Daftar Isi
Tools and tips for managing binary and text data on the Debian system are described.
![]() |
Awas |
---|---|
The uncoordinated write access to actively accessed devices and files from
multiple processes must not be done to avoid the race condition. File locking mechanisms using
|
The security of the data and its controlled sharing have several aspects.
Pembuatan arsip data
Akses penyimpanan jarak jauh
Duplikasi
Pelacakan riwayat modifikasi
Memfasilitasi berbagi data
Pencegahan akses berkas tanpa otorisasi
Deteksi modifikasi berkas tanpa otorisasi
These can be realized by using some combination of tools.
Alat arsip dan kompresi
Alat salin dan sinkronisasi
Sistem berkas jaringan
Media penyimpanan lepasan
The secure shell
Sistem autentikasi
Alat sistem kontrol versi
Alat enkripsi hash dan kriptografi
Berikut adalah ringkasan alat kompresi dan arsip yang tersedia pada sistem Debian.
Tabel 10.1. Daftar alat arsip dan kompresi
paket | popcon | ukuran | ekstensi | perintah | kommen |
---|---|---|---|---|---|
tar
|
V:907, I:999 | 3152 | .tar |
tar (1) |
pengarsip standar (standar de facto) |
cpio
|
V:383, I:998 | 1140 | .cpio |
cpio (1) |
Pengarsipan gaya Unix System V, gunakan dengan find (1) |
binutils
|
V:148, I:652 | 99 | .ar |
ar (1) |
pengarsip untuk pembuatan pustaka statis |
fastjar
|
V:2, I:22 | 183 | .jar |
fastjar (1) |
pengarsip untuk Java (mirip zip) |
pax
|
V:11, I:20 | 170 | .pax |
pax (1) |
pengarsip standar POSIX baru, kompromi antara tar dan
cpio |
gzip
|
V:878, I:999 | 242 | .gz |
gzip (1), zcat (1), … |
Utilitas kompresi GNU LZ77 (standar de facto) |
bzip2
|
V:161, I:973 | 120 | .bz2 |
bzip2 (1), bzcat (1), … |
Utilitas kompresi pengurut
blok Burrows-Wheeler dengan rasio kompresi yang lebih tinggi
daripada gzip (1) (lebih lambat dari
gzip dengan sintaks serupa) |
lzma
|
V:2, I:23 | 149 | .lzma |
lzma (1) |
Utilitas kompresi LZMA dengan rasio kompresi
yang lebih tinggi daripada gzip (1) (usang) |
xz-utils
|
V:436, I:980 | 612 | .xz |
xz (1), xzdec (1), … |
Utilitas kompresi XZ dengan rasio kompresi yang
lebih tinggi daripada bzip2 (1) (lebih lambat dari
gzip tetapi lebih cepat dari bzip2 ;
pengganti utilitas kompresi LZMA) |
zstd
|
V:7, I:34 | 1898 | .zstd |
zstd (1), zstdcat (1), … |
Zstandard utilitas kompresi lossless cepat |
p7zip
|
V:83, I:468 | 987 | .7z |
7zr (1), p7zip (1) |
7-Zip file archiver with high compression ratio (LZMA compression) |
p7zip-full
|
V:116, I:478 | 4664 | .7z |
7z (1), 7za (1) |
7-Zip file archiver with high compression ratio (LZMA compression and others) |
lzop
|
V:14, I:120 | 164 | .lzo |
lzop (1) |
LZO compression utility with higher compression
and decompression speed than gzip (1) (lower compression
ratio than gzip with similar syntax) |
zip
|
V:49, I:414 | 623 | .zip |
zip (1) |
InfoZIP: Alat arsip dan kompresi DOS |
unzip
|
V:142, I:788 | 385 | .zip |
unzip (1) |
InfoZIP: Alat pembuka arsip dan dekompresi DOS |
![]() |
Awas |
---|---|
Do not set the " |
The gzipped tar
(1) archive uses the file extension
".tgz
" or ".tar.gz
".
The xz-compressed tar
(1) archive uses the file extension
".txz
" or ".tar.xz
".
Popular compression method in FOSS tools such as
tar
(1) has been moving as follows:
gzip
→ bzip2
→ xz
cp
(1), scp
(1) and
tar
(1) may have some limitation for special files.
cpio
(1) is most versatile.
cpio
(1) is designed to be used with
find
(1) and other commands and suitable for creating
backup scripts since the file selection part of the script can be tested
independently.
Internal structure of Libreoffice data files are ".jar
"
file which can be opened also by unzip
.
The de-facto cross platform archive tool is zip
. Use it
as "zip -rX
" to attain the maximum compatibility. Use
also the "-s
" option, if the maximum file size matters.
Berikut adalah ringkasan alat cadangan dan salin sederhana yang tersedia di sistem Debian.
Tabel 10.2. Daftar alat salin dan sinkronisasi
paket | popcon | ukuran | perkakas | fungsi |
---|---|---|---|---|
coreutils
|
V:898, I:999 | 17372 | GNU cp | menyalin berkas dan direktori secara lokal ("-a" untuk rekursif) |
openssh-client
|
V:828, I:997 | 5650 | scp | dari jarak jauh menyalin berkas dan direktori (klien,
"-r " untuk rekursif) |
openssh-server
|
V:709, I:832 | 1806 | sshd | menyalin berkas dan direktori dari jarak jauh (server jarak jauh) |
rsync
|
V:280, I:566 | 737 | 1-way remote synchronization and backup | |
unison
|
V:3, I:16 | 14 | 2-way remote synchronization and backup |
Copying files with rsync
(8) offers richer features than
others.
delta-transfer algorithm that sends only the differences between the source files and the existing files in the destination
quick check algorithm (by default) that looks for files that have changed in size or in last-modified time
opsi "--exclude
" dan "--exclude-from
"
yang mirip dengan tar
(1)
"a trailing slash on the source directory" syntax that avoids creating an additional directory level at the destination.
