summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2007-10-15 13:23:07 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2007-10-15 13:23:07 +0000
commit4c6317c699e81251974c14c8ca452471db7f83e1 (patch)
treef8824a59d385281d82d12e0a7e82588951b68244
parentd1ac45461b8a2aa67f63c578f74a8c93e0008608 (diff)
downloadalpine-conf-4c6317c699e81251974c14c8ca452471db7f83e1.tar.bz2
alpine-conf-4c6317c699e81251974c14c8ca452471db7f83e1.tar.xz
lbu encrypt fixes
-rw-r--r--lbu118
1 files changed, 71 insertions, 47 deletions
diff --git a/lbu b/lbu
index 78089a2..f10caa8 100644
--- a/lbu
+++ b/lbu
@@ -20,12 +20,17 @@ COMMITED_TDB="$APK_DATA/commited.tdb"
EXCLUDE_LIST=/etc/lbu/exclude
INCLUDE_LIST=/etc/lbu/include
+PACKAGES_LIST=/etc/lbu/packages.list
+
+DEFAULT_CIPHER="aes-256-cbc"
+
MASK="Npugsh"
LBUDIRS=`echo "$APK_LBUDIRS" | sed 's/:/ /g'`
-if [ -f /etc/lbu/lbu.conf ]; then
- . /etc/lbu/lbu.conf
+LBU_CONF=/etc/lbu/lbu.conf
+if [ -f "$LBU_CONF" ]; then
+ . "$LBU_CONF"
fi
retcode=0
@@ -50,7 +55,7 @@ Common options:
exit 1
}
-# verify we have openssl is we want to encrypt
+# verify we have openssl if we want to encrypt
check_openssl() {
[ -z "$ENCRYPTION" ] && return 0
OPENSSL=$(which openssl 2>/dev/null) || die "openssl was not found"
@@ -171,8 +176,10 @@ cmd_package() {
local rc=0
local owd="$PWD"
local suff="apkovl.tar.gz"
+ local tmpdir tmppkg
check_openssl
+ init_tmpdir tmpdir
[ -n "$ENCRYPTION" ] && suff="$suff.$ENCRYPTION"
@@ -183,15 +190,18 @@ cmd_package() {
pkg="$PWD/$(hostname).$suff"
fi
+ tmppkg="$tmpdir/$(basename $pkg)"
+
# generate the packages.list
cd "$ROOT"
- mkdir -p /etc/lbu
- echo "#This file is generated by 'lbu package'" > /etc/lbu/packages.list
+ mkdir -p $(dirname $PACKAGES_LIST)
+ echo "#This file is generated by 'lbu package' (lbu $VERSION)" \
+ > $PACKAGES_LIST
for i in $(apk_glob '*') ; do
reqby=$(apk_info -qr $i);
# only add the packages who has no REQUIRED_BY
[ -z "$reqby" ] && echo $i
- done | sed 's/-[0-9].*//' >> /etc/lbu/packages.list
+ done | sed 's/-[0-9].*//' >> $PACKAGES_LIST
# Automatically add list and modified files
currentlist=`VERBOSE="" USE_DEFAULT="-a" cmd_status -a | grep -v ^D | awk '{print $2}'`
@@ -203,22 +213,31 @@ cmd_package() {
# create tar archive
[ -f "$EXCLUDE_LIST" ] && excl="-X $EXCLUDE_LIST"
[ -f "$INCLUDE_LIST" ] && incl="-T $INCLUDE_LIST"
-
if [ -z "$ENCRYPTION" ]; then
- if ! tar $VERBOSE $excl $incl -c $currentlist \
- | gzip -c >"$pkg" ; then
- rm -f "$CURRENT_TDB"
- rc=1
- fi
+ tar $VERBOSE $excl $incl -c $currentlist \
+ | gzip -c >"$tmppkg"
+ rc=$?
else
- if ! tar $VERBOSE $excl $incl -c $currentlist \
- | gzip -c \
- | $OPENSSL enc "-$ENCRYPTION" -salt > "$pkg"
- then
- rm -f "$CURRENT_TDB"
- rc=1
+ if [ -n "$VERBOSE" ]; then
+ echo "Archiving the following files:" >&2
+ # we dont want to mess the tar output with the
+ # password prompt. Lets get the tar output first.
+ tar $excl $incl -c -v $currentlist > /dev/null
+ rc=$?
+ fi
+ if [ $rc -eq 0 ]; then
+ tar $excl $incl -c $currentlist | gzip -c \
+ | $OPENSSL enc "-$ENCRYPTION" -salt > "$tmppkg"
+ rc=$?
fi
fi
+
+ if [ $rc -eq 0 ]; then
+ [ -z "$DRYRUN" ] && cp "$tmppkg" "$pkg"
+ else
+ rm -f "$CURRENT_TDB"
+ fi
+
cd "$owd"
return $rc
}
@@ -250,13 +269,19 @@ Create a backup of config to writeable media.
usage: $PROGRAM commit|ci [-nv] [<media>]
Options:
- -d Remove old configuration files.
