tarExtract pipeline error: Invalid tar header
-
Downloaded the backuped file from the nextcloud app and tried to encrypt them with commands like this, tried also other algorithms:
openssl enc -d -aes-128-cbc -in app_nextclouddomain.com_v4.22.5.tar.gz.enc -out file.tar.gz
No luck. Any other idea to be able to restore the Nextcloud app?
If the encryption password of the backup weren't correct, the other apps wouldn't be restored successfully too.
Thoughts:- Is there any possibility that the passwords for encryption can be different per app?
- Could a removed volume be an issue? I removed a volume recently before the backup but the app should have been consistent during the backup time
-
Thanks, I was not aware.
When I try to decrypt, it doesn't work, although I use the same password like for the other apps:Error: Could not decrypt: Invalid password or tampered file (mac mismatch)
I am confused now, because I am not aware of using another password for encrypting a single app (nextcloud) compared to other apps used on the same Cloudron instance.
Is there any other idea?
-
If you are sure the password is correct, which it would be if its the same where other backups could be decrypted, then this very much looks like the backup file is corrupt maybe redownload it from the original storage just to rule out a simple downloading error, also if you have multiple backup files maybe try one older one
-
I just found this hint in the docs:
Hetzner Storage Box We recommend using SSHFS for Hetzner Storage Box since it is much faster and efficient storage wise compared to CIFS. When using Hetzner Storage Box with CIFS, the Remote Directory is /backup for the main account. For sub accounts, the Remote Directory is /subaccount.
Probably worth expanding to hint that there seem to be some unrealiable component or interaction with this way the storage box is used by Cloudron.
The issue in this thread is related to CIFS with Hetzner Storage box
-
Do you get this error when restoring a newly made backup now without encryption? If so how large is the resulting tarball? I am not aware of any filesystem based problem with CIFS around such fundamental things as block sizes, but this is probably more related to the tar and not the filesystem unless for some reason the CIFS mount gets corrupt.
-
Yes, I got the error mentioned before on a newly created backup without encryption. The tarball was around 13 GB.
I was only able to restore backups older than 1 month for the nextcloud app. For all other 12+ apps restoring did work like a charme for the most recent backup (younger than 1 month).
It gives me the impression that the CIFS with Hetzner Storagebox is a risky choice.
Therefore, a hint in the docs might be saving some lives of other folks.I would like to offer 2 additional feedbacks beyond the CIFS issue and the docs:
- it seems to be not possible to use the decryption command line cloudron command with a password that includes special characters. I tried to escape with " but it didn't work. Probably sth to document. Maybe there is a way to escape after all.
- Is there any way to do backup validation? It is probably concerning to see successful backups while they are corrupt.
And thanks a lot for the support @girish and @nebulon for pointing me in the right direction! I resolved it by choosing a different cloud provider and different storage protocol. I used S3 now. Backing up and restoring worked with encryption completely fine!
Thank you! -
@nottheend said in tarExtract pipeline error: Invalid tar header:
Is there any way to do backup validation? It is probably concerning to see successful backups while they are corrupt.
This is in the immediate roadmap (https://forum.cloudron.io/topic/9975/what-s-coming-in-8-1 ). The "backup integrity". Ideally, we have to store information in the storage and also provide a mechanism to "validate" the integrity from the UI.
-
@nottheend said in tarExtract pipeline error: Invalid tar header:
It gives me the impression that the CIFS with Hetzner Storagebox is a risky choice.
I've been using it pretty much without issue for a good couple of years now, including doing a couple of complete restores.
But: I don't use encryption. I've always taken the veiw that issues relating to having troubls decrypting - eg forgetting passphrase, some corruption etc etx - are a bigger risk for me losing data than someone somehow gaining access to my Storage Boxes, in part because I don't have particularly sensitive data stored.
-
Hetzner's box, SSHFS with encryption - recovery fails with:
2024-10-19T13:37:34.456Z box:provision setProgress: restore - Downloading backup /mnt/cloudronbackup/my_domain_cloudron/2024-10-19-130519-879/box_v8.0.6.tar.gz.enc 2024-10-19T13:37:34.456Z box:storage/filesystem download: /mnt/cloudronbackup/my_domain_cloudron/2024-10-19-130519-879/box_v8.0.6.tar.gz.enc 2024-10-19T13:37:34.547Z box:backupformat/tgz Attempt 2 failed. Will retry: tarExtract pipeline error: incorrect header check
Checking the file:
file /mnt/cloudronbackup/my_domain_cloudron/2024-10-19-130519-879/box_v8.0.6.tar.gz.enc /mnt/cloudronbackup/my_domain_cloudron/2024-10-19-130519-879/box_v8.0.6.tar.gz.enc: data
Guess encrypted data can't have tar headers?
-
in my specific case - that was due to decryption key error