Update module github.com/restic/restic to v0.18.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/restic/restic	v0.16.4 -> v0.18.0

• PR contains the label that identifies the area, one of: area:operator, area:chart
• If the PR is targeting a Helm chart, add the chart label, e.g. chart:k8up

---

Release Notes

restic/restic (github.com/restic/restic)

v0.18.0: restic 0.18.0

Compare Source

Changelog for restic 0.18.0 (2025-03-27)

The following sections list the changes in restic 0.18.0 relevant to restic users. The changes are ordered by importance.

Summary

• Sec #​5291: Mitigate attack on content-defined chunking algorithm
• Fix #​1843: Correctly restore long filepaths' timestamp on old Windows
• Fix #​2165: Ignore disappeared backup source files
• Fix #​5153: Include root tree when searching using find --tree
• Fix #​5169: Prevent Windows VSS event log 8194 warnings for backup with fs snapshot
• Fix #​5212: Fix duplicate data handling in prune --max-unused
• Fix #​5249: Fix creation of oversized index by repair index --read-all-packs
• Fix #​5259: Fix rare crash in command output
• Chg #​4938: Update dependencies and require Go 1.23 or newer
• Chg #​5162: Promote feature flags
• Enh #​1378: Add JSON support to check command
• Enh #​2511: Support generating shell completions to stdout
• Enh #​3697: Allow excluding online-only cloud files (e.g. OneDrive)
• Enh #​4179: Add sort option to ls command
• Enh #​4433: Change default sort order for find output
• Enh #​4521: Add support for Microsoft Blob Storage access tiers
• Enh #​4942: Add snapshot summary statistics to rewritten snapshots
• Enh #​4948: Format exit errors as JSON when requested
• Enh #​4983: Add SLSA provenance to GHCR container images
• Enh #​5054: Enable compression for ZIP archives in dump command
• Enh #​5081: Add retry mechanism for loading repository config
• Enh #​5089: Allow including/excluding extended file attributes during restore
• Enh #​5092: Show count of deleted files and directories during restore
• Enh #​5109: Make small pack size configurable for prune
• Enh #​5119: Add start and end timestamps to backup JSON output
• Enh #​5131: Add DragonFlyBSD support
• Enh #​5137: Make tag command print which snapshots were modified
• Enh #​5141: Provide clear error message if AZURE_ACCOUNT_NAME is not set
• Enh #​5173: Add experimental S3 cold storage support
• Enh #​5174: Add xattr support for NetBSD 10+
• Enh #​5251: Improve retry handling for flaky rclone backends
• Enh #​52897: Make recover automatically rebuild index when needed

Details

• Security #​5291: Mitigate attack on content-defined chunking algorithm

  Restic uses Rabin Fingerprints for its content-defined chunker. The algorithm relies on a secret polynomial to split files into chunks.

  As shown in the paper "Chunking Attacks on File Backup Services using Content-Defined Chunking" by Boris Alexeev, Colin Percival and Yan X Zhang, an attacker that can observe chunk sizes for a known file can derive the secret polynomial. Knowledge of the polynomial might in some cases allow an attacker to check whether certain large files are stored in a repository.

  A practical attack is nevertheless hard as restic merges multiple chunks into opaque pack files and by default processes multiple files in parallel. This likely prevents an attacker from matching pack files to the attacker-known file and thereby prevents the attack.

  Despite the low chances of a practical attack, restic now has added mitigation that randomizes how chunks are assembled into pack files. This prevents attackers from guessing which chunks are part of a pack file and thereby prevents learning the chunk sizes.

  #​5291 #​5295

• Bugfix #​1843: Correctly restore long filepaths' timestamp on old Windows

  The restore command now correctly restores timestamps for files with paths longer than 256 characters on Windows versions prior to Windows 10 1607.

  #​1843 #​5061

• Bugfix #​2165: Ignore disappeared backup source files

  The backup command now quietly skips files that are removed between directory listing and backup, instead of printing errors like:

  error: lstat /some/file/name: no such file or directory
  

  #​2165 #​3098 #​5143 #​5145

• Bugfix #​5153: Include root tree when searching using find --tree

  The restic find --tree command did not find trees referenced by restic snapshot --json. It now correctly includes the root tree when searching.