+ -d Remove old apk overlay files.
-e Protect configuration with a password.
-n Don't commit, just show what would have been commited.
-v Verbose mode.
The following values for <media> is supported: floppy usb
If <media> is not specified, the environment variable LBU_MEDIA will be used.
+
+Passows protection will use $DEFAULT_CIPHER encryption. Other ciphers can be
+used by setting the DEFAULT_CIPHER or ENCRYPTION environment variables.
+For possible ciphers, try: openssl -v
+
+The environment varialbes can also be set in $LBU_CONF
"
exit 1
}
@@ -267,6 +292,9 @@ cmd_commit() {
check_openssl
+ # turn on verbose mode if dryrun
+ [ -n "$DRYRUN" ] && VERBOSE="-v"
+
# find what media to use
if [ "$1" ] ; then
media="$1"
@@ -277,39 +305,36 @@ cmd_commit() {
# mount media unles its already mounted
mnt=/media/$media
- [ -d $mnt ] || usage
+ [ -d "$mnt" ] || usage
was_mounted=`grep $mnt /proc/mounts`
if [ -z "$was_mounted" ]; then
mount $mnt || die "failed to mount $mnt."
fi
+ # find the outfile
+ outfile="$mnt/$(hostname).apkovl.tar.gz"
+ if [ -n "$ENCRYPTION" ]; then
+ outfile="$outfile.$ENCRYPTION"
+ fi
+
+ # remove old config files
if [ -n "$DELETEOLDCONFIGS" ] ; then
- if [ -n "$DRYRUN" ] ; then
- local rmfiles=$(ls "$mnt/*.apkovl.*" 2>/dev/null)
- if [ -n "$rmfiles" ] ; then
- echo "I would have removed:"
+ local rmfiles=$(ls "$mnt/"*.apkovl.tar.gz* 2>/dev/null)
+ if [ -n "$rmfiles" ] ; then
+ if [ -n "$VERBOSE" ]; then
+ echo "Removing old apk overlay files:" >&2
echo "$rmfiles"
+ echo "" >&2
fi
- else
- [ -n "$VERBOSE" ] && echo "Removing old config files"
- rm "$mnt/*.apkovl.*" 2>/dev/null
+ [ -z "$DRYRUN" ] && rm "$mnt/"*.apkovl.tar.gz*
fi
else
- lines=$(ls -1 "$mnt"/*.apkovl.tar.gz* 2>/dev/null | wc -l )
- if [ $lines -gt 1 ] ; then
+ lines=$(ls -1 "$mnt"/*.apkovl.tar.gz* 2>/dev/null)
+ if [ -n "$lines" ] && [ "$lines" != "$outfile" ]; then
# More then one apkovl, this is a security concern
- die "More than one apkovl file was found. Please use -d to erase old configs."
- fi
- fi
-
- # commit files to archive
- if [ "$DRYRUN" ] ; then
- outfile=/dev/null
- VERBOSE="-v"
- else
- outfile="$mnt/$(hostname).apkovl.tar.gz"
- if [ -n "$ENCRYPTION" ]; then
- outfile="$outfile.$ENCRYPTION"
+ [ -z "$was_mounted" ] && umount "$mnt"
+ [ -n "$VERBOSE" ] && echo "$lines"
+ die "Found multiple apkovl files. Please use -d to replace them all."
fi
fi
@@ -320,17 +345,18 @@ cmd_commit() {
die "Problems creating archive. aborting"
fi
- # remove obsolete file
+ # remove obsolete file. some older version of alpine needs this
+ # to be ble to upgrade
if [ -z "$DRYRUN" ] && [ -f $mnt/packages.list ]; then
echo "Note: Removing packages.list from $(basename $mnt)."
- echo " /etc/lbu/packages.list will be used."
+ echo " $PACKAGES_LIST will be used."
rm -f $mnt/packages.list
fi
# make sure data is written and unmount the media
sync
sleep 1
- [ -z "$was_mounted" ] && umount $mnt
+ [ -z "$was_mounted" ] && umount "$mnt"
# move current to commited.
[ "$DRYRUN" ] || mv "$CURRENT_TDB" "$COMMITED_TDB"
@@ -476,9 +502,7 @@ while getopts "adehlM:nqrv" opt ; do
;;
d) DELETEOLDCONFIGS="yes"
;;
- e) ENCRYPTION="aes-256-cbc" #hardcoded cyper for ssl, this can be expanded
- # to use different cyphers, the lbu_commit code
- # does not need to be changed
+ e) ENCRYPTION="$DEFAULT_CIPHER"
;;
h) usage_$SUBCMD
;;