This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 419153571b7b34d7e345592c9ed55f22a9f54978 (commit) via e5ad6e2ab1c03961ab4e8e26e93e0bf69aa8e4b2 (commit) via 026935a1375551f833997a95f63898112527a0f8 (commit) via 270d572504cba639659037d20e720fffa64f0f0f (commit) from a735dad621128b7057a03d805deb8aa049ae7f21 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 419153571b7b34d7e345592c9ed55f22a9f54978 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 4 10:41:30 2022 +0000
backup: Make include/exclude files relative
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e5ad6e2ab1c03961ab4e8e26e93e0bf69aa8e4b2 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 4 10:29:23 2022 +0000
backup: Don't restore excluded files
Sometimes, we restore a backup that has been created earlier before exclude files have been changed. To avoid overwriting those files, we will consider the exlude list upon restore.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 026935a1375551f833997a95f63898112527a0f8 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 4 10:27:01 2022 +0000
backup: Exclude oinkmaster.conf
This file is a system configuration file and does not contain any configruation from the user.
Since it can be overwritten in a backup and restored to an older state, this can cause problems such as #12788.
Fixes: #12788 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 270d572504cba639659037d20e720fffa64f0f0f Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 4 10:18:25 2022 +0000
backup: Abort when the backup could not be extracted
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/backup/backup.pl | 18 +++++-- config/backup/exclude | 17 ++++--- config/backup/include | 126 ++++++++++++++++++++++++------------------------ src/installer/hw.c | 4 +- 4 files changed, 89 insertions(+), 76 deletions(-)
Difference in files: diff --git a/config/backup/backup.pl b/config/backup/backup.pl index 63004491c..a2337cf23 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -39,7 +39,7 @@ process_includes() { local file while read -r file; do for file in ${file}; do - if [ -e "${file}" ]; then + if [ -e "/${file}" ]; then echo "${file}" fi done @@ -58,7 +58,7 @@ make_backup() { done
# Backup using global exclude/include definitions - tar cvfz "${filename}" \ + tar cvfz "${filename}" -C / \ --exclude-from="/var/ipfire/backup/exclude" \ --exclude-from="/var/ipfire/backup/exclude.user" \ $(process_includes "/var/ipfire/backup/include") \ @@ -71,7 +71,13 @@ make_backup() { restore_backup() { local filename="${1}"
- tar xvzpf "${filename}" -C / + # Extract backup + if ! tar xvzpf "${filename}" -C / \ + --exclude-from="/var/ipfire/backup/exclude" \ + --exclude-from="/var/ipfire/backup/exclude.user"; then + echo "Could not extract backup" >&2 + return 1 + fi
# Restart syslogd, httpd and suricata in case we've just loaded old logs apachectl -k graceful @@ -202,7 +208,11 @@ restore_addon_backup() { mv "/tmp/${name}.ipf" "/var/ipfire/backup/addons/backup/${name}.ipf" fi
- tar xvzpf "/var/ipfire/backup/addons/backup/${name}.ipf" -C / + # Extract backup + if ! tar xvzpf "/var/ipfire/backup/addons/backup/${name}.ipf" -C /; then + echo "Could not extract backup" >&2 + return 1 + fi }
main() { diff --git a/config/backup/exclude b/config/backup/exclude index 68c37de48..0131a87fd 100644 --- a/config/backup/exclude +++ b/config/backup/exclude @@ -1,9 +1,10 @@ -/etc/sysconfig/lm_sensors -/etc/unbound/unbound.conf +etc/sysconfig/lm_sensors +etc/unbound/unbound.conf *.tmp -/var/ipfire/ethernet/settings -/var/ipfire/firewall/bin/* -/var/ipfire/ovpn/openssl/* -/var/ipfire/proxy/calamaris/bin/* -/var/ipfire/qos/bin/qos.pl -/var/ipfire/urlfilter/blacklists/*/*.db +var/ipfire/ethernet/settings +var/ipfire/firewall/bin/* +var/ipfire/ovpn/openssl/* +var/ipfire/proxy/calamaris/bin/* +var/ipfire/qos/bin/qos.pl +var/ipfire/suricata/oinkmaster.conf +var/ipfire/urlfilter/blacklists/*/*.db diff --git a/config/backup/include b/config/backup/include index 3b96b1d62..809a49601 100644 --- a/config/backup/include +++ b/config/backup/include @@ -1,63 +1,63 @@ -/etc/conntrackd/conntrackd.conf -/etc/group -/etc/hosts* -/etc/httpd/server.crt -/etc/httpd/server.csr -/etc/httpd/server-ecdsa.crt -/etc/httpd/server-ecdsa.csr -/etc/httpd/server-ecdsa.key -/etc/httpd/server.key -/etc/ipsec.user.