  #​5153

• Bugfix #​5169: Prevent Windows VSS event log 8194 warnings for backup with fs snapshot

  When running backup with the --use-fs-snapshot option in Windows with admin rights, event logs like

  Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
  . This is often caused by incorrect security settings in either the writer or requester process.
  
  Operation:
     Gathering Writer Data
  
  Context:
     Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
     Writer Name: System Writer
     Writer Instance ID: {54b151ac-d27d-4628-9cb0-2bc40959f50f}
  

  Are created several times even though the backup itself succeeds. This has now been fixed.

  #​5169 #​5170 https://forum.restic.net/t/windows-shadow-copy-snapshot-vss-unexpected-provider-error/3674/2

• Bugfix #​5212: Fix duplicate data handling in prune --max-unused

  The prune --max-unused size command did not correctly account for duplicate data. If a repository contained a large amount of duplicate data, this could previously result in pruning too little data. This has now been fixed.

  #​5212 https://forum.restic.net/t/restic-not-obeying-max-unused-parameter-on-prune/8879

• Bugfix #​5249: Fix creation of oversized index by repair index --read-all-packs

  Since restic 0.17.0, the new index created by repair index --read-all-packs was written as a single large index. This significantly increased memory usage while loading the index.

  The index is now correctly split into multiple smaller indexes, and repair index now also automatically splits oversized indexes.

  #​5249

• Bugfix #​5259: Fix rare crash in command output

  Some commands could in rare cases crash when trying to print status messages and request retries at the same time, resulting in an error like the following:

  panic: runtime error: slice bounds out of range [468:156]
  [...]
  github.com/restic/restic/internal/ui/termstatus.(*lineWriter).Write(...)
  	/restic/internal/ui/termstatus/stdio_wrapper.go:36 +0x136
  

  This has now been fixed.

  #​5259 #​5300

• Change #​4938: Update dependencies and require Go 1.23 or newer

  We have updated all dependencies. Restic now requires Go 1.23 or newer to build.

  This also disables support for TLS versions older than TLS 1.2. On Windows, restic now requires at least Windows 10 or Windows Server 2016. On macOS, restic now requires at least macOS 11 Big Sur.

  #​4938

• Change #​5162: Promote feature flags

  The deprecate-legacy-index, deprecate-s3-legacy-layout, explicit-s3-anonymous-auth and safe-forget-keep-tags features are now stable and can no longer be disabled. The corresponding feature flags will be removed in restic 0.19.0.

  #​5162

• Enhancement #​1378: Add JSON support to check command

  The check command now supports the --json option to output all statistics in JSON format.

  #​1378 #​5194

• Enhancement #​2511: Support generating shell completions to stdout

  The generate command now supports using - as the filename with the --[shell]-completion option to write the generated output to stdout.

  #​2511 #​5053

• Enhancement #​3697: Allow excluding online-only cloud files (e.g. OneDrive)

  Restic treated files synced using OneDrive Files On-Demand as though they were regular files. This caused issues with VSS and could cause OneDrive to download all files.

  Restic now allows the user to exclude these files when backing up with the --exclude-cloud-files option.

  #​3697 #​4935 #​4990

• Enhancement #​4179: Add sort option to ls command

  The ls -l command output can now be sorted using the new --sort <field> option for the fields name, size, time (same as mtime), mtime, atime, ctime and extension. A --reverse option is also available.

  #​4179 #​5182

• Enhancement #​4433: Change default sort order for find output

  The find command now sorts snapshots from newest to oldest by default. The previous oldest-to-newest order can be restored using the new --reverse option.

  #​4433 #​5184

• Enhancement #​4521: Add support for Microsoft Blob Storage access tiers

  The new -o azure.access-tier=<tier> option allows specifying the access tier (Hot, Cool or Cold) for objects created in Microsoft Blob Storage. If unspecified, the storage account's default tier is used.

  There is no official Archive storage support in restic, use this option at your own risk. To restore any data, it is necessary to manually warm up the required data in the Archive tier.

  #​4521 #​5046

• Enhancement #​4942: Add snapshot summary statistics to rewritten snapshots

  The rewrite command now supports a --snapshot-summary option to add statistics data to snapshots. Only two fields in the summary will be non-zero: TotalFilesProcessed and TotalBytesProcessed.

