Excluding updates from backups

[GoogleCodeExporter]

This is just a minor enhancement request...

The contents of /Library/Managed Installs/ should probably be excluded from 
time machine backups. Apple is already excluding /Library/Updates/ by default 
(in 
/System/Library/CoreServices/backupd.bundle/Contents/Resources/StdExclusions.pli
st) and I think it would be nice for munki to automatically mark files as 
excluded.

I'm not sure how to implement this in python but in cocoa the way to exclude a 
path is defined in BackupCore.h and found in CoreServices framework. For 
example:

NSURL *someURL = [NSURL fileURLWithPath:@"/path/to/file"];
Boolean exclude = TRUE; // exclude item from backups
Boolean excludeByPath = FALSE; // this item is excluded regardless of its 
location
CSBackupSetItemExcluded((CFURLRef)someURL, exclude, excludeByPath);

Is there something in /Library/Managed Installs/ that needs a backup or should 
we just exclude the whole directory?

BTW. CrashPlan respects this exclusion too.

--
Hannes

Original issue reported on code.google.com by hjuutila...@mac.com on 3 Oct 2011 at 7:25

[GoogleCodeExporter]

I don't know how to implement that in Python, either. If you can do this in C, 
can you check to see if it's as simple as a new extended attribute added to the 
item? If so, we can do that with xattr...

Original comment by gregnea...@mac.com on 23 Feb 2012 at 11:29

[GoogleCodeExporter]

Doing a quick test it seems that you can exclude with:
xattr -w com.apple.metadata:com_apple_backup_excludeItem com.apple.backupd 
/path/to/item

Verified with /usr/bin/tmutil

Original comment by hjuutila...@mac.com on 1 Mar 2012 at 1:05

[GoogleCodeExporter]

`tmutil addexclusion /path/to/item` writes a different value to the 
com.apple.metadata:com_apple_backup_excludeItem attribute; it looks like a 
binary-encoded plist. But it does look like `xattr -w 
com.apple.metadata:com_apple_backup_excludeItem com.apple.backupd 
/path/to/item` works as well.

Original comment by gregnea...@mac.com on 1 Mar 2012 at 5:19

[GoogleCodeExporter]

The value of the attribute when generated by `tmutil addexclusion` is a binary 
version of this plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" 
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<string>com.apple.backupd</string>
</plist>

-Greg

Original comment by gregnea...@mac.com on 1 Mar 2012 at 6:22

[GoogleCodeExporter]

Yes, you're correct. I'm not sure but I think tmutil is Lion only? I don't have 
any older systems available right now but I'll check the xattr functionality 
tomorrow with 10.5 and 10.6. systems too.

Original comment by hjuutila...@mac.com on 1 Mar 2012 at 7:46

[GoogleCodeExporter]

Yes, tmutil is new in Lion.

So to clarify, when you said "Doing a quick test it seems that you can exclude 
with:
xattr -w com.apple.metadata:com_apple_backup_excludeItem com.apple.backupd 
/path/to/item"

How did you come up with that?

-Greg

Original comment by gregnea...@mac.com on 1 Mar 2012 at 7:49

[GoogleCodeExporter]

By some extensive googling :) Took a while but stumbled on this:
http://www.entropy.ch/blog/Mac+OS+X/2008/06/14/Exclude-Items-From-Time-Machine-B
ackup-With-Contextual-Menu.html

Original comment by hjuutila...@mac.com on 1 Mar 2012 at 8:26

[GoogleCodeExporter]

I just worry that although

sudo xattr -w com.apple.metadata:com_apple_backup_excludeItem com.apple.backupd 
/Library/Managed\ Installs

works now, since it doesn't write the same attribute value as

sudo tmutil addexclusion /Library/Managed\ Installs

that it might break in the future.

Original comment by gregnea...@mac.com on 1 Mar 2012 at 8:39

[GoogleCodeExporter]

I'm concerned about this too. Would it be the safest bet to do something like:

#!/usr/bin/env python
# encoding: utf-8

import subprocess
import platform

currentRelease = platform.release()

def excludeFromBackups(aPath):
    tmutil = ["/usr/bin/tmutil", "addexclusion", aPath]
    retcode = subprocess.call(tmutil)
    return retcode

def excludeFromBackupsWithXattr(aPath):
    xattrProcess = ["/usr/bin/xattr",
                    "-w", "com.apple.metadata:com_apple_backup_excludeItem",
                    "com.apple.backupd",
                    aPath]
    retcode = subprocess.call(xattrProcess)
    return retcode

# Mac OS 10.7.x
if currentRelease.startswith('11.'):
    retcode = excludeFromBackups("/Library/Managed Installs")

# Mac OS 10.6.x
elif currentRelease.startswith('10.'):
    retcode = excludeFromBackupsWithXattr("/Library/Managed Installs")

# Mac OS 10.5.x
elif currentRelease.startswith('9.'):
    retcode = excludeFromBackupsWithXattr("/Library/Managed Installs")

if retcode == 0:
    print "Succeeded"
else:
    print "Failed"

Original comment by hjuutila...@mac.com on 2 Mar 2012 at 6:31

[GoogleCodeExporter]

Not bad, though for forward compatibility, maybe something more like:

TMUTIL = "/usr/bin/tmutil"
if os.path.exists(TMUTIL):
    # use TMUTIL to set exclusion
else:
    # use xattr to set exclusion

-Greg

Original comment by gregnea...@mac.com on 2 Mar 2012 at 2:55

[GoogleCodeExporter]

The binary vs. non-binary setting is a non-issue. The plist interpreter reads 
both. If you use MCX you can override settings in plists that are typically in 
binary with non-binary XML, the plists work the same. You can also convert the 
binary XML to human-readable XML and vice versa.

Apple seems to be going towards the binary XML probably because it is smaller 
and faster to read/write within the OS but they're both valid XML and will thus 
be parsed validly.

However I do think that using tmutil would be the best option vs xattr just in 
case that later on Apple decides to change how to exclude items and where to 
store that metadata.

Original comment by Evi.Vano...@gmail.com on 21 Aug 2013 at 10:47