duplicity man page on ElementaryOS

Man page or keyword search:  
man Server   4994 pages
apropos Keyword Search (all sections)
Output format
ElementaryOS logo
[printable version]

DUPLICITY(1)			 User Manuals			  DUPLICITY(1)

       duplicity - Encrypted incremental backup to local or remote storage.

       For detailed descriptions for each command see chapter ACTIONS.

       duplicity [full|incremental] [options] source_directory target_url

       duplicity verify [options] [--compare-data] [--file-to-restore
       <relpath>] [--time time] source_url target_directory

       duplicity collection-status [options] target_url

       duplicity list-current-files [options] [--time time] target_url

       duplicity [restore] [options] [--file-to-restore <relpath>] [--time
       time] source_url target_directory

       duplicity remove-older-than <time> [options] [--force] target_url

       duplicity remove-all-but-n-full <count> [options] [--force] target_url

       duplicity remove-all-inc-of-but-n-full <count> [options] [--force]

       duplicity cleanup [options] [--force] [--extra-clean] target_url

       Duplicity requires a POSIX-like operating system with a python
       interpreter version 2.4+ installed.  It is best used under GNU/Linux.

       Some backends also require additional components (probably available as
       packages for your specific platform):

       boto backend (S3 Amazon Web Services, Google Cloud Storage)
	      boto version 2.0+ - http://github.com/boto/boto

       cloudfiles backend (deprecated) (e.g. Rackspace Open Cloud)
	      Cloud Files Python API (deprecated) -

       cfpyrax backend (Rackspace Cloud)
	      Rackspace CloudFiles Pyrax API -

       dpbx backend (Dropbox)
	      Dropbox Python SDK -

       ftp backend
	      NcFTP Client - http://www.ncftp.com/

       ftps backend
	      LFTP Client - http://lftp.yar.ru/

       gdocs backend (Google Docs)
	      Google Data APIs Python Client Library -

       gio backend (Gnome VFS API)
	      PyGObject - http://live.gnome.org/PyGObject
	      D-Bus (dbus)- http://www.freedesktop.org/wiki/Software/dbus

       rsync backend
	      rsync client binary - http://rsync.samba.org/

       mega backend (mega.co.nz)
	      Python library for mega API -
	      https://github.com/ckornacker/mega.py, ubuntu ppa -

       There are two ssh backends for scp/sftp/ssh access (also see A NOTE ON

       ssh paramiko backend (enabled by default)
	      paramiko (SSH2 for python) -
	      http://pypi.python.org/pypi/paramiko (downloads);
	      http://github.com/paramiko/paramiko (project page)
	      pycrypto (Python Cryptography Toolkit) -

       ssh pexpect backend
	      sftp/scp client binaries OpenSSH - http://www.openssh.com/

       swift backend (OpenStack Object Storage)
	      Python swiftclient module - https://github.com/openstack/python-
	      Python keystoneclient module -

       Ubuntu One
	      httplib2 (python	HTTP client library) -
	      oauthlib (python OAuth request-signing logic) -

       webdav backend
	      certificate authority database file for ssl certificate
	      verification of HTTPS connections -

       Duplicity incrementally backs up files and folders into tar-format
       volumes encrypted with GnuPG and places them to a remote (or local)
       storage backend.	 See chapter URL FORMAT for a list of all supported
       backends and how to address them.  Because duplicity uses librsync,
       incremental backups are space efficient and only record the parts of
       files that have changed since the last backup.  Currently duplicity
       supports deleted files, full Unix permissions, uid/gid, directories,
       symbolic links, fifos, etc., but not hard links.

       If you are backing up the root directory /, remember to --exclude
       /proc, or else duplicity will probably crash on the weird stuff in

       Here is an example of a backup, using sftp to back up /home/me to
       some_dir on the other.host machine:

	      duplicity /home/me sftp://uid@other.host/some_dir

       If the above is run repeatedly, the first will be a full backup, and
       subsequent ones will be incremental. To force a full backup, use the
       full action:

	      duplicity full /home/me sftp://uid@other.host/some_dir

       or enforcing a full every other time via --full-if-older-than <time> ,
       e.g. a full every month:

	      duplicity --full-if-older-than 1M /home/me

       Now suppose we accidentally delete /home/me and want to restore it the
       way it was at the time of last backup:

	      duplicity sftp://uid@other.host/some_dir /home/me

       Duplicity enters restore mode because the URL comes before the local
       directory.  If we wanted to restore just the file "Mail/article" in
       /home/me as it was three days ago into /home/me/restored_file:

	      duplicity -t 3D --file-to-restore Mail/article
	      sftp://uid@other.host/some_dir /home/me/restored_file

       The following command compares the latest backup with the current

	      duplicity verify sftp://uid@other.host/some_dir /home/me

       Finally, duplicity recognizes several include/exclude options.  For
       instance, the following will backup the root directory, but exclude
       /mnt, /tmp, and /proc:

	      duplicity --exclude /mnt --exclude /tmp --exclude /proc /

       Note that in this case the destination is the local directory
       /usr/local/backup.  The following will backup only the /home and /etc
       directories under root:

	      duplicity --include /home --include /etc --exclude '**' /

       Duplicity can also access a repository via ftp.	If a user name is
       given, the environment variable FTP_PASSWORD is read to determine the

	      FTP_PASSWORD=mypassword duplicity /local/dir

       Duplicity knows action commands, which can be finetuned with options.
       The actions for backup (full,incr) and restoration (restore) can as
       well be left out as duplicity detects in what mode it should switch to
       by the order of target URL and local folder. If the target URL comes
       before the local folder a restore is in order, is the local folder
       before target URL then this folder is about to be backed up to the
       target URL.
       If a backup is in order and old signatures can be found duplicity
       automatically performs an incremental backup.

       Note: The following explanations explain some but not all options that
       can be used in connection with that action command.  Consult the
       OPTIONS section for more detailed informations.

       full <folder> <url>
	      Perform a full backup. A new backup chain is started even if
	      signatures are available for an incremental backup.

       incr <folder> <url>
	      If this is requested an incremental backup will be performed.
	      Duplicity will abort if no old signatures can be found.

       verify [--compare-data] [--time <time>] [--file-to-restore <relpath>]
       <url> <folder>
	      Verify compares the backup contents with the source folder.
	      duplicity will exit with a non-zero error level if any files are
	      different.  On verbosity level info (4) or higher, a message for
	      each file that has changed will be logged.
	      The --file-to-restore option restricts verify to that file or
	      folder.  The --time option allows to select a backup to verify
	      against.	The --compare-data option enables data comparison (see

       collection-status <url>
	      Summarize the status of the backup repository by printing the
	      chains and sets found, and the number of volumes in each.

       list-current-files [--time <time>] <url>
	      Lists the files contained in the most current backup or backup
	      at time.	The information will be extracted from the signature
	      files, not the archive data itself. Thus the whole archive does
	      not have to be downloaded, but on the other hand if the archive
	      has been deleted or corrupted, this command will not detect it.

       restore [--file-to-restore <relpath>] [--time <time>] <url>
	      You can restore the full monty or selected folders/files from a
	      specific time.  Use the relative path as it is printed by list-
	      current-files.  Usually not needed as duplicity enters restore
	      mode when it detects that the URL comes before the local folder.

       remove-older-than <time> [--force] <url>
	      Delete all backup sets older than the given time.	 Old backup
	      sets will not be deleted if backup sets newer than time depend
	      on them.	See the TIME FORMATS section for more information.
	      Note, this action cannot be combined with backup or other
	      actions, such as cleanup.	 Note also that --force will be needed
	      to delete the files instead of just listing them.

       remove-all-but-n-full <count> [--force] <url>
	      Delete all backups sets that are older than the count:th last
	      full backup (in other words, keep the last count full backups
	      and associated incremental sets).	 count must be larger than
	      zero. A value of 1 means that only the single most recent backup
	      chain will be kept.  Note that --force will be needed to delete
	      the files instead of just listing them.

       remove-all-inc-of-but-n-full <count> [--force] <url>
	      Delete incremental sets of all backups sets that are older than
	      the count:th last full backup (in other words, keep only old
	      full backups and not their increments).  count must be larger
	      than zero. A value of 1 means that only the single most recent
	      backup chain will be kept intact.	 Note that --force will be
	      needed to delete the files instead of just listing them.

       cleanup [--force] [--extra-clean] <url>
	      Delete the extraneous duplicity files on the given backend.
	      Non-duplicity files, or files in complete data sets will not be
	      deleted.	This should only be necessary after a duplicity
	      session fails or is aborted prematurely.	Note that --force will
	      be needed to delete the files instead of just listing them.

	      Do not abort on attempts to use the same archive dir or remote
	      backend to back up different directories. duplicity will tell
	      you if you need this switch.

       --archive-dir path
	      The archive directory.  NOTE: This option changed in 0.6.0.  The
	      archive directory is now necessary in order to manage
	      persistence for current and future enhancements.	As such, this
	      option is now used only to change the location of the archive
	      directory.  The archive directory should not be deleted, or
	      duplicity will have to recreate it from the remote repository
	      (which may require decrypting the backup contents).

	      When backing up or restoring, this option specifies that the
	      local archive directory is to be created in path.	 If the
	      archive directory is not specified, the default will be to
	      create the archive directory in ~/.cache/duplicity/.

	      The archive directory can be shared between backups to multiple
	      targets, because a subdirectory of the archive dir is used for
	      individual backups (see --name ).

	      The combination of archive directory and backup name must be
	      unique in order to separate the data of different backups.

	      The interaction between the --archive-dir and the --name options
	      allows for four possible combinations for the location of the
	      archive dir:

	      1.     neither specified (default)

	      2.     --archive-dir=/arch, no --name

	      3.     no --archive-dir, --name=foo

	      4.     --archive-dir=/arch, --name=foo

	      (EXPERIMENTAL) Perform file uploads asynchronously in the
	      background, with respect to volume creation. This means that
	      duplicity can upload a volume while, at the same time, preparing
	      the next volume for upload. The intended end-result is a faster
	      backup, because the local CPU and your bandwidth can be more
	      consistently utilized. Use of this option implies additional
	      need for disk space in the temporary storage location; rather
	      than needing to store only one volume at a time, enough storage
	      space is required to store two volumes.