  For snapshots rewritten using the --exclude options, the summary statistics are updated accordingly.

  #​4942 #​5185

• Enhancement #​4948: Format exit errors as JSON when requested

  Restic now formats error messages as JSON when the --json flag is used.

  #​4948 #​4952

• Enhancement #​4983: Add SLSA provenance to GHCR container images

  Restic's GitHub Container Registry (GHCR) image build workflow now includes SLSA (Supply-chain Levels for Software Artifacts) provenance generation.

  Please see the restic documentation for more information about verifying SLSA provenance.

  #​4983 #​4999

• Enhancement #​5054: Enable compression for ZIP archives in dump command

  The dump command now compresses ZIP archives using the DEFLATE algorithm, reducing the size of exported archives.

  #​5054

• Enhancement #​5081: Add retry mechanism for loading repository config

  Restic now retries loading the repository config file when opening a repository. The init command now also retries backend operations.

  #​5081 #​5095

• Enhancement #​5089: Allow including/excluding extended file attributes during restore

  The restore command now supports the --exclude-xattr and --include-xattr options to control which extended file attributes will be restored. By default, all attributes are restored.

  #​5089 #​5129

• Enhancement #​5092: Show count of deleted files and directories during restore

  The restore command now reports the number of deleted files and directories, both in the regular output and in the files_deleted field of the JSON output.

  #​5092 #​5100

• Enhancement #​5109: Make small pack size configurable for prune

  The prune command now supports the --repack-smaller-than option that allows repacking pack files smaller than a specified size.

  #​5109 #​5183

• Enhancement #​5119: Add start and end timestamps to backup JSON output

  The JSON output of the backup command now includes backup_start and backup_end timestamps, containing the start and end time of the backup.

  #​5119

• Enhancement #​5131: Add DragonFlyBSD support

  Restic can now be compiled on DragonflyBSD.

  #​5131 #​5138

• Enhancement #​5137: Make tag command print which snapshots were modified

  The tag command now outputs which snapshots were modified along with their new snapshot ID. The command supports the --json option for machine-readable output.

  #​5137 #​5144

• Enhancement #​5141: Provide clear error message if AZURE_ACCOUNT_NAME is not set

  If AZURE_ACCOUNT_NAME was not set, commands related to an Azure repository would result in a misleading networking error. Restic now detect this and provides a clear warning that the variable is not defined.

  #​5141

• Enhancement #​5173: Add experimental S3 cold storage support

  Introduce S3 backend options for transitioning pack files from cold to hot storage on S3 and S3-compatible providers. Note: this only works for the prune, copy and restore commands for now.

  This experimental feature is gated behind the "s3-restore" feature flag.

  #​3202 #​2504 #​5173

• Enhancement #​5174: Add xattr support for NetBSD 10+

  Extended attribute support for backup and restore operations is now available on NetBSD version 10 and later.

  #​5174 #​5180

• Enhancement #​5251: Improve retry handling for flaky rclone backends

  Since restic 0.17.0, the backend retry mechanisms rely on backends correctly reporting when a file does not exist. This is not always the case for some rclone backends, which caused restic to stop retrying after the first failure.

  For rclone, failed requests are now retried up to 5 times before giving up.

  #​5251

• Enhancement #​52897: Make recover automatically rebuild index when needed

  When trying to recover data from an interrupted snapshot, it was previously necessary to manually run repair index before runnning recover. This now happens automatically so that only recover is necessary.

  #​52897 #​5296

v0.17.3: restic 0.17.3

Compare Source

Changelog for restic 0.17.3 (2024-11-08)

The following sections list the changes in restic 0.17.3 relevant to restic users. The changes are ordered by importance.

Summary

• Fix #​4971: Fix unusable mount on macOS Sonoma
• Fix #​5003: Fix metadata errors during backup of removable disks on Windows
• Fix #​5101: Do not retry load/list operation if SFTP connection is broken
• Fix #​5107: Fix metadata error on Windows for backups using VSS
• Enh #​5096: Allow prune --dry-run without lock

Details

• Bugfix #​4971: Fix unusable mount on macOS Sonoma

  On macOS Sonoma when using FUSE-T, it was not possible to access files in a mounted repository. This issue is now resolved.

