1BORG(1)                  Borg - Deduplicating Archiver                 BORG(1)
2
3
4

NAME

6       borg  - BorgBackup is a deduplicating backup program with optional com‐
7       pression and authenticated encryption.
8

GENERAL

10       Borg consists of a number of commands. Each command accepts a number of
11       arguments  and  options  and  interprets various environment variables.
12       The following sections will describe each command in detail.
13
14       Commands, options, parameters, paths and such are set  in  fixed-width.
15       Option  values  are  underlined. Borg has few options accepting a fixed
16       set of values (e.g. --encryption of borg_init).  Experimental  features
17       are marked with red stripes on the sides, like this paragraph.
18
19       Experimental  features  are  not  stable,  which means that they may be
20       changed in incompatible ways or even  removed  entirely  without  prior
21       notice in following releases.
22
23   Positional Arguments and Options: Order matters
24       Borg only supports taking options (-s and --progress in the example) to
25       the left or right of all positional arguments (repo::archive  and  path
26       in the example), but not in between them:
27
28          borg create -s --progress repo::archive path  # good and preferred
29          borg create repo::archive path -s --progress  # also works
30          borg create -s repo::archive path --progress  # works, but ugly
31          borg create repo::archive -s --progress path  # BAD
32
33       This    is    due    to    a    problem   in   the   argparse   module:
34       http://bugs.python.org/issue15112
35
36   Repository URLs
37       Local filesystem (or locally mounted network filesystem):
38
39       /path/to/repo - filesystem path to repo directory, absolute path
40
41       path/to/repo - filesystem path to repo directory, relative path
42
43       Also, stuff like ~/path/to/repo or ~other/path/to/repo works  (this  is
44       expanded by your shell).
45
46       Note:  you  may  also prepend a file:// to a filesystem path to get URL
47       style.
48
49       Remote repositories accessed via ssh user@host:
50
51       user@host:/path/to/repo - remote repo, absolute path
52
53       ssh://user@host:port/path/to/repo - same, alternative syntax, port  can
54       be given
55
56       Remote repositories with relative paths can be given using this syntax:
57
58       user@host:path/to/repo - path relative to current directory
59
60       user@host:~/path/to/repo - path relative to user's home directory
61
62       user@host:~other/path/to/repo - path relative to other's home directory
63
64       Note:  giving user@host:/./path/to/repo or user@host:/~/path/to/repo or
65       user@host:/~other/path/to/repo is  also  supported,  but  not  required
66       here.
67
68       Remote repositories with relative paths, alternative syntax with port:
69
70       ssh://user@host:port/./path/to/repo  -  path relative to current direc‐
71       tory
72
73       ssh://user@host:port/~/path/to/repo -  path  relative  to  user's  home
74       directory
75
76       ssh://user@host:port/~other/path/to/repo  -  path  relative  to other's
77       home directory
78
79       If you frequently need the same repo URL, it is a good idea to set  the
80       BORG_REPO environment variable to set a default for the repo URL:
81
82          export BORG_REPO='ssh://user@host:port/path/to/repo'
83
84       Then  just leave away the repo URL if only a repo URL is needed and you
85       want to use the default - it will be read from BORG_REPO then.
86
87       Use :: syntax to give the repo URL when syntax requires giving a  posi‐
88       tional argument for the repo (e.g. borg mount :: /mnt).
89
90   Repository / Archive Locations
91       Many  commands  want  either  a repository (just give the repo URL, see
92       above) or an archive location, which is a repo URL  followed  by  ::ar‐
93       chive_name.
94
95       Archive names must not contain the / (slash) character. For simplicity,
96       maybe also avoid blanks or other characters that have  special  meaning
97       on  the  shell or in a filesystem (borg mount will use the archive name
98       as directory name).
99
100       If you have set BORG_REPO  (see  above)  and  an  archive  location  is
101       needed,  use  ::archive_name  -  the  repo  URL  part is then read from
102       BORG_REPO.
103
104   Logging
105       Borg writes all log output to stderr by default. But please  note  that
106       something  showing  up  on  stderr does not indicate an error condition
107       just because it is on stderr. Please check the log levels of  the  mes‐
108       sages  and  the  return  code of borg for determining error, warning or
109       success conditions.
110
111       If you want to capture the log output to a file, just redirect it:
112
113          borg create repo::archive myfiles 2>> logfile
114
115       Custom logging configurations can be implemented via BORG_LOGGING_CONF.
116
117       The log level of the builtin logging configuration defaults to WARNING.
118       This  is because we want Borg to be mostly silent and only output warn‐
119       ings, errors and critical messages, unless output has been requested by
120       supplying an option that implies output (e.g. --list or --progress).
121
122       Log levels: DEBUG < INFO < WARNING < ERROR < CRITICAL
123
124       Use --debug to set DEBUG log level - to get debug, info, warning, error
125       and critical level output.
126
127       Use --info (or -v or --verbose) to set INFO log level -  to  get  info,
128       warning, error and critical level output.
129
130       Use  --warning  (default)  to  set  WARNING log level - to get warning,
131       error and critical level output.
132
133       Use --error to set ERROR log level - to get error  and  critical  level
134       output.
135
136       Use  --critical  to set CRITICAL log level - to get critical level out‐
137       put.
138
139       While you can set misc. log levels, do not expect  that  every  command
140       will give different output on different log levels - it's just a possi‐
141       bility.
142
143       WARNING:
144          Options --critical and --error are provided for completeness,  their
145          usage is not recommended as you might miss important information.
146
147   Return codes
148       Borg can exit with the following return codes (rc):
149
150                     ┌────────────┬────────────────────────────┐
151                     │Return code │ Meaning                    │
152                     ├────────────┼────────────────────────────┤
153                     │0           │ success (logged as INFO)   │
154                     ├────────────┼────────────────────────────┤
155                     │1           │ warning (operation reached │
156                     │            │ its normal end, but  there │
157                     │            │ were   warnings   --   you │
158                     │            │ should  check   the   log, │
159                     │            │ logged as WARNING)         │
160                     ├────────────┼────────────────────────────┤
161                     │2           │ error (like a fatal error, │
162                     │            │ a local or  remote  excep‐ │
163                     │            │ tion,  the  operation  did │
164                     │            │ not reach its normal  end, │
165                     │            │ logged as ERROR)           │
166                     ├────────────┼────────────────────────────┤
167                     │128+N       │ killed  by  signal N (e.g. │
168                     │            │ 137 == kill -9)            │
169                     └────────────┴────────────────────────────┘
170
171       If you use --show-rc, the return code is also logged at  the  indicated
172       level as the last log entry.
173
174   Environment Variables
175       Borg uses some environment variables for automation:
176
177       General:
178
179              BORG_REPO
180                     When  set,  use  the value to give the default repository
181                     location. If a command needs an  archive  parameter,  you
182                     can abbreviate as ::archive. If a command needs a reposi‐
183                     tory parameter, you can either leave it away or  abbrevi‐
184                     ate as ::, if a positional parameter is required.
185
186              BORG_PASSPHRASE
187                     When set, use the value to answer the passphrase question
188                     for encrypted repositories.  It is used when a passphrase
189                     is  needed  to access an encrypted repo as well as when a
190                     new passphrase should be initially set when  initializing
191                     an encrypted repo.  See also BORG_NEW_PASSPHRASE.
192
193              BORG_PASSCOMMAND
194                     When  set, use the standard output of the command (trail‐
195                     ing newlines are stripped) to answer the passphrase ques‐
196                     tion  for  encrypted  repositories.   It  is  used when a
197                     passphrase is needed to access an encrypted repo as  well
198                     as  when  a  new  passphrase should be initially set when
199                     initializing an encrypted repo. Note that the command  is
200                     executed  without  a shell. So variables, like $HOME will
201                     work, but ~ won't.  If BORG_PASSPHRASE is  also  set,  it
202                     takes precedence.  See also BORG_NEW_PASSPHRASE.
203
204              BORG_PASSPHRASE_FD
205                     When   set,   specifies  a  file  descriptor  to  read  a
206                     passphrase from. Programs starting  borg  may  choose  to
207                     open  an  anonymous pipe and use it to pass a passphrase.
208                     This is safer than passing via  BORG_PASSPHRASE,  because
209                     on  some systems (e.g. Linux) environment can be examined
210                     by other processes.  If BORG_PASSPHRASE or  BORG_PASSCOM‐
211                     MAND are also set, they take precedence.
212
213              BORG_NEW_PASSPHRASE
214                     When set, use the value to answer the passphrase question
215                     when a new passphrase is asked  for.   This  variable  is
216                     checked  first.  If  it  is  not set, BORG_PASSPHRASE and
217                     BORG_PASSCOMMAND will also be checked.  Main usecase  for
218                     this is to fully automate borg change-passphrase.
219
220              BORG_DISPLAY_PASSPHRASE
221                     When  set,  use  the  value  to  answer  the "display the
222                     passphrase for verification" question when defining a new
223                     passphrase for encrypted repositories.
224
225              BORG_HOSTNAME_IS_UNIQUE=no
226                     Borg assumes that it can derive a unique hostname / iden‐
227                     tity (see borg debug info).  If this is not the  case  or
228                     you do not want Borg to automatically remove stale locks,
229                     set this to no.
230
231              BORG_HOST_ID
232                     Borg usually computes a host id from the  FQDN  plus  the
233                     results of uuid.getnode() (which usually returns a unique
234                     id based on the MAC address  of  the  network  interface.
235                     Except  if that MAC happens to be all-zero - in that case
236                     it returns a random value, which  is  not  what  we  want
237                     (because  it kills automatic stale lock removal).  So, if
238                     you have a all-zero MAC address or other reasons to  bet‐
239                     ter  externally  control the host id, just set this envi‐
240                     ronment variable to a unique value. If all your FQDNs are
241                     unique,   you   can  just  use  the  FQDN.  If  not,  use
242                     fqdn@uniqueid.
243
244              BORG_LOGGING_CONF
245                     When set, use the given  filename  as  INI-style  logging
246                     configuration.   A  basic  example  conf  can be found at
247                     docs/misc/logging.conf.
248
249              BORG_RSH
250                     When set, use this command instead of ssh.  This  can  be
251                     used  to  specify  ssh options, such as a custom identity
252                     file ssh -i /path/to/private/key. See man ssh  for  other
253                     options. Using the --rsh CMD commandline option overrides
254                     the environment variable.
255
256              BORG_REMOTE_PATH
257                     When set, use the given path as borg  executable  on  the
258                     remote    (defaults   to   "borg"   if   unset).    Using
259                     --remote-path PATH commandline option overrides the envi‐
260                     ronment variable.
261
262              BORG_FILES_CACHE_TTL
263                     When  set to a numeric value, this determines the maximum
264                     "time to live" for the files cache entries (default: 20).
265                     The  files  cache  is used to quickly determine whether a
266                     file is unchanged.  The FAQ explains this  more  detailed
267                     in: always_chunking
268
269              BORG_SHOW_SYSINFO
270                     When  set  to no (default: yes), system information (like
271                     OS, Python version, ...)  in  exceptions  is  not  shown.
272                     Please  only  use  for  good  reasons  as it makes issues
273                     harder to analyze.
274
275              BORG_WORKAROUNDS
276                     A list of comma  separated  strings  that  trigger  work‐
277                     arounds  in borg, e.g. to work around bugs in other soft‐
278                     ware.
279
280                     Currently known strings are:
281
282                     basesyncfile
283                            Use the more simple  BaseSyncFile  code  to  avoid
284                            issues  with sync_file_range.  You might need this
285                            to run borg on WSL (Windows Subsystem  for  Linux)
286                            or  in systemd.nspawn containers on some architec‐
287                            tures (e.g. ARM).  Using this does not affect data
288                            safety, but might result in a more bursty write to
289                            disk  behaviour  (not  continuously  streaming  to
290                            disk).
291
292              TMPDIR where  temporary  files  are  stored (might need a lot of
293                     temporary space for some operations),  see  tempfile  for
294                     details
295
296       Some  automatic  answerers (if set, they automatically answer confirma‐
297       tion questions):
298
299              BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=no (or =yes)
300                     For "Warning: Attempting to access a  previously  unknown
301                     unencrypted repository"
302
303              BORG_RELOCATED_REPO_ACCESS_IS_OK=no (or =yes)
304                     For  "Warning:  The repository at location ... was previ‐
305                     ously located at ..."
306
307              BORG_CHECK_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
308                     For "Warning: 'check --repair' is an experimental feature
309                     that might result in data loss."
310
311              BORG_DELETE_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
312                     For  "You  requested  to completely DELETE the repository
313                     including all archives it contains:"
314
315              BORG_RECREATE_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
316                     For "recreate is an experimental feature."
317
318              Note: answers are case  sensitive.  setting  an  invalid  answer
319              value  might  either give the default answer or ask you interac‐
320              tively, depending  on  whether  retries  are  allowed  (they  by
321              default  are allowed). So please test your scripts interactively
322              before making them a non-interactive script.
323
324       Directories and files:
325
326              BORG_BASE_DIR
