From 69146f1f9ffe54dff2ce015def2ddc4e79f801a7 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 1 Sep 2020 18:41:16 +0200
Subject: [PATCH 1/5] remove /srv from default directory list

---
 zzz_evobackup | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zzz_evobackup b/zzz_evobackup
index b01dc7b..3b9e683 100755
--- a/zzz_evobackup
+++ b/zzz_evobackup
@@ -360,7 +360,7 @@ SSH_PORT=$(echo "${server}" | cut -d':' -f2)
 HOSTNAME=$(hostname)
 
 if [ "${SYSTEM}" = "linux" ]; then
-    rep="/bin /boot /lib /opt /sbin /usr /srv"
+    rep="/bin /boot /lib /opt /sbin /usr"
 else
     rep="/bsd /bin /sbin /usr"
 fi

From af68d9951b7bcf03bcc9e5e9b8c31f6b9028fe20 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 15 Sep 2020 10:13:56 +0200
Subject: [PATCH 2/5] zzz_evobackup: reorder rsync excludes

---
 zzz_evobackup | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/zzz_evobackup b/zzz_evobackup
index 3b9e683..32285a2 100755
--- a/zzz_evobackup
+++ b/zzz_evobackup
@@ -376,35 +376,35 @@ if [ "${SYNC_TASKS}" = "1" ]; then
     # ignore check because we want it to split the different arguments to $rep
     # shellcheck disable=SC2086
     rsync -avzh --relative --stats --delete --delete-excluded --force --ignore-errors --partial \
+        --exclude "dev"                                    \
         --exclude "lost+found"                             \
         --exclude ".nfs.*"                                 \
-        --exclude "/var/log"                               \
-        --exclude "/var/log/evobackup*"                    \
+        --exclude "/usr/doc"                               \
+        --exclude "/usr/obj"                               \
+        --exclude "/usr/share/doc"                         \
+        --exclude "/usr/src"                               \
+        --exclude "/var/apt"                               \
+        --exclude "/var/cache"                             \
+        --exclude "/var/lib/amavis/amavisd.sock"           \
+        --exclude "/var/lib/amavis/tmp"                    \
+        --exclude "/var/lib/clamav/*.tmp"                  \
+        --exclude "/var/lib/elasticsearch"                 \
+        --exclude "/var/lib/metche"                        \
+        --exclude "/var/lib/munin/*tmp*"                   \
         --exclude "/var/lib/mysql"                         \
+        --exclude "/var/lib/php5"                          \
+        --exclude "/var/lib/php/sessions"                  \
         --exclude "/var/lib/postgres"                      \
         --exclude "/var/lib/postgresql"                    \
         --exclude "/var/lib/sympa"                         \
-        --exclude "/var/lib/metche"                        \
-        --exclude "/var/run"                               \
         --exclude "/var/lock"                              \
-        --exclude "/var/state"                             \
-        --exclude "/var/apt"                               \
-        --exclude "/var/cache"                             \
-        --exclude "/usr/src"                               \
-        --exclude "/usr/doc"                               \
-        --exclude "/usr/share/doc"                         \
-        --exclude "/usr/obj"                               \
-        --exclude "dev"                                    \
+        --exclude "/var/log"                               \
+        --exclude "/var/log/evobackup*"                    \
+        --exclude "/var/run"                               \
         --exclude "/var/spool/postfix"                     \
-        --exclude "/var/lib/amavis/amavisd.sock"           \
-        --exclude "/var/lib/munin/*tmp*"                   \
-        --exclude "/var/lib/php5"                          \
         --exclude "/var/spool/squid"                       \
-        --exclude "/var/lib/elasticsearch"                 \
-        --exclude "/var/lib/amavis/tmp"                    \
-        --exclude "/var/lib/clamav/*.tmp"                  \
+        --exclude "/var/state"                             \
         --exclude "/home/mysqltmp"                         \
-        --exclude "/var/lib/php/sessions"                  \
             ${rep}                                         \
             /etc                                           \
             /root                                          \

From 9f5a4066ee24257e3a970633de9210ef487c11aa Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 15 Sep 2020 10:15:49 +0200
Subject: [PATCH 3/5] zzz_evobackup: exclude LXC rootfs

---
 zzz_evobackup | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/zzz_evobackup b/zzz_evobackup
index 32285a2..d0f4f57 100755
--- a/zzz_evobackup
+++ b/zzz_evobackup
@@ -404,6 +404,17 @@ if [ "${SYNC_TASKS}" = "1" ]; then
         --exclude "/var/spool/postfix"                     \
         --exclude "/var/spool/squid"                       \
         --exclude "/var/state"                             \
+        --exclude "lxc/*/rootfs/usr/doc"                   \
+        --exclude "lxc/*/rootfs/usr/obj"                   \
+        --exclude "lxc/*/rootfs/usr/share/doc"             \
+        --exclude "lxc/*/rootfs/usr/src"                   \
+        --exclude "lxc/*/rootfs/var/apt"                   \
+        --exclude "lxc/*/rootfs/var/cache"                 \
+        --exclude "lxc/*/rootfs/var/lib/php5"              \
+        --exclude "lxc/*/rootfs/var/lock"                  \
+        --exclude "lxc/*/rootfs/var/log"                   \
+        --exclude "lxc/*/rootfs/var/run"                   \
+        --exclude "lxc/*/rootfs/var/state"                 \
         --exclude "/home/mysqltmp"                         \
             ${rep}                                         \
             /etc                                           \

From 2057a6fd805dfcbf1e9f2019e049f5e8b0ff7761 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Fri, 25 Sep 2020 14:12:12 +0200
Subject: [PATCH 4/5] Restore compatibility with Debian <10

ssh-keygen has "-f prefix_path" in openssh-server version 7.9+
---
 CHANGELOG.md |  2 ++
 lib/includes | 25 +++++++++++++++++++++++--
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 34c4fbf..bebc416 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 
+* restore compatibility with Debian <10
+
 ### Security
 
 ## [2.4.1] - 2020-08-28
diff --git a/lib/includes b/lib/includes
index 5650911..f0d21f7 100755
--- a/lib/includes
+++ b/lib/includes
@@ -208,6 +208,19 @@ new_lock_file() {
     mkdir --parents "${lock_dir}" && echo $$ > ${lock_file} || error "Failed to acquire lock file '${lock_file}'"
 }
 
+pkg_version() {
+    # $(command -v ssh) -V 2>&1 | grep -iEo 'OpenSSH_(\S+)' | cut -d '_' -f2
+    dpkg-query -W -f='${Version}\n' $1 \
+    | sed 's/[~+-].\+//' \
+    | sed 's/.\+://' \
+    | sed 's/p.*//' \
+    | cut -d. -f1,2
+}
+ssh_keygen_with_prefix() {
+    # openssh-client 7.9 provides ssh-keygen with "-f prefix_path" option
+    dpkg --compare-versions "$(pkg_version 'openssh-client')" ge "7.9"
+}
+
 setup_jail_chroot() {
     jail_name=${1:?}
 
@@ -261,8 +274,16 @@ setup_jail_chroot() {
 
     info "2 - Copying essential files"
 
-    # Generate SSH host keys is missing
-    ssh-keygen -A -f "${jail_path}"
+    #
+    if ssh_keygen_with_prefix; then
+        # Generate SSH host keys if missing in jail
+        ssh-keygen -A -f "${jail_path}"
+    else
+        # Copy SSH host keys from host if missing in jail
+        for key in /etc/ssh/*_key; do
+            cp --no-clobber ${key} ${jail_path}${key};
+        done
+    fi
 
     touch "./${AUTHORIZED_KEYS}"
     chmod 600 "./${AUTHORIZED_KEYS}"

From 08d113d2ce10bcab4cdb11eb0071512f34ad75d8 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Fri, 25 Sep 2020 14:13:20 +0200
Subject: [PATCH 5/5] Release 2.5.0

---
 CHANGELOG.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bebc416..cb3e69c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,10 +16,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 
-* restore compatibility with Debian <10
-
 ### Security
 
+## [2.5.0] - 2020-09-25
+
+### Fixed
+
+* restore compatibility with Debian <10
+
 ## [2.4.1] - 2020-08-28
 
 ### Added