Bugfix #1106: Never lock repository for list locks

The list locks command previously locked to the repository by default. This had the problem that it wouldn't work for an exclusively locked repository and that the command would also display its own lock file which can be confusing.

Now, the list locks command never locks the repository.

#1106 #3665

Bugfix #2345: Make cache crash-resistant and usable by multiple concurrent processes

The restic cache directory (RESTIC_CACHE_DIR) could end up in a broken state in the event of restic (or the OS) crashing. This is now less likely to occur as files are downloaded to a temporary location before being moved to their proper location.

This also allows multiple concurrent restic processes to operate on a single repository without conflicts. Previously, concurrent operations could cause segfaults because the processes saw each other's partially downloaded files.

#2345 #2838

Bugfix #2452: Improve error handling of repository locking

Previously, when the lock refresh failed to delete the old lock file, it forgot about the newly created one. Instead it continued trying to delete the old (usually no longer existing) lock file and thus over time lots of lock files accumulated. This has now been fixed.

#2452 #2473 #2562 #3512

Bugfix #2738: Don't print progress for backup --json --quiet

Unlike the text output, the --json output format still printed progress information even in --quiet mode. This has now been fixed by always disabling the progress output in quiet mode.

#2738 #3264

Bugfix #3382: Make check command honor RESTIC_CACHE_DIR environment variable

Previously, the check command didn't honor the RESTIC_CACHE_DIR environment variable, which caused problems in certain system/usage configurations. This has now been fixed.

#3382 #3474

Bugfix #3518: Make copy command honor --no-lock for source repository

The copy command previously did not respect the --no-lock option for the source repository, causing failures with read-only storage backends. This has now been fixed such that the option is now respected.

#3518 #3589

Bugfix #3556: Fix hang with Backblaze B2 on SSL certificate authority error

Previously, if a request failed with an SSL unknown certificate authority error, the B2 backend retried indefinitely and restic would appear to hang.

This has now been fixed and restic instead fails with an error message.

#3556 #2355 #3571

Bugfix #3601: Fix rclone backend prematurely exiting when receiving SIGINT on Windows

Previously, pressing Ctrl+C in a Windows console where restic was running with rclone as the backend would cause rclone to exit prematurely due to getting a SIGINT signal at the same time as restic. Restic would then wait for a long time for time with "unexpected EOF" and "rclone stdio connection already closed" errors.

This has now been fixed by restic starting the rclone process detached from the console restic runs in (similar to starting processes in a new process group on Linux), which enables restic to gracefully clean up rclone (which now never gets the SIGINT).

#3601 #3602

Bugfix #3667: The mount command now reports symlinks sizes

Symlinks used to have size zero in restic mountpoints, confusing some third-party tools. They now have a size equal to the byte length of their target path, as required by POSIX.

#3667 #3668

Bugfix #3488: rebuild-index failed if an index file was damaged

Previously, the rebuild-index command would fail with an error if an index file was damaged or truncated. This has now been fixed.

On older restic versions, a (slow) workaround is to use rebuild-index --read-all-packs or to manually delete the damaged index.

#3488

Bugfix #3591: Fix handling of prune --max-repack-size=0

Restic ignored the --max-repack-size option when passing a value of 0. This has now been fixed.

As a workaround, --max-repack-size=1 can be used with older versions of restic.

#3591

Bugfix #3619: Avoid choosing parent snapshots newer than time of new snapshot

The backup command, when a --parent was not provided, previously chose the most recent matching snapshot as the parent snapshot. However, this didn't make sense when the user passed --time to create a new snapshot older than the most recent snapshot.

Instead, backup now chooses the most recent snapshot which is not newer than the snapshot-being-created's timestamp, to avoid any time travel.

#3619

Change #3641: Ignore parent snapshot for backup --stdin

Restic uses a parent snapshot to speed up directory scanning when performing backups, but this only wasted time and memory when the backup source is stdin (using the --stdin option of the backup command), since no directory scanning is performed in this case.

Snapshots made with backup --stdin no longer have a parent snapshot, which allows restic to skip some startup operations and saves a bit of resources.

The --parent option is still available for backup --stdin, but is now ignored.

#3641 #3645

Change #3519: Require Go 1.14 or newer

Restic now requires Go 1.14 to build. This allows it to use new standard library features instead of an external dependency.

#3519

Enhancement #1542: Add --dry-run/-n option to backup command

Testing exclude filters and other configuration options was error prone as wrong filters could cause files to be uploaded unintentionally. It was also not possible to estimate beforehand how much data would be uploaded.

The backup command now has a --dry-run/-n option, which performs all the normal steps of a backup without actually writing anything to the repository.

Passing -vv will log information about files that would be added, allowing for verification of source and exclusion options before running the real backup.

#1542 #2308 #3210 #3300

Enhancement #2202: Add upload checksum for Azure, GS, S3 and Swift backends

Previously only the B2 and partially the Swift backends verified the integrity of uploaded (encrypted) files. The verification works by informing the backend about the expected hash of the uploaded file. The backend then verifies the upload and thereby rules out any data corruption during upload.

We have now added upload checksums for the Azure, GS, S3 and Swift backends, which besides integrity checking for uploads also means that restic can now be used to store backups in S3 buckets which have Object Lock enabled.

#2202 #2700 #3023 #3246

Enhancement #233: Support negative include/exclude patterns

If a pattern starts with an exclamation mark and it matches a file that was previously matched by a regular pattern, the match is cancelled. Notably, this can be used with --exclude-file to cancel the exclusion of some files.

It works similarly to .gitignore, with the same limitation; Once a directory is excluded, it is not possible to include files inside the directory.

Example of use as an exclude pattern for the backup command:

$HOME/**/* !$HOME/Documents !$HOME/code !$HOME/.emacs.d !$HOME/games # [...] node_modules *~ *.o *.lo .pyc # [...] $HOME/code/linux/ !$HOME/code/linux/.git # [...]

#233 #2311

Enhancement #2388: Add warning for S3 if partial credentials are provided

Previously restic did not notify about incomplete credentials when using the S3 backend, instead just reporting access denied.

Restic now checks that both the AWS key ID and secret environment variables are set before connecting to the remote server, and reports an error if not.

#2388 #3532

Enhancement #2508: Support JSON output and quiet mode for the diff command

The diff command now supports outputting machine-readable output in JSON format. To enable this, pass the --json option to the command. To only print the summary and suppress detailed output, pass the --quiet option.

#2508 #3592

Enhancement #2656: Add flag to disable TLS verification for self-signed certificates

There is now an --insecure-tls global option in restic, which disables TLS verification for self-signed certificates in order to support some development workflows.

#2656 #2657

Enhancement #3003: Atomic uploads for the SFTP backend

The SFTP backend did not upload files atomically. An interrupted upload could leave an incomplete file behind which could prevent restic from accessing the repository. This has now been fixed and uploads in the SFTP backend are done atomically.

#3003 #3524

Enhancement #3127: Add xattr (extended attributes) support for Solaris

Restic now supports xattr for the Solaris operating system.

#3127 #3628

Enhancement #3464: Skip lock creation on forget if --no-lock and --dry-run

Restic used to silently ignore the --no-lock option of the forget command.

It now skips creation of lock file in case both --dry-run and --no-lock are specified. If --no-lock option is specified without --dry-run, restic prints a warning message to stderr.

#3464 #3623

Enhancement #3490: Support random subset by size in check --read-data-subset

The --read-data-subset option of the check command now supports a third way of specifying the subset to check, namely nS where n is a size in bytes with suffix S as k/K, m/M, g/G or t/T.

