From c8d3514bfe2220f47ea29ba4d2656ffc1348679c Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Tue, 28 May 2024 13:46:55 -0400
Subject: [PATCH] add random suffix to backup file name for Swift

Use a cryptographically secure random suffix combined with not granting
read access to work around Swift's access control system not having a
way to add new files without being able to modify or delete previous
files.
---
 remote-backup | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/remote-backup b/remote-backup
index cf7c065..25fd6ab 100755
--- a/remote-backup
+++ b/remote-backup
@@ -14,6 +14,7 @@ cp -r /var/lib/mjolnir remote-backup/$timestamp/mjolnir
 tar -cC remote-backup $timestamp | zstd -9 | age -r $(cat backup-public-key.txt) -o remote-backup/$timestamp.tar.zst.age
 
 source cloud-archive.sh
-swift upload --skip-container-put --leave-segments --segment-size 5368709122 -H "X-Delete-After: 5184000" --object-name $timestamp.tar.zst.age backup remote-backup/$timestamp.tar.zst.age
+swift upload --skip-container-put --leave-segments --segment-size 5368709122 -H "X-Delete-After: 5184000" \
+    --object-name $timestamp-$(openssl rand -hex 32).tar.zst.age backup remote-backup/$timestamp.tar.zst.age
 
 rm -rf remote-backup