  #​4971 #​5048

• Bugfix #​5003: Fix metadata errors during backup of removable disks on Windows

  Since restic 0.17.0, backing up removable disks on Windows could report errors with retrieving metadata like shown below.

  error: incomplete metadata for d:\filename: get named security info failed with: Access is denied.
  

  This has now been fixed.

  #​5003 #​5123 https://forum.restic.net/t/backing-up-a-folder-from-a-veracrypt-volume-brings-up-errors-since-restic-v17-0/8444

• Bugfix #​5101: Do not retry load/list operation if SFTP connection is broken

  When using restic with the SFTP backend, backend operations that load a file or list files were retried even if the SFTP connection was broken. This has now been fixed.

  #​5101 https://forum.restic.net/t/restic-hanging-on-backup/8559

• Bugfix #​5107: Fix metadata error on Windows for backups using VSS

  Since restic 0.17.2, when creating a backup on Windows using --use-fs-snapshot, restic would report an error like the following:

  error: incomplete metadata for C:\: get EA failed while opening file handle for path \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopyXX\, with: The process cannot access the file because it is being used by another process.
  

  This has now been fixed by correctly handling paths that refer to volume shadow copy snapshots.

  #​5107 #​5110 #​5112

• Enhancement #​5096: Allow prune --dry-run without lock

  The prune --dry-run --no-lock now allows performing a dry-run without locking the repository. Note that if the repository is modified concurrently, prune may return inaccurate statistics or errors.

  #​5096

v0.17.2: restic 0.17.2

Compare Source

Changelog for restic 0.17.2 (2024-10-27)

The following sections list the changes in restic 0.17.2 relevant to restic users. The changes are ordered by importance.

Summary

• Fix #​4004: Support container-level SAS/SAT tokens for Azure backend
• Fix #​5047: Resolve potential error during concurrent cache cleanup
• Fix #​5050: Return error if tag fails to lock repository
• Fix #​5057: Exclude irregular files from backups
• Fix #​5063: Correctly backup extended metadata when using VSS on Windows

Details

• Bugfix #​4004: Support container-level SAS/SAT tokens for Azure backend

  Restic previously expected SAS/SAT tokens to be generated at the account level, which prevented tokens created at the container level from being used to initialize a repository. This caused an error when attempting to initialize a repository with container-level tokens.

  Restic now supports both account-level and container-level SAS/SAT tokens for initializing a repository.

  #​4004 #​5093

• Bugfix #​5047: Resolve potential error during concurrent cache cleanup

  When multiple restic processes ran concurrently, they could compete to remove obsolete snapshots from the local backend cache, sometimes leading to a "no such file or directory" error. Restic now suppresses this error to prevent issues during cache cleanup.

  #​5047

• Bugfix #​5050: Return error if tag fails to lock repository

  Since restic 0.17.0, the tag command did not return an error when it failed to open or lock the repository. This issue has now been fixed.

  #​5050 #​5056

• Bugfix #​5057: Exclude irregular files from backups

  Since restic 0.17.1, files with the type irregular could mistakenly be included in snapshots, especially when backing up special file types on Windows that restic cannot process. This issue has now been fixed.

  Previously, this bug caused the check command to report errors like the following one:

    tree 12345678[...]: node "example.zip" with invalid type "irregular"
  

  To repair affected snapshots, upgrade to restic 0.17.2 and run:

  restic repair snapshots --forget
  

  This will remove the irregular files from the snapshots (creating a new snapshot ID for each of the affected snapshots).

  #​5057 https://forum.restic.net/t/errors-found-by-check-1-invalid-type-irregular-2-ciphertext-verification-failed/8447/2

• Bugfix #​5063: Correctly backup extended metadata when using VSS on Windows

  On Windows, when creating a backup with the --use-fs-snapshot option, restic read extended metadata from the original filesystem path instead of from the snapshot. This could result in errors if files were removed during the backup process.

  This issue has now been resolved.

  #​5063 #​5097 #​5099

v0.17.1: restic 0.17.1

Compare Source

Changelog for restic 0.17.1 (2024-09-05)

The following sections list the changes in restic 0.17.1 relevant to restic users. The changes are ordered by importance.