#3490 #3548

Enhancement #3541: Improve handling of temporary B2 delete errors

Deleting files on B2 could sometimes fail temporarily, which required restic to retry the delete operation. In some cases the file was deleted nevertheless, causing the retries and ultimately the restic command to fail. This has now been fixed.

#3541 #3544

Enhancement #3542: Add file mode in symbolic notation to ls --json

The ls --json command now provides the file mode in symbolic notation (using the permissions key), aligned with find --json.

#3542 #3573 https://forum.restic.net/t/restic-ls-understanding-file-mode-with-json/4371

Enhancement #2594: Speed up the restore --verify command

The --verify option lets the restore command verify the file content after it has restored a snapshot. The performance of this operation has now been improved by up to a factor of two.

#2594

Enhancement #2816: The backup command no longer updates file access times on Linux

When reading files during backup, restic used to cause the operating system to update the files' access times. Note that this did not apply to filesystems with disabled file access times.

Restic now instructs the operating system not to update the file access time, if the user running restic is the file owner or has root permissions.

#2816

Enhancement #2880: Make recover collect only unreferenced trees

Previously, the recover command used to generate a snapshot containing all root trees, even those which were already referenced by a snapshot.

This has been improved such that it now only processes trees not already referenced by any snapshot.

#2880

Enhancement #3429: Verify that new or modified keys are stored correctly

When adding a new key or changing the password of a key, restic used to just create the new key (and remove the old one, when changing the password). There was no verification that the new key was stored correctly and works properly. As the repository cannot be decrypted without a valid key file, this could in rare cases cause the repository to become inaccessible.

Restic now checks that new key files actually work before continuing. This can protect against some (rare) cases of hardware or storage problems.

#3429

Enhancement #3436: Improve local backend's resilience to (system) crashes

Restic now ensures that files stored using the local backend are created atomically (that is, files are either stored completely or not at all). This ensures that no incomplete files are left behind even if restic is terminated while writing a file.

In addition, restic now tries to ensure that the directory in the repository which contains a newly uploaded file is also written to disk. This can prevent missing files if the system crashes or the disk is not properly unmounted.

#3436

Enhancement #3508: Cache blobs read by the dump command

When dumping a file using the dump command, restic did not cache blobs in any way, so even consecutive runs of the same blob were loaded from the repository again and again, slowing down the dump.

Now, the caching mechanism already used by the fuse command is also used by the dump command. This makes dumping much faster, especially for sparse files.

#3508

Enhancement #3511: Support configurable timeout for the rclone backend

A slow rclone backend could cause restic to time out while waiting for the repository to open. Restic now offers an -o rclone.timeout option to make this timeout configurable.

#3511 #3514

Enhancement #3593: Improve copy performance by parallelizing IO

Restic copy previously only used a single thread for copying blobs between repositories, which resulted in limited performance when copying small blobs to/from a high latency backend (i.e. any remote backend, especially b2).

Copying will now use 8 parallel threads to increase the throughput of the copy operation.

#3593

Bugfix #2742: Improve error handling for rclone and REST backend over HTTP2

When retrieving data from the rclone / REST backend while also using HTTP2 restic did not detect when no data was returned at all. This could cause for example the check command to report the following error:

Pack ID does not match, want [...], got e3b0c442

This has been fixed by correctly detecting and retrying the incomplete download.

#2742 #3453 https://forum.restic.net/t/http2-stream-closed-connection-reset-context-canceled/3743/10

Bugfix #3111: Fix terminal output redirection for PowerShell

When redirecting the output of restic using PowerShell on Windows, the output contained terminal escape characters. This has been fixed by properly detecting the terminal type.

In addition, the mintty terminal now shows progress output for the backup command.

#3111 #3325

Bugfix #3214: Treat an empty password as a fatal error for repository init

When attempting to initialize a new repository, if an empty password was supplied, the repository would be created but the init command would return an error with a stack trace. Now, if an empty password is provided, it is treated as a fatal error, and no repository is created.

#3214 #3283

Bugfix #3267: copy failed to copy snapshots in rare cases

The copy command could in rare cases fail with the error message SaveTree(...) returned unexpected id .... This has been fixed.

On Linux/BSDs, the error could be caused by backing up symlinks with non-UTF-8 target paths. Note that, due to limitations in the repository format, these are not stored properly and should be avoided if possible.

#3267 #3310

Bugfix #3184: backup --quiet no longer prints status information

A regression in the latest restic version caused the output of backup --quiet to contain large amounts of backup progress information when run using an interactive terminal. This is fixed now.

A workaround for this bug is to run restic as follows: restic backup --quiet [..] | cat -.

#3184 #3186

Bugfix #3296: Fix crash of check --read-data-subset=x% run for an empty repository

The command restic check --read-data-subset=x% crashed when run for an empty repository. This has been fixed.

#3296 #3309

Bugfix #3302: Fix fdopendir: not a directory error for local backend

The check, list packs, prune and rebuild-index commands failed for the local backend when the data folder in the repository contained files. This has been fixed.

#3302 #3308

Bugfix #3334: Print created new cache message only on a terminal

The message created new cache was printed even when the output wasn't a terminal. That broke piping restic dump output to tar or zip if cache directory didn't exist. The message is now only printed on a terminal.

#3334 #3343

Bugfix #3380: Fix crash of backup --exclude='**'

The exclude filter **, which excludes all files, caused restic to crash. This has been corrected.

#3380 #3393

Bugfix #3305: Fix possibly missing backup summary of JSON output in case of error

When using --json output it happened from time to time that the summary output was missing in case an error occurred. This has been fixed.

#3305

Bugfix #3439: Correctly handle download errors during restore

Due to a regression in restic 0.12.0, the restore command in some cases did not retry download errors and only printed a warning. This has been fixed by retrying incomplete data downloads.

#3439 #3449

Change #3247: Empty files now have size of 0 in ls --json output

The ls --json command used to omit the sizes of empty files in its output. It now reports a size of zero explicitly for regular files, while omitting the size field for all other types.

#3247 #3257

Enhancement #2780: Add release binaries for s390x architecture on Linux

We've added release binaries for Linux using the s390x architecture.

#2780 #3452

Enhancement #3293: Add --repository-file2 option to init and copy command

The init and copy command can now be used with the --repository-file2 option or the $RESTIC_REPOSITORY_FILE2 environment variable. These to options are in addition to the --repo2 flag and allow you to read the destination repository from a file.

Using both --repository-file and --repo2 options resulted in an error for the copy or init command. The handling of this combination of options has been fixed. A workaround for this issue is to only use --repo or -r and --repo2 for init or copy.

#3293 #3294

Enhancement #3312: Add auto-completion support for fish

The generate command now supports fish auto completion.

#3312

Enhancement #3336: SFTP backend now checks for disk space

Backing up over SFTP previously spewed multiple generic "failure" messages when the remote disk was full. It now checks for disk space before writing a file and fails immediately with a "no space left on device" message.

#3336 #3345

Enhancement #3377: Add release binaries for Apple Silicon

We've added release binaries for macOS on Apple Silicon (M1).

#3377 #3394

Enhancement #3414: Add --keep-within-hourly option to restic forget

The forget command allowed keeping a given number of hourly backups or to keep all backups within a given interval, but it was not possible to specify keeping hourly backups within a given interval.

The new --keep-within-hourly option now offers this functionality. Similar options for daily/weekly/monthly/yearly are also implemented, the new options are:

--keep-within-hourly <1y2m3d4h> --keep-within-daily <1y2m3d4h> --keep-within-weekly <1y2m3d4h> --keep-within-monthly <1y2m3d4h> --keep-within-yearly <1y2m3d4h>

#3414 #3416 https://forum.restic.net/t/forget-policy/4014/11

Enhancement #3456: Support filtering and specifying untagged snapshots

It was previously not possible to specify an empty tag with the --tag and --keep-tag options. This has now been fixed, such that --tag '' and --keep-tag '' now matches snapshots without tags. This allows e.g. the snapshots and forget commands to only operate on untagged snapshots.

