TL;DR: Instructions to build a clean Debian package of Tarsnap from source for i386, amd64, armel, armhf architectures.
Tarsnap is described as Online backups for the truly paranoid, created and maintained by Colin Percival, famous for being security officer for FreeBSD for many years, and nowadays member of the FreeBSD security team.
Tarsnap source code is publicy available. To ensure its source code is actually read, cash is offered to people who can report bugs through a bug bounties program
Here is how a security problem is handled: Tarsnap critical security bug. Honesty and transparency at its finest!
Definitively a solution to consider for remote backups for you, paranoid people.
I own a Qnap HS-210 nas, and would like to run tarsnap to have another remote archive of my backups.
This NAS is powered by the Marvell Kirkwood SoC (arm architecture).
The Debian designation of this architecture is armel, subarchitecture Marvell Kirkwood
Build your Tarsnap Debian package
At the moment, no binaries are available for Tarsnap, it must be compiled from source:
Tarsnap Backup Inc. does not examine or verify third-party software; whether you use those ports or compile manually depends on your level of paranoia and/or your ability to read the packaging files to ensure that there are no malicious changes.
So no ready to use Debian packages!
Since I do not like to install software using
make && make install (I like to keep a track of files installed), nor trusting third parties repositories, I’ve started to write a clean Debian source package for Tarsnap, which happens to work on armel architecture (at least).
Also, you can have a look at the Debian source packages files, to check for something malicious, which is not feasible with a binary package found somewhere on the Internet.
Setup your build environment
The first step is to set up your own build environment as well described here: Building ARM Debian packages with pbuilder.
Thanks to the versatlity of pbuilder, with this build environment you can build/cross-compile on an amd64 box the packages for amd64, i386, armel, armhf for all your Debian servers.
The only extra step for me is to use the Jessie Debian version instead of Wheezy:
$ sed -i 's/wheezy/jessie/g /root/.pbuilderrc'
Build the packages
Fetch my Debian source packages files and the sha256 checkums file (GPG signed)
Check the GPG signature and checksums are correct
Build the package for Jessie on armel:
$ OS=debian DIST=jessie ARCH=armel pdebuild
And voilà, package ready to install:
# ls -1 /var/cache/pbuilder/debian-jessie-armel/result tarsnap_1.0.37-1_armel.changes tarsnap_1.0.37-1_armel.deb tarsnap_1.0.37-1.debian.tar.xz tarsnap_1.0.37-1.dsc tarsnap_1.0.37.orig.tar.gz
No, I’m not lazy
I know this may be frustrating that I do not provide Debian binary packages, but I strongly believe that retrieving binary packages from unofficial websites is a bad practice, particularly when it comes to sensitive things: the security of your data.
Also, I don’t have the time to manage a Debian repository, with all the hassle involved. Free time is scarce :)