Summary

• Fix #​2004: Correctly handle volume names in backup command on Windows
• Fix #​4945: Include missing backup error text with --json
• Fix #​4953: Correctly handle long paths on older Windows versions
• Fix #​4957: Fix delayed cancellation of certain commands
• Fix #​4958: Don't ignore metadata-setting errors during restore
• Fix #​4969: Correctly restore timestamp for files with resource forks on macOS
• Fix #​4975: Prevent backup --stdin-from-command from panicking
• Fix #​4980: Skip extended attribute processing on unsupported Windows volumes
• Fix #​5004: Fix spurious "A Required Privilege Is Not Held by the Client" error
• Fix #​5005: Fix rare failures to retry locking a repository
• Fix #​5018: Improve HTTP/2 support for REST backend
• Chg #​4953: Also back up files with incomplete metadata
• Enh #​4795: Display progress bar for restore --verify
• Enh #​4934: Automatically clear removed snapshots from cache
• Enh #​4944: Print JSON-formatted errors during restore --json
• Enh #​4959: Return exit code 12 for "bad password" errors
• Enh #​4970: Make timeout for stuck requests customizable

Details

• Bugfix #​2004: Correctly handle volume names in backup command on Windows

  On Windows, when the specified backup target only included the volume name without a trailing slash, for example, C:, then restoring the resulting snapshot would result in an error. Note that using C:\ as backup target worked correctly.

  Specifying volume names is now handled correctly. To restore snapshots created before this bugfix, use the : syntax. For example, to restore a snapshot with ID 12345678 that backed up C:, use the following command:

  restic restore 12345678:/C/C:./ --target output/folder
  

  #​2004 #​5028

• Bugfix #​4945: Include missing backup error text with --json

  Previously, when running a backup with the --json option, restic failed to include the actual error message in the output, resulting in "error": {} being displayed.

  This has now been fixed, and restic now includes the error text in JSON output.

  #​4945 #​4946

• Bugfix #​4953: Correctly handle long paths on older Windows versions

  On older Windows versions, like Windows Server 2012, restic 0.17.0 failed to back up files with long paths. This problem has now been resolved.

  #​4953 #​4954

• Bugfix #​4957: Fix delayed cancellation of certain commands

  Since restic 0.17.0, some commands did not immediately respond to cancellation via Ctrl-C (SIGINT) and continued running for a short period. The most affected commands were diff,find, ls, stats and rewrite. This is now resolved.

  #​4957 #​4960

• Bugfix #​4958: Don't ignore metadata-setting errors during restore

  Previously, restic used to ignore errors when setting timestamps, attributes, or file modes during a restore. It now reports those errors, except for permission related errors when running without root privileges.

  #​4958

• Bugfix #​4969: Correctly restore timestamp for files with resource forks on macOS

  On macOS, timestamps were not restored for files with resource forks. This has now been fixed.

  #​4969 #​5006

• Bugfix #​4975: Prevent backup --stdin-from-command from panicking

  Restic would previously crash if --stdin-from-command was specified without providing a command. This issue has now been fixed.

  #​4975 #​4976

• Bugfix #​4980: Skip extended attribute processing on unsupported Windows volumes

  With restic 0.17.0, backups of certain Windows paths, such as network drives, failed due to errors while fetching extended attributes.

  Restic now skips extended attribute processing for volumes where they are not supported.

  #​4955 #​4950 #​4980 #​4998

• Bugfix #​5004: Fix spurious "A Required Privilege Is Not Held by the Client" error

  On Windows, creating a backup could sometimes trigger the following error:

  error: nodeFromFileInfo [...]: get named security info failed with: a required privilege is not held by the client.
  

  This has now been fixed.

  #​5004 #​5019

• Bugfix #​5005: Fix rare failures to retry locking a repository

  Restic 0.17.0 could in rare cases fail to retry locking a repository if one of the lock files failed to load, resulting in the error:

  unable to create lock in backend: circuit breaker open for file <lock/1234567890>
  

  This issue has now been addressed. The error handling now properly retries the locking operation. In addition, restic waits a few seconds between locking retries to increase chances of successful locking.

  #​5005 #​5011 #​5012

• Bugfix #​5018: Improve HTTP/2 support for REST backend

  If rest-server tried to gracefully shut down an HTTP/2 connection still in use by the client, it could result in the following error:

  http2: Transport: cannot retry err [http2: Transport received Server's graceful shutdown GOAWAY] after Request.Body was written; define Request.GetBody to avoid this error
  

  This issue has now been resolved.

