Tarsnap - Deb Packages

Deb packages

This package format is suitable for:

Debian
Ubuntu, including the beta Windows Subsystem for Linux (also known as "Bash on Ubuntu on Windows")
Mint and other Debian- or Ubuntu-based Linux distributions

To use this package format:

Initial setup: tell apt-get to trust signed packages from Tarsnap Backup Inc.
Choose one:
- Binary package: download and install a pre-compiled binary package.
- Source package: download and compile the source package, then install it.

Initial setup

Get the latest Tarsnap deb packaging key and check that it is recent:
```
wget https://pkg.tarsnap.com/tarsnap-deb-packaging-key.asc
```
```
gpg --show-key tarsnap-deb-packaging-key.asc
pub   rsa4096 2023-10-01 [SC] [expires: 2025-02-01]
      D208F2B72561B8BB5A692B2461CC029C9466168E
uid                      Tarsnap .deb packages signing key (Tarsnap Backup Inc.) <pkg-deb@tarsnap.com>
```
If the key is not recent, then you might have an old version of tarsnap-deb-packaging-key.asc; wget does not overwrite an old file. In that case, please delete the old file and try this step again.
To verify this key, run:
```
gpg --list-packets tarsnap-deb-packaging-key.asc | grep signature
:signature packet: algo 1, keyid 61CC029C9466168E
:signature packet: algo 17, keyid 38CECA690C6A6A6E
```
The first keyid is the Tarsnap deb packaging key, while the second is Colin Percival's key (0x38CECA690C6A6A6E). These keyid values should match those on a public key server search for 0x61CC029C9466168E.
Problem? The certificate of ‘pkg.tarsnap.com’ is not trusted
If you receive the message:
```
ERROR: The certificate of ‘pkg.tarsnap.com’ is not trusted.
ERROR: The certificate of ‘pkg.tarsnap.com’ hasn't got a known issuer.
```
Then you likely need to install the ca-certificates package.
Once you are satisfied that the key is correct, prepare it for use by converting it to gpg's binary format and renaming it:
```
gpg --dearmor tarsnap-deb-packaging-key.asc
```
```
mv tarsnap-deb-packaging-key.asc.gpg tarsnap-archive-keyring.gpg
```

Add the key and our repository to your system. Check your version of apt-get with:

apt-get --version

Based on the version number, use:

apt-get 1.1 or higher (2016 onwards): Debian 9 stretch, Ubuntu 16.04 xenial, etc.

sudo cp tarsnap-archive-keyring.gpg /usr/share/keyrings/

echo "deb [signed-by=/usr/share/keyrings/tarsnap-archive-keyring.gpg] http://pkg.tarsnap.com/deb/$(lsb_release -s -c) ./" | sudo tee -a /etc/apt/sources.list.d/tarsnap.list

or:

apt-get 1.0 or lower (2015 or earlier): Debian 8 jessie, Ubuntu 14.04 trusty, Ubuntu 15.10 wily, etc.

sudo cp tarsnap-archive-keyring.gpg /etc/apt/trusted.gpg.d/

echo "deb http://pkg.tarsnap.com/deb/$(lsb_release -s -c) ./" | sudo tee -a /etc/apt/sources.list.d/tarsnap.list

Problem? lsb_release: command not found

If you receive the message

lsb_release: command not found

then you may either:

Install the lsb-release package, delete the incomplete line from /etc/apt/sources.d/tarsnap.list and re-run the command.
Manually enter a directory name for your distribution.

Problem? The repository doesn't seem to exist

Assuming that this is not a temporary network problem, you may be running a distribution release that is not included in our list. Our directory structure supplies the following releases:

Distribution	Directory	Package compiled on
Debian 7	`wheezy`	`wheezy`
Debian 8	`jessie`	`wheezy`
Debian 9	`stretch`	`stretch`
Debian 10	`buster`	`stretch`
Debian 11	`bullseye`	`stretch`
Debian 12	`bookworm`	`jammy`
Debian unstable	`sid`	`jammy`
ElementaryOS 0.3	`freya`	`wheezy`
ElementaryOS 0.4	`loki`	`wheezy`
ElementaryOS 5.0	`juno`	`stretch`
ElementaryOS 5.1	`hera`	`stretch`
ElementaryOS 6	`odin`	`stretch`
ElementaryOS 6.1	`jolnir`	`stretch`
ElementaryOS 7.0	`horus`	`jammy`
Mint 13	`maya`	`wheezy`
Mint 17	`qiana`	`wheezy`
Mint 17.1	`rebecca`	`wheezy`
Mint 17.2	`rafaela`	`wheezy`
Mint 17.3	`rosa`	`wheezy`
Mint 18	`sarah`	`wheezy`
Mint 18.1	`serena`	`wheezy`
Mint 18.2	`sonya`	`wheezy`
Mint 18.3	`sylvia`	`wheezy`
Mint 19.0	`tara`	`stretch`
Mint 19.1	`tessa`	`stretch`
Mint 19.2	`tina`	`stretch`
Mint 19.3	`tricia`	`stretch`
Mint 20	`ulyana`	`stretch`
Mint 20.1	`ulyssa`	`stretch`
Mint 20.2	`uma`	`stretch`
Mint 20.3	`una`	`stretch`
Mint 21	`vanessa`	`jammy`
Mint 21.1	`vera`	`jammy`
Mint 21.2	`victoria`	`jammy`
Mint 21.3	`virginia`	`jammy`
Mint Debian 6	`faye`	`jammy`
Ubuntu 12.04	`precise`	`precise`
Ubuntu 14.04	`trusty`	`wheezy`
Ubuntu 16.04	`xenial`	`wheezy`
Ubuntu 16.10	`yakkety`	`wheezy`
Ubuntu 17.04	`zesty`	`wheezy`
Ubuntu 17.10	`artful`	`wheezy`
Ubuntu 18.04	`bionic`	`stretch`
Ubuntu 18.10	`cosmic`	`stretch`
Ubuntu 19.04	`disco`	`stretch`
Ubuntu 19.10	`eoan`	`stretch`
Ubuntu 20.04	`focal`	`stretch`
Ubuntu 20.10	`groovy`	`stretch`
Ubuntu 21.04	`hirsute`	`stretch`
Ubuntu 21.10	`impish`	`stretch`
Ubuntu 22.04	`jammy`	`jammy`
Ubuntu 22.10	`kinetic`	`jammy`
Ubuntu 23.04	`lunar`	`jammy`
Ubuntu 23.10	`mantic`	`jammy`
Ubuntu 24.04	`noble`	`jammy`

If you are running a different Debian-based distribution, try using:

deb http://pkg.tarsnap.com/deb/stretch ./

and if that fails, try:

deb http://pkg.tarsnap.com/deb/wheezy ./

deb http://pkg.tarsnap.com/deb/jammy ./

If none of those options work, please contact us at pkg-deb@tarsnap.com.

Update your package database:
```
sudo apt-get update
```

Tarsnap binary package

We currently provide binaries for i386 and amd64. If you are using another architecture (such as ARM or MIPS), then please follow the Tarsnap source package instructions.

One exception to the above: Ubuntu 22.04 and up no longer supports the i386 architecture, so we do not have i386 binary packages for Ubuntu 22.04 jammy and later versions. If you are running Ubuntu 22.04 on i386 (somehow?), then the source package instructions should still work.

If you have not done so already, complete the Initial setup.
Install the binary package:
```
sudo apt-get install tarsnap
```
This will also install the tarsnap-archive-keyring package, which allows you to receive updated Tarsnap code and package signing keys. These keys are updated on an annual basis: the code signing key is created in January, while the package signing key is created in the previous July so that users have 6 months in which to receive that key by running the usual:
```
apt-get update && apt-get upgrade
```
Problem? I didn't get tarsnap-archive-keyring on Linux Mint
Between Mint 16 "Petra" (2013) and Mint 20 "Ulyana" (2020), apt did not install "recommended" packages by default.
To install the tarsnap-archive-keyring package, please run:
```
sudo apt-get install tarsnap-archive-keyring
```
(optional) The tarsnap binary package looks for a config file called /etc/tarsnap.conf, whereas the client built from the source tarball looks in /usr/local/etc/tarsnap.conf. If you have an existing Tarsnap config file, you may wish to:
```
sudo mv /usr/local/etc/tarsnap.conf /etc/
```

Tarsnap source package

Most users will not need to use the source package; it is provided for:

Systems with a CPU architecture other than i386 or amd64.
"Truly paranoid" users who want to check exactly what is being compiled.