327                     Default to '$HOME', '~$USER', '~' (in that  order)'.   If
328                     we refer to ~ below, we in fact mean BORG_BASE_DIR.
329
330              BORG_CACHE_DIR
331                     Default  to  '~/.cache/borg'. This directory contains the
332                     local cache and might need a lot  of  space  for  dealing
333                     with  big  repositories.  Make  sure  you're aware of the
334                     associated  security  aspects  of  the  cache   location:
335                     cache_security
336
337              BORG_CONFIG_DIR
338                     Default  to '~/.config/borg'. This directory contains the
339                     whole config directories.
340
341              BORG_SECURITY_DIR
342                     Default to '~/.config/borg/security'. This directory con‐
343                     tains  information borg uses to track its usage of NONCES
344                     ("numbers used once" - usually in encryption context) and
345                     other  security  relevant  data. Will move with BORG_CON‐
346                     FIG_DIR variable unless specified.
347
348              BORG_KEYS_DIR
349                     Default to '~/.config/borg/keys'. This directory contains
350                     keys for encrypted repositories.
351
352              BORG_KEY_FILE
353                     When set, use the given filename as repository key file.
354
355       Building:
356
357              BORG_OPENSSL_PREFIX
358                     Adds  given  OpenSSL header file directory to the default
359                     locations (setup.py).
360
361              BORG_LIBLZ4_PREFIX
362                     Adds given prefix directory to the default locations.  If
363                     a  'include/lz4.h'  is  found Borg will be linked against
364                     the system liblz4 instead of  a  bundled  implementation.
365                     (setup.py)
366
367              BORG_LIBB2_PREFIX
368                     Adds  given prefix directory to the default locations. If
369                     a 'include/blake2.h' is found Borg will be linked against
370                     the  system  libb2  instead  of a bundled implementation.
371                     (setup.py)
372
373              BORG_LIBZSTD_PREFIX
374                     Adds given prefix directory to the default locations.  If
375                     a  'include/zstd.h'  is found Borg will be linked against
376                     the system libzstd instead of a  bundled  implementation.
377                     (setup.py)
378
379       Please note:
380
381       · be very careful when using the "yes" sayers, the warnings with prompt
382         exist for your / your data's security/safety
383
384       · also be very careful when putting your passphrase into a script, make
385         sure it has appropriate file permissions (e.g. mode 600, root:root).
386
387   File systems
388       We  strongly  recommend  against using Borg (or any other database-like
389       software) on non-journaling file systems like FAT, since it is not pos‐
390       sible  to assume any consistency in case of power failures (or a sudden
391       disconnect of an external drive or similar failures).
392
393       While Borg uses a data store that is resilient against  these  failures
394       when  used  on journaling file systems, it is not possible to guarantee
395       this with some hardware -- independent of the software used.  We  don't
396       know a list of affected hardware.
397
398       If  you are suspicious whether your Borg repository is still consistent
399       and readable after one of the failures mentioned  above  occurred,  run
400       borg check --verify-data to make sure it is consistent.
401
402       Requirements for Borg repository file systems
403
404       · Long file names
405
406       · At least three directory levels with short names
407
408       · Typically, file sizes up to a few hundred MB.  Large repositories may
409         require large files (>2 GB).
410
411       · Up to 1000 files per directory (10000  for  repositories  initialized
412         with Borg 1.0)
413
414       · mkdir(2) should be atomic, since it is used for locking
415
416       · Hardlinks are needed for borg_upgrade --inplace
417
418   Units
419       To  display quantities, Borg takes care of respecting the usual conven‐
420       tions of scale. Disk sizes are displayed in decimal,  using  powers  of
421       ten  (so  kB  means  1000 bytes). For memory usage, binary prefixes are
422       used, and are indicated using the IEC binary prefixes, using powers  of
423       two (so KiB means 1024 bytes).
424
425   Date and Time
426       We format date and time conforming to ISO-8601, that is: YYYY-MM-DD and
427       HH:MM:SS (24h clock).
428
429       For more information about that, see: https://xkcd.com/1179/
430
431       Unless otherwise noted, we display local date and time.  Internally, we
432       store and process date and time as UTC.
433
434   Resource Usage
435       Borg might use a lot of resources depending on the size of the data set
436       it is dealing with.
437
438       If one uses Borg in a client/server way (with a ssh:  repository),  the
439       resource  usage occurs in part on the client and in another part on the
440       server.
441
442       If one uses Borg as a single process (with a filesystem repo), all  the
443       resource  usage  occurs  in  that  one process, so just add up client +
444       server to get the approximate resource usage.
445
446       CPU client:
447
448              · borg create: does chunking, hashing, compression, crypto (high
449                CPU usage)
450
451              · chunks cache sync: quite heavy on CPU, doing lots of hashtable
452                operations.
453
454              · borg extract: crypto, decompression (medium to high CPU usage)
455
456              · borg check: similar to extract, but depends on options given.
457
458              · borg prune / borg delete archive: low to medium CPU usage
459
460              · borg delete repo: done on the server
461
462              It won't go beyond 100% of 1 core as the code is currently  sin‐
463              gle-threaded.   Especially higher zlib and lzma compression lev‐
464              els use significant amounts of CPU cycles. Crypto might be cheap
465              on the CPU (if hardware accelerated) or expensive (if not).
466
467       CPU server:
468              It  usually  doesn't  need  much  CPU,  it  just  deals with the
469              key/value store (repository) and uses the repository  index  for
470              that.
471
472              borg  check:  the repository check computes the checksums of all
473              chunks (medium CPU usage) borg delete repo: low CPU usage
474
475       CPU (only for client/server operation):
476              When using borg in a client/server way with  a  ssh:-type  repo,
477              the  ssh  processes  used for the transport layer will need some
478              CPU on the client and on the server due to the crypto  they  are
479              doing - esp. if you are pumping big amounts of data.
480
481       Memory (RAM) client:
482              The  chunks  index  and the files index are read into memory for
483              performance reasons. Might  need  big  amounts  of  memory  (see
484              below).   Compression,  esp.  lzma  compression with high levels
485              might need substantial amounts of memory.
486
487       Memory (RAM) server:
488              The server process will load the repository index  into  memory.
489              Might  need considerable amounts of memory, but less than on the
490              client (see below).
491
492       Chunks index (client only):
493              Proportional to the amount of data chunks in your repo. Lots  of
494              chunks in your repo imply a big chunks index.  It is possible to
495              tweak the chunker params (see create options).
496
497       Files index (client only):
498              Proportional to the amount of files in your last backups. Can be
499              switched off (see create options), but next backup might be much
500              slower if you do.  The speed benefit of using the files cache is
501              proportional to file size.
502
503       Repository index (server only):
504              Proportional  to the amount of data chunks in your repo. Lots of
505              chunks in your repo imply a big repository index.  It is  possi‐
506              ble  to  tweak the chunker params (see create options) to influ‐
507              ence the amount of chunks being created.
508
509       Temporary files (client):
510              Reading data and metadata from a FUSE  mounted  repository  will
511              consume  up to the size of all deduplicated, small chunks in the
512              repository. Big chunks won't be locally cached.
513
514       Temporary files (server):
515              A non-trivial amount of data will be stored on the  remote  temp
516              directory for each client that connects to it. For some remotes,
517              this can fill the default temporary directory at /tmp. This  can
518              be  remediated  by ensuring the $TMPDIR, $TEMP, or $TMP environ‐
519              ment variable is properly set for the sshd  process.   For  some
520              OSes,  this can be done just by setting the correct value in the
521              other cases it may be neccessary to first enable PermitUserEnvi‐
522              ronment   yes  in  your  sshd_config  file,  then  add  environ‐
523              ment="TMPDIR=/my/big/tmpdir" at the start of the public  key  to
524              be used in the authorized_hosts file.
525
526       Cache files (client only):
527              Contains  the chunks index and files index (plus a collection of
528              single- archive chunk indexes which might need huge  amounts  of
529              disk  space, depending on archive count and size - see FAQ about
530              how to reduce).
531
532       Network (only for client/server operation):
533              If your repository is remote, all deduplicated  (and  optionally
534              compressed/ encrypted) data of course has to go over the connec‐
535              tion (ssh:// repo url).  If you use a  locally  mounted  network
536              filesystem,  additionally some copy operations used for transac‐
537              tion support also go over the connection. If you backup multiple
538              sources to one target repository, additional traffic happens for
539              cache resynchronization.
540
541   Support for file metadata
542       Besides regular file and directory structures, Borg can preserve
543
544       · symlinks (stored as symlink, the symlink is not followed)
545
546       · special files:
547
548         · character and block device files (restored via mknod)
549
550         · FIFOs ("named pipes")
551
552         · special file contents can be backed up in --read-special mode.   By
553           default  the  metadata to create them with mknod(2), mkfifo(2) etc.
554           is stored.
555
556       · hardlinked regular files, devices, FIFOs (considering  all  items  in
557         the same archive)
558
559       · timestamps in nanosecond precision: mtime, atime, ctime
560
561       · other timestamps: birthtime (on platforms supporting it)
562
563       · permissions:
564
565         · IDs of owning user and owning group
566
567         · names of owning user and owning group (if the IDs can be resolved)
568
569         · Unix Mode/Permissions (u/g/o permissions, suid, sgid, sticky)
570
571       On some platforms additional features are supported:
572
573                ┌─────────────────┬──────────┬───────────┬───────────┐
574                │Platform         │ ACLs [5] │ xattr [6] │ Flags [7] │
575                ├─────────────────┼──────────┼───────────┼───────────┤
576                │Linux            │ Yes      │ Yes       │ Yes [1]   │
577                ├─────────────────┼──────────┼───────────┼───────────┤
578                │Mac OS X         │ Yes      │ Yes       │ Yes (all) │
579                ├─────────────────┼──────────┼───────────┼───────────┤
580                │FreeBSD          │ Yes      │ Yes       │ Yes (all) │
581                ├─────────────────┼──────────┼───────────┼───────────┤
582                │OpenBSD          │ n/a      │ n/a       │ Yes (all) │
583                ├─────────────────┼──────────┼───────────┼───────────┤
584                │NetBSD           │ n/a      │ No [2]    │ Yes (all) │
585                ├─────────────────┼──────────┼───────────┼───────────┤
586                │Solaris  and de‐ │ No [3]   │ No [3]    │ n/a       │
587                │rivatives        │          │           │           │
588                ├─────────────────┼──────────┼───────────┼───────────┤
589                │Windows (cygwin) │ No [4]   │ No        │ No        │
590                └─────────────────┴──────────┴───────────┴───────────┘
591
592       Other Unix-like operating systems may work as well, but have  not  been
593       tested at all.
594
595       Note  that  most  of the platform-dependent features also depend on the
596       file system.  For example, ntfs-3g on Linux isn't able to  convey  NTFS
597       ACLs.
598
599       [1]  Only  "nodump",  "immutable",  "compressed"  and "append" are sup‐
600            ported.  Feature request #618 for more flags.
601
602       [2]  Feature request #1332
603
604       [3]  Feature request #1337
605
606       [4]  Cygwin tries to map NTFS ACLs to permissions with varying  degrees
607            of success.
608
609       [5]  The  native access control list mechanism of the OS. This normally
610            limits access to non-native ACLs. For example,  NTFS  ACLs  aren't
611            completely accessible on Linux with ntfs-3g.
612
613       [6]  extended  attributes;  key-value  pairs attached to a file, mainly
614            used by the OS.  This includes resource forks on Mac OS X.
615
616       [7]  aka BSD flags. The Linux set of flags [1] is portable across plat‐
617            forms.  The BSDs define additional flags.
618
619            In case you are interested in more details (like formulas), please
620            see internals. For details on the available JSON output, refer  to
621            json_output.
622
623   Common options
624       All Borg commands share these options:
625
626       -h, --help
627              show this help message and exit
628
629       --critical
630              work on log level CRITICAL
631
632       --error
633              work on log level ERROR
634
635       --warning
636              work on log level WARNING (default)
637
638       --info, -v, --verbose
639              work on log level INFO
640
641       --debug
642              enable debug output, work on log level DEBUG
643
644       --debug-topic TOPIC
645              enable  TOPIC  debugging  (can be specified multiple times). The
646              logger path is borg.debug.<TOPIC> if TOPIC is not  fully  quali‐
647              fied.
648
649       -p, --progress
650              show progress information
651
652       --log-json
653              Output one JSON object per log line instead of formatted text.
654
655       --lock-wait SECONDS
656              wait  at  most  SECONDS  for  acquiring  a repository/cache lock
657              (default: 1).
658
659       --show-version
660              show/log the borg version
661
662       --show-rc
663              show/log the return code (rc)
664
665       --umask M
666              set umask to M (local and remote, default: 0077)
667
668       --remote-path PATH
669              use PATH as borg executable on the remote (default: "borg")
670
671       --remote-ratelimit RATE
672              set remote network  upload  rate  limit  in  kiByte/s  (default:
673              0=unlimited)
674
675       --consider-part-files
676              treat part files like normal files (e.g. to list/extract them)
677
678       --debug-profile FILE
679              Write  execution profile in Borg format into FILE. For local use
680              a Python-compatible file can be generated by suffixing FILE with
681              ".pyprof".
682
683       --rsh RSH
684              Use  this  command  to  connect  to  the  'borg  serve'  process
685              (default: 'ssh')
686
687   Examples
688          # Create an archive and log: borg version, files list, return code
689          $ borg create --show-version --list --show-rc /path/to/repo::my-files files
690

