⑨ lab ≡ ByteLabs

Plan9/Backup to External USB Drive

— Igor Böhm

How to create an encrypted bootable backup of your laptop to an external USB drive…

⑨ lab ≡ 9front bootable backup to external USB drive…

9front bootable backup to external USB drive

Imagine your laptop hard drive just died, or you did something silly and nuked your file system. Wouldn’t it be nice if you could simply lean back and say ‘no worries, let me plug in my backup disk’? Well, with 9front and a little bit of preparation you can…

My primary laptop has a 1TB SSD hard drive using an AES ecrypted cwfs file system via /dev/sdE0.

Storage is cheap and backups important. Therefore I bought a 1TB external SSD drive to make a bootable backup of my production disk to /dev/sdU2d3a7.0 (this entry is heavily inspired by Alex’s migrating cwfs wiki page with modifications such as encrypting key backup partitions, and backing up the other partition that is created by a default cwfs 9front installation).

Be very careful following the below instructions. Make sure you had enough sleep and understand what you are doing as it is very easy to screw up while copy pasting and accidentally wiping your production disk instead of the backup disk.

Create Backup

Prepare MBR and DOS partition table

term% disk/mbr -m /386/mbr  /dev/sdU2d3a7.0/data
term% disk/fdisk -b -w -a /dev/sdU2d3a7.0/data
term% cat /dev/sdU2d3a7.0/ctl
dev /dev/usb/ep7.0
lun 0
inquiry SanDisk Extreme SSD     1012
geometry 1953523712 512
part plan9 63 1953520065

Setup PLAN9 partition table

term% disk/prep -b -w -a 9fat -a nvram -a fscache -a fsworm -a other /dev/sdU2d3a7.0/plan9
no plan9 partition table found
9fat 204800
nvram 1
other 279045028
fscache 279045028
fsworm 1395225145

Copy 9fat and nvram

To be able to boot from the device we need to copy 9fat and nvram.

NOTE: DOUBLE and TRIPLE check the order of your arguments before running this command:

term% time cp /dev/sdE0/^(9fat nvram) /dev/sdU2d3a7.0
0.07u 0.63s 43.23r 	 cp /dev/sdE0/9fat /dev/sdE0/nvram /dev/sdU2d3a7.0

Format encrypted partitions

Note that this step generates new keys.

term% disk/cryptsetup -f /dev/sdU2d3a7.0/^(fsworm fscache other)

Activate encrypted partitions

There already are encrypted partition entries with the names fsworm, fscache, and other:

term% cat /dev/fs/ctl
crypt fscache /dev/sdE0/fscache
crypt fsworm /dev/sdE0/fsworm
crypt other /dev/sdE0/other

Therefore we need to chose different names for our backup partitions. The chosen solution is to prefix the backup partitions with the letter b:

term% disk/cryptsetup -o /dev/sdU2d3a7.0/^(fsworm fscache other) \
  | sed 's/^crypt /crypt b/g'
Password: 
crypt bfsworm /dev/sdU2d3a7.0/fsworm XXX
crypt bfscache /dev/sdU2d3a7.0/fscache YYY
crypt bother /dev/sdU2d3a7.0/other ZZZ

Note the name change from fsworm to bfsworm for backup fsworm etc. To activate the backup partitions let’s redirect the output to /dev/fs/ctl:

term% nl='
	'
term% for(d in `$nl{disk/cryptsetup -o /dev/sdU2d3a7.0/^(fsworm fscache other)}){
		echo $d | sed 's/^crypt /crypt b/g' >/dev/fs/ctl
	}
Password: 
term% cat /dev/fs/ctl
crypt fscache /dev/sdE0/fscache
crypt fsworm /dev/sdE0/fsworm
crypt other /dev/sdE0/other
crypt bfscache /dev/sdU2d3a7.0/fscache
crypt bfsworm /dev/sdU2d3a7.0/fsworm
crypt bother /dev/sdU2d3a7.0/other

Copy WORM

Disable the background dump service and trigger a final dump of the original file system:

term% echo cwcmd startdump 0 >>/srv/cwfs.cmd
term% echo dump >>/srv/cwfs.cmd

Next, let’s work out how much needs to be copied using the statw command:

term% con -C /srv/cwfs.cmd
dump stopped
statw
cwstats main
	filesys main
		maddr  =        3
		msize  =    64513
		caddr  =     6455
		csize  =  8709255
		sbaddr =   995397
		craddr =   995528   995528
		roaddr =   995531   995531
		fsize  =   995533   995533  0+ 2%
		slast  =            995319
		snext  =            995532
		wmax   =   995531           0+ 2%
		wsize  = 43600781           1+ 0%
		7800947 none
		   160 dirty
		     0 dump
		908072 read
		    76 write
		     0 dump1
		cache  0% full
Ctrl-\
>>> q

We need to copy ‘fsize’ 16K blocks using dd(1), that means copying:

term% echo '((995533 * 16)/1024)/1024' | pc -n | sed 's/([0-9]+)/\1G/g'
15G

NOTE: DOUBLE and TRIPLE check the order of your arguments before running this command:

term% time dd -if /dev/fs/fsworm -of /dev/fs/bfsworm -bs 16k -count 995533
995533+0 records in
995533+0 records out
4.21u 338.38s 6721.76r 	 dd -if /dev/fs/fsworm -of /dev/fs/bfsworm ...

Create backup file system

term% cwfs64x -n cwfs.backup -f /dev/fs/bfscache -C -c
config: service cwfs
config: config /dev/fs/bfscache
config: filsys main c(/dev/fs/bfscache)(/dev/fs/bfsworm)
config: filsys dump o
config: filsys other (/dev/fs/bother)
config: recover main
config: ream other
config: end
checktag pc=20eb16 n(3) tag/path=<badtag>/17956214208697459770; expected Tsuper/2
current fs is "main"
11 uids read, 6 groups used
63-bit cwfs as of Wed Jun 30 22:30:18 2021
	last boot Fri Jul  2 08:32:07 2021

Copy other

Virtual machines, large projects (i.e. netsurf), and /tmp are stored on my other partition as I do not want to bother the worm with backing them up. To quickly copy the contents of other to the backup disk clone (thanks kvik) is used.

term% mount -c /srv/cwfs.backup /n/cwfs.backup.other other
term% mkdir /n/cwfs.backup.other/usr
term% clone /n/other/usr/$user /n/cwfs.backup.other/usr/

Use Backup

Activate encrypted backup partitions

term% nl='
	'
term% for(d in `$nl{disk/cryptsetup -o /dev/sdU2d3a7.0/^(fsworm fscache other)}){
		echo $d | sed 's/^crypt /crypt b/g' >/dev/fs/ctl
	}
Password: 
term% cat /dev/fs/ctl
crypt fscache /dev/sdE0/fscache
crypt fsworm /dev/sdE0/fsworm
crypt other /dev/sdE0/other
crypt bfscache /dev/sdU2d3a7.0/fscache
crypt bfsworm /dev/sdU2d3a7.0/fsworm
crypt bother /dev/sdU2d3a7.0/other

Start backup file system

term% cwfs64x -n cwfs.backup -f /dev/fs/bfscache -C
current fs is "main"
11 uids read, 6 groups used
63-bit cwfs as of Wed Jun 30 22:30:18 2021
	last boot Mon Jul  5 00:43:45 2021

Mount backup file system

Let’s mount the main, dump, and other file systems from our backup:

term% mount /srv/cwfs.backup /n/cwfs.backup
term% mount /srv/cwfs.backup /n/cwfs.backup.dump dump
term% mount /srv/cwfs.backup /n/cwfs.backup.other other

Shutdown backup file system

Once you are done restoring from a backup you can halt the backup file system:

term% con -C /srv/cwfs.backup.cmd
halt
term%

Congratulations, you’ve just backed up a 9front system to an external, encrypted, and bootable USB drive! Now your cat goes to sleep on the keyboard.

⑨ lab ≡ 9front - finished encrypted bootable backup to external USB drive…

9front - finished encrypted bootable backup to external USB drive…

#Plan9 #9front