  #​5018 https://forum.restic.net/t/receiving-http2-goaway-messages-with-windows-restic-v0-17-0/8367

• Change #​4953: Also back up files with incomplete metadata

  If restic failed to read extended metadata for a file or folder during a backup, then the file or folder was not included in the resulting snapshot. Instead, a warning message was printed along with returning exit code 3 once the backup was finished.

  Now, restic also includes items for which the extended metadata could not be read in a snapshot. The warning message has been updated to:

  incomplete metadata for /path/to/file: <details about error>
  

  #​4953 #​4977

• Enhancement #​4795: Display progress bar for restore --verify

  When the restore command is run with --verify, it now displays a progress bar while the verification step is running. The progress bar is not shown when the --json flag is specified.

  #​4795 #​4989

• Enhancement #​4934: Automatically clear removed snapshots from cache

  Previously, restic only removed snapshots from the cache on the host where the forget command was executed. On other hosts that use the same repository, the old snapshots remained in the cache.

  Restic now automatically clears old snapshots from the local cache of the current host.

  #​4934 #​4981

• Enhancement #​4944: Print JSON-formatted errors during restore --json

  Restic used to print any restore errors directly to the console as freeform text messages, even when using the --json option.

  Now, when --json is specified, restic prints them as JSON formatted messages.

  #​4944 #​4946

• Enhancement #​4959: Return exit code 12 for "bad password" errors

  Restic now returns exit code 12 when it cannot open the repository due to an incorrect password.

  #​4959

• Enhancement #​4970: Make timeout for stuck requests customizable

  Restic monitors connections to the backend to detect stuck requests. If a request does not return any data within five minutes, restic assumes the request is stuck and retries it. However, for large repositories this timeout might be insufficient to collect a list of all files, causing the following error:

  List(data) returned error, retrying after 1s: [...]: request timeout

  It is now possible to increase the timeout using the --stuck-request-timeout option.

  #​4970 #​5014

v0.17.0: restic 0.17.0

Compare Source

Changelog for restic 0.17.0 (2024-07-26)

The following sections list the changes in restic 0.17.0 relevant to restic users. The changes are ordered by importance.

Summary

• Fix #​3600: Handle unreadable xattrs in folders above backup source
• Fix #​4209: Fix slow SFTP upload performance
• Fix #​4503: Correct hardlink handling in stats command
• Fix #​4568: Prevent forget --keep-tags <invalid> from deleting all snapshots
• Fix #​4615: Make find not sometimes ignore directories
• Fix #​4656: Properly report ID of newly added keys
• Fix #​4703: Shutdown cleanly when receiving SIGTERM
• Fix #​4709: Correct --no-lock handling of ls and tag commands
• Fix #​4760: Fix possible error on concurrent cache cleanup
• Fix #​4850: Handle UTF-16 password files in key command correctly
• Fix #​4902: Update snapshot summary on rewrite
• Chg #​956: Return exit code 10 and 11 for non-existing and locked repository
• Chg #​4540: Require at least ARMv6 for ARM binaries
• Chg #​4602: Deprecate legacy index format and s3legacy repository layout
• Chg #​4627: Redesign backend error handling to improve reliability
• Chg #​4707: Disable S3 anonymous authentication by default
• Chg #​4744: Include full key ID in JSON output of key list
• Enh #​662: Optionally skip snapshot creation if nothing changed
• Enh #​693: Include snapshot size in snapshots output
• Enh #​805: Add bitrot detection to diff command
• Enh #​828: Improve features of the repair packs command
• Enh #​1786: Support repositories with empty password
• Enh #​2348: Add --delete option to restore command
• Enh #​3067: Add extended options to configure Windows Shadow Copy Service
• Enh #​3406: Improve dump performance for large files
• Enh #​3806: Optimize and make prune command resumable
• Enh #​4006: (alpha) Store deviceID only for hardlinks
• Enh #​4048: Add support for FUSE-T with mount on macOS
• Enh #​4251: Support reading backup from a command's standard output
• Enh #​4287: Support connection to rest-server using unix socket
• Enh #​4354: Significantly reduce prune memory usage
• Enh #​4437: Make check command create non-existent cache directory
• Enh #​4472: Support AWS Assume Role for S3 backend
• Enh #​4547: Add --json option to version command
• Enh #​4549: Add --ncdu option to ls command
• Enh #​4573: Support rewriting host and time metadata in snapshots
• Enh #​4583: Ignore s3.storage-class archive tiers for metadata
• Enh #​4590: Speed up mount command's error detection
• Enh #​4601: Add support for feature flags
• Enh #​4611: Back up more file metadata on Windows
• Enh #​4664: Make ls use message_type field in JSON output
• Enh #​4676: Make key command's actions separate sub-commands
• Enh #​4678: Add --target option to the dump command
• Enh #​4708: Back up and restore SecurityDescriptors on Windows
• Enh #​4733: Allow specifying --host via environment variable
• Enh #​4737: Include snapshot ID in reason field of forget JSON output
• Enh #​4764: Support forgetting all snapshots
• Enh #​4768: Allow specifying custom User-Agent for outgoing requests
• Enh #​4781: Add restore options to read include/exclude patterns from files
• Enh #​4807: Support Extended Attributes on Windows NTFS
• Enh #​4817: Make overwrite behavior of restore customizable
• Enh #​4839: Add dry-run support to restore command