       --cf-backend backend
	      Allows the explicit selection of a cloudfiles backend. Defaults
	      to pyrax.	 Alternatively you might choose cloudfiles.

	      Enable data comparison of regular files on action verify.	 This
	      is disabled by default for performance reasons.

	      Calculate what would be done, but do not perform any backend

       --encrypt-key key-id
	      When backing up, encrypt to the given public key, instead of
	      using symmetric (traditional) encryption.	 Can be specified
	      multiple times.  The key-id can be given in any of the formats
	      supported by GnuPG; see gpg(1), section "HOW TO SPECIFY A USER
	      ID" for details.

       --encrypt-secret-keyring filename
	      This option can only be used with --encrypt-key, and changes the
	      path to the secret keyring for the encrypt key to filename This
	      keyring is not used when creating a backup. If not specified,
	      the default secret keyring is used which is usually located at

       --encrypt-sign-key key-id
	      Convenience parameter. Same as --encrypt-key key-id --sign-key

       --exclude shell_pattern
	      Exclude the file or files matched by shell_pattern.  If a
	      directory is matched, then files under that directory will also
	      be matched.  See the FILE SELECTION section for more

	      Exclude all device files.	 This can be useful for
	      security/permissions reasons or if rdiff-backup is not handling
	      device files correctly.

       --exclude-filelist filename
	      Excludes the files listed in filename.  See the FILE SELECTION
	      section for more information.

	      Like --exclude-filelist, but the list of files will be read from
	      standard input.  See the FILE SELECTION section for more

       --exclude-globbing-filelist filename
	      Like --exclude-filelist but each line of the filelist will be
	      interpreted according to the same rules as --include and

       --exclude-if-present filename
	      Exclude directories if filename is present. This option needs to
	      come before any other include or exclude options.

	      Exclude files on file systems (identified by device number)
	      other than the file system the root of the source directory is

       --exclude-regexp regexp
	      Exclude files matching the given regexp.	Unlike the --exclude
	      option, this option does not match files in a directory it
	      matches.	See the FILE SELECTION section for more information.

	      When cleaning up, be more aggressive about saving space.	For
	      example, this may delete signature files for old backup chains.

	      Caution: Without signature files those old backup chains are
	      unrestorable. Do not use --extra-clean unless you know what
	      you're doing.

	      See the cleanup argument for more information.

       --file-to-restore path
	      This option may be given in restore mode, causing only path to
	      be restored instead of the entire contents of the backup
	      archive.	path should be given relative to the root of the
	      directory backed up.

       --full-if-older-than time
	      Perform a full backup if an incremental backup is requested, but
	      the latest full backup in the collection is older than the given
	      time.  See the TIME FORMATS section for more information.

	      Proceed even if data loss might result.  Duplicity will let the
	      user know when this option is required.

	      Use passive (PASV) data connections.  The default is to use
	      passive, but to fallback to regular if the passive connection
	      fails or times out.

	      Use regular (PORT) data connections.

       --gio  Use the GIO backend and interpret any URLs as GIO would.

       --hidden-encrypt-key key-id
	      Same as --encrypt-key, but it hides user's key id from encrypted
	      file. It uses the gpg's --hidden-recipient command to obfuscate
	      the owner of the backup. On restore, gpg will automatically try
	      all available secret keys in order to decrypt the backup. See
	      gpg(1) for more details.

	      Try to ignore certain errors if they happen. This option is only
	      intended to allow the restoration of a backup in the face of
	      certain problems that would otherwise cause the backup to fail.
	      It is not ever recommended to use this option unless you have a
	      situation where you are trying to restore from backup and it is
	      failing because of an issue which you want duplicity to ignore.
	      Even then, depending on the issue, this option may not have an

	      Please note that while ignored errors will be logged, there will
	      be no summary at the end of the operation to tell you what was
	      ignored, if anything. If this is used for emergency restoration
	      of data, it is recommended that you run the backup in such a way
	      that you can revisit the backup log (look for lines containing
	      the string IGNORED_ERROR).

	      If you ever have to use this option for reasons that are not
	      understood or understood but not your own responsibility, please
	      contact duplicity maintainers. The need to use this option under
	      production circumstances would normally be considered a bug.

       --imap-mailbox option
	      Allows you to specify a different mailbox.  The default is
	      "INBOX".	Other languages may require a different mailbox than
	      the default.

       --gpg-options options
	      Allows you to pass options to gpg encryption.  The options list
	      should be of the form "opt1=parm1 opt2=parm2" where the string
	      is quoted and the only spaces allowed are between options.

       --include shell_pattern
	      Similar to --exclude but include matched files instead.  Unlike
	      --exclude, this option will also match parent directories of
	      matched files (although not necessarily their contents).	See
	      the FILE SELECTION section for more information.

       --include-filelist filename
	      Like --exclude-filelist, but include the listed files instead.
	      See the FILE SELECTION section for more information.

	      Like --include-filelist, but read the list of included files
	      from standard input.

       --include-globbing-filelist filename
	      Like --include-filelist but each line of the filelist will be
	      interpreted according to the same rules as --include and

       --include-regexp regexp
	      Include files matching the regular expression regexp.  Only
	      files explicitly matched by regexp will be included by this
	      option.  See the FILE SELECTION section for more information.

       --log-fd number
	      Write specially-formatted versions of output messages to the
	      specified file descriptor.  The format used is designed to be
	      easily consumable by other programs.

       --log-file filename
	      Write specially-formatted versions of output messages to the
	      specified file.  The format used is designed to be easily
	      consumable by other programs.

       --name symbolicname
	      Set the symbolic name of the backup being operated on. The
	      intent is to use a separate name for each logically distinct
	      backup. For example, someone may use "home_daily_s3" for the
	      daily backup of a home directory to Amazon S3. The structure of
	      the name is up to the user, it is only important that the names
	      be distinct. The symbolic name is currently only used to affect
	      the expansion of --archive-dir , but may be used for additional
	      features in the future. Users running more than one distinct
	      backup are encouraged to use this option.

	      If not specified, the default value is a hash of the backend

	      Do not use GnuPG to encrypt files on remote system.  Instead
	      just write gzipped volumes.

	      By default duplicity will print statistics about the current
	      session after a successful backup.  This switch disables that

	      Use nulls (\0) instead of newlines (\n) as line separators,
	      which may help when dealing with filenames containing newlines.
	      This affects the expected format of the files specified by the
	      --{include|exclude}-filelist[-stdin] switches as well as the
	      format of the directory statistics file.

	      On restore always use the numeric uid/gid from the archive and
	      not the archived user/group names, which is the default
	      behaviour.  Recommended for restoring from live cds which might
	      have the users with identical names but different uids/gids.

       --num-retries number
	      Number of retries to make on errors before giving up.

	      Use the old filename format (incompatible with Windows/Samba)
	      rather than the new filename format.

	      When selected, duplicity will output the current upload progress
	      and estimated upload time. To annotate changes, it will perform
	      a first dry-run before a full or incremental, and then runs the
	      real operation estimating the real upload progress.

       --progress_rate number
	      Sets the update rate at which duplicity will output the upload
	      progress messages (requires --progress option). Default is to
	      prompt the status each 3 seconds.

       --rename <original path> <new path>
	      Treats the path orig in the backup as if it were the path new.
	      Can be passed multiple times. An example:

	      duplicity restore --rename Documents/metal Music/metal
	      sftp://uid@other.host/some_dir /home/me

       --rsync-options options
	      Allows you to pass options to the rsync backend.	The options
	      list should be of the form "opt1=parm1 opt2=parm2" where the
	      option string is quoted and the only spaces allowed are between
	      options. The option string will be passed verbatim to rsync,
	      after any internally generated option designating the remote
	      port to use. Here is a possibly useful example:

	      duplicity --rsync-options="--partial-dir=.rsync-partial"
	      /home/me rsync://uid@other.host/some_dir

	      When using the Amazon S3 backend, create buckets in Europe
	      instead of the default (requires --s3-use-new-style ). Also see
	      the EUROPEAN S3 BUCKETS section.

	      Don't use SSL for connections to S3.

	      This may be much faster, at some cost to confidentiality.

	      With this option, anyone who can observe traffic between your
	      computer and S3 will be able to tell: that you are using
	      Duplicity, the name of the bucket, your AWS Access Key ID, the
	      increment dates and the amount of data in each increment.

	      This option affects only the connection, not the GPG encryption
	      of the backup increment files.  Unless that is disabled, an
	      observer will not be able to see the file names or contents.

	      When operating on Amazon S3 buckets, use new-style subdomain
	      bucket addressing. This is now the preferred method to access
	      Amazon S3, but is not backwards compatible if your bucket name
	      contains upper-case characters or other characters that are not
	      valid in a hostname.

       --scp-command command
	      (only ssh pexpect backend with --use-scp enabled) The command
	      will be used instead of "scp" to send or receive files.  To list
	      and delete existing files, the sftp command is used.
	      See also A NOTE ON SSH BACKENDS section SSH pexpect backend.

       --sftp-command command
	      (only ssh pexpect backend) The command will be used instead of
	      See also A NOTE ON SSH BACKENDS section SSH pexpect backend.

	      If this option is specified, the names of the files duplicity
	      writes will be shorter (about 30 chars) but less understandable.
	      This may be useful when backing up to MacOS or another OS or FS
	      that doesn't support long filenames.

       --sign-key key-id
	      This option can be used when backing up, restoring or verifying.
	      When backing up, all backup files will be signed with keyid key.
	      When restoring, duplicity will signal an error if any remote
	      file is not signed with the given key-id. The key-id can be
	      givein in any of the formats supported by GnuPG; see gpg(1),
	      section "HOW TO SPECIFY A USER ID" for details.  Should be
	      specified only once because currently only one signing key is
	      supported. Last entry overrides all other entries.

	      Tells the ssh backend to prompt the user for the remote system
	      password, if it was not defined in target url and no
	      FTP_PASSWORD env var is set.  This password is also used for
	      passphrase-protected ssh keys.

       --ssh-backend backend
	      Allows the explicit selection of a ssh backend. Defaults to
	      paramiko.	 Alternatively you might choose pexpect.
	      See also A NOTE ON SSH BACKENDS.