![]() |
Tip |
---|---|
Alat sistem kontrol versi (VCS) Tabel 10.14, “Daftar alat sistem kontrol versi lainnya” dapat berfungsi sebagai alat salinan dan sinkronisasi multi-arah. |
Here are several ways to archive and unarchive the entire content of the
directory "./source
" using different tools.
GNU tar
(1):
$ tar -cvJf archive.tar.xz ./source $ tar -xvJf archive.tar.xz
Atau, dengan berikut.
$ find ./source -xdev -print0 | tar -cvJf archive.tar.xz --null -F -
cpio
(1):
$ find ./source -xdev -print0 | cpio -ov --null > archive.cpio; xz archive.cpio $ zcat archive.cpio.xz | cpio -i
Berikut adalah beberapa cara untuk menyalin seluruh konten direktori
"./source
" menggunakan alat-alat yang berbeda.
Local copy: "./source
" directory →
"/dest
" directory
Remote copy: "./source
" directory at local host →
"/dest
" directory at "user@host.dom
"
host
rsync
(8):
# cd ./source; rsync -aHAXSv . /dest # cd ./source; rsync -aHAXSv . user@host.dom:/dest
You can alternatively use "a trailing slash on the source directory" syntax.
# rsync -aHAXSv ./source/ /dest # rsync -aHAXSv ./source/ user@host.dom:/dest
Atau, dengan berikut.
# cd ./source; find . -print0 | rsync -aHAXSv0 --files-from=- . /dest # cd ./source; find . -print0 | rsync -aHAXSv0 --files-from=- . user@host.dom:/dest
GNU cp
(1) dan openSSH scp
(1):
# cd ./source; cp -a . /dest # cd ./source; scp -pr . user@host.dom:/dest
GNU tar
(1):
# (cd ./source && tar cf - . ) | (cd /dest && tar xvfp - ) # (cd ./source && tar cf - . ) | ssh user@host.dom '(cd /dest && tar xvfp - )'
cpio
(1):
# cd ./source; find . -print0 | cpio -pvdm --null --sparse /dest
You can substitute ".
" with "foo
" for
all examples containing ".
" to copy files from
"./source/foo
" directory to
"/dest/foo
" directory.
You can substitute ".
" with the absolute path
"/path/to/source/foo
" for all examples containing
".
" to drop "cd ./source;
". These
copy files to different locations depending on tools used as follows.
"/dest/foo
": rsync
(8), GNU
cp
(1), dan scp
(1)
"/dest/path/to/source/foo
": GNU
tar
(1), dan cpio
(1)
![]() |
Tip |
---|---|
|
find
(1) digunakan untuk memilih berkas untuk perintah
arsip dan salin (lihat Bagian 10.1.3, “Idiom untuk arsip” dan Bagian 10.1.4, “Idiom untuk menyalin”) atau untuk xargs
(1)
(lihat Bagian 9.4.9, “Repeating a command looping over files”). Ini
dapat ditingkatkan dengan memakai argumen-argumen perintahnya.
Basic syntax of find
(1) can be summarized as the
following.
Its conditional arguments are evaluated from left to right.
This evaluation stops once its outcome is determined.
"Logical OR" (specified by
"-o
" between conditionals) has lower precedence than
"logical AND" (specified by
"-a
" or nothing between conditionals).
"Logical NOT" (specified by
"!
" before a conditional) has higher precedence than
"logical AND".
"-prune
" always returns logical TRUE and, if it is a directory, searching of file
is stopped beyond this point.
"-name
" mencocokkan basis nama berkas dengan shell glob
(lihat Bagian 1.5.6, “Glob shell”) tetapi juga mencocokkan
".
" awal dengan karakter-karakter meta seperti
"*
" dan "?
". (Fitur POSIX baru)
"-regex
" mencocokkan path lengkap dengan BRE gaya emacs (lihat Bagian 1.6.2, “Ekspresi reguler”) secara baku.
"-size
" matches the file based on the file size (value
precedented with "+
" for larger, precedented with
"-
" for smaller)
"-newer
" matches the file newer than the one specified in
its argument.
"-print0
" always returns logical TRUE and print the full filename (null terminated) on the standard output.
find
(1) is often used with an idiomatic style as the
following.
# find /path/to \ -xdev -regextype posix-extended \ -type f -regex ".*\.cpio|.*~" -prune -o \ -type d -regex ".*/\.git" -prune -o \ -type f -size +99M -prune -o \ -type f -newer /path/to/timestamp -print0
Ini berarti melakukan tindakan berikut.
Search all files starting from "/path/to
"
Secara global membatasi pencariannya dalam sistem berkas awalnya dan menggunakan ERE (lihat Bagian 1.6.2, “Ekspresi reguler”) sebagai gantinya
Exclude files matching regex of ".*\.cpio
" or
".*~
" from search by stop processing
Exclude directories matching regex of ".*/\.git
" from
search by stop processing
Exclude files larger than 99 Megabytes (units of 1048576 bytes) from search by stop processing
Print filenames which satisfy above search conditions and are newer than
"/path/to/timestamp
"
Please note the idiomatic use of "-prune -o
" to exclude
files in the above example.
![]() |
Catatan |
---|---|
For non-Debian Unix-like system, some
options may not be supported by |
When choosing computer data storage media for important data archive, you should be careful about their limitations. For small personal data backup, I use CD-R and DVD-R by the brand name company and store in a cool, shaded, dry, clean environment. (Tape archive media seem to be popular for professional use.)
![]() |
Catatan |
---|---|
A fire-resistant safe are meant for paper documents. Most of the computer data storage media have less temperature tolerance than paper. I usually rely on multiple secure encrypted copies stored in multiple secure locations. |
Optimistic storage life of archive media seen on the net (mostly from vendor info).
100+ tahun : Kertas bebas asam dengan tinta
100 tahun : Penyimpanan optik (CD/DVD, CD/DVD-R)
30 tahun : Penyimpanan magnetik (tape, floppy)
20 tahun : Penyimpanan optik perubahan fase (CD-RW)
These do not count on the mechanical failures due to handling etc.
Optimistic write cycle of archive media seen on the net (mostly from vendor info).
250.000+ siklus : Harddisk drive
10.000+ siklus : Memori flash
1.000 siklus : CD/DVD-RW
1 siklus : CD/DVD-R, kertas
![]() |
Perhatian |
---|---|
Figures of storage life and write cycle here should not be used for decisions on any critical data storage. Please consult the specific product information provided by the manufacture. |
![]() |
Tip |
---|---|
Since CD/DVD-R and paper have only 1 write cycle, they inherently prevent accidental data loss by overwriting. This is advantage! |
![]() |
Tip |
---|---|
If you need fast and frequent backup of large amount of data, a hard disk on a remote host linked by a fast network connection, may be the only realistic option. |
Removable storage devices may be any one of the following.
Kamera digital
Pemutar musik digital
They may be connected via any one of the following.
Modern desktop environments such as GNOME and KDE can mount these removable
devices automatically without a matching "/etc/fstab
"
entry.
![]() |
Tip |
---|---|
Automounted devices may have the " |
![]() |
Tip |
---|---|
Automounting under modern desktop environment happens only when those
removable media devices are not listed in " |
Mount point under modern desktop environment is chosen as
"/media/username/disk_label
" which
can be customized by the following.
mlabel
(1) for FAT filesystem
genisoimage
(1) with "-V
" option for
ISO9660 filesystem
tune2fs
(1) with "-L
" option for
ext2/ext3/ext4 filesystem
![]() |
Tip |
---|---|
Pilihan pengodean mungkin perlu disediakan sebagai opsi kait (lihat Bagian 8.1.3, “Pengodean nama berkas”). |
![]() |
Tip |
---|---|
The use of the GUI menu to unmount a filesystem may remove its dynamically
generated device node such as " |
When sharing data with other system via removable storage device, you should format it with common filesystem supported by both systems. Here is a list of filesystem choices.
Tabel 10.3. List of filesystem choices for removable storage devices with typical usage scenarios
nama sistem berkas | skenario penggunaan tipikal |
---|---|
FAT12 | berbagi data lintas platform pada floppy disk (<32MiB) |
FAT16 | berbagi data lintas platform pada perangkat seperti hard disk kecil (<2GiB) |
FAT32 | berbagi data lintas platform pada perangkat seperti hard disk besar (<8TiB, didukung oleh yang lebih baru daripada MS Windows95 OSR2) |
exFAT | berbagi data lintas platform pada perangkat seperti hard disk besar (<512TiB, didukung oleh WindowsXP, Mac OS X Snow Leopard 10.6.5, dan kernel Linux sejak rilis 5.4) |
NTFS | berbagi data lintas platform pada perangkat seperti hard disk besar (didukung secara native pada MS Windows NT dan versi yang lebih baru, dan didukung oleh NTFS-3G melalui FUSE di Linux) |
ISO9660 | berbagi lintas platform data statis pada CD-R dan DVD+/-R |
UDF | penulisan data inkremental pada CD-R dan DVD+/-R (baru) |
MINIX | penyimpanan data berkas unix yang efisien pada floppy disk |
ext2 | berbagi data pada perangkat seperti hard disk dengan sistem Linux yang lebih lama |
ext3 | berbagi data pada perangkat seperti hard disk dengan sistem Linux yang lebih lama |
ext4 | berbagi data pada perangkat seperti hard disk dengan sistem Linux saat ini |
btrfs | berbagi data pada perangkat seperti hard disk dengan sistem Linux saat ini dengan snapshot hanya-baca |
![]() |
Tip |
---|---|
Lihat Bagian 9.9.1, “Removable disk encryption with dm-crypt/LUKS” untuk berbagi data lintas platform menggunakan enkripsi tingkat perangkat. |
The FAT filesystem is supported by almost all modern operating systems and is quite useful for the data exchange purpose via removable hard disk like media.
When formatting removable hard disk like devices for cross platform sharing of data with the FAT filesystem, the following should be safe choices.
Memartisi mereka dengan fdisk
(8),
cfdisk
(8), atau parted
(8) (lihat Bagian 9.6.2, “Konfigurasi partisi disk”) menjadi partisi primer tunggal
dan untuk menandainya sebagai berikut.
Type "6" for FAT16 for media smaller than 2GB.
Type "c" for FAT32 (LBA) for larger media.
Formatting the primary partition with mkfs.vfat
(8) with
the following.
Just its device name, e.g. "/dev/sda1
" for FAT16
The explicit option and its device name, e.g. "-F 32
/dev/sda1
" for FAT32
When using the FAT or ISO9660 filesystems for sharing data, the following should be the safe considerations.
Archiving files into an archive file first using tar
(1),
or cpio
(1) to retain the long filename, the symbolic
link, the original Unix file permission and the owner information.
Splitting the archive file into less than 2 GiB chunks with the
split
(1) command to protect it from the file size
limitation.
Encrypting the archive file to secure its contents from the unauthorized access.
![]() |
Catatan |
---|---|
For FAT filesystems by its design, the maximum file size is |
![]() |
Catatan |
---|---|
Microsoft itself does not recommend to use FAT for drives or partitions of over 200 MB. Microsoft highlights its short comings such as inefficient disk space usage in their "Overview of FAT, HPFS, and NTFS File Systems". Of course, we should normally use the ext4 filesystem for Linux. |
![]() |
Tip |
---|---|
For more on filesystems and accessing filesystems, please read "Filesystems HOWTO". |
When sharing data with other system via network, you should use common service. Here are some hints.
