Hoist control for exiting script a level up (#348)

* Hoist control for exiting script a level up

* Do not accidentally nil out errors

* Log when running schedule

* Remove duplicate log line

* Warn on cron schedule that will never run

.github/workflows/deploy-docs.yml

@@ -3,9 +3,6 @@ name: Deploy Documenation site to GitHub Pages
 on:
   push:
     branches: ['main']
-    paths:
-      - 'docs/**'
-      - '.github/workflows/deploy-docs.yml'
   workflow_dispatch:
 
 permissions:

.github/workflows/golangci-lint.yml

@@ -18,7 +18,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version: '1.21'
           cache: false
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
@@ -26,7 +26,7 @@ jobs:
           # Require: The version of golangci-lint to use.
           # When `install-mode` is `binary` (default) the value can be v1.2 or v1.2.3 or `latest` to use the latest version.
           # When `install-mode` is `goinstall` the value can be v1.2.3, `latest`, or the hash of a commit.
-          version: v1.57
+          version: v1.54
 
           # Optional: working directory, useful for monorepos
           # working-directory: somedir

.github/workflows/release.yml

@@ -15,38 +15,6 @@ jobs:
       - name: Check out the repo
         uses: actions/checkout@v4
 
-      - name: set Environment Variables
-        id: env
-        run: |
-          echo "NOW=$(date +'%F %Z %T')" >> $GITHUB_ENV
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          # list of Docker images to use as base name for tags
-          images: |
-            offen/docker-volume-backup
-            ghcr.io/offen/docker-volume-backup
-          # define global behaviour for tags
-          flavor: |
-            latest=false
-          # specify one tag which never gets set, to prevent the tag-attribute being empty, as it will fallback to a default
-          tags: |
-            # output v2.42.1-alpha.1 (incl. pre-releases)
-            type=semver,pattern=v{{version}},enable=false
-          labels: |
-            org.opencontainers.image.title=${{github.event.repository.name}}
-            org.opencontainers.image.description=Backup Docker volumes locally or to any S3, WebDAV, Azure Blob Storage, Dropbox or SSH compatible storage
-            org.opencontainers.image.vendor=${{github.repository_owner}}
-            org.opencontainers.image.licenses=MPL-2.0
-            org.opencontainers.image.version=${{github.ref_name}}
-            org.opencontainers.image.created=${{ env.NOW }}
-            org.opencontainers.image.source=${{github.server_url}}/${{github.repository}}
-            org.opencontainers.image.revision=${{github.sha}}
-            org.opencontainers.image.url=https://offen.github.io/docker-volume-backup/
-            org.opencontainers.image.documentation=https://offen.github.io/docker-volume-backup/
-
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
 
@@ -67,7 +35,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract Docker tags
-        id: tags
+        id: meta
         run: |
           version_tag="${{github.ref_name}}"
           tags=($version_tag)
@@ -83,10 +51,9 @@ jobs:
           echo "releases=$releases" >> "$GITHUB_OUTPUT"
 
       - name: Build and push Docker images
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v4
         with:
           context: .
           push: true
           platforms: linux/amd64,linux/arm64,linux/arm/v7
-          tags: ${{ steps.tags.outputs.releases }}
-          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ steps.meta.outputs.releases }}

.github/workflows/unit.yml

@@ -1,21 +0,0 @@
-name: Run Unit Tests
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-jobs:
-  build:
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: '1.22.x'
-      - name: Install dependencies
-        run: go mod download
-      - name: Test with the Go CLI
-        run: go test -v ./...

Dockerfile

@@ -1,7 +1,7 @@
-# Copyright 2022 - offen.software <hioffen@posteo.de>
+# Copyright 2021 - Offen Authors <hioffen@posteo.de>
 # SPDX-License-Identifier: MPL-2.0
 
-FROM golang:1.22-alpine as builder
+FROM golang:1.21-alpine as builder
 
 WORKDIR /app
 COPY . .
@@ -9,12 +9,11 @@ RUN go mod download
 WORKDIR /app/cmd/backup
 RUN go build -o backup .
 
-FROM alpine:3.20
+FROM alpine:3.19
 
 WORKDIR /root
 
-RUN apk add --no-cache ca-certificates && \
-  chmod a+rw /var/lock
+RUN apk add --no-cache ca-certificates
 
 COPY --from=builder /app/cmd/backup/backup /usr/bin/backup
 

README.md

@@ -1,5 +1,5 @@
-<a href="https://www.offen.software/">
-    <img src="https://offen.github.io/press-kit/avatars/avatar-OS-header.svg" alt="offen.software logo" title="offen.software" width="60px"/>
+<a href="https://www.offen.dev/">
+    <img src="https://offen.github.io/press-kit/offen-material/gfx-GitHub-Offen-logo.svg" alt="Offen logo" title="Offen" width="150px"/>
 </a>
 
 # docker-volume-backup
@@ -77,8 +77,3 @@ docker run --rm \
 ```
 
 Alternatively, pass a `--env-file` in order to use a full config as described below.
-
----
-
-Copyright &copy; 2024 <a target="_blank" href="https://www.offen.software">offen.software</a> and contributors.
-Distributed under the <a href="https://github.com/offen/docker-volume-backup/tree/main/LICENSE">MPL-2.0 License</a>.

cmd/backup/archive.go

@@ -1,4 +1,4 @@
-// Copyright 2022 - offen.software <hioffen@posteo.de>
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 // Portions of this file are taken from package `targz`, Copyright (c) 2014 Fredrik Wallgren
@@ -16,22 +16,23 @@ import (
 	"runtime"
 	"strings"
 
-	"github.com/klauspost/compress/zstd"
 	"github.com/klauspost/pgzip"
-	"github.com/offen/docker-volume-backup/internal/errwrap"
+
+	"github.com/klauspost/compress/zstd"
 )
 
 func createArchive(files []string, inputFilePath, outputFilePath string, compression string, compressionConcurrency int) error {
-	_, outputFilePath, err := makeAbsolute(stripTrailingSlashes(inputFilePath), outputFilePath)
+	inputFilePath = stripTrailingSlashes(inputFilePath)
+	inputFilePath, outputFilePath, err := makeAbsolute(inputFilePath, outputFilePath)
 	if err != nil {
-		return errwrap.Wrap(err, "error transposing given file paths")
+		return fmt.Errorf("createArchive: error transposing given file paths: %w", err)
 	}
 	if err := os.MkdirAll(filepath.Dir(outputFilePath), 0755); err != nil {
-		return errwrap.Wrap(err, "error creating output file path")
+		return fmt.Errorf("createArchive: error creating output file path: %w", err)
 	}
 
-	if err := compress(files, outputFilePath, compression, compressionConcurrency); err != nil {
-		return errwrap.Wrap(err, "error creating archive")
+	if err := compress(files, outputFilePath, filepath.Dir(inputFilePath), compression, compressionConcurrency); err != nil {
+		return fmt.Errorf("createArchive: error creating archive: %w", err)
 	}
 
 	return nil
@@ -54,38 +55,38 @@ func makeAbsolute(inputFilePath, outputFilePath string) (string, string, error)
 	return inputFilePath, outputFilePath, err
 }
 
-func compress(paths []string, outFilePath, algo string, concurrency int) error {
+func compress(paths []string, outFilePath, subPath string, algo string, concurrency int) error {
 	file, err := os.Create(outFilePath)
 	if err != nil {
-		return errwrap.Wrap(err, "error creating out file")
+		return fmt.Errorf("compress: error creating out file: %w", err)
 	}
 
 	prefix := path.Dir(outFilePath)
 	compressWriter, err := getCompressionWriter(file, algo, concurrency)
 	if err != nil {
-		return errwrap.Wrap(err, "error getting compression writer")
+		return fmt.Errorf("compress: error getting compression writer: %w", err)
 	}
 	tarWriter := tar.NewWriter(compressWriter)
 
 	for _, p := range paths {
 		if err := writeTarball(p, tarWriter, prefix); err != nil {
-			return errwrap.Wrap(err, fmt.Sprintf("error writing %s to archive", p))
+			return fmt.Errorf("compress: error writing %s to archive: %w", p, err)
 		}
 	}
 
 	err = tarWriter.Close()
 	if err != nil {
-		return errwrap.Wrap(err, "error closing tar writer")
+		return fmt.Errorf("compress: error closing tar writer: %w", err)
 	}
 
 	err = compressWriter.Close()
 	if err != nil {
-		return errwrap.Wrap(err, "error closing compression writer")
+		return fmt.Errorf("compress: error closing compression writer: %w", err)
 	}
 
 	err = file.Close()
 	if err != nil {
-		return errwrap.Wrap(err, "error closing file")
+		return fmt.Errorf("compress: error closing file: %w", err)
 	}
 
 	return nil
@@ -93,12 +94,10 @@ func compress(paths []string, outFilePath, algo string, concurrency int) error {
 
 func getCompressionWriter(file *os.File, algo string, concurrency int) (io.WriteCloser, error) {
 	switch algo {
-	case "none":
-		return &passThroughWriteCloser{file}, nil
 	case "gz":
 		w, err := pgzip.NewWriterLevel(file, 5)
 		if err != nil {
-			return nil, errwrap.Wrap(err, "gzip error")
+			return nil, fmt.Errorf("getCompressionWriter: gzip error: %w", err)
 		}
 
 		if concurrency == 0 {
@@ -106,25 +105,25 @@ func getCompressionWriter(file *os.File, algo string, concurrency int) (io.Write
 		}
 
 		if err := w.SetConcurrency(1<<20, concurrency); err != nil {
-			return nil, errwrap.Wrap(err, "error setting concurrency")
+			return nil, fmt.Errorf("getCompressionWriter: error setting concurrency: %w", err)
 		}
 
 		return w, nil
 	case "zst":
 		compressWriter, err := zstd.NewWriter(file)
 		if err != nil {
-			return nil, errwrap.Wrap(err, "zstd error")
+			return nil, fmt.Errorf("getCompressionWriter: zstd error: %w", err)
 		}
 		return compressWriter, nil
 	default:
-		return nil, errwrap.Wrap(nil, fmt.Sprintf("unsupported compression algorithm: %s", algo))
+		return nil, fmt.Errorf("getCompressionWriter: unsupported compression algorithm: %s", algo)
 	}
 }
 
 func writeTarball(path string, tarWriter *tar.Writer, prefix string) error {
 	fileInfo, err := os.Lstat(path)
 	if err != nil {
-		return errwrap.Wrap(err, fmt.Sprintf("error getting file info for %s", path))
+		return fmt.Errorf("writeTarball: error getting file infor for %s: %w", path, err)
 	}
 
 	if fileInfo.Mode()&os.ModeSocket == os.ModeSocket {
@@ -135,19 +134,19 @@ func writeTarball(path string, tarWriter *tar.Writer, prefix string) error {
 	if fileInfo.Mode()&os.ModeSymlink == os.ModeSymlink {
 		var err error
 		if link, err = os.Readlink(path); err != nil {
-			return errwrap.Wrap(err, fmt.Sprintf("error resolving symlink %s", path))
+			return fmt.Errorf("writeTarball: error resolving symlink %s: %w", path, err)
 		}
 	}
 
 	header, err := tar.FileInfoHeader(fileInfo, link)
 	if err != nil {
-		return errwrap.Wrap(err, "error getting file info header")
+		return fmt.Errorf("writeTarball: error getting file info header: %w", err)
 	}
 	header.Name = strings.TrimPrefix(path, prefix)
 
 	err = tarWriter.WriteHeader(header)
 	if err != nil {
-		return errwrap.Wrap(err, "error writing file info header")
+		return fmt.Errorf("writeTarball: error writing file info header: %w", err)
 	}
 
 	if !fileInfo.Mode().IsRegular() {
@@ -156,26 +155,14 @@ func writeTarball(path string, tarWriter *tar.Writer, prefix string) error {
 
 	file, err := os.Open(path)
 	if err != nil {
-		return errwrap.Wrap(err, fmt.Sprintf("error opening %s", path))
+		return fmt.Errorf("writeTarball: error opening %s: %w", path, err)
 	}
 	defer file.Close()
 
 	_, err = io.Copy(tarWriter, file)
 	if err != nil {
-		return errwrap.Wrap(err, fmt.Sprintf("error copying %s to tar writer", path))
+		return fmt.Errorf("writeTarball: error copying %s to tar writer: %w", path, err)
 	}
 
 	return nil
 }
-
-type passThroughWriteCloser struct {
-	target io.WriteCloser
-}
-
-func (p *passThroughWriteCloser) Write(b []byte) (int, error) {
-	return p.target.Write(b)
-}
-
-func (p *passThroughWriteCloser) Close() error {
-	return nil
-}

cmd/backup/command.go

@@ -1,152 +0,0 @@
-// Copyright 2024 - offen.software <hioffen@posteo.de>
-// SPDX-License-Identifier: MPL-2.0
-
-package main
-
-import (
-	"fmt"
-	"log/slog"
-	"os"
-	"os/signal"
-	"syscall"
-
-	"github.com/offen/docker-volume-backup/internal/errwrap"
-	"github.com/robfig/cron/v3"
-)
-
-type command struct {
-	logger    *slog.Logger
-	schedules []cron.EntryID
-	cr        *cron.Cron
-	reload    chan struct{}
-}
-
-func newCommand() *command {
-	return &command{
-		logger: slog.New(slog.NewTextHandler(os.Stdout, nil)),
-	}
-}
-
-// runAsCommand executes a backup run for each configuration that is available
-// and then returns
-func (c *command) runAsCommand() error {
-	configurations, err := sourceConfiguration(configStrategyEnv)
-	if err != nil {
-		return errwrap.Wrap(err, "error loading env vars")
-	}
-
-	for _, config := range configurations {
-		if err := runScript(config); err != nil {
-			return errwrap.Wrap(err, "error running script")
-		}
-	}
-
-	return nil
-}
-
-type foregroundOpts struct {
-	profileCronExpression string
-}
-
-// runInForeground starts the program as a long running process, scheduling
-// a job for each configuration that is available.
-func (c *command) runInForeground(opts foregroundOpts) error {
-	c.cr = cron.New(
-		cron.WithParser(
-			cron.NewParser(
-				cron.SecondOptional | cron.Minute | cron.Hour | cron.Dom | cron.Month | cron.Dow | cron.Descriptor,
-			),
-		),
-	)
-
-	if err := c.schedule(configStrategyConfd); err != nil {
-		return errwrap.Wrap(err, "error scheduling")
-	}
-
-	if opts.profileCronExpression != "" {
-		if _, err := c.cr.AddFunc(opts.profileCronExpression, c.profile); err != nil {
-			return errwrap.Wrap(err, "error adding profiling job")
-		}
-	}
-
-	var quit = make(chan os.Signal, 1)
-	c.reload = make(chan struct{}, 1)
-	signal.Notify(quit, syscall.SIGTERM, syscall.SIGINT)
-	c.cr.Start()
-
-	for {
-		select {
-		case <-quit:
-			ctx := c.cr.Stop()
-			<-ctx.Done()
-			return nil
-		case <-c.reload:
-			if err := c.schedule(configStrategyConfd); err != nil {
-				return errwrap.Wrap(err, "error reloading configuration")
-			}
-		}
-	}
-}
-
-// schedule wipes all existing schedules and enqueues all schedules available
-// using the given configuration strategy
-func (c *command) schedule(strategy configStrategy) error {
-	for _, id := range c.schedules {
-		c.cr.Remove(id)
-	}
-
-	configurations, err := sourceConfiguration(strategy)
-	if err != nil {
-		return errwrap.Wrap(err, "error sourcing configuration")
-	}
-
-	for _, cfg := range configurations {
-		config := cfg
-		id, err := c.cr.AddFunc(config.BackupCronExpression, func() {
-			c.logger.Info(
-				fmt.Sprintf(
-					"Now running script on schedule %s",
-					config.BackupCronExpression,
-				),
-			)
-
-			if err := runScript(config); err != nil {
-				c.logger.Error(
-					fmt.Sprintf(
-						"Unexpected error running schedule %s: %v",
-						config.BackupCronExpression,
-						errwrap.Unwrap(err),
-					),
-					"error",
-					err,
-				)
-			}
-		})
-
-		if err != nil {
-			return errwrap.Wrap(err, fmt.Sprintf("error adding schedule %s", config.BackupCronExpression))
-		}
-		c.logger.Info(fmt.Sprintf("Successfully scheduled backup %s with expression %s", config.source, config.BackupCronExpression))
-		if ok := checkCronSchedule(config.BackupCronExpression); !ok {
-			c.logger.Warn(
-				fmt.Sprintf("Scheduled cron expression %s will never run, is this intentional?", config.BackupCronExpression),
-			)
-		}
-		c.schedules = append(c.schedules, id)
-	}
-
-	return nil
-}
-
-// must exits the program when passed an error. It should be the only
-// place where the application exits forcefully.
-func (c *command) must(err error) {
-	if err != nil {
-		c.logger.Error(
-			fmt.Sprintf("Fatal error running command: %v", errwrap.Unwrap(err)),
-			"error",
-			err,
-		)
-		os.Exit(1)
-	}
-}

cmd/backup/config.go

@@ -1,4 +1,4 @@
-// Copyright 2022 - offen.software <hioffen@posteo.de>
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 package main
@@ -11,8 +11,6 @@ import (
 	"regexp"
 	"strconv"
 	"time"
-
-	"github.com/offen/docker-volume-backup/internal/errwrap"
 )
 
 // Config holds all configuration values that are expected to be set
@@ -47,9 +45,6 @@ type Config struct {
 	BackupExcludeRegexp           RegexpDecoder   `split_words:"true"`
 	BackupSkipBackendsFromPrune   []string        `split_words:"true"`
 	GpgPassphrase                 string          `split_words:"true"`
-	GpgPublicKeyRing              string          `split_words:"true"`
-	AgePassphrase                 string          `split_words:"true"`
-	AgePublicKeys                 []string        `split_words:"true"`
 	NotificationURLs              []string        `envconfig:"NOTIFICATION_URLS"`
 	NotificationLevel             string          `split_words:"true" default:"error"`
 	EmailNotificationRecipient    string          `split_words:"true"`
@@ -75,11 +70,9 @@ type Config struct {
 	LockTimeout                   time.Duration   `split_words:"true" default:"60m"`
 	AzureStorageAccountName       string          `split_words:"true"`
 	AzureStoragePrimaryAccountKey string          `split_words:"true"`
-	AzureStorageConnectionString  string          `split_words:"true"`
 	AzureStorageContainerName     string          `split_words:"true"`
 	AzureStoragePath              string          `split_words:"true"`
 	AzureStorageEndpoint          string          `split_words:"true" default:"https://{{ .AccountName }}.blob.core.windows.net/"`
-	AzureStorageAccessTier        string          `split_words:"true"`
 	DropboxEndpoint               string          `split_words:"true" default:"https://api.dropbox.com/"`
 	DropboxOAuth2Endpoint         string          `envconfig:"DROPBOX_OAUTH2_ENDPOINT" default:"https://api.dropbox.com/"`
 	DropboxRefreshToken           string          `split_words:"true"`
@@ -87,19 +80,17 @@ type Config struct {
 	DropboxAppSecret              string          `split_words:"true"`
 	DropboxRemotePath             string          `split_words:"true"`
 	DropboxConcurrencyLevel       NaturalNumber   `split_words:"true" default:"6"`
-	source                        string
-	additionalEnvVars             map[string]string
 }
 
 type CompressionType string
 
 func (c *CompressionType) Decode(v string) error {
 	switch v {
-	case "none", "gz", "zst":
+	case "gz", "zst":
 		*c = CompressionType(v)
 		return nil
 	default:
-		return errwrap.Wrap(nil, fmt.Sprintf("error decoding compression type %s", v))
+		return fmt.Errorf("config: error decoding compression type %s", v)
 	}
 }
 
@@ -122,7 +113,7 @@ func (c *CertDecoder) Decode(v string) error {
 	block, _ := pem.Decode(content)
 	cert, err := x509.ParseCertificate(block.Bytes)
 	if err != nil {
-		return errwrap.Wrap(err, "error parsing certificate")
+		return fmt.Errorf("config: error parsing certificate: %w", err)
 	}
 	*c = CertDecoder{Cert: cert}
 	return nil
@@ -138,7 +129,7 @@ func (r *RegexpDecoder) Decode(v string) error {
 	}
 	re, err := regexp.Compile(v)
 	if err != nil {
-		return errwrap.Wrap(err, fmt.Sprintf("error compiling given regexp `%s`", v))
+		return fmt.Errorf("config: error compiling given regexp `%s`: %w", v, err)
 	}
 	*r = RegexpDecoder{Re: re}
 	return nil
@@ -150,10 +141,10 @@ type NaturalNumber int
 func (n *NaturalNumber) Decode(v string) error {
 	asInt, err := strconv.Atoi(v)
 	if err != nil {
-		return errwrap.Wrap(nil, fmt.Sprintf("error converting %s to int", v))
+		return fmt.Errorf("config: error converting %s to int", v)
 	}
 	if asInt <= 0 {
-		return errwrap.Wrap(nil, fmt.Sprintf("expected a natural number, got %d", asInt))
+		return fmt.Errorf("config: expected a natural number, got %d", asInt)
 	}
 	*n = NaturalNumber(asInt)
 	return nil
@@ -169,10 +160,10 @@ type WholeNumber int
 func (n *WholeNumber) Decode(v string) error {
 	asInt, err := strconv.Atoi(v)
 	if err != nil {
-		return errwrap.Wrap(nil, fmt.Sprintf("error converting %s to int", v))
+		return fmt.Errorf("config: error converting %s to int", v)
 	}
 	if asInt < 0 {
-		return errwrap.Wrap(nil, fmt.Sprintf("expected a whole, positive number, including zero. Got %d", asInt))
+		return fmt.Errorf("config: expected a whole, positive number, including zero. Got %d", asInt)
 	}
 	*n = WholeNumber(asInt)
 	return nil
@@ -181,40 +172,3 @@ func (n *WholeNumber) Decode(v string) error {
 func (n *WholeNumber) Int() int {
 	return int(*n)
 }
-
-type envVarLookup struct {
-	ok    bool
-	key   string
-	value string
-}
-
-// applyEnv sets the values in `additionalEnvVars` as environment variables.
-// It returns a function that reverts all values that have been set to its
-// previous state.
-func (c *Config) applyEnv() (func() error, error) {
-	lookups := []envVarLookup{}
-
-	unset := func() error {
-		for _, lookup := range lookups {
-			if !lookup.ok {
-				if err := os.Unsetenv(lookup.key); err != nil {
-					return errwrap.Wrap(err, fmt.Sprintf("error unsetting env var %s", lookup.key))
-				}
-				continue
-			}
-			if err := os.Setenv(lookup.key, lookup.value); err != nil {
-				return errwrap.Wrap(err, fmt.Sprintf("error setting back env var %s", lookup.key))
-			}
-		}
-		return nil
-	}
-
-	for key, value := range c.additionalEnvVars {
-		current, ok := os.LookupEnv(key)
-		lookups = append(lookups, envVarLookup{ok: ok, key: key, value: current})
-		if err := os.Setenv(key, value); err != nil {
-			return unset, errwrap.Wrap(err, "error setting env var")
-		}
-	}
-	return unset, nil
-}

cmd/backup/config_provider.go

@@ -1,54 +1,20 @@
-// Copyright 2024 - offen.software <hioffen@posteo.de>
+// Copyright 2021-2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 package main
 
 import (
-	"bufio"
 	"fmt"
 	"os"
 	"path/filepath"
-	"strings"
 
 	"github.com/joho/godotenv"
-	"github.com/offen/docker-volume-backup/internal/errwrap"
 	"github.com/offen/envconfig"
-	shell "mvdan.cc/sh/v3/shell"
 )
 
-type configStrategy string
-
-const (
-	configStrategyEnv   configStrategy = "env"
-	configStrategyConfd configStrategy = "confd"
-)
-
-// sourceConfiguration returns a list of config objects using the given
-// strategy. It should be the single entrypoint for retrieving configuration
-// for all consumers.
-func sourceConfiguration(strategy configStrategy) ([]*Config, error) {
-	switch strategy {
-	case configStrategyEnv:
-		c, err := loadConfigFromEnvVars()
-		return []*Config{c}, err
-	case configStrategyConfd:
-		cs, err := loadConfigsFromEnvFiles("/etc/dockervolumebackup/conf.d")
-		if err != nil {
-			if os.IsNotExist(err) {
-				return sourceConfiguration(configStrategyEnv)
-			}
-			return nil, errwrap.Wrap(err, "error loading config files")
-		}
-		return cs, nil
-	default:
-		return nil, errwrap.Wrap(nil, fmt.Sprintf("received unknown config strategy: %v", strategy))
-	}
-}
-
 // envProxy is a function that mimics os.LookupEnv but can read values from any other source
 type envProxy func(string) (string, bool)
 
-// loadConfig creates a config object using the given lookup function
 func loadConfig(lookup envProxy) (*Config, error) {
 	envconfig.Lookup = func(key string) (string, bool) {
 		value, okValue := lookup(key)
@@ -72,95 +38,50 @@ func loadConfig(lookup envProxy) (*Config, error) {
 
 	var c = &Config{}
 	if err := envconfig.Process("", c); err != nil {
-		return nil, errwrap.Wrap(err, "failed to process configuration values")
+		return nil, fmt.Errorf("loadConfig: failed to process configuration values: %w", err)
 	}
 
 	return c, nil
 }
 
-func loadConfigFromEnvVars() (*Config, error) {
-	c, err := loadConfig(os.LookupEnv)
-	if err != nil {
-		return nil, errwrap.Wrap(err, "error loading config from environment")
-	}
-	c.source = "from environment"
-	return c, nil
+func loadEnvVars() (*Config, error) {
+	return loadConfig(os.LookupEnv)
 }
 
-func loadConfigsFromEnvFiles(directory string) ([]*Config, error) {
+type configFile struct {
+	name   string
+	config *Config
+}
+
+func loadEnvFiles(directory string) ([]configFile, error) {
 	items, err := os.ReadDir(directory)
 	if err != nil {
 		if os.IsNotExist(err) {
 			return nil, err
 		}
-		return nil, errwrap.Wrap(err, "failed to read files from env directory")
+		return nil, fmt.Errorf("loadEnvFiles: failed to read files from env directory: %w", err)
 	}
 
-	configs := []*Config{}
+	cs := []configFile{}
 	for _, item := range items {
 		if item.IsDir() {
 			continue
 		}
 		p := filepath.Join(directory, item.Name())
-		envFile, err := source(p)
+		envFile, err := godotenv.Read(p)
 		if err != nil {
-			return nil, errwrap.Wrap(err, fmt.Sprintf("error reading config file %s", p))
+			return nil, fmt.Errorf("loadEnvFiles: error reading config file %s: %w", p, err)
 		}
 		lookup := func(key string) (string, bool) {
 			val, ok := envFile[key]
-			if ok {
-				return val, ok
-			}
-			return os.LookupEnv(key)
+			return val, ok
 		}
 		c, err := loadConfig(lookup)
 		if err != nil {
-			return nil, errwrap.Wrap(err, fmt.Sprintf("error loading config from file %s", p))
+			return nil, fmt.Errorf("loadEnvFiles: error loading config from file %s: %w", p, err)
 		}
-		c.source = item.Name()
-		c.additionalEnvVars = envFile
-		configs = append(configs, c)
+		cs = append(cs, configFile{config: c, name: item.Name()})
 	}
 
-	return configs, nil
-}
-
-// source tries to mimic the pre v2.37.0 behavior of calling
-// `set +a; source $path; set -a` and returns the env vars as a map
-func source(path string) (map[string]string, error) {
-	f, err := os.Open(path)
-	if err != nil {
-		return nil, errwrap.Wrap(err, fmt.Sprintf("error opening %s", path))
-	}
-
-	result := map[string]string{}
-	scanner := bufio.NewScanner(f)
-	for scanner.Scan() {
-		line := scanner.Text()
-		line = strings.TrimSpace(line)
-		if strings.HasPrefix(line, "#") {
-			continue
-		}
-		withExpansion, err := shell.Expand(line, nil)
-		if err != nil {
-			return nil, errwrap.Wrap(err, "error expanding env")
-		}
-		m, err := godotenv.Unmarshal(withExpansion)
-		if err != nil {
-			return nil, errwrap.Wrap(err, fmt.Sprintf("error sourcing %s", path))
-		}
-		for key, value := range m {
-			currentValue, currentOk := os.LookupEnv(key)
-			defer func() {
-				if currentOk {
-					os.Setenv(key, currentValue)
-					return
-				}
-				os.Unsetenv(key)
-			}()
-			result[key] = value
-			os.Setenv(key, value)
-		}
-	}
-	return result, nil
+	return cs, nil
 }

cmd/backup/config_provider_test.go

@@ -1,77 +0,0 @@
-package main
-
-import (
-	"os"
-	"reflect"
-	"testing"
-)
-
-func TestSource(t *testing.T) {
-	tests := []struct {
-		name           string
-		input          string
-		expectError    bool
-		expectedOutput map[string]string
-	}{
-		{
-			"default",
-			"testdata/default.env",
-			false,
-			map[string]string{
-				"FOO": "bar",
-				"BAZ": "qux",
-			},
-		},
-		{
-			"not found",
-			"testdata/nope.env",
-			true,
-			nil,
-		},
-		{
-			"braces",
-			"testdata/braces.env",
-			false,
-			map[string]string{
-				"FOO": "qux",
-				"BAR": "xxx",
-				"BAZ": "",
-			},
-		},
-		{
-			"expansion",
-			"testdata/expansion.env",
-			false,
-			map[string]string{
-				"BAR": "xxx",
-				"FOO": "xxx",
-				"BAZ": "xxx",
-				"QUX": "yyy",
-			},
-		},
-		{
-			"comments",
-			"testdata/comments.env",
-			false,
-			map[string]string{
-				"BAR": "xxx",
-				"BAZ": "yyy",
-			},
-		},
-	}
-
-	os.Setenv("QUX", "yyy")
-	defer os.Unsetenv("QUX")
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			result, err := source(test.input)
-			if (err != nil) != test.expectError {
-				t.Errorf("Unexpected error value %v", err)
-			}
-			if !reflect.DeepEqual(test.expectedOutput, result) {
-				t.Errorf("Expected %v, got %v", test.expectedOutput, result)
-			}
-		})
-	}
-}

cmd/backup/copy_archive.go

@@ -1,41 +0,0 @@
-// Copyright 2024 - offen.software <hioffen@posteo.de>
-// SPDX-License-Identifier: MPL-2.0
-
-package main
-
-import (
-	"os"
-	"path"
-
-	"github.com/offen/docker-volume-backup/internal/errwrap"
-	"golang.org/x/sync/errgroup"
-)
-
-// copyArchive makes sure the backup file is copied to both local and remote locations
-// as per the given configuration.
-func (s *script) copyArchive() error {
-	_, name := path.Split(s.file)
-	if stat, err := os.Stat(s.file); err != nil {
-		return errwrap.Wrap(err, "unable to stat backup file")
-	} else {
-		size := stat.Size()
-		s.stats.BackupFile = BackupFileStats{
-			Size:     uint64(size),
-			Name:     name,
-			FullPath: s.file,
-		}
-	}
-
-	eg := errgroup.Group{}
-	for _, backend := range s.storages {
-		b := backend
-		eg.Go(func() error {
-			return b.Copy(s.file)
-		})
-	}
-	if err := eg.Wait(); err != nil {
-		return errwrap.Wrap(err, "error copying archive")
-	}
-
-	return nil
-}

cmd/backup/create_archive.go

@@ -1,88 +0,0 @@
-// Copyright 2024 - offen.software <hioffen@posteo.de>
-// SPDX-License-Identifier: MPL-2.0
-
-package main
-
-import (
-	"fmt"
-	"io/fs"
-	"path/filepath"
-
-	"github.com/offen/docker-volume-backup/internal/errwrap"
-	"github.com/otiai10/copy"
-)
-
-// createArchive creates a tar archive of the configured backup location and
-// saves it to disk.
-func (s *script) createArchive() error {
-	backupSources := s.c.BackupSources
-
-	if s.c.BackupFromSnapshot {
-		s.logger.Warn(
-			"Using BACKUP_FROM_SNAPSHOT has been deprecated and will be removed in the next major version.",
-		)
-		s.logger.Warn(
-			"Please use `archive-pre` and `archive-post` commands to prepare your backup sources. Refer to the documentation for an upgrade guide.",
-		)
-		backupSources = filepath.Join("/tmp", s.c.BackupSources)
-		// copy before compressing guard against a situation where backup folder's content are still growing.
-		s.registerHook(hookLevelPlumbing, func(error) error {
-			if err := remove(backupSources); err != nil {
-				return errwrap.Wrap(err, "error removing snapshot")
-			}
-			s.logger.Info(
-				fmt.Sprintf("Removed snapshot `%s`.", backupSources),
-			)
-			return nil
-		})
-		if err := copy.Copy(s.c.BackupSources, backupSources, copy.Options{
-			PreserveTimes: true,
-			PreserveOwner: true,
-		}); err != nil {
-			return errwrap.Wrap(err, "error creating snapshot")
-		}
-		s.logger.Info(
-			fmt.Sprintf("Created snapshot of `%s` at `%s`.", s.c.BackupSources, backupSources),
-		)
-	}
-
-	tarFile := s.file
-	s.registerHook(hookLevelPlumbing, func(error) error {
-		if err := remove(tarFile); err != nil {
-			return errwrap.Wrap(err, "error removing tar file")
-		}
-		s.logger.Info(
-			fmt.Sprintf("Removed tar file `%s`.", tarFile),
-		)
-		return nil
-	})
-
-	backupPath, err := filepath.Abs(stripTrailingSlashes(backupSources))
-	if err != nil {
-		return errwrap.Wrap(err, "error getting absolute path")
-	}
-
-	var filesEligibleForBackup []string
-	if err := filepath.WalkDir(backupPath, func(path string, di fs.DirEntry, err error) error {
-		if err != nil {
-			return err
-		}
-
-		if s.c.BackupExcludeRegexp.Re != nil && s.c.BackupExcludeRegexp.Re.MatchString(path) {
-			return nil
-		}
-		filesEligibleForBackup = append(filesEligibleForBackup, path)
-		return nil
-	}); err != nil {
-		return errwrap.Wrap(err, "error walking filesystem tree")
-	}
-
-	if err := createArchive(filesEligibleForBackup, backupSources, tarFile, s.c.BackupCompression.String(), s.c.GzipParallelism.Int()); err != nil {
-		return errwrap.Wrap(err, "error compressing backup folder")
-	}
-
-	s.logger.Info(
-		fmt.Sprintf("Created backup of `%s` at `%s`.", backupSources, tarFile),
-	)
-	return nil
-}

cmd/backup/cron.go

@@ -0,0 +1,29 @@
+// Copyright 2024 - Offen Authors <hioffen@posteo.de>
+// SPDX-License-Identifier: MPL-2.0
+
+package main
+
+import (
+	"time"
+
+	"github.com/robfig/cron/v3"
+)
+
+// checkCronSchedule detects whether the given cron expression will actually
+// ever be executed or not.
+func checkCronSchedule(expression string) (ok bool) {
+	defer func() {
+		if err := recover(); err != nil {
+			ok = false
+		}
+	}()
+	sched, err := cron.ParseStandard(expression)
+	if err != nil {
+		ok = false
+		return
+	}
+	now := time.Now()
+	sched.Next(now) // panics when the cron would never run
+	ok = true
+	return
+}

cmd/backup/encrypt_archive.go

@@ -1,212 +0,0 @@
-// Copyright 2024 - offen.software <hioffen@posteo.de>
-// SPDX-License-Identifier: MPL-2.0
-
-package main
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"io"
-	"os"
-	"path"
-
-	"filippo.io/age"
-	"github.com/ProtonMail/go-crypto/openpgp/armor"
-	openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
-	"github.com/offen/docker-volume-backup/internal/errwrap"
-)
-
-func countTrue(b ...bool) int {
-	c := int(0)
-	for _, v := range b {
-		if v {
-			c++
-		}
-	}
-	return c
-}
-
-// encryptArchive encrypts the backup file using PGP and the configured passphrase or publickey(s).
-// In case no passphrase or publickey is given it returns early, leaving the backup file
-// untouched.
-func (s *script) encryptArchive() error {
-	useGPGSymmetric := s.c.GpgPassphrase != ""
-	useGPGAsymmetric := s.c.GpgPublicKeyRing != ""
-	useAgeSymmetric := s.c.AgePassphrase != ""
-	useAgeAsymmetric := len(s.c.AgePublicKeys) > 0
-	switch nconfigured := countTrue(
-		useGPGSymmetric,
-		useGPGAsymmetric,
-		useAgeSymmetric,
-		useAgeAsymmetric,
-	); nconfigured {
-	case 0:
-		return nil
-	case 1:
-		// ok!
-	default:
-		return fmt.Errorf(
-			"error in selecting archive encryption method: expected 0 or 1 to be configured, %d methods are configured",
-			nconfigured,
-		)
-	}
-
-	if useGPGSymmetric {
-		return s.encryptWithGPGSymmetric()
-	} else if useGPGAsymmetric {
-		return s.encryptWithGPGAsymmetric()
-	} else if useAgeSymmetric || useAgeAsymmetric {
-		ar, err := s.getConfiguredAgeRecipients()
-		if err != nil {
-			return errwrap.Wrap(err, "failed to get configured age recipients")
-		}
-		return s.encryptWithAge(ar)
-	}
-	return nil
-}
-
-func (s *script) getConfiguredAgeRecipients() ([]age.Recipient, error) {
-	if s.c.AgePassphrase == "" && len(s.c.AgePublicKeys) == 0 {
-		return nil, fmt.Errorf("no age recipients configured")
-	}
-	recipients := []age.Recipient{}
-	if len(s.c.AgePublicKeys) > 0 {
-		for _, pk := range s.c.AgePublicKeys {
-			pkr, err := age.ParseX25519Recipient(pk)
-			if err != nil {
-				return nil, errwrap.Wrap(err, "failed to parse age public key")
-			}
-			recipients = append(recipients, pkr)
-		}
-	}
-	if s.c.AgePassphrase != "" {
-		if len(recipients) != 0 {
-			return nil, fmt.Errorf("age encryption must only be enabled via passphrase or public key, not both")
-		}
-
-		r, err := age.NewScryptRecipient(s.c.AgePassphrase)
-		if err != nil {
-			return nil, errwrap.Wrap(err, "failed to create scrypt identity from age passphrase")
-		}
-		recipients = append(recipients, r)
-	}
-	return recipients, nil
-}
-
-func (s *script) encryptWithAge(rec []age.Recipient) error {
-	return s.doEncrypt("age", func(ciphertextWriter io.Writer) (io.WriteCloser, error) {
-		return age.Encrypt(ciphertextWriter, rec...)
-	})
-}
-
-func (s *script) encryptWithGPGSymmetric() error {
-	return s.doEncrypt("gpg", func(ciphertextWriter io.Writer) (io.WriteCloser, error) {
-		_, name := path.Split(s.file)
-		return openpgp.SymmetricallyEncrypt(ciphertextWriter, []byte(s.c.GpgPassphrase), &openpgp.FileHints{
-			FileName: name,
-		}, nil)
-	})
-}
-
-type closeAllWriter struct {
-	io.Writer
-	closers []io.Closer
-}
-
-func (c *closeAllWriter) Close() (err error) {
-	for _, cl := range c.closers {
-		err = errors.Join(err, cl.Close())
-	}
-	return
-}
-
-var _ io.WriteCloser = (*closeAllWriter)(nil)
-
-func (s *script) encryptWithGPGAsymmetric() error {
-	return s.doEncrypt("gpg", func(ciphertextWriter io.Writer) (_ io.WriteCloser, outerr error) {
-		entityList, err := openpgp.ReadArmoredKeyRing(bytes.NewReader([]byte(s.c.GpgPublicKeyRing)))
-		if err != nil {
-			return nil, errwrap.Wrap(err, "error parsing armored keyring")
-		}
-
-		armoredWriter, err := armor.Encode(ciphertextWriter, "PGP MESSAGE", nil)
-		if err != nil {
-			return nil, errwrap.Wrap(err, "error preparing encryption")
-		}
-		defer func() {
-			if outerr != nil {
-				_ = armoredWriter.Close()
-			}
-		}()
-
-		_, name := path.Split(s.file)
-		encWriter, err := openpgp.Encrypt(armoredWriter, entityList, nil, nil, &openpgp.FileHints{
-			FileName: name,
-		}, nil)
-		if err != nil {
-			return nil, err
-		}
-		return &closeAllWriter{
-			Writer:  encWriter,
-			closers: []io.Closer{encWriter, armoredWriter},
-		}, nil
-	})
-}
-
-func (s *script) doEncrypt(
-	extension string,
-	encryptor func(ciphertextWriter io.Writer) (io.WriteCloser, error),
-) (outerr error) {
-	encFile := fmt.Sprintf("%s.%s", s.file, extension)
-	s.registerHook(hookLevelPlumbing, func(error) error {
-		if err := remove(encFile); err != nil {
-			return errwrap.Wrap(err, "error removing encrypted file")
-		}
-		s.logger.Info(
-			fmt.Sprintf("Removed encrypted file `%s`.", encFile),
-		)
-		return nil
-	})
-
-	outFile, err := os.Create(encFile)
-	if err != nil {
-		return errwrap.Wrap(err, "error opening out file")
-	}
-	defer func() {
-		if err := outFile.Close(); err != nil {
-			outerr = errors.Join(outerr, errwrap.Wrap(err, "error closing out file"))
-		}
-	}()
-
-	dst, err := encryptor(outFile)
-	if err != nil {
-		return errwrap.Wrap(err, "error encrypting backup file")
-	}
-	defer func() {
-		if err := dst.Close(); err != nil {
-			outerr = errors.Join(outerr, errwrap.Wrap(err, "error closing encrypted backup file"))
-		}
-	}()
-
-	src, err := os.Open(s.file)
-	if err != nil {
-		return errwrap.Wrap(err, fmt.Sprintf("error opening backup file %q", s.file))
-	}
-	defer func() {
-		if err := src.Close(); err != nil {
-			outerr = errors.Join(outerr, errwrap.Wrap(err, "error closing backup file"))
-		}
-	}()
-
-	if _, err := io.Copy(dst, src); err != nil {
-		return errwrap.Wrap(err, "error writing ciphertext to file")
-	}
-
-	s.file = encFile
-	s.logger.Info(
-		fmt.Sprintf("Encrypted backup using %q, saving as %q", extension, s.file),
-	)
-
-	return
-}

cmd/backup/exec.go

@@ -1,4 +1,4 @@
-// Copyright 2022 - offen.software <hioffen@posteo.de>
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 // Portions of this file are taken and adapted from `moby`, Copyright 2012-2017 Docker, Inc.
@@ -9,17 +9,15 @@ package main
 import (
 	"bytes"
 	"context"
-	"errors"
 	"fmt"
 	"io"
 	"os"
 	"strings"
 
 	"github.com/cosiner/argv"
-	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/pkg/stdcopy"
-	"github.com/offen/docker-volume-backup/internal/errwrap"
 	"golang.org/x/sync/errgroup"
 )
 
@@ -28,7 +26,7 @@ func (s *script) exec(containerRef string, command string, user string) ([]byte,
 	commandEnv := []string{
 		fmt.Sprintf("COMMAND_RUNTIME_ARCHIVE_FILEPATH=%s", s.file),
 	}
-	execID, err := s.cli.ContainerExecCreate(context.Background(), containerRef, container.ExecOptions{
+	execID, err := s.cli.ContainerExecCreate(context.Background(), containerRef, types.ExecConfig{
 		Cmd:          args[0],
 		AttachStdin:  true,
 		AttachStderr: true,
@@ -36,51 +34,43 @@ func (s *script) exec(containerRef string, command string, user string) ([]byte,
 		User:         user,
 	})
 	if err != nil {
-		return nil, nil, errwrap.Wrap(err, "error creating container exec")
+		return nil, nil, fmt.Errorf("exec: error creating container exec: %w", err)
 	}
 
-	resp, err := s.cli.ContainerExecAttach(context.Background(), execID.ID, container.ExecStartOptions{})
+	resp, err := s.cli.ContainerExecAttach(context.Background(), execID.ID, types.ExecStartCheck{})
 	if err != nil {
-		return nil, nil, errwrap.Wrap(err, "error attaching container exec")
+		return nil, nil, fmt.Errorf("exec: error attaching container exec: %w", err)
 	}
 	defer resp.Close()
 
-	var outBuf, errBuf, fullRespBuf bytes.Buffer
+	var outBuf, errBuf bytes.Buffer
 	outputDone := make(chan error)
 
-	tee := io.TeeReader(resp.Reader, &fullRespBuf)
-
 	go func() {
-		_, err := stdcopy.StdCopy(&outBuf, &errBuf, tee)
+		_, err := stdcopy.StdCopy(&outBuf, &errBuf, resp.Reader)
 		outputDone <- err
 	}()
 
 	if err := <-outputDone; err != nil {
-		if body, bErr := io.ReadAll(&fullRespBuf); bErr == nil {
-			// if possible, try to append the exec output to the error
-			// as it's likely to be more relevant for users than the error from
-			// calling stdcopy.Copy
-			err = errwrap.Wrap(errors.New(string(body)), err.Error())
-		}
-		return nil, nil, errwrap.Wrap(err, "error demultiplexing output")
+		return nil, nil, fmt.Errorf("exec: error demultiplexing output: %w", err)
 	}
 
 	stdout, err := io.ReadAll(&outBuf)
 	if err != nil {
-		return nil, nil, errwrap.Wrap(err, "error reading stdout")
+		return nil, nil, fmt.Errorf("exec: error reading stdout: %w", err)
 	}
 	stderr, err := io.ReadAll(&errBuf)
 	if err != nil {
-		return nil, nil, errwrap.Wrap(err, "error reading stderr")
+		return nil, nil, fmt.Errorf("exec: error reading stderr: %w", err)
 	}
 
 	res, err := s.cli.ContainerExecInspect(context.Background(), execID.ID)
 	if err != nil {
-		return nil, nil, errwrap.Wrap(err, "error inspecting container exec")
+		return nil, nil, fmt.Errorf("exec: error inspecting container exec: %w", err)
 	}
 
 	if res.ExitCode > 0 {
-		return stdout, stderr, errwrap.Wrap(nil, fmt.Sprintf("running command exited %d", res.ExitCode))
+		return stdout, stderr, fmt.Errorf("exec: running command exited %d", res.ExitCode)
 	}
 
 	return stdout, stderr, nil
@@ -96,11 +86,11 @@ func (s *script) runLabeledCommands(label string) error {
 			Value: fmt.Sprintf("docker-volume-backup.exec-label=%s", s.c.ExecLabel),
 		})
 	}
-	containersWithCommand, err := s.cli.ContainerList(context.Background(), container.ListOptions{
+	containersWithCommand, err := s.cli.ContainerList(context.Background(), types.ContainerListOptions{
 		Filters: filters.NewArgs(f...),
 	})
 	if err != nil {
-		return errwrap.Wrap(err, "error querying for containers")
+		return fmt.Errorf("runLabeledCommands: error querying for containers: %w", err)
 	}
 
 	var hasDeprecatedContainers bool
@@ -109,11 +99,11 @@ func (s *script) runLabeledCommands(label string) error {
 			Key:   "label",
 			Value: "docker-volume-backup.exec-pre",
 		}
-		deprecatedContainers, err := s.cli.ContainerList(context.Background(), container.ListOptions{
+		deprecatedContainers, err := s.cli.ContainerList(context.Background(), types.ContainerListOptions{
 			Filters: filters.NewArgs(f...),
 		})
 		if err != nil {
-			return errwrap.Wrap(err, "error querying for containers")
+			return fmt.Errorf("runLabeledCommands: error querying for containers: %w", err)
 		}
 		if len(deprecatedContainers) != 0 {
 			hasDeprecatedContainers = true
@@ -126,11 +116,11 @@ func (s *script) runLabeledCommands(label string) error {
 			Key:   "label",
 			Value: "docker-volume-backup.exec-post",
 		}
-		deprecatedContainers, err := s.cli.ContainerList(context.Background(), container.ListOptions{
+		deprecatedContainers, err := s.cli.ContainerList(context.Background(), types.ContainerListOptions{
 			Filters: filters.NewArgs(f...),
 		})
 		if err != nil {
-			return errwrap.Wrap(err, "error querying for containers")
+			return fmt.Errorf("runLabeledCommands: error querying for containers: %w", err)
 		}
 		if len(deprecatedContainers) != 0 {
 			hasDeprecatedContainers = true
@@ -173,14 +163,14 @@ func (s *script) runLabeledCommands(label string) error {
 				os.Stdout.Write(stdout)
 			}
 			if err != nil {
-				return errwrap.Wrap(err, "error executing command")
+				return fmt.Errorf("runLabeledCommands: error executing command: %w", err)
 			}
 			return nil
 		})
 	}
 
 	if err := g.Wait(); err != nil {
-		return errwrap.Wrap(err, "error from errgroup")
+		return fmt.Errorf("runLabeledCommands: error from errgroup: %w", err)
 	}
 	return nil
 }
@@ -200,12 +190,13 @@ func (s *script) withLabeledCommands(step lifecyclePhase, cb func() error) func(
 	}
 	return func() (err error) {
 		if err = s.runLabeledCommands(fmt.Sprintf("docker-volume-backup.%s-pre", step)); err != nil {
-			err = errwrap.Wrap(err, fmt.Sprintf("error running %s-pre commands", step))
+			err = fmt.Errorf("withLabeledCommands: %s: error running pre commands: %w", step, err)
 			return
 		}
 		defer func() {
-			if derr := s.runLabeledCommands(fmt.Sprintf("docker-volume-backup.%s-post", step)); derr != nil {
-				err = errors.Join(err, errwrap.Wrap(derr, fmt.Sprintf("error running %s-post commands", step)))
+			derr := s.runLabeledCommands(fmt.Sprintf("docker-volume-backup.%s-post", step))
+			if err == nil && derr != nil {
+				err = derr
 			}
 		}()
 		err = cb()

cmd/backup/hooks.go

@@ -1,13 +1,12 @@
-// Copyright 2022 - offen.software <hioffen@posteo.de>
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 package main
 
 import (
 	"errors"
+	"fmt"
 	"sort"
-
-	"github.com/offen/docker-volume-backup/internal/errwrap"
 )
 
 // hook contains a queued action that can be trigger them when the script
@@ -48,7 +47,7 @@ func (s *script) runHooks(err error) error {
 			continue
 		}
 		if actionErr := hook.action(err); actionErr != nil {
-			actionErrors = append(actionErrors, errwrap.Wrap(actionErr, "error running hook"))
+			actionErrors = append(actionErrors, fmt.Errorf("runHooks: error running hook: %w", actionErr))
 		}
 	}
 	if len(actionErrors) != 0 {

cmd/backup/lock.go

@@ -1,14 +1,14 @@
-// Copyright 2022 - offen.software <hioffen@posteo.de>
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 package main
 
 import (
+	"errors"
 	"fmt"
 	"time"
 
 	"github.com/gofrs/flock"
-	"github.com/offen/docker-volume-backup/internal/errwrap"
 )
 
 // lock opens a lockfile at the given location, keeping it locked until the
@@ -31,7 +31,7 @@ func (s *script) lock(lockfile string) (func() error, error) {
 	for {
 		acquired, err := fileLock.TryLock()
 		if err != nil {
-			return noop, errwrap.Wrap(err, "error trying to lock")
+			return noop, fmt.Errorf("lock: error trying to lock: %w", err)
 		}
 		if acquired {
 			if s.encounteredLock {
@@ -54,7 +54,7 @@ func (s *script) lock(lockfile string) (func() error, error) {
 		case <-retry.C:
 			continue
 		case <-deadline.C:
-			return noop, errwrap.Wrap(nil, "timed out waiting for lockfile to become available")
+			return noop, errors.New("lock: timed out waiting for lockfile to become available")
 		}
 	}
 }

cmd/backup/main.go

@@ -1,23 +1,224 @@
-// Copyright 2021-2022 - offen.software <hioffen@posteo.de>
+// Copyright 2021-2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 package main
 
 import (
 	"flag"
+	"fmt"
+	"log/slog"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/robfig/cron/v3"
 )
 
+type command struct {
+	logger *slog.Logger
+}
+
+func newCommand() *command {
+	return &command{
+		logger: slog.New(slog.NewTextHandler(os.Stdout, nil)),
+	}
+}
+
+func (c *command) must(err error) {
+	if err != nil {
+		c.logger.Error(
+			fmt.Sprintf("Fatal error running command: %v", err),
+			"error",
+			err,
+		)
+		os.Exit(1)
+	}
+}
+
+func runScript(c *Config) (err error) {
+	defer func() {
+		if derr := recover(); derr != nil {
+			err = fmt.Errorf("runScript: unexpected panic running script: %v", err)
+		}
+	}()
+
+	s, err := newScript(c)
+	if err != nil {
+		err = fmt.Errorf("runScript: error instantiating script: %w", err)
+		return
+	}
+
+	runErr := func() (err error) {
+		unlock, err := s.lock("/var/lock/dockervolumebackup.lock")
+		if err != nil {
+			err = fmt.Errorf("runScript: error acquiring file lock: %w", err)
+			return
+		}
+
+		defer func() {
+			derr := unlock()
+			if err == nil && derr != nil {
+				err = fmt.Errorf("runScript: error releasing file lock: %w", derr)
+			}
+		}()
+
+		scriptErr := func() error {
+			if err := s.withLabeledCommands(lifecyclePhaseArchive, func() (err error) {
+				restartContainersAndServices, err := s.stopContainersAndServices()
+				// The mechanism for restarting containers is not using hooks as it
+				// should happen as soon as possible (i.e. before uploading backups or
+				// similar).
+				defer func() {
+					derr := restartContainersAndServices()
+					if err == nil {
+						err = derr
+					}
+				}()
+				if err != nil {
+					return
+				}
+				err = s.createArchive()
+				return
+			})(); err != nil {
+				return err
+			}
+
+			if err := s.withLabeledCommands(lifecyclePhaseProcess, s.encryptArchive)(); err != nil {
+				return err
+			}
+			if err := s.withLabeledCommands(lifecyclePhaseCopy, s.copyArchive)(); err != nil {
+				return err
+			}
+			if err := s.withLabeledCommands(lifecyclePhasePrune, s.pruneBackups)(); err != nil {
+				return err
+			}
+			return nil
+		}()
+
+		if hookErr := s.runHooks(scriptErr); hookErr != nil {
+			if scriptErr != nil {
+				return fmt.Errorf(
+					"runScript: error %w executing the script followed by %w calling the registered hooks",
+					scriptErr,
+					hookErr,
+				)
+			}
+			return fmt.Errorf(
+				"runScript: the script ran successfully, but an error occurred calling the registered hooks: %w",
+				hookErr,
+			)
+		}
+		if scriptErr != nil {
+			return fmt.Errorf("runScript: error running script: %w", scriptErr)
+		}
+		return nil
+	}()
+
+	if runErr != nil {
+		s.logger.Error(
+			fmt.Sprintf("Script run failed: %v", runErr), "error", runErr,
+		)
+	}
+	return runErr
+}
+
+func (c *command) runInForeground() error {
+	cr := cron.New(
+		cron.WithParser(
+			cron.NewParser(
+				cron.SecondOptional | cron.Minute | cron.Hour | cron.Dom | cron.Month | cron.Dow | cron.Descriptor,
+			),
+		),
+	)
+
+	addJob := func(config *Config, name string) error {
+		if _, err := cr.AddFunc(config.BackupCronExpression, func() {
+			c.logger.Info(
+				fmt.Sprintf(
+					"Now running script on schedule %s",
+					config.BackupCronExpression,
+				),
+			)
+			if err := runScript(config); err != nil {
+				c.logger.Error(
+					fmt.Sprintf(
+						"Unexpected error running schedule %s: %v",
+						config.BackupCronExpression,
+						err,
+					),
+					"error",
+					err,
+				)
+			}
+		}); err != nil {
+			return fmt.Errorf("addJob: error adding schedule %s: %w", config.BackupCronExpression, err)
+		}
+
+		c.logger.Info(fmt.Sprintf("Successfully scheduled backup %s with expression %s", name, config.BackupCronExpression))
+		if ok := checkCronSchedule(config.BackupCronExpression); !ok {
+			c.logger.Warn(
+				fmt.Sprintf("Scheduled cron expression %s will never run, is this intentional?", config.BackupCronExpression),
+			)
+		}
+
+		return nil
+	}
+
+	cs, err := loadEnvFiles("/etc/dockervolumebackup/conf.d")
+	if err != nil {
+		if !os.IsNotExist(err) {
+			return fmt.Errorf("runInForeground: could not load config from environment files: %w", err)
+		}
+
+		c, err := loadEnvVars()
+		if err != nil {
+			return fmt.Errorf("runInForeground: could not load config from environment variables: %w", err)
+		} else {
+			err = addJob(c, "from environment")
+			if err != nil {
+				return fmt.Errorf("runInForeground: error adding job from env: %w", err)
+			}
+		}
+	} else {
+		c.logger.Info("/etc/dockervolumebackup/conf.d was found, using configuration files from this directory.")
+		for _, config := range cs {
+			err = addJob(config.config, config.name)
+			if err != nil {
+				return fmt.Errorf("runInForeground: error adding jobs from conf files: %w", err)
+			}
+		}
+	}
+
+	var quit = make(chan os.Signal, 1)
+	signal.Notify(quit, syscall.SIGTERM, syscall.SIGINT)
+	cr.Start()
+	<-quit
+	ctx := cr.Stop()
+	<-ctx.Done()
+
+	return nil
+}
+
+func (c *command) runAsCommand() error {
+	config, err := loadEnvVars()
+	if err != nil {
+		return fmt.Errorf("runAsCommand: error loading env vars: %w", err)
+	}
+	err = runScript(config)
+	if err != nil {
+		return fmt.Errorf("runAsCommand: error running script: %w", err)
+	}
+
+	return nil
+}
+
 func main() {
 	foreground := flag.Bool("foreground", false, "run the tool in the foreground")
-	profile := flag.String("profile", "", "collect runtime metrics and log them periodically on the given cron expression")
 	flag.Parse()
 
 	c := newCommand()
 	if *foreground {
-		opts := foregroundOpts{
-			profileCronExpression: *profile,
-		}
-		c.must(c.runInForeground(opts))
+		c.must(c.runInForeground())
 	} else {
 		c.must(c.runAsCommand())
 	}

cmd/backup/notifications.go

@@ -1,4 +1,4 @@
-// Copyright 2022 - offen.software <hioffen@posteo.de>
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 package main
@@ -14,7 +14,6 @@ import (
 	"time"
 
 	sTypes "github.com/containrrr/shoutrrr/pkg/types"
-	"github.com/offen/docker-volume-backup/internal/errwrap"
 )
 
 //go:embed notifications.tmpl
@@ -38,16 +37,16 @@ func (s *script) notify(titleTemplate string, bodyTemplate string, err error) er
 
 	titleBuf := &bytes.Buffer{}
 	if err := s.template.ExecuteTemplate(titleBuf, titleTemplate, params); err != nil {
-		return errwrap.Wrap(err, fmt.Sprintf("error executing %s template", titleTemplate))
+		return fmt.Errorf("notify: error executing %s template: %w", titleTemplate, err)
 	}
 
 	bodyBuf := &bytes.Buffer{}
 	if err := s.template.ExecuteTemplate(bodyBuf, bodyTemplate, params); err != nil {
-		return errwrap.Wrap(err, fmt.Sprintf("error executing %s template", bodyTemplate))
+		return fmt.Errorf("notify: error executing %s template: %w", bodyTemplate, err)
 	}
 
 	if err := s.sendNotification(titleBuf.String(), bodyBuf.String()); err != nil {
-		return errwrap.Wrap(err, "error sending notification")
+		return fmt.Errorf("notify: error notifying: %w", err)
 	}
 	return nil
 }
@@ -71,7 +70,7 @@ func (s *script) sendNotification(title, body string) error {
 		}
 	}
 	if len(errs) != 0 {
-		return errwrap.Wrap(errors.Join(errs...), "error sending message")
+		return fmt.Errorf("sendNotification: error sending message: %w", errors.Join(errs...))
 	}
 	return nil
 }

cmd/backup/profile.go

@@ -1,24 +0,0 @@
-// Copyright 2024 - offen.software <hioffen@posteo.de>
-// SPDX-License-Identifier: MPL-2.0
-
-package main
-
-import "runtime"
-
-func (c *command) profile() {
-	memStats := runtime.MemStats{}
-	runtime.ReadMemStats(&memStats)
-	c.logger.Info(
-		"Collecting runtime information",
-		"num_goroutines",
-		runtime.NumGoroutine(),
-		"memory_heap_alloc",
-		formatBytes(memStats.HeapAlloc, false),
-		"memory_heap_inuse",
-		formatBytes(memStats.HeapInuse, false),
-		"memory_heap_sys",
-		formatBytes(memStats.HeapSys, false),
-		"memory_heap_objects",
-		memStats.HeapObjects,
-	)
-}

cmd/backup/prune_backups.go

@@ -1,66 +0,0 @@
-// Copyright 2024 - offen.software <hioffen@posteo.de>
-// SPDX-License-Identifier: MPL-2.0
-
-package main
-
-import (
-	"fmt"
-	"slices"
-	"strings"
-	"time"
-
-	"github.com/offen/docker-volume-backup/internal/errwrap"
-	"golang.org/x/sync/errgroup"
-)
-
-// pruneBackups rotates away backups from local and remote storages using
-// the given configuration. In case the given configuration would delete all
-// backups, it does nothing instead and logs a warning.
-func (s *script) pruneBackups() error {
-	if s.c.BackupRetentionDays < 0 {
-		return nil
-	}
-
-	deadline := time.Now().AddDate(0, 0, -int(s.c.BackupRetentionDays)).Add(s.c.BackupPruningLeeway)
-
-	eg := errgroup.Group{}
-	for _, backend := range s.storages {
-		b := backend
-		eg.Go(func() error {
-			if skipPrune(b.Name(), s.c.BackupSkipBackendsFromPrune) {
-				s.logger.Info(
-					fmt.Sprintf("Skipping pruning for backend `%s`.", b.Name()),
-				)
-				return nil
-			}
-			stats, err := b.Prune(deadline, s.c.BackupPruningPrefix)
-			if err != nil {
-				return err
-			}
-			s.stats.Lock()
-			s.stats.Storages[b.Name()] = StorageStats{
-				Total:  stats.Total,
-				Pruned: stats.Pruned,
-			}
-			s.stats.Unlock()
-			return nil
-		})
-	}
-
-	if err := eg.Wait(); err != nil {
-		return errwrap.Wrap(err, "error pruning backups")
-	}
-
-	return nil
-}
-
-// skipPrune returns true if the given backend name is contained in the
-// list of skipped backends.
-func skipPrune(name string, skippedBackends []string) bool {
-	return slices.ContainsFunc(
-		skippedBackends,
-		func(b string) bool {
-			return strings.EqualFold(b, name) // ignore case on both sides
-		},
-	)
-}

cmd/backup/run_script.go

@@ -1,113 +0,0 @@
-// Copyright 2024 - offen.software <hioffen@posteo.de>
-// SPDX-License-Identifier: MPL-2.0
-
-package main
-
-import (
-	"errors"
-	"fmt"
-	"runtime/debug"
-
-	"github.com/offen/docker-volume-backup/internal/errwrap"
-)
-
-// runScript instantiates a new script object and orchestrates a backup run.
-// To ensure it runs mutually exclusive a global file lock is acquired before
-// it starts running. Any panic within the script will be recovered and returned
-// as an error.
-func runScript(c *Config) (err error) {
-	defer func() {
-		if derr := recover(); derr != nil {
-			fmt.Printf("%s: %s\n", derr, debug.Stack())
-			asErr, ok := derr.(error)
-			if ok {
-				err = errwrap.Wrap(asErr, "unexpected panic running script")
-			} else {
-				err = errwrap.Wrap(nil, fmt.Sprintf("%v", derr))
-			}
-		}
-	}()
-
-	s := newScript(c)
-
-	unlock, lockErr := s.lock("/var/lock/dockervolumebackup.lock")
-	if lockErr != nil {
-		err = errwrap.Wrap(lockErr, "error acquiring file lock")
-		return
-	}
-	defer func() {
-		if derr := unlock(); derr != nil {
-			err = errors.Join(err, errwrap.Wrap(derr, "error releasing file lock"))
-		}
-	}()
-
-	unset, err := s.c.applyEnv()
-	if err != nil {
-		return errwrap.Wrap(err, "error applying env")
-	}
-	defer func() {
-		if derr := unset(); derr != nil {
-			err = errors.Join(err, errwrap.Wrap(derr, "error unsetting environment variables"))
-		}
-	}()
-
-	if initErr := s.init(); initErr != nil {
-		err = errwrap.Wrap(initErr, "error instantiating script")
-		return
-	}
-
-	return func() (err error) {
-		scriptErr := func() error {
-			if err := s.withLabeledCommands(lifecyclePhaseArchive, func() (err error) {
-				restartContainersAndServices, err := s.stopContainersAndServices()
-				// The mechanism for restarting containers is not using hooks as it
-				// should happen as soon as possible (i.e. before uploading backups or
-				// similar).
-				defer func() {
-					if derr := restartContainersAndServices(); derr != nil {
-						err = errors.Join(err, errwrap.Wrap(derr, "error restarting containers and services"))
-					}
-				}()
-				if err != nil {
-					return
-				}
-				err = s.createArchive()
-				return
-			})(); err != nil {
-				return err
-			}
-
-			if err := s.withLabeledCommands(lifecyclePhaseProcess, s.encryptArchive)(); err != nil {
-				return err
-			}
-			if err := s.withLabeledCommands(lifecyclePhaseCopy, s.copyArchive)(); err != nil {
-				return err
-			}
-			if err := s.withLabeledCommands(lifecyclePhasePrune, s.pruneBackups)(); err != nil {
-				return err
-			}
-			return nil
-		}()
-
-		if hookErr := s.runHooks(scriptErr); hookErr != nil {
-			if scriptErr != nil {
-				return errwrap.Wrap(
-					nil,
-					fmt.Sprintf(
-						"error %v executing the script followed by %v calling the registered hooks",
-						scriptErr,
-						hookErr,
-					),
-				)
-			}
-			return errwrap.Wrap(
-				hookErr,
-				"the script ran successfully, but an error occurred calling the registered hooks",
-			)
-		}
-		if scriptErr != nil {
-			return errwrap.Wrap(scriptErr, "error running script")
-		}
-		return nil
-	}()
-}

cmd/backup/script.go

@@ -1,4 +1,4 @@
-// Copyright 2022 - offen.software <hioffen@posteo.de>
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 package main
@@ -6,13 +6,17 @@ package main
 import (
 	"bytes"
 	"fmt"
+	"io"
+	"io/fs"
 	"log/slog"
 	"os"
 	"path"
+	"path/filepath"
+	"slices"
+	"strings"
 	"text/template"
 	"time"
 
-	"github.com/offen/docker-volume-backup/internal/errwrap"
 	"github.com/offen/docker-volume-backup/internal/storage"
 	"github.com/offen/docker-volume-backup/internal/storage/azure"
 	"github.com/offen/docker-volume-backup/internal/storage/dropbox"
@@ -21,10 +25,13 @@ import (
 	"github.com/offen/docker-volume-backup/internal/storage/ssh"
 	"github.com/offen/docker-volume-backup/internal/storage/webdav"
 
+	openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
 	"github.com/containrrr/shoutrrr"
 	"github.com/containrrr/shoutrrr/pkg/router"
 	"github.com/docker/docker/client"
 	"github.com/leekchan/timeutil"
+	"github.com/otiai10/copy"
+	"golang.org/x/sync/errgroup"
 )
 
 // script holds all the stateful information required to orchestrate a
@@ -50,9 +57,9 @@ type script struct {
 // remote resources like the Docker engine or remote storage locations. All
 // reading from env vars or other configuration sources is expected to happen
 // in this method.
-func newScript(c *Config) *script {
+func newScript(c *Config) (*script, error) {
 	stdOut, logBuffer := buffer(os.Stdout)
-	return &script{
+	s := &script{
 		c:      c,
 		logger: slog.New(slog.NewTextHandler(stdOut, nil)),
 		stats: &Stats{
@@ -68,9 +75,7 @@ func newScript(c *Config) *script {
 			},
 		},
 	}
-}
 
-func (s *script) init() error {
 	s.registerHook(hookLevelPlumbing, func(error) error {
 		s.stats.EndTime = time.Now()
 		s.stats.TookTime = s.stats.EndTime.Sub(s.stats.StartTime)
@@ -81,19 +86,14 @@ func (s *script) init() error {
 
 	tmplFileName, tErr := template.New("extension").Parse(s.file)
 	if tErr != nil {
-		return errwrap.Wrap(tErr, "unable to parse backup file extension template")
+		return nil, fmt.Errorf("newScript: unable to parse backup file extension template: %w", tErr)
 	}
 
 	var bf bytes.Buffer
 	if tErr := tmplFileName.Execute(&bf, map[string]string{
-		"Extension": func() string {
-			if s.c.BackupCompression == "none" {
-				return "tar"
-			}
-			return fmt.Sprintf("tar.%s", s.c.BackupCompression)
-		}(),
+		"Extension": fmt.Sprintf("tar.%s", s.c.BackupCompression),
 	}); tErr != nil {
-		return errwrap.Wrap(tErr, "error executing backup file extension template")
+		return nil, fmt.Errorf("newScript: error executing backup file extension template: %w", tErr)
 	}
 	s.file = bf.String()
 
@@ -109,21 +109,17 @@ func (s *script) init() error {
 	if !os.IsNotExist(err) || dockerHostSet {
 		cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
 		if err != nil {
-			return errwrap.Wrap(err, "failed to create docker client")
+			return nil, fmt.Errorf("newScript: failed to create docker client")
 		}
 		s.cli = cli
-		s.registerHook(hookLevelPlumbing, func(err error) error {
-			if err := s.cli.Close(); err != nil {
-				return errwrap.Wrap(err, "failed to close docker client")
-			}
-			return nil
-		})
 	}
 
 	logFunc := func(logType storage.LogLevel, context string, msg string, params ...any) {
 		switch logType {
 		case storage.LogLevelWarning:
 			s.logger.Warn(fmt.Sprintf(msg, params...), "storage", context)
+		case storage.LogLevelError:
+			s.logger.Error(fmt.Sprintf(msg, params...), "storage", context)
 		default:
 			s.logger.Info(fmt.Sprintf(msg, params...), "storage", context)
 		}
@@ -145,7 +141,7 @@ func (s *script) init() error {
 		}
 		s3Backend, err := s3.NewStorageBackend(s3Config, logFunc)
 		if err != nil {
-			return errwrap.Wrap(err, "error creating s3 storage backend")
+			return nil, fmt.Errorf("newScript: error creating s3 storage backend: %w", err)
 		}
 		s.storages = append(s.storages, s3Backend)
 	}
@@ -160,7 +156,7 @@ func (s *script) init() error {
 		}
 		webdavBackend, err := webdav.NewStorageBackend(webDavConfig, logFunc)
 		if err != nil {
-			return errwrap.Wrap(err, "error creating webdav storage backend")
+			return nil, fmt.Errorf("newScript: error creating webdav storage backend: %w", err)
 		}
 		s.storages = append(s.storages, webdavBackend)
 	}
@@ -177,7 +173,7 @@ func (s *script) init() error {
 		}
 		sshBackend, err := ssh.NewStorageBackend(sshConfig, logFunc)
 		if err != nil {
-			return errwrap.Wrap(err, "error creating ssh storage backend")
+			return nil, fmt.Errorf("newScript: error creating ssh storage backend: %w", err)
 		}
 		s.storages = append(s.storages, sshBackend)
 	}
@@ -198,12 +194,10 @@ func (s *script) init() error {
 			PrimaryAccountKey: s.c.AzureStoragePrimaryAccountKey,
 			Endpoint:          s.c.AzureStorageEndpoint,
 			RemotePath:        s.c.AzureStoragePath,
-			ConnectionString:  s.c.AzureStorageConnectionString,
-			AccessTier:        s.c.AzureStorageAccessTier,
 		}
 		azureBackend, err := azure.NewStorageBackend(azureConfig, logFunc)
 		if err != nil {
-			return errwrap.Wrap(err, "error creating azure storage backend")
+			return nil, fmt.Errorf("newScript: error creating azure storage backend: %w", err)
 		}
 		s.storages = append(s.storages, azureBackend)
 	}
@@ -220,7 +214,7 @@ func (s *script) init() error {
 		}
 		dropboxBackend, err := dropbox.NewStorageBackend(dropboxConfig, logFunc)
 		if err != nil {
-			return errwrap.Wrap(err, "error creating dropbox storage backend")
+			return nil, fmt.Errorf("newScript: error creating dropbox storage backend: %w", err)
 		}
 		s.storages = append(s.storages, dropboxBackend)
 	}
@@ -246,14 +240,14 @@ func (s *script) init() error {
 
 	hookLevel, ok := hookLevels[s.c.NotificationLevel]
 	if !ok {
-		return errwrap.Wrap(nil, fmt.Sprintf("unknown NOTIFICATION_LEVEL %s", s.c.NotificationLevel))
+		return nil, fmt.Errorf("newScript: unknown NOTIFICATION_LEVEL %s", s.c.NotificationLevel)
 	}
 	s.hookLevel = hookLevel
 
 	if len(s.c.NotificationURLs) > 0 {
 		sender, senderErr := shoutrrr.CreateSender(s.c.NotificationURLs...)
 		if senderErr != nil {
-			return errwrap.Wrap(senderErr, "error creating sender")
+			return nil, fmt.Errorf("newScript: error creating sender: %w", senderErr)
 		}
 		s.sender = sender
 
@@ -261,13 +255,13 @@ func (s *script) init() error {
 		tmpl.Funcs(templateHelpers)
 		tmpl, err = tmpl.Parse(defaultNotifications)
 		if err != nil {
-			return errwrap.Wrap(err, "unable to parse default notifications templates")
+			return nil, fmt.Errorf("newScript: unable to parse default notifications templates: %w", err)
 		}
 
 		if fi, err := os.Stat("/etc/dockervolumebackup/notifications.d"); err == nil && fi.IsDir() {
 			tmpl, err = tmpl.ParseGlob("/etc/dockervolumebackup/notifications.d/*.*")
 			if err != nil {
-				return errwrap.Wrap(err, "unable to parse user defined notifications templates")
+				return nil, fmt.Errorf("newScript: unable to parse user defined notifications templates: %w", err)
 			}
 		}
 		s.template = tmpl
@@ -288,5 +282,211 @@ func (s *script) init() error {
 		})
 	}
 
+	return s, nil
+}
+
+// createArchive creates a tar archive of the configured backup location and
+// saves it to disk.
+func (s *script) createArchive() error {
+	backupSources := s.c.BackupSources
+
+	if s.c.BackupFromSnapshot {
+		s.logger.Warn(
+			"Using BACKUP_FROM_SNAPSHOT has been deprecated and will be removed in the next major version.",
+		)
+		s.logger.Warn(
+			"Please use `archive-pre` and `archive-post` commands to prepare your backup sources. Refer to the documentation for an upgrade guide.",
+		)
+		backupSources = filepath.Join("/tmp", s.c.BackupSources)
+		// copy before compressing guard against a situation where backup folder's content are still growing.
+		s.registerHook(hookLevelPlumbing, func(error) error {
+			if err := remove(backupSources); err != nil {
+				return fmt.Errorf("createArchive: error removing snapshot: %w", err)
+			}
+			s.logger.Info(
+				fmt.Sprintf("Removed snapshot `%s`.", backupSources),
+			)
+			return nil
+		})
+		if err := copy.Copy(s.c.BackupSources, backupSources, copy.Options{
+			PreserveTimes: true,
+			PreserveOwner: true,
+		}); err != nil {
+			return fmt.Errorf("createArchive: error creating snapshot: %w", err)
+		}
+		s.logger.Info(
+			fmt.Sprintf("Created snapshot of `%s` at `%s`.", s.c.BackupSources, backupSources),
+		)
+	}
+
+	tarFile := s.file
+	s.registerHook(hookLevelPlumbing, func(error) error {
+		if err := remove(tarFile); err != nil {
+			return fmt.Errorf("createArchive: error removing tar file: %w", err)
+		}
+		s.logger.Info(
+			fmt.Sprintf("Removed tar file `%s`.", tarFile),
+		)
+		return nil
+	})
+
+	backupPath, err := filepath.Abs(stripTrailingSlashes(backupSources))
+	if err != nil {
+		return fmt.Errorf("createArchive: error getting absolute path: %w", err)
+	}
+
+	var filesEligibleForBackup []string
+	if err := filepath.WalkDir(backupPath, func(path string, di fs.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+
+		if s.c.BackupExcludeRegexp.Re != nil && s.c.BackupExcludeRegexp.Re.MatchString(path) {
+			return nil
+		}
+		filesEligibleForBackup = append(filesEligibleForBackup, path)
+		return nil
+	}); err != nil {
+		return fmt.Errorf("createArchive: error walking filesystem tree: %w", err)
+	}
+
+	if err := createArchive(filesEligibleForBackup, backupSources, tarFile, s.c.BackupCompression.String(), s.c.GzipParallelism.Int()); err != nil {
+		return fmt.Errorf("createArchive: error compressing backup folder: %w", err)
+	}
+
+	s.logger.Info(
+		fmt.Sprintf("Created backup of `%s` at `%s`.", backupSources, tarFile),
+	)
 	return nil
 }
+
+// encryptArchive encrypts the backup file using PGP and the configured passphrase.
+// In case no passphrase is given it returns early, leaving the backup file
+// untouched.
+func (s *script) encryptArchive() error {
+	if s.c.GpgPassphrase == "" {
+		return nil
+	}
+
+	gpgFile := fmt.Sprintf("%s.gpg", s.file)
+	s.registerHook(hookLevelPlumbing, func(error) error {
+		if err := remove(gpgFile); err != nil {
+			return fmt.Errorf("encryptArchive: error removing gpg file: %w", err)
+		}
+		s.logger.Info(
+			fmt.Sprintf("Removed GPG file `%s`.", gpgFile),
+		)
+		return nil
+	})
+
+	outFile, err := os.Create(gpgFile)
+	if err != nil {
+		return fmt.Errorf("encryptArchive: error opening out file: %w", err)
+	}
+	defer outFile.Close()
+
+	_, name := path.Split(s.file)
+	dst, err := openpgp.SymmetricallyEncrypt(outFile, []byte(s.c.GpgPassphrase), &openpgp.FileHints{
+		FileName: name,
+	}, nil)
+	if err != nil {
+		return fmt.Errorf("encryptArchive: error encrypting backup file: %w", err)
+	}
+	defer dst.Close()
+
+	src, err := os.Open(s.file)
+	if err != nil {
+		return fmt.Errorf("encryptArchive: error opening backup file `%s`: %w", s.file, err)
+	}
+
+	if _, err := io.Copy(dst, src); err != nil {
+		return fmt.Errorf("encryptArchive: error writing ciphertext to file: %w", err)
+	}
+
+	s.file = gpgFile
+	s.logger.Info(
+		fmt.Sprintf("Encrypted backup using given passphrase, saving as `%s`.", s.file),
+	)
+	return nil
+}
+
+// copyArchive makes sure the backup file is copied to both local and remote locations
+// as per the given configuration.
+func (s *script) copyArchive() error {
+	_, name := path.Split(s.file)
+	if stat, err := os.Stat(s.file); err != nil {
+		return fmt.Errorf("copyArchive: unable to stat backup file: %w", err)
+	} else {
+		size := stat.Size()
+		s.stats.BackupFile = BackupFileStats{
+			Size:     uint64(size),
+			Name:     name,
+			FullPath: s.file,
+		}
+	}
+
+	eg := errgroup.Group{}
+	for _, backend := range s.storages {
+		b := backend
+		eg.Go(func() error {
+			return b.Copy(s.file)
+		})
+	}
+	if err := eg.Wait(); err != nil {
+		return fmt.Errorf("copyArchive: error copying archive: %w", err)
+	}
+
+	return nil
+}
+
+// pruneBackups rotates away backups from local and remote storages using
+// the given configuration. In case the given configuration would delete all
+// backups, it does nothing instead and logs a warning.
+func (s *script) pruneBackups() error {
+	if s.c.BackupRetentionDays < 0 {
+		return nil
+	}
+
+	deadline := time.Now().AddDate(0, 0, -int(s.c.BackupRetentionDays)).Add(s.c.BackupPruningLeeway)
+
+	eg := errgroup.Group{}
+	for _, backend := range s.storages {
+		b := backend
+		eg.Go(func() error {
+			if skipPrune(b.Name(), s.c.BackupSkipBackendsFromPrune) {
+				s.logger.Info(
+					fmt.Sprintf("Skipping pruning for backend `%s`.", b.Name()),
+				)
+				return nil
+			}
+			stats, err := b.Prune(deadline, s.c.BackupPruningPrefix)
+			if err != nil {
+				return err
+			}
+			s.stats.Lock()
+			s.stats.Storages[b.Name()] = StorageStats{
+				Total:  stats.Total,
+				Pruned: stats.Pruned,
+			}
+			s.stats.Unlock()
+			return nil
+		})
+	}
+
+	if err := eg.Wait(); err != nil {
+		return fmt.Errorf("pruneBackups: error pruning backups: %w", err)
+	}
+
+	return nil
+}
+
+// skipPrune returns true if the given backend name is contained in the
+// list of skipped backends.
+func skipPrune(name string, skippedBackends []string) bool {
+	return slices.ContainsFunc(
+		skippedBackends,
+		func(b string) bool {
+			return strings.EqualFold(b, name) // ignore case on both sides
+		},
+	)
+}

cmd/backup/stats.go

@@ -1,4 +1,4 @@
-// Copyright 2022 - offen.software <hioffen@posteo.de>
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 package main

cmd/backup/stop_restart.go

@@ -1,6 +1,3 @@
-// Copyright 2024 - offen.software <hioffen@posteo.de>
-// SPDX-License-Identifier: MPL-2.0
-
 package main
 
 import (
@@ -14,31 +11,28 @@ import (
 
 	"github.com/docker/cli/cli/command/service/progress"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
 	ctr "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/api/types/system"
 	"github.com/docker/docker/client"
-	"github.com/offen/docker-volume-backup/internal/errwrap"
 )
 
 func scaleService(cli *client.Client, serviceID string, replicas uint64) ([]string, error) {
 	service, _, err := cli.ServiceInspectWithRaw(context.Background(), serviceID, types.ServiceInspectOptions{})
 	if err != nil {
-		return nil, errwrap.Wrap(err, fmt.Sprintf("error inspecting service %s", serviceID))
+		return nil, fmt.Errorf("scaleService: error inspecting service %s: %w", serviceID, err)
 	}
 	serviceMode := &service.Spec.Mode
 	switch {
 	case serviceMode.Replicated != nil:
 		serviceMode.Replicated.Replicas = &replicas
 	default:
-		return nil, errwrap.Wrap(nil, fmt.Sprintf("service to be scaled %s has to be in replicated mode", service.Spec.Name))
+		return nil, fmt.Errorf("scaleService: service to be scaled %s has to be in replicated mode", service.Spec.Name)
 	}
 
 	response, err := cli.ServiceUpdate(context.Background(), service.ID, service.Version, service.Spec, types.ServiceUpdateOptions{})
 	if err != nil {
-		return nil, errwrap.Wrap(err, "error updating service")
+		return nil, fmt.Errorf("scaleService: error updating service: %w", err)
 	}
 
 	discardWriter := &noopWriteCloser{io.Discard}
@@ -57,24 +51,21 @@ func awaitContainerCountForService(cli *client.Client, serviceID string, count i
 	for {
 		select {
 		case <-timeout.C:
-			return errwrap.Wrap(
-				nil,
-				fmt.Sprintf(
-					"timed out after waiting %s for service %s to reach desired container count of %d",
-					timeoutAfter,
-					serviceID,
-					count,
-				),
+			return fmt.Errorf(
+				"awaitContainerCount: timed out after waiting %s for service %s to reach desired container count of %d",
+				timeoutAfter,
+				serviceID,
+				count,
 			)
 		case <-poll.C:
-			containers, err := cli.ContainerList(context.Background(), container.ListOptions{
+			containers, err := cli.ContainerList(context.Background(), types.ContainerListOptions{
 				Filters: filters.NewArgs(filters.KeyValuePair{
 					Key:   "label",
 					Value: fmt.Sprintf("com.docker.swarm.service.id=%s", serviceID),
 				}),
 			})
 			if err != nil {
-				return errwrap.Wrap(err, "error listing containers")
+				return fmt.Errorf("awaitContainerCount: error listing containers: %w", err)
 			}
 			if len(containers) == count {
 				return nil
@@ -83,16 +74,6 @@ func awaitContainerCountForService(cli *client.Client, serviceID string, count i
 	}
 }
 
-func isSwarm(c interface {
-	Info(context.Context) (system.Info, error)
-}) (bool, error) {
-	info, err := c.Info(context.Background())
-	if err != nil {
-		return false, errwrap.Wrap(err, "error getting docker info")
-	}
-	return info.Swarm.LocalNodeState != "" && info.Swarm.LocalNodeState != swarm.LocalNodeStateInactive, nil
-}
-
 // stopContainersAndServices stops all Docker containers that are marked as to being
 // stopped during the backup and returns a function that can be called to
 // restart everything that has been stopped.
@@ -101,10 +82,11 @@ func (s *script) stopContainersAndServices() (func() error, error) {
 		return noop, nil
 	}
 
-	isDockerSwarm, err := isSwarm(s.cli)
+	dockerInfo, err := s.cli.Info(context.Background())
 	if err != nil {
-		return noop, errwrap.Wrap(err, "error determining swarm state")
+		return noop, fmt.Errorf("(*script).stopContainersAndServices: error getting docker info: %w", err)
 	}
+	isDockerSwarm := dockerInfo.Swarm.LocalNodeState != "inactive"
 
 	labelValue := s.c.BackupStopDuringBackupLabel
 	if s.c.BackupStopContainerLabel != "" {
@@ -115,7 +97,7 @@ func (s *script) stopContainersAndServices() (func() error, error) {
 			"Please use BACKUP_STOP_DURING_BACKUP_LABEL instead. Refer to the docs for an upgrade guide.",
 		)
 		if _, ok := os.LookupEnv("BACKUP_STOP_DURING_BACKUP_LABEL"); ok {
-			return noop, errwrap.Wrap(nil, "both BACKUP_STOP_DURING_BACKUP_LABEL and BACKUP_STOP_CONTAINER_LABEL have been set, cannot continue")
+			return noop, errors.New("(*script).stopContainersAndServices: both BACKUP_STOP_DURING_BACKUP_LABEL and BACKUP_STOP_CONTAINER_LABEL have been set, cannot continue")
 		}
 		labelValue = s.c.BackupStopContainerLabel
 	}
@@ -125,18 +107,18 @@ func (s *script) stopContainersAndServices() (func() error, error) {
 		labelValue,
 	)
 
-	allContainers, err := s.cli.ContainerList(context.Background(), container.ListOptions{})
+	allContainers, err := s.cli.ContainerList(context.Background(), types.ContainerListOptions{})
 	if err != nil {
-		return noop, errwrap.Wrap(err, "error querying for containers")
+		return noop, fmt.Errorf("(*script).stopContainersAndServices: error querying for containers: %w", err)
 	}
-	containersToStop, err := s.cli.ContainerList(context.Background(), container.ListOptions{
+	containersToStop, err := s.cli.ContainerList(context.Background(), types.ContainerListOptions{
 		Filters: filters.NewArgs(filters.KeyValuePair{
 			Key:   "label",
 			Value: filterMatchLabel,
 		}),
 	})
 	if err != nil {
-		return noop, errwrap.Wrap(err, "error querying for containers to stop")
+		return noop, fmt.Errorf("(*script).stopContainersAndServices: error querying for containers to stop: %w", err)
 	}
 
 	var allServices []swarm.Service
@@ -144,7 +126,7 @@ func (s *script) stopContainersAndServices() (func() error, error) {
 	if isDockerSwarm {
 		allServices, err = s.cli.ServiceList(context.Background(), types.ServiceListOptions{})
 		if err != nil {
-			return noop, errwrap.Wrap(err, "error querying for services")
+			return noop, fmt.Errorf("(*script).stopContainersAndServices: error querying for services: %w", err)
 		}
 		matchingServices, err := s.cli.ServiceList(context.Background(), types.ServiceListOptions{
 			Filters: filters.NewArgs(filters.KeyValuePair{
@@ -153,21 +135,15 @@ func (s *script) stopContainersAndServices() (func() error, error) {
 			}),
 			Status: true,
 		})
-		if err != nil {
-			return noop, errwrap.Wrap(err, "error querying for services to scale down")
-		}
 		for _, s := range matchingServices {
-			if s.Spec.Mode.Replicated == nil {
-				return noop, errwrap.Wrap(
-					nil,
-					fmt.Sprintf("only replicated services can be restarted, but found a label on service %s", s.Spec.Name),
-				)
-			}
 			servicesToScaleDown = append(servicesToScaleDown, handledSwarmService{
 				serviceID:           s.ID,
 				initialReplicaCount: *s.Spec.Mode.Replicated.Replicas,
 			})
 		}
+		if err != nil {
+			return noop, fmt.Errorf("(*script).stopContainersAndServices: error querying for services to scale down: %w", err)
+		}
 	}
 
 	if len(containersToStop) == 0 && len(servicesToScaleDown) == 0 {
@@ -179,17 +155,14 @@ func (s *script) stopContainersAndServices() (func() error, error) {
 			if swarmServiceID, ok := container.Labels["com.docker.swarm.service.id"]; ok {
 				parentService, _, err := s.cli.ServiceInspectWithRaw(context.Background(), swarmServiceID, types.ServiceInspectOptions{})
 				if err != nil {
-					return noop, errwrap.Wrap(err, fmt.Sprintf("error querying for parent service with ID %s", swarmServiceID))
+					return noop, fmt.Errorf("(*script).stopContainersAndServices: error querying for parent service with ID %s: %w", swarmServiceID, err)
 				}
 				for label := range parentService.Spec.Labels {
 					if label == "docker-volume-backup.stop-during-backup" {
-						return noop, errwrap.Wrap(
-							nil,
-							fmt.Sprintf(
-								"container %s is labeled to stop but has parent service %s which is also labeled, cannot continue",
-								container.Names[0],
-								parentService.Spec.Name,
-							),
+						return noop, fmt.Errorf(
+							"(*script).stopContainersAndServices: container %s is labeled to stop but has parent service %s which is also labeled, cannot continue",
+							container.Names[0],
+							parentService.Spec.Name,
 						)
 					}
 				}
@@ -272,12 +245,10 @@ func (s *script) stopContainersAndServices() (func() error, error) {
 	var initialErr error
 	allErrors := append(stopErrors, scaleDownErrors.value()...)
 	if len(allErrors) != 0 {
-		initialErr = errwrap.Wrap(
+		initialErr = fmt.Errorf(
+			"(*script).stopContainersAndServices: %d error(s) stopping containers: %w",
+			len(allErrors),
 			errors.Join(allErrors...),
-			fmt.Sprintf(
-				"%d error(s) stopping containers",
-				len(allErrors),
-			),
 		)
 	}
 
@@ -297,7 +268,7 @@ func (s *script) stopContainersAndServices() (func() error, error) {
 				if err != nil {
 					restartErrors = append(
 						restartErrors,
-						errwrap.Wrap(err, "error looking up parent service"),
+						fmt.Errorf("(*script).stopContainersAndServices: error looking up parent service: %w", err),
 					)
 					continue
 				}
@@ -311,7 +282,7 @@ func (s *script) stopContainersAndServices() (func() error, error) {
 				continue
 			}
 
-			if err := s.cli.ContainerStart(context.Background(), container.ID, ctr.StartOptions{}); err != nil {
+			if err := s.cli.ContainerStart(context.Background(), container.ID, types.ContainerStartOptions{}); err != nil {
 				restartErrors = append(restartErrors, err)
 			}
 		}
@@ -340,12 +311,10 @@ func (s *script) stopContainersAndServices() (func() error, error) {
 
 		allErrors := append(restartErrors, scaleUpErrors.value()...)
 		if len(allErrors) != 0 {
-			return errwrap.Wrap(
+			return fmt.Errorf(
+				"(*script).stopContainersAndServices: %d error(s) restarting containers and services: %w",
+				len(allErrors),
 				errors.Join(allErrors...),
-				fmt.Sprintf(
-					"%d error(s) restarting containers and services",
-					len(allErrors),
-				),
 			)
 		}
 

cmd/backup/stop_restart_test.go

@@ -1,85 +0,0 @@
-package main
-
-import (
-	"context"
-	"errors"
-	"testing"
-
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/api/types/system"
-)
-
-type mockInfoClient struct {
-	result system.Info
-	err    error
-}
-
-func (m *mockInfoClient) Info(context.Context) (system.Info, error) {
-	return m.result, m.err
-}
-
-func TestIsSwarm(t *testing.T) {
-	tests := []struct {
-		name        string
-		client      *mockInfoClient
-		expected    bool
-		expectError bool
-	}{
-		{
-			"swarm",
-			&mockInfoClient{
-				result: system.Info{
-					Swarm: swarm.Info{
-						LocalNodeState: swarm.LocalNodeStateActive,
-					},
-				},
-			},
-			true,
-			false,
-		},
-		{
-			"compose",
-			&mockInfoClient{
-				result: system.Info{
-					Swarm: swarm.Info{
-						LocalNodeState: swarm.LocalNodeStateInactive,
-					},
-				},
-			},
-			false,
-			false,
-		},
-		{
-			"balena",
-			&mockInfoClient{
-				result: system.Info{
-					Swarm: swarm.Info{
-						LocalNodeState: "",
-					},
-				},
-			},
-			false,
-			false,
-		},
-		{
-			"error",
-			&mockInfoClient{
-				err: errors.New("the dinosaurs escaped"),
-			},
-			false,
-			true,
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			result, err := isSwarm(test.client)
-			if (err != nil) != test.expectError {
-				t.Errorf("Unexpected error value %v", err)
-			}
-			if test.expected != result {
-				t.Errorf("Expected %v, got %v", test.expected, result)
-			}
-		})
-	}
-}

cmd/backup/testdata/braces.env

@@ -1,3 +0,0 @@
-FOO=${bar:-qux}
-BAR=xxx
-BAZ=$NOPE

cmd/backup/testdata/comments.env

@@ -1,7 +0,0 @@
-# This is a comment about `why` things are here
-# FOO="${bar:-qux}"
- # e.g. `backup-$HOSTNAME-%Y-%m-%dT%H-%M-%S.tar.gz`. Expansion happens before`
-
-BAR=xxx
-
-BAZ=$QUX

cmd/backup/testdata/default.env

@@ -1,2 +0,0 @@
-FOO=bar
-BAZ=qux

cmd/backup/testdata/expansion.env

@@ -1,4 +0,0 @@
-BAR=xxx
-FOO=${BAR}
-BAZ=$BAR
-QUX=${QUX}

cmd/backup/util.go

@@ -1,4 +1,4 @@
-// Copyright 2022 - offen.software <hioffen@posteo.de>
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 package main
@@ -9,10 +9,6 @@ import (
 	"io"
 	"os"
 	"sync"
-	"time"
-
-	"github.com/offen/docker-volume-backup/internal/errwrap"
-	"github.com/robfig/cron/v3"
 )
 
 var noop = func() error { return nil }
@@ -24,7 +20,7 @@ func remove(location string) error {
 		if os.IsNotExist(err) {
 			return nil
 		}
-		return errwrap.Wrap(err, fmt.Sprintf("error checking for existence of `%s`", location))
+		return fmt.Errorf("remove: error checking for existence of `%s`: %w", location, err)
 	}
 	if fi.IsDir() {
 		err = os.RemoveAll(location)
@@ -32,7 +28,7 @@ func remove(location string) error {
 		err = os.Remove(location)
 	}
 	if err != nil {
-		return errwrap.Wrap(err, fmt.Sprintf("error removing `%s", location))
+		return fmt.Errorf("remove: error removing `%s`: %w", location, err)
 	}
 	return nil
 }
@@ -51,7 +47,7 @@ type bufferingWriter struct {
 
 func (b *bufferingWriter) Write(p []byte) (n int, err error) {
 	if n, err := b.buf.Write(p); err != nil {
-		return n, errwrap.Wrap(err, "error writing to buffer")
+		return n, fmt.Errorf("(*bufferingWriter).Write: error writing to buffer: %w", err)
 	}
 	return b.writer.Write(p)
 }
@@ -83,22 +79,3 @@ func (c *concurrentSlice[T]) append(v T) {
 func (c *concurrentSlice[T]) value() []T {
 	return c.val
 }
-
-// checkCronSchedule detects whether the given cron expression will actually
-// ever be executed or not.
-func checkCronSchedule(expression string) (ok bool) {
-	defer func() {
-		if err := recover(); err != nil {
-			ok = false
-		}
-	}()
-	sched, err := cron.ParseStandard(expression)
-	if err != nil {
-		ok = false
-		return
-	}
-	now := time.Now()
-	sched.Next(now) // panics when the cron would never run
-	ok = true
-	return
-}

docs/Gemfile.lock

@@ -59,13 +59,11 @@ GEM
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rexml (3.3.3)
-      strscan
+    rexml (3.2.6)
     rouge (3.30.0)
     safe_yaml (1.0.5)
     sassc (2.4.0)
       ffi (~> 1.9)
-    strscan (3.1.0)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
     unicode-display_width (2.4.2)

docs/_config.yml

@@ -30,6 +30,6 @@ nav_external_links:
     url: https://github.com/offen/docker-volume-backup
 
 footer_content: >-
-  Copyright &copy; 2024 <a target="_blank" href="https://www.offen.software">offen.software</a> and contributors.
+  Copyright &copy; 2021 Offen Authors and contributors.
   Distributed under the <a href="https://github.com/offen/docker-volume-backup/tree/main/LICENSE">MPL-2.0 License.</a><br>
   Something missing, unclear or not working? Open <a href="https://github.com/offen/docker-volume-backup/issues">an issue</a>.

docs/how-tos/encrypt-backups-using-gpg.md

@@ -3,7 +3,15 @@ title: Encrypt backups using GPG
 layout: default
 parent: How Tos
 nav_order: 7
-nav_exclude: true
 ---
 
-See: [Encrypt Backups](encrypt-backups)
+# Encrypt backups using GPG
+
+The image supports encrypting backups using GPG out of the box.
+In case a `GPG_PASSPHRASE` environment variable is set, the backup archive will be encrypted using the given key and saved as a `.gpg` file instead.
+
+Assuming you have `gpg` installed, you can decrypt such a backup using (your OS will prompt for the passphrase before decryption can happen):
+
+```console
+gpg -o backup.tar.gz -d backup.tar.gz.gpg
+```

docs/how-tos/encrypt-backups.md

@@ -1,28 +0,0 @@
----
-title: Encrypting backups
-layout: default
-parent: How Tos
-nav_order: 7
----
-
-# Encrypting backups
-
-The image supports encrypting backups using one of two available methods: **GPG** or **[age](https://age-encryption.org/)**
-
-## Using GPG encryption
-
-In case a `GPG_PASSPHRASE` or `GPG_PUBLIC_KEY_RING` environment variable is set, the backup archive will be encrypted using the given key and saved as a `.gpg` file instead.
-
-Assuming you have `gpg` installed, you can decrypt such a backup using (your OS will prompt for the passphrase before decryption can happen):
-
-```console
-gpg -o backup.tar.gz -d backup.tar.gz.gpg
-```
-
-## Using age encryption
-
-age allows backups to be encrypted with either a symmetric key (password) or a public key. One of those options are available for use.
-
-Given `AGE_PASSPHRASE` being provided, the backup archive will be encrypted with the passphrase and saved as a `.age` file instead. Refer to age documentation for how to properly decrypt.
-
-Given `AGE_PUBLIC_KEYS` being provided (allowing multiple by separating each public key with `,`), the backup archive will be encrypted with the provided public keys. It will also result in the archive being saved as a `.age` file.

docs/how-tos/replace-deprecated-backup-from-snapshot.md

@@ -2,7 +2,7 @@
 title: Replace deprecated BACKUP_FROM_SNAPSHOT usage
 layout: default
 parent: How Tos
-nav_order: 17
+nav_order: 16
 ---
 
 # Replace deprecated `BACKUP_FROM_SNAPSHOT` usage

docs/how-tos/replace-deprecated-backup-stop-container-label.md

@@ -2,7 +2,7 @@
 title: Replace deprecated BACKUP_STOP_CONTAINER_LABEL setting
 layout: default
 parent: How Tos
-nav_order: 20
+nav_order: 19
 ---
 
 # Replace deprecated `BACKUP_STOP_CONTAINER_LABEL` setting

docs/how-tos/replace-deprecated-exec-labels.md

@@ -2,7 +2,7 @@
 title: Replace deprecated exec-pre and exec-post labels
 layout: default
 parent: How Tos
-nav_order: 18
+nav_order: 17
 ---
 
 # Replace deprecated `exec-pre` and `exec-post` labels

docs/how-tos/run-custom-commands.md

@@ -9,11 +9,6 @@ parent: How Tos
 
 In certain scenarios it can be required to run specific commands before and after a backup is taken (e.g. dumping a database).
 When mounting the Docker socket into the `docker-volume-backup` container, you can define pre- and post-commands that will be run in the context of the target container (it is also possible to run commands inside the `docker-volume-backup` container itself using this feature).
-
-{: .important }
-In a multi-node Swarm setup, commands can currently only be run on the node the `offen/docker-volume-backup` container is running on.
-Labeled containers on other nodes are not visible to the backup command.
-
 Such commands are defined by specifying the command in a `docker-volume-backup.[step]-[pre|post]` label where `step` can be any of the following phases of a backup lifecycle:
 
 - `archive` (the tar archive is created)
@@ -51,10 +46,6 @@ If you have more than one `docker-volume-backup` container (possibly across seve
 multiple backup schedules, you will need to use `EXEC_LABEL` in the configuration and a `docker-volume-backup.exec-label` label on each
 container using custom commands to ensure that the commands are only run by the correct `docker-volume-backup` instance.
 
-{: .important }
-In case you use `EXEC_LABEL` together with configuration mounted from `conf.d` it's important to understand that a distinct `EXEC_LABEL` __should be set in each configuration__.
-Else, schedules that do not specify an `EXEC_LABEL` will still trigger commands on all containers with such labels, no matter whether they specify `docker-volume-backup.exec-label` or not.
-
 ```yml
 version: '3'
 

docs/how-tos/set-up-notifications.md

@@ -25,7 +25,7 @@ services:
 Notification backends other than email are also supported.
 Refer to the documentation of [shoutrrr][shoutrrr-docs] to find out about options and configuration.
 
-[shoutrrr-docs]: https://containrrr.dev/shoutrrr/v0.8/services/overview/
+[shoutrrr-docs]: https://containrrr.dev/shoutrrr/0.7/services/overview/
 
 {: .note }
 If you also want notifications on successful executions, set `NOTIFICATION_LEVEL` to `info`.

docs/how-tos/update-deprecated-email-config.md

@@ -2,7 +2,7 @@
 title: Update deprecated email configuration
 layout: default
 parent: How Tos
-nav_order: 19
+nav_order: 18
 ---
 
 # Update deprecated email configuration

docs/how-tos/use-as-non-root.md

@@ -1,36 +0,0 @@
----
-title: Use the image as a non-root user
-layout: default
-parent: How Tos
-nav_order: 16
----
-
-# Use the image as a non-root user
-
-{: .important }
-Running as a non-root user limits interaction with the Docker Daemon.
-If you want to stop and restart containers and services during backup, and the host's Docker daemon is running as root, you will also need to run this tool as root.
-
-By default, this image executes backups using the `root` user.
-In case you prefer to use a different user, you can use Docker's [`user`](https://docs.docker.com/engine/reference/run/#user) option, passing the user and group id:
-
-```console
-docker run --rm \
-  -v data:/backup/data \
-  --env AWS_ACCESS_KEY_ID="<xxx>" \
-  --env AWS_SECRET_ACCESS_KEY="<xxx>" \
-  --env AWS_S3_BUCKET_NAME="<xxx>" \
-  --entrypoint backup \
-  --user 1000:1000 \
-  offen/docker-volume-backup:v2
-```
-
-or in a compose file:
-
-```yml
-services:
-  backup:
-    image: offen/docker-volume-backup:v2
-    user: 1000:1000
-    # further configuration omitted ...
-```

docs/index.md

@@ -88,7 +88,7 @@ docker run --rm \
 
 Alternatively, pass a `--env-file` in order to use a full config as described below.
 
-## Available image registries
+### Available image registries
 
 This Docker image is published to both Docker Hub and the GitHub container registry.
 Depending on your preferences and needs, you can reference both `offen/docker-volume-backup` as well as `ghcr.io/offen/docker-volume-backup`:
@@ -100,11 +100,6 @@ docker pull ghcr.io/offen/docker-volume-backup:v2
 
 Documentation references Docker Hub, but all examples will work using ghcr.io just as well.
 
-## Supported Engines
-
-This tool is developed and tested against the Docker CE engine exclusively.
-While it may work against different implementations (e.g. Balena Engine), there are no guarantees about support for non-Docker engines.
-
 ## Differences to `jareware/docker-volume-backup`
 
 This image is heavily inspired by `jareware/docker-volume-backup`. We decided to publish this image as a simpler and more lightweight alternative because of the following requirements:

docs/recipes/index.md

@@ -289,7 +289,7 @@ volumes:
   data:
 ```
 
-## Encrypting your backups symmetrically using GPG
+## Encrypting your backups using GPG
 
 ```yml
 version: '3'
@@ -311,33 +311,6 @@ volumes:
   data:
 ```
 
-## Encrypting your backups asymmetrically using GPG
-
-```yml
-version: '3'
-
-services:
-  # ... define other services using the `data` volume here
-  backup:
-    image: offen/docker-volume-backup:v2
-    environment:
-      AWS_S3_BUCKET_NAME: backup-bucket
-      AWS_ACCESS_KEY_ID: AKIAIOSFODNN7EXAMPLE
-      AWS_SECRET_ACCESS_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-      GPG_PUBLIC_KEY_RING: | 
-        -----BEGIN PGP PUBLIC KEY BLOCK-----
-
-        D/cIHu6GH/0ghlcUVSbgMg5RRI5QKNNKh04uLAPxr75mKwUg0xPUaWgyyrAChVBi
-        ...
-        -----END PGP PUBLIC KEY BLOCK-----
-    volumes:
-      - data:/backup/my-app-backup:ro
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-
-volumes:
-  data:
-```
-
 ## Using mysqldump to prepare the backup
 
 ```yml
@@ -398,24 +371,3 @@ volumes:
   data_1:
   data_2:
 ```
-
-## Running as a non-root user
-
-```yml
-version: '3'
-
-services:
-  # ... define other services using the `data` volume here
-  backup:
-    image: offen/docker-volume-backup:v2
-    user: 1000:1000
-    environment:
-      AWS_S3_BUCKET_NAME: backup-bucket
-      AWS_ACCESS_KEY_ID: AKIAIOSFODNN7EXAMPLE
-      AWS_SECRET_ACCESS_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-    volumes:
-      - data:/backup/my-app-backup:ro
-
-volumes:
-  data:
-```

docs/reference/index.md

@@ -43,8 +43,8 @@ You can populate below template according to your requirements and use it as you
 # BACKUP_CRON_EXPRESSION="0 2 * * *"
 
 # The compression algorithm used in conjunction with tar.
-# Valid options are: "gz" (Gzip), "zst" (Zstd) or "none" (tar only).
-# Default is "gz". Note that the selection affects the file extension.
+# Valid options are: "gz" (Gzip) and "zst" (Zstd).
+# Note that the selection affects the file extension.
 
 # BACKUP_COMPRESSION="gz"
 
@@ -60,7 +60,7 @@ You can populate below template according to your requirements and use it as you
 # will result in the same filename for every backup run, which means previous
 # versions will be overwritten on subsequent runs.
 # Extension can be defined literally or via "{{ .Extension }}" template,
-# in which case it will become either "tar.gz", "tar.zst" or ".tar" (depending
+# in which case it will become either "tar.gz" or "tar.zst" (depending
 # on your BACKUP_COMPRESSION setting).
 # The default results in filenames like: `backup-2021-08-29T04-00-00.tar.gz`.
 
@@ -245,17 +245,10 @@ You can populate below template according to your requirements and use it as you
 # AZURE_STORAGE_ACCOUNT_NAME="account-name"
 
 # The credential's primary account key when using Azure Blob Storage. If this
-# is not given, the command tries to fall back to using a connection string
-# (if given) or a managed identity (if nothing is given).
+# is not given, the command tries to fall back to using a managed identity.
 
 # AZURE_STORAGE_PRIMARY_ACCOUNT_KEY="<xxx>"
 
-# A connection string for accessing Azure Blob Storage. If this
-# is not given, the command tries to fall back to using a primary account key
-# (if given) or a managed identity (if nothing is given).
-
-# AZURE_STORAGE_CONNECTION_STRING="<xxx>"
-
 # The container name when using Azure Blob Storage.
 
 # AZURE_STORAGE_CONTAINER_NAME="container-name"
@@ -269,11 +262,6 @@ You can populate below template according to your requirements and use it as you
 # Note: Use your app's subpath in Dropbox, if it doesn't have global access.
 # Consulte the README for further information.
 
-# The access tier when using Azure Blob Storage. Possible values are
-# https://github.com/Azure/azure-sdk-for-go/blob/sdk/storage/azblob/v1.3.2/sdk/storage/azblob/internal/generated/zz_constants.go#L14-L30
-
-# AZURE_STORAGE_ACCESS_TIER="Cold"
-
 # DROPBOX_REMOTE_PATH="/my/directory"
 
 # Number of concurrent chunked uploads for Dropbox.
@@ -337,19 +325,10 @@ You can populate below template according to your requirements and use it as you
 
 ########### BACKUP ENCRYPTION
 
-# Backups can be encrypted symmetrically using gpg in case a passphrase is given.
+# Backups can be encrypted using gpg in case a passphrase is given.
 
 # GPG_PASSPHRASE="<xxx>"
 
-# Backups can be encrypted asymmetrically using gpg in case publickeys are given.
-
-# GPG_PUBLIC_KEY_RING= | 
-#-----BEGIN PGP PUBLIC KEY BLOCK-----
-#
-#D/cIHu6GH/0ghlcUVSbgMg5RRI5QKNNKh04uLAPxr75mKwUg0xPUaWgyyrAChVBi
-#...
-#-----END PGP PUBLIC KEY BLOCK-----
-
 ########### STOPPING CONTAINERS AND SERVICES DURING BACKUP
 
 # Containers or services can be stopped by applying a
@@ -392,7 +371,7 @@ You can populate below template according to your requirements and use it as you
 
 # Notifications (email, Slack, etc.) can be sent out when a backup run finishes.
 # Configuration is provided as a comma-separated list of URLs as consumed
-# by `shoutrrr`: https://containrrr.dev/shoutrrr/v0.8/services/overview/
+# by `shoutrrr`: https://containrrr.dev/shoutrrr/0.7/services/overview/
 # The content of such notifications can be customized. Dedicated documentation
 # on how to do this can be found in the README. When providing multiple URLs or
 # an URL that contains a comma, the values can be URL encoded to avoid ambiguities.

go.mod

@@ -1,85 +1,77 @@
 module github.com/offen/docker-volume-backup
 
-go 1.22
+go 1.21
 
 require (
-	filippo.io/age v1.2.0
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
-	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.4.0
-	github.com/containrrr/shoutrrr v0.8.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
+	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.2.1
+	github.com/containrrr/shoutrrr v0.7.1
 	github.com/cosiner/argv v0.1.0
-	github.com/docker/cli v27.1.1+incompatible
-	github.com/docker/docker v27.1.1+incompatible
-	github.com/gofrs/flock v0.12.1
+	github.com/docker/cli v24.0.1+incompatible
+	github.com/docker/docker v24.0.7+incompatible
+	github.com/gofrs/flock v0.8.1
 	github.com/joho/godotenv v1.5.1
-	github.com/klauspost/compress v1.17.9
+	github.com/klauspost/compress v1.17.6
 	github.com/leekchan/timeutil v0.0.0-20150802142658-28917288c48d
-	github.com/minio/minio-go/v7 v7.0.75
+	github.com/minio/minio-go/v7 v7.0.66
 	github.com/offen/envconfig v1.5.0
 	github.com/otiai10/copy v1.14.0
 	github.com/pkg/sftp v1.13.6
-	github.com/robfig/cron/v3 v3.0.1
+	github.com/robfig/cron/v3 v3.0.0
 	github.com/studio-b12/gowebdav v0.9.0
-	golang.org/x/crypto v0.25.0
-	golang.org/x/oauth2 v0.22.0
-	golang.org/x/sync v0.8.0
-	mvdan.cc/sh/v3 v3.8.0
+	golang.org/x/crypto v0.18.0
+	golang.org/x/oauth2 v0.16.0
+	golang.org/x/sync v0.6.0
 )
 
 require (
 	github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
-	github.com/containerd/log v0.1.0 // indirect
-	github.com/distribution/reference v0.6.0 // indirect
-	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/go-ini/ini v1.67.0 // indirect
-	github.com/go-logr/logr v1.4.1 // indirect
-	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/goccy/go-json v0.10.3 // indirect
-	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/moby/docker-image-spec v1.3.1 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect
-	go.opentelemetry.io/otel v1.26.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.26.0 // indirect
-	go.opentelemetry.io/otel/metric v1.26.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.26.0 // indirect
-	go.opentelemetry.io/otel/trace v1.26.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 )
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
-	github.com/ProtonMail/go-crypto v1.1.0-alpha.1
+	github.com/ProtonMail/go-crypto v1.1.0-alpha.0
+	github.com/docker/distribution v2.8.2+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
 	github.com/dropbox/dropbox-sdk-go-unofficial/v6 v6.0.5
 	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/fatih/color v1.17.0 // indirect
+	github.com/fatih/color v1.13.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/google/uuid v1.6.0 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.8 // indirect
+	github.com/google/uuid v1.5.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.6 // indirect
 	github.com/klauspost/pgzip v1.2.6
 	github.com/kr/fs v0.1.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-isatty v0.0.16 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
+	github.com/minio/sha256-simd v1.0.1 // indirect
 	github.com/moby/term v0.0.0-20200312100748-672ec06f55cd // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/rs/xid v1.5.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	golang.org/x/net v0.27.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/net v0.20.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gotest.tools/v3 v3.0.3 // indirect
 )

internal/errwrap/wrap.go

@@ -1,43 +0,0 @@
-// Copyright 2024 - offen.software <hioffen@posteo.de>
-// SPDX-License-Identifier: MPL-2.0
-
-package errwrap
-
-import (
-	"errors"
-	"fmt"
-	"runtime"
-	"strings"
-)
-
-// Wrap wraps the given error using the given message while prepending
-// the name of the calling function, creating a poor man's stack trace
-func Wrap(err error, msg string) error {
-	pc := make([]uintptr, 15)
-	n := runtime.Callers(2, pc)
-	frames := runtime.CallersFrames(pc[:n])
-	frame, _ := frames.Next()
-	// strip full import paths and just use the package name
-	chunks := strings.Split(frame.Function, "/")
-	withCaller := fmt.Sprintf("%s: %s", chunks[len(chunks)-1], msg)
-	if err == nil {
-		return fmt.Errorf(withCaller)
-	}
-	return fmt.Errorf("%s: %w", withCaller, err)
-}
-
-// Unwrap receives an error and returns the last error in the chain of
-// wrapped errors
-func Unwrap(err error) error {
-	if err == nil {
-		return nil
-	}
-	for {
-		u := errors.Unwrap(err)
-		if u == nil {
-			break
-		}
-		err = u
-	}
-	return err
-}

internal/storage/azure/azure.go

@@ -1,4 +1,4 @@
-// Copyright 2022 - offen.software <hioffen@posteo.de>
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 package azure
@@ -17,18 +17,14 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
-	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/blob"
-	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/blockblob"
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/container"
-	"github.com/offen/docker-volume-backup/internal/errwrap"
 	"github.com/offen/docker-volume-backup/internal/storage"
 )
 
 type azureBlobStorage struct {
 	*storage.StorageBackend
-	client              *azblob.Client
-	uploadStreamOptions *blockblob.UploadStreamOptions
-	containerName       string
+	client        *azblob.Client
+	containerName string
 }
 
 // Config contains values that define the configuration of an Azure Blob Storage.
@@ -36,25 +32,19 @@ type Config struct {
 	AccountName       string
 	ContainerName     string
 	PrimaryAccountKey string
-	ConnectionString  string
 	Endpoint          string
 	RemotePath        string
-	AccessTier        string
 }
 
 // NewStorageBackend creates and initializes a new Azure Blob Storage backend.
 func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error) {
-	if opts.PrimaryAccountKey != "" && opts.ConnectionString != "" {
-		return nil, errwrap.Wrap(nil, "using primary account key and connection string are mutually exclusive")
-	}
-
 	endpointTemplate, err := template.New("endpoint").Parse(opts.Endpoint)
 	if err != nil {
-		return nil, errwrap.Wrap(err, "error parsing endpoint template")
+		return nil, fmt.Errorf("NewStorageBackend: error parsing endpoint template: %w", err)
 	}
 	var ep bytes.Buffer
 	if err := endpointTemplate.Execute(&ep, opts); err != nil {
-		return nil, errwrap.Wrap(err, "error executing endpoint template")
+		return nil, fmt.Errorf("NewStorageBackend: error executing endpoint template: %w", err)
 	}
 	normalizedEndpoint := fmt.Sprintf("%s/", strings.TrimSuffix(ep.String(), "/"))
 
@@ -62,49 +52,27 @@ func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error
 	if opts.PrimaryAccountKey != "" {
 		cred, err := azblob.NewSharedKeyCredential(opts.AccountName, opts.PrimaryAccountKey)
 		if err != nil {
-			return nil, errwrap.Wrap(err, "error creating shared key Azure credential")
+			return nil, fmt.Errorf("NewStorageBackend: error creating shared key Azure credential: %w", err)
 		}
 
 		client, err = azblob.NewClientWithSharedKeyCredential(normalizedEndpoint, cred, nil)
 		if err != nil {
-			return nil, errwrap.Wrap(err, "error creating azure client from primary account key")
-		}
-	} else if opts.ConnectionString != "" {
-		client, err = azblob.NewClientFromConnectionString(opts.ConnectionString, nil)
-		if err != nil {
-			return nil, errwrap.Wrap(err, "error creating azure client from connection string")
+			return nil, fmt.Errorf("NewStorageBackend: error creating Azure client: %w", err)
 		}
 	} else {
 		cred, err := azidentity.NewManagedIdentityCredential(nil)
 		if err != nil {
-			return nil, errwrap.Wrap(err, "error creating managed identity credential")
+			return nil, fmt.Errorf("NewStorageBackend: error creating managed identity credential: %w", err)
 		}
 		client, err = azblob.NewClient(normalizedEndpoint, cred, nil)
 		if err != nil {
-			return nil, errwrap.Wrap(err, "error creating azure client from managed identity")
-		}
-	}
-
-	var uploadStreamOptions *blockblob.UploadStreamOptions
-	if opts.AccessTier != "" {
-		var found bool
-		for _, t := range blob.PossibleAccessTierValues() {
-			if string(t) == opts.AccessTier {
-				found = true
-				uploadStreamOptions = &blockblob.UploadStreamOptions{
-					AccessTier: &t,
-				}
-			}
-		}
-		if !found {
-			return nil, errwrap.Wrap(nil, fmt.Sprintf("%s is not a possible access tier value", opts.AccessTier))
+			return nil, fmt.Errorf("NewStorageBackend: error creating Azure client: %w", err)
 		}
 	}
 
 	storage := azureBlobStorage{
-		client:              client,
-		uploadStreamOptions: uploadStreamOptions,
-		containerName:       opts.ContainerName,
+		client:        client,
+		containerName: opts.ContainerName,
 		StorageBackend: &storage.StorageBackend{
 			DestinationPath: opts.RemotePath,
 			Log:             logFunc,
@@ -122,18 +90,17 @@ func (b *azureBlobStorage) Name() string {
 func (b *azureBlobStorage) Copy(file string) error {
 	fileReader, err := os.Open(file)
 	if err != nil {
-		return errwrap.Wrap(err, fmt.Sprintf("error opening file %s", file))
+		return fmt.Errorf("(*azureBlobStorage).Copy: error opening file %s: %w", file, err)
 	}
-
 	_, err = b.client.UploadStream(
 		context.Background(),
 		b.containerName,
 		filepath.Join(b.DestinationPath, filepath.Base(file)),
 		fileReader,
-		b.uploadStreamOptions,
+		nil,
 	)
 	if err != nil {
-		return errwrap.Wrap(err, fmt.Sprintf("error uploading file %s", file))
+		return fmt.Errorf("(*azureBlobStorage).Copy: error uploading file %s: %w", file, err)
 	}
 	return nil
 }
@@ -150,7 +117,7 @@ func (b *azureBlobStorage) Prune(deadline time.Time, pruningPrefix string) (*sto
 	for pager.More() {
 		resp, err := pager.NextPage(context.Background())
 		if err != nil {
-			return nil, errwrap.Wrap(err, "error paging over blobs")
+			return nil, fmt.Errorf("(*azureBlobStorage).Prune: error paging over blobs: %w", err)
 		}
 		for _, v := range resp.Segment.BlobItems {
 			totalCount++

internal/storage/dropbox/dropbox.go

@@ -14,7 +14,6 @@ import (
 
 	"github.com/dropbox/dropbox-sdk-go-unofficial/v6/dropbox"
 	"github.com/dropbox/dropbox-sdk-go-unofficial/v6/dropbox/files"
-	"github.com/offen/docker-volume-backup/internal/errwrap"
 	"github.com/offen/docker-volume-backup/internal/storage"
 	"golang.org/x/oauth2"
 )
@@ -52,7 +51,7 @@ func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error
 	tkSource := conf.TokenSource(context.Background(), &oauth2.Token{RefreshToken: opts.RefreshToken})
 	token, err := tkSource.Token()
 	if err != nil {
-		return nil, errwrap.Wrap(err, "error refreshing token")
+		return nil, fmt.Errorf("(*dropboxStorage).NewStorageBackend: Error refreshing token: %w", err)
 	}
 
 	dbxConfig := dropbox.Config{
@@ -96,28 +95,29 @@ func (b *dropboxStorage) Copy(file string) error {
 		switch err := err.(type) {
 		case files.CreateFolderV2APIError:
 			if err.EndpointError.Path.Tag != files.WriteErrorConflict {
-				return errwrap.Wrap(err, fmt.Sprintf("error creating directory '%s'", b.DestinationPath))
+				return fmt.Errorf("(*dropboxStorage).Copy: Error creating directory '%s': %w", b.DestinationPath, err)
 			}
 			b.Log(storage.LogLevelInfo, b.Name(), "Destination path '%s' already exists, no new directory required.", b.DestinationPath)
 		default:
-			return errwrap.Wrap(err, fmt.Sprintf("error creating directory '%s'", b.DestinationPath))
+			return fmt.Errorf("(*dropboxStorage).Copy: Error creating directory '%s': %w", b.DestinationPath, err)
 		}
 	}
 
 	r, err := os.Open(file)
 	if err != nil {
-		return errwrap.Wrap(err, "error opening the file to be uploaded")
+		return fmt.Errorf("(*dropboxStorage).Copy: Error opening the file to be uploaded: %w", err)
 	}
 	defer r.Close()
 
 	// Start new upload session and get session id
+
 	b.Log(storage.LogLevelInfo, b.Name(), "Starting upload session for backup '%s' at path '%s'.", file, b.DestinationPath)
 
 	var sessionId string
 	uploadSessionStartArg := files.NewUploadSessionStartArg()
 	uploadSessionStartArg.SessionType = &files.UploadSessionType{Tagged: dropbox.Tagged{Tag: files.UploadSessionTypeConcurrent}}
 	if res, err := b.client.UploadSessionStart(uploadSessionStartArg, nil); err != nil {
-		return errwrap.Wrap(err, "error starting the upload session")
+		return fmt.Errorf("(*dropboxStorage).Copy: Error starting the upload session: %w", err)
 	} else {
 		sessionId = res.SessionId
 	}
@@ -165,7 +165,7 @@ loop:
 
 			bytesRead, err := r.Read(chunk)
 			if err != nil {
-				errorChn <- errwrap.Wrap(err, "error reading the file to be uploaded")
+				errorChn <- fmt.Errorf("(*dropboxStorage).Copy: Error reading the file to be uploaded: %w", err)
 				mu.Unlock()
 				return
 			}
@@ -184,7 +184,7 @@ loop:
 			mu.Unlock()
 
 			if err := b.client.UploadSessionAppendV2(uploadSessionAppendArg, bytes.NewReader(chunk)); err != nil {
-				errorChn <- errwrap.Wrap(err, "error appending the file to the upload session")
+				errorChn <- fmt.Errorf("(*dropboxStorage).Copy: Error appending the file to the upload session: %w", err)
 				return
 			}
 		}()
@@ -198,7 +198,7 @@ loop:
 			files.NewCommitInfo(filepath.Join(b.DestinationPath, name)),
 		), nil)
 	if err != nil {
-		return errwrap.Wrap(err, "error finishing the upload session")
+		return fmt.Errorf("(*dropboxStorage).Copy: Error finishing the upload session: %w", err)
 	}
 
 	b.Log(storage.LogLevelInfo, b.Name(), "Uploaded a copy of backup '%s' at path '%s'.", file, b.DestinationPath)
@@ -211,14 +211,14 @@ func (b *dropboxStorage) Prune(deadline time.Time, pruningPrefix string) (*stora
 	var entries []files.IsMetadata
 	res, err := b.client.ListFolder(files.NewListFolderArg(b.DestinationPath))
 	if err != nil {
-		return nil, errwrap.Wrap(err, "error looking up candidates from remote storage")
+		return nil, fmt.Errorf("(*webDavStorage).Prune: Error looking up candidates from remote storage: %w", err)
 	}
 	entries = append(entries, res.Entries...)
 
 	for res.HasMore {
 		res, err = b.client.ListFolderContinue(files.NewListFolderContinueArg(res.Cursor))
 		if err != nil {
-			return nil, errwrap.Wrap(err, "error looking up candidates from remote storage")
+			return nil, fmt.Errorf("(*webDavStorage).Prune: Error looking up candidates from remote storage: %w", err)
 		}
 		entries = append(entries, res.Entries...)
 	}
@@ -248,7 +248,7 @@ func (b *dropboxStorage) Prune(deadline time.Time, pruningPrefix string) (*stora
 	pruneErr := b.DoPrune(b.Name(), len(matches), lenCandidates, deadline, func() error {
 		for _, match := range matches {
 			if _, err := b.client.DeleteV2(files.NewDeleteArg(filepath.Join(b.DestinationPath, match.Name))); err != nil {
-				return errwrap.Wrap(err, "error removing file from Dropbox storage")
+				return fmt.Errorf("(*dropboxStorage).Prune: Error removing file from Dropbox storage: %w", err)
 			}
 		}
 		return nil

internal/storage/local/local.go

@@ -1,4 +1,4 @@
-// Copyright 2022 - offen.software <hioffen@posteo.de>
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 package local
@@ -12,7 +12,6 @@ import (
 	"path/filepath"
 	"time"
 
-	"github.com/offen/docker-volume-backup/internal/errwrap"
 	"github.com/offen/docker-volume-backup/internal/storage"
 )
 
@@ -48,7 +47,7 @@ func (b *localStorage) Copy(file string) error {
 	_, name := path.Split(file)
 
 	if err := copyFile(file, path.Join(b.DestinationPath, name)); err != nil {
-		return errwrap.Wrap(err, "error copying file to archive")
+		return fmt.Errorf("(*localStorage).Copy: Error copying file to archive: %w", err)
 	}
 	b.Log(storage.LogLevelInfo, b.Name(), "Stored copy of backup `%s` in `%s`.", file, b.DestinationPath)
 
@@ -58,7 +57,7 @@ func (b *localStorage) Copy(file string) error {
 			os.Remove(symlink)
 		}
 		if err := os.Symlink(name, symlink); err != nil {
-			return errwrap.Wrap(err, "error creating latest symlink")
+			return fmt.Errorf("(*localStorage).Copy: error creating latest symlink: %w", err)
 		}
 		b.Log(storage.LogLevelInfo, b.Name(), "Created/Updated symlink `%s` for latest backup.", b.latestSymlink)
 	}
@@ -74,12 +73,10 @@ func (b *localStorage) Prune(deadline time.Time, pruningPrefix string) (*storage
 	)
 	globMatches, err := filepath.Glob(globPattern)
 	if err != nil {
-		return nil, errwrap.Wrap(
+		return nil, fmt.Errorf(
+			"(*localStorage).Prune: Error looking up matching files using pattern %s: %w",
+			globPattern,
 			err,
-			fmt.Sprintf(
-				"error looking up matching files using pattern %s",
-				globPattern,
-			),
 		)
 	}
 
@@ -87,12 +84,10 @@ func (b *localStorage) Prune(deadline time.Time, pruningPrefix string) (*storage
 	for _, candidate := range globMatches {
 		fi, err := os.Lstat(candidate)
 		if err != nil {
-			return nil, errwrap.Wrap(
+			return nil, fmt.Errorf(
+				"(*localStorage).Prune: Error calling Lstat on file %s: %w",
+				candidate,
 				err,
-				fmt.Sprintf(
-					"error calling Lstat on file %s",
-					candidate,
-				),
 			)
 		}
 
@@ -105,12 +100,10 @@ func (b *localStorage) Prune(deadline time.Time, pruningPrefix string) (*storage
 	for _, candidate := range candidates {
 		fi, err := os.Stat(candidate)
 		if err != nil {
-			return nil, errwrap.Wrap(
+			return nil, fmt.Errorf(
+				"(*localStorage).Prune: Error calling stat on file %s: %w",
+				candidate,
 				err,
-				fmt.Sprintf(
-					"error calling stat on file %s",
-					candidate,
-				),
 			)
 		}
 		if fi.ModTime().Before(deadline) {
@@ -131,12 +124,10 @@ func (b *localStorage) Prune(deadline time.Time, pruningPrefix string) (*storage
 			}
 		}
 		if len(removeErrors) != 0 {
-			return errwrap.Wrap(
+			return fmt.Errorf(
+				"(*localStorage).Prune: %d error(s) deleting files, starting with: %w",
+				len(removeErrors),
 				errors.Join(removeErrors...),
-				fmt.Sprintf(
-					"%d error(s) deleting files",
-					len(removeErrors),
-				),
 			)
 		}
 		return nil

internal/storage/s3/s3.go

@@ -1,4 +1,4 @@
-// Copyright 2022 - offen.software <hioffen@posteo.de>
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 package s3
@@ -15,7 +15,6 @@ import (
 
 	"github.com/minio/minio-go/v7"
 	"github.com/minio/minio-go/v7/pkg/credentials"
-	"github.com/offen/docker-volume-backup/internal/errwrap"
 	"github.com/offen/docker-volume-backup/internal/storage"
 )
 
@@ -54,7 +53,7 @@ func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error
 	} else if opts.IamRoleEndpoint != "" {
 		creds = credentials.NewIAM(opts.IamRoleEndpoint)
 	} else {
-		return nil, errwrap.Wrap(nil, "AWS_S3_BUCKET_NAME is defined, but no credentials were provided")
+		return nil, errors.New("NewStorageBackend: AWS_S3_BUCKET_NAME is defined, but no credentials were provided")
 	}
 
 	options := minio.Options{
@@ -64,12 +63,12 @@ func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error
 
 	transport, err := minio.DefaultTransport(true)
 	if err != nil {
-		return nil, errwrap.Wrap(err, "failed to create default minio transport")
+		return nil, fmt.Errorf("NewStorageBackend: failed to create default minio transport: %w", err)
 	}
 
 	if opts.EndpointInsecure {
 		if !options.Secure {
-			return nil, errwrap.Wrap(nil, "AWS_ENDPOINT_INSECURE = true is only meaningful for https")
+			return nil, errors.New("NewStorageBackend: AWS_ENDPOINT_INSECURE = true is only meaningful for https")
 		}
 		transport.TLSClientConfig.InsecureSkipVerify = true
 	} else if opts.CACert != nil {
@@ -82,7 +81,7 @@ func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error
 
 	mc, err := minio.New(opts.Endpoint, &options)
 	if err != nil {
-		return nil, errwrap.Wrap(err, "error setting up minio client")
+		return nil, fmt.Errorf("NewStorageBackend: error setting up minio client: %w", err)
 	}
 
 	return &s3Storage{
@@ -113,12 +112,12 @@ func (b *s3Storage) Copy(file string) error {
 	if b.partSize > 0 {
 		srcFileInfo, err := os.Stat(file)
 		if err != nil {
-			return errwrap.Wrap(err, "error reading the local file")
+			return fmt.Errorf("(*s3Storage).Copy: error reading the local file: %w", err)
 		}
 
 		_, partSize, _, err := minio.OptimalPartInfo(srcFileInfo.Size(), uint64(b.partSize*1024*1024))
 		if err != nil {
-			return errwrap.Wrap(err, "error computing the optimal s3 part size")
+			return fmt.Errorf("(*s3Storage).Copy: error computing the optimal s3 part size: %w", err)
 		}
 
 		putObjectOptions.PartSize = uint64(partSize)
@@ -126,17 +125,14 @@ func (b *s3Storage) Copy(file string) error {
 
 	if _, err := b.client.FPutObject(context.Background(), b.bucket, filepath.Join(b.DestinationPath, name), file, putObjectOptions); err != nil {
 		if errResp := minio.ToErrorResponse(err); errResp.Message != "" {
-			return errwrap.Wrap(
-				nil,
-				fmt.Sprintf(
-					"error uploading backup to remote storage: [Message]: '%s', [Code]: %s, [StatusCode]: %d",