#3456 #3457

Enhancement #3167: Allow specifying limit of snapshots list

The --last option allowed limiting the output of the snapshots command to the latest snapshot for each host. The new --latest n option allows limiting the output to the latest n snapshots.

This change deprecates the option --last in favour of --latest 1.

#3167

Enhancement #3426: Optimize read performance of mount command

Reading large files in a mounted repository may be up to five times faster. This improvement primarily applies to repositories stored at a backend that can be accessed with low latency, like e.g. the local backend.

#3426

Enhancement #3427: find --pack fallback to index if data file is missing

When investigating a repository with missing data files, it might be useful to determine affected snapshots before running rebuild-index. Previously, find --pack pack-id returned no data as it required accessing the data file. Now, if the necessary data is still available in the repository index, it gets retrieved from there.

The command now also supports looking up multiple pack files in a single find run.

#3427 https://forum.restic.net/t/missing-packs-not-found/2600

Bugfix #1681: Make mount not create missing mount point directory

When specifying a non-existent directory as mount point for the mount command, restic used to create the specified directory automatically.

This has now changed such that restic instead gives an error when the specified directory for the mount point does not exist.

#1681 #3008

Bugfix #1800: Ignore no data available filesystem error during backup

Restic was unable to backup files on some filesystems, for example certain configurations of CIFS on Linux which return a no data available error when reading extended attributes. These errors are now ignored.

#1800 #3034

Bugfix #2563: Report the correct owner of directories in FUSE mounts

Restic 0.10.0 changed the FUSE mount to always report the current user as the owner of directories within the FUSE mount, which is incorrect.

This is now changed back to reporting the correct owner of a directory.

#2563 #3141

Bugfix #2688: Make backup and tag commands separate tags by comma

Running restic backup --tag foo,bar previously created snapshots with one single tag containing a comma (foo,bar) instead of two tags (foo, bar).

Similarly, the tag command's --set, --add and --remove options would treat foo,bar as one tag instead of two tags. This was inconsistent with other commands and often unexpected when one intended foo,bar to mean two tags.

To be consistent in all commands, restic now interprets foo,bar to mean two separate tags (foo and bar) instead of one tag (foo,bar) everywhere, including in the backup and tag commands.

NOTE: This change might result in unexpected behavior in cases where you use the forget command and filter on tags like foo,bar. Snapshots previously backed up with --tag foo,bar will still not match that filter, but snapshots saved from now on will match that filter.

To replace foo,bar tags with foo and bar tags in old snapshots, you can first generate a list of the relevant snapshots using a command like:

Restic snapshots --json --quiet | jq '.[] | select(contains({tags: ["foo,bar"]})) | .id'

And then use restic tag --set foo --set bar snapshotID [...] to set the new tags. Please adjust the commands to include real tag names and any additional tags, as well as the list of snapshots to process.

#2688 #2690 #3197

Bugfix #2739: Make the cat command respect the --no-lock option

The cat command would not respect the --no-lock flag. This is now fixed.

#2739

Bugfix #3087: The --use-fs-snapshot option now works on windows/386

Restic failed to create VSS snapshots on windows/386 with the following error:

GetSnapshotProperties() failed: E_INVALIDARG (0x80070057)

This is now fixed.

#3087 #3090

Bugfix #3100: Do not require gs bucket permissions when running init

Restic used to require bucket level permissions for the gs backend in order to initialize a restic repository.

It now allows a gs service account to initialize a repository if the bucket does exist and the service account has permissions to write/read to that bucket.

#3100

Bugfix #3111: Correctly detect output redirection for backup command on Windows

On Windows, since restic 0.10.0 the backup command did not properly detect when the output was redirected to a file. This caused restic to output terminal control characters. This has been fixed by correcting the terminal detection.

#3111 #3150

Bugfix #3151: Don't create invalid snapshots when backup is interrupted

When canceling a backup run at a certain moment it was possible that restic created a snapshot with an invalid "null" tree. This caused check and other operations to fail. The backup command now properly handles interruptions and never saves a snapshot when interrupted.

#3151 #3164

Bugfix #3166: Improve error handling in the restore command

The restore command used to not print errors while downloading file contents from the repository. It also incorrectly exited with a zero error code even when there were errors during the restore process. This has all been fixed and restore now returns with a non-zero exit code when there's an error.

#3166 #3207

Bugfix #3232: Correct statistics for overlapping targets

A user reported that restic's statistics and progress information during backup was not correctly calculated when the backup targets (files/dirs to save) overlap. For example, consider a directory foo which contains (among others) a file foo/bar. When restic backup foo foo/bar was run, restic counted the size of the file foo/bar twice, so the completeness percentage as well as the number of files was wrong. This is now corrected.

#3232 #3243

Bugfix #3014: Fix sporadic stream reset between rclone and restic

Sometimes when using restic with the rclone backend, an error message similar to the following would be printed:

Didn't finish writing GET request (wrote 0/xxx): http2: stream closed

It was found that this was caused by restic closing the connection to rclone to soon when downloading data. A workaround has been added which waits for the end of the download before closing the connection.

#2598 #3014

Bugfix #3152: Do not hang until foregrounded when completed in background

On Linux, when running in the background restic failed to stop the terminal output of the backup command after it had completed. This caused restic to hang until moved to the foreground. This has now been fixed.

#3152 https://forum.restic.net/t/restic-alpine-container-cron-hangs-epoll-pwait/3334

Bugfix #3249: Improve error handling in gs backend

The gs backend did not notice when the last step of completing a file upload failed. Under rare circumstances, this could cause missing files in the backup repository. This has now been fixed.

#3249

Change #3095: Deleting files on Google Drive now moves them to the trash

When deleting files on Google Drive via the rclone backend, restic used to bypass the trash folder required that one used the -o rclone.args option to enable usage of the trash folder. This ensured that deleted files in Google Drive were not kept indefinitely in the trash folder. However, since Google Drive's trash retention policy changed to deleting trashed files after 30 days, this is no longer needed.

Restic now leaves it up to rclone and its configuration to use or not use the trash folder when deleting files. The default is to use the trash folder, as of rclone 1.53.2. To re-enable the restic 0.11 behavior, set the RCLONE_DRIVE_USE_TRASH environment variable or change the rclone configuration. See the rclone documentation for more details.

#3095 #3102

Enhancement #2186: Allow specifying percentage in check --read-data-subset

We've enhanced the check command's --read-data-subset option to also accept a percentage (e.g. 2.5% or 10%). This will check the given percentage of pack files (which are randomly selected on each run).

#2186 #3038

Enhancement #2453: Report permanent/fatal backend errors earlier

When encountering errors in reading from or writing to storage backends, restic retries the failing operation up to nine times (for a total of ten attempts). It used to retry all backend operations, but now detects some permanent error conditions so that it can report fatal errors earlier.

Permanent failures include local disks being full, SSH connections dropping and permission errors.

#2453 #3180 #3170 #3181

Enhancement #2528: Add Alibaba/Aliyun OSS support in the s3 backend

A new extended option s3.bucket-lookup has been added to support Alibaba/Aliyun OSS in the s3 backend. The option can be set to one of the following values:

• auto - Existing behaviour - dns - Use DNS style bucket access - path - Use path style bucket access

To make the s3 backend work with Alibaba/Aliyun OSS you must set s3.bucket-lookup to dns and set the s3.region parameter. For example:

Restic -o s3.bucket-lookup=dns -o s3.region=oss-eu-west-1 -r s3:https://oss-eu-west-1.aliyuncs.com/bucketname init

Note that s3.region must be set, otherwise the MinIO SDK tries to look it up and it seems that Alibaba doesn't support that properly.

