attic did, so the new chunks won't  deduplicate  with  the  old  chunks  in  the  upgraded
       repository.  See --chunker-params option of borg create and borg recreate.

       borg  upgrade  will change the magic strings in the repository's segments to match the new
       Borg magic strings. The keyfiles found in $ATTIC_KEYS_DIR or ~/.attic/keys/ will  also  be
       converted and copied to $BORG_KEYS_DIR or ~/.config/borg/keys.

       The  cache files are converted, from $ATTIC_CACHE_DIR or ~/.cache/attic to $BORG_CACHE_DIR
       or ~/.cache/borg, but the cache layout between Borg and Attic changed, so it  is  possible
       the first backup after the conversion takes longer than expected due to the cache resync.

       Upgrade  should  be able to resume if interrupted, although it will still iterate over all
       segments. If you want to start from scratch, use borg delete over the copied repository to
       make sure the cache files are also removed:
          borg delete borg

       Unless  --inplace  is  specified,  the  upgrade process first creates a backup copy of the
       repository, in REPOSITORY.upgrade-DATETIME, using hardlinks. This  takes  longer  than  in
       place  upgrades,  but is much safer and gives progress information (as opposed to cp -al).
       Once you are satisfied with the conversion, you can safely destroy the backup copy.

       WARNING: Running the upgrade in place will make  the  current  copy  unusable  with  older
       version,  with no way of going back to previous versions. This can PERMANENTLY DAMAGE YOUR
       REPOSITORY!  Attic CAN NOT READ BORG REPOSITORIES, as the magic strings have changed.  You
       have been warned.

   Examples
          # Upgrade the borg repository to the most recent version.
          $ borg upgrade -v /path/to/repo
          making a hardlink copy in /path/to/repo.upgrade-2016-02-15-20:51:55
          opening attic repository with borg and converting
          no key file found for repository
          converting repo index /path/to/repo/index.0
          converting 1 segments...
          converting borg 0.xx to borg current
          no key file found for repository

   Upgrading a passphrase encrypted attic repo
       attic  offered  a  "passphrase"  encryption  mode,  but  this  was removed in borg 1.0 and
       replaced by the "repokey" mode (which stores the passphrase-protected encryption key  into
       the repository config).

       Thus,  to  upgrade a "passphrase" attic repo to a "repokey" borg repo, 2 steps are needed,
       in this order:

       • borg upgrade repo

       • borg migrate-to-repokey repo

BORG BREAK-LOCK

          usage: borg break-lock [-h] [--critical] [--error] [--warning] [--info]
                                 [--debug] [--lock-wait N] [--show-rc]
                                 [--no-files-cache] [--umask M] [--remote-path PATH]
                                 [REPOSITORY]

          Break the repository lock (e.g. in case it was left by a dead borg.

          positional arguments:
            REPOSITORY            repository for which to break the locks

          optional arguments:
            -h, --help            show this help message and exit
            --critical            work on log level CRITICAL
            --error               work on log level ERROR
            --warning             work on log level WARNING (default)
            --info, -v, --verbose
                                  work on log level INFO
            --debug               work on log level DEBUG
            --lock-wait N         wait for the lock, but max. N seconds (default: 1).
            --show-rc             show/log the return code (rc)
            --no-files-cache      do not load/update the file metadata cache used to
                                  detect unchanged files
            --umask M             set umask to M (local and remote, default: 0077)
            --remote-path PATH    use PATH as borg executable on the remote (default:
                                  "borg")

   Description
       This command breaks the repository and cache locks.  Please use carefully and  only  while
       no borg process (on any machine) is trying to access the Cache or the Repository.

MISCELLANEOUS HELP

   borg help patterns
       Exclusion  patterns  support four separate styles, fnmatch, shell, regular expressions and
       path prefixes. By default, fnmatch is used. If followed by a colon  (':')  the  first  two
       characters  of  a  pattern  are  used  as  a  style  selector. Explicit style selection is
       necessary when a non-default style is desired or when the desired pattern starts with  two
       alphanumeric characters followed by a colon (i.e. aa:something/*).