Tabel 10.4. List of the network service to chose with the typical usage scenario
layanan jaringan | description of typical usage scenario |
---|---|
SMB/CIFS network mounted filesystem with Samba | sharing files via "Microsoft Windows Network", see
smb.conf (5) and The Official Samba 3.x.x HOWTO and
Reference Guide or the samba-doc package |
NFS network mounted filesystem with the Linux kernel | sharing files via "Unix/Linux Network", see exports (5)
and Linux NFS-HOWTO |
Layanan HTTP | sharing file between the web server/client |
Layanan HTTPS | sharing file between the web server/client with encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) |
Layanan FTP | sharing file between the FTP server/client |
Although these filesystems mounted over network and file transfer methods over network are quite convenient for sharing data, these may be insecure. Their network connection must be secured by the following.
See also Bagian 6.5, “Server aplikasi jaringan lainnya” and Bagian 6.6, “Klien aplikasi jaringan lainnya”.
We all know that computers fail sometime or human errors cause system and data damages. Backup and recovery operations are the essential part of successful system administration. All possible failure modes hit you some day.
![]() |
Tip |
---|---|
Keep your backup system simple and backup your system often. Having backup data is more important than how technically good your backup method is. |
There are 3 key factors which determine actual backup and recovery policy.
Knowing what to backup and recover.
Data files directly created by you: data in "~/
"
Data files created by applications used by you: data in
"/var/
" (except "/var/cache/
",
"/var/run/
", and "/var/tmp/
")
System configuration files: data in "/etc/
"
Local programs: data in "/usr/local/
" or
"/opt/
"
System installation information: a memo in plain text on key steps (partition, …)
Proven set of data: confirmed by experimental recovery operations in advance
Pekerjaan cron sebagai proses pengguna: berkas di direktori
"/var/spool/cron/crontabs
" dan memulai ulang
cron
(8). Lihat Bagian 9.4.14, “Menjadwalkan tugas secara teratur” untuk cron
(8) dan
crontab
(1).
Pekerjaan pengatur waktu sistem sebagai proses pengguna: berkas di direktori
"~/.config/systemd/user
". Lihat
systemd.timer
(5) dan
systemd.service
(5).
Autostart jobs as user processes: files in
"~/.config/autostart
" directory. See Desktop Application Autostart
Specification.
Mengetahui cara membuat cadangan dan memulihkan.
Secure storage of data: protection from overwrite and system failure
Frequent backup: scheduled backup
Redundant backup: data mirroring
Fool proof process: easy single command backup
Assessing risks and costs involved.
Risiko data saat hilang
Data should be at least on different disk partitions preferably on different disks and machines to withstand the filesystem corruption. Important data are best stored on a read-only filesystem. [4]
Risk of data when breached
Sensitive identity data such as
"/etc/ssh/ssh_host_*_key
",
"~/.gnupg/*
", "~/.ssh/*
",
"~/.local/share/keyrings/*
",
"/etc/passwd
", "/etc/shadow
",
"popularity-contest.conf
",
"/etc/ppp/pap-secrets
", and
"/etc/exim4/passwd.client
" should be backed up as
encrypted. [5] (See Bagian 9.9, “Tips enkripsi data”.)
Never hard code system login password nor decryption passphrase in any script even on any trusted system. (See Bagian 10.3.6, “Password keyring”.)
Mode kegagalan dan kemungkinannya
Perangkat keras (terutama HDD) akan rusak
Sistem berkas mungkin terkorupsi dan data di dalamnya mungkin hilang
Sistem penyimpanan jarak jauh tidak dapat dipercaya untuk pelanggaran keamanan
Perlindungan kata sandi yang lemah dapat dengan mudah dikompromikan
Sistem izin berkas mungkin terkompromi
Sumber daya yang diperlukan untuk membuat cadangan: manusia, perangkat keras, perangkat lunak, …
Pencadangan terjadwal otomatis dengan pekerjaan cron atau pekerjaan timer systemd
![]() |
Catatan |
---|---|
Do not back up the pseudo-filesystem contents found on
|
![]() |
Catatan |
---|---|
Anda mungkin ingin menghentikan beberapa daemon aplikasi seperti MTA (lihat Bagian 6.2.4, “Agen transportasi surat (mail transport agent/MTA)”) saat mencadangkan data. |
Berikut adalah daftar keluarga utilitas pencadangan terkemuka yang tersedia di sistem Debian.
Tabel 10.5. Daftar utilitas keluarga pencadangan
paket | popcon | ukuran | deskripsi |
---|---|---|---|
dump
|
V:1, I:5 | 351 | 4.4 BSD dump (8) and
restore (8) for ext2/ext3/ext4 filesystems |
xfsdump
|
V:0, I:8 | 865 | dump and restore with xfsdump (8) and
xfsrestore (8) for XFS
filesystem on GNU/Linux and IRIX |
backupninja
|
V:3, I:4 | 367 | lightweight, extensible meta-backup system |
bacula-common
|
V:10, I:13 | 2158 | Bacula: pencadangan jaringan, pemulihan, dan verifikasi - berkas dukungan umum |
bacula-client
|
I:3 | 183 | Bacula: pencadangan jaringan, pemulihan, dan verifikasi - meta-paket klien |
bacula-console
|
V:1, I:4 | 107 | Bacula: pencadangan jaringan, pemulihan, dan verifikasi - konsol teks |
bacula-server
|
I:1 | 183 | Bacula: pencadangan jaringan, pemulihan, dan verifikasi - meta-paket server |
amanda-common
|
V:0, I:2 | 10090 | Amanda: Advanced Maryland Automatic Network Disk Archiver (Pustaka) |
amanda-client
|
V:0, I:2 | 1149 | Amanda: Advanced Maryland Automatic Network Disk Archiver (Klien) |
amanda-server
|
V:0, I:0 | 1117 | Amanda: Advanced Maryland Automatic Network Disk Archiver (Server) |
backup-manager
|
V:0, I:1 | 571 | alat pencadangan baris perintah |
backup2l
|
V:0, I:1 | 115 | low-maintenance backup/restore tool for mountable media (disk based) |
backuppc
|
V:2, I:3 | 3184 | BackupPC is a high-performance, enterprise-grade system for backing up PCs (disk based) |
duplicity
|
V:15, I:36 | 1867 | (remote) incremental backup |
flexbackup
|
V:0, I:0 | 243 | (remote) incremental backup |
rdiff-backup
|
V:5, I:13 | 769 | (remote) incremental backup |
restic
|
V:2, I:4 | 21080 | (remote) incremental backup |
slbackup
|
V:0, I:0 | 151 | (remote) incremental backup |
Backup tools have their specialized focuses.
