mirror of
https://0xacab.org/liberate/backupninja.git
synced 2024-11-10 04:42:31 +01:00
sys: new luksheaders option to backup the Luks header of every Luks device
This commit is contained in:
intrigeri
parent
94861df686
commit
36854a51d4
@ -18,6 +18,9 @@ version 0.9.7 -- UNRELEASED
|
||||
does not prevent mysqldump to work.
|
||||
. Fix the error message displayed when mysqld is not running:
|
||||
mysqladmin ping indeed returns 0 when authentication fails.
|
||||
sys:
|
||||
. New luksheaders option (default=disabled) to backup the Luks header
|
||||
of every Luks device.
|
||||
|
||||
version 0.9.6 -- July 21, 2008
|
||||
backupninja changes
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
#
|
||||
# this config file will save various reports of vital system information.
|
||||
# by default, all the reports are enabled and are saved in /var/backups.
|
||||
# by default, all the reports are saved in /var/backups.
|
||||
#
|
||||
# requires dpkg, debconf-utils, sfdisk, and hwinfo
|
||||
#
|
||||
@ -25,6 +25,12 @@
|
||||
# (4) hardware information.
|
||||
# detailed information on most important aspects of the hardware.
|
||||
#
|
||||
# (5) the Luks header of every Luks block device, if option luksheaders
|
||||
# is enabled.
|
||||
# in case you (have to) scramble such a Luks header (for some time),
|
||||
# and restore it later by running "dd if=luksheader.sda2.bin of=/dev/sda2"
|
||||
# (MAKE SURE YOU PASS THE CORRECT DEVICE AS of= !!!)
|
||||
#
|
||||
|
||||
# here are the defaults, commented out:
|
||||
|
||||
@ -47,6 +53,14 @@
|
||||
# hardwarefile = /var/backups/hardware.txt
|
||||
# dohwinfo = yes
|
||||
|
||||
# luksheaders = no
|
||||
# NOTE: the __star__ below will be replaced by the Luks partitions found on the
|
||||
# system (e.g. luksheader.sda2.bin, luksheader.sdb3.bin). If you change
|
||||
# the luksheadersfile default below, be sure to include the __star__
|
||||
# replacement in the filename, or you will get one file for only one partition,
|
||||
# the others being written to the same file, and then overwritten by the next.
|
||||
# luksheadersfile = /var/backups/luksheader.__star__.bin
|
||||
|
||||
# If vservers = yes in /etc/backupninja.conf then the following variables can
|
||||
# be used:
|
||||
# vsnames = all | <vserver1> <vserver2> ... (default = all)
|
||||
|
||||
@ -8,19 +8,22 @@ sys_wizard() {
|
||||
"packages" "list of all installed packages." on \
|
||||
"partitions" "the partition table of all disks." on \
|
||||
"sfdisk" "use sfdisk to get partition information." on \
|
||||
"hardware" "detailed hardware information" on
|
||||
"hardware" "detailed hardware information" on \
|
||||
"luksheaders" "Luks headers of all Luks partitions." off
|
||||
[ $? = 1 ] && return;
|
||||
result="$REPLY"
|
||||
packages="packages = no"
|
||||
partitions="partitions = no"
|
||||
sfdisk="dosfdisk = no"
|
||||
hardware="hardware = no"
|
||||
luksheaders="luksheaders = no"
|
||||
for opt in $result; do
|
||||
case $opt in
|
||||
'"packages"') packages="packages = yes";;
|
||||
'"partitions"') partitions="partitions = yes";;
|
||||
'"sfdisk"') sfdisk="dosfdisk = yes";;
|
||||
'"hardware"') hardware="hardware = yes";;
|
||||
'"luksheaders"') luksheaders="luksheaders = yes";;