       Fnmatch, selector fm:
          This  is the default style.  These patterns use a variant of shell pattern syntax, with
          '*' matching any number of characters,  '?'  matching  any  single  character,  '[...]'
          matching  any  single  character specified, including ranges, and '[!...]' matching any
          character not specified. For the purpose of these patterns, the path separator (''  for
          Windows  and  '/'  on  other systems) is not treated specially. Wrap meta-characters in
          brackets for a literal match (i.e. [?] to match the literal character ?). For a path to
          match  a  pattern,  it  must completely match from start to end, or must match from the
          start to just before a path separator. Except for the root path, paths will  never  end
          in  the  path separator when matching is attempted.  Thus, if a given pattern ends in a
          path separator, a '*' is appended before matching is attempted.

       Shell-style patterns, selector sh:
          Like fnmatch patterns these are similar to shell patterns. The difference is  that  the
          pattern may include **/ for matching zero or more directory levels, * for matching zero
          or more arbitrary characters with the exception of any path separator.

       Regular expressions, selector re:
          Regular expressions similar to those found in Perl are supported. Unlike shell patterns
          regular expressions are not required to match the complete path and any substring match
          is sufficient. It is strongly recommended to anchor patterns to the start ('^'), to the
          end  ('$')  or both. Path separators ('' for Windows and '/' on other systems) in paths
          are always normalized to a forward slash ('/') before applying a pattern.  The  regular
          expression syntax is described in the Python documentation for the re module.

       Prefix path, selector pp:
          This  pattern  style is useful to match whole sub-directories. The pattern pp:/data/bar
          matches /data/bar and everything therein.

       NOTE:
          re:, sh: and fm: patterns are all implemented on top of the Python SRE  engine.  It  is
          very  easy  to  formulate patterns for each of these types which requires an inordinate
          amount of time to match paths. If untrusted users are able to supply  patterns,  ensure
          they  cannot  supply  re:  patterns.   Further,  ensure  that sh: and fm: patterns only
          contain a handful of wildcards at most.

       Exclusions can be passed via the command line option --exclude. When used  from  within  a
       shell the patterns should be quoted to protect them from expansion.

       The  --exclude-from  option  permits  loading exclusion patterns from a text file with one
       pattern per line. Lines empty or starting  with  the  number  sign  ('#')  after  removing
       whitespace  on both ends are ignored. The optional style selector prefix is also supported
       for patterns loaded from a file. Due to whitespace removal paths with  whitespace  at  the
       beginning or end can only be excluded using regular expressions.

       Examples:

          # Exclude '/home/user/file.o' but not '/home/user/file.odt':
          $ borg create -e '*.o' backup /

          # Exclude '/home/user/junk' and '/home/user/subdir/junk' but
          # not '/home/user/importantjunk' or '/etc/junk':
          $ borg create -e '/home/*/junk' backup /

          # Exclude the contents of '/home/user/cache' but not the directory itself:
          $ borg create -e /home/user/cache/ backup /

          # The file '/home/user/cache/important' is *not* backed up:
          $ borg create -e /home/user/cache/ backup / /home/user/cache/important

          # The contents of directories in '/home' are not backed up when their name
          # ends in '.tmp'
          $ borg create --exclude 're:^/home/[^/]+\.tmp/' backup /

          # Load exclusions from file
          $ cat >exclude.txt <<EOF
          # Comment line
          /home/*/junk
          *.tmp
          fm:aa:something/*
          re:^/home/[^/]\.tmp/
          sh:/home/*/.thumbnails
          EOF
          $ borg create --exclude-from exclude.txt backup /

   borg help placeholders
          Repository   (or  Archive)  URLs,  --prefix  and  --remote-path  values  support  these
          placeholders:

          {hostname}
              The (short) hostname of the machine.

          {fqdn}
              The full name of the machine.

          {now}
              The current local date and time.