Mondo Rescue is a backup system to facilitate restoration of complete system quickly from backup CD/DVD etc. without going through normal system installation processes.
Bacula, Amanda, and BackupPC are full featured backup suite utilities which are focused on regular backups over network.
Regular backups of user data can be realized by a simple script (Bagian 10.2.3, “Cadangan pribadi”).
Basic tools described in Bagian 10.1.1, “Alat arsip dan kompresi” and Bagian 10.1.2, “Alat salin dan sinkronisasi” can be used to facilitate system backup via custom scripts. Such script can be enhanced by the following.
The restic
package enables incremental (remote) backups.
The rdiff-backup
package enables incremental (remote)
backups.
The dump
package helps to archive and restore the whole
filesystem incrementally and efficiently.
![]() |
Tip |
---|---|
Lihat berkas-berkas di " |
For a personal Debian desktop system running testing
suite, I only need to protect personal and critical data. I reinstall
system once a year anyway. Thus I see no reason to backup the whole system
or to install a full featured backup utility.
At the same time, it is very valuable to have frequent recent snapshots of personal data and system configuration, and occasional full backups of personal data.
I usually make these snapshots and backups with a simple shell script bss. This script is a short shell which uses standard
utilities: btrfs subvolume snapshot
,
rsync
. For data encryption, disk image is created by
fallocate
(1) and configured with
cryptsetup
(8).
![]() |
Tip |
---|---|
You can recover debconf configuration data with
" |
The data security infrastructure is provided by the combination of data encryption tool, message digest tool, and signature tool.
Tabel 10.6. Daftar alat infrastruktur keamanan data
paket | popcon | ukuran | perintah | deskripsi |
---|---|---|---|---|
gnupg
|
V:543, I:931 | 864 | gpg (1) |
GNU Privacy Guard - OpenPGP encryption and signing tool |
gpgv
|
V:873, I:999 | 882 | gpgv (1) |
GNU Privacy Guard - alat verifikasi tanda tangan |
paperkey
|
V:1, I:14 | 58 | paperkey (1) |
mengekstrak hanya informasi rahasia dari kunci rahasia OpenPGP |
cryptsetup
|
V:16, I:79 | 448 | cryptsetup (8), … |
utilities for dm-crypt block device encryption supporting LUKS |
coreutils
|
V:898, I:999 | 17372 | md5sum (1) |
menghitung dan memeriksa digest pesan MD5 |
coreutils
|
V:898, I:999 | 17372 | sha1sum (1) |
menghitung dan memeriksa digest pesan SHA1 |
openssl
|
V:810, I:994 | 1465 | openssl (1ssl) |
menghitung pesan digest dengan "openssl dgst " (OpenSSL) |
libsecret-tools
|
V:1, I:10 | 44 | secret-tool (1) |
menyimpan dan mengambil kata sandi (CLI) |
seahorse
|
V:76, I:254 | 7812 | seahorse (1) |
alat manajemen kunci (GNOME) |
Lihat Bagian 9.9, “Tips enkripsi data” pada dm-crypt dan fscrypt yang menerapkan infrastruktur enkripsi data otomatis melalui modul kernel Linux.
Berikut adalah perintah GNU Privacy Guard untuk manajemen kunci dasar.
Tabel 10.7. Daftar perintah GNU Privacy Guard untuk manajemen kunci
perintah | deskripsi |
---|---|
gpg --gen-key |
membuat suatu kunci baru |
gpg --gen-revoke ID_pengguna_saya |
menghasilkan kunci pencabutan untuk ID_pengguna_saya |
gpg --edit-key ID_pengguna |
menyunting kunci secara interaktif, "help" untuk bantuan |
gpg -o berkas --export |
mengekspor semua kunci ke berkas |
gpg --import berkas |
mengimpor semua kunci dari berkas |
gpg --send-keys ID_pengguna |
mengirim kunci user_ID ke keyserver |
gpg --recv-keys ID_pengguna |
terima kunci user_ID dari keyserver |
gpg --list-keys ID_pengguna |
daftar kunci dari ID_pengguna |
gpg --list-sigs ID_pengguna |
daftar ttd. dari ID_pengguna |
gpg --check-sigs ID_pengguna |
periksa ttd. dari ID_pengguna |
gpg --fingerprint ID_pengguna |
periksa sidik jari ID_pengguna |
gpg --refresh-keys |
memperbarui keyring lokal |
Here is the meaning of the trust code.
Tabel 10.8. List of the meaning of the trust code
kode | deskripsi kepercayaan |
---|---|
- |
no owner trust assigned / not yet calculated |
e |
perhitungan kepercayaan gagal |
q |
tidak cukup informasi untuk perhitungan |
n |
jangan pernah mempercayai kunci ini |
m |
dipercaya secara terbatas |
f |
dipercaya sepenuhnya |
u |
dipercaya setinggi-tingginya |
The following uploads my key "1DD8D791
" to the popular
keyserver "hkp://keys.gnupg.net
".
$ gpg --keyserver hkp://keys.gnupg.net --send-keys 1DD8D791
A good default keyserver set up in "~/.gnupg/gpg.conf
"
(or old location "~/.gnupg/options
") contains the
following.
keyserver hkp://keys.gnupg.net
The following obtains unknown keys from the keyserver.
