Hello,
On 31 Mar 2022, at 10:47, Peter Müller peter.mueller@ipfire.org wrote:
Hello Michael,
Hello,
Yes, I agree with the patch.
A backup from that long ago should definitely create lots of other problems, too.
Should we create some mechanism that makes it impossible to restore a backup file that is older than t0?
I think so, but don't know how to do this. :-)
Do we have /etc/os-release or something similar in a backup where we can grep the release information from? Or is there a more elegant approach to this?
Yes, something like this. A special file with some meta information that we can check.
Unfortunately /etc/os-release is not part of the backup so far. We could either use that or create something new like “.backup” that is the first file in the tarball.
You can read it like this then:
[root@fw01 ~]# tar Oxf /var/ipfire/backup/2022-03-29-13:16.ipf etc/sysconfig/modules ######################################################################## # Begin /etc/sysconfig/modules # # Description : Module auto-loading configuration #
...
# End /etc/sysconfig/modules
I just picked a random file here. So don’t get confused by that.
-Michael
Thanks, and best regards, Peter Müller
-Michael
On 21 Mar 2022, at 13:30, Peter Müller peter.mueller@ipfire.org wrote:
This script only appeared in conjunction with Core Update 75, released January 2014. Although it is still being executed while restoring a backup, it would only be effective if anyone tried to restore a backup created before C75.
I don't think there is a realistic need to carry this script along any further. In doubt, it might be better to start from scratch again rather than trying to restore an 8 year old backup, expecting everything to be peachy and vanilla with it.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
config/backup/backup.pl | 5 +-- config/rootfiles/common/aarch64/stage2 | 1 - config/rootfiles/common/armv6l/stage2 | 1 - config/rootfiles/common/x86_64/stage2 | 1 - config/rootfiles/core/166/update.sh | 1 + src/scripts/convert-ovpn | 60 -------------------------- 6 files changed, 2 insertions(+), 67 deletions(-) delete mode 100755 src/scripts/convert-ovpn
diff --git a/config/backup/backup.pl b/config/backup/backup.pl index a2337cf23..1582789b6 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2014 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -153,9 +153,6 @@ restore_backup() { # Reload firewall firewallctrl
- # Convert old OpenVPN CCD files (CN change, Core Update 75)
- convert-ovpn
- # Snort to suricata converter. if [ -d "/var/ipfire/snort" ]; then # Run converter
diff --git a/config/rootfiles/common/aarch64/stage2 b/config/rootfiles/common/aarch64/stage2 index e7eae625c..352c704d4 100644 --- a/config/rootfiles/common/aarch64/stage2 +++ b/config/rootfiles/common/aarch64/stage2 @@ -92,7 +92,6 @@ usr/local/bin/backupiso usr/local/bin/connscheduler usr/local/bin/consort.sh usr/local/bin/convert-dns-settings -usr/local/bin/convert-ovpn usr/local/bin/convert-to-location usr/local/bin/filesystem-cleanup usr/local/bin/hddshutdown diff --git a/config/rootfiles/common/armv6l/stage2 b/config/rootfiles/common/armv6l/stage2 index 670a99927..198461a01 100644 --- a/config/rootfiles/common/armv6l/stage2 +++ b/config/rootfiles/common/armv6l/stage2 @@ -90,7 +90,6 @@ usr/local/bin/backupiso usr/local/bin/connscheduler usr/local/bin/consort.sh usr/local/bin/convert-dns-settings -usr/local/bin/convert-ovpn usr/local/bin/convert-to-location usr/local/bin/filesystem-cleanup usr/local/bin/hddshutdown diff --git a/config/rootfiles/common/x86_64/stage2 b/config/rootfiles/common/x86_64/stage2 index d07c264b4..b03a7fecf 100644 --- a/config/rootfiles/common/x86_64/stage2 +++ b/config/rootfiles/common/x86_64/stage2 @@ -92,7 +92,6 @@ usr/local/bin/backupiso usr/local/bin/connscheduler usr/local/bin/consort.sh usr/local/bin/convert-dns-settings -usr/local/bin/convert-ovpn usr/local/bin/convert-to-location usr/local/bin/filesystem-cleanup usr/local/bin/hddshutdown diff --git a/config/rootfiles/core/166/update.sh b/config/rootfiles/core/166/update.sh index 1370555b0..99bbe40f4 100644 --- a/config/rootfiles/core/166/update.sh +++ b/config/rootfiles/core/166/update.sh @@ -37,6 +37,7 @@ rm -vf \ /opt/pakfire/pakfire-2007.key \ /usr/bin/mkinitrd \ /usr/lib/dracut \
- /usr/local/bin/convert-ovpn \ /usr/local/bin/ovpn-ccd-convert \ /usr/local/bin/rebuild-initrd
diff --git a/src/scripts/convert-ovpn b/src/scripts/convert-ovpn deleted file mode 100755 index 30e754326..000000000 --- a/src/scripts/convert-ovpn +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/bin/perl
-############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### -# # -# This script converts old openvpn ccd files with underscore # -# to files with spaces to make them working with openvpn 2.3 again # -# STEP1: read ovpnconfig and verify cert names # -# STEP2: if neccessary convert ccd file # -# # -###############################################################################
-require '/var/ipfire/general-functions.pl';
-my %configovpn=(); -my $ccdpath="/var/ipfire/ovpn/ccd/"; -my $ovpnconfig="/var/ipfire/ovpn/ovpnconfig";
-&General::readhasharray ($ovpnconfig,%configovpn);
-&check_config();
-sub check_config {
- print "Converting CCD files...\n";
- chdir($ccdpath);
- foreach my $key (sort keys %configovpn){
# Skip everything else but roadwarrior connections.next if ($configovpn{$key}[3] ne 'host');# Skip all connections with no space in the CN name.next if ($configovpn{$key}[2] !~ " ");my $ccdname = $configovpn{$key}[2];$ccdname =~ tr/ /_/;# Rename the CCD file if one with the old format exists.if (-e "$ccdname") {print " Renaming $ccdname -> $configovpn{$key}[2]...\n";rename($ccdname, $configovpn{$key}[2]);}- }
-}
2.34.1