Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
alpine-conf
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
18
Issues
18
List
Boards
Labels
Service Desk
Milestones
Merge Requests
3
Merge Requests
3
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alpine
alpine-conf
Commits
4c6317c6
Commit
4c6317c6
authored
Oct 15, 2007
by
Natanael Copa
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
lbu encrypt fixes
parent
d1ac4546
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
71 additions
and
47 deletions
+71
-47
lbu
lbu
+71
-47
No files found.
lbu
View file @
4c6317c6
...
...
@@ -20,12 +20,17 @@ COMMITED_TDB="$APK_DATA/commited.tdb"
EXCLUDE_LIST
=/
etc
/
lbu
/
exclude
INCLUDE_LIST
=/
etc
/
lbu
/
include
PACKAGES_LIST
=/
etc
/
lbu
/
packages
.
list
DEFAULT_CIPHER
=
"aes-256-cbc"
MASK
=
"Npugsh"
LBUDIRS
=`
echo
"$APK_LBUDIRS"
|
sed
's/:/ /g'
`
if
[
-
f
/
etc
/
lbu
/
lbu
.
conf
];
then
.
/
etc
/
lbu
/
lbu
.
conf
LBU_CONF
=/
etc
/
lbu
/
lbu
.
conf
if
[
-
f
"$LBU_CONF"
];
then
.
"$LBU_CONF"
fi
retcode
=
0
...
...
@@ -50,7 +55,7 @@ Common options:
exit
1
}
#
verify
we
have
openssl
i
s
we
want
to
encrypt
#
verify
we
have
openssl
i
f
we
want
to
encrypt
check_openssl
()
{
[
-
z
"$ENCRYPTION"
]
&&
return
0
OPENSSL
=$(
which
openssl
2
>/
dev
/
null
)
||
die
"openssl was not found"
...
...
@@ -171,8 +176,10 @@ cmd_package() {
local
rc
=
0
local
owd
=
"$PWD"
local
suff
=
"apkovl.tar.gz"
local
tmpdir
tmppkg
check_openssl
init_tmpdir
tmpdir
[
-
n
"$ENCRYPTION"
]
&&
suff
=
"$suff.$ENCRYPTION"
...
...
@@ -183,15 +190,18 @@ cmd_package() {
pkg
=
"$PWD/$(hostname).$suff"
fi
tmppkg
=
"$tmpdir/$(basename $pkg)"
#
generate
the
packages
.
list
cd
"$ROOT"
mkdir
-
p
/
etc
/
lbu
echo
"#This file is generated by 'lbu package'"
>
/
etc
/
lbu
/
packages
.
list
mkdir
-
p
$(
dirname
$
PACKAGES_LIST
)
echo
"#This file is generated by 'lbu package' (lbu $VERSION)"
\
>
$
PACKAGES_LIST
for
i
in
$(
apk_glob
'*'
)
;
do
reqby
=$(
apk_info
-
qr
$
i
);
#
only
add
the
packages
who
has
no
REQUIRED_BY
[
-
z
"$reqby"
]
&&
echo
$
i
done
|
sed
's/-[0-9].*//'
>>
/
etc
/
lbu
/
packages
.
list
done
|
sed
's/-[0-9].*//'
>>
$
PACKAGES_LIST
#
Automatically
add
list
and
modified
files
currentlist
=`
VERBOSE
=
""
USE_DEFAULT
=
"-a"
cmd_status
-
a
|
grep
-
v
^
D
|
awk
'{print $2}'
`
...
...
@@ -203,22 +213,31 @@ cmd_package() {
#
create
tar
archive
[
-
f
"$EXCLUDE_LIST"
]
&&
excl
=
"-X $EXCLUDE_LIST"
[
-
f
"$INCLUDE_LIST"
]
&&
incl
=
"-T $INCLUDE_LIST"
if
[
-
z
"$ENCRYPTION"
];
then
if
! tar $VERBOSE $excl $incl -c $currentlist \
|
gzip
-
c
>
"$pkg"
;
then
rm
-
f
"$CURRENT_TDB"
rc
=
1
fi
tar
$
VERBOSE
$
excl
$
incl
-
c
$
currentlist
\
|
gzip
-
c
>
"$tmppkg"
rc
=$?
else
if
! tar $VERBOSE $excl $incl -c $currentlist \
|
gzip
-
c
\
|
$
OPENSSL
enc
"-$ENCRYPTION"
-
salt
>
"$pkg"
then
rm
-
f
"$CURRENT_TDB"
rc
=
1
if
[
-
n
"$VERBOSE"
];
then
echo
"Archiving the following files:"
>&
2
#
we
dont
want
to
mess
the
tar
output
with
the
#
password
prompt
.
Lets
get
the
tar
output
first
.
tar
$
excl
$
incl
-
c
-
v
$
currentlist
>
/
dev
/
null
rc
=$?
fi
if
[
$
rc
-
eq
0
];
then
tar
$
excl
$
incl
-
c
$
currentlist
|
gzip
-
c
\
|
$
OPENSSL
enc
"-$ENCRYPTION"
-
salt
>
"$tmppkg"
rc
=$?
fi
fi
if
[
$
rc
-
eq
0
];
then
[
-
z
"$DRYRUN"
]
&&
cp
"$tmppkg"
"$pkg"
else
rm
-
f
"$CURRENT_TDB"
fi
cd
"$owd"
return
$
rc
}
...
...