          {utcnow}
              The current UTC date and time.

          {user}
              The user name (or UID, if no name is available) of the user running borg.

          {pid}
              The current process ID.

          {borgversion}
              The version of borg, e.g.: 1.0.8rc1

          {borgmajor}
              The version of borg, only the major version, e.g.: 1

          {borgminor}
              The version of borg, only major and minor version, e.g.: 1.0

          {borgpatch}
              The version of borg, only major, minor and patch version, e.g.: 1.0.8

       Examples:

          borg create /path/to/repo::{hostname}-{user}-{utcnow} ...
          borg create /path/to/repo::{hostname}-{now:%Y-%m-%d_%H:%M:%S} ...
          borg prune --prefix '{hostname}-' ...

DEBUG COMMANDS

       There are some more commands (all starting with "debug-") which are all not  intended  for
       normal use and potentially very dangerous if used incorrectly.

       For  example,  borg  debug-put-obj  and borg debug-delete-obj will only do what their name
       suggests: put objects into repo / delete objects from repo.

       Please note:

       • they will not update the chunks cache (chunks index) about the object

       • they will not update the manifest (so no automatic chunks index resync is triggered)

       • they will not check whether the object is in use (e.g. before delete-obj)

       • they will not update any metadata which may point to the object

       They exist to improve debugging capabilities without direct system access, e.g.   in  case
       you ever run into some severe malfunction. Use them only if you know what you are doing or
       if a trusted Borg developer tells you what to do.

ADDITIONAL NOTES

       Here are misc. notes about topics that are maybe not covered in enough detail in the usage
       section.

   Item flags
       borg  create  -v  --list  outputs  a verbose list of all files, directories and other file
       system items it considered (no matter whether they had content changes or not).  For  each
       item, it prefixes a single-letter flag that indicates type and/or status of the item.

       If you are interested only in a subset of that output, you can give e.g.  --filter=AME and
       it will only show regular files with A, M or E status (see below).

       A uppercase character represents the status of a regular  file  relative  to  the  "files"
       cache  (not  relative  to  the  repo  -- this is an issue if the files cache is not used).
       Metadata is stored in any case and for 'A' and 'M' also new data chunks  are  stored.  For
       'U' all data chunks refer to already existing chunks.

       • 'A' = regular file, added (see also a_status_oddity in the FAQ)

       • 'M' = regular file, modified

       • 'U' = regular file, unchanged

       • 'E' = regular file, an error happened while accessing/reading this file

       A  lowercase  character  means  a  file  type other than a regular file, borg usually just
       stores their metadata:

       • 'd' = directory

       • 'b' = block device

       • 'c' = char device

       • 'h' = regular file, hardlink (to already seen inodes)

       • 's' = symlink

       • 'f' = fifo

       Other flags used include:

       • 'i' = backup data was read from standard input (stdin)

       • '-' = dry run, item was not backed up

       • '?' = missing status code (if you see this, please file a bug report!)

   --chunker-params
       The chunker params influence how input files are cut into pieces (chunks) which  are  then
       considered  for deduplication. They also have a big impact on resource usage (RAM and disk
       space) as the amount of resources needed is (also)  determined  by  the  total  amount  of
       chunks in the repository (see Indexes / Caches memory usage for details).

       --chunker-params=10,23,16,4095  results  in a fine-grained deduplication and creates a big
       amount of chunks and thus uses a lot of  resources  to  manage  them.  This  is  good  for
       relatively  small  data  volumes and if the machine has a good amount of free RAM and disk
       space.

       --chunker-params=19,23,21,4095 (default) results in  a  coarse-grained  deduplication  and
       creates  a  much  smaller  amount of chunks and thus uses less resources. This is good for
       relatively big data volumes and if the machine has a relatively low amount of free RAM and
       disk space.

       If you already have made some archives in a repository and you then change chunker params,
       this of course impacts deduplication as the chunks will be cut differently.

