Public | Automated Build

Last pushed: 8 months ago
Short Description
The zero knowledge backup for CloudFleet
Full Description

#+TITLE Parachute: a zero knowledge backup system

  • Installation

    #+NAME: Basic installation of parachute in one command
    #+BEGIN_SRC sh
    bash -x setup/install-parachute.bash
    with the appropiate permissions should enable all the following
    subclauses to be met.
    ** Place chute.asd in ASDF3 system registry
    #+NAME: Configuration of ASDF3 system registry to find blimp-parachute
    mkdir -p ~/.config/common-lisp/source-registry.conf.d/
    cp chute.conf ~/.config/common-lisp/source-registry.conf.d/

** Loading from ASDF

(asdf:load-system :chute)


** Testing from ASDF

(asdf:test-system :chute)


** Loading Quicklisp dependencies

  1. From the shell, download the Quicklisp install shim.
    #+BEGIN_SRC sh

  2. From a Common Lisp implementation, execute the shim.
    #+BEGIN_SRC lisp
    (load "~/quicklisp.lisp")

  3. Install the Quicklisp packages needed by chute.
    #+BEGIN_SRC lisp
    (load (asdf:system-relative-pathname
    (asdf:find-system :chute) "quicklisp-setup.lisp"))

  • Building
    To build an image on arm32 with Docker installed:
    #+BEGIN_SRC sh

    bash make-arm32-dockerfile.bash
    sudo docker build --file Dockerfile-arm32 .


    ** Current version 'v1'
    #+NAME: Fundamental Chute REST API
    --> POST /chute/blob/
    <-- 201 Resource Created or [45]xx Error
-->  GET /chute/blob/<URI>/index.json              
<--  200 Original or 304 Not Modified or [45]xx Error
(index.json) or nil

-->  PUT /chute/blob/<URI>/0    
<--  201 Ok
(json) "true" or "false" 

-->  GET /chute/blob/<URI>/0
<--  200 
(json) SHA256 Hash


Authentication to be handled via HTTP Headers submitted to API.

** Basic transfer of opaque binary data

PUT with 'Byte-range' headers n bytes in m windows. Use timing of
previous sessions to dynamically expand/contract number of bytes in
each PUT request.

Each chunk of a blob is adressed as a URI of the form:


MIME type for PUT content is "application/octet-stream".

  • Client platform arm32
    ** CCL
  • Server platform x64
    ** SBCL
    sbcl-1.3.1 known to work
  • What is to be DONE
    ** DONE BTRFS volume must have ".snapshot/" directory
    CLOSED: [2015-12-14 Mon 13:55]
    • CLOSING NOTE [2015-12-14 Mon 13:55] \
      Should have been completed in the setup procedure. File issue if
      found to be otherwise.
      The CHUTE:SNAPSHOT command will create snapshots under a the specified
      volume (by default "/opt/cloudfleet/data") in a sub-directory named
      ".snapshot/", i.e. for the default in

Therefore, the "/opt/cloudfleet/data/.snapshot/" must exist and be
owned by root. Currently this is done once per node as part of
installation when "setup/add-subvolume.bash" is executed. It should
be made part of the setup done by setting up the encrypted volumes.

** DONE make a hard link to btrfs, setuid
CLOSED: [2015-10-27 Tue 12:44]

  • CLOSING NOTE [2015-10-27 Tue 12:44] \
    Done as setup/make-suid-btfs.bash

DONE stdout/stderr mixing
CLOSED: [2015-11-14 Sat 10:16]

- CLOSING NOTE [2015-11-14 Sat 10:16] \\
  Fixed by specifying separate error/output arguments to CCL:RUN-PROGAM

SBCL/CCL returning different starts of output stream. CCL contains
"At subvolume" which means it is mixing stdout/stderr?

* DONE Use octet streams
CLOSED: [2015-11-19 Thu 10:47]

- CLOSING NOTE [2015-11-19 Thu 10:47] \\
  Resolved by use of octets streams directly on MAKE-BLOB

We should pass the streams we wish to read from, rather than having
RUN-PROGAM construct them for us.

Unfortunately, this doesn't seem to work:

#+BEGIN_SRC lisp
"/bin/ls" nil
:wait nil
:output (ironclad:make-octet-input-stream
(make-array 16 :element-type '(unsigned-byte 8)))
:element-type '(unsigned-byte 8))


complaining about

There is no applicable method for the generic function:

when called with arguments:
(#<IRONCLAD::OCTET-INPUT-STREAM #x3020023CA75D> "chute


Fortunately, CCL:RUN-PROGRAM takes an :ELEMENT-TYPE keyword which
allows us to get octet streams out of the subprocesses.

** DONE parse id for PUT uri from POST
CLOSED: [2015-12-14 Mon 14:09]

  • CLOSING NOTE [2015-12-14 Mon 14:09] \
    Finished with proper implementation of POST followed by subsequent
    PUTs to the unspecified sub-uri namespace.
    TODO Read key from key device
    Propsoal: extract appropiate number of bytes from SHA256 of the LuKS key
    TODO Initialize nonce from random data
    Done. But needs to be verified via a test.
    ** TODO Read domain from /opt/cloudfleet/data/config/

Best implementation: exec a bash process then read its environment table
CLOSED: [2015-12-13 Sun 10:40]

  • CLOSING NOTE [2015-12-13 Sun 10:40] \
    Use CL-FAD routines instead of ASDF.
    Fails until run from the REPL. Unsure what this entails.
    ** TODO Verify basic transfer
    Basic transfer of backups needs to be implemented completely and

* REST Transfer Implementation
Initial mplementation completed. Mocks in place for many other

* Tests of transfer integrity

Transform a given file into a blob


Use results of BTRFS/SEND into a blob

** TODO Future interface for subaddressing components of a blob
For resumable transfers

#+NAME: REST for resumable transfers


            PUT /<URI>/0/<chunk-bytes>/<nth-chunk>
            ->>   201 on success or [345]00 
              (json) "true" or "false"

            GET /<URI>/0/<chunk-bytes>/<nth-chunk>/hash/sha256  
            ->>   20x [345]xx (does 314 make sense?)
              (json) SHA256 Hash


** (at first without byte ranges).
Implementation use HTTP 'Byte-range' header to files attached/detatched via mmap().

TODO Tests for use cases TODO Metadata transcriptions
* URI Scheme for previous link

Docker Pull Command
Source Repository

Comments (0)