@@ -250,13 +269,19 @@ Create a backup of config to writeable media.
usage: $PROGRAM commit|ci [-nv] [<media>]
Options:
-d Remove old
configuration
files.
-d Remove old
apk overlay
files.
-e Protect configuration with a password.
-n Don't commit, just show what would have been commited.
-v Verbose mode.
The following values for <media> is supported: floppy usb
If <media> is not specified, the environment variable LBU_MEDIA will be used.
Passows protection will use $DEFAULT_CIPHER encryption. Other ciphers can be
used by setting the DEFAULT_CIPHER or ENCRYPTION environment variables.
For possible ciphers, try: openssl -v
The environment varialbes can also be set in $LBU_CONF
"
exit
1
}
...
...
@@ -267,6 +292,9 @@ cmd_commit() {
check_openssl
#
turn
on
verbose
mode
if
dryrun
[
-
n
"$DRYRUN"
]
&&
VERBOSE
=
"-v"
#
find
what
media
to
use
if
[
"$1"
]
;
then
media
=
"$1"
...
...
@@ -277,39 +305,36 @@ cmd_commit() {
#
mount
media
unles
its
already
mounted
mnt
=/
media
/$
media
[
-
d
$
mnt
]
||
usage
[
-
d
"$mnt"
]
||
usage
was_mounted
=`
grep
$
mnt
/
proc
/
mounts
`
if
[
-
z
"$was_mounted"
];
then
mount
$
mnt
||
die
"failed to mount $mnt."
fi
#
find
the
outfile
outfile
=
"$mnt/$(hostname).apkovl.tar.gz"
if
[
-
n
"$ENCRYPTION"
];
then
outfile
=
"$outfile.$ENCRYPTION"
fi
#
remove
old
config
files
if
[
-
n
"$DELETEOLDCONFIGS"
]
;
then
if
[
-
n
"$DRYRUN"
]
;
then
local
rmfiles
=$(
ls
"$mnt/*.apkovl.*"
2
>/
dev
/
null
)
if
[
-
n
"$
rmfiles"
]
;
then
echo
"
I would have removed:"
local
rmfiles
=$(
ls
"$mnt/"
*.
apkovl
.
tar
.
gz
*
2
>/
dev
/
null
)
if
[
-
n
"$rmfiles"
]
;
then
if
[
-
n
"$
VERBOSE"
]
;
then
echo
"
Removing old apk overlay files:"
>&
2
echo
"$rmfiles"
echo
""
>&
2
fi
else
[
-
n
"$VERBOSE"
]
&&
echo
"Removing old config files"
rm
"$mnt/*.apkovl.*"
2
>/
dev
/
null
[
-
z
"$DRYRUN"
]
&&
rm
"$mnt/"
*.
apkovl
.
tar
.
gz
*
fi
else
lines
=$(
ls
-
1
"$mnt"
/*.
apkovl
.
tar
.
gz
*
2
>/
dev
/
null
|
wc
-
l
)
if
[
$
lines
-
gt
1
]
;
then
lines
=$(
ls
-
1
"$mnt"
/*.
apkovl
.
tar
.
gz
*
2
>/
dev
/
null
)
if
[
-
n
"$lines"
]
&&
[
"$lines"
!= "$outfile" ]
; then
#
More
then
one
apkovl
,
this
is
a
security
concern
die
"More than one apkovl file was found. Please use -d to erase old configs."
fi
fi
#
commit
files
to
archive
if
[
"$DRYRUN"
]
;
then
outfile
=/
dev
/
null
VERBOSE
=
"-v"
else
outfile
=
"$mnt/$(hostname).apkovl.tar.gz"
if
[
-
n
"$ENCRYPTION"
];
then
outfile
=
"$outfile.$ENCRYPTION"
[
-
z
"$was_mounted"
]
&&
umount
"$mnt"
[
-
n
"$VERBOSE"
]
&&
echo
"$lines"
die
"Found multiple apkovl files. Please use -d to replace them all."
fi
fi
...
...
@@ -320,17 +345,18 @@ cmd_commit() {
die
"Problems creating archive. aborting"
fi
#
remove
obsolete
file
#
remove
obsolete
file
.
some
older
version
of
alpine
needs
this
#
to
be
ble
to
upgrade
if
[
-
z
"$DRYRUN"
]
&&
[
-
f
$
mnt
/
packages
.
list
];
then
echo
"Note: Removing packages.list from $(basename $mnt)."
echo
"
/etc/lbu/packages.list
will be used."
echo
"
$PACKAGES_LIST
will be used."
rm
-
f
$
mnt
/
packages
.
list
fi
#
make
sure
data
is
written
and
unmount
the
media
sync
sleep
1
[
-
z
"$was_mounted"
]
&&
umount
$
mnt
[
-
z
"$was_mounted"
]
&&
umount
"$mnt"
#
move
current
to
commited
.
[
"$DRYRUN"
]
||
mv
"$CURRENT_TDB"
"$COMMITED_TDB"
...
...
@@ -476,9 +502,7 @@ while getopts "adehlM:nqrv" opt ; do
;;
d
)
DELETEOLDCONFIGS
=
"yes"
;;
e
)
ENCRYPTION
=
"aes-256-cbc"
#
hardcoded
cyper
for
ssl
,
this
can
be
expanded
#
to
use
different
cyphers
,
the
lbu_commit
code
#
does
not
need
to
be
changed
e
)
ENCRYPTION
=
"$DEFAULT_CIPHER"
;;
h
)
usage_
$
SUBCMD
;;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment