Upstream release notes:
Release Notes for 3.3.9:
new --with-security-file configure option
It set the default security file.
default to /etc/amanda-security.conf
security-fix
All previous release of amanda allow the 'amanda' user
to execute any code as root, and to execute an interactive shell
as root.
This is a security vulnerability if you do not trust the 'amanda' user.
There is no need to upgrade if you trust the 'amanda' user
and the account is secure
good password.
secure xinetd.conf setting.
secure .amandahosts setting.
The 'amanda' user can read all files in the machine, it is
what a backup program do.
The set of fix disable the abilities to run unwanted code
as root or to write file anywhere in the filesystem.
/etc/amanda-security.conf/etc/amanda-security.conf
A file that contains security setting.
It list all binaries amanda can execute as root.
restore_by_amanda_user
It tell if the 'amanda' user can do restore as root.
It allow the 'amanda' user to write files anywhere
in the filesystem.
amgtar/amstar/ambsdtar/runtar
Disable arguments that can fork program.
Verify the realpath (with symbolic link resolved) is
in the amanda-security.conf file.
Verify the tar/star/bsdtar realpath program is secure
owned by root and modifiable only by root.
On restore, check the restore_by_amanda_user setting
if not run by root.
Release Notes for 3.3.8:
s3 devices
New NEARLINE S3-STORAGE-CLASS for Google storage.
New AWS4 STORAGE-API
amcryptsimple
Works with newer gpg2.
amgtar
Default SPARSE value is NO if tar < 1.28.
Because a bug in tar with some filesystem.
amstar
support include in backup mode.
ampgsql
Add FULL-WAL property.
Many bugs fix.
Release Notes for 3.3.7p1:
Fix build in 3.3.7.
Release Notes for 3.3.7:
amvault
new --no-interactivity argument.
new --src-labelstr argument.
amdump
compute crc32 of the streams and write them to the debug files.
chg-robot
Add a BROKEN-DRIVE-LOADED-SLOT property.
Many bugs fix.
Release Notes for 3.3.6:
ambsdtar
new application that use BSD tar to do the backup.
Many bugs fix.
Release Notes for 3.3.5:
amtape
faster 'verify' command.
fix parsing of config override arguments.
amsamba
Add REGEX-MATCH property.
amvault
Print progress status.
ndmp device
INDIRECT property default to yes.
Many bugs fix.
Release Notes for 3.3.4:
amreport
new --format argument
new 'json' and 'json_raw' format.
amanda.conf
new REPORT-FORMAT option.
amtape
new 'verify' command.
amadmin
new 'force-level-1' command.
ampgsql
Add VERBOSE property.
S3 device
handle DURABLE_REDUCED_AVAILABILITY for google storage.
Many bugs fix.
Release Notes for 3.3.3:
amdump.X log files use timestamp instead of number, amdump
and amdump.1 are maintained as symlink.
chg-disk
Use the changerfile for the statefile.
s3 device
Support CASTOR storage
amanda.conf
New REPORT-USE-MEDIA and REPORT-NEXT-MEDIA setting.
amfetchdump
New --extract, --directory, --data-path and
--application-property arguments. It allow to do the extraction
on the server.
--exact-match argument to many command, and '=' prefix to expression.
It diable use of expression for host, disk, level and datestamp
on command line argument.
All changer scripts.
Add LOCK-TIMEOUT property.
Many bug fix
Release Notes for 3.3.2:
amgtar
New IGNORE-ZEROS property
amsamba
Fix use of subdir for restore
s3 device
New PROXY property
New PASSWORD, USERNAME, TENANT_ID, TENANT_NAME properties
New STORAGE_API property
New S3_MULTI_DELETE property
New CLIENT_ID, CLIENT_SECRET and REFRESH_TOKEN properties
New CREATE-BUCKET property
New PROJECT-ID property
New REUSE-CONNECTION property
Works with swift and google storage.
NDMP device
Add INDIRECT property
amanda.conf
Add 'max-warnings', The maximum number of warning lines in the report.
