Merge branch 'master' into debian
This commit is contained in:
commit
92a9541379
|
@ -18,6 +18,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
|
||||
### Security
|
||||
|
||||
## [2.5.0] - 2020-09-25
|
||||
|
||||
### Fixed
|
||||
|
||||
* restore compatibility with Debian <10
|
||||
|
||||
## [2.4.1] - 2020-08-28
|
||||
|
||||
### Added
|
||||
|
|
23
lib/includes
23
lib/includes
|
@ -208,6 +208,19 @@ new_lock_file() {
|
|||
mkdir --parents "${lock_dir}" && echo $$ > ${lock_file} || error "Failed to acquire lock file '${lock_file}'"
|
||||
}
|
||||
|
||||
pkg_version() {
|
||||
# $(command -v ssh) -V 2>&1 | grep -iEo 'OpenSSH_(\S+)' | cut -d '_' -f2
|
||||
dpkg-query -W -f='${Version}\n' $1 \
|
||||
| sed 's/[~+-].\+//' \
|
||||
| sed 's/.\+://' \
|
||||
| sed 's/p.*//' \
|
||||
| cut -d. -f1,2
|
||||
}
|
||||
ssh_keygen_with_prefix() {
|
||||
# openssh-client 7.9 provides ssh-keygen with "-f prefix_path" option
|
||||
dpkg --compare-versions "$(pkg_version 'openssh-client')" ge "7.9"
|
||||
}
|
||||
|
||||
setup_jail_chroot() {
|
||||
jail_name=${1:?}
|
||||
|
||||
|
@ -261,8 +274,16 @@ setup_jail_chroot() {
|
|||
|
||||
info "2 - Copying essential files"
|
||||
|
||||
# Generate SSH host keys is missing
|
||||
#
|
||||
if ssh_keygen_with_prefix; then
|
||||
# Generate SSH host keys if missing in jail
|
||||
ssh-keygen -A -f "${jail_path}"
|
||||
else
|
||||
# Copy SSH host keys from host if missing in jail
|
||||
for key in /etc/ssh/*_key; do
|
||||
cp --no-clobber ${key} ${jail_path}${key};
|
||||
done
|
||||
fi
|
||||
|
||||
touch "./${AUTHORIZED_KEYS}"
|
||||
chmod 600 "./${AUTHORIZED_KEYS}"
|
||||
|
|
|
@ -360,7 +360,7 @@ SSH_PORT=$(echo "${server}" | cut -d':' -f2)
|
|||
HOSTNAME=$(hostname)
|
||||
|
||||
if [ "${SYSTEM}" = "linux" ]; then
|
||||
rep="/bin /boot /lib /opt /sbin /usr /srv"
|
||||
rep="/bin /boot /lib /opt /sbin /usr"
|
||||
else
|
||||
rep="/bsd /bin /sbin /usr"
|
||||
fi
|
||||
|
@ -376,35 +376,46 @@ if [ "${SYNC_TASKS}" = "1" ]; then
|
|||
# ignore check because we want it to split the different arguments to $rep
|
||||
# shellcheck disable=SC2086
|
||||
rsync -avzh --relative --stats --delete --delete-excluded --force --ignore-errors --partial \
|
||||
--exclude "dev" \
|
||||
--exclude "lost+found" \
|
||||
--exclude ".nfs.*" \
|
||||
--exclude "/var/log" \
|
||||
--exclude "/var/log/evobackup*" \
|
||||
--exclude "/usr/doc" \
|
||||
--exclude "/usr/obj" \
|
||||
--exclude "/usr/share/doc" \
|
||||
--exclude "/usr/src" \
|
||||
--exclude "/var/apt" \
|
||||
--exclude "/var/cache" \
|
||||
--exclude "/var/lib/amavis/amavisd.sock" \
|
||||
--exclude "/var/lib/amavis/tmp" \
|
||||
--exclude "/var/lib/clamav/*.tmp" \
|
||||
--exclude "/var/lib/elasticsearch" \
|
||||
--exclude "/var/lib/metche" \
|
||||
--exclude "/var/lib/munin/*tmp*" \
|
||||
--exclude "/var/lib/mysql" \
|
||||
--exclude "/var/lib/php5" \
|
||||
--exclude "/var/lib/php/sessions" \
|
||||
--exclude "/var/lib/postgres" \
|
||||
--exclude "/var/lib/postgresql" \
|
||||
--exclude "/var/lib/sympa" \
|
||||
--exclude "/var/lib/metche" \
|
||||
--exclude "/var/run" \
|
||||
--exclude "/var/lock" \
|
||||
--exclude "/var/state" \
|
||||
--exclude "/var/apt" \
|
||||
--exclude "/var/cache" \
|
||||
--exclude "/usr/src" \
|
||||
--exclude "/usr/doc" \
|
||||
--exclude "/usr/share/doc" \
|
||||
--exclude "/usr/obj" \
|
||||
--exclude "dev" \
|
||||
--exclude "/var/log" \
|
||||
--exclude "/var/log/evobackup*" \
|
||||
--exclude "/var/run" \
|
||||
--exclude "/var/spool/postfix" \
|
||||
--exclude "/var/lib/amavis/amavisd.sock" \
|
||||
--exclude "/var/lib/munin/*tmp*" \
|
||||
--exclude "/var/lib/php5" \
|
||||
--exclude "/var/spool/squid" \
|
||||
--exclude "/var/lib/elasticsearch" \
|
||||
--exclude "/var/lib/amavis/tmp" \
|
||||
--exclude "/var/lib/clamav/*.tmp" \
|
||||
--exclude "/var/state" \
|
||||
--exclude "lxc/*/rootfs/usr/doc" \
|
||||
--exclude "lxc/*/rootfs/usr/obj" \
|
||||
--exclude "lxc/*/rootfs/usr/share/doc" \
|
||||
--exclude "lxc/*/rootfs/usr/src" \
|
||||
--exclude "lxc/*/rootfs/var/apt" \
|
||||
--exclude "lxc/*/rootfs/var/cache" \
|
||||
--exclude "lxc/*/rootfs/var/lib/php5" \
|
||||
--exclude "lxc/*/rootfs/var/lock" \
|
||||
--exclude "lxc/*/rootfs/var/log" \
|
||||
--exclude "lxc/*/rootfs/var/run" \
|
||||
--exclude "lxc/*/rootfs/var/state" \
|
||||
--exclude "/home/mysqltmp" \
|
||||
--exclude "/var/lib/php/sessions" \
|
||||
${rep} \
|
||||
/etc \
|
||||
/root \
|
||||
|
|
Loading…
Reference in a new issue