       --ssh-options options
	      Allows you to pass options to the ssh backend.  The options list
	      should be of the form "-oOpt1=parm1 -oOpt2=parm2" where the
	      option string is quoted and the only spaces allowed are between
	      options. The option string will be passed verbatim to both scp
	      and sftp, whose command line syntax differs slightly hence the
	      options should therefore be given in the long option format
	      described in ssh_config(5), like in this example:

	      duplicity --ssh-options="-oProtocol=2
	      -oIdentityFile=/my/backup/id" /home/me

	      NOTE: ssh paramiko backend currently supports only the
	      -oIdentityFile setting.

       --ssl-cacert-file file
	      (only webdav backend) Provide a cacert file for ssl certificate

	      (only webdav backend) Disable ssl certificate verification.

       --tempdir directory
	      Use this existing directory for duplicity temporary files
	      instead of the system default, which is usually the /tmp
	      directory. This option supersedes any environment variable.

       -ttime, --time time, --restore-time time
	      Specify the time from which to restore or list files.

       --time-separator char
	      Use char as the time separator in filenames instead of colon

       --timeout seconds
	      Use seconds as the socket timeout value if duplicity begins to
	      timeout during network operations.  The default is 30 seconds.

	      If this option is specified, then --use-agent is passed to the
	      GnuPG encryption process and it will try to connect to gpg-agent
	      before it asks for a passphrase for --encrypt-key or --sign-key
	      if needed.
	      Note: GnuPG 2 and newer ignore this option and will always use a
	      running gpg-agent if no passphrase was delivered.

	      If this option is specified, then the ssh backend will use the
	      scp protocol rather than sftp for backend operations.
	      See also A NOTE ON SSH BACKENDS.

       --verbosity level, -vlevel
	      Specify output verbosity level (log level).  Named levels and
	      corresponding values are 0 Error, 2 Warning, 4 Notice (default),
	      8 Info, 9 Debug (noisiest).
	      level may also be
	      a character: e, w, n, i, d
	      a word: error, warning, notice, info, debug

	      The options -v4, -vn and -vnotice are functionally equivalent,
	      as are the mixed/upper-case versions -vN, -vNotice and -vNOTICE.

	      Print duplicity's version and quit.

       --volsize number
	      Change the volume size to number Mb. Default is 25Mb.

	      In decreasing order of importance, specifies the directory to
	      use for temporary files (inherited from Python's tempfile
	      module).	Eventually the option --tempdir supercedes any of

	      Supported by most backends which are password capable. More
	      secure than setting it in the backend url (which might be
	      readable in the operating systems process listing to other users
	      on the same machine).

	      This passphrase is passed to GnuPG. If this is not set, the user
	      will be prompted for the passphrase.

	      The passphrase to be used for --sign-key.	 If ommitted and sign
	      key is also one of the keys to encrypt against PASSPHRASE will
	      be reused instead.  Otherwise, if passphrase is needed but not
	      set the user will be prompted for it.

       Duplicity uses the URL format (as standard as possible) to define data
       locations.  The generic format for a URL is:


       It is not recommended to expose the password on the command line since
       it could be revealed to anyone with permissions to do process listings,
       it is permitted however.	 Consider setting the environment variable
       FTP_PASSWORD instead, which is used by most, if not all backends,
       regardless of it's name.

       In protocols that support it, the path may be preceded by a single
       slash, '/path', to represent a relative path to the target home
       directory, or preceded by a double slash, '//path', to represent an
       absolute filesystem path.

       Formats of each of the URL schemes follow:

	      Rackspace Cloud Files

	      Make sure to read A NOTE ON DROPBOX ACCESS first!




	      Google Cloud Storage


	      See also A NOTE ON IMAP


	      using rsync daemon
	      using rsync over ssh (only key auth)


	      scp://.. or ssh://.. are synonymous with
	      See also --ssh-backend, --ssh-askpass, --use-scp, --ssh-options



	      Ubuntu One
	      See also A NOTE ON UBUNTU ONE


       duplicity uses time strings in two places.  Firstly, many of the files
       duplicity creates will have the time in their filenames in the w3
       datetime format as described in a w3 note at http://www.w3.org/TR/NOTE-
       datetime.  Basically they look like "2001-07-15T04:09:38-07:00", which
       means what it looks like.  The "-07:00" section means the time zone is
       7 hours behind UTC.

       Secondly, the -t, --time, and --restore-time options take a time
       string, which can be given in any of several formats:

       1.     the string "now" (refers to the current time)

       2.     a sequences of digits, like "123456890" (indicating the time in
	      seconds after the epoch)

       3.     A string like "2002-01-25T07:00:00+02:00" in datetime format

       4.     An interval, which is a number followed by one of the characters
	      s, m, h, D, W, M, or Y (indicating seconds, minutes, hours,
	      days, weeks, months, or years respectively), or a series of such
	      pairs.  In this case the string refers to the time that preceded
	      the current time by the length of the interval.  For instance,
	      "1h78m" indicates the time that was one hour and 78 minutes ago.
	      The calendar here is unsophisticated: a month is always 30 days,
	      a year is always 365 days, and a day is always 86400 seconds.

       5.     A date format of the form YYYY/MM/DD, YYYY-MM-DD, MM/DD/YYYY, or
	      MM-DD-YYYY, which indicates midnight on the day in question,
	      relative to the current time zone settings.  For instance,
	      "2002/3/5", "03-05-2002", and "2002-3-05" all mean March 5th,

       duplicity accepts the same file selection options rdiff-backup does,
       including --exclude, --exclude-filelist-stdin, etc.

