Release 3.14.0

3.14.0 (2025-05-15)

Notable changes

• Implementation of GPG encryption for tar backups and WAL files

  Implement GPG encryption of tar backups. Encryption starts at the end of the backup,
  encrypting the backup of PGDATA and tablespaces present in the backup directory.
  Encrypted backup files will have the .gpg extension added.

  Barman supports the decryption and restoration of GPG-encrypted backups using a
  passphrase obtained through the new encryption_passphrase_command configuration
  option. During the restore process, decrypted files are staged in the local_staging_path
  setting on the Barman host, ensuring a reliable and safe restore process.

  New configuration options required for encryption and decryption of backups
  and WAL files needed to be added. The new options are encryption,
  encryption_key_id, and encryption_passphrase_command.

  WAL files are all encrypted with GPG when encryption = gpg. This includes
  changing the way that xlogdb records are read and written (maintaining backwards
  compatibility), and a new logic to detect when files are encrypted and the
  encryption process itself.

  Decryption of GPG-encrypted WAL files during the restore process when using the
  get-wal and no-get-wal flags of the barman restore command. This extends the
  functionality added for decrypting backups via the
  encryption_passphrase_command configuration option.

  There's a new field in show-backup to expose if a backup was encrypted, and
  specifies the encryption method that was used, if any.

  The barman check command verifies if the user's encryption settings are
  correctly configured in the Barman server and functioning as expected.

  References: BAR-683, BAR-687, BAR-693, BAR-669, BAR-671, BAR-692, BAR-685, BAR-680, BAR-670, BAR-681, BAR-702.

• Deprecation of Python versions 3.6 and 3.7

  As of version 3.14 of Barman, we are deprecating support for Python
  3.6 and 3.7, which are not supported by the Python community anymore.
  Barman still supports Python 3.8 as it's the newest version available on
  RHEL 8 systems which contains all needed modules.

  References: BAR-737.

Minor changes

• Allow compression level to be specified for WAL compression in Barman server

  Add a new compression_level parameter to the Barman configuration.
  This option accepts a valid integer value or one of the predefined options:
  low, medium, and high. Each option corresponds to a different
  level depending on the compression algorithm chosen.

  References: BAR-540.

• Add client-side compression to barman-wal-archive

  Client-side compression options have been added to barman-wal-archive,
  supporting the same algorithms that are available on a Barman server.
  When enabled, compression is applied on the client side before sending the WAL to
  the Barman server. The --compression-level parameter allows specifying a desired
  compression level for the chosen algorithm.

  References: BAR-262.

• Add --compression-level parameter to barman-cloud-wal-archive

  A parameter called compression-level was added to barman-cloud-wal-archive,
  which allows a level to be specified for the compression algorithm in use.

  References: BAR-557.

• Add Snappy compression algorithm to Barman server

  The Snappy compression, previously only available in barman-cloud-wal-archive, is
  now also available for standard Barman server. As with all other algorithms, it can
  be configured by setting snappy in the compression configuration parameter.

  References: BAR-557.

• Introduce the new list-processes sub-command for listing the server processes

  Add a new list-processes command that outputs all active subprocesses for
  a Barman server. The command displays each process's PID and task.

  References: BAR-664.

• Introduce the new terminate-process sub-command for terminating Barman subprocesses

  Add a new terminate-process command that allows users to terminate an active
  Barman subprocess for a given server by specifying its task name. Barman will
  terminate the subprocess as long as it belongs to the specified server and it is
  currently active.

  References: BAR-665.

• Remove the pin from boto3 version used in cloud scripts

  After thorough investigation of issues with boto3 >= 1.36, we've
  decided to remove the pin that kept the dependency at version
  1.35.

  Both AWS and MinIO object stores work correctly with the latest version, and using
  a version of boto3 that is >= 1.36 ensures the Barman cloud scripts work in a
  FIPS-compliant environment.

  References: BAR-637.

Bugfixes

• Ensure minimum redundancy check considers only 'non-incremental backups'

  An issue was reported where the minimum_redundancy rule could be violated due to
  the inclusion of incremental backups in the redundancy count. As an example: in a
  scenario where the catalog contained one full backup and two dependent incremental
  backups, and the user had minimum_redundancy = 2, the rule was incorrectly
  considered satisfied. As a result, deleting the full backup triggered cascading
  deletion of its incremental dependents, leaving zero backups in the catalog.

  This issue has been fixed by updating the minimum_redundancy logic to consider
  only non-incremental backups (i.e. only full, rsync, snapshot). This ensures that
  full backups cannot be deleted if doing so would violate the configured minimum
  redundancy level.

  References: BAR-707.

• Fix usage of barman-wal-restore with --keep-compression using gzip, bzip2, and pigz compression algorithms

  Fix an issue in barman-wal-restore where, when trying to restore WALs
  compressed with gzip, bzip2 or pigz while having --keep-compression
  specified, leading to unexpected errors.

  References: BAR-722.