From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 2/2] backup.pl: Fixes bug#13404 - Clear out OpenVPN certs
 before doing restore
Date: Mon, 26 Feb 2024 16:05:01 +0100
Message-ID: <20240226150501.16508-2-adolf.belka@ipfire.org>
In-Reply-To: <20240226150501.16508-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3203699279824997811=="
List-Id: <development.lists.ipfire.org>

--===============3203699279824997811==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

- Existing situation is if four new client connections are created and then i=
t is decided
   to restore to an earlier stage the new certficates will be in the certs di=
rectory but
   not usable from the WUI page as they are no longer shown in the client con=
nection table
   as that now shows the ones from the restored backup.
- This patch clears the /var/ipfire/ovpn/certs/ directory before restoring th=
e contents
   of the backup so that the certs directory only holds what was in the backu=
p.

Fixes: Bug#13404
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/backup/backup.pl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index 7992f21c5..b43420740 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -75,6 +75,10 @@ make_backup() {
 restore_backup() {
 	local filename=3D"${1}"
=20
+	# remove all openvpn certs to prevent old unusable
+	# certificates being left in directory after a restore
+	rm -f /var/ipfire/ovpn/certs/*
+
 	# Extract backup
 	if ! tar xvzpf "${filename}" -C / \
 			--exclude-from=3D"/var/ipfire/backup/exclude" \
--=20
2.44.0


--===============3203699279824997811==--