BORG INIT

692          borg [common options] init [options] [REPOSITORY]
693
694   Description
695       This command  initializes  an  empty  repository.  A  repository  is  a
696       filesystem directory containing the deduplicated data from zero or more
697       archives.
698
699       Encryption can be enabled at repository init time. It cannot be changed
700       later.
701
702       It is not recommended to work without encryption. Repository encryption
703       protects you e.g. against the case that an attacker has access to  your
704       backup repository.
705
706       But be careful with the key / the passphrase:
707
708       If  you  want "passphrase-only" security, use one of the repokey modes.
709       The key will be stored inside the repository (in its "config" file). In
710       above  mentioned  attack  scenario, the attacker will have the key (but
711       not the passphrase).
712
713       If you want "passphrase and having-the-key" security, use  one  of  the
714       keyfile  modes. The key will be stored in your home directory (in .con‐
715       fig/borg/keys).  In the attack scenario,  the  attacker  who  has  just
716       access to your repo won't have the key (and also not the passphrase).
717
718       Make  a  backup copy of the key file (keyfile mode) or repo config file
719       (repokey mode) and keep it at a safe place, so you still have  the  key
720       in  case  it gets corrupted or lost. Also keep the passphrase at a safe
721       place.  The backup that is encrypted with that key won't help you  with
722       that, of course.
723
724       Make sure you use a good passphrase. Not too short, not too simple. The
725       real encryption / decryption key is encrypted with  /  locked  by  your
726       passphrase.   If  an attacker gets your key, he can't unlock and use it
727       without knowing the passphrase.
728
729       Be careful with special or non-ascii characters in your passphrase:
730
731       · Borg processes the passphrase as unicode (and encodes it  as  utf-8),
732         so  it does not have problems dealing with even the strangest charac‐
733         ters.
734
735       · BUT: that does not necessarily apply to your OS / VM / keyboard  con‐
736         figuration.
737
738       So  better  use a long passphrase made from simple ascii chars than one
739       that includes non-ascii stuff or characters that are hard/impossible to
740       enter on a different keyboard layout.
741
742       You can change your passphrase for existing repos at any time, it won't
743       affect the encryption/decryption key or other secrets.
744
745   Encryption modes
746         ────────────────────────────────────────────────────────────────────
747          Hash/MAC   Not encrypted no   Not   encrypted,   Encrypted  (AEAD
748                     auth               but    authenti‐   w/   AES)    and
749                                        cated              authenticated
750         ────────────────────────────────────────────────────────────────────
751          SHA-256    none               authenticated      repokey keyfile
752         ────────────────────────────────────────────────────────────────────
753          BLAKE2b    n/a                authenti‐          repokey-blake2
754                                        cated-blake2       keyfile-blake2
755         ┌─────────┬──────────────────┬──────────────────┬──────────────────┐
756         │         │                  │                  │                  │
757       Ma│rked  mode│s are new in Borg 1│.1 and are not back│wards-compatible wi│th
758       Bo│rg 1.0.x. │                  │                  │                  │
759         │         │                  │                  │                  │
760       On│modern In│tel/AMD CPUs (excep│t very cheap ones),│AES is usually har│d‐
761       wa│re-acceler│ated.   BLAKE2b  is│ faster than SHA25│6 on Intel/AMD 64-b│it
762       CP│Us (except│AMD Ryzen and futu│re  CPUs  with  SHA│ extensions),  whi│ch
763       ma│kes authen│ticated-blake2 fast│er than none and au│thenticated.       │
764         │         │                  │                  │                  │
765       On│modern AR│M CPUs, NEON provid│es hardware acceler│ation for SHA256 ma│k‐
766       in│g it faste│r than BLAKE2b-256 │there. NEON acceler│ates AES as well.  │
767         │         │                  │                  │                  │
768       Ha│rdware acc│eleration is always│used automatically│when available.   │
769         │         │                  │                  │                  │
770       re│pokey and │keyfile use AES-CTR│-256 for encryption│and HMAC-SHA256  f│or
771       au│thenticati│on  in an encrypt-t│hen-MAC (EtM) const│ruction. The chunk │ID
772       ha│sh is HMAC│-SHA256 as well (wi│th a separate  key)│.   These  modes  a│re
773       co│mpatible w│ith Borg 1.0.x.    │                  │                  │
774         │         │                  │                  │                  │
775       re│pokey-blak│e2  and  keyfile-bl│ake2  are  also aut│henticated encrypti│on
776       mo│des, but u│se BLAKE2b-256 inst│ead of HMAC-SHA256 │for  authenticatio│n.
777       Th│e chunk ID│hash is a keyed BL│AKE2b-256 hash.  Th│ese modes are new a│nd
778       no│t compatib│le with Borg 1.0.x.│                  │                  │
779         │         │                  │                  │                  │
780       au│thenticate│d mode uses no  enc│ryption,  but  auth│enticates  reposito│ry
781       co│ntents  th│rough  the same HMA│C-SHA256 hash as th│e repokey and keyfi│le
782       mo│des (it us│es it as the  chunk│ ID  hash).  The  │key  is  stored  li│ke
783       re│pokey.  Th│is mode is new and │not compatible with│Borg 1.0.x.       │
784         │         │                  │                  │                  │
785       au│thenticate│d-blake2   is   lik│e  authenticated,  │but  uses  the  key│ed
786       BL│AKE2b-256 │hash from the other│blake2 modes.  Thi│s mode is new and n│ot
787       co│mpatible w│ith Borg 1.0.x.    │                  │                  │
788         │         │                  │                  │                  │
789       no│ne  mode  │uses no encryption │and no authenticati│on. It uses SHA256 │as
790       ch│unk ID has│h. Not recommended,│rather consider us│ing an  authenticat│ed
791       or│ authenti│cated/encrypted mod│e. This mode has po│ssible denial-of-se│r‐
792       vi│ce issues │when running borg  │create  on  content│s  controlled  by  │an
793       at│tacker.   │Use  it  only  for │new repositories w│here no encryption │is
794       wa│nted and w│hen compatibility w│ith 1.0.x is import│ant. If compatibili│ty
795       wi│th  1.0.x │is not important, u│se authenticated-bl│ake2 or authenticat│ed
796       in│stead.  Th│is mode is compatib│le with Borg 1.0.x.│                  │
797         │         │                  │                  │                  │
798   Exampl│es        │                  │                  │                  │
799         │# Local r│epository, repokey │encryption, BLAKE2b│(often faster, sin│ce Borg 1.1)
800         │$ borg in│it --encryption=rep│okey-blake2 /path/t│o/repo             │
801         │         │                  │                  │                  │
802         │# Local r│epository (no encry│ption)             │                  │
803         │$ borg in│it --encryption=non│e /path/to/repo    │                  │
804         │         │                  │                  │                  │
805         │# Remote │repository (accesse│s a remote borg via│ssh)              │
806         │$ borg in│it --encryption=rep│okey-blake2 user@ho│stname:backup      │
807         │         │                  │                  │                  │
808         │# Remote │repository (store t│he key your home di│r)                 │
809         │$ borg in│it --encryption=key│file user@hostname:│backup             │
810         │         │                  │                  │                  │

BORG CREA│TE │ │ │ │

812         │borg [com│mon options] create│[options] ARCHIVE │[PATH...]          │
813         │         │                  │                  │                  │
814   Descri│ption     │                  │                  │                  │
815       Th│is command│creates a backup a│rchive containing a│ll files found  whi│le
816       re│cursively │traversing all pat│hs specified. Paths│are added to the a│r‐
817       ch│ive as the│y are given, that m│eans if relative pa│ths are desired,  t│he
818       co│mmand has │to be run from the │correct directory. │                  │
819
820       When  giving  '-'  as path, borg will read data from standard input and
821       create a file 'stdin' in the created archive from that data.
822
823       The archive will consume almost no disk space for  files  or  parts  of
824       files that have already been stored in other archives.
825
826       The  archive  name needs to be unique. It must not end in '.checkpoint'
827       or '.checkpoint.N' (with N being a number),  because  these  names  are
828       used for checkpoints and treated in special ways.
829
830       In  the  archive  name,  you may use the following placeholders: {now},
831       {utcnow}, {fqdn}, {hostname}, {user} and some others.
832
833       Backup speed is increased by not reprocessing files  that  are  already
834       part of existing archives and weren't modified. The detection of unmod‐
835       ified files is done by comparing multiple  file  metadata  values  with
836       previous values kept in the files cache.
837
838       This   comparison   can   operate   in  different  modes  as  given  by
839       --files-cache:
840
841       · ctime,size,inode (default)
842
843       · mtime,size,inode (default  behaviour  of  borg  versions  older  than
844         1.1.0rc4)
845
846       · ctime,size (ignore the inode number)
847
848       · mtime,size (ignore the inode number)
849
850       · rechunk,ctime  (all  files  are  considered modified - rechunk, cache
851         ctime)
852
853       · rechunk,mtime (all files are considered  modified  -  rechunk,  cache
854         mtime)
855
856       · disabled  (disable  the  files cache, all files considered modified -
857         rechunk)
858
859       inode number: better safety, but often unstable on network filesystems
860
861       Normally, detecting file modifications will take inode information into
862       consideration  to  improve  the  reliability  of file change detection.
863       This is problematic for files located on sshfs and similar network file
864       systems  which  do  not  provide  stable inode numbers, such files will
865       always be considered modified. You can use modes without inode in  this
866       case  to improve performance, but reliability of change detection might
867       be reduced.
868
869       ctime vs. mtime: safety vs. speed
870
871       · ctime is a rather safe way to detect changes to a file (metadata  and
872         contents)  as  it can not be set from userspace. But, a metadata-only
873         change will already update the ctime, so there might be some unneces‐
874         sary  chunking/hashing even without content changes. Some filesystems
875         do not support ctime (change time).
876
877       · mtime usually works and only updates if file contents  were  changed.
878         But  mtime  can  be arbitrarily set from userspace, e.g. to set mtime
879         back to the same value it had before a content change happened.  This
880         can  be  used  maliciously  as  well as well-meant, but in both cases
881         mtime based cache modes can be problematic.
882
883       The mount points of filesystems or filesystem snapshots should  be  the
884       same for every creation of a new archive to ensure fast operation. This
885       is because the file cache that  is  used  to  determine  changed  files
886       quickly  uses  absolute  filenames.   If this is not possible, consider
887       creating a bind mount to a stable location.
888
889       The --progress option shows (from left to right)  Original,  Compressed
890       and  Deduplicated  (O, C and D, respectively), then the Number of files
891       (N) processed so far, followed by the currently processed path.
892
893       When using --stats, you will get some statistics about  how  much  data
894       was  added  - the "This Archive" deduplicated size there is most inter‐
895       esting as that is how much your repository will grow. Please note  that
896       the  "All  archives" stats refer to the state after creation. Also, the
897       --stats and --dry-run options are mutually exclusive because  the  data
898       is not actually compressed and deduplicated during a dry run.
899
900       See  the  output  of  the "borg help patterns" command for more help on
901       exclude patterns.  See the output of the "borg help placeholders"  com‐
902       mand for more help on placeholders.
903
904       The --exclude patterns are not like tar. In tar --exclude .bundler/gems
905       will exclude foo/.bundler/gems. In borg it will not, you  need  to  use
906       --exclude  '*/.bundler/gems' to get the same effect. See borg help pat‐
907       terns for more information.
908
909       In addition  to  using  --exclude  patterns,  it  is  possible  to  use
910       --exclude-if-present to specify the name of a filesystem object (e.g. a
911       file or folder name) which, when contained within another folder,  will
912       prevent  the  containing  folder from being backed up.  By default, the
913       containing folder and all of its contents  will  be  omitted  from  the
914       backup.  If, however, you wish to only include the objects specified by
915       --exclude-if-present in your backup, and not include any other contents
916       of  the  containing  folder,  this  can  be  enabled  through using the
917       --keep-exclude-tags option.
918
919   Item flags
920       --list outputs a list of all files, directories and other  file  system
921       items  it  considered  (no  matter  whether they had content changes or
922       not). For each item, it prefixes a single-letter  flag  that  indicates
923       type and/or status of the item.
924
925       If  you  are  interested  only in a subset of that output, you can give
926       e.g.  --filter=AME and it will only show regular files with A, M  or  E
927       status (see below).
928
929       A  uppercase character represents the status of a regular file relative
930       to the "files" cache (not relative to the repo -- this is an  issue  if
931       the  files  cache  is not used). Metadata is stored in any case and for
932       'A' and 'M' also new data chunks are stored. For 'U'  all  data  chunks
933       refer to already existing chunks.
934
935       · 'A' = regular file, added (see also a_status_oddity in the FAQ)
936
937       · 'M' = regular file, modified
938
939       · 'U' = regular file, unchanged
940
941       · 'E'  =  regular  file, an error happened while accessing/reading this
942         file
943
944       A lowercase character means a file type other than a regular file, borg
945       usually just stores their metadata:
946
947       · 'd' = directory
948
949       · 'b' = block device
950
951       · 'c' = char device
952
953       · 'h' = regular file, hardlink (to already seen inodes)
954
955       · 's' = symlink
956
957       · 'f' = fifo
958
959       Other flags used include:
960
961       · 'i' = backup data was read from standard input (stdin)
962
963       · '-' = dry run, item was not backed up
964
965       · 'x' = excluded, item was not backed up
966
967       · '?'  =  missing  status  code  (if  you  see  this, please file a bug
968         report!)
969
970   Examples
971          # Backup ~/Documents into an archive named "my-documents"
972          $ borg create /path/to/repo::my-documents ~/Documents
973
974          # same, but list all files as we process them
975          $ borg create --list /path/to/repo::my-documents ~/Documents
976
977          # Backup ~/Documents and ~/src but exclude pyc files
978          $ borg create /path/to/repo::my-files \
979              ~/Documents                       \
980              ~/src                             \
981              --exclude '*.pyc'
982
983          # Backup home directories excluding image thumbnails (i.e. only
984          # /home/<one directory>/.thumbnails is excluded, not /home/*/*/.thumbnails etc.)
985          $ borg create /path/to/repo::my-files /home \
986              --exclude 'sh:/home/*/.thumbnails'
987
988          # Backup the root filesystem into an archive named "root-YYYY-MM-DD"
989          # use zlib compression (good, but slow) - default is lz4 (fast, low compression ratio)
990          $ borg create -C zlib,6 --one-file-system /path/to/repo::root-{now:%Y-%m-%d} /
991
992          # Backup a remote host locally ("pull" style) using sshfs
993          $ mkdir sshfs-mount
994          $ sshfs root@example.com:/ sshfs-mount
995          $ cd sshfs-mount
996          $ borg create /path/to/repo::example.com-root-{now:%Y-%m-%d} .
997          $ cd ..
998          $ fusermount -u sshfs-mount
999
1000          # Make a big effort in fine granular deduplication (big chunk management
1001          # overhead, needs a lot of RAM and disk space, see formula in internals
1002          # docs - same parameters as borg < 1.0 or attic):
1003          $ borg create --chunker-params 10,23,16,4095 /path/to/repo::small /smallstuff
1004
1005          # Backup a raw device (must not be active/in use/mounted at that time)
1006          $ dd if=/dev/sdx bs=10M | borg create /path/to/repo::my-sdx -
1007
1008          # No compression (none)
1009          $ borg create --compression none /path/to/repo::arch ~
1010
1011          # Super fast, low compression (lz4, default)
1012          $ borg create /path/to/repo::arch ~
1013
1014          # Less fast, higher compression (zlib, N = 0..9)
1015          $ borg create --compression zlib,N /path/to/repo::arch ~
1016
1017          # Even slower, even higher compression (lzma, N = 0..9)
1018          $ borg create --compression lzma,N /path/to/repo::arch ~
1019
1020          # Only compress compressible data with lzma,N (N = 0..9)
1021          $ borg create --compression auto,lzma,N /path/to/repo::arch ~
1022
1023          # Use short hostname, user name and current time in archive name
1024          $ borg create /path/to/repo::{hostname}-{user}-{now} ~
1025          # Similar, use the same datetime format that is default as of borg 1.1
1026          $ borg create /path/to/repo::{hostname}-{user}-{now:%Y-%m-%dT%H:%M:%S} ~
1027          # As above, but add nanoseconds
1028          $ borg create /path/to/repo::{hostname}-{user}-{now:%Y-%m-%dT%H:%M:%S.%f} ~
1029
1030          # Backing up relative paths by moving into the correct directory first
1031          $ cd /home/user/Documents
1032          # The root directory of the archive will be "projectA"
1033          $ borg create /path/to/repo::daily-projectA-{now:%Y-%m-%d} projectA
1034