$ gpg --list-sigs --with-colons | grep '^sig.*\[User ID not found\]' |\ cut -d ':' -f 5| sort | uniq | xargs gpg --recv-keys
There was a bug in OpenPGP Public Key
Server (pre version 0.9.6) which corrupted key with more than 2
sub-keys. The newer gnupg
(>1.2.1-2) package can
handle these corrupted subkeys. See gpg
(1) under
"--repair-pks-subkey-bug
" option.
Here are examples for using GNU Privacy Guard commands on files.
Tabel 10.9. Daftar perintah GNU Privacy Guard pada berkas
perintah | deskripsi |
---|---|
gpg -a -s berkas |
sign file into ASCII armored file.asc |
gpg --armor --sign file |
, , |
gpg --clearsign file |
clear-sign message |
gpg --clearsign berkas|mail foo@example.org |
mail a clear-signed message to foo@example.org |
gpg --clearsign --not-dash-escaped berkas_patch |
clear-sign patchfile |
gpg --verify berkas |
verify clear-signed file |
gpg -o berkas.sig -b berkas |
membuat tanda tangan terpisah |
gpg -o berkas.sig --detach-sig berkas |
, , |
gpg --verify berkas.sig berkas |
verifikasi berkas dengan berkas.sig |
gpg -o berkas_crypt.gpg -r nama -e berkas |
public-key encryption intended for name from file to binary crypt_file.gpg |
gpg -o berkas_crypt.gpg --recipient nama --encrypt berkas |
, , |
gpg -o berkas_crypt.asc -a -r nama -e berkas |
public-key encryption intended for name from file to ASCII armored crypt_file.asc |
gpg -o berkas_crypt.gpg -c berkas |
symmetric encryption from file to crypt_file.gpg |
gpg -o berkas_crypt.gpg --symmetric berkas |
, , |
gpg -o berkas_crypt.asc -a -c berkas |
symmetric encryption intended for name from file to ASCII armored crypt_file.asc |
gpg -o berkas -d berkas_crypt.gpg -r nama |
dekripsi |
gpg -o berkas --decrypt berkas_crypt.gpg |
, , |
Add the following to "~/.muttrc
" to keep a slow GnuPG
from automatically starting, while allowing it to be used by typing
"S
" at the index menu.
macro index S ":toggle pgp_verify_sig\n" set pgp_verify_sig=no
The gnupg
plugin let you run GnuPG transparently for
files with extension ".gpg
", ".asc
",
and ".ppg
".[6]
$ sudo aptitude install vim-scripts $ echo "packadd! gnupg" >> ~/.vim/vimrc
md5sum
(1) provides utility to make a digest file using
the method in rfc1321 and verifying each file
with it.
$ md5sum foo bar >baz.md5 $ cat baz.md5 d3b07384d113edec49eaa6238ad5ff00 foo c157a79031e1c40f85931829bc5fc552 bar $ md5sum -c baz.md5 foo: OK bar: OK
![]() |
Catatan |
---|---|
The computation for the MD5 sum is less CPU intensive than the one for the cryptographic signature by GNU Privacy Guard (GnuPG). Usually, only the top level digest file is cryptographically signed to ensure data integrity. |
On GNOME system, the GUI tool seahorse
(1) manages
passwords and stores them securely in the keyring
~/.local/share/keyrings/*
.
secret-tool
(1) can store password to the keyring from the
command line.
Mari kita simpan frasa sandi yang dipakai untuk image disk terenkripsi LUKS/dm-crypt
$ secret-tool store --label='LUKS passphrase for disk.img' LUKS my_disk.img Password: ********
This stored password can be retrieved and fed to other programs, e.g.,
cryptsetup
(8).
$ secret-tool lookup LUKS my_disk.img | \ cryptsetup open disk.img disk_img --type luks --keyring - $ sudo mount /dev/mapper/disk_img /mnt
![]() |
Tip |
---|---|
Whenever you need to provide password in a script, use
|
Ada banyak alat gabungan untuk kode sumber. Perintah berikut menarik perhatian saya.
Tabel 10.10. Daftar alat penggabungan kode sumber
paket | popcon | ukuran | perintah | deskripsi |
---|---|---|---|---|
patch
|
V:73, I:711 | 248 | patch (1) |
menerapkan berkas diff ke yang asli |
vim
|
V:100, I:394 | 3546 | vimdiff (1) |
membandingkan 2 berkas berdampingan di vim |
imediff
|
V:0, I:0 | 169 | imediff (1) |
alat gabungan 2/3 arah layar penuh interaktif |
meld
|
V:14, I:37 | 3086 | meld (1) |
membandingkan dan menggabungkan berkas (GTK) |
wiggle
|
V:0, I:0 | 174 | wiggle (1) |
menerapkan patch yang ditolak |
diffutils
|
V:871, I:994 | 1598 | diff (1) |
membandingkan berkas baris per baris |
diffutils
|
V:871, I:994 | 1598 | diff3 (1) |
membandingkan dan menggabungkan tiga berkas baris demi baris |
quilt
|
V:3, I:29 | 788 | quilt (1) |
mengelola serangkaian patch |
wdiff
|
V:9, I:64 | 644 | wdiff (1) |
menampilkan perbedaan kata antara berkas-berkas teks |
diffstat
|
V:15, I:139 | 81 | diffstat (1) |
menghasilkan histogram perubahan oleh diff |
patchutils
|
V:18, I:136 | 232 | combinediff (1) |
membuat patch kumulatif dari dua patch inkremental |
patchutils
|
V:18, I:136 | 232 | dehtmldiff (1) |
mengekstrak diff dari halaman HTML |
patchutils
|
V:18, I:136 | 232 | filterdiff (1) |
mengekstrak atau mengecualikan diff dari berkas diff |
patchutils
|
V:18, I:136 | 232 | fixcvsdiff (1) |
fix diff files created by CVS that patch (1)
mis-interprets |
patchutils
|
V:18, I:136 | 232 | flipdiff (1) |
menukar urutan dua patch |
patchutils
|
V:18, I:136 | 232 | grepdiff (1) |
menunjukkan berkas mana yang dimodifikasi oleh patch yang cocok dengan regex |
patchutils
|
V:18, I:136 | 232 | interdiff (1) |
menunjukkan perbedaan antara dua berkas diff unified |
patchutils
|
V:18, I:136 | 232 | lsdiff (1) |
menunjukkan berkas mana yang dimodifikasi oleh patch |
patchutils
|
V:18, I:136 | 232 | recountdiff (1) |
recompute counts and offsets in unified context diffs |
patchutils
|
V:18, I:136 | 232 | rediff (1) |
memperbaiki ofset dan cacah diff yang disunting dengan tangan |
patchutils
|
V:18, I:136 | 232 | splitdiff (1) |
separate out incremental patches |
patchutils
|
V:18, I:136 | 232 | unwrapdiff (1) |
demangle patches that have been word-wrapped |
dirdiff
|
V:0, I:2 | 166 | dirdiff (1) |
display differences and merge changes between directory trees |
docdiff
|
V:0, I:0 | 555 | docdiff (1) |
membandingkan dua berkas kata demi kata / huruf demi huruf |
makepatch
|
V:0, I:0 | 100 | makepatch (1) |
generate extended patch files |
makepatch
|
V:0, I:0 | 100 | applypatch (1) |
apply extended patch files |
The following procedures extract differences between two source files and
create unified diff files "file.patch0
" or
"file.patch1
" depending on the file location.