Details

• Bugfix #​3600: Handle unreadable xattrs in folders above backup source

  When backup sources are specified using absolute paths, backup also includes information about the parent folders of the backup sources in the snapshot.

  If the extended attributes for some of these folders could not be read due to missing permissions, this caused the backup to fail. This has now been fixed.

  #​3600 #​4668 https://forum.restic.net/t/parent-directories-above-the-snapshot-source-path-fatal-error-permission-denied/7216

• Bugfix #​4209: Fix slow SFTP upload performance

  Since restic 0.12.1, the upload speed of the sftp backend to a remote server has regressed significantly. This has now been fixed.

  #​4209 #​4782

• Bugfix #​4503: Correct hardlink handling in stats command

  If files on different devices had the same inode ID, the stats command did not correctly calculate the snapshot size. This has now been fixed.

  #​4503 #​4006 https://forum.restic.net/t/possible-bug-in-stats/6461/8

• Bugfix #​4568: Prevent forget --keep-tags <invalid> from deleting all snapshots

  Running forget --keep-tags <invalid>, where <invalid> is a tag that does not exist in the repository, would remove all snapshots. This is especially problematic if the tag name contains a typo.

  The forget command now fails with an error if all snapshots in a snapshot group would be deleted. This prevents the above example from deleting all snapshots.

  It is possible to temporarily disable the new check by setting the environment variable RESTIC_FEATURES=safe-forget-keep-tags=false. Note that this feature flag will be removed in the next minor restic version.

  #​4568 #​4764

• Bugfix #​4615: Make find not sometimes ignore directories

  In some cases, the find command ignored empty or moved directories. This has now been fixed.

  #​4615

• Bugfix #​4656: Properly report ID of newly added keys

  restic key add now reports the ID of the newly added key. This simplifies selecting a specific key using the --key-hint key option.

  #​4656 #​4657

• Bugfix #​4703: Shutdown cleanly when receiving SIGTERM

  Previously, when restic received the SIGTERM signal it would terminate immediately, skipping cleanup and potentially causing issues like stale locks being left behind. This primarily effected containerized restic invocations that use SIGTERM, but could also be triggered via a simple killall restic.

  This has now been fixed, such that restic shuts down cleanly when receiving the SIGTERM signal.

  #​4703

• Bugfix #​4709: Correct --no-lock handling of ls and tag commands

  The ls command never locked the repository. This has now been fixed, with the old behavior still being supported using ls --no-lock. The latter invocation also works with older restic versions.

  The tag command erroneously accepted the --no-lock command. This command now always requires an exclusive lock.

  #​4709

• Bugfix #​4760: Fix possible error on concurrent cache cleanup

  If multiple restic processes concurrently cleaned up no longer existing files from the cache, this could cause some of the processes to fail with an no such file or directory error. This has now been fixed.