#2528 #2535

Enhancement #2706: Configurable progress reports for non-interactive terminals

The backup, check and prune commands never printed any progress reports on non-interactive terminals. This behavior is now configurable using the RESTIC_PROGRESS_FPS environment variable. Use for example a value of 1 for an update every second, or 0.01666 for an update every minute.

The backup command now also prints the current progress when restic receives a SIGUSR1 signal.

Setting the RESTIC_PROGRESS_FPS environment variable or sending a SIGUSR1 signal prints a status report even when --quiet was specified.

#2706 #3194 #3199

Enhancement #2944: Add backup options --files-from-{verbatim,raw}

The new backup options --files-from-verbatim and --files-from-raw read a list of files to back up from a file. Unlike the existing --files-from option, these options do not interpret the listed filenames as glob patterns; instead, whitespace in filenames is preserved as-is and no pattern expansion is done. Please see the documentation for specifics.

These new options are highly recommended over --files-from, when using a script to generate the list of files to back up.

#2944 #3013

Enhancement #3083: Allow usage of deprecated S3 ListObjects API

Some S3 API implementations, e.g. Ceph before version 14.2.5, have a broken ListObjectsV2 implementation which causes problems for restic when using their API endpoints. When a broken server implementation is used, restic prints errors similar to the following:

List() returned error: Truncated response should have continuation token set

As a temporary workaround, restic now allows using the older ListObjects endpoint by setting the s3.list-objects-v1 extended option, for instance:

Restic -o s3.list-objects-v1=true snapshots

Please note that this option may be removed in future versions of restic.

#3083 #3085

Enhancement #3147: Support additional environment variables for Swift authentication

The swift backend now supports the following additional environment variables for passing authentication details to restic: OS_USER_ID, OS_USER_DOMAIN_ID, OS_PROJECT_DOMAIN_ID and OS_TRUST_ID

Depending on the openrc configuration file these might be required when the user and project domains differ from one another.

#3147 #3158

Enhancement #3191: Add release binaries for MIPS architectures

We've added a few new architectures for Linux to the release binaries: mips, mipsle, mips64, and mip64le. MIPS is mostly used for low-end embedded systems.

#3191 #3208

Enhancement #909: Back up mountpoints as empty directories

When the --one-file-system option is specified to restic backup, it ignores all file systems mounted below one of the target directories. This means that when a snapshot is restored, users needed to manually recreate the mountpoint directories.

Restic now backs up mountpoints as empty directories and therefore implements the same approach as tar.

#909 #3119

Enhancement #3250: Add several more error checks

We've added a lot more error checks in places where errors were previously ignored (as hinted by the static analysis program errcheck via golangci-lint).

#3250

Enhancement #2718: Improve prune performance and make it more customizable

The prune command is now much faster. This is especially the case for remote repositories or repositories with not much data to remove. Also the memory usage of the prune command is now reduced.

Restic used to rebuild the index from scratch after pruning. This could lead to missing packs in the index in some cases for eventually consistent backends such as e.g. AWS S3. This behavior is now changed and the index rebuilding uses the information already known by prune.

By default, the prune command no longer removes all unused data. This behavior can be fine-tuned by new options, like the acceptable amount of unused space or the maximum size of data to reorganize. For more details, please see https://restic.readthedocs.io/en/stable/060_forget.html .

Moreover, prune now accepts the --dry-run option and also running forget --dry-run --prune will show what prune would do.

This enhancement also fixes several open issues, e.g.: - https://github.com/restic/restic/issues/1140 - https://github.com/restic/restic/issues/1599 - https://github.com/restic/restic/issues/1985 - https://github.com/restic/restic/issues/2112 - https://github.com/restic/restic/issues/2227 - https://github.com/restic/restic/issues/2305

#2718 #2842

Enhancement #2495: Add option to let backup trust mtime without checking ctime

The backup command used to require that both ctime and mtime of a file matched with a previously backed up version to determine that the file was unchanged. In other words, if either ctime or mtime of the file had changed, it would be considered changed and restic would read the file's content again to back up the relevant (changed) parts of it.

The new option --ignore-ctime makes restic look at mtime only, such that ctime changes for a file does not cause restic to read the file's contents again.

The check for both ctime and mtime was introduced in restic 0.9.6 to make backups more reliable in the face of programs that reset mtime (some Unix archivers do that), but it turned out to often be expensive because it made restic read file contents even if only the metadata (owner, permissions) of a file had changed. The new --ignore-ctime option lets the user restore the 0.9.5 behavior when needed. The existing --ignore-inode option already turned off this behavior, but also removed a different check.

Please note that changes in files' metadata are still recorded, regardless of the command line options provided to the backup command.

#2495 #2558 #2819 #2823

Enhancement #2941: Speed up the repacking step of the prune command

The repack step of the prune command, which moves still used file parts into new pack files such that the old ones can be garbage collected later on, now processes multiple pack files in parallel. This is especially beneficial for high latency backends or when using a fast network connection.

#2941

Enhancement #3006: Speed up the rebuild-index command

We've optimized the rebuild-index command. Now, existing index entries are used to minimize the number of pack files that must be read. This speeds up the index rebuild a lot.

Additionally, the option --read-all-packs has been added, implementing the previous behavior.

#3006 https://github.com/restic/restic/issue/2547

Enhancement #3048: Add more checks for index and pack files in the check command

The check command run with the --read-data or --read-data-subset options used to only verify only the pack file content - it did not check if the blobs within the pack are correctly contained in the index.

A check for the latter is now in place, which can print the following error:

Blob ID is not contained in index or position is incorrect

Another test is also added, which compares pack file sizes computed from the index and the pack header with the actual file size. This test is able to detect truncated pack files.

If the index is not correct, it can be rebuilt by using the rebuild-index command.

Having added these tests, restic check is now able to detect non-existing blobs which are wrongly referenced in the index. This situation could have lead to missing data.

#3048 #3082

Enhancement #2433: Make the dump command support zip format

Previously, restic could dump the contents of a whole folder structure only in the tar format. The dump command now has a new flag to change output format to zip. Just pass --archive zip as an option to restic dump.

#2433 #3081

Enhancement #3099: Reduce memory usage of check command

The check command now requires less memory if it is run without the --check-unused option.

#3099

Enhancement #3106: Parallelize scan of snapshot content in copy and prune

The copy and prune commands used to traverse the directories of snapshots one by one to find used data. This snapshot traversal is now parallized which can speed up this step several times.

In addition the check command now reports how many snapshots have already been processed.

#3106

Enhancement #3130: Parallelize reading of locks and snapshots

Restic used to read snapshots sequentially. For repositories containing many snapshots this slowed down commands which have to read all snapshots.

Now the reading of snapshots is parallelized. This speeds up for example prune, backup and other commands that search for snapshots with certain properties or which have to find the latest snapshot.

The speed up also applies to locks stored in the backup repository.

#3130 #3174

Enhancement #3254: Enable HTTP/2 for backend connections

Go's HTTP library usually automatically chooses between HTTP/1.x and HTTP/2 depending on what the server supports. But for compatibility this mechanism is disabled if DialContext is used (which is the case for restic). This change allows restic's HTTP client to negotiate HTTP/2 if supported by the server.

