Version 2.1.0 is Now Live!

Our latest feature release, 2.1.0, is now publicly available for use!

What's New!

At over a year in progress, there were a lot of changes introduced:
v 2.1.0 (release):
- Test Framework Redesign - better test coverage means more reliable software
- Updated documentation to facilitate security review and additional development efforts.
- Added new functionality surrounding file validation, either on-demand or at runtime.
- add Build-Time File Validation: True to your config file to activate.
- demand-validate specific block files with --validate (requires decryption)
- Fixed an unreported bug introduced in v2.0.0 that caused an error message at runtime.
- If no -c config file path is provided, tapestry will look for tapestry.cfg in the current working directory.
- If that file is also not found, Tapestry will generate a config file with sane defaults and save it in that
location.
- Deprecates all former network functionality; this is being replaced with new SFTP functionality.
- Deemed acceptable as FTP/S is a rare arrangement by comparison to SFTP.
- This requires new fields be added to your configuration file.
- Stashing on network shared drives still possible.
- Adds SFTP functionality
- Restores the logger functionality. Future logging improvements likely, but the original functionality of logging
skipped files should be restored.
- Issue 19: Tapestry will crash upon encountering a file it cannot operate against, such as a broken symlink.
EricaPomme supplied a new function that will address this.

Other Changes

You might have noted that for the first time, a secondary contributor was included in the changenotes! @EricaPomme contributed a very useful function which closed out a major technical issue.

The 2.1.0 will be the last feature release for the foreseeable future. From now on, development around tapestry will focus on bug fixes only, and minor improvements where possible. Of course, we'll continue to review and accept new PRs, including those which add functionality.

Version 2.0.0 is now live!

Tapestry Version 2.0.0 is here!

This update restores the ability for Tapestry to operate on windows and repackages the whole project as an installed python module! We also are introducing the new standard recovery metadata format - the "Recovery Index File Format", or RIFF!

All changes were made with an eye on making the testing process easier in the future, in order to facilitate what will hopefully be an increased cadence for feature and bug-fix releases moving forward.

Version 1.1.0 is now live!

Tapestry Version 1.1.0 is here!

This update adds the ability for Tapestry to autonomously upload its results (and fetch those results from) a user-configured FTP server. This feature is intended to add more flexability and options for users who are trying to execute offsite storage.

Further, various security and performance improvements were made. The high requirements since 0.3.0 have been dramatically reduced thanks to an enhanced compression routine which no longer tries to read the entire block into memory in order to compress it. Under testing, this reduced load by roughly 80% and reduced the time-to-complete by as much as 40%.

Because Tapestry 1.0.1 and earlier shared a security flaw in the recovery mode which allowed multiple blocks, if simultaneously recovered, to bypass signature verification, I'd like to strongly encourage anyone using Tapestry to upgrade to 1.1.0 as soon as possible.

Stay tuned for a near-future update on the next Feature Release, Tapestry 2.0!

Version 1.0.0 is now live!

Version 1.0.0 is now fully featured, stable, and available for use. This is the first version to pass formal functional testing as a requirement for release.

New features include:

• Reintroduction of BZ2 compression and decompression
• A proper --genKey function
• Deprecation of the --setup tag
• Better documentation

As has been the case with several previous releases, 1.0.0 is tested only on unix operating systems. Its stability on Windows is unknown.

Version 0.3.0 Milestone Release!

As of the time of writing, version 0.3.0 is now live and ready to go!

From the Changelog:

v0.3.0 (release):
-Multiprocessing is now used for some steps of operation.
--Decision was made to improve performance.
-Discontinued the use of bz2 compression for performance reasons. Increased op time unjustified.
-Changed structure of the compression operation, may lead to performance impacts. See readme
-Recovery pickle is now added to all blocks(old was block1).
-Minor fixes to various naming systems.

v0.2.2: Dedicated Keyring Mode!

v0.2.2 (release):
-Now possible to allow a "keyring-only mode", which skips keyloading/keyremoval.
-Fixed bug in recovery that would crash Tapestry on an unknown category.
-Organization improvements: outputs moved to a subdirectory on the desktop, rather than loose.
-Script will now check to see if loopback pinentry is enabled. If it is not, it will ask the user for permission to add it, or disable signing-by-default.

Version 0.2.1 is now Live!

Continues development with the addition of expected fingerprint, passphrase-passing, automated signing and signature verification, and a few small bugfixes in debug mode.