       When duplicity is run, it searches through the given source directory
       and backs up all the files specified by the file selection system.  The
       file selection system comprises a number of file selection conditions,
       which are set using one of the following command line options:
       Each file selection condition either matches or doesn't match a given
       file.  A given file is excluded by the file selection system exactly
       when the first matching file selection condition specifies that the
       file be excluded; otherwise the file is included.

       For instance,

	      duplicity --include /usr --exclude /usr /usr

       is exactly the same as

	      duplicity /usr scp://user@host/backup

       because the include and exclude directives match exactly the same
       files, and the --include comes first, giving it precedence.  Similarly,

	      duplicity --include /usr/local/bin --exclude /usr/local /usr

       would backup the /usr/local/bin directory (and its contents), but not

       The include, exclude, include-globbing-filelist, and exclude-globbing-
       filelist options accept some extended shell globbing patterns.  These
       patterns can contain *, **, ?, and [...]	 (character ranges). As in a
       normal shell, * can be expanded to any string of characters not
       containing "/", ?  expands to any character except "/", and [...]
       expands to a single character of those characters specified (ranges are
       acceptable).  The new special pattern, **, expands to any string of
       characters whether or not it contains "/".  Furthermore, if the pattern
       starts with "ignorecase:" (case insensitive), then this prefix will be
       removed and any character in the string can be replaced with an upper-
       or lowercase version of itself.

       Remember that you may need to quote these characters when typing them
       into a shell, so the shell does not interpret the globbing patterns
       before duplicity sees them.

       The --exclude pattern option matches a file if:

       1.  pattern can be expanded into the file's filename, or
       2.  the file is inside a directory matched by the option.

       Conversely, the --include pattern matches a file if:

       1.  pattern can be expanded into the file's filename, or
       2.  the file is inside a directory matched by the option, or
       3.  the file is a directory which contains a file matched by the

       For example,

	      --exclude /usr/local

       matches e.g. /usr/local, /usr/local/lib, and /usr/local/lib/netscape.
       It is the same as --exclude /usr/local --exclude '/usr/local/**'.

       On the other hand

	      --include /usr/local

       specifies that /usr, /usr/local, /usr/local/lib, and
       /usr/local/lib/netscape (but not /usr/doc) all be backed up. Thus you
       don't have to worry about including parent directories to make sure
       that included subdirectories have somewhere to go.


	      --include ignorecase:'/usr/[a-z0-9]foo/*/**.py'

       would match a file like /usR/5fOO/hello/there/world.py.	If it did
       match anything, it would also match /usr.  If there is no existing file
       that the given pattern can be expanded into, the option will not match
       /usr alone.

       The --include-filelist, --exclude-filelist, --include-filelist-stdin,
       and --exclude-filelist-stdin options also introduce file selection
       conditions.  They direct duplicity to read in a file, each line of
       which is a file specification, and to include or exclude the matching
       files.  Lines are separated by newlines or nulls, depending on whether
       the --null-separator switch was given.  Each line in a filelist is
       interpreted similarly to the way extended shell patterns are, with a
       few exceptions:

       1.  Globbing patterns like *, **, ?, and [...]  are not expanded.
       2.  Include patterns do not match files in a directory that is
       included.  So /usr/local in an include file will not match
       3.  Lines starting with "+ " are interpreted as include directives,
       even if found in a filelist referenced by --exclude-filelist.
       Similarly, lines starting with "- " exclude files even if they are
       found within an include filelist.

       For example, if file "list.txt" contains the lines:

	      - /usr/local/doc
	      + /var
	      - /var

       then --include-filelist list.txt would include /usr, /usr/local, and
       /usr/local/bin.	It would exclude /usr/local/doc,
       /usr/local/doc/python, etc.  It neither excludes nor includes
       /usr/local/man, leaving the fate of this directory to the next
       specification condition.	 Finally, it is undefined what happens with
       /var.  A single file list should not contain conflicting file

       The --include-globbing-filelist and --exclude-globbing-filelist options
       also specify filelists, but each line in the filelist will be
       interpreted as a globbing pattern the way --include and --exclude
       options are interpreted (although "+ " and "- " prefixing is still
       allowed).  For instance, if the file "globbing-list.txt" contains the

	      + dir/bar
	      - **

       Then --include-globbing-filelist globbing-list.txt would be exactly the
       same as specifying --include dir/foo --include dir/bar --exclude ** on
       the command line.

       Finally, the --include-regexp and --exclude-regexp options allow files
       to be included and excluded if their filenames match a python regular
       expression.  Regular expression syntax is too complicated to explain
       here, but is covered in Python's library reference.  Unlike the
       --include and --exclude options, the regular expression options don't
       match files containing or contained in matched files.  So for instance

	      --include '[0-9]{7}(?!foo)'

       matches any files whose full pathnames contain 7 consecutive digits
       which aren't followed by 'foo'.	However, it wouldn't match /home even
       if /home/ben/1234567 existed.

