I recommend approaching it from the opposite direction:
Create backup.
Rename backup.
Verify backup.
Now it’s trivial to specify the filename of the backup in step 3, because you chose the filename in step 2.
As for how to rename it reliably in step 2, one simple way is to make sure $BACKUP_LOCATION doesn’t have any other Qubes backups in it (could be a new temp dir), then simply do:
That isn’t what it says.
It says that using --pass-io to copy files to dom0 is unsafe. (Even
there, I think the warning goes too far, but it’s of long standing.)
Your technique is fine (provided you always verify before starting the
next backup, and this is enforced in some way.)
@adw thank you, this seems to be a good alternative.
@unman Interesting. Just out of curiosity: Wouldn’t this allow an exploit in dom0 terminal, which parses output from potential malicious remote ls command or filesystem names? Or is it rather a hypothetical concern?
For anyone interested: Here is a sample for @adw 's idea:
@adw thank you, this seems to be a good alternative.
Yes, it could (e.g) flood the terminal with garbage.
Whether it could be exploitable in dom0 beyond that? You would be
looking for an execution bug in whatever terminal you use, simply from
displaying the output.