-					errResp.Message,
-					errResp.Code,
-					errResp.StatusCode,
-				),
+			return fmt.Errorf(
+				"(*s3Storage).Copy: error uploading backup to remote storage: [Message]: '%s', [Code]: %s, [StatusCode]: %d",
+				errResp.Message,
+				errResp.Code,
+				errResp.StatusCode,
 			)
 		}
-		return errwrap.Wrap(err, "error uploading backup to remote storage")
+		return fmt.Errorf("(*s3Storage).Copy: error uploading backup to remote storage: %w", err)
 	}
 
 	b.Log(storage.LogLevelInfo, b.Name(), "Uploaded a copy of backup `%s` to bucket `%s`.", file, b.bucket)
@@ -156,9 +152,9 @@ func (b *s3Storage) Prune(deadline time.Time, pruningPrefix string) (*storage.Pr
 	for candidate := range candidates {
 		lenCandidates++
 		if candidate.Err != nil {
-			return nil, errwrap.Wrap(
+			return nil, fmt.Errorf(
+				"(*s3Storage).Prune: error looking up candidates from remote storage! %w",
 				candidate.Err,
-				"error looking up candidates from remote storage",
 			)
 		}
 		if candidate.LastModified.Before(deadline) {

internal/storage/ssh/ssh.go

@@ -1,9 +1,10 @@
-// Copyright 2022 - offen.software <hioffen@posteo.de>
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 package ssh
 
 import (
+	"errors"
 	"fmt"
 	"io"
 	"os"
@@ -12,7 +13,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/offen/docker-volume-backup/internal/errwrap"
 	"github.com/offen/docker-volume-backup/internal/storage"
 	"github.com/pkg/sftp"
 	"golang.org/x/crypto/ssh"
@@ -47,20 +47,20 @@ func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error
 	if _, err := os.Stat(opts.IdentityFile); err == nil {
 		key, err := os.ReadFile(opts.IdentityFile)
 		if err != nil {
-			return nil, errwrap.Wrap(nil, "error reading the private key")
+			return nil, errors.New("NewStorageBackend: error reading the private key")
 		}
 
 		var signer ssh.Signer
 		if opts.IdentityPassphrase != "" {
 			signer, err = ssh.ParsePrivateKeyWithPassphrase(key, []byte(opts.IdentityPassphrase))
 			if err != nil {
-				return nil, errwrap.Wrap(nil, "error parsing the encrypted private key")
+				return nil, errors.New("NewStorageBackend: error parsing the encrypted private key")
 			}
 			authMethods = append(authMethods, ssh.PublicKeys(signer))
 		} else {
 			signer, err = ssh.ParsePrivateKey(key)
 			if err != nil {
-				return nil, errwrap.Wrap(nil, "error parsing the private key")
+				return nil, errors.New("NewStorageBackend: error parsing the private key")
 			}
 			authMethods = append(authMethods, ssh.PublicKeys(signer))
 		}
@@ -74,7 +74,7 @@ func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error
 	sshClient, err := ssh.Dial("tcp", fmt.Sprintf("%s:%s", opts.HostName, opts.Port), sshClientConfig)
 
 	if err != nil {
-		return nil, errwrap.Wrap(err, "error creating ssh client")
+		return nil, fmt.Errorf("NewStorageBackend: error creating ssh client: %w", err)
 	}
 	_, _, err = sshClient.SendRequest("keepalive", false, nil)
 	if err != nil {
@@ -87,7 +87,7 @@ func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error
 		sftp.MaxConcurrentRequestsPerFile(64),
 	)
 	if err != nil {
-		return nil, errwrap.Wrap(err, "error creating sftp client")
+		return nil, fmt.Errorf("NewStorageBackend: error creating sftp client: %w", err)
 	}
 
 	return &sshStorage{
@@ -111,13 +111,13 @@ func (b *sshStorage) Copy(file string) error {
 	source, err := os.Open(file)
 	_, name := path.Split(file)
 	if err != nil {
-		return errwrap.Wrap(err, " error reading the file to be uploaded")
+		return fmt.Errorf("(*sshStorage).Copy: error reading the file to be uploaded: %w", err)
 	}
 	defer source.Close()
 
 	destination, err := b.sftpClient.Create(filepath.Join(b.DestinationPath, name))
 	if err != nil {
-		return errwrap.Wrap(err, "error creating file")
+		return fmt.Errorf("(*sshStorage).Copy: error creating file: %w", err)
 	}
 	defer destination.Close()
 
@@ -127,27 +127,27 @@ func (b *sshStorage) Copy(file string) error {
 		if err == io.EOF {
 			tot, err := destination.Write(chunk[:num])
 			if err != nil {
-				return errwrap.Wrap(err, "error uploading the file")
+				return fmt.Errorf("(*sshStorage).Copy: error uploading the file: %w", err)
 			}
 
 			if tot != len(chunk[:num]) {
-				return errwrap.Wrap(nil, "failed to write stream")
+				return errors.New("(*sshStorage).Copy: failed to write stream")
 			}
 
 			break
 		}
 
 		if err != nil {
-			return errwrap.Wrap(err, "error uploading the file")
+			return fmt.Errorf("(*sshStorage).Copy: error uploading the file: %w", err)
 		}
 
 		tot, err := destination.Write(chunk[:num])
 		if err != nil {
-			return errwrap.Wrap(err, "error uploading the file")
+			return fmt.Errorf("(*sshStorage).Copy: error uploading the file: %w", err)
 		}
 
 		if tot != len(chunk[:num]) {
-			return errwrap.Wrap(nil, "failed to write stream")
+			return fmt.Errorf("(*sshStorage).Copy: failed to write stream")
 		}
 	}
 
@@ -160,7 +160,7 @@ func (b *sshStorage) Copy(file string) error {
 func (b *sshStorage) Prune(deadline time.Time, pruningPrefix string) (*storage.PruneStats, error) {
 	candidates, err := b.sftpClient.ReadDir(b.DestinationPath)
 	if err != nil {
-		return nil, errwrap.Wrap(err, "error reading directory")
+		return nil, fmt.Errorf("(*sshStorage).Prune: error reading directory: %w", err)
 	}
 
 	var matches []string
@@ -181,7 +181,7 @@ func (b *sshStorage) Prune(deadline time.Time, pruningPrefix string) (*storage.P
 	pruneErr := b.DoPrune(b.Name(), len(matches), len(candidates), deadline, func() error {
 		for _, match := range matches {
 			if err := b.sftpClient.Remove(filepath.Join(b.DestinationPath, match)); err != nil {
-				return errwrap.Wrap(err, "error removing file")
+				return fmt.Errorf("(*sshStorage).Prune: error removing file: %w", err)
 			}
 		}
 		return nil

internal/storage/storage.go

@@ -1,12 +1,11 @@
-// Copyright 2022 - offen.software <hioffen@posteo.de>
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 package storage
 
 import (
+	"fmt"
 	"time"
-
-	"github.com/offen/docker-volume-backup/internal/errwrap"
 )
 
 // Backend is an interface for defining functions which all storage providers support.
@@ -27,6 +26,7 @@ type LogLevel int
 const (
 	LogLevelInfo LogLevel = iota
 	LogLevelWarning
+	LogLevelError
 )
 
 type Log func(logType LogLevel, context string, msg string, params ...any)
@@ -47,7 +47,7 @@ func (b *StorageBackend) DoPrune(context string, lenMatches, lenCandidates int,
 
 		formattedDeadline, err := deadline.Local().MarshalText()
 		if err != nil {
-			return errwrap.Wrap(err, "error marshaling deadline")
+			return fmt.Errorf("(*StorageBackend).DoPrune: error marshaling deadline: %w", err)
 		}
 		b.Log(LogLevelInfo, context,
 			"Pruned %d out of %d backups as they were older than the given deadline of %s.",

internal/storage/webdav/webdav.go

@@ -1,9 +1,10 @@
-// Copyright 2022 - offen.software <hioffen@posteo.de>
+// Copyright 2022 - Offen Authors <hioffen@posteo.de>
 // SPDX-License-Identifier: MPL-2.0
 
 package webdav
 
 import (
+	"errors"
 	"fmt"
 	"io/fs"
 	"net/http"
@@ -13,7 +14,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/offen/docker-volume-backup/internal/errwrap"
 	"github.com/offen/docker-volume-backup/internal/storage"
 	"github.com/studio-b12/gowebdav"
 )
@@ -36,14 +36,14 @@ type Config struct {
 // NewStorageBackend creates and initializes a new WebDav storage backend.
 func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error) {
 	if opts.Username == "" || opts.Password == "" {
-		return nil, errwrap.Wrap(nil, "WEBDAV_URL is defined, but no credentials were provided")
+		return nil, errors.New("NewStorageBackend: WEBDAV_URL is defined, but no credentials were provided")
 	} else {
 		webdavClient := gowebdav.NewClient(opts.URL, opts.Username, opts.Password)
 
 		if opts.URLInsecure {
 			defaultTransport, ok := http.DefaultTransport.(*http.Transport)
 			if !ok {
-				return nil, errwrap.Wrap(nil, "unexpected error when asserting type for http.DefaultTransport")
+				return nil, errors.New("NewStorageBackend: unexpected error when asserting type for http.DefaultTransport")
 			}
 			webdavTransport := defaultTransport.Clone()
 			webdavTransport.TLSClientConfig.InsecureSkipVerify = opts.URLInsecure
@@ -69,16 +69,16 @@ func (b *webDavStorage) Name() string {
 func (b *webDavStorage) Copy(file string) error {
 	_, name := path.Split(file)
 	if err := b.client.MkdirAll(b.DestinationPath, 0644); err != nil {
-		return errwrap.Wrap(err, fmt.Sprintf("error creating directory '%s' on server", b.DestinationPath))
+		return fmt.Errorf("(*webDavStorage).Copy: error creating directory '%s' on server: %w", b.DestinationPath, err)
 	}
 
 	r, err := os.Open(file)
 	if err != nil {
-		return errwrap.Wrap(err, "error opening the file to be uploaded")
+		return fmt.Errorf("(*webDavStorage).Copy: error opening the file to be uploaded: %w", err)
 	}
 
 	if err := b.client.WriteStream(filepath.Join(b.DestinationPath, name), r, 0644); err != nil {
-		return errwrap.Wrap(err, "error uploading the file")
+		return fmt.Errorf("(*webDavStorage).Copy: error uploading the file: %w", err)
 	}
 	b.Log(storage.LogLevelInfo, b.Name(), "Uploaded a copy of backup '%s' to '%s' at path '%s'.", file, b.url, b.DestinationPath)
 
@@ -89,7 +89,7 @@ func (b *webDavStorage) Copy(file string) error {
 func (b *webDavStorage) Prune(deadline time.Time, pruningPrefix string) (*storage.PruneStats, error) {
 	candidates, err := b.client.ReadDir(b.DestinationPath)
 	if err != nil {
-		return nil, errwrap.Wrap(err, "error looking up candidates from remote storage")
+		return nil, fmt.Errorf("(*webDavStorage).Prune: error looking up candidates from remote storage: %w", err)
 	}
 	var matches []fs.FileInfo
 	var lenCandidates int
@@ -111,7 +111,7 @@ func (b *webDavStorage) Prune(deadline time.Time, pruningPrefix string) (*storag
 	pruneErr := b.DoPrune(b.Name(), len(matches), lenCandidates, deadline, func() error {
 		for _, match := range matches {
 			if err := b.client.Remove(filepath.Join(b.DestinationPath, match.Name())); err != nil {
-				return errwrap.Wrap(err, "error removing file")
+				return fmt.Errorf("(*webDavStorage).Prune: error removing file: %w", err)
 			}
 		}
 		return nil

test/Dockerfile

@@ -1,12 +1,9 @@
-FROM docker:27-dind
+FROM docker:24-dind
 
 RUN apk add \
-  age \
   coreutils \
   curl \
-  expect \
   gpg \
-  gpg-agent \
   jq \
   moreutils \
   tar \

test/age-passphrase/docker-compose.yml

@@ -1,24 +0,0 @@
-services:
-  backup:
-    image: offen/docker-volume-backup:${TEST_VERSION:-canary}
-    restart: always
-    environment:
-      BACKUP_CRON_EXPRESSION: 0 0 5 31 2 ?
-      BACKUP_FILENAME: test.tar.gz
-      BACKUP_LATEST_SYMLINK: test-latest.tar.gz.age
-      BACKUP_RETENTION_DAYS: ${BACKUP_RETENTION_DAYS:-7}
-      AGE_PASSPHRASE: "Dance.0Tonight.Go.Typical"
-    volumes:
-      - ${LOCAL_DIR:-./local}:/archive
-      - app_data:/backup/app_data:ro
-      - /var/run/docker.sock:/var/run/docker.sock
-
-  offen:
-    image: offen/offen:latest
-    labels:
-      - docker-volume-backup.stop-during-backup=true
-    volumes:
-      - app_data:/var/opt/offen
-
-volumes:
-  app_data:

test/age-passphrase/run.sh

@@ -1,39 +0,0 @@
-#!/bin/sh
-
-set -e
-
-cd "$(dirname "$0")"
-. ../util.sh
-current_test=$(basename "$(pwd)")
-
-export LOCAL_DIR="$(mktemp -d)"
-
-docker compose up -d --quiet-pull
-sleep 5
-
-docker compose exec backup backup
-
-expect_running_containers "2"
-
-TMP_DIR=$(mktemp -d)
-
-# complex usage of expect(1) due to age not have a way to programmatically
-# provide the passphrase
-expect -i <<EOL
-spawn age --decrypt -o "$LOCAL_DIR/decrypted.tar.gz" "$LOCAL_DIR/test.tar.gz.age"
-expect -exact "Enter passphrase: "
-send -- "Dance.0Tonight.Go.Typical\r"
-sleep 1
-EOL
-tar -xf "$LOCAL_DIR/decrypted.tar.gz" -C "$TMP_DIR"
-
-if [ ! -f "$TMP_DIR/backup/app_data/offen.db" ]; then
-  fail "Could not find expected file in untared archive."
-fi
-rm -vf "$LOCAL_DIR/decrypted.tar.gz"
-
-pass "Found relevant files in decrypted and untared local backup."
-
-if [ ! -L "$LOCAL_DIR/test-latest.tar.gz.age" ]; then
-  fail "Could not find local symlink to latest encrypted backup."
-fi

test/age-publickey/.gitignore

@@ -1 +0,0 @@
-pk-*.txt

test/age-publickey/docker-compose.yml

@@ -1,24 +0,0 @@
-services:
-  backup:
-    image: offen/docker-volume-backup:${TEST_VERSION:-canary}
-    restart: always
-    environment:
-      BACKUP_CRON_EXPRESSION: 0 0 5 31 2 ?
-      BACKUP_FILENAME: test.tar.gz
-      BACKUP_LATEST_SYMLINK: test-latest.tar.gz.age
-      BACKUP_RETENTION_DAYS: ${BACKUP_RETENTION_DAYS:-7}
-      AGE_PUBLIC_KEYS: "${BACKUP_AGE_PUBLIC_KEYS}"
-    volumes:
-      - ${LOCAL_DIR:-./local}:/archive
-      - app_data:/backup/app_data:ro
-      - /var/run/docker.sock:/var/run/docker.sock
-
-  offen:
-    image: offen/offen:latest
-    labels:
-      - docker-volume-backup.stop-during-backup=true
-    volumes:
-      - app_data:/var/opt/offen
-
-volumes:
-  app_data:

test/age-publickey/run.sh

@@ -1,43 +0,0 @@
-#!/bin/sh
-
-set -e
-
-cd "$(dirname "$0")"
-. ../util.sh
-current_test=$(basename "$(pwd)")
-
-export LOCAL_DIR="$(mktemp -d)"
-
-age-keygen >"$LOCAL_DIR/pk-a.txt"
-PK_A="$(grep -E 'public key' <"$LOCAL_DIR/pk-a.txt" | cut -d: -f2 | xargs)"
-age-keygen >"$LOCAL_DIR/pk-b.txt"
-PK_B="$(grep -E 'public key' <"$LOCAL_DIR/pk-b.txt" | cut -d: -f2 | xargs)"
-
-export BACKUP_AGE_PUBLIC_KEYS="$PK_A,$PK_B"
-
-docker compose up -d --quiet-pull
-sleep 5
-
-docker compose exec backup backup
-
-expect_running_containers "2"
-
-do_decrypt() {
-  TMP_DIR=$(mktemp -d)
-  age --decrypt -i "$1" -o "$LOCAL_DIR/decrypted.tar.gz" "$LOCAL_DIR/test.tar.gz.age"
-  tar -xf "$LOCAL_DIR/decrypted.tar.gz" -C "$TMP_DIR"
-
-  if [ ! -f "$TMP_DIR/backup/app_data/offen.db" ]; then
-    fail "Could not find expected file in untared archive."
-  fi
-  rm -vf "$LOCAL_DIR/decrypted.tar.gz"
-
-  pass "Found relevant files in decrypted and untared local backup."
-
-  if [ ! -L "$LOCAL_DIR/test-latest.tar.gz.age" ]; then
-    fail "Could not find local symlink to latest encrypted backup."
-  fi
-}
-
-do_decrypt "$LOCAL_DIR/pk-a.txt"
-do_decrypt "$LOCAL_DIR/pk-b.txt"

test/azure/docker-compose.yml

@@ -1,6 +1,8 @@
+version: '3'
+
 services:
   storage:
-    image: mcr.microsoft.com/azure-storage/azurite:3.31.0
+    image: mcr.microsoft.com/azure-storage/azurite:3.26.0
     volumes:
       - ${DATA_DIR:-./data}:/data
     command: azurite-blob --blobHost 0.0.0.0 --blobPort 10000 --location /data
@@ -34,7 +36,6 @@ services:
       AZURE_STORAGE_CONTAINER_NAME: test-container
       AZURE_STORAGE_ENDPOINT: http://storage:10000/{{ .AccountName }}/
       AZURE_STORAGE_PATH: 'path/to/backup'
-      AZURE_STORAGE_ACCESS_TIER: Hot
       BACKUP_FILENAME: test.tar.gz
       BACKUP_CRON_EXPRESSION: 0 0 5 31 2 ?
       BACKUP_RETENTION_DAYS: ${BACKUP_RETENTION_DAYS:-7}

test/certs/docker-compose.yml

@@ -1,3 +1,5 @@
+version: '3'
+
 services:
   minio:
     hostname: minio.local

test/collision/docker-compose.yml

@@ -1,6 +1,8 @@
-# Copyright 2020-2021 - offen.software <hioffen@posteo.de>
+# Copyright 2020-2021 - Offen Authors <hioffen@posteo.de>
 # SPDX-License-Identifier: Unlicense
 
+version: '3.8'
+
 services:
   backup:
     image: offen/docker-volume-backup:${TEST_VERSION:-canary}

test/commands/docker-compose.yml

@@ -1,3 +1,5 @@
+version: '3.8'
+
 services:
   database:
     image: mariadb:10.7

test/confd/01backup.env

@@ -1,6 +1,2 @@
-# This is a comment
-# NOT=$(docker ps -aq)
-# e.g. `backup-$HOSTNAME-%Y-%m-%dT%H-%M-%S.tar.gz`. Expansion happens before`
-
-NAME="$EXPANSION_VALUE"
+BACKUP_FILENAME="conf.tar.gz"
 BACKUP_CRON_EXPRESSION="*/1 * * * *"

test/confd/02backup.env

@@ -1,3 +1,2 @@
-NAME="other"
+BACKUP_FILENAME="other.tar.gz"
 BACKUP_CRON_EXPRESSION="*/1 * * * *"
-BACKUP_FILENAME="override-$NAME.tar.gz"

test/confd/03never.env

@@ -1,2 +1,2 @@
-NAME="never"
+BACKUP_FILENAME="never.tar.gz"
 BACKUP_CRON_EXPRESSION="0 0 5 31 2 ?"

test/confd/docker-compose.yml

@@ -1,11 +1,9 @@
+version: '3'
+
 services:
   backup:
     image: offen/docker-volume-backup:${TEST_VERSION:-canary}
     restart: always
-    environment:
-      BACKUP_FILENAME: $$NAME.tar.gz
-      BACKUP_FILENAME_EXPAND: 'true'
-      EXPANSION_VALUE: conf
     volumes:
       - ${LOCAL_DIR:-./local}:/archive
       - app_data:/backup/app_data:ro

test/confd/run.sh

@@ -20,7 +20,7 @@ if [ ! -f "$LOCAL_DIR/conf.tar.gz" ]; then
 fi
 pass "Config from file was used."
 
-if [ ! -f "$LOCAL_DIR/override-other.tar.gz" ]; then
+if [ ! -f "$LOCAL_DIR/other.tar.gz" ]; then
   fail "Run on same schedule did not succeed."
 fi
 pass "Run on same schedule succeeded."

test/dropbox/docker-compose.yml

@@ -1,3 +1,5 @@
+version: '3'
+
 services:
   openapi_mock:
     image: muonsoft/openapi-mock:0.3.9

test/extend/docker-compose.yml

@@ -1,3 +1,5 @@
+version: '3'
+
 services:
   backup:
     image: offen/docker-volume-backup:${TEST_VERSION:-canary}

test/gpg-asym/docker-compose.yml

@@ -1,25 +0,0 @@
-services:
-  backup:
-    image: offen/docker-volume-backup:${TEST_VERSION:-canary}
-    restart: always
-    environment:
-      BACKUP_CRON_EXPRESSION: 0 0 5 31 2 ?
-      BACKUP_FILENAME: test.tar.gz
-      BACKUP_LATEST_SYMLINK: test-latest.tar.gz.gpg
-      BACKUP_RETENTION_DAYS: ${BACKUP_RETENTION_DAYS:-7}
-      GPG_PUBLIC_KEY_RING_FILE: /keys/public_key.asc
-    volumes:
-      - ${KEY_DIR:-.}/public_key.asc:/keys/public_key.asc
-      - ${LOCAL_DIR:-./local}:/archive
-      - app_data:/backup/app_data:ro
-      - /var/run/docker.sock:/var/run/docker.sock
-
-  offen:
-    image: offen/offen:latest
-    labels:
-      - docker-volume-backup.stop-during-backup=true
-    volumes:
-      - app_data:/var/opt/offen
-
-volumes:
-  app_data:

test/gpg-asym/run.sh

@@ -1,49 +0,0 @@
-#!/bin/sh
-
-set -e
-
-cd "$(dirname "$0")"
-. ../util.sh
-current_test=$(basename $(pwd))
-
-export LOCAL_DIR=$(mktemp -d)
-
-export KEY_DIR=$(mktemp -d)
-
-export PASSPHRASE="test"
-
-gpg --batch --gen-key <<EOF
-Key-Type: RSA
-Key-Length: 4096
-Name-Real: offen
-Name-Email: docker-volume-backup@local
-Expire-Date: 0
-Passphrase: $PASSPHRASE
-%commit
-EOF
-
-gpg --export --armor --batch --yes --pinentry-mode loopback --passphrase $PASSPHRASE --output $KEY_DIR/public_key.asc
-
-docker compose up -d --quiet-pull
-sleep 5
-
-docker compose exec backup backup
-
-expect_running_containers "2"
-
-TMP_DIR=$(mktemp -d)
-
-gpg -d --pinentry-mode loopback --yes --passphrase $PASSPHRASE "$LOCAL_DIR/test.tar.gz.gpg" > "$LOCAL_DIR/decrypted.tar.gz"
-
-tar -xf "$LOCAL_DIR/decrypted.tar.gz" -C $TMP_DIR
-
-if [ ! -f $TMP_DIR/backup/app_data/offen.db ]; then
-  fail "Could not find expected file in untared archive."
-fi
-rm "$LOCAL_DIR/decrypted.tar.gz"
-
-pass "Found relevant files in decrypted and untared local backup."
-
-if [ ! -L "$LOCAL_DIR/test-latest.tar.gz.gpg" ]; then
-  fail "Could not find local symlink to latest encrypted backup."
-fi

test/gpg/docker-compose.yml

@@ -1,3 +1,5 @@
+version: '3'
+
 services:
   backup:
     image: offen/docker-volume-backup:${TEST_VERSION:-canary}

test/ignore/docker-compose.yml

@@ -1,3 +1,5 @@
+version: '3.8'
+
 services:
   backup:
     image: offen/docker-volume-backup:${TEST_VERSION:-canary}

test/local/docker-compose.yml

@@ -1,3 +1,5 @@
+version: '3'
+
 services:
   backup:
     image: offen/docker-volume-backup:${TEST_VERSION:-canary}

test/lock/docker-compose.yml

@@ -1,3 +1,5 @@
+version: '3'
+
 services:
   backup:
     image: offen/docker-volume-backup:${TEST_VERSION:-canary}

test/nonroot/01conf.env

@@ -1,7 +0,0 @@
-AWS_ACCESS_KEY_ID="test"
-AWS_SECRET_ACCESS_KEY="GMusLtUmILge2by+z890kQ"
-AWS_ENDPOINT="minio:9000"
-AWS_ENDPOINT_PROTO="http"
-AWS_S3_BUCKET_NAME="backup"
-BACKUP_CRON_EXPRESSION="0 0 5 31 2 ?"
-BACKUP_FILENAME="test.tar.gz"

test/nonroot/docker-compose.yml

@@ -1,31 +0,0 @@
-services:
-  minio:
-    image: minio/minio:RELEASE.2020-08-04T23-10-51Z
-    environment:
-      MINIO_ROOT_USER: test
-      MINIO_ROOT_PASSWORD: test
-      MINIO_ACCESS_KEY: test
-      MINIO_SECRET_KEY: GMusLtUmILge2by+z890kQ
-    entrypoint: /bin/ash -c 'mkdir -p /data/backup && minio server /data'
-    volumes:
-      - ${LOCAL_DIR:-local}:/data
-
-  backup:
-    image: offen/docker-volume-backup:${TEST_VERSION:-canary}
-    user: 1000:1000
-    depends_on:
-      - minio
-    restart: always
-    volumes:
-      - app_data:/backup/app_data:ro
-      - ./01conf.env:/etc/dockervolumebackup/conf.d/01conf.env
-
-  offen:
-    image: offen/offen:latest
-    labels:
-      - docker-volume-backup.stop-during-backup=true
-    volumes:
-      - app_data:/var/opt/offen
-
-volumes:
-  app_data:

test/nonroot/run.sh

@@ -1,27 +0,0 @@
-#!/bin/sh
-
-set -e
-
-cd "$(dirname "$0")"
-. ../util.sh
-current_test=$(basename $(pwd))
-
-export LOCAL_DIR=$(mktemp -d)
-
-docker compose up -d --quiet-pull
-sleep 5
-
-docker compose logs backup
-
-# conf.d is used to confirm /etc files are also accessible for non-root users
-docker compose exec backup /bin/sh -c 'set -a; source /etc/dockervolumebackup/conf.d/01conf.env; set +a && backup'
-
-sleep 5
-
-expect_running_containers "3"
-
-if [ ! -f "$LOCAL_DIR/backup/test.tar.gz" ]; then
-  fail "Could not find archive."
-fi
-pass "Archive was created."
-

test/notifications/docker-compose.yml

@@ -1,3 +1,5 @@
+version: '3'
+
 services:
   backup:
     image: offen/docker-volume-backup:${TEST_VERSION:-canary}

test/ownership/docker-compose.yml

@@ -1,3 +1,5 @@
+version: '3'
+
 services:
   db:
     image: postgres:14-alpine

test/proxy/docker-compose.swarm.yml

@@ -1,6 +1,8 @@
-# Copyright 2020-2021 - offen.software <hioffen@posteo.de>
+# Copyright 2020-2021 - Offen Authors <hioffen@posteo.de>
 # SPDX-License-Identifier: Unlicense
 
+version: '3.8'
+
 services:
   backup:
     image: offen/docker-volume-backup:${TEST_VERSION:-canary}

test/proxy/docker-compose.yml

@@ -1,6 +1,8 @@
-# Copyright 2020-2021 - offen.software <hioffen@posteo.de>
+# Copyright 2020-2021 - Offen Authors <hioffen@posteo.de>
 # SPDX-License-Identifier: Unlicense
 
+version: '3.8'
+
 services:
   backup:
     image: offen/docker-volume-backup:${TEST_VERSION:-canary}

test/pruning/docker-compose.yml

@@ -1,3 +1,5 @@
+version: '3'
+
 services:
   minio:
     image: minio/minio:RELEASE.2020-08-04T23-10-51Z

test/s3/docker-compose.yml

@@ -1,3 +1,5 @@
+version: '3'
+
 services:
   minio:
     image: minio/minio:RELEASE.2020-08-04T23-10-51Z

test/secrets/docker-compose.yml

@@ -1,6 +1,8 @@
-# Copyright 2020-2021 - offen.software <hioffen@posteo.de>
+# Copyright 2020-2021 - Offen Authors <hioffen@posteo.de>
 # SPDX-License-Identifier: Unlicense
 
+version: '3.8'
+
 services:
   minio:
     image: minio/minio:RELEASE.2020-08-04T23-10-51Z

test/services/docker-compose.yml

@@ -1,6 +1,8 @@
-# Copyright 2020-2021 - offen.software <hioffen@posteo.de>
+# Copyright 2020-2021 - Offen Authors <hioffen@posteo.de>
 # SPDX-License-Identifier: Unlicense
 
+version: '3.8'
+
 services:
   minio:
     image: minio/minio:RELEASE.2020-08-04T23-10-51Z

test/ssh/docker-compose.yml

@@ -1,3 +1,5 @@
+version: '3'
+
 services:
   ssh:
     image: linuxserver/openssh-server:version-8.6_p1-r3

test/swarm/docker-compose.yml

@@ -1,6 +1,8 @@
-# Copyright 2020-2021 - offen.software <hioffen@posteo.de>
+# Copyright 2020-2021 - Offen Authors <hioffen@posteo.de>
 # SPDX-License-Identifier: Unlicense
 
+version: '3.8'
+
 services:
   minio:
     image: minio/minio:RELEASE.2020-08-04T23-10-51Z

test/tar/docker-compose.yml

@@ -1,21 +0,0 @@
-services:
-  backup:
-    image: offen/docker-volume-backup:${TEST_VERSION:-canary}
-    restart: always
-    environment:
-      BACKUP_FILENAME: test.{{ .Extension }}
-      BACKUP_COMPRESSION: none
-    volumes:
-      - app_data:/backup/app_data:ro
-      - /var/run/docker.sock:/var/run/docker.sock
-      - ${LOCAL_DIR:-./local}:/archive
-
-  offen:
-    image: offen/offen:latest
-    labels:
-      - docker-volume-backup.stop-during-backup=true
-    volumes:
-      - app_data:/var/opt/offen
-
-volumes:
-  app_data:

test/tar/run.sh

@@ -1,25 +0,0 @@
-#!/bin/sh
-
-set -e
-
-cd "$(dirname "$0")"
-. ../util.sh
-current_test=$(basename $(pwd))
-
-export LOCAL_DIR=$(mktemp -d)
-
-docker compose up -d --quiet-pull
-sleep 5
-
-docker compose exec backup backup
-
-sleep 5
-
-expect_running_containers "2"
-
-tmp_dir=$(mktemp -d)
-tar -xvf "$LOCAL_DIR/test.tar" -C $tmp_dir
-if [ ! -f "$tmp_dir/backup/app_data/offen.db" ]; then
-  fail "Could not find expected file in untared archive."
-fi
-pass "Expected file was found."

test/user/docker-compose.yml

@@ -1,3 +1,5 @@
+version: '2.4'
+
 services:
   alpine:
     image: alpine:3.17.3

test/util.sh

@@ -22,7 +22,7 @@ skip () {
 
 expect_running_containers () {
   if [ "$(docker ps -q | wc -l)" != "$1" ]; then
-    fail "Expected $1 containers to be running, instead seen: "$(docker ps -q | wc -l)""
+    fail "Expected $1 containers to be running, instead seen: "$(docker ps -a | wc -l)""
   fi
   pass "$1 containers running."
 }

test/webdav/docker-compose.yml

@@ -1,3 +1,5 @@
+version: '3'
+
 services:
   webdav:
     image: bytemark/webdav:2.4