From 69146f1f9ffe54dff2ce015def2ddc4e79f801a7 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Tue, 1 Sep 2020 18:41:16 +0200 Subject: [PATCH 1/5] remove /srv from default directory list --- zzz_evobackup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zzz_evobackup b/zzz_evobackup index b01dc7b..3b9e683 100755 --- a/zzz_evobackup +++ b/zzz_evobackup @@ -360,7 +360,7 @@ SSH_PORT=$(echo "${server}" | cut -d':' -f2) HOSTNAME=$(hostname) if [ "${SYSTEM}" = "linux" ]; then - rep="/bin /boot /lib /opt /sbin /usr /srv" + rep="/bin /boot /lib /opt /sbin /usr" else rep="/bsd /bin /sbin /usr" fi From af68d9951b7bcf03bcc9e5e9b8c31f6b9028fe20 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Tue, 15 Sep 2020 10:13:56 +0200 Subject: [PATCH 2/5] zzz_evobackup: reorder rsync excludes --- zzz_evobackup | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/zzz_evobackup b/zzz_evobackup index 3b9e683..32285a2 100755 --- a/zzz_evobackup +++ b/zzz_evobackup @@ -376,35 +376,35 @@ if [ "${SYNC_TASKS}" = "1" ]; then # ignore check because we want it to split the different arguments to $rep # shellcheck disable=SC2086 rsync -avzh --relative --stats --delete --delete-excluded --force --ignore-errors --partial \ + --exclude "dev" \ --exclude "lost+found" \ --exclude ".nfs.*" \ - --exclude "/var/log" \ - --exclude "/var/log/evobackup*" \ + --exclude "/usr/doc" \ + --exclude "/usr/obj" \ + --exclude "/usr/share/doc" \ + --exclude "/usr/src" \ + --exclude "/var/apt" \ + --exclude "/var/cache" \ + --exclude "/var/lib/amavis/amavisd.sock" \ + --exclude "/var/lib/amavis/tmp" \ + --exclude "/var/lib/clamav/*.tmp" \ + --exclude "/var/lib/elasticsearch" \ + --exclude "/var/lib/metche" \ + --exclude "/var/lib/munin/*tmp*" \ --exclude "/var/lib/mysql" \ + --exclude "/var/lib/php5" \ + --exclude "/var/lib/php/sessions" \ --exclude "/var/lib/postgres" \ --exclude "/var/lib/postgresql" \ --exclude "/var/lib/sympa" \ - --exclude "/var/lib/metche" \ - --exclude "/var/run" \ --exclude "/var/lock" \ - --exclude "/var/state" \ - --exclude "/var/apt" \ - --exclude "/var/cache" \ - --exclude "/usr/src" \ - --exclude "/usr/doc" \ - --exclude "/usr/share/doc" \ - --exclude "/usr/obj" \ - --exclude "dev" \ + --exclude "/var/log" \ + --exclude "/var/log/evobackup*" \ + --exclude "/var/run" \ --exclude "/var/spool/postfix" \ - --exclude "/var/lib/amavis/amavisd.sock" \ - --exclude "/var/lib/munin/*tmp*" \ - --exclude "/var/lib/php5" \ --exclude "/var/spool/squid" \ - --exclude "/var/lib/elasticsearch" \ - --exclude "/var/lib/amavis/tmp" \ - --exclude "/var/lib/clamav/*.tmp" \ + --exclude "/var/state" \ --exclude "/home/mysqltmp" \ - --exclude "/var/lib/php/sessions" \ ${rep} \ /etc \ /root \ From 9f5a4066ee24257e3a970633de9210ef487c11aa Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Tue, 15 Sep 2020 10:15:49 +0200 Subject: [PATCH 3/5] zzz_evobackup: exclude LXC rootfs --- zzz_evobackup | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/zzz_evobackup b/zzz_evobackup index 32285a2..d0f4f57 100755 --- a/zzz_evobackup +++ b/zzz_evobackup @@ -404,6 +404,17 @@ if [ "${SYNC_TASKS}" = "1" ]; then --exclude "/var/spool/postfix" \ --exclude "/var/spool/squid" \ --exclude "/var/state" \ + --exclude "lxc/*/rootfs/usr/doc" \ + --exclude "lxc/*/rootfs/usr/obj" \ + --exclude "lxc/*/rootfs/usr/share/doc" \ + --exclude "lxc/*/rootfs/usr/src" \ + --exclude "lxc/*/rootfs/var/apt" \ + --exclude "lxc/*/rootfs/var/cache" \ + --exclude "lxc/*/rootfs/var/lib/php5" \ + --exclude "lxc/*/rootfs/var/lock" \ + --exclude "lxc/*/rootfs/var/log" \ + --exclude "lxc/*/rootfs/var/run" \ + --exclude "lxc/*/rootfs/var/state" \ --exclude "/home/mysqltmp" \ ${rep} \ /etc \ From 2057a6fd805dfcbf1e9f2019e049f5e8b0ff7761 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 25 Sep 2020 14:12:12 +0200 Subject: [PATCH 4/5] Restore compatibility with Debian <10 ssh-keygen has "-f prefix_path" in openssh-server version 7.9+ --- CHANGELOG.md | 2 ++ lib/includes | 25 +++++++++++++++++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 34c4fbf..bebc416 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed +* restore compatibility with Debian <10 + ### Security ## [2.4.1] - 2020-08-28 diff --git a/lib/includes b/lib/includes index 5650911..f0d21f7 100755 --- a/lib/includes +++ b/lib/includes @@ -208,6 +208,19 @@ new_lock_file() { mkdir --parents "${lock_dir}" && echo $$ > ${lock_file} || error "Failed to acquire lock file '${lock_file}'" } +pkg_version() { + # $(command -v ssh) -V 2>&1 | grep -iEo 'OpenSSH_(\S+)' | cut -d '_' -f2 + dpkg-query -W -f='${Version}\n' $1 \ + | sed 's/[~+-].\+//' \ + | sed 's/.\+://' \ + | sed 's/p.*//' \ + | cut -d. -f1,2 +} +ssh_keygen_with_prefix() { + # openssh-client 7.9 provides ssh-keygen with "-f prefix_path" option + dpkg --compare-versions "$(pkg_version 'openssh-client')" ge "7.9" +} + setup_jail_chroot() { jail_name=${1:?} @@ -261,8 +274,16 @@ setup_jail_chroot() { info "2 - Copying essential files" - # Generate SSH host keys is missing - ssh-keygen -A -f "${jail_path}" + # + if ssh_keygen_with_prefix; then + # Generate SSH host keys if missing in jail + ssh-keygen -A -f "${jail_path}" + else + # Copy SSH host keys from host if missing in jail + for key in /etc/ssh/*_key; do + cp --no-clobber ${key} ${jail_path}${key}; + done + fi touch "./${AUTHORIZED_KEYS}" chmod 600 "./${AUTHORIZED_KEYS}" From 08d113d2ce10bcab4cdb11eb0071512f34ad75d8 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 25 Sep 2020 14:13:20 +0200 Subject: [PATCH 5/5] Release 2.5.0 --- CHANGELOG.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bebc416..cb3e69c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,10 +16,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed -* restore compatibility with Debian <10 - ### Security +## [2.5.0] - 2020-09-25 + +### Fixed + +* restore compatibility with Debian <10 + ## [2.4.1] - 2020-08-28 ### Added