Default 'columspec' changed to:
HostName=0:-12:12,Disk=1:-11:11,Level=1👎1,OrigKB=1:-7:0,OutKB=1:-7:0, Compress=1:-6:1,DumpTime=1:-7:7,Dumprate=1:-6:1,TapeTime=1:-6:6, TapeRate=1:-6:1
amadmin
Add --no-default and --print-source arguments for config and
disklist command.
amfetchdump
Print progress.
Add --decrypt, --no-decrypt, --server-decrypt, --client-decrypt,
--compress, --no-compress, --server-compress and
--client-compress options.
fix for compilation with newer glib
fix for compilation on cigwin
Many bug fix
fstab.
(It can also potentially prevent true matches and the whole chunk of
code involved should ideally be rewritten sanely, but it's better than
randomly doing entirely the wrong thing.)
directory in their OS for probably some twenty years. Use /var
instead. In particular, fix the defaults for CNF_INFOFILE, CNF_LOGDIR,
and CNF_INDEXDIR to use the configured LOCALSTATEDIR, which in pkgsrc
will be ${VARBASE}/amanda, instead of hardwiring /usr/adm/amanda.
PR 38958.
PKGREVISION -> 9.
While amanda-client 3.3 has been stable on NetBSD for a while, the
server code has apparently never worked. This commit adds several
patches:
- include sys/{types,time}.h so autoconf tape drive checks pass
- improve error messages when tape drive code is not compiled in
- avoid perl crash in report generation
These changes have been tested on NetBSD 6 kernel with NetBSD 5
userland, amd64 (for no good reason, but this was the machine with the
tape drive), dumping many machines and writing to LTO.
The first two patches are taken from an upstream patch committed to
the 3.3 branch due to this problem being reported. The third patch is
ad hoc based on perl debugging, and needs further investigation. (But
it's better to get a report without a header line than an empty mail
message.)
Amanda::Constants::AMANDA_COMPONENTS having 'server' as one of it's
values. Instead of conditionally trying to eval in Amanda::XferServer,
do it unconditionally. The effect is (nearly) the same.
Changes in release 3.3.1
* amrecover
o New 'settransalte' command.
* amanda.conf
o new '$s' substitution in autolabel.
o new 'max-dle-by-volume' global option.
o new 'eject-volume' global option.
* diskfile
o new 'includefile' option.
* amcheck
o new '--client-verbose' argument.
* All programs have a new '--version' argument.
* ampgsql can take property from server configuration.
* amgetconf can print one property of a section.
* s3 device
o new S3_SERVER_SIDE_ENCRYPTION property.
o use multiple thread to speedup deleting a volume.
* Many bug fix.
Changes in release 3.3.0
* The default auth is changed to "bsdtcp", if you are using the default bsd
then you must add it to your configuration.
o in amanda.conf
o in amanda-client.conf
o in dumptype/disklist
o in xinetd (if no '-auth' argument to amandad)
* amdump trap crtl-c, it still send the report and do cleanup if you do
one crtl-c, do it more than once to abort the run.
* s3 device
o use multiple threads to speedup the transfer
o can connect to eucalytus.
o new NB_THREADS_BACKUP property
o new NB_THREADS_RECOVERY property
o new S3_HOST property
o new S3_SERVICE_PATH property
o new S3_SUBDOMAIN property
* chg-aggregate: new changer that use other changer sequentially.
* meta-volume
* Add meta label in tapelist file
* chg-disk:
o support for removable disk
o new NUM-SLOT property
o new AUTO-CREATE-SLOT property
o new REMOVABLE property
o new MOUNT property
o new UMOUNT property
o new UMOUNT-LOCKFILE property
o new UMOUNT-IDLE property
* new taperscan algorithm:
o oldest: this algorithm try to run through the volumes in the oldest
order
o lexical: this algorithm try to run through the volumes in the natural
order
* Change in amanda.conf
o new meta-autolabel option
o autolabel can include org, config, barcode, meta in the label
o new client-name option in appication and script.
* application and script in amanda-client.conf can be used to set default
properties for application or script.
* amlabel
o The label argument is no longer required, an autolabel can be
generated
o new --meta option
o new --barcode option
o new --assign option
* amgtar, amstar: The path must be specified, it will not works with a
device.
* amrecover: decompression and decryption are now done on the client if
compression/encryption was done on the client.
* amtape: inventory print the current slot
* amanda.conf:
o autoflush have value "no|yes|all"
o script have single-execution setting.
o Add pre-amcheck, post-amcheck, pre-estimate, post-estimate, pre-backup
and post-backup to execute-on of script.
o Add taperscan and interactivity section.
o add 'server' value in recovery-limit.
o add dump-limit in a dumptype.
* amanda-client.conf
o add amdump-server setting.
* script are searched in $APPLICATION_DIR, $CONFIG_DIR/<conf>/application
and $CONFIG_DIR/application
* amservice
o add -s argument
o is also installed on client
* new amdumpd server service, if enable, it allow client to start a backup
of itself.
* new amdump_client program, it is use on client to start a backup of itself
* implement restore command amzfs-sendrecv, it can be use with amrecover.
Changes in release 3.2.2
* Do not restore the NUL padding bytes, some program fail with them.
* Fix driver doing nothing if taper crash early.
* Fix taperalog *FIT no going to second volume.
* Fix amrestore '-p' not going to next file.
* flush even if flush threshold are not met if it save tape space.
* fix crash in amtrmidx due to memory leak.
* amsamba use 'Use smbclient -TF' for restore.
Changes in release 3.2.1
* barcode are added to the tapelist file.
* Faster 'amadmin find', improve speed on many programs.
* device-output-buffer-size default to a minimum of 4*block_size.
* ssh auth use the client-port
* Bug fixed:
o "Can't opendata output stream: Connection refused".
o Better handling of dump to tape.
o Corrupted 'amdump' log file, amstatus not showing correct state.
o Execute subprocess with the config overwrite.
o tape-device allow to set LEOM.
o Crash in robot changer.
o Script output property are not sent to application.
Changes in release 3.2.0
* Support for multiple simultaneous writes to storage devices
o Can write to all available drives in parallel.
o Works only with the new changer API.
o Useful if two or more volumes are used in a single run.
o dump direct to tape can be scheduled any time during the run,
previously they were done sequencially after all dump to holding disk.
o enabled with the new 'taper-parallel-write' configuration option.
* Support for LEOM in storage devices
o allows splitting without partial parts, saving space
o much more efficient, since parts need not be cached on disk in most
cases
* new, simpler splitting commands in the tapetype section:
part-size, part-cache-type, part-cache-dir, part-cache-max-size; see
amanda.conf(5) for details
* Amanda server configuration file changes (amanda.conf)
o new configuration keyword:
+ taper-parallel-write -- How many drive amanda can write to
in parallel.
o deprecated configuration keywords:
+ amrecover_do_fsf
+ amrecover_check_label
* the CONFIG parameter to amidxtaped is now required; this means that
versions of amrecover older than 2.4.3 will be unable to recover from
servers running Amanda-3.2 and later.
* The new dumptype and global parameters 'recovery-limit' can be used to
limit which hosts may recover from a particular DLE. See amanda.conf(5)
and amanda-auth(7) for more information.
* Several old changers have been removed - these changers will work with
Amanda for the forseeable future, but are no longer included in the
distribution.
o chg-chio
o chg-chs
o chg-iomega
o chg-juke
o chg-mcutil
o chg-mtx
o chg-null (use the new "chg-null:")
o chg-rait (use the new "chg-rait:{dev1,dev2}")
o chg-rth
o chg-scsi-chio
o chg-scsi
* Amdump change:
o new '--no-taper' option to start the run in degraded mode
* Amvault is much improved, but still experimental:
o supports assembling split parts on the source volume and re-splitting
them on the destination
o supports filtering dumps with the same syntax as amfetchdump
o a --fulls-only option skips all incremental dumps on the source
o an --export option tries to move tertiary volumes to import/export
slots when completed
o command-line syntax has changed incompatibly; see manpage or
'amvault --help'
* Rewritten and improved:
o amoverview
o amcheckdump
Changes in release 3.1.0
* Deprecated old changers; see amanda-changers(7) for replacements. These
changers are still available in the distribution, but will be removed in a
future release.
o chg-null
o chg-zd-mtx
o chg-rait
o chg-disk
o chg-multi
* Although chg-zd-mtx is still supported, we recommend that all users upgrade
to the more efficient chg-robot. See contrib/convert-zd-mtx-to-robot.sh
for a useful conversion script.
* Amanda server configuration file changes (amanda.conf)
o deprecated configuration keywords:
+ label_new_tapes
o keywords deprecated in 2.6.1:
+ rawtapedev
+ tapebufs
+ file-pad
o new configuration keyword
+ autolabel -- replace label_new_tapes
+ columnspec -- can specify a precision.
+ order -- in script, to specify script order execution.
+ client_port -- in dumptype, to specify which port to connect on
the client.
+ estimate -- in dumptype, can specify multiple estimate method.
o accept 'define' keyword for defining an holdingdisk
* Amanda client configuration file changes (amanda-client.conf)
o new configuration keyword
+ debug_days -- how many days to keep debug files.
+ client_port -- use by amrecover, specify which port to connect on
the server.
* Removed compile-time default --with-changer-device: specify a device
explicitly in amanda.conf instead
* amtape behavior has changed:
o 'device' subcommand removed
o 'slot advance' subcommand removed
o 'update' subcommand no longer displays each slot as it is updated, and
is not supported by all changers
o taperscan output has changed
o new 'inventory' subcommand
* amrmtape rewrite
o use long option
+ --changer -- Specify which changer to use
+ --cleanup -- Remove logs and indexes associated with label
+ --dryrun -- do not update the original copies.
+ --erase -- Attempt to erase the data contained on the volume
+ --keep-label -- Do not remove label from the tapelist
+ --quiet -- Opposite of --verbose
+ --verbose -- List backups of hosts and disks that are being
discarded.
* amdevcheck
o new --label option.
o new --properties option.
* Device API
o changed wildcard setting for S3_BUCKET_LOCATION from "" to "*"
o new 'ndmp:' device to write to a tape on an ndmp server.
o new 'dvdrw:' device to write to a dvd drive.
* Application API
o new properties to many applications
o amgtar
+ new ACLS, SELINUX and XATTRS properties
o amsamba
+ Allow '\' in diskname and amandapass.
+ new ALLOW-ANONYMOUS property.
o new applications:
+ ampgsql -- Backup PostgreSQL using continuous WAL archiving
+ amsuntar -- Backup filesytem with the SUN tar
+ amraw -- Backup only one directory entry
* New taper, with DirectTCP support, changed tape and catalog format:
o all dumpfiles are now F_SPLIT_DUMPFILE
o all on-tape dumpfiles have numparts=-1, since it's no longer possible
to calculate this value in advance
o there is no logging or reporting of zero-byte, successful parts (this
may cause gaps in filenums in the catalog)
* Redesigned amreport
o much more natural command-line interface (just run 'amreport $config')
o experimental XML output
* configuration override for dumptype works with inheritance.
Changes in release 2.6.1p2
* amtapetype: new -p option
* Bugs fixed
o S3 device driver
o amcheckdump
o file not removed from holding disk
o sendbackup compatibility with a 2.4.2 server
o handle EROFS error from tape device.
o zfs snapshot name us the diskname.
o fix fd allocation in amandad
o crash in amflush
Changes in release 2.6.1p1
* amplot: better output
* Don't include genversion.h in distribution tarballs.
* Bugs fixed
o S3 device driver
o rait device driver
o amstatus
o configure
o application-api
o compilation on some platform
o others small bug
Changes in release 2.6.1
* Amanda server configuration file changes (amanda.conf)
o deprecated configuration keywords:
+ rawtapedev
+ tapebufs
+ file-pad
* Application API: Allow to easily write wrappers around any backup program,
See the 'amanda-applications' man page.
o amgtar: Use GNU tar, it is a lot more configurable than the GNUTAR
program. See 'amgtar' man page.
o amstar: Use star to do a backup, it work only on a partition. See
'amstar' man page.
o amsamba: Use smbclient to backup a cifs share, see amsamba man page.
o amzfs-sendrecv: Do a backup of a ZFS filesystem with 'zfs send'.
* Script API: Allow to run script before and after amanda process, see the
'amanda-scripts' man page.
o amzfs-snapshot: Do a snapshot of a ZFS filesystem, then 'amgtar'
application will backup the snapshot. See 'amzfs-snapshot' man page.
o script-email: Simple script to send email. see 'script-email' man page.
* Changer API v2.0: perl-based changer interface supporting concurrent
use of multiple devices and changers.
o currently operating in "compatibility mode," calling old changer
shell scripts.
o under active development.
* Xfer API: generic library to move and filter data with maximal efficiency
o can read from and write to arbitrary devices, files, etc.
o only used in some applications.
* Amanda archive format: A simple archive format that an application can
use to create backup image.
* 'amarchiver' program to manipulate file in amanda archive format.
* Many improvements to report better error message to user.
* amtape subcommands 'slot prev' and 'slot last' are removed.
* Dozens more perl libraries, with more stable interfaces.
* Many bugs fixed and improvement.
* amgetconf '--client' option to retrieve config from
amanda-client.conf on a client.
* Amanda configuration file changes
o new application-tool section
o new script-tool section
o new device section
o new changer section
Changes in release 2.6.0
* configure --disable-shared doesn't work because perl modules require
shared libraries. Use configure --with-static-binaries to build
statically linked binaries.
* 'amverify' and 'amverifyrun' are deprecated and replaced with the
new, more flexible 'amcheckdump'
* 'amdd' and 'ammt' are deprecated.
* Some Amanda files are now installed in new "amanda/" subdirectories:
libraries are now installed in $libdir/amanda and internal programs
are now installed in $libexecdir/amanda.
* The amandates file, previously at /etc/amandates, is now at
$localstatedir/amanda/amandates. You may want to move your existing
/etc/amandates when you upgrade Amanda.
* New 'amcryptsimple', 'amgpgcrypt' - encryption plugins based on gpg.
* New 'amserverconfig', 'amaddclient' - Initial Amanda configuration tools
these tools make assumptions, please see man page.
* Many bugs fixed and code rewrite/cleanup
* glib is required to compile and run amanda.
* Device API: pluggable interface to storage devices, supporting tapes,
vtapes, RAIT, and Amazon S3
* New perl modules link directly to Amanda, to support writing Amanda
applications in Perl. Perl module are installed by default in the perl
installsitelib directory. It can be changed with
'configure --with-amperldir'.
* New 'local' security driver supports backups of the amanda server
without any network connection or other configuration.
* Almost 200 unit tests are available via 'make installcheck'.
* Amanda configuration file changes
o amanda.conf changes
+ flush-threshold-dumped
+ flush-threshold-scheduled
+ taperflush
+ device_property
+ usetimestamps default to yes
[bugfixes and minor improvements omitted; see NEWS]
Changes in release 2.5.2
* krb5 auth is working
* Works with IPv6 address
* Amanda configuration file changes
o amanda.conf changes
+ debugging is enabled in the config file
see all debug_* config option
+ tapetype 'readblocksize', if maxtapeblocksize is set too
larger for your hardware
* Amanda command changes
o amadmin: new 'holding list' and 'holding delete' subcommand.
Changes in release 2.5.1p3
* Works with tar-1.16 and exit status of 1.
Changes in release 2.5.1p2
* amoverview is working
* dumptype starttime is working
* Amanda command changes
o amtape accept the -o arguments
o amgetconf --list to list all tapetype, dumptype, holdingdisk
or interface
o amgetconf can return a value of a specific tapetype, dumptype,
holdingdisk or interface
Changes in release 2.5.1p1
* Remove contrib/sst.
Changes in release 2.5.1
* Defects found by Coverity scan and Klocwork K7 analysis tools fixed.
* Works with GNU tar 1.15.91 - work with new gtar state file format.
* Open SSL encryption support
* Two new authentication methods: bsdtcp, bsdudp.
* Unlimited number of DLEs on a client with bsdtcp, rsh and ssh
authentication methods.
* Recovery process amrecover uses Secure API. amoldrecover command
(same syntax and functionality as amrecover command) is provided for
compatibility with old Amanda releases. amoldrecover command uses old
amidxtaped/amindexd protocol.
* Amanda debug files are separated into client/server/amandad and
are also classified based on Amanda configuration name.
* Amanda command changes
o amfetchdump -o is replaced by -O.
o amcheck -w option does all tests including the tape writable test.
Use amcheck -t -w to do only the tape writable test.
o -o command option to override Amanda configuration. See amanda man
page for details.
o amgetconf command doesn't write the BUGGY message when a entry
is not found in the configuration file.
* Amanda configuration file changes
o amanda.conf changes
+ amrecover_do_fsf in amanda.conf defaults to yes
+ amrecover_check_label in amanda.conf defaults to yes
+ usetimestamps in amanda.conf to support multiple
backup runs in a calendar day.
+ holdingdisk in amanda.conf supports new values:
NEVER, AUTO, REQUIRED.
+ amandad_path, client_username and ssh_keys in
amanda.conf for ssh/rsh authentication.
o New amanda client configuration file - amanda-client.conf.
Different client configuration file can be used for each Amanda
configuration.
+ gnutar_list-dir and amandates can be specified in
Amanda client configuration file - amanda-client.conf
o .amandahosts format changes to allow use of secure API for recovery.
o Amanda service entries in xinetd configuration has changed.
Changes in release 2.5.0p1
* Add the 'amtape update' command.
Changes in release 2.5.0
* Communication security/authentication: Kerberos 4/5, OpenSSH
* Data security: Symmetric/Assymetric encrytion algorithms (aesutil
and gpg encryption), Encryption can be done on server or client,
Custom encryption utilities can be used.
* Compression: Ability to add custom compression tools. This is a
really useful feature especially since it can specified for a DLE. You
can use different compression algorithm for images, binaries, ascii files
and so on.
* Dump images spanning multiple media volumes - Dump images are no
longer restricted to a single media volume (tape or vtape). Data restoration
can be done using amrecover and amfetchdump commands.
* Auto tape labelling - This optional feature is good for disk backups.
Change in release 2.4.5
* new displayunit global option to select the unit use to display number
k=kilo, m=mega, g=giga, t=tera.
* new amoverview -skipmissed option.
Change in release 2.4.5b1
* holding disk disk use timestamped directory.
* autoflush flush today's dump.
* new bumppercent global option, this should improve bumping criteria,
the bumpsize is set to a fixed value which can be adequate for small
and large disk.
* bumpsize, bumppercent, bumpdays and bumpmult can be in a dumptype.
* calcsize support include and exclude like gnutar.
* new 'estimate' dumptype option to select estimate type:
CLIENT: estimate by the dumping program.
CALCSIZE: estimate by the calcsize program, a lot faster but less acurate.
SERVER: estimate based on statistic from previous run, take second but
can be wrong on the estimate size.
Bug fix release and minor improvements:
new chg-iomega changer script.
amanda will not use a tape if it's label is not in the tapelist file.
amflush.c: Don't start a driver if nothing to flush.
amadmin.c: Call check_dumpuser() as soon as posible.
amadmin.c: Don't core dump if DUMPCYLE is too big.
dumper.c: Parse warning message.
chio.h. Note: I do *not* own a SCSI tape changer. Testing appreciated!
This patch continues to use the old ioctl on new systems. If it worked
before, it should continue to work.
Fixes PR pkg/8651.