|
||||
esac
|
||||
done
|
||||
get_next_filename $configdirectory/10.sys
|
||||
@ -29,10 +32,13 @@ $packages
|
||||
$partitions
|
||||
$sfdisk
|
||||
$hardware
|
||||
$luksheaders
|
||||
|
||||
# packagesfile = /var/backups/dpkg-selections.txt
|
||||
# selectionsfile = /var/backups/debconfsel.txt
|
||||
# partitionsfile = /var/backups/partitions.__star__.txt
|
||||
# hardwarefile = /var/backups/hardware.txt
|
||||
# luksheadersfile = /var/backups/luksheader.__star__.bin
|
||||
|
||||
# If vservers = yes in /etc/backupninja.conf then the following variables can
|
||||
# be used:
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
# -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
|
||||
#
|
||||
# this handler will save various reports of vital system information.
|
||||
# by default, all the reports are enabled and are saved in /var/backups.
|
||||
# by default, all the reports are saved in /var/backups.
|
||||
#
|
||||
# (1) a capture of the debconf package selection states. This file
|
||||
# can be used to restore the answers to debconf questions for
|
||||
@ -24,6 +24,12 @@
|
||||
# (4) hardware information.
|
||||
# write to a text file the important things which hwinfo can gleen.
|
||||
#
|
||||
# (5) the Luks header of every Luks block device, if option luksheaders
|
||||
# is enabled.
|
||||
# in case you (have to) scramble such a Luks header (for some time),
|
||||
# and restore it later by running "dd if=luksheader.sda2.bin of=/dev/sda2"
|
||||
# (MAKE SURE YOU PASS THE CORRECT DEVICE AS of= !!!)
|
||||
#
|
||||
|
||||
if [ -f /etc/debian_version ]
|
||||
then
|
||||
@ -82,6 +88,11 @@ getconf HWINFO `which hwinfo`
|
||||
getconf sfdisk_options ""
|
||||
getconf hwinfo_options ""
|
||||
|
||||
getconf CRYPTSETUP `which cryptsetup`
|
||||
getconf DD `which dd`
|
||||
getconf luksheaders no
|
||||
getconf luksheadersfile $parentdir/luksheader.__star__.bin
|
||||
|
||||
getconf vsnames all
|
||||
|
||||
# If vservers are configured, check that the ones listed in $vsnames are running.
|
||||
@ -97,6 +108,19 @@ if [ $vservers_are_available = yes ]; then
|
||||
usevserver=yes
|
||||
fi
|
||||
|
||||
## SANITY CHECKS #########################
|
||||
|
||||
if [ "$luksheaders" == "yes" ]; then
|
||||
if [ ! -x "$DD" ]; then
|
||||
warning "can't find dd, skipping backup of Luks headers."
|
||||
luksheaders="no"
|
||||
fi
|
||||
if [ ! -x "$CRYPTSETUP" ]; then
|
||||
warning "can't find cryptsetup, skipping backup of Luks headers."
|
||||
luksheaders="no"
|
||||
fi
|
||||
fi
|
||||
|
||||
## PACKAGES ##############################
|
||||
|
||||
#
|
||||
@ -541,3 +565,42 @@ if [ "$partitions" == "yes" ]; then
|
||||
$HWINFO --disk >> $hardwarefile
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$luksheaders" == "yes" ]; then
|
||||
devices=`LC_ALL=C $SFDISK -l 2>/dev/null | grep "^Disk /dev" | @AWK@ '{print $2}' | cut -d: -f1`
|
||||
[ -n "$devices" ] || warning "No block device found"
|
||||
targetdevices=""
|
||||
for dev in $devices; do
|
||||
[ -b $dev ] || continue
|
||||
debug "$CRYPTSETUP isLuks $dev"
|
||||
$CRYPTSETUP isLuks $dev
|
||||
[ $? -eq 0 ] && targetdevices="$targetdevices $dev"
|
||||
done
|
||||
for dev in $targetdevices; do
|
||||
label=${dev#/dev/}
|
||||
label=${label//\//-}
|
||||
outputfile=${luksheadersfile//__star__/$label}
|
||||
# the following sizes are expressed in terms of 512-byte sectors
|
||||
debug "Let us find out the Luks header size for $dev"
|
||||
debug "$CRYPTSETUP luksDump \"$dev\" | grep '^Payload offset:' | @AWK@ '{print $3}'"
|
||||
headersize=`$CRYPTSETUP luksDump "$dev" | grep '^Payload offset:' | @AWK@ '{print $3}'`
|
||||
if [ $? -ne 0 ]; then
|
||||
warning "Could not compute the size of Luks header, skipping device $dev"
|
||||
continue
|
||||
elif [ -z "$headersize" -o -n "`echo \"$headersize\" | sed 's/[0-9]*//g'`" ]; then
|
||||
warning "The computed size of Luks header is not an integer, skipping device $dev"
|
||||
continue
|
||||
fi
|
||||
debug "Let us backup the Luks header of device $dev"
|
||||
debug "$DD if=\"${dev}\" of=\"${outputfile}\" bs=512 count=\"${headersize}\