BORG EXTRACT

1036          borg [common options] extract [options] ARCHIVE [PATH...]
1037
1038   Description
1039       This command extracts the contents of an archive. By default the entire
1040       archive  is  extracted  but  a  subset  of files and directories can be
1041       selected by passing a list of PATHs as arguments.  The  file  selection
1042       can further be restricted by using the --exclude option.
1043
1044       See  the  output  of  the "borg help patterns" command for more help on
1045       exclude patterns.
1046
1047       By using --dry-run, you can do all  extraction  steps  except  actually
1048       writing  the  output  data:  reading  metadata and data chunks from the
1049       repo, checking the hash/hmac, decrypting, decompressing.
1050
1051       --progress can be slower than no progress display, since it  makes  one
1052       additional pass over the archive metadata.
1053
1054       NOTE:
1055          Currently,  extract always writes into the current working directory
1056          ("."), so make sure you cd to the right place  before  calling  borg
1057          extract.
1058
1059   Examples
1060          # Extract entire archive
1061          $ borg extract /path/to/repo::my-files
1062
1063          # Extract entire archive and list files while processing
1064          $ borg extract --list /path/to/repo::my-files
1065
1066          # Verify whether an archive could be successfully extracted, but do not write files to disk
1067          $ borg extract --dry-run /path/to/repo::my-files
1068
1069          # Extract the "src" directory
1070          $ borg extract /path/to/repo::my-files home/USERNAME/src
1071
1072          # Extract the "src" directory but exclude object files
1073          $ borg extract /path/to/repo::my-files home/USERNAME/src --exclude '*.o'
1074
1075          # Restore a raw device (must not be active/in use/mounted at that time)
1076          $ borg extract --stdout /path/to/repo::my-sdx | dd of=/dev/sdx bs=10M
1077

BORG CHECK

1079          borg [common options] check [options] [REPOSITORY_OR_ARCHIVE]
1080
1081   Description
1082       The check command verifies the consistency of a repository and the cor‐
1083       responding archives.
1084
1085       First, the underlying repository data files are checked:
1086
1087       · For all segments the segment magic (header) is checked
1088
1089       · For all objects stored in the segments, all metadata  (e.g.  crc  and
1090         size) and all data is read. The read data is checked by size and CRC.
1091         Bit rot and other types of accidental damage  can  be  detected  this
1092         way.
1093
1094       · If we are in repair mode and a integrity error is detected for a seg‐
1095         ment, we try to recover as many objects from the segment as possible.
1096
1097       · In repair mode, it makes sure that the index is consistent  with  the
1098         data stored in the segments.
1099
1100       · If  you use a remote repo server via ssh:, the repo check is executed
1101         on the repo server without causing significant network traffic.
1102
1103       · The repository check can be skipped using the --archives-only option.
1104
1105       Second, the consistency and correctness of the archive metadata is ver‐
1106       ified:
1107
1108       · Is  the  repo  manifest  present?  If not, it is rebuilt from archive
1109         metadata chunks (this requires reading and decrypting of all metadata
1110         and data).
1111
1112       · Check  if  archive  metadata chunk is present. if not, remove archive
1113         from manifest.
1114
1115       · For all files (items) in the archive, for all  chunks  referenced  by
1116         these  files,  check  if chunk is present.  If a chunk is not present
1117         and we are in repair mode, replace it with  a  same-size  replacement
1118         chunk  of  zeros.   If  a previously lost chunk reappears (e.g. via a
1119         later backup) and we are in repair  mode,  the  all-zero  replacement
1120         chunk  will  be replaced by the correct chunk.  This requires reading
1121         of archive and file metadata, but not data.
1122
1123       · If we are in repair mode and we  checked  all  the  archives:  delete
1124         orphaned chunks from the repo.
1125
1126       · if  you  use a remote repo server via ssh:, the archive check is exe‐
1127         cuted on the client machine (because if encryption  is  enabled,  the
1128         checks  will  require decryption and this is always done client-side,
1129         because key access will be required).
1130
1131       · The archive checks can be time consuming, they can be  skipped  using
1132         the --repository-only option.
1133
1134       The --verify-data option will perform a full integrity verification (as
1135       opposed to checking the CRC32 of the  segment)  of  data,  which  means
1136       reading  the data from the repository, decrypting and decompressing it.
1137       This is a cryptographic verification, which  will  detect  (accidental)
1138       corruption.  For encrypted repositories it is tamper-resistant as well,
1139       unless the attacker has access to the keys.
1140
1141       It is also very slow.
1142

BORG RENAME

1144          borg [common options] rename [options] ARCHIVE NEWNAME
1145
1146   Description
1147       This command renames an archive in the repository.
1148
1149       This results in a different archive ID.
1150
1151   Examples
1152          $ borg create /path/to/repo::archivename ~
1153          $ borg list /path/to/repo
1154          archivename                          Mon, 2016-02-15 19:50:19
1155
1156          $ borg rename /path/to/repo::archivename newname
1157          $ borg list /path/to/repo
1158          newname                              Mon, 2016-02-15 19:50:19
1159

BORG LIST

1161          borg [common options] list [options] [REPOSITORY_OR_ARCHIVE] [PATH...]
1162
1163   Description
1164       This command lists the contents of a repository or an archive.
1165
1166       See the "borg help patterns" command for more help on exclude patterns.
1167
1168       The following keys are available for --format:
1169
1170       · NEWLINE: OS dependent line separator
1171
1172       · NL: alias of NEWLINE
1173
1174       · NUL: NUL character for creating print0 / xargs -0  like  output,  see
1175         barchive/bpath
1176
1177       · SPACE
1178
1179       · TAB
1180
1181       · CR
1182
1183       · LF
1184
1185       Keys for listing repository archives:
1186
1187       · archive:  archive name interpreted as text (might be missing non-text
1188         characters, see barchive)
1189
1190       · name: alias of "archive"
1191
1192       · barchive: verbatim archive name, can contain any character except NUL
1193
1194       · comment: archive  comment  interpreted  as  text  (might  be  missing
1195         non-text characters, see bcomment)
1196
1197       · bcomment:  verbatim archive comment, can contain any character except
1198         NUL
1199
1200       · id: internal ID of the archive
1201
1202       · start: time (start) of creation of the archive
1203
1204       · time: alias of "start"
1205
1206       · end: time (end) of creation of the archive
1207
1208       · hostname: hostname of host on which this archive was created
1209
1210       · username: username of user who created this archive
1211
1212       Keys for listing archive files:
1213
1214       · type
1215
1216       · mode
1217
1218       · uid
1219
1220       · gid
1221
1222       · user
1223
1224       · group
1225
1226       · path: path interpreted as text (might be missing non-text characters,
1227         see bpath)
1228
1229       · bpath: verbatim POSIX path, can contain any character except NUL
1230
1231       · source: link target for links (identical to linktarget)
1232
1233       · linktarget
1234
1235       · flags
1236
1237       · size
1238
1239       · csize: compressed size
1240
1241       · dsize: deduplicated size
1242
1243       · dcsize: deduplicated compressed size
1244
1245       · num_chunks: number of chunks in this file
1246
1247       · unique_chunks: number of unique chunks in this file
1248
1249       · mtime
1250
1251       · ctime
1252
1253       · atime
1254
1255       · isomtime
1256
1257       · isoctime
1258
1259       · isoatime
1260
1261       · md5
1262
1263       · sha1
1264
1265       · sha224
1266
1267       · sha256
1268
1269       · sha384
1270
1271       · sha512
1272
1273       · archiveid
1274
1275       · archivename
1276
1277       · extra:  prepends  {source} with " -> " for soft links and " link to "
1278         for hard links
1279
1280       · health: either "healthy" (file ok) or "broken" (if file has  all-zero
1281         replacement chunks)
1282
1283   Examples
1284          $ borg list /path/to/repo
1285          Monday                               Mon, 2016-02-15 19:15:11
1286          repo                                 Mon, 2016-02-15 19:26:54
1287          root-2016-02-15                      Mon, 2016-02-15 19:36:29
1288          newname                              Mon, 2016-02-15 19:50:19
1289          ...
1290
1291          $ borg list /path/to/repo::root-2016-02-15
1292          drwxr-xr-x root   root          0 Mon, 2016-02-15 17:44:27 .
1293          drwxrwxr-x root   root          0 Mon, 2016-02-15 19:04:49 bin
1294          -rwxr-xr-x root   root    1029624 Thu, 2014-11-13 00:08:51 bin/bash
1295          lrwxrwxrwx root   root          0 Fri, 2015-03-27 20:24:26 bin/bzcmp -> bzdiff
1296          -rwxr-xr-x root   root       2140 Fri, 2015-03-27 20:24:22 bin/bzdiff
1297          ...
1298
1299          $ borg list /path/to/repo::archiveA --format="{mode} {user:6} {group:6} {size:8d} {isomtime} {path}{extra}{NEWLINE}"
1300          drwxrwxr-x user   user          0 Sun, 2015-02-01 11:00:00 .
1301          drwxrwxr-x user   user          0 Sun, 2015-02-01 11:00:00 code
1302          drwxrwxr-x user   user          0 Sun, 2015-02-01 11:00:00 code/myproject
1303          -rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.ext
1304          ...
1305

BORG DIFF

1307          borg [common options] diff [options] REPO::ARCHIVE1 ARCHIVE2 [PATH...]
1308
1309   Description
1310       This command finds differences (file contents, user/group/mode) between
1311       archives.
1312
1313       A repository location  and  an  archive  name  must  be  specified  for
1314       REPO::ARCHIVE1.   ARCHIVE2 is just another archive name in same reposi‐
1315       tory (no repository location allowed).
1316
1317       For archives created with Borg 1.1 or newer diff automatically  detects
1318       whether  the  archives are created with the same chunker params. If so,
1319       only chunk IDs are compared, which is very fast.
1320
1321       For archives prior to Borg 1.1 chunk contents are compared by  default.
1322       If  you did not create the archives with different chunker params, pass
1323       --same-chunker-params.  Note that the chunker params changed from  Borg
1324       0.xx to 1.0.
1325
1326       See  the  output  of  the "borg help patterns" command for more help on
1327       exclude patterns.
1328
1329   Examples
1330          $ borg init -e=none testrepo
1331          $ mkdir testdir
1332          $ cd testdir
1333          $ echo asdf > file1
1334          $ dd if=/dev/urandom bs=1M count=4 > file2
1335          $ touch file3
1336          $ borg create ../testrepo::archive1 .
1337
1338          $ chmod a+x file1
1339          $ echo "something" >> file2
1340          $ borg create ../testrepo::archive2 .
1341
1342          $ rm file3
1343          $ touch file4
1344          $ borg create ../testrepo::archive3 .
1345
1346          $ cd ..
1347          $ borg diff testrepo::archive1 archive2
1348          [-rw-r--r-- -> -rwxr-xr-x] file1
1349             +135 B    -252 B file2
1350
1351          $ borg diff testrepo::archive2 archive3
1352          added           0 B file4
1353          removed         0 B file3
1354
1355          $ borg diff testrepo::archive1 archive3
1356          [-rw-r--r-- -> -rwxr-xr-x] file1
1357             +135 B    -252 B file2
1358          added           0 B file4
1359          removed         0 B file3
1360

BORG DELETE

1362          borg [common options] delete [options] [REPOSITORY_OR_ARCHIVE] [ARCHIVE...]
1363
1364   Description
1365       This command deletes an archive from the  repository  or  the  complete
1366       repository.   Disk  space  is  reclaimed accordingly. If you delete the
1367       complete repository, the local cache for it (if any) is also deleted.
1368
1369       When using --stats, you will get some statistics about  how  much  data
1370       was deleted - the "Deleted data" deduplicated size there is most inter‐
1371       esting as that is how much your repository will  shrink.   Please  note
1372       that the "All archives" stats refer to the state after deletion.
1373
1374   Examples
1375          # delete a single backup archive:
1376          $ borg delete /path/to/repo::Monday
1377
1378          # delete the whole repository and the related local cache:
1379          $ borg delete /path/to/repo
1380          You requested to completely DELETE the repository *including* all archives it contains:
1381          repo                                 Mon, 2016-02-15 19:26:54
1382          root-2016-02-15                      Mon, 2016-02-15 19:36:29
1383          newname                              Mon, 2016-02-15 19:50:19
1384          Type 'YES' if you understand this and want to continue: YES
1385

BORG PRUNE

1387          borg [common options] prune [options] [REPOSITORY]
1388
1389   Description
1390       The  prune  command  prunes  a  repository by deleting all archives not
1391       matching any of the specified retention options. This command  is  nor‐
1392       mally used by automated backup scripts wanting to keep a certain number
1393       of historic backups.
1394
1395       Also, prune automatically removes checkpoint archives  (incomplete  ar‐
1396       chives left behind by interrupted backup runs) except if the checkpoint
1397       is the latest archive (and thus still needed). Checkpoint archives  are
1398       not considered when comparing archive counts against the retention lim‐
1399       its (--keep-X).
1400
1401       If a prefix is set with -P, then only archives that start with the pre‐
1402       fix  are  considered for deletion and only those archives count towards
1403       the totals specified by the rules.   Otherwise,  all  archives  in  the
1404       repository are candidates for deletion!  There is no automatic distinc‐
1405       tion between archives representing different contents. These need to be
1406       distinguished by specifying matching prefixes.
1407
1408       If  you  have  multiple  sequences of archives with different data sets
1409       (e.g.  from different machines) in one shared repository, use one prune
1410       call  per  data set that matches only the respective archives using the
1411       -P option.
1412
1413       The --keep-within option takes an argument of the  form  "<int><char>",
1414       where  char  is  "H", "d", "w", "m", "y". For example, --keep-within 2d
1415       means to keep all archives that were created within the past 48  hours.
1416       "1m"  is taken to mean "31d". The archives kept with this option do not
1417       count towards the totals specified by any other options.
1418
1419       A good procedure is to thin out more and more the  older  your  backups
1420       get.   As an example, --keep-daily 7 means to keep the latest backup on
1421       each day, up to 7 most recent days with backups (days  without  backups
1422       do  not  count).   The  rules  are applied from secondly to yearly, and
1423       backups selected by previous rules do not count towards those of  later
1424       rules.  The  time that each backup starts is used for pruning purposes.
1425       Dates and times are interpreted in the local  timezone,  and  weeks  go
1426       from Monday to Sunday. Specifying a negative number of archives to keep
1427       means that there is no limit.
1428
1429       The --keep-last N option is doing the same as --keep-secondly N (and it
1430       will keep the last N archives under the assumption that you do not cre‐
1431       ate more than one backup archive in the same second).
1432
1433       When using --stats, you will get some statistics about  how  much  data
1434       was deleted - the "Deleted data" deduplicated size there is most inter‐
1435       esting as that is how much your repository will  shrink.   Please  note
1436       that the "All archives" stats refer to the state after pruning.
1437
1438   Examples
1439       Be  careful,  prune  is a potentially dangerous command, it will remove
1440       backup archives.
1441
1442       The default of prune is to apply to  all  archives  in  the  repository
1443       unless  you  restrict  its  operation to a subset of the archives using
1444       --prefix.  When using --prefix, be careful to choose a  good  prefix  -
1445       e.g.  do  not use a prefix "foo" if you do not also want to match "foo‐
1446       bar".
1447
1448       It is strongly recommended to always run prune -v --list --dry-run  ...
1449       first  so  you will see what it would do without it actually doing any‐
1450       thing.
1451
1452          # Keep 7 end of day and 4 additional end of week archives.
1453          # Do a dry-run without actually deleting anything.
1454          $ borg prune -v --list --dry-run --keep-daily=7 --keep-weekly=4 /path/to/repo
1455
1456          # Same as above but only apply to archive names starting with the hostname
1457          # of the machine followed by a "-" character:
1458          $ borg prune -v --list --keep-daily=7 --keep-weekly=4 --prefix='{hostname}-' /path/to/repo
1459
1460          # Keep 7 end of day, 4 additional end of week archives,
1461          # and an end of month archive for every month:
1462          $ borg prune -v --list --keep-daily=7 --keep-weekly=4 --keep-monthly=-1 /path/to/repo
1463
1464          # Keep all backups in the last 10 days, 4 additional end of week archives,
1465          # and an end of month archive for every month:
1466          $ borg prune -v --list --keep-within=10d --keep-weekly=4 --keep-monthly=-1 /path/to/repo
1467
1468       There is also  a  visualized  prune  example  in  docs/misc/prune-exam‐
1469       ple.txt:
1470
1471          borg prune visualized
1472          =====================
1473
1474          Assume it is 2016-01-01, today's backup has not yet been made and you have
1475          created at least one backup on each day in 2015 except on 2015-12-19 (no
1476          backup made on that day).
1477
1478          This is what borg prune --keep-daily 14 --keep-monthly 6 would keep.
1479
1480          Backups kept by the --keep-daily rule are marked by a "d" to the right,
1481          backups kept by the --keep-monthly rule are marked by a "m" to the right.
1482
1483          Calendar view
1484          -------------
1485
1486                                      2015
1487                January               February               March
1488          Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su
1489                    1  2  3  4                     1                     1
1490           5  6  7  8  9 10 11   2  3  4  5  6  7  8   2  3  4  5  6  7  8
1491          12 13 14 15 16 17 18   9 10 11 12 13 14 15   9 10 11 12 13 14 15
1492          19 20 21 22 23 24 25  16 17 18 19 20 21 22  16 17 18 19 20 21 22
1493          26 27 28 29 30 31     23 24 25 26 27 28     23 24 25 26 27 28 29
1494                                                      30 31
1495
1496                 April                  May                   June
1497          Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su
1498                 1  2  3  4  5               1  2  3   1  2  3  4  5  6  7
1499           6  7  8  9 10 11 12   4  5  6  7  8  9 10   8  9 10 11 12 13 14
1500          13 14 15 16 17 18 19  11 12 13 14 15 16 17  15 16 17 18 19 20 21
1501          20 21 22 23 24 25 26  18 19 20 21 22 23 24  22 23 24 25 26 27 28
1502          27 28 29 30           25 26 27 28 29 30 31  29 30m
1503
1504
1505                  July                 August              September
1506          Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su
1507                 1  2  3  4  5                  1  2      1  2  3  4  5  6
1508           6  7  8  9 10 11 12   3  4  5  6  7  8  9   7  8  9 10 11 12 13
1509          13 14 15 16 17 18 19  10 11 12 13 14 15 16  14 15 16 17 18 19 20
1510          20 21 22 23 24 25 26  17 18 19 20 21 22 23  21 22 23 24 25 26 27
1511          27 28 29 30 31m       24 25 26 27 28 29 30  28 29 30m
1512                                31m
1513
1514                October               November              December
1515          Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su
1516                    1  2  3  4                     1      1  2  3  4  5  6
1517           5  6  7  8  9 10 11   2  3  4  5  6  7  8   7  8  9 10 11 12 13
1518          12 13 14 15 16 17 18   9 10 11 12 13 14 15  14 15 16 17d18d19 20d
1519          19 20 21 22 23 24 25  16 17 18 19 20 21 22  21d22d23d24d25d26d27d
1520          26 27 28 29 30 31m    23 24 25 26 27 28 29  28d29d30d31d
1521                                30m
1522
1523          List view
1524          ---------
1525
1526          --keep-daily 14     --keep-monthly 6
1527          -------------------------------------------------
1528           1. 2015-12-31          (2015-12-31 kept by daily rule)
1529           2. 2015-12-30       1. 2015-11-30
1530           3. 2015-12-29       2. 2015-10-31
1531           4. 2015-12-28       3. 2015-09-30
1532           5. 2015-12-27       4. 2015-08-31
1533           6. 2015-12-26       5. 2015-07-31
1534           7. 2015-12-25       6. 2015-06-30
1535           8. 2015-12-24
1536           9. 2015-12-23
1537          10. 2015-12-22
1538          11. 2015-12-21
1539          12. 2015-12-20
1540              (no backup made on 2015-12-19)
1541          13. 2015-12-18
1542          14. 2015-12-17
1543
1544
1545          Notes
1546          -----
1547
1548          2015-12-31 is kept due to the --keep-daily 14 rule (because it is applied
1549          first), not due to the --keep-monthly rule.
1550
1551          Because of that, the --keep-monthly 6 rule keeps Nov, Oct, Sep, Aug, Jul and
1552          Jun. December is not considered for this rule, because that backup was already
1553          kept because of the daily rule.
1554
1555          2015-12-17 is kept to satisfy the --keep-daily 14 rule - because no backup was
1556          made on 2015-12-19. If a backup had been made on that day, it would not keep
1557          the one from 2015-12-17.
1558
1559          We did not include yearly, weekly, hourly, minutely or secondly rules to keep
1560          this example simple. They all work in basically the same way.
1561
1562          The weekly rule is easy to understand roughly, but hard to understand in all
1563          details. If interested, read "ISO 8601:2000 standard week-based year".
1564
1565

BORG INFO

1567          borg [common options] info [options] [REPOSITORY_OR_ARCHIVE]
1568
1569   Description
1570       This  command displays detailed information about the specified archive
1571       or repository.
1572
1573       Please note that the deduplicated sizes of the individual  archives  do
1574       not add up to the deduplicated size of the repository ("all archives"),
1575       because the two are meaning different things:
1576
1577       This archive / deduplicated size = amount of data stored ONLY for  this
1578       archive  =  unique chunks of this archive.  All archives / deduplicated
1579       size = amount of data stored in the repo = all chunks  in  the  reposi‐
1580       tory.
1581
1582       Borg  archives can only contain a limited amount of file metadata.  The
1583       size of an archive relative to this limit depends on a number  of  fac‐
1584       tors,  mainly the number of files, the lengths of paths and other meta‐
1585       data stored for files.  This is shown as utilization  of  maximum  sup‐
1586       ported archive size.
1587
1588   Examples
1589          $ borg info /path/to/repo::2017-06-29T11:00-srv
1590          Archive name: 2017-06-29T11:00-srv
1591          Archive fingerprint: b2f1beac2bd553b34e06358afa45a3c1689320d39163890c5bbbd49125f00fe5
1592          Comment:
1593          Hostname: myhostname
1594          Username: root
1595          Time (start): Thu, 2017-06-29 11:03:07
1596          Time (end): Thu, 2017-06-29 11:03:13
1597          Duration: 5.66 seconds
1598          Number of files: 17037
1599          Command line: /usr/sbin/borg create /path/to/repo::2017-06-29T11:00-srv /srv
1600          Utilization of max. archive size: 0%
1601          ------------------------------------------------------------------------------
1602                                 Original size      Compressed size    Deduplicated size
1603          This archive:               12.53 GB             12.49 GB              1.62 kB
1604          All archives:              121.82 TB            112.41 TB            215.42 GB
1605
1606                                 Unique chunks         Total chunks
1607          Chunk index:                 1015213            626934122
1608
1609          $ borg info /path/to/repo --last 1
1610          Archive name: 2017-06-29T11:00-srv
1611          Archive fingerprint: b2f1beac2bd553b34e06358afa45a3c1689320d39163890c5bbbd49125f00fe5
1612          Comment:
1613          Hostname: myhostname
1614          Username: root
1615          Time (start): Thu, 2017-06-29 11:03:07
1616          Time (end): Thu, 2017-06-29 11:03:13
1617          Duration: 5.66 seconds
1618          Number of files: 17037
1619          Command line: /usr/sbin/borg create /path/to/repo::2017-06-29T11:00-srv /srv
1620          Utilization of max. archive size: 0%
1621          ------------------------------------------------------------------------------
1622                                 Original size      Compressed size    Deduplicated size
1623          This archive:               12.53 GB             12.49 GB              1.62 kB
1624          All archives:              121.82 TB            112.41 TB            215.42 GB
1625
1626                                 Unique chunks         Total chunks
1627          Chunk index:                 1015213            626934122
1628
1629          $ borg info /path/to/repo
1630          Repository ID: d857ce5788c51272c61535062e89eac4e8ef5a884ffbe976e0af9d8765dedfa5
1631          Location: /path/to/repo
1632          Encrypted: Yes (repokey)
1633          Cache: /root/.cache/borg/d857ce5788c51272c61535062e89eac4e8ef5a884ffbe976e0af9d8765dedfa5
1634          Security dir: /root/.config/borg/security/d857ce5788c51272c61535062e89eac4e8ef5a884ffbe976e0af9d8765dedfa5
1635          ------------------------------------------------------------------------------
1636                                 Original size      Compressed size    Deduplicated size
1637          All archives:              121.82 TB            112.41 TB            215.42 GB
1638
1639                                 Unique chunks         Total chunks
1640          Chunk index:                 1015213            626934122
1641

