From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Cc: Adolf Belka <adolf.belka@ipfire.org>
Subject: [PATCH 3/6] include: Add the contents of the ipsec certs directory to the backup
Date: Tue, 1 Apr 2025 20:07:59 +0200 [thread overview]
Message-ID: <20250401180802.19784-3-adolf.belka@ipfire.org> (raw)
In-Reply-To: <20250401180802.19784-1-adolf.belka@ipfire.org>
- Previously only the .pem files were bacdked up from the /var/ipfire/certs/ directory.
That was okay in the past as the serial and index files never changed after the
root/host cert set waqs created.
- With the renew process then the serial and index files get updated and these are needed
to match with the cert status that was backed up. Otherwise you could end up with one
set of values in the serial and index files that did not match with the restored
certs.
- This patch adds all the contents of the certs directory to the backup.
- Tested out on my vm testbed and successfully restored a backup and was able to connect
with the same client settings.
Fixes: bug13737
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/backup/include | 1 +
1 file changed, 1 insertion(+)
diff --git a/config/backup/include b/config/backup/include
index 0bf9440d3..7e1e9a76a 100644
--- a/config/backup/include
+++ b/config/backup/include
@@ -28,6 +28,7 @@ var/ipfire/backup/addons/backup
var/ipfire/backup/exclude.user
var/ipfire/backup/include.user
var/ipfire/captive/*
+var/ipfire/certs
var/ipfire/*/*.conf
var/ipfire/*/config
var/ipfire/dhcp/*
--
2.49.0
next prev parent reply other threads:[~2025-04-01 18:08 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-01 18:07 [PATCH 1/6] vpnmain.cgi: Fixes bug13737 - remove unneeded &cleanssldatabase calls Adolf Belka
2025-04-01 18:07 ` [PATCH 2/6] vpnmain.cgi: Fixes bug13737 - revoke any deleted client certificate Adolf Belka
2025-04-02 10:21 ` Michael Tremer
2025-04-02 10:41 ` Adolf Belka
2025-04-02 13:52 ` Michael Tremer
2025-04-01 18:07 ` Adolf Belka [this message]
2025-04-01 18:08 ` [PATCH 4/6] backup.pl: Fixes bug13737 - restarts ipsec to use the restored certs etc Adolf Belka
[not found] ` <F37E461A-91BF-45B6-904E-92E85B51DE2C@rymes.net>
2025-04-01 20:44 ` Adolf Belka
2025-04-01 21:46 ` Adolf Belka
2025-04-01 21:55 ` Tom Rymes
2025-04-01 21:52 ` Tom Rymes
2025-04-02 10:24 ` Adolf Belka
2025-04-02 10:25 ` Michael Tremer
2025-04-01 18:08 ` [PATCH 5/6] core194: Ship the vpnmain.cgi changes Adolf Belka
2025-04-01 18:08 ` [PATCH 6/6] core194: Ship the backup file changes Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250401180802.19784-3-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox