Using the same keys for init and backup fails

ksc · September 25, 2023, 10:59am

Hi there,

I couldn’t find a solution to my problem in this forum or on google. I hope somebody to find help here.

I’m on a Intel MacBook running macOS Ventura 13.5.2, iTerm2 3.4.20, Homebrew 4.1.12, restic 0.16.0 and min.io version RELEASE.2023-09-20T22-49-55Z. I gave restic and iTerm2 inside MacOS Full Disk Access under System Preferences Security & Privacy Full Disk Access. I’m using bash as my shell. In my bash I call my backup shellscript with source ./backup.sh. I want to backup with restic the backups that macOS has created from my iPad. Firstly to get started with restic and secondly because I think another copy of a backup in another physical location is a good idea. Apple has fixed it’s iPad backup location to /Users/"$USER"/Library/Application Support/MobileSync/Backup/. I want to use a S3 Bucket of my IBM-Cloud (Kubernetes) to store the restic backups. My backup.sh looks like this:

unset HISTFILE;

printf "\n";
read -sp "Enter the ACCESS_KEY_ID: " Access_Key_ID;
printf "\n\n";
read -sp "Enter the SECRET_ACCESS_KEY: " Secret_Access_Key;
printf "\n\n";
read -sp "Enter restic repo password: " BackupPW;
printf "\n\n";
read -sp "Enter sudo password: " sudoPW;
printf "\n\n";

export AWS_ACCESS_KEY_ID=$Access_Key_ID
export AWS_SECRET_ACCESS_KEY=$Secret_Access_Key
export RESTIC_PASSWORD=$BackupPW

unset Access_Key_ID;
unset Secret_Access_Key;
unset BackupPW;

S3_Bucket_MyBase_URL="s3:https://s3.eu-de.cloud-object-storage.appdomain.cloud/bucketname";
local_iPad_Backup="/Users/$USER/Library/Application Support/MobileSync/Backup/";

# Create restic repository if it doesn't already exsist.
restic -r $S3_Bucket_MyBase_URL/iPad_backup snapshots >/dev/null 2>&1 || { 
    restic -r "$S3_Bucket_MyBase_URL/iPad_backup" init;
}

echo $sudoPW | sudo -S restic --repo "$S3_Bucket_MyBase_URL/iPad_backup" backup "$local_iPad_Backup";

unset AWS_ACCESS_KEY_ID;
unset AWS_SECRET_ACCESS_KEY;
unset S3_Bucket_MyBase_URL;
unset S3_Bucket_TeamBase_URL;
unset RESTIC_PASSWORD;
unset sudoPW;

As a new user in the restic forum I’m only allowed to post up to 2 links and up to 1 attachment per post. That is why I had to take screenshots and combine them for my script output and the state of the data on the S3 bucket after the scripts execution.

I don’t understand why restic can successfully initialize a restic repo with the provided AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY on the S3 bucket but can’t use these keys to execute a backup there.

rawtaz · September 25, 2023, 11:52am

Looks like one possible reason is that the environment variables with your AWS key isn’t seen by the restic backup command. Can you verify by changing it to just echo the corresponding env var (as sudo)?

Also your script is a bit overcomplicated. You can just read the values into the final env vars right away, no need to store them in temporary variables. Also if you just run the entire script as sudo instead, it will all be in the same context instead of elevating privileges for a specific part of it.

ksc · September 25, 2023, 2:53pm

Thanks a lot your answer helped me, @rawtaz. I forgot to export the variables $S3_Bucket_MyBase_URL and $RESTIC_PASSWORD and $local_iPad_Backup. My backup works with these exports. You are right @rawtaz the script I’m writing is more complex than it needs to be. I will work on that.