BORG MOUNT

1643          borg [common options] mount [options] REPOSITORY_OR_ARCHIVE MOUNTPOINT [PATH...]
1644
1645   Description
1646       This command mounts an archive as a FUSE filesystem. This can be useful
1647       for browsing an archive  or  restoring  individual  files.  Unless  the
1648       --foreground  option  is  given  the command will run in the background
1649       until the filesystem is umounted.
1650
1651       The command borgfs provides a wrapper for borg mount. This can also  be
1652       used   in   fstab   entries:   /path/to/repo   /mnt/point   fuse.borgfs
1653       defaults,noauto 0 0
1654
1655       To allow a regular user to use fstab  entries,  add  the  user  option:
1656       /path/to/repo /mnt/point fuse.borgfs defaults,noauto,user 0 0
1657
1658       For  FUSE configuration and mount options, see the mount.fuse(8) manual
1659       page.
1660
1661       Additional mount options supported by borg:
1662
1663       · versions: when used with a repository mount,  this  gives  a  merged,
1664         versioned view of the files in the archives. EXPERIMENTAL, layout may
1665         change in future.
1666
1667       · allow_damaged_files: by default damaged files (where  missing  chunks
1668         were  replaced  with  runs  of  zeros by borg check --repair) are not
1669         readable and return EIO (I/O error). Set this  option  to  read  such
1670         files.
1671
1672       · ignore_permissions:  for  security  reasons the "default_permissions"
1673         mount option is internally enforced by borg. "ignore_permissions" can
1674         be given to not enforce "default_permissions".
1675
1676       The  BORG_MOUNT_DATA_CACHE_ENTRIES  environment  variable  is meant for
1677       advanced users to tweak the performance. It sets the number  of  cached
1678       data  chunks;  additional  memory  usage can be up to ~8 MiB times this
1679       number. The default is the number of CPU cores.
1680
1681       When the daemonized process receives a signal or crashes, it  does  not
1682       unmount.  Unmounting in these cases could cause an active rsync or sim‐
1683       ilar process to unintentionally delete data.
1684
1685       When running in the foreground ^C/SIGINT unmounts  cleanly,  but  other
1686       signals or crashes do not.
1687

BORG UMOUNT

1689          borg [common options] umount [options] MOUNTPOINT
1690
1691   Description
1692       This  command  un-mounts  a  FUSE filesystem that was mounted with borg
1693       mount.
1694
1695       This is a convenience wrapper that  just  calls  the  platform-specific
1696       shell command - usually this is either umount or fusermount -u.
1697
1698   Examples
1699          # Mounting the repository shows all archives.
1700          # Archives are loaded lazily, expect some delay when navigating to an archive
1701          # for the first time.
1702          $ borg mount /path/to/repo /tmp/mymountpoint
1703          $ ls /tmp/mymountpoint
1704          root-2016-02-14 root-2016-02-15
1705          $ borg umount /tmp/mymountpoint
1706
1707          # Mounting a specific archive is possible as well.
1708          $ borg mount /path/to/repo::root-2016-02-15 /tmp/mymountpoint
1709          $ ls /tmp/mymountpoint
1710          bin  boot  etc      home  lib  lib64  lost+found  media  mnt  opt
1711          root  sbin  srv  tmp  usr  var
1712          $ borg umount /tmp/mymountpoint
1713
1714          # The experimental "versions view" merges all archives in the repository
1715          # and provides a versioned view on files.
1716          $ borg mount -o versions /path/to/repo /tmp/mymountpoint
1717          $ ls -l /tmp/mymountpoint/home/user/doc.txt/
1718          total 24
1719          -rw-rw-r-- 1 user group 12357 Aug 26 21:19 doc.cda00bc9.txt
1720          -rw-rw-r-- 1 user group 12204 Aug 26 21:04 doc.fa760f28.txt
1721          $ borg umount /tmp/mymountpoint
1722
1723          # Archive filters are supported.
1724          # These are especially handy for the "versions view",
1725          # which does not support lazy processing of archives.
1726          $ borg mount -o versions --glob-archives '*-my-home' --last 10 /path/to/repo /tmp/mymountpoint
1727
1728          # Exclusion options are supported.
1729          # These can speed up mounting and lower memory needs significantly.
1730          $ borg mount /path/to/repo /tmp/mymountpoint only/that/path
1731          $ borg mount --exclude '...' /path/to/repo /tmp/mymountpoint
1732
1733   borgfs
1734          $ echo '/mnt/backup /tmp/myrepo fuse.borgfs defaults,noauto 0 0' >> /etc/fstab
1735          $ echo '/mnt/backup::root-2016-02-15 /tmp/myarchive fuse.borgfs defaults,noauto 0 0' >> /etc/fstab
1736          $ mount /tmp/myrepo
1737          $ mount /tmp/myarchive
1738          $ ls /tmp/myrepo
1739          root-2016-02-01 root-2016-02-2015
1740          $ ls /tmp/myarchive
1741          bin  boot  etc      home  lib  lib64  lost+found  media  mnt  opt  root  sbin  srv  tmp  usr  var
1742
1743       NOTE:
1744          borgfs  will  be  automatically  provided if you used a distribution
1745          package, pip or setup.py to install Borg. Users  of  the  standalone
1746          binary   will   have   to  manually  create  a  symlink  (see  pyin‐
1747          staller-binary).
1748

BORG KEY CHANGE-PASSPHRASE

1750          borg [common options] key change-passphrase [options] [REPOSITORY]
1751
1752   Description
1753       The key files used for repository encryption are optionally  passphrase
1754       protected. This command can be used to change this passphrase.
1755
1756       Please  note that this command only changes the passphrase, but not any
1757       secret protected by it (like e.g. encryption/MAC keys or chunker seed).
1758       Thus, changing the passphrase after passphrase and borg key got compro‐
1759       mised does not protect future (nor past) backups to  the  same  reposi‐
1760       tory.
1761
1762   Examples
1763          # Create a key file protected repository
1764          $ borg init --encryption=keyfile -v /path/to/repo
1765          Initializing repository at "/path/to/repo"
1766          Enter new passphrase:
1767          Enter same passphrase again:
1768          Remember your passphrase. Your data will be inaccessible without it.
1769          Key in "/root/.config/borg/keys/mnt_backup" created.
1770          Keep this key safe. Your data will be inaccessible without it.
1771          Synchronizing chunks cache...
1772          Archives: 0, w/ cached Idx: 0, w/ outdated Idx: 0, w/o cached Idx: 0.
1773          Done.
1774
1775          # Change key file passphrase
1776          $ borg key change-passphrase -v /path/to/repo
1777          Enter passphrase for key /root/.config/borg/keys/mnt_backup:
1778          Enter new passphrase:
1779          Enter same passphrase again:
1780          Remember your passphrase. Your data will be inaccessible without it.
1781          Key updated
1782
1783       Fully automated using environment variables:
1784
1785          $ BORG_NEW_PASSPHRASE=old borg init -e=repokey repo
1786          # now "old" is the current passphrase.
1787          $ BORG_PASSPHRASE=old BORG_NEW_PASSPHRASE=new borg key change-passphrase repo
1788          # now "new" is the current passphrase.
1789

BORG KEY EXPORT

1791          borg [common options] key export [options] [REPOSITORY] [PATH]
1792
1793   Description
1794       If  repository encryption is used, the repository is inaccessible with‐
1795       out the key. This command allows to backup this  essential  key.   Note
1796       that  the  backup produced does not include the passphrase itself (i.e.
1797       the exported key stays encrypted). In  order  to  regain  access  to  a
1798       repository,   one   needs  both  the  exported  key  and  the  original
1799       passphrase.
1800
1801       There are two backup formats. The normal backup format is suitable  for
1802       digital  storage  as a file. The --paper backup format is optimized for
1803       printing and typing in while importing, with per line checks to  reduce
1804       problems with manual input.
1805
1806       For  repositories  using keyfile encryption the key is saved locally on
1807       the system that is capable of doing backups. To guard against  loss  of
1808       this  key, the key needs to be backed up independently of the main data
1809       backup.
1810
1811       For repositories using the repokey encryption the key is saved  in  the
1812       repository  in  the  config file. A backup is thus not strictly needed,
1813       but guards against the repository becoming inaccessible if the file  is
1814       damaged for some reason.
1815

BORG KEY IMPORT

1817          borg [common options] key import [options] [REPOSITORY] [PATH]
1818
1819   Description
1820       This  command  allows  to  restore  a key previously backed up with the
1821       export command.
1822
1823       If the --paper option is given,  the  import  will  be  an  interactive
1824       process  in which each line is checked for plausibility before proceed‐
1825       ing to the next line. For this format PATH must not be given.
1826

BORG UPGRADE

1828          borg [common options] upgrade [options] [REPOSITORY]
1829
1830   Description
1831       Upgrade an existing, local Borg repository.
1832
1833   When you do not need borg upgrade
1834       Not every change requires that you run borg upgrade.
1835
1836       You do not need to run it when:
1837
1838       · moving your repository to a different place
1839
1840       · upgrading to another point release (like 1.0.x to 1.0.y), except when
1841         noted otherwise in the changelog
1842
1843       · upgrading  from  1.0.x  to  1.1.x, except when noted otherwise in the
1844         changelog
1845
1846   Borg 1.x.y upgrades
1847       Use borg upgrade --tam REPO to require manifest  authentication  intro‐
1848       duced with Borg 1.0.9 to address security issues. This means that modi‐
1849       fying the repository after doing this with a  version  prior  to  1.0.9
1850       will  raise  a  validation  error,  so  only perform this upgrade after
1851       updating all clients using the repository to 1.0.9 or newer.
1852
1853       This upgrade should be done on each client for safety reasons.
1854
1855       If a repository is accidentally modified with a pre-1.0.9 client  after
1856       this upgrade, use borg upgrade --tam --force REPO to remedy it.
1857
1858       If  you  routinely  do  this  you might not want to enable this upgrade
1859       (which will leave you exposed to the security issue). You  can  reverse
1860       the upgrade by issuing borg upgrade --disable-tam REPO.
1861
1862       See
1863       https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
1864       for details.
1865
1866   Attic and Borg 0.xx to Borg 1.x
1867       This currently supports converting an Attic repository to Borg and also
1868       helps with converting Borg 0.xx to 1.0.
1869
1870       Currently, only LOCAL repositories can be upgraded (issue #465).
1871
1872       Please note that borg  create  (since  1.0.0)  uses  bigger  chunks  by
1873       default than old borg or attic did, so the new chunks won't deduplicate
1874       with the old chunks in the upgraded repository.   See  --chunker-params
1875       option of borg create and borg recreate.
1876
1877       borg upgrade will change the magic strings in the repository's segments
1878       to  match  the  new  Borg  magic  strings.  The   keyfiles   found   in
1879       $ATTIC_KEYS_DIR  or ~/.attic/keys/ will also be converted and copied to
1880       $BORG_KEYS_DIR or ~/.config/borg/keys.
1881
1882       The cache files are converted, from $ATTIC_CACHE_DIR or  ~/.cache/attic
1883       to  $BORG_CACHE_DIR or ~/.cache/borg, but the cache layout between Borg
1884       and Attic changed, so it is possible the first backup after the conver‐
1885       sion takes longer than expected due to the cache resync.
1886
1887       Upgrade should be able to resume if interrupted, although it will still
1888       iterate over all segments. If you want to start from scratch, use  borg
1889       delete over the copied repository to make sure the cache files are also
1890       removed:
1891
1892          borg delete borg
1893
1894       Unless --inplace is specified, the  upgrade  process  first  creates  a
1895       backup  copy  of the repository, in REPOSITORY.before-upgrade-DATETIME,
1896       using hardlinks.  This requires that  the  repository  and  its  parent
1897       directory  reside  on  same  filesystem  so the hardlink copy can work.
1898       This takes longer than in place upgrades, but is much safer  and  gives
1899       progress  information  (as  opposed  to cp -al). Once you are satisfied
1900       with the conversion, you can safely destroy the backup copy.
1901
1902       WARNING: Running the upgrade in place will make the current copy  unus‐
1903       able  with  older  version,  with no way of going back to previous ver‐
1904       sions. This can PERMANENTLY DAMAGE YOUR REPOSITORY!  Attic CAN NOT READ
1905       BORG  REPOSITORIES,  as  the  magic strings have changed. You have been
1906       warned.
1907
1908   Examples
1909          # Upgrade the borg repository to the most recent version.
1910          $ borg upgrade -v /path/to/repo
1911          making a hardlink copy in /path/to/repo.before-upgrade-2016-02-15-20:51:55
1912          opening attic repository with borg and converting
1913          no key file found for repository
1914          converting repo index /path/to/repo/index.0
1915          converting 1 segments...
1916          converting borg 0.xx to borg current
1917          no key file found for repository
1918
1919   Upgrading a passphrase encrypted attic repo
1920       attic offered a "passphrase" encryption mode, but this was  removed  in
1921       borg  1.0  and  replaced  by  the  "repokey"  mode  (which  stores  the
1922       passphrase-protected encryption key into the repository config).
1923
1924       Thus, to upgrade a "passphrase" attic repo to a "repokey" borg repo,  2
1925       steps are needed, in this order:
1926
1927       · borg upgrade repo
1928
1929       · borg key migrate-to-repokey repo
1930