       In the worst case (all files are big and were touched in between backups), this will store
       all content into the repository again.

       Usually, it is not that bad though:

       • usually most files are not touched, so it will just re-use the old chunks it already has
         in the repo

       • files smaller than the (both old and new) minimum chunksize result  in  only  one  chunk
         anyway, so the resulting chunks are same and deduplication will apply

       If  you switch chunker params to save resources for an existing repo that already has some
       backup archives, you will see an increasing effect over time, when  more  and  more  files
       have  been  touched  and stored again using the bigger chunksize and all references to the
       smaller older chunks have been removed (by deleting / pruning archives).

       If you want to see an immediate big effect on resource  usage,  you  better  start  a  new
       repository when changing chunker params.

       For more details, see chunker_details.

   --noatime / --noctime
       You  can  use  these  borg  create  options to not store the respective timestamp into the
       archive, in case you do not really need it.

       Besides saving a little space for  the  not  archived  timestamp,  it  might  also  affect
       metadata  stream  deduplication:  if  only  this  timestamp changes between backups and is
       stored into the metadata stream, the metadata stream chunks won't deduplicate just because
       of that.

   --umask
       If you use --umask, make sure that all repository-modifying borg commands (create, delete,
       prune) that access the repository in question use the same --umask value.

       If multiple machines access the same repository, this should hold true for all of them.

   --read-special
       The  --read-special  option  is  special  -  you  do  not  want  to  use  it  for   normal
       full-filesystem backups, but rather after carefully picking some targets for it.

       The  option  --read-special  triggers special treatment for block and char device files as
       well as FIFOs. Instead of storing them as such a device (or FIFO), they will  get  opened,
       their  content  will  be  read  and in the backup archive they will show up like a regular
       file.

       Symlinks will also get special treatment if (and only if) they point  to  such  a  special
       file:  instead of storing them as a symlink, the target special file will get processed as
       described above.

       One intended use case of this is backing up the contents of one or multiple block devices,
       like e.g. LVM snapshots or inactive LVs or disk partitions.

       You  need  to  be  careful  about  what you include when using --read-special, e.g. if you
       include /dev/zero, your backup will never terminate.

       Restoring such files' content is currently only supported  one  at  a  time  via  --stdout
       option  (and you have to redirect stdout to where ever it shall go, maybe directly into an
       existing device file of your choice or indirectly via dd).

       To some extent, mounting a backup archive with the backups of special files via borg mount
       and  then loop-mounting the image files from inside the mount point will work. If you plan
       to access a lot of data in there, it likely will scale and perform better if  you  do  not
       work via the FUSE mount.

   Example
       Imagine you have made some snapshots of logical volumes (LVs) you want to backup.

       NOTE:
          For  some  scenarios,  this is a good method to get "crash-like" consistency (I call it
          crash-like because it is the same as you would get if you just hit the reset button  or
          your  machine would abrubtly and completely crash).  This is better than no consistency
          at all and a good method for some use cases, but likely not good  enough  if  you  have
          databases running.

       Then  you  create  a  backup archive of all these snapshots. The backup process will see a
       "frozen" state of the logical volumes, while the processes working in the original volumes
       continue changing the data stored there.

       You  also  add the output of lvdisplay to your backup, so you can see the LV sizes in case
       you ever need to recreate and restore them.

       After the backup has completed, you remove the snapshots again.

          $ # create snapshots here
          $ lvdisplay > lvdisplay.txt
          $ borg create --read-special /path/to/repo::arch lvdisplay.txt /dev/vg0/*-snapshot
          $ # remove snapshots here

       Now, let's see how to restore some LVs from such a backup.

          $ borg extract /path/to/repo::arch lvdisplay.txt
          $ # create empty LVs with correct sizes here (look into lvdisplay.txt).
          $ # we assume that you created an empty root and home LV and overwrite it now:
          $ borg extract --stdout /path/to/repo::arch dev/vg0/root-snapshot > /dev/vg0/root
          $ borg extract --stdout /path/to/repo::arch dev/vg0/home-snapshot > /dev/vg0/home

   Append-only mode
       A repository can be made "append-only", which means that  Borg  will  never  overwrite  or
       delete  committed  data. This is useful for scenarios where multiple machines back up to a
       central backup server using borg serve, since  a  hacked  machine  cannot  delete  backups
       permanently.

