- When a user tries to restore on the console from a backup on IPFire that has a colon in
the filename the tar treats this as meaning that everything after the colon is
information about a remote location to do the extraction to. This results in a filename
that cannot be found, and a remote location that is not correct and the tar operation
fails.
- This has been confirmed by myself.
- If the user tries a restore from a file downloaded to another computer then for most, if
not all browsers, the colon will have been replaced by an underscore or other character.
Firefox, Chromium and Vivaldi do this.
- So any backup file that is selected to be restored using the WUI will no longer have a
colon in the filename.
- This patch adds --force-local to the tar command, which means that tar will treat the
colon as a character in the filename. This will ensure that if a user has any backup
files stored on their IPFire system, with a colon in the filename then doing a restore
from this file will not cause tar to fail.
- The NOW variable is also changed to replace the colon by a dash and to separate the date
and time by an underscore. This filename will be accepted by browsers, without doing
any replacements. Tested out with Firefox, Chromium & Vivaldi.
- The above ensures that both the new and old filename versions will work for doing a
restore.
Fixes: bug13734
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- This patch ensures that if a restore is carried out from an earlier version that includes
ALIENVAULT and/or SPAMHAUS_EDROP that the references will be removed.
- This is the same code as was put into the update.sh file with the previous patch of this
set.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- As discussed in the Dev conf call on 2024-Jan-08
- The 1.x version of Icinga has been EOL since 2018
- The 2.x version would require a complete new configuration approach as the settings
and options are completely different to 1.x and so would be a start from scratch.
- removal of icinga from make.sh file
- removal of lfs file
- removal of rootfile
- removal of configuration file
- removal of backup includes file
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Existing situation is if four new client connections are created and then it is decided
to restore to an earlier stage the new certficates will be in the certs directory but
not usable from the WUI page as they are no longer shown in the client connection table
as that now shows the ones from the restored backup.
- This patch clears the /var/ipfire/ovpn/certs/ directory before restoring the contents
of the backup so that the certs directory only holds what was in the backup.
Fixes: Bug#13404
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
myMPD is written in C and has a nice WebGUI to play
local music and also a WebRadio browser.
This is to replace the removec client175.
After install it can reached via
https://IP_OF_THE_IPFIRE:8800
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
new openssl need at least 2048 bit rsa keys for apache.
So if the existing is smaller a new 4096 bit key is generated.
fixes#13527
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- A script was added to the update.sh script to add pass/no pass to the ovpnconfig entries
but I forgot that this was also needed in the backup.pl file to add those statuses into
any ovpnconfig file restored from a backup before the pass/no pass entries were added.
- This patch corrects that oversight.
- Confirmed by testing on my vm. Before the script added to backup.pl a restore of older
ovpnconfig ended up not showing any icons or status elements. With the script in
backup.pl confirmed that the restored ovpnconfig showed up in the WUI page correctly
with the right icons and with the status elements correctly displayed.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Removal of lfs file
- Removal of rootfile
- Removal of backup includes file
- Removal of three patches
- Removal of paks files
- Adjustment of make.sh to remove squidclamav
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- This code adds the "providers legacy default" line into OpenVPN N2N Client config files
when restoring them in case it is missing from a backup earlier than CU175.
Only adds the line if it is not already present.
- Tested out on my vm testbed system
Fixes: Bug#13137
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- What is it?
rsnapshot is a filesystem snapshot utility based on
rsync. rsnapshot makes it easy to make periodic snapshots of the
ipfire device. The code makes extensive use of hard links whenever
possible, to greatly reduce the disk space required. See:
https://rsnapshot.org
- Why is it needed?
Rsnapshot backups run multiple times per day
(e.g., once per day up to 24 times per day). Rsnapshot is much easier
to configure, setup and use than the borg backup add-on. (I found
borg somewhat confusing). Rsnapshot completes each backup very fast.
Unlike borg, rsnapshot does not compress each backup before storage.
During a complete rebuild, borg backup need installation of the borg
add-on to recover archived files. Rsnapshot backups can be copied
directly from the backup drive. Current backups (backup.pl or borg)
could corrupt sqlite3 databases by running a backup during a database
write. This add-on includes a script specifically for sqlite backups.
- IPFire Wiki
In process at: https://wiki.ipfire.org/addons/rsnapshot
Thanks to Gerd for creating a first build and a nice template for me!
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
- This will backup the sound card status with the asound.state file when the addon is
uninstalled so that if it is re-installed in the future the status can be rerstored.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
This ensures restoring a backup won't silently bring back an insecure
Diffie-Hellman parameter (which could also not be inspected through the
web interface anymore).
Reported-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
After a backup is restored, the CRL might be out of data and client
won't be able to connect to the server any more.
This will immediately update the CRL should it require an update.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Remove sudoers file 'zabbix' in favour of new IPFire managed
'zabbix_agentd' and user managed 'zabbix_agentd_user' which is
included in the backup
- Provide migration of old sudoers file 'zabbix' or 'zabbix.user' to
new zabbix_agentd_user sudoers file if it was modified by user.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
- Restrict default main config to only the bare minimum options
and add upstream provided config as example file.
- Remove /etc/zabbix_agentd from backup and instead add only
zabbix_agentd.conf and subdirs 'scripts' and 'zabbix_agentd.d' to
the backup.
- Move ipfire managed userparameter_pakfire.conf from
user managed dir /etc/zabbix_agentd/zabbix_agent.d to
ipfire managed dir /var/ipfire/zabbix_agentd/userparameters
- Add Include line to existing zabbix_agentd.conf to include
the new ipfire managed config dir /var/ipfire/zabbix_agentd/...
- Add and include mandatory IPFire specific agent configuration
which should never be changed by the user.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
- Add agent modules-dir to backup
- Remove original, not used agent modules dir from rootfile
- Create modules-dir during install if it not already exists
- bugfix: Add existence check before creating log-dir, avoiding error
messages if it already exists from a previous install
- bugfix: add extract_backup_includes to update.sh script to make
sure backup includes exist when backup is taken.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
To solve the behavior discribed in bug 12404 I added the path
/var/ipfire/cups to the backup.
Signed-off-by: Daniel Weismueller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Sometimes, we restore a backup that has been created earlier before
exclude files have been changed. To avoid overwriting those files, we
will consider the exlude list upon restore.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This file is a system configuration file and does not contain any
configruation from the user.
Since it can be overwritten in a backup and restored to an older state,
this can cause problems such as #12788.
Fixes: #12788
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
In order to be able to run the ISO command on command line it is helpful
that the script does not go into background halfway through the process.
We should rather start it as a background job straight from the CGI
script.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch is changing the behaviour of the backup script so that it
creates one tarball and compresses it in one go.
This will save storing the original tarball on disk before compressing
it which on my test system requires significant disk space.
This patch also solves a bug where the backup file included with the ISO
image could not be extracted because it was not gzip-compressed when it
was expected to be.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- check_mk_agent, client175 & lcr are addons that have been removed so the backup
definitions are no longer required.
- dma is not a package but a core program and has its config backup requirements
built into the core backup include file so the addon backup definition is not
used or needed.
- No issues found in the build after these files were removed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Backup definition missing - created ro backup config file
- Update of rootfile
- Addition of backup definition install into lfs file
- Addition of restore and backup statements into install.sh and uninstall.sh pak scripts
Fixes: 12710
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This package has not received any updates or attention within the last
three years. It's sole known upstream URL (https://ssl.bulix.org/projects/lcd4linux/)
returns a HTTP error 404 nowadays, and the author was unable to locate
any upstream source that appears to be still maintained today.
Given the status quo, bugs in lcd4linux cannot be reported properly,
security issues won't be addressed (by anybody else then ourselves), and
technical questions cannot be clarified aside a reverse engineering
approach.
We should not allow such an add-on to be installed on a firewall system.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
