From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZRwwC3Sd7z338w for ; Tue, 1 Apr 2025 18:08:11 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZRww76bqJz335r for ; Tue, 1 Apr 2025 18:08:07 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZRww758XWz1Df; Tue, 1 Apr 2025 18:08:07 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1743530887; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Jz84I3BoCV8oDZdRsHFbNGR6GftGTRVCDRIIDign5QY=; b=5vzpemeat28up7BDdTRi8GkjE7//QW2AZTzHBY6WeGocb8DJ92fTR1vIkynb4p1sE9V+0s xmHk5ebf5SVVU4CQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1743530887; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Jz84I3BoCV8oDZdRsHFbNGR6GftGTRVCDRIIDign5QY=; b=QQ1NRnOy1PLBzd6m7CMDDXXcn+qgTtutQsBHZl7uGYbn2vQisXFCsADLZtJB4JF+rCqe3A Hn4AGnIwc8qbxqcMFMox8ZXRzrra484L6rgTC5SidLkqzUApvCkhgAjUSku0fe2Y5wZcde PBTcPkdEWyOlATHzLWYJhC/sAuNUApFFAkLoc18cX+2fPdeh8gDfPsB9PropzC8o9tWuFf GBRW8XhKoUo7QGd2Kg94Qa4VklhhYd9rLZpd+Ahjernh611yBUNm/Qa80QYZ/CTBLs2d8j bErdX6HC9Dxu0rKeooujhy0d2D8fWJgcKiKhxTW8tGp3lVYuyCiD+t7S+pcMlA== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 3/6] include: Add the contents of the ipsec certs directory to the backup Date: Tue, 1 Apr 2025 20:07:59 +0200 Message-ID: <20250401180802.19784-3-adolf.belka@ipfire.org> In-Reply-To: <20250401180802.19784-1-adolf.belka@ipfire.org> References: <20250401180802.19784-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit - Previously only the .pem files were bacdked up from the /var/ipfire/certs/ directory. That was okay in the past as the serial and index files never changed after the root/host cert set waqs created. - With the renew process then the serial and index files get updated and these are needed to match with the cert status that was backed up. Otherwise you could end up with one set of values in the serial and index files that did not match with the restored certs. - This patch adds all the contents of the certs directory to the backup. - Tested out on my vm testbed and successfully restored a backup and was able to connect with the same client settings. Fixes: bug13737 Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- config/backup/include | 1 + 1 file changed, 1 insertion(+) diff --git a/config/backup/include b/config/backup/include index 0bf9440d3..7e1e9a76a 100644 --- a/config/backup/include +++ b/config/backup/include @@ -28,6 +28,7 @@ var/ipfire/backup/addons/backup var/ipfire/backup/exclude.user var/ipfire/backup/include.user var/ipfire/captive/* +var/ipfire/certs var/ipfire/*/*.conf var/ipfire/*/config var/ipfire/dhcp/* -- 2.49.0