#3254

Bugfix #1212: Restore timestamps and permissions on intermediate directories

When using the --include option of the restore command, restic restored timestamps and permissions only on directories selected by the include pattern. Intermediate directories, which are necessary to restore files located in sub- directories, were created with default permissions. We've fixed the restore command to restore timestamps and permissions for these directories as well.

#1212 #1402 #2906

Bugfix #1756: Mark repository files as read-only when using the local backend

Files stored in a local repository were marked as writeable on the filesystem for non-Windows systems, which did not prevent accidental file modifications outside of restic. In addition, the local backend did not work with certain filesystems and network mounts which do not permit modifications of file permissions.

Restic now marks files stored in a local repository as read-only on the filesystem on non-Windows systems. The error handling is improved to support more filesystems.

#1756 #2157 #2989

Bugfix #2241: Hide password in REST backend repository URLs

When using a password in the REST backend repository URL, the password could in some cases be included in the output from restic, e.g. when initializing a repo or during an error.

The password is now replaced with "***" where applicable.

#2241 #2658

Bugfix #2319: Correctly dump directories into tar files

The dump command previously wrote directories in a tar file in a way which can cause compatibility problems. This caused, for example, 7zip on Windows to not open tar files containing directories. In addition it was not possible to dump directories with extended attributes. These compatibility problems are now corrected.

In addition, a tar file now includes the name of the owner and group of a file.

#2319 #3039

Bugfix #2491: Don't require self-update --output placeholder file

restic self-update --output /path/to/new-restic used to require that new-restic was an existing file, to be overwritten. Now it's possible to download an updated restic binary to a new path, without first having to create a placeholder file.

#2491 #2937

Bugfix #2834: Fix rare cases of backup command hanging forever

We've fixed an issue with the backup progress reporting which could cause restic to hang forever right before finishing a backup.

#2834 #2963

Bugfix #2938: Fix manpage formatting

The manpage formatting in restic v0.10.0 was garbled, which is fixed now.

#2938 #2977

Bugfix #2942: Make --exclude-larger-than handle disappearing files

There was a small bug in the backup command's --exclude-larger-than option where files that disappeared between scanning and actually backing them up to the repository caused a panic. This is now fixed.

#2942

Bugfix #2951: Restic generate, help and self-update no longer check passwords

The commands restic cache, generate, help and self-update don't need passwords, but they previously did run the RESTIC_PASSWORD_COMMAND (if set in the environment), prompting users to authenticate for no reason. They now skip running the password command.

#2951 #2987

Bugfix #2979: Make snapshots --json output [] instead of null when no snapshots

Restic previously output null instead of [] for the --json snapshots command, when there were no snapshots in the repository. This caused some minor problems when parsing the output, but is now fixed such that [] is output when the list of snapshots is empty.

#2979 #2984

Enhancement #2969: Optimize check for unchanged files during backup

During a backup restic skips processing files which have not changed since the last backup run. Previously this required opening each file once which can be slow on network filesystems. The backup command now checks for file changes before opening a file. This considerably reduces the time to create a backup on network filesystems.

#2969 #2970

Enhancement #340: Add support for Volume Shadow Copy Service (VSS) on Windows

Volume Shadow Copy Service allows read access to files that are locked by another process using an exclusive lock through a filesystem snapshot. Restic was unable to backup those files before. This update enables backing up these files.

This needs to be enabled explicitely using the --use-fs-snapshot option of the backup command.

#340 #2274

Enhancement #2849: Authenticate to Google Cloud Storage with access token

When using the GCS backend, it is now possible to authenticate with OAuth2 access tokens instead of a credentials file by setting the GOOGLE_ACCESS_TOKEN environment variable.

#2849

Enhancement #1458: New option --repository-file

We've added a new command-line option --repository-file as an alternative to -r. This allows to read the repository URL from a file in order to prevent certain types of information leaks, especially for URLs containing credentials.

#1458 #2900 #2910

Enhancement #2978: Warn if parent snapshot cannot be loaded during backup

During a backup restic uses the parent snapshot to check whether a file was changed and has to be backed up again. For this check the backup has to read the directories contained in the old snapshot. If a tree blob cannot be loaded, restic now warns about this problem with the backup repository.

#2978

Bugfix #1863: Report correct number of directories processed by backup

The directory statistics calculation was fixed to report the actual number of processed directories instead of always zero.

#1863

Bugfix #2254: Fix tar issues when dumping /

We've fixed an issue with dumping either / or files on the first sublevel e.g. /foo to tar. This also fixes tar dumping issues on Windows where this issue could also happen.

#2254 #2357 #2255

Bugfix #2281: Handle format verbs like '%' properly in find output

The JSON or "normal" output of the find command can now deal with file names that contain substrings which the Golang fmt package considers "format verbs" like %s.

#2281

Bugfix #2298: Do not hang when run as a background job

Restic did hang on exit while restoring the terminal configuration when it was started as a background job, for example using restic ... &. This has been fixed by only restoring the terminal configuration when restic is interrupted while reading a password from the terminal.

#2298

Bugfix #2389: Fix mangled json output of backup command

We've fixed a race condition in the json output of the backup command that could cause multiple lines to get mixed up. We've also ensured that the backup summary is printed last.

#2389 #2545

Bugfix #2390: Refresh lock timestamp

Long-running operations did not refresh lock timestamp, resulting in locks becoming stale. This is now fixed.

#2390

Bugfix #2429: Backup --json reports total_bytes_processed as 0

We've fixed the json output of total_bytes_processed. The non-json output was already fixed with pull request #2138 but left the json output untouched.

#2429

Bugfix #2469: Fix incorrect bytes stats in diff command

In some cases, the wrong number of bytes (e.g. 16777215.998 TiB) were reported by the diff command. This is now fixed.

#2469

Bugfix #2518: Do not crash with Synology NAS sftp server

It was found that when restic is used to store data on an sftp server on a Synology NAS with a relative path (one which does not start with a slash), it may go into an endless loop trying to create directories on the server. We've fixed this bug by using a function in the sftp library instead of our own implementation.

The bug was discovered because the Synology sftp server behaves erratic with non-absolute path (e.g. home/restic-repo). This can be resolved by just using an absolute path instead (/home/restic-repo). We've also added a paragraph in the FAQ.

#2518 #2363 #2530

Bugfix #2531: Fix incorrect size calculation in stats --mode restore-size

The restore-size mode of stats was counting hard-linked files as if they were independent.

#2531

Bugfix #2537: Fix incorrect file counts in stats --mode restore-size

The restore-size mode of stats was failing to count empty directories and some files with hard links.

#2537

Bugfix #2592: SFTP backend supports IPv6 addresses

The SFTP backend now supports IPv6 addresses natively, without relying on aliases in the external SSH configuration.

#2592

Bugfix #2607: Honor RESTIC_CACHE_DIR environment variable on Mac and Windows

On Mac and Windows, the RESTIC_CACHE_DIR environment variable was ignored. This variable can now be used on all platforms to set the directory where restic stores caches.

#2607

Bugfix #2668: Don't abort the stats command when data blobs are missing

Runing the stats command in the blobs-per-file mode on a repository with missing data blobs previously resulted in a crash.

#2668

Bugfix #2674: Add stricter prune error checks

Additional checks were added to the prune command in order to improve resiliency to backend, hardware and/or networking issues. The checks now detect a few more cases where such outside factors could potentially cause data loss.

#2674

Bugfix #2899: Fix possible crash in the progress bar of check --read-data

We've fixed a possible crash while displaying the progress bar for the check --read-data command. The crash occurred when the length of the progress bar status exceeded the terminal width, which only happened for very narrow terminal windows.

#2899 https://forum.restic.net/t/restic-rclone-pcloud-connection-issues/2963/15

Change #2482: Remove vendored dependencies

We've removed the vendored dependencies (in the subdir vendor/). When building restic, the Go compiler automatically fetches the dependencies. It will also cryptographically verify that the correct code has been fetched by using the hashes in go.sum (see the link to the documentation below).

#2482 https://golang.org/cmd/go/#hdr-Module_downloading_and_verification

Change #2546: Return exit code 3 when failing to backup all source data

The backup command used to return a zero exit code as long as a snapshot could be created successfully, even if some of the source files could not be read (in which case the snapshot would contain the rest of the files).

This made it hard for automation/scripts to detect failures/incomplete backups by looking at the exit code. Restic now returns the following exit codes for the backup command:

• 0 when the command was successful
• 1 when there was a fatal error (no snapshot created)
• 3 when some source data could not be read (incomplete snapshot created)

#956 #2064 #2526 #2364 #2546

Change #2600: Update dependencies, require Go >= 1.13

Restic now requires Go to be at least 1.13. This allows simplifications in the build process and removing workarounds.

This is also probably the last version of restic still supporting mounting repositories via fuse on macOS. The library we're using for fuse does not support macOS any more and osxfuse is not open source any more.

#224 #590 #2600 #2852 #2927

Change #1597: Honor the --no-lock flag in the mount command

The mount command now does not lock the repository if given the --no-lock flag. This allows to mount repositories which are archived on a read only backend/filesystem.

#1597 #2821

Enhancement #1570: Support specifying multiple host flags for various commands

Previously commands didn't take more than one --host or -H argument into account, which could be limiting with e.g. the forget command.

The dump, find, forget, ls, mount, restore, snapshots, stats and tag commands will now take into account multiple --host and -H flags.

#1570

Enhancement #1680: Optimize restic mount

We've optimized the FUSE implementation used within restic. restic mount is now more responsive and uses less memory.

#1680 #2587 #2787

Enhancement #2072: Display snapshot date when using restic find

Added the respective snapshot date to the output of restic find.

#2072

Enhancement #2175: Allow specifying user and host when creating keys

When adding a new key to the repository, the username and hostname for the new key can be specified on the command line. This allows overriding the defaults, for example if you would prefer to use the FQDN to identify the host or if you want to add keys for several different hosts without having to run the key add command on those hosts.

#2175

Enhancement #2277: Add support for ppc64le

Adds support for ppc64le, the processor architecture from IBM.

#2277

Enhancement #2395: Ignore sync errors when operation not supported by local filesystem

The local backend has been modified to work with filesystems which doesn't support the sync operation. This operation is normally used by restic to ensure that data files are fully written to disk before continuing.

For these limited filesystems, saving a file in the backend would previously fail with an "operation not supported" error. This error is now ignored, which means that e.g. an SMB mount on macOS can now be used as storage location for a repository.

#2395 https://forum.restic.net/t/sync-errors-on-mac-over-smb/1859

Enhancement #2427: Add flag --iexclude-file to backup command

The backup command now supports the flag --iexclude-file which is a case-insensitive version of --exclude-file.

#2427 #2898

Enhancement #2569: Support excluding files by their size

The backup command now supports the --exclude-larger-than option to exclude files which are larger than the specified maximum size. This can for example be useful to exclude unimportant files with a large file size.

#2569 #2914

Enhancement #2571: Self-heal missing file parts during backup of unchanged files

We've improved the resilience of restic to certain types of repository corruption.

For files that are unchanged since the parent snapshot, the backup command now verifies that all parts of the files still exist in the repository. Parts that are missing, e.g. from a damaged repository, are backed up again. This verification was already run for files that were modified since the parent snapshot, but is now also done for unchanged files.

Note that restic will not backup file parts that are referenced in the index but where the actual data is not present on disk, as this situation can only be detected by restic check. Please ensure that you run restic check regularly.

#2571 #2827

Enhancement #2858: Support filtering snapshots by tag and path in the stats command

We've added filtering snapshots by --tag tagList and by --path path to the stats command. This includes filtering of only 'latest' snapshots or all snapshots in a repository.

#2858 #2859 https://forum.restic.net/t/stats-for-a-host-and-filtered-snapshots/3020

Enhancement #323: Add command for copying snapshots between repositories

We've added a copy command, allowing you to copy snapshots from one repository to another.

Note that this process will have to read (download) and write (upload) the entire snapshot(s) due to the different encryption keys used on the source and destination repository. Also, the transferred files are not re-chunked, which may break deduplication between files already stored in the destination repo and files copied there using this command.

To fully support deduplication between repositories when the copy command is used, the init command now supports the --copy-chunker-params option, which initializes the new repository with identical parameters for splitting files into chunks as an already existing repository. This allows copied snapshots to be equally deduplicated in both repositories.

#323 #2606 #2928

Enhancement #551: Use optimized library for hash calculation of file chunks

We've switched the library used to calculate the hashes of file chunks, which are used for deduplication, to the optimized Minio SHA-256 implementation.

Depending on the CPU it improves the hashing throughput by 10-30%. Modern x86 CPUs with the SHA Extension should be about two to three times faster.

#551 #2709

Enhancement #2195: Simplify and improve restore performance

Significantly improves restore performance of large files (i.e. 50M+): https://github.com/restic/restic/issues/2074 https://forum.restic.net/t/restore-using-rclone-gdrive-backend-is-slow/1112/8 https://forum.restic.net/t/degraded-restore-performance-s3-backend/1400

Fixes "not enough cache capacity" error during restore: https://github.com/restic/restic/issues/2244

NOTE: This new implementation does not guarantee order in which blobs are written to the target files and, for example, the last blob of a file can be written to the file before any of the preceeding file blobs. It is therefore possible to have gaps in the data written to the target files if restore fails or interrupted by the user.

The implementation will try to preallocate space for the restored files on the filesystem to prevent file fragmentation. This ensures good read performance for large files, like for example VM images. If preallocating space is not supported by the filesystem, then this step is silently skipped.

#2195 #2893

Enhancement #2328: Improve speed of check command

We've improved the check command to traverse trees only once independent of whether they are contained in multiple snapshots. The check command is now much faster for repositories with a large number of snapshots.

#2284 #2328

Enhancement #2423: Support user@domain parsing as user

Added the ability for user@domain-like users to be authenticated over SFTP servers.

#2423

Enhancement #2576: Improve the chunking algorithm

We've updated the chunker library responsible for splitting files into smaller blocks. It should improve the chunking throughput by 5-15% depending on the CPU.

#2820 #2576 #2845

Enhancement #2598: Improve speed of diff command

We've improved the performance of the diff command when comparing snapshots with similar content. It should run up to twice as fast as before.

#2598

Enhancement #2599: Slightly reduce memory usage of prune and stats commands

The prune and the stats command kept directory identifiers in memory twice while searching for used blobs.

#2599

Enhancement #2733: S3 backend: Add support for WebIdentityTokenFile

We've added support for EKS IAM roles for service accounts feature to the S3 backend.

#2703 #2733

Enhancement #2773: Optimize handling of new index entries

Restic now uses less memory for backups which add a lot of data, e.g. large initial backups. In addition, we've improved the stability in some edge cases.

#2773

Enhancement #2781: Reduce memory consumption of in-memory index

We've improved how the index is stored in memory. This change can reduce memory usage for large repositories by up to 50% (depending on the operation).

#2781 #2812

Enhancement #2786: Optimize list blobs command

We've changed the implementation of list blobs which should be now a bit faster and consume almost no memory even for large repositories.

#2786

Enhancement #2790: Optimized file access in restic mount

Reading large (> 100GiB) files from restic mountpoints is now faster, and the speedup is greater for larger files.