Tarsnap source package setup

If you have not done so already, complete the Initial setup.
Make sure that the package signing key is installed:
```
sudo apt-get install tarsnap-archive-keyring
```
Add the source repository. Check your version of apt-get with:
```
apt-get --version
```
Based on the version number, use:
- apt-get 1.1 or higher (2016 onwards): Debian 9 stretch, Ubuntu 16.04 xenial, etc.
```
echo "deb-src [signed-by=/usr/share/keyrings/tarsnap-archive-keyring.gpg] http://pkg.tarsnap.com/deb-src ./" | sudo tee -a /etc/apt/sources.list.d/tarsnap.list
```
or:
- apt-get 1.0 or lower (2015 or earlier): Debian 8 jessie, Ubuntu 14.04 trusty, Ubuntu 15.10 wily, etc.
```
echo "deb-src http://pkg.tarsnap.com/deb-src ./" | sudo tee -a /etc/apt/sources.list.d/tarsnap.list
```
The source repository URL does not vary between distributions; the same source package works on all supported Debian, Ubuntu, and Mint distributions.
Update your package database:
```
sudo apt-get update
```
Import the public key to the appropriate keyring so that the source package will be accepted by your non-root user:
```
gpg --no-default-keyring --keyring trustedkeys.gpg \
    --import /usr/share/keyrings/tarsnap-archive-keyring.gpg
```
This command is required because:
- apt-get source calls dpkg-source, which in turn calls gpgv.
- gpgv uses a keyring called trustedkeys.gpg, but gpgv cannot import keys. Instead, we must use gpg to import the key to that keyring.

Tarsnap source package building

Download the source, build it, and install:

sudo apt-get build-dep tarsnap

apt-get source -b tarsnap

sudo dpkg -i tarsnap_*.deb

(optional) If you would like to verify the signatures manually, you probably want to install the signature to your regular gpg keyring (in addition to the gpgv keyring that was configured in step 5).
```
gpg --import /usr/share/keyrings/tarsnap-archive-keyring.gpg
```
```
gpg --import /usr/share/keyrings/tarsnap-code-signing-keyring.gpg
```

Experimental packages

We have a repository for experimental packages. Most of the time, these packages are the same version as the official ones (although signed with our experimental key).

Currently testing

Not testing any packages.

Initial setup of the experimental repository

Ensure that you have a copy of the archive key; the method depends on whether you have already installed the tarsnap-archive-keyring package or not.
1. If you already installed the package, the key is on your system. Make an extra copy of the key:
```
cp /usr/share/keyrings/tarsnap-experimental-keyring.gpg .
```
  and skip to step 2.
  This extra copy of the keyring allows you to follow step 2 exactly, instead of modifying the instructions to suit your system.
or:
1. If you haven't installed the package, please download the key:
```
wget https://pkg.tarsnap.com/experimental/tarsnap-EXPERIMENTAL-deb-packaging-key.asc
```
  This key has been signed by Colin Percival; you can check it with the steps listed in initial setup by doing a public key server search for 0x0AF7865A370FF921.
  Then convert it to gpg's binary format and rename it:
```
gpg --dearmor tarsnap-EXPERIMENTAL-deb-packaging-key.asc
```
```
mv tarsnap-EXPERIMENTAL-deb-packaging-key.asc.gpg tarsnap-experimental-keyring.gpg
```

Add the key and our repository to your system. Check your version of apt-get with:

apt-get --version

Based on the version number, use:

apt-get 1.1 or higher (2016 onwards): Debian 9 stretch, Ubuntu 16.04 xenial, etc.

sudo cp tarsnap-experimental-keyring.gpg /usr/share/keyrings/

echo "deb [signed-by=/usr/share/keyrings/tarsnap-experimental-keyring.gpg] http://pkg.tarsnap.com/experimental/deb/$(lsb_release -s -c) ./" | sudo tee -a /etc/apt/sources.list.d/tarsnap.list

or:

apt-get 1.0 or lower (2015 or earlier): Debian 8 jessie, Ubuntu 14.04 trusty, Ubuntu 15.10 wily, etc.

sudo cp tarsnap-experimental-keyring.gpg /etc/apt/trusted.gpg.d/

echo "deb http://pkg.tarsnap.com/experimental/deb/$(lsb_release -s -c) ./" | sudo tee -a /etc/apt/sources.list.d/tarsnap.list

This URL is almost the same as the official Tarsnap repository; we merely inserted experimental/ after the hostname.

Update:
```
sudo apt-get update
```

Installing the experimental packages

Once you have completed the initial setup, run:
```
sudo apt-get install tarsnap
```
(If you already have tarsnap installed, it will be upgraded to the latest experimental version.)

Known issues and contact

There are no known problems with these packages.

Other problems? Please email pkg-deb@tarsnap.com.