* -/etc/ipsec.user-post.conf -/etc/logrotate.d -/etc/passwd -/etc/shadow -/etc/ssh/sshd_config -/etc/ssh/ssh_host* -/etc/squid/squid.conf.local -/etc/squid/squid.conf.pre.local -/etc/sysconfig/* -/etc/sysconfig/firewall.local -/etc/sysconfig/rc.local -/etc/unbound -/root/.bash_history -/root/.gitconfig -/root/.ssh -/var/ipfire/auth/users -/var/ipfire/backup/addons/backup -/var/ipfire/backup/exclude.user -/var/ipfire/backup/include.user -/var/ipfire/captive/* -/var/ipfire/*/*.conf -/var/ipfire/*/config -/var/ipfire/dhcp/* -/var/ipfire/dns -/var/ipfire/dnsforward/* -/var/ipfire/*/enable -/var/ipfire/*/*enable* -/var/ipfire/ethernet/aliases -/var/ipfire/ethernet/wireless -/var/ipfire/firewall -/var/ipfire/fwhosts -/var/ipfire/main/* -/var/ipfire/ovpn -/var/ipfire/ovpn/collectd.vpn -/var/ipfire/*/*.pem -/var/ipfire/ppp -/var/ipfire/proxy -/var/ipfire/qos/* -/var/ipfire/qos/bin/qos.sh -/var/ipfire/suricata/*.conf -/var/ipfire/suricata/*.yaml -/var/ipfire/suricata/providers-settings -/var/ipfire/*/settings -/var/ipfire/time/ -/var/ipfire/urlfilter -/var/ipfire/vpn -/var/lib/suricata -/var/log/ip-acct/* -/var/log/rrd/* -/var/log/rrd/collectd -/var/log/vnstat -/var/tmp/idsrules-*.tar.gz -/var/tmp/idsrules-*.rules +etc/conntrackd/conntrackd.conf +etc/group +etc/hosts* +etc/httpd/server.crt +etc/httpd/server.csr +etc/httpd/server-ecdsa.crt +etc/httpd/server-ecdsa.csr +etc/httpd/server-ecdsa.key +etc/httpd/server.key +etc/ipsec.user.* +etc/ipsec.user-post.conf +etc/logrotate.d +etc/passwd +etc/shadow +etc/ssh/sshd_config +etc/ssh/ssh_host* +etc/squid/squid.conf.local +etc/squid/squid.conf.pre.local +etc/sysconfig/* +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/unbound +root/.bash_history +root/.gitconfig +root/.ssh +var/ipfire/auth/users +var/ipfire/backup/addons/backup +var/ipfire/backup/exclude.user +var/ipfire/backup/include.user +var/ipfire/captive/* +var/ipfire/*/*.conf +var/ipfire/*/config +var/ipfire/dhcp/* +var/ipfire/dns +var/ipfire/dnsforward/* +var/ipfire/*/enable +var/ipfire/*/*enable* +var/ipfire/ethernet/aliases +var/ipfire/ethernet/wireless +var/ipfire/firewall +var/ipfire/fwhosts +var/ipfire/main/* +var/ipfire/ovpn +var/ipfire/ovpn/collectd.vpn +var/ipfire/*/*.pem +var/ipfire/ppp +var/ipfire/proxy +var/ipfire/qos/* +var/ipfire/qos/bin/qos.sh +var/ipfire/suricata/*.conf +var/ipfire/suricata/*.yaml +var/ipfire/suricata/providers-settings +var/ipfire/*/settings +var/ipfire/time/ +var/ipfire/urlfilter +var/ipfire/vpn +var/lib/suricata +var/log/ip-acct/* +var/log/rrd/* +var/log/rrd/collectd +var/log/vnstat +var/tmp/idsrules-*.tar.gz +var/tmp/idsrules-*.rules diff --git a/src/installer/hw.c b/src/installer/hw.c index 17e0bbb01..5cba2a261 100644 --- a/src/installer/hw.c +++ b/src/installer/hw.c @@ -1204,7 +1204,9 @@ char* hw_find_backup_file(const char* output, const char* search_path) { int hw_restore_backup(const char* output, const char* backup_path, const char* destination) { char command[STRING_SIZE];
- snprintf(command, sizeof(command), "/bin/tar xzpf %s -C %s", backup_path, destination); + snprintf(command, sizeof(command), "/bin/tar xzpf %s -C %s " + "--exclude-from=%s/var/ipfire/backup/exclude --exclude-from=%s/var/ipfire/backup/exclude.user", + backup_path, destination, destination, destination); int rc = mysystem(output, command);
if (rc)
hooks/post-receive -- IPFire 2.x development tree