#2790

Enhancement #2840: Speed-up file deletion in forget, prune and rebuild-index

We've sped up the file deletion for the commands forget, prune and rebuild-index, especially for remote repositories. Deletion was sequential before and is now run in parallel.

#2840

Bugfix #2063: Allow absolute path for filename when backing up from stdin

When backing up from stdin, handle directory path for --stdin-filename. This can be used to specify the full path for the backed-up file.

#2063

Bugfix #2174: Save files with invalid timestamps

When restic reads invalid timestamps (year is before 0000 or after 9999) it refused to read and archive the file. We've changed the behavior and will now save modified timestamps with the year set to either 0000 or 9999, the rest of the timestamp stays the same, so the file will be saved (albeit with a bogus timestamp).

#2174 #1173

Bugfix #2249: Read fresh metadata for unmodified files

Restic took all metadata for files which were detected as unmodified, not taking into account changed metadata (ownership, mode). This is now corrected.

#2249 #2252

Bugfix #2301: Add upper bound for t in --read-data-subset=n/t

256 is the effective maximum for t, but restic would allow larger values, leading to strange behavior.

#2301 #2304

Bugfix #2321: Check errors when loading index files

Restic now checks and handles errors which occur when loading index files, the missing check leads to odd errors (and a stack trace printed to users) later. This was reported in the forum.

#2321 https://forum.restic.net/t/check-rebuild-index-prune/1848/13

Enhancement #2179: Use ctime when checking for file changes

Previously, restic only checked a file's mtime (along with other non-timestamp metadata) to decide if a file has changed. This could cause restic to not notice that a file has changed (and therefore continue to store the old version, as opposed to the modified version) if something edits the file and then resets the timestamp. Restic now also checks the ctime of files, so any modifications to a file should be noticed, and the modified file will be backed up. The ctime check will be disabled if the --ignore-inode flag was given.

If this change causes problems for you, please open an issue, and we can look in to adding a seperate flag to disable just the ctime check.

#2179 #2212

Enhancement #2306: Allow multiple retries for interactive password input

Restic used to quit if the repository password was typed incorrectly once. Restic will now ask the user again for the repository password if typed incorrectly. The user will now get three tries to input the correct password before restic quits.

#2306

Enhancement #2330: Make --group-by accept both singular and plural

One can now use the values host/hosts, path/paths and tag / tags interchangeably in the --group-by argument.

#2330

Enhancement #2350: Add option to configure S3 region

We've added a new option for setting the region when accessing an S3-compatible service. For some providers, it is required to set this to a valid value. You can do that either by setting the environment variable AWS_DEFAULT_REGION or using the option s3.region, e.g. like this: -o s3.region="us-east-1".

#2350

Bugfix #2135: Return error when no bytes could be read from stdin

We assume that users reading backup data from stdin want to know when no data could be read, so now restic returns an error when backup --stdin is called but no bytes could be read. Usually, this means that an earlier command in a pipe has failed. The documentation was amended and now recommends setting the pipefail option (set -o pipefail).

#2135 #2139

Bugfix #2181: Don't cancel timeout after 30 seconds for self-update

#2181

Bugfix #2203: Fix reading passwords from stdin

Passwords for the init, key add, and key passwd commands can now be read from non-terminal stdin.

#2203

Bugfix #2224: Don't abort the find command when a tree can't be loaded

Change the find command so that missing trees don't result in a crash. Instead, the error is logged to the debug log, and the tree ID is displayed along with the snapshot it belongs to. This makes it possible to recover repositories that are missing trees by forgetting the snapshots they are used in.

#2224

Enhancement #1895: Add case insensitive include & exclude options

The backup and restore commands now have --iexclude and --iinclude flags as case insensitive variants of --exclude and --include.

#1895 #2032

Enhancement #1937: Support streaming JSON output for backup

We've added support for getting machine-readable status output during backup, just pass the flag --json for restic backup and restic will output a stream of JSON objects which contain the current progress.

#1937 #1944

Enhancement #2155: Add Openstack application credential auth for Swift

Since Openstack Queens Identity (auth V3) service supports an application credential auth method. It allows to create a technical account with the limited roles. This commit adds an application credential authentication method for the Swift backend.

#2155

Enhancement #2184: Add --json support to forget command

The forget command now supports the --json argument, outputting the information about what is (or would-be) kept and removed from the repository.

#2184 #2185

Enhancement #2037: Add group-by option to snapshots command

We have added an option to group the output of the snapshots command, similar to the output of the forget command. The option has been called "--group-by" and accepts any combination of the values "host", "paths" and "tags", separated by commas. Default behavior (not specifying --group-by) has not been changed. We have added support of the grouping to the JSON output.

#2037 #2087

Enhancement #2124: Ability to dump folders to tar via stdout

We've added the ability to dump whole folders to stdout via the dump command. Restic now requires at least Go 1.10 due to a limitation of the standard library for Go <= 1.9.

#2123 #2124

Enhancement #2139: Return error if no bytes could be read for backup --stdin

When restic is used to backup the output of a program, like mysqldump | restic backup --stdin, it now returns an error if no bytes could be read at all. This catches the failure case when mysqldump failed for some reason and did not output any data to stdout.

#2139

Enhancement #2205: Add --ignore-inode option to backup cmd

This option handles backup of virtual filesystems that do not keep fixed inodes for files, like Fuse-based, pCloud, etc. Ignoring inode changes allows to consider the file as unchanged if last modification date and size are unchanged.

#1631 #2205 #2047

Enhancement #2220: Add config option to set S3 storage class

The s3.storage-class option can be passed to restic (using -o) to specify the storage class to be used for S3 objects created by restic.

The storage class is passed as-is to S3, so it needs to be understood by the API. On AWS, it can be one of STANDARD, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING and REDUCED_REDUNDANCY. If unspecified, the default storage class is used (STANDARD on AWS).

You can mix storage classes in the same bucket, and the setting isn't stored in the restic repository, so be sure to specify it with each command that writes to S3.

#706 #2220

Bugfix #1989: Google Cloud Storage: Respect bandwidth limit

The GCS backend did not respect the bandwidth limit configured, a previous commit accidentally removed support for it.

#1989 #2100

Bugfix #2040: Add host name filter shorthand flag for stats command

The default value for --host flag was set to 'H' (the shorthand version of the flag), this caused the lookup for the latest snapshot to fail.

Add shorthand flag -H for --host (with empty default so if these flags are not specified the latest snapshot will not filter by host name).

Also add shorthand -H for backup command.

#2040

Bugfix #2068: Correctly return error loading data

In one case during prune and check, an error loading data from the backend is not returned properly. This is now corrected.

#1999 #2068

Bugfix #2095: Consistently use local time for snapshots times

By default snapshots created with restic backup were set to local time, but when the --time flag was used the provided timestamp was parsed as UTC. With this change all snapshots times are set to local time.

#2095

Enhancement #1605: Concurrent restore

This change significantly improves restore performance, especially when using high-latency remote repositories like B2.

The implementation now uses several concurrent threads to download and process multiple remote files concurrently. To further reduce restore time, each remote file is downloaded using a single repository request.

#1605 #1719

Enhancement #2089: Increase granularity of the "keep within" retention policy

The keep-within option of the forget command now accepts time ranges with an hourly granularity. For example, running restic forget --keep-within 3d12h will keep all the snapshots made within three days and twelve hours from the time of the latest snapshot.

#2089 #2090

Enhancement #2097: Add key hinting

Added a new option --key-hint and corresponding environment variable RESTIC_KEY_HINT. The key hint is a key ID to try decrypting first, before other keys in the repository.