BORG RECREATE

1932          borg [common options] recreate [options] [REPOSITORY_OR_ARCHIVE] [PATH...]
1933
1934   Description
1935       Recreate the contents of existing archives.
1936
1937       This is an experimental feature. Do not use this on your only backup.
1938
1939       --exclude,  --exclude-from,  --exclude-if-present, --keep-exclude-tags,
1940       and PATH have the exact same semantics as in "borg  create".  If  PATHs
1941       are  specified the resulting archive will only contain files from these
1942       PATHs.
1943
1944       Note that all paths in an archive are relative, therefore absolute pat‐
1945       terns/paths will not match (--exclude, --exclude-from, PATHs).
1946
1947       --recompress  allows  to change the compression of existing data in ar‐
1948       chives.  Due to how Borg stores compressed size information this  might
1949       display  incorrect  information for archives that were not recreated at
1950       the same time.  There is no risk of data loss by this.
1951
1952       --chunker-params will re-chunk all files in the archive,  this  can  be
1953       used to have upgraded Borg 0.xx or Attic archives deduplicate with Borg
1954       1.x archives.
1955
1956       USE WITH CAUTION.  Depending on the PATHs and patterns given,  recreate
1957       can  be used to permanently delete files from archives.  When in doubt,
1958       use --dry-run --verbose --list to see  how  patterns/PATHS  are  inter‐
1959       preted.
1960
1961       The  archive  being  recreated is only removed after the operation com‐
1962       pletes. The archive that is built during the operation  exists  at  the
1963       same  time at "<ARCHIVE>.recreate". The new archive will have a differ‐
1964       ent archive ID.
1965
1966       With --target the original archive is not replaced, instead a  new  ar‐
1967       chive is created.
1968
1969       When  rechunking  space  usage  can be substantial, expect at least the
1970       entire deduplicated size of the archives  using  the  previous  chunker
1971       params.    When  recompressing  expect  approx.  (throughput  /  check‐
1972       point-interval) in space usage, assuming all chunks are recompressed.
1973
1974       If you recently ran borg check --repair and it had to fix  lost  chunks
1975       with  all-zero  replacement chunks, please first run another backup for
1976       the same data and re-run borg check --repair afterwards to heal any ar‐
1977       chives  that  had  lost chunks which are still generated from the input
1978       data.
1979
1980       Important:  running  borg  recreate  to  re-chunk   will   remove   the
1981       chunks_healthy  metadata of all items with replacement chunks, so heal‐
1982       ing will not be  possible  any  more  after  re-chunking  (it  is  also
1983       unlikely  it would ever work: due to the change of chunking parameters,
1984       the missing chunk likely will never be seen again  even  if  you  still
1985       have the data that produced it).
1986
1987   Examples
1988          # Make old (Attic / Borg 0.xx) archives deduplicate with Borg 1.x archives.
1989          # Archives created with Borg 1.1+ and the default chunker params are skipped
1990          # (archive ID stays the same).
1991          $ borg recreate /mnt/backup --chunker-params default --progress
1992
1993          # Create a backup with little but fast compression
1994          $ borg create /mnt/backup::archive /some/files --compression lz4
1995          # Then compress it - this might take longer, but the backup has already completed,
1996          # so no inconsistencies from a long-running backup job.
1997          $ borg recreate /mnt/backup::archive --recompress --compression zlib,9
1998
1999          # Remove unwanted files from all archives in a repository.
2000          # Note the relative path for the --exclude option - archives only contain relative paths.
2001          $ borg recreate /mnt/backup --exclude home/icke/Pictures/drunk_photos
2002
2003          # Change archive comment
2004          $ borg create --comment "This is a comment" /mnt/backup::archivename ~
2005          $ borg info /mnt/backup::archivename
2006          Name: archivename
2007          Fingerprint: ...
2008          Comment: This is a comment
2009          ...
2010          $ borg recreate --comment "This is a better comment" /mnt/backup::archivename
2011          $ borg info /mnt/backup::archivename
2012          Name: archivename
2013          Fingerprint: ...
2014          Comment: This is a better comment
2015          ...
2016

BORG EXPORT-TAR

2018          borg [common options] export-tar [options] ARCHIVE FILE [PATH...]
2019
2020   Description
2021       This command creates a tarball from an archive.
2022
2023       When  giving  '-'  as  the output FILE, Borg will write a tar stream to
2024       standard output.
2025
2026       By default (--tar-filter=auto) Borg will detect whether the FILE should
2027       be  compressed based on its file extension and pipe the tarball through
2028       an appropriate filter before writing it to FILE:
2029
2030       · .tar.gz: gzip
2031
2032       · .tar.bz2: bzip2
2033
2034       · .tar.xz: xz
2035
2036       Alternatively a --tar-filter program may be  explicitly  specified.  It
2037       should  read  the  uncompressed  tar stream from stdin and write a com‐
2038       pressed/filtered tar stream to stdout.
2039
2040       The generated tarball uses the GNU tar format.
2041
2042       export-tar is a lossy conversion: BSD flags, ACLs, extended  attributes
2043       (xattrs),  atime  and  ctime are not exported.  Timestamp resolution is
2044       limited to whole seconds, not the nanosecond resolution otherwise  sup‐
2045       ported by Borg.
2046
2047       A --sparse option (as found in borg extract) is not supported.
2048
2049       By  default  the  entire archive is extracted but a subset of files and
2050       directories can be selected by passing a list of  PATHs  as  arguments.
2051       The  file  selection  can  further be restricted by using the --exclude
2052       option.
2053
2054       See the output of the "borg help patterns" command  for  more  help  on
2055       exclude patterns.
2056
2057       --progress  can  be slower than no progress display, since it makes one
2058       additional pass over the archive metadata.
2059
2060   Examples
2061          # export as uncompressed tar
2062          $ borg export-tar /path/to/repo::Monday Monday.tar
2063
2064          # exclude some types, compress using gzip
2065          $ borg export-tar /path/to/repo::Monday Monday.tar.gz --exclude '*.so'
2066
2067          # use higher compression level with gzip
2068          $ borg export-tar --tar-filter="gzip -9" testrepo::linux Monday.tar.gz
2069
2070          # export a tar, but instead of storing it on disk,
2071          # upload it to a remote site using curl.
2072          $ borg export-tar /path/to/repo::Monday - | curl --data-binary @- https://somewhere/to/POST
2073
2074          # remote extraction via "tarpipe"
2075          $ borg export-tar /path/to/repo::Monday - | ssh somewhere "cd extracted; tar x"
2076

BORG SERVE

2078          borg [common options] serve [options]
2079
2080   Description
2081       This command starts a repository server process. This command  is  usu‐
2082       ally not used manually.
2083
2084   Examples
2085       borg  serve  has  special  support  for ssh forced commands (see autho‐
2086       rized_keys example below): it will detect that you use  such  a  forced
2087       command and extract the value of the --restrict-to-path option(s).
2088
2089       It  will  then  parse  the  original command that came from the client,
2090       makes sure that it is also borg serve and enforce  path  restriction(s)
2091       as  given  by  the forced command. That way, other options given by the
2092       client (like --info or --umask) are preserved (and are not fixed by the
2093       forced command).
2094
2095       Environment  variables  (such  as BORG_HOSTNAME_IS_UNIQUE) contained in
2096       the original command sent  by  the  client  are  not  interpreted,  but
2097       ignored.  If  BORG_XXX  environment variables should be set on the borg
2098       serve side, then these must be set in  system-specific  locations  like
2099       /etc/environment or in the forced command itself (example below).
2100
2101          # Allow an SSH keypair to only run borg, and only have access to /path/to/repo.
2102          # Use key options to disable unneeded and potentially dangerous SSH functionality.
2103          # This will help to secure an automated remote backup system.
2104          $ cat ~/.ssh/authorized_keys
2105          command="borg serve --restrict-to-path /path/to/repo",restrict ssh-rsa AAAAB3[...]
2106
2107          # Set a BORG_XXX environment variable on the "borg serve" side
2108          $ cat ~/.ssh/authorized_keys
2109          command="export BORG_XXX=value; borg serve [...]",restrict ssh-rsa [...]
2110
2111       NOTE:
2112          The  examples  above use the restrict directive. This does automati‐
2113          cally block potential dangerous ssh features,  even  when  they  are
2114          added in a future update. Thus, this option should be preferred.
2115
2116          If  you're  using openssh-server < 7.2, however, you have to explic‐
2117          itly specify the ssh features to restrict and cannot simply use  the
2118          restrict  option  as it has been introduced in v7.2. We recommend to
2119          use    no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forward‐
2120          ing,no-user-rc in this case.
2121
2122   SSH Configuration
2123       borg  serve's  pipes  (stdin/stdout/stderr)  are  connected to the sshd
2124       process on the server side.  In  the  event  that  the  SSH  connection
2125       between  borg  serve and the client is disconnected or stuck abnormally
2126       (for example, due to a network outage), it can take  a  long  time  for
2127       sshd  to  notice the client is disconnected. In the meantime, sshd con‐
2128       tinues running, and as a result so does the borg serve process  holding
2129       the  lock  on the repository. This can cause subsequent borg operations
2130       on the remote repository  to  fail  with  the  error:  Failed  to  cre‐
2131       ate/acquire the lock.
2132
2133       In  order  to  avoid  this,  it is recommended to perform the following
2134       additional SSH configuration:
2135
2136       Either in the client side's ~/.ssh/config  file,  or  in  the  client's
2137       /etc/ssh/ssh_config file:
2138
2139          Host backupserver
2140                  ServerAliveInterval 10
2141                  ServerAliveCountMax 30
2142
2143       Replacing  backupserver  with  the  hostname, FQDN or IP address of the
2144       borg server.
2145
2146       This will cause the client to send a keepalive to the server  every  10
2147       seconds.  If  30  consecutive keepalives are sent without a response (a
2148       time of 300 seconds), the ssh client process will be terminated,  caus‐
2149       ing the borg process to terminate gracefully.
2150
2151       On    the    server   side's   sshd   configuration   file   (typically
2152       /etc/ssh/sshd_config):
2153
2154          ClientAliveInterval 10
2155          ClientAliveCountMax 30
2156
2157       This will cause the server to send a keep alive to the client every  10
2158       seconds.  If  30  consecutive keepalives are sent without a response (a
2159       time of 300 seconds), the server's sshd  process  will  be  terminated,
2160       causing  the borg serve process to terminate gracefully and release the
2161       lock on the repository.
2162
2163       If you then run borg commands with --lock-wait 600, this  gives  suffi‐
2164       cient time for the borg serve processes to terminate after the SSH con‐
2165       nection is torn down after the 300 second wait for  the  keepalives  to
2166       fail.
2167
2168       You  may,  of  course,  modify the timeout values demonstrated above to
2169       values that suit your environment and use case.
2170

BORG CONFIG

2172          borg [common options] config [options] [REPOSITORY] [NAME] [VALUE]
2173
2174   Description
2175       This command gets and sets options in a local repository or cache  con‐
2176       fig  file.   For  security  reasons,  this  command only works on local
2177       repositories.
2178
2179       To delete a config value entirely, use --delete. To list the values  of
2180       the  configuration  file or the default values, use --list.  To get and
2181       existing key, pass only the key name. To set a key, pass both  the  key
2182       name  and  the  new  value.  Keys  can be specified in the format "sec‐
2183       tion.name" or simply "name"; the section will default  to  "repository"
2184       and "cache" for the repo and cache configs, respectively.
2185
2186       By  default,  borg config manipulates the repository config file. Using
2187       --cache edits the repository cache's config file instead.
2188
2189       NOTE:
2190          The repository & cache config files are some of  the  only  directly
2191          manipulable  parts  of  a repository that aren't versioned or backed
2192          up, so be careful when making changes!
2193
2194   Examples
2195          # find cache directory
2196          $ cd ~/.cache/borg/$(borg config /path/to/repo id)
2197
2198          # reserve some space
2199          $ borg config /path/to/repo additional_free_space 2G
2200
2201          # make a repo append-only
2202          $ borg config /path/to/repo append_only 1
2203

BORG WITH-LOCK

2205          borg [common options] with-lock [options] REPOSITORY COMMAND [ARGS...]
2206
2207   Description
2208       This command runs a user-specified command while the repository lock is
2209       held.
2210
2211       It  will  first try to acquire the lock (make sure that no other opera‐
2212       tion is running in the repo), then execute the given command as a  sub‐
2213       process  and  wait for its termination, release the lock and return the
2214       user command's return code as borg's return code.
2215
2216       NOTE:
2217          If you copy a repository with  the  lock  held,  the  lock  will  be
2218          present in the copy. Thus, before using borg on the copy from a dif‐
2219          ferent host, you need to use "borg break-lock" on the copied reposi‐
2220          tory,  because  Borg  is  cautious and does not automatically remove
2221          stale locks made by a different host.
2222

BORG BREAK-LOCK

2224          borg [common options] break-lock [options] [REPOSITORY]
2225
2226   Description
2227       This command breaks the repository and cache locks.  Please  use  care‐
2228       fully  and  only  while  no  borg process (on any machine) is trying to
2229       access the Cache or the Repository.
2230

BORG BENCHMARK CRUD

2232          borg [common options] benchmark crud [options] REPOSITORY PATH
2233
2234   Description
2235       This command benchmarks borg CRUD (create, read, update, delete) opera‐
2236       tions.
2237
2238       It  creates  input data below the given PATH and backups this data into
2239       the given REPO.  The REPO must already exist (it could be a fresh empty
2240       repo  or  an  existing  repo, the command will create / read / update /
2241       delete some archives named borg-benchmark-crud* there.
2242
2243       Make sure you have free space there, you'll  need  about  1GB  each  (+
2244       overhead).
2245
2246       If  your  repository is encrypted and borg needs a passphrase to unlock
2247       the key, use:
2248
2249          BORG_PASSPHRASE=mysecret borg benchmark crud REPO PATH
2250
2251       Measurements are done with different input file sizes and counts.   The
2252       file contents are very artificial (either all zero or all random), thus
2253       the measurement results do not  necessarily  reflect  performance  with
2254       real  data.   Also,  due to the kind of content used, no compression is
2255       used in these benchmarks.
2256
2257       C- == borg create (1st archive creation, no  compression,  do  not  use
2258       files cache)
2259              C-Z-  == all-zero files. full dedup, this is primarily measuring
2260              reader/chunker/hasher.  C-R- == random files. no dedup,  measur‐
2261              ing throughput through all processing stages.
2262
2263       R- == borg extract (extract archive, dry-run, do everything, but do not
2264       write files to disk)
2265              R-Z- == all zero  files.  Measuring  heavily  duplicated  files.
2266              R-R-  == random files. No duplication here, measuring throughput
2267              through all processing stages, except writing to disk.
2268
2269       U- == borg create (2nd archive creation of unchanged input files,  mea‐
2270       sure files cache speed)
2271              The  throughput value is kind of virtual here, it does not actu‐
2272              ally read the file.  U-Z- ==  needs  to  check  the  2  all-zero
2273              chunks' existence in the repo.  U-R- == needs to check existence
2274              of a lot of different chunks in the repo.
2275
2276       D- == borg delete archive (delete last remaining archive, measure dele‐
2277       tion + compaction)
2278              D-Z-  ==  few chunks to delete / few segments to compact/remove.
2279              D-R- == many chunks to delete / many segments to compact/remove.
2280
2281       Please note that there might be quite some variance in  these  measure‐
2282       ments.   Try  multiple measurements and having a otherwise idle machine
2283       (and network, if you use it).
2284