Note: In order for signing to function correctly the keys in question must be accessible to calls to "gpg" on the command line. This is a limitation of python-gnupg as presently implemented but may be changed in a future release.

First Public Release!

Introduction

Patch's Tapestry is a bespoke data backup tool designed for a particular, but generally-acceptable, use case. Written in python, Tapestry uses Gnu Privacy Guard (GPG) to generate archive "blocks" from targeted directories on a given system and reproduce those blocks in a same-or-similar organizational format upon restoration. The tool automatically subdivides the archive into blocks of a user-configurable size without breaking the content data (that is, the structure of individual files is maintained, though compressed). The blocks are then encrypted using the users Disaster Recovery PGP key and presented as ready-to-move. The intended use case is for backup to single-write physical media.

Requirements

-Python 2.7 or later
-Python-gnupg
-GnuPG 2 or later

Getting Started

A. First-Time Startup
The first time you launch pTapestry, the script will check for the presence of a configuration file, tapestry.cfg. If it does not find this file, it will walk you through a simple initialization process and construct tapestry.cfg. It is particularly important to set the uid variable correctly - it MUST exactly match the username of the user which is running Tapestry, or the tool will fail to autogenerate backup paths correctly.

B. Setup
After the initialization run, run tapestry again with the "--setup" flag. You will be presented with a menu that walks you through setting the customizable variables on the program. 

In the present version, it is necessary to edit tapestry.cfg manually to add, remove, or edit your backup directories.

C. Generating your PGP Keys
Tapestry relies on OpenPGP, as implimented in GnuPG, for its cryptographic aspects. It does so by generating a key with certain default parameters, with minimal user intervention, and saves them as two seperate files "DRPub.key" and "DR.key".

DRPub.key contains only the "public", or encrypting, key. A compromise of DRPub.key's security would not compromise the security of your backup process in most cases - see the caveats section. If you are using Patch's Tapestry as an organizational backup tool, it is perfectly acceptable to widely distribute DRPub.key.

DR.key contains the "secret" key, which is necessary to decrypt backups created with Tapestry. A full briefing on PGP key security is beyond the scope of this document, but DR.key should be in the hands of as few individuals as possible.

Tapestry looks for both files on removable media ONLY. Future versions may first check the PGP keyring. The current version of Tapestry also does not tell you if someone has exchanged your particular key for a different one, compared to the last time it was run. Such an alert is planned for future implementation.

D. Caveats
There are still a few unresolved security issues with pTapestry. Tapestry's config file presently doesn't self-diagnose changes or other incorrectness.

It is possible to use a larger (and therefore more notionally secure) key as DR.key and DRPub.key if desired. Such a key would have to be generated manually using GPG. Tapestry has no way of knowing which key you wanted to use at this point, and you would then need to replace the "expected FP" variable in tapestry to match the fingerprint of the new key. A future version will allow key configuration in greater detail and obviate this step.

Due to security designs in "GPG2", Tapestry (currently) cannot rely on keys with passphrases for operation, at least not in any supported way. Therefore, it is advisable to use a robust signing key to certify the contents of the backup upon creation, to ensure they have not been altered in any way. This, plus good security in the storage and handling of the Disaster Recovery Keys, should allow reasonable assurance of both the integrity and secrecy of the backup. See the main information page for more information on design philosophy.

Change Notes
v.0.2.0 (dev):
-Bugfixes:
-Fixed bug where large backup queues failed to divide into adequate number of blocks
-Fixed a race condition in blockbuild() that allowed for an infinite loop
-Silence GPG calls using Python-GnuPG module.
-General Code Improvements:
-Replaced fetchSecretKey and findKey/mountKey with single function.
-Replaced plaintext backup option with key generation prompt
-append newline to some raw_input calls for cleaner UI
-implemented error handling, esp. for the known tempfile bug
-Replaced config block with config file "tapestry.cfg"
-Human-Editable file generated with module configparser.
-includes username and computer label variables
-Allows the user to define block sizes for different use cases (BluRay-ROM, tape, etc)
-defines the categories and category-root directories in both *nix and windows filesystems
-defines which categories are default and which are to be used in inclusive mode
-replaced the init arguments:
-"--setup" launches the program in config mode.
-"--inc" launches the program in backup mode, functioning inclusively (across all categories)
-"--rcv" launches in recovery mode, as before.
-added Debugging Mode!
-called with "--debug" flag
-activates a series of debugging functions that display additional information during program operation. Not user-friendly.