This change will benefit repositories with many keys; if the correct key hint is supplied then restic only needs to check one key. If the key hint is incorrect (the key does not exist, or the password is incorrect) then restic will check all keys, as usual.

#2097

Enhancement #2017: Mount: Enforce FUSE Unix permissions with allow-other

The fuse mount (restic mount) now lets the kernel check the permissions of the files within snapshots (this is done through the DefaultPermissions FUSE option) when the option --allow-other is specified.

To restore the old behavior, we've added the --no-default-permissions option. This allows all users that have access to the mount point to access all files within the snapshots.

#2017

Enhancement #2070: Make all commands display timestamps in local time

Restic used to drop the timezone information from displayed timestamps, it now converts timestamps to local time before printing them so the times can be easily compared to.

#2070

Enhancement #2085: Allow --files-from to be specified multiple times

Before, restic took only the last file specified with --files-from into account, this is now corrected.

#2085 #2086

Enhancement #2094: Run command to get password

We've added the --password-command option which allows specifying a command that restic runs every time the password for the repository is needed, so it can be integrated with a password manager or keyring. The option can also be set via the environment variable $RESTIC_PASSWORD_COMMAND.

#2094

Bugfix #1935: Remove truncated files from cache

When a file in the local cache is truncated, and restic tries to access data beyond the end of the (cached) file, it used to return an error "EOF". This is now fixed, such truncated files are removed and the data is fetched directly from the backend.

#1935

Bugfix #1978: Do not return an error when the scanner is faster than backup

When restic makes a backup, there's a background task called "scanner" which collects information on how many files and directories are to be saved, in order to display progress information to the user. When the backup finishes faster than the scanner, it is aborted because the result is not needed any more. This logic contained a bug, where quitting the scanner process was treated as an error, and caused restic to print an unhelpful error message ("context canceled").

#1978 #1991

Enhancement #1766: Restore: suppress lchown errors when not running as root

Like "cp" and "rsync" do, restic now only reports errors for changing the ownership of files during restore if it is run as root, on non-Windows operating systems. On Windows, the error is reported as usual.

#1766

Enhancement #1909: Reject files/dirs by name first

The current scanner/archiver code had an architectural limitation: it always ran the lstat() system call on all files and directories before a decision to include/exclude the file/dir was made. This lead to a lot of unnecessary system calls for items that could have been rejected by their name or path only.

We've changed the archiver/scanner implementation so that it now first rejects by name/path, and only runs the system call on the remaining items. This reduces the number of lstat() system calls a lot (depending on the exclude settings).

#1909 #1912

Enhancement #1940: Add directory filter to ls command

The ls command can now be filtered by directories, so that only files in the given directories will be shown. If the --recursive flag is specified, then ls will traverse subfolders and list their files as well.

It used to be possible to specify multiple snapshots, but that has been replaced by only one snapshot and the possibility of specifying multiple directories.

Specifying directories constrains the walk, which can significantly speed up the listing.

#1940 #1941

Enhancement #1967: Use --host everywhere

We now use the flag --host for all commands which need a host name, using --hostname (e.g. for restic backup) still works, but will print a deprecation warning. Also, add the short option -H where possible.

#1967

Enhancement #2028: Display size of cache directories

The cache command now by default shows the size of the individual cache directories. It can be disabled with --no-size.

#2028 #2033

Enhancement #1777: Improve the find command

We've updated the find command to support multiple patterns.

restic find is now able to list the snapshots containing a specific tree or blob, or even the snapshots that contain blobs belonging to a given pack. A list of IDs can be given, as long as they all have the same type.

The command find can also display the pack IDs the blobs belong to, if the --show-pack-id flag is provided.

#1777 #1780

Enhancement #1876: Display reason why forget keeps snapshots

We've added a column to the list of snapshots forget keeps which details the reasons to keep a particuliar snapshot. This makes debugging policies for forget much easier. Please remember to always try things out with --dry-run!

#1876

Enhancement #1891: Accept glob in paths loaded via --files-from

Before that, behaviour was different if paths were appended to command line or from a file, because wild card characters were expanded by shell if appended to command line, but not expanded if loaded from file.

#1891

Enhancement #1920: Vendor dependencies with Go 1.11 Modules

Until now, we've used dep for managing dependencies, we've now switch to using Go modules. For users this does not change much, only if you want to compile restic without downloading anything with Go 1.11, then you need to run: go build -mod=vendor build.go

#1920

Enhancement #1949: Add new command self-update

We have added a new command called self-update which downloads the latest released version of restic from GitHub and replaces the current binary with it. It does not rely on any external program (so it'll work everywhere), but still verifies the GPG signature using the embedded GPG public key.

By default, the self-update command is hidden behind the selfupdate built tag, which is only set when restic is built using build.go (including official releases). The reason for this is that downstream distributions will then not include the command by default, so users are encouraged to use the platform-specific distribution mechanism.

#1949

Enhancement #1953: Ls: Add JSON output support for restic ls cmd

We've implemented listing files in the repository with JSON as output, just pass --json as an option to restic ls. This makes the output of the command machine readable.

#1953

Bugfix #1854: Allow saving files/dirs on different fs with --one-file-system

Restic now allows saving files/dirs on a different file system in a subdir correctly even when --one-file-system is specified.

The first thing the restic archiver code does is to build a tree of the target files/directories. If it detects that a parent directory is already included (e.g. restic backup /foo /foo/bar/baz), it'll ignore the latter argument.

Without --one-file-system, that's perfectly valid: If /foo is to be archived, it will include /foo/bar/baz. But with --one-file-system, /foo/bar/baz may reside on a different file system, so it won't be included with /foo.

#1854 #1855

Bugfix #1870: Fix restore with --include

We fixed a bug which prevented restic to restore files with an include filter.

#1870 #1900

Bugfix #1880: Use --cache-dir argument for check command

check command now uses a temporary sub-directory of the specified directory if set using the --cache-dir argument. If not set, the cache directory is created in the default temporary directory as before. In either case a temporary cache is used to ensure the actual repository is checked (rather than a local copy).

The --cache-dir argument was not used by the check command, instead a cache directory was created in the temporary directory.

#1880

Bugfix #1893: Return error when exclude file cannot be read

A bug was found: when multiple exclude files were passed to restic and one of them could not be read, an error was printed and restic continued, ignoring even the existing exclude files. Now, an error message is printed and restic aborts when an exclude file cannot be read.

#1893

Bugfix #1861: Fix case-insensitive search with restic find

We've fixed the behavior for restic find -i PATTERN, which was broken in v0.9.1.

#1861

Enhancement #1906: Add support for B2 application keys

Restic can now use so-called "application keys" which can be created in the B2 dashboard and were only introduced recently. In contrast to the "master key", such keys can be restricted to a specific bucket and/or path.

#1906 #1914

Enhancement #874: Add stats command to get information about a repository

#874 #1729

Enhancement #1772: Add restore --verify to verify restored file content

Restore will print error message if restored file content does not match expected SHA256 checksum

#1772

Enhancement #1853: Add JSON output support to restic key list

This PR enables users to get the output of restic key list in JSON in addition to the existing table format.

#1853

Enhancement #1477: S3 backend: accept AWS_SESSION_TOKEN

Before, it was not possible to use s3 backend with AWS temporary security credentials(with AWS_SESSION_TOKEN). This change gives higher priority to credentials.EnvAWS credentials provider.

#1477 #1479 #1647

Enhancement #1901: Update the Backblaze B2 library

We've updated the library we're using for accessing the Backblaze B2 service to 0.5.0 to include support for upcoming so-called "application keys". With this feature, you can create access credentials for B2 which are restricted to e.g. a single bucket or even a sub-directory of a bucket.

#1901 https://github.com/kurin/blazer