       Pyrax is Rackspace's next-generation Cloud management API, including
       Cloud Files access.  The cfpyrax backend requires the pyrax library to
       be installed on the system.  See REQUIREMENTS above.

       Cloudfiles is Rackspace's now deprecated implementation of OpenStack
       Object Storage protocol.	 Users wishing to use Duplicity with Rackspace
       Cloud Files should migrate to the new Pyrax plugin to ensure support.

       The backend requires python-cloudfiles to be installed on the system.
       See REQUIREMENTS above.

       It uses three environment variables for authentification:
       CLOUDFILES_USERNAME (required), CLOUDFILES_APIKEY (required),
       CLOUDFILES_AUTHURL (optional)

       If CLOUDFILES_AUTHURL is unspecified it will default to the value
       provided by python-cloudfiles, which points to rackspace, hence this
       value must be set in order to use other cloud files providers.

       1.     "some_dir" must already exist in the Dropbox Application folder
	      for this application, like "Apps/Duplicity/some_dir".

       2.     The first run of the backend must be ineractive!	It will print
	      the URL that you need to open in the browser to obtain OAuth
	      token for the application. The token will be saved in the file
	      $HOME/.dropbox.token_store.txt and used in the future runs.

       3.     When using Dropbox for storage, be aware that all files,
	      including the ones in the Apps folder, will be synced to all
	      connected computers.  You may prefer to use a separate Dropbox
	      account specially for the backups, and not connect any computers
	      to that account.

       Amazon S3 provides the ability to choose the location of a bucket upon
       its creation. The purpose is to enable the user to choose a location
       which is better located network topologically relative to the user,
       because it may allow for faster data transfers.

       duplicity will create a new bucket the first time a bucket access is
       attempted. At this point, the bucket will be created in Europe if
       --s3-european-buckets was given. For reasons having to do with how the
       Amazon S3 service works, this also requires the use of the --s3-use-
       new-style option. This option turns on subdomain based bucket
       addressing in S3. The details are beyond the scope of this man page,
       but it is important to know that your bucket must not contain upper
       case letters or any other characters that are not valid parts of a
       hostname. Consequently, for reasons of backwards compatibility, use of
       subdomain based bucket addressing is not enabled by default.

       Note that you will need to use --s3-use-new-style for all operations on
       European buckets; not just upon initial creation.

       You only need to use --s3-european-buckets upon initial creation, but
       you may may use it at all times for consistency.

       Further note that when creating a new European bucket, it can take a
       while before the bucket is fully accessible. At the time of this
       writing it is unclear to what extent this is an expected feature of
       Amazon S3, but in practice you may experience timeouts, socket errors
       or HTTP errors when trying to upload files to your newly created
       bucket. Give it a few minutes and the bucket should function normally.

       Support for Google Cloud Storage relies on its Interoperable Access,
       which must be enabled for your account.	Once enabled, you can generate
       Interoperable Storage Access Keys and pass them to duplicity via the
       GS_ACCESS_KEY_ID and GS_SECRET_ACCESS_KEY environment variables.
       Alternatively, you can run gsutil config -a to have the Google Cloud
       Storage utility populate the ~/.boto configuration file.

       Enable Interoperable Access:
       Create Access Keys:

       An IMAP account can be used as a target for the upload.	The userid may
       be specified and the password will be requested.

       The from_address_prefix may be specified (and probably should be). The
       text will be used as the "From" address in the IMAP server.  Then on a
       restore (or list) command the from_address_prefix will distinguish
       between different backups.

       The ssh backends support sftp and scp/ssh transport protocols.  This is
       a known user-confusing issue as these are fundamentally different.  If
       you plan to access your backend via one of those please inform yourself
       about the requirements for a server to support sftp or scp/ssh access.
       To make it even more confusing the user can choose between two ssh
       backends via --ssh-backend option.
       Both support --use-scp, --ssh-askpass and --ssh-options.	 Only the
       pexpect backend allows to define --scp-command and --sftp-command.

       SSH paramiko backend (selected by default) is a complete
       reimplementation of ssh protocols natively in python. Advantages are
       speed and maintainability. Minor disadvantage is that extra packages
       are needed as listed in REQUIREMENTS above. In sftp (default) mode all
       operations are done via the according sftp commands. In scp mode (
       --use-scp ) though scp access is used for put/get operations but
       listing is done via ssh remote shell.

       SSH pexpect backend is the legacy ssh backend using the command line
       ssh binaries via pexpect.  Older versions used scp for get and put
       operations and sftp for list and delete operations.  The current
       version uses sftp for all four supported operations, unless the --use-
       scp option is used to revert to old behavior.

       Why use sftp instead of scp?  The change to sftp was made in order to
       allow the remote system to chroot the backup, thus providing better
       security and because it does not suffer from shell quoting issues like
       scp.  Scp also does not support any kind of file listing, so sftp or
       ssh access will always be needed in addition for this backend mode to
       work properly. Sftp does not have these limitations but needs an sftp
       service running on the backend server, which is sometimes not an

       Certificate verification as implemented right now [01.2013] only in the
       webdav backend needs a file based database of certification authority
       certificates (cacert file). It has to be a PEM formatted text file as
       currently provided by the CURL project. See


       After creating/retrieving a valid cacert file you should copy it to


       Duplicity searches it there in the same order and will fail if it can't
       find it.	 You can however specify the option --ssl-cacert-file <file>
       to point duplicity to a copy in a different location.