MISCELLANEOUS HELP

2286   borg help patterns
2287       The path/filenames used as input for the pattern  matching  start  from
2288       the  currently  active  recursion  root. You usually give the recursion
2289       root(s) when invoking borg and these can be either relative or absolute
2290       paths.
2291
2292       So,  when  you give relative/ as root, the paths going into the matcher
2293       will look like relative/.../file.ext. When you give /absolute/ as root,
2294       they  will look like /absolute/.../file.ext. This is meant when we talk
2295       about "full path" below.
2296
2297       File patterns support these styles:  fnmatch,  shell,  regular  expres‐
2298       sions, path prefixes and path full-matches. By default, fnmatch is used
2299       for --exclude patterns and shell-style is  used  for  the  experimental
2300       --pattern option.
2301
2302       If  followed by a colon (':') the first two characters of a pattern are
2303       used as a style selector. Explicit style selection is necessary when  a
2304       non-default  style  is  desired or when the desired pattern starts with
2305       two alphanumeric characters followed by a colon (i.e. aa:something/*).
2306
2307       Fnmatch, selector fm:
2308              This is the default  style  for  --exclude  and  --exclude-from.
2309              These  patterns  use a variant of shell pattern syntax, with '*'
2310              matching any number of characters, '?' matching any single char‐
2311              acter,  '[...]' matching any single character specified, includ‐
2312              ing ranges, and '[!...]' matching any character  not  specified.
2313              For the purpose of these patterns, the path separator (backslash
2314              for Windows and '/' on other systems) is not treated  specially.
2315              Wrap  meta-characters  in brackets for a literal match (i.e. [?]
2316              to match the literal character ?). For a path to  match  a  pat‐
2317              tern,  the full path must match, or it must match from the start
2318              of the full path to just before a path separator. Except for the
2319              root  path,  paths  will  never  end  in the path separator when
2320              matching is attempted.  Thus, if a given pattern ends in a  path
2321              separator, a '*' is appended before matching is attempted.
2322
2323       Shell-style patterns, selector sh:
2324              This  is  the  default  style for --pattern and --patterns-from.
2325              Like fnmatch patterns these are similar to shell  patterns.  The
2326              difference is that the pattern may include **/ for matching zero
2327              or more directory levels, * for matching zero or more  arbitrary
2328              characters with the exception of any path separator.
2329
2330       Regular expressions, selector re:
2331              Regular  expressions  similar  to  those  found in Perl are sup‐
2332              ported.  Unlike  shell  patterns  regular  expressions  are  not
2333              required  to match the full path and any substring match is suf‐
2334              ficient. It is strongly recommended to anchor  patterns  to  the
2335              start  ('^'),  to  the end ('$') or both. Path separators (back‐
2336              slash for Windows and '/' on other systems) in paths are  always
2337              normalized  to  a forward slash ('/') before applying a pattern.
2338              The regular expression syntax is described in the  Python  docu‐
2339              mentation for the re module.
2340
2341       Path prefix, selector pp:
2342              This pattern style is useful to match whole sub-directories. The
2343              pattern  pp:root/somedir  matches  root/somedir  and  everything
2344              therein.
2345
2346       Path full-match, selector pf:
2347              This  pattern  style is (only) useful to match full paths.  This
2348              is kind of a pseudo pattern as it can not have any  variable  or
2349              unspecified   parts   -   the   full   path   must   be   given.
2350              pf:root/file.ext matches root/file.txt only.
2351
2352              Implementation note: this is implemented via very time-efficient
2353              O(1)  hashtable lookups (this means you can have huge amounts of
2354              such patterns without impacting performance much).  Due to that,
2355              this  kind of pattern does not respect any context or order.  If
2356              you use such a pattern to include a  file,  it  will  always  be
2357              included  (if  the  directory  recursion  encounters it).  Other
2358              include/exclude patterns  that  would  normally  match  will  be
2359              ignored.  Same logic applies for exclude.
2360
2361       NOTE:
2362          re:,  sh:  and fm: patterns are all implemented on top of the Python
2363          SRE engine. It is very easy to formulate patterns for each of  these
2364          types which requires an inordinate amount of time to match paths. If
2365          untrusted users are able to supply patterns, ensure they cannot sup‐
2366          ply  re:  patterns.   Further, ensure that sh: and fm: patterns only
2367          contain a handful of wildcards at most.
2368
2369       Exclusions can be passed via the command line  option  --exclude.  When
2370       used  from within a shell the patterns should be quoted to protect them
2371       from expansion.
2372
2373       The --exclude-from option permits loading  exclusion  patterns  from  a
2374       text  file  with one pattern per line. Lines empty or starting with the
2375       number sign ('#') after removing whitespace on both ends  are  ignored.
2376       The  optional  style  selector  prefix  is  also supported for patterns
2377       loaded from a file. Due to whitespace removal paths with whitespace  at
2378       the beginning or end can only be excluded using regular expressions.
2379
2380       To test your exclusion patterns without performing an actual backup you
2381       can run borg create --list --dry-run ....
2382
2383       Examples:
2384
2385          # Exclude '/home/user/file.o' but not '/home/user/file.odt':
2386          $ borg create -e '*.o' backup /
2387
2388          # Exclude '/home/user/junk' and '/home/user/subdir/junk' but
2389          # not '/home/user/importantjunk' or '/etc/junk':
2390          $ borg create -e '/home/*/junk' backup /
2391
2392          # Exclude the contents of '/home/user/cache' but not the directory itself:
2393          $ borg create -e /home/user/cache/ backup /
2394
2395          # The file '/home/user/cache/important' is *not* backed up:
2396          $ borg create -e /home/user/cache/ backup / /home/user/cache/important
2397
2398          # The contents of directories in '/home' are not backed up when their name
2399          # ends in '.tmp'
2400          $ borg create --exclude 're:^/home/[^/]+\.tmp/' backup /
2401
2402          # Load exclusions from file
2403          $ cat >exclude.txt <<EOF
2404          # Comment line
2405          /home/*/junk
2406          *.tmp
2407          fm:aa:something/*
2408          re:^/home/[^/]\.tmp/
2409          sh:/home/*/.thumbnails
2410          EOF
2411          $ borg create --exclude-from exclude.txt backup /
2412       A more general and easier to use way to define filename  matching  pat‐
2413       terns  exists  with  the  experimental  --pattern  and  --patterns-from
2414       options. Using these,  you  may  specify  the  backup  roots  (starting
2415       points)  and patterns for inclusion/exclusion.  A root path starts with
2416       the prefix R, followed by a path (a plain path, not a file pattern). An
2417       include  rule starts with the prefix +, an exclude rule starts with the
2418       prefix -, an exclude-norecurse rule starts with !, all  followed  by  a
2419       pattern.
2420
2421       NOTE:
2422          Via  --pattern  or --patterns-from you can define BOTH inclusion and
2423          exclusion of files using pattern prefixes + and  -.  With  --exclude
2424          and --exlude-from ONLY excludes are defined.
2425
2426       Inclusion patterns are useful to include paths that are contained in an
2427       excluded path. The first matching pattern is used so if an include pat‐
2428       tern  matches  before  an exclude pattern, the file is backed up. If an
2429       exclude-norecurse pattern matches a directory, it won't recurse into it
2430       and  won't  discover any potential matches for include rules below that
2431       directory.
2432
2433       Note that the default pattern style for --pattern  and  --patterns-from
2434       is  shell  style  (sh:),  so  those  patterns  behave  similar to rsync
2435       include/exclude patterns. The pattern style can be set via the  P  pre‐
2436       fix.
2437
2438       Patterns (--pattern) and excludes (--exclude) from the command line are
2439       considered first (in the  order  of  appearance).  Then  patterns  from
2440       --patterns-from are added. Exclusion patterns from --exclude-from files
2441       are appended last.
2442
2443       Examples:
2444
2445          # backup pics, but not the ones from 2018, except the good ones:
2446          # note: using = is essential to avoid cmdline argument parsing issues.
2447          borg create --pattern=+pics/2018/good --pattern=-pics/2018 repo::arch pics
2448
2449          # use a file with patterns:
2450          borg create --patterns-from patterns.lst repo::arch
2451
2452       The patterns.lst file could look like that:
2453
2454          # "sh:" pattern style is the default, so the following line is not needed:
2455          P sh
2456          R /
2457          # can be rebuild
2458          - /home/*/.cache
2459          # they're downloads for a reason
2460          - /home/*/Downloads
2461          # susan is a nice person
2462          # include susans home
2463          + /home/susan
2464          # don't backup the other home directories
2465          - /home/*
2466          # don't even look in /proc
2467          ! /proc
2468
2469   borg help placeholders
2470       Repository (or Archive) URLs, --prefix, --glob-archives, --comment  and
2471       --remote-path values support these placeholders:
2472
2473       {hostname}
2474              The (short) hostname of the machine.
2475
2476       {fqdn} The full name of the machine.
2477
2478       {reverse-fqdn}
2479              The full name of the machine in reverse domain name notation.
2480
2481       {now}  The  current local date and time, by default in ISO-8601 format.
2482              You   can   also   supply   your   own   format   string,   e.g.
2483              {now:%Y-%m-%d_%H:%M:%S}
2484
2485       {utcnow}
2486              The  current  UTC  date and time, by default in ISO-8601 format.
2487              You  can  also  supply  your  own  format  string,  e.g.   {utc‐
2488              now:%Y-%m-%d_%H:%M:%S}
2489
2490       {user} The user name (or UID, if no name is available) of the user run‐
2491              ning borg.
2492
2493       {pid}  The current process ID.
2494
2495       {borgversion}
2496              The version of borg, e.g.: 1.0.8rc1
2497
2498       {borgmajor}
2499              The version of borg, only the major version, e.g.: 1
2500
2501       {borgminor}
2502              The version of borg, only major and minor version, e.g.: 1.0
2503
2504       {borgpatch}
2505              The version of borg, only major, minor and patch version,  e.g.:
2506              1.0.8
2507
2508       If literal curly braces need to be used, double them for escaping:
2509
2510          borg create /path/to/repo::{{literal_text}}
2511
2512       Examples:
2513
2514          borg create /path/to/repo::{hostname}-{user}-{utcnow} ...
2515          borg create /path/to/repo::{hostname}-{now:%Y-%m-%d_%H:%M:%S} ...
2516          borg prune --prefix '{hostname}-' ...
2517
2518       NOTE:
2519          systemd  uses  a difficult, non-standard syntax for command lines in
2520          unit files (refer to the systemd.unit(5) manual page).
2521
2522          When invoking borg from unit  files,  pay  particular  attention  to
2523          escaping,  especially  when using the now/utcnow placeholders, since
2524          systemd performs its own %-based variable replacement even in quoted
2525          text.  To  avoid interference from systemd, double all percent signs
2526          ({hostname}-{now:%Y-%m-%d_%H:%M:%S}          becomes          {host‐
2527          name}-{now:%%Y-%%m-%%d_%%H:%%M:%%S}).
2528
2529   borg help compression
2530       It  is  no  problem  to  mix different compression methods in one repo,
2531       deduplication is done on the source data chunks (not on the  compressed
2532       or encrypted data).
2533
2534       If  some  specific  chunk was once compressed and stored into the repo,
2535       creating another backup that also uses this chunk will not  change  the
2536       stored  chunk.  So if you use different compression specs for the back‐
2537       ups, whichever stores a chunk first  determines  its  compression.  See
2538       also borg recreate.
2539
2540       Compression  is lz4 by default. If you want something else, you have to
2541       specify what you want.
2542
2543       Valid compression specifiers are:
2544
2545       none   Do not compress.
2546
2547       lz4    Use lz4 compression. Very  high  speed,  very  low  compression.
2548              (default)
2549
2550       zstd[,L]
2551              Use  zstd  ("zstandard")  compression, a modern wide-range algo‐
2552              rithm.  If you do not explicitely give the compression  level  L
2553              (ranging  from  1  to  22),  it will use level 3.  Archives com‐
2554              pressed with zstd are not compatible with borg < 1.1.4.
2555
2556       zlib[,L]
2557              Use zlib ("gz") compression. Medium speed,  medium  compression.
2558              If  you do not explicitely give the compression level L (ranging
2559              from 0 to 9), it will use level 6.  Giving level  0  (means  "no
2560              compression",  but  still has zlib protocol overhead) is usually
2561              pointless, you better use "none" compression.
2562
2563       lzma[,L]
2564              Use lzma ("xz") compression. Low speed,  high  compression.   If
2565              you  do  not  explicitely  give the compression level L (ranging
2566              from 0 to 9), it will use level 6.  Giving  levels  above  6  is
2567              pointless  and  counterproductive  because  it does not compress
2568              better due to the buffer size used by borg - but it wastes  lots
2569              of CPU cycles and RAM.
2570
2571       auto,C[,L]
2572              Use a built-in heuristic to decide per chunk whether to compress
2573              or not.  The heuristic tries with lz4 whether the data  is  com‐
2574              pressible.  For incompressible data, it will not use compression
2575              (uses "none").  For compressible data, it uses the  given  C[,L]
2576              compression - with C[,L] being any valid compression specifier.
2577
2578       Examples:
2579
2580          borg create --compression lz4 REPO::ARCHIVE data
2581          borg create --compression zstd REPO::ARCHIVE data
2582          borg create --compression zstd,10 REPO::ARCHIVE data
2583          borg create --compression zlib REPO::ARCHIVE data
2584          borg create --compression zlib,1 REPO::ARCHIVE data
2585          borg create --compression auto,lzma,6 REPO::ARCHIVE data
2586          borg create --compression auto,lzma ...
2587