       To activate append-only mode, edit the repository config file and add a line append_only=1
       to the [repository] section (or edit the line if it exists).

       In append-only mode Borg will create a transaction log in  the  transactions  file,  where
       each line is a transaction and a UTC timestamp.

       In  addition, borg serve can act as if a repository is in append-only mode with its option
       --append-only.  This  can   be   very   useful   for   fine-tuning   access   control   in
       .ssh/authorized_keys

          command="borg serve --append-only ..." ssh-rsa <key used for not-always-trustable backup clients>
          command="borg serve ..." ssh-rsa <key used for backup management>

       Please  note  that  if  you  run  borg  init  via  a  borg serve --append-only server, the
       repository config will be created with a append_only=1 entry.  This behaviour  is  subject
       to change in a later borg version. So, be aware of it for now, but do not rely on it.

   Example
       Suppose  an  attacker remotely deleted all backups, but your repository was in append-only
       mode. A transaction log in this situation might look like this:

          transaction 1, UTC time 2016-03-31T15:53:27.383532
          transaction 5, UTC time 2016-03-31T15:53:52.588922
          transaction 11, UTC time 2016-03-31T15:54:23.887256
          transaction 12, UTC time 2016-03-31T15:55:54.022540
          transaction 13, UTC time 2016-03-31T15:55:55.472564

       From your security logs you conclude the attacker gained access at 15:54:00  and  all  the
       backups  where  deleted  or  replaced  by  compromised backups. From the log you know that
       transactions 11 and later are compromised. Note that the transaction ID is the name of the
       last file in the transaction. For example, transaction 11 spans files 6 to 11.

       In  a  real attack you'll likely want to keep the compromised repository intact to analyze
       what the attacker tried to achieve. It's also a good idea to make this copy just  in  case
       something goes wrong during the recovery. Since recovery is done by deleting some files, a
       hard link copy (cp -al) is sufficient.

       The first  step  to  reset  the  repository  to  transaction  5,  the  last  uncompromised
       transaction, is to remove the hints.N and index.N files in the repository (these two files
       are always expendable). In this example N is 13.

       Then remove or move all segment files from the segment directories in data/ starting  with
       file 6:

          rm data/**/{6..13}

       That's all to it.

   Drawbacks
       As  data  is  only appended, and nothing removed, commands like prune or delete won't free
       disk space, they merely tag data as deleted in a new transaction.

       Be aware that as soon as you write to the repo in non-append-only mode (e.g. prune, delete
       or  create archives from an admin machine), it will remove the deleted objects permanently
       (including the ones that were already marked as deleted, but not removed,  in  append-only
       mode).

       Note  that  you  can go back-and-forth between normal and append-only operation by editing
       the configuration file, it's not a "one way trip".

   Further considerations
       Append-only mode is not respected by  tools  other  than  Borg.  rm  still  works  on  the
       repository.  Make  sure  that backup client machines only get to access the repository via
       borg serve.

       Ensure that no remote access is possible if the repository is temporarily  set  to  normal
       mode for e.g. regular pruning.

       Further  protections can be implemented, but are outside of Borgs scope. For example, file
       system snapshots or wrapping borg serve to set special permissions or  ACLs  on  new  data
       files.

   SSH batch mode
       When  running  Borg using an automated script, ssh might still ask for a password, even if
       there is an SSH key for the target server. Use this to make scripts more robust:

          export BORG_RSH='ssh -oBatchMode=yes'

AUTHOR

       The Borg Collective (see AUTHORS file)

COPYRIGHT

       2010-2014 Jonas Borgström, 2015-2019 The Borg Collective (see AUTHORS file)