       Finally there is the --ssl-no-check-certificate option to disable
       certificate verification alltogether, in case some ssl library is
       missing or verification is not wanted. Use it with care, as even with
       self signed servers manually providing the private ca certificate is
       definitely the safer option.

       Swift is the OpenStack Object Storage service.
       The backend requires python-switclient to be installed on the system.
       python-keystoneclient is also needed to use OpenStack's Keystone
       Identity service.  See REQUIREMENTS above.

       It uses four environment variables for authentification: SWIFT_USERNAME
       (required), SWIFT_PASSWORD (required), SWIFT_AUTHURL (required),
       SWIFT_TENANTNAME (optional, the tenant can be included in the username)

       If the user was previously authenticated, the following environment
       variables can be used instead: SWIFT_PREAUTHURL (required),
       SWIFT_PREAUTHTOKEN (required)

       If SWIFT_AUTHVERSION is unspecified, it will default to version 1.

       Signing and symmetrically encrypt at the same time with the gpg binary
       on the command line, as used within duplicity, is a specifically
       challenging issue.  Tests showed that the following combinations proved

       1. Setup gpg-agent properly. Use the option --use-agent and enter both
       passphrases (symmetric and sign key) in the gpg-agent's dialog.

       2. Use a PASSPHRASE for symmetric encryption of your choice but the
       signing key has an empty passphrase.

       3. The used PASSPHRASE for symmetric encryption and the passphrase of
       the signing key are identical.

       The Ubuntu One backend in duplicity treats URLs specially: You can
       either use u1:// or u1+http:// in the URL schema. With the u1 URL
       schema you have to give a dummy hostname (which will be ignored),
       followed by your Ubuntu One volume name and path. If you use the
       u1+http schema, then you'll have to give only the volume name and path
       in the URL.

       For example, for a volume named backups containing the folder weekly,
       correct URLs would be u1://ignoreme/backups/weekly/ or

       To use Ubuntu One you must also have an Ubuntu One OAuth access token.
       Such OAuth tokens have a practically unlimited lifetime; you can have
       multiple active tokens and you can revoke tokens using the Ubuntu One
       web interface.

       Duplicity expects the token in the environment variable FTP_PASSWORD
       (in the format "consumer_key:consumer_secret:token:token_secret"). If
       no token is present, duplicity asks for your Ubuntu One email address
       and password and requests an access token from the Ubuntu SSO service.
       The newly acquired token is then printed to the console.

       See https://one.ubuntu.com/ for more information about Ubuntu One.

       Hard links currently unsupported (they will be treated as non-linked
       regular files).

       Bad signatures will be treated as empty instead of logging appropriate
       error message.

       This section describes duplicity's basic operation and the format of
       its data files.	It should not necessary to read this section to use

       The files used by duplicity to store backup data are tarfiles in GNU
       tar format.  They can be produced independently by rdiffdir(1).	For
       incremental backups, new files are saved normally in the tarfile.  But
       when a file changes, instead of storing a complete copy of the file,
       only a diff is stored, as generated by rdiff(1).	 If a file is deleted,
       a 0 length file is stored in the tar.  It is possible to restore a
       duplicity archive "manually" by using tar and then cp, rdiff, and rm as
       necessary.  These duplicity archives have the extension difftar.

       Both full and incremental backup sets have the same format.  In effect,
       a full backup set is an incremental one generated from an empty
       signature (see below).  The files in full backup sets will start with
       duplicity-full while the incremental sets start with duplicity-inc.
       When restoring, duplicity applies patches in order, so deleting, for
       instance, a full backup set may make related incremental backup sets

       In order to determine which files have been deleted, and to calculate
       diffs for changed files, duplicity needs to process information about
       previous sessions.  It stores this information in the form of tarfiles
       where each entry's data contains the signature (as produced by rdiff)
       of the file instead of the file's contents.  These signature sets have
       the extension sigtar.

       Signature files are not required to restore a backup set, but without
       an up-to-date signature, duplicity cannot append an incremental backup
       to an existing archive.

       To save bandwidth, duplicity generates full signature sets and
       incremental signature sets.  A full signature set is generated for each
       full backup, and an incremental one for each incremental backup.	 These
       start with duplicity-full-signatures and duplicity-new-signatures
       respectively. These signatures will be stored both locally and
       remotely.  The remote signatures will be encrypted if encryption is
       enabled.	 The local signatures will not be encrypted and stored in the
       archive dir (see --archive-dir ).

       Original Author - Ben Escoto <bescoto@stanford.edu>

       Current Maintainer - Kenneth Loafman <kenneth@loafman.com>

       Continuous Contributors
	      Edgar Soldin, Mike Terry

       Most backends were contributed individually.  Information about their
       authorship may be found in the according file's header.
       Also we'd like to thank everybody posting issue to the mailing list or
       on launchpad, sending in patches or contributing otherwise. Duplicity
       wouldn't be as stable and useful if it weren't for you.

       rdiffdir(1), python(1), rdiff(1), rdiff-backup(1).

Version 0.6.23		       January 24, 2014			  DUPLICITY(1)

List of man pages available for ElementaryOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net