  #​4760 #​4761

• Bugfix #​4850: Handle UTF-16 password files in key command correctly

  Previously, key add and key passwd did not properly decode UTF-16 encoded passwords read from a password file. This has now been fixed to correctly match the encoding when opening a repository.

  #​4850 #​4851

• Bugfix #​4902: Update snapshot summary on rewrite

  Restic previously did not recalculate the total number of files and bytes processed when files were excluded from a snapshot by the rewrite command. This has now been fixed.

  #​4902 #​4905

• Change #​956: Return exit code 10 and 11 for non-existing and locked repository

  If a repository does not exist or cannot be locked, restic previously always returned exit code 1. This made it difficult to distinguish these cases from other errors.

  Restic now returns exit code 10 if the repository does not exist, and exit code 11 if the repository could be not locked due to a conflicting lock.

  #​956 #​4884

• Change #​4540: Require at least ARMv6 for ARM binaries

  The official release binaries of restic now require at least ARMv6 support for ARM platforms.

  #​4540 #​4542

• Change #​4602: Deprecate legacy index format and s3legacy repository layout

  Support for the legacy index format used by restic before version 0.2.0 has been deprecated and will be removed in the next minor restic version. You can use restic repair index to update the index to the current format.

  It is possible to temporarily reenable support for the legacy index format by setting the environment variable RESTIC_FEATURES=deprecate-legacy-index=false. Note that this feature flag will be removed in the next minor restic version.

  Support for the s3legacy repository layout used for the S3 backend before restic 0.7.0 has been deprecated and will be removed in the next minor restic version. You can migrate your S3 repository to the current layout using RESTIC_FEATURES=deprecate-s3-legacy-layout=false restic migrate s3_layout.

  It is possible to temporarily reenable support for the s3legacy layout by setting the environment variable RESTIC_FEATURES=deprecate-s3-legacy-layout=false. Note that this feature flag will be removed in the next minor restic version.

  #​4602 #​4724 #​4743

• Change #​4627: Redesign backend error handling to improve reliability

  Restic now downloads pack files in large chunks instead of using a streaming download. This prevents failures due to interrupted streams. The restore command now also retries downloading individual blobs that could not be retrieved.

  HTTP requests that are stuck for more than two minutes while uploading or downloading are now forcibly interrupted. This ensures that stuck requests are retried after a short timeout.

  Attempts to access a missing or truncated file will no longer be retried. This avoids unnecessary retries in those cases. All other backend requests are retried for up to 15 minutes. This ensures that temporarily interrupted network connections can be tolerated.

  If a download yields a corrupt file or blob, then the download will be retried once.

  Most parts of the new backend error handling can temporarily be disabled by setting the environment variable RESTIC_FEATURES=backend-error-redesign=false. Note that this feature flag will be removed in the next minor restic version.

  #​4627 #​4193 #​4515 #​1523 #​4605 #​4792 #​4520 [#​4800](h

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 19 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.23 -> 1.23.0
github.com/minio/minio-go/v7	v7.0.66 -> v7.0.88
golang.org/x/net	v0.23.0 -> v0.37.0
github.com/cespare/xxhash/v2	v2.2.0 -> v2.3.0
github.com/cpuguy83/go-md2man/v2	v2.0.3 -> v2.0.6
github.com/google/go-cmp	v0.6.0 -> v0.7.0
github.com/klauspost/compress	v1.17.4 -> v1.18.0
github.com/klauspost/cpuid/v2	v2.2.6 -> v2.2.9
github.com/rs/xid	v1.5.0 -> v1.6.0
github.com/spf13/cobra	v1.8.0 -> v1.9.1
github.com/spf13/pflag	v1.0.5 -> v1.0.6
golang.org/x/crypto	v0.21.0 -> v0.36.0
golang.org/x/mod	v0.16.0 -> v0.17.0
golang.org/x/oauth2	v0.18.0 -> v0.28.0
golang.org/x/sys	v0.18.0 -> v0.31.0
golang.org/x/term	v0.18.0 -> v0.30.0
golang.org/x/text	v0.14.0 -> v0.23.0
golang.org/x/time	v0.5.0 -> v0.11.0
golang.org/x/tools	v0.19.0 -> v0.21.1-0.20240508182429-e35e4ccd0d2d
google.golang.org/protobuf	v1.33.0 -> v1.36.5