$ diff -u file.old file.new > file.patch0 $ diff -u old/file new/file > file.patch1
The diff file (alternatively called patch file) is used to send a program update. The receiving party applies this update to another file by the following.
$ patch -p0 file < file.patch0 $ patch -p1 file < file.patch1
If you have two versions of a source code, you can perform 2-way merge
interactively using imediff
(1) by the following.
$ imediff -o file.merged file.old file.new
If you have three versions of a source code, you can perform 3-way merge
interactively using imediff
(1) by the following.
$ imediff -o file.merged file.yours file.base file.theirs
Git is the tool of choice these days for the version control system (VCS) since Git can do everything for both local and remote source code management.
Debian provides free Git services via Debian Salsa service. Its documentation can be found at https://wiki.debian.org/Salsa .
Berikut adalah beberapa paket terkait Git.
Tabel 10.11. Daftar paket dan perintah terkait git
paket | popcon | ukuran | perintah | deskripsi |
---|---|---|---|---|
git
|
V:325, I:506 | 37790 | git (7) |
Git, the fast, scalable, distributed revision control system |
gitk
|
V:6, I:39 | 1784 | gitk (1) |
Peramban repositori GUI Git dengan riwayat |
git-gui
|
V:1, I:22 | 2378 | git-gui (1) |
GUI untuk Git (Tanpa riwayat) |
git-email
|
V:0, I:11 | 1031 | git-send-email (1) |
mengirim kumpulan patch sebagai surel dari Git |
git-buildpackage
|
V:2, I:11 | 4220 | git-buildpackage (1) |
mengotomatiskan pemaketan Debian dengan Git |
dgit
|
V:0, I:1 | 497 | dgit (1) |
interoperabilitas git dengan arsip Debian |
imediff
|
V:0, I:0 | 169 | git-ime (1) |
interactive git commit split helper tool |
stgit
|
V:0, I:0 | 603 | stg (1) |
quilt on top of git (Python) |
git-doc
|
I:14 | 12246 | T/T | dokumentasi resmi untuk Git |
gitmagic
|
I:1 | 721 | T/T | "Git Magic", easier to understand guide for Git |
You may wish to set several global configuration in
"~/.gitconfig
" such as your name and email address used
by Git by the following.
$ git config --global user.name "Name Surname" $ git config --global user.email yourname@example.com
You may also customize the Git default behavior by the following.
$ git config --global init.defaultBranch main $ git config --global pull.rebase true $ git config --global push.default current
If you are too used to CVS or Subversion commands, you may wish to set several command aliases by the following.
$ git config --global alias.ci "commit -a" $ git config --global alias.co checkout
You can check your global configuration by the following.
$ git config --global --list
Operasi Git melibatkan beberapa data.
The working tree which holds user facing files and you make changes to them.
The changes to be recorded must be explicitly selected and staged to the
index. This is git add
and git rm
commands.
The index which holds staged files.
Staged files will be committed to the local repository upon the subsequent
request. This is git commit
command.
The local repository which holds committed files.
Git records the linked history of the committed data and organizes them as branches in the repository.
The local repository can send data to the remote repository by git
push
command.
The local repository can receive data from the remote repository by
git fetch
and git pull
commands.
The git pull
command performs git
merge
or git rebase
command after git
fetch
command.
Here, git merge
combines two separate branches of history
at the end to a point. (This is default of git pull
without customization and may be good for upstream people who publish branch
to many people.)
Here, git rebase
creates one single branch of sequential
history of the remote branch one followed by the local branch one. (This is
pull.rebase true
customization case and may be good for
rest of us.)
The remote repository which holds committed files.
The communication to the remote repository uses secure communication protocols such as SSH or HTTPS.
The working tree is files outside of the .git/
directory. Files inside of the .git/
directory hold the
index, the local repository data, and some git configuration text files.
Here is an overview of main Git commands.
Tabel 10.12. Perintah Git Utama
Perintah Git | fungsi |
---|---|
git init |
membuat repositori (lokal) |
git clone URL |
clone the remote repository to a local repository with the working tree |
git pull origin main |
update the local main branch by the remote repository
origin |
git add . |
add file(s) in the working tree to the index for pre-existing files in index only |
git add -A . |
add file(s) in the working tree to the index for all files including removals |
git rm namaberkas |
remove file(s) from the working tree and the index |
git commit |
commit staged changes in the index to the local repository |
git commit -a |
add all changes in the working tree to the index and commit them to the local repository (add + commit) |
git push -u origin nama_branch |
update the remote repository origin by the local
branch_name branch (initial invocation) |
git push origin nama_branch |
update the remote repository origin by the local
branch_name branch (subsequent invocation) |
git diff treeish1 treeish2 |
show difference between treeish1 commit and treeish2 commit |
gitk |
GUI display of VCS repository branch history tree |
Berikut adalah tips Git.
Tabel 10.13. Tips Git
Baris perintah Git | fungsi |
---|---|
gitk --all |
see complete Git history and operate on them such as resetting HEAD to another commit, cheery-picking patches, creating tags and branches ... |
git stash |
get the clean working tree without loosing data |
git remote -v |
check settings for remote |
git branch -vv |
check settings for branch |
git status |
show working tree status |
git config -l |
list git settings |
git reset --hard HEAD; git clean -x -d -f |
revert all working tree changes and clean them up completely |
git rm --cached namaberkas |
revert staged index changed by git add filename |
git reflog |
get reference log (useful for recovering commits from the removed branch) |
git branch nama_branch_baru HEAD@{6} |
create a new branch from reflog information |
git remote add remote_baru URL |
add a new_remote remote repository pointed by URL |
git remote rename origin upstream |
rename the remote repository name from origin to
upstream |
git branch -u upstream/nama_branch |
set the remote tracking to the remote repository upstream
and its branch name branch_name . |
git remote set-url origin https://foo/bar.git |
change URL of origin |
git remote set-url --push upstream DISABLED |
disable push to upstream (Edit
.git/config to re-enable) |
git checkout -b topic_branch ; git push -u topic_branch
origin |
make a new topic_branch and push it to
origin |
git branch -m namalama namabaru |
mengganti nama nama cabang lokal |
git push -d origin branch_yang_akan_dihapus |
remove remote branch (new method) |
git push origin :branch_yang_akan_dihapus |
remove remote branch (old method) |
git checkout --orphan unconnected |
create a new unconnected branch |
git fetch upstream foo:upstream-foo |
create a local (possibly orphan) upstream-foo branch as a
copy of foo branch the upstream
repository |
git rebase -i origin/main |
reorder/drop/squish commits from origin/main to clean
branch history |
git reset HEAD^; git commit --amend |
squash last 2 commits into one |
git checkout topic_branch ; git merge --squash topic_branch
|
squash entire topic_branch into a commit |
git fetch --unshallow --update-head-ok origin
'+refs/heads/*:refs/heads/*' |
convert a shallow clone to the full clone of all branches |
git ime |
split the last commit into a series of file-by-file smaller commits
etc. (imediff package required) |
git repack -a -d; git prune |
repack the local repository into single pack (this may limit chance of lost data recovery from erased branch etc.) |
![]() |
Awas |
---|---|
Do not use the tag string with spaces in it even if some tools such as
|
![]() |
Perhatian |
---|---|
If a local branch which has been pushed to remote repository is rebased or
squashed, pushing this branch has risks and requires
|
![]() |
Perhatian |
---|---|
Invoking a |
![]() |
Tip |
---|---|
If there is a executable file |
Lihat yang berikut.
halaman man: git(1)
(/usr/share/doc/git-doc/git.html
)
Manual Pengguna Git
(/usr/share/doc/git-doc/user-manual.html
)
Pengantar tutorial untuk
git (/usr/share/doc/git-doc/gittutorial.html
)
Pengantar tutorial untuk
git: bagian dua
(/usr/share/doc/git-doc/gittutorial-2.html
)
GIT Sehari-hari Dengan Sekitar
20 Perintah
(/usr/share/doc/git-doc/giteveryday.html
)
Git Magic
(/usr/share/doc/gitmagic/html/index.html)
Sistem kontrol versi (VCS) kadang-kadang dikenal sebagai sistem kontrol revisi (RCS), atau manajemen konfigurasi perangkat lunak (SCM).
Berikut adalah ringkasan VCS non-Git lainnya yang terkenal pada sistem Debian.
Tabel 10.14. Daftar alat sistem kontrol versi lainnya
paket | popcon | ukuran | perkakas | Tipe VCS | kommen |
---|---|---|---|---|---|
mercurial
|
V:6, I:41 | 2096 | Mercurial | terdistribusi | DVCS dalam Python dan sebagian C |
darcs
|
V:0, I:7 | 23160 | Darcs | terdistribusi | DVCS dengan aljabar patch cerdas (lambat) |
bzr
|
V:1, I:13 | 28 | Bazaar | terdistribusi | DVCS yang dipengaruhi oleh tla ditulis dalam Python
(historis) |
tla
|
V:0, I:2 | 1011 | GNU arch | terdistribusi | DVCS terutama oleh Tom Lord (historis) |
subversion
|
V:16, I:95 | 4874 | Subversion | remote | "CVS done right", newer standard remote VCS (historic) |
cvs
|
V:4, I:35 | 4620 | CVS | remote | previous standard remote VCS (historic) |
tkcvs
|
V:0, I:1 | 1498 | CVS, … | remote | GUI display of VCS (CVS, Subversion, RCS) repository tree |
rcs
|
V:3, I:17 | 564 | RCS | local | "Unix SCCS done right" (historic) |
cssc
|
V:0, I:2 | 2044 | CSSC | local | klon dari Unix SCCS (historis) |
[4] A write-once media such as CD/DVD-R can prevent overwrite accidents. (See Bagian 9.8, “Data biner” for how to write to the storage media from the shell commandline. GNOME desktop GUI environment gives you easy access via menu: "Places→CD/DVD Creator".)
[5] Some of these data can not be regenerated by entering the same input string to the system.
[6] If you use "~/.vimrc
" instead of
"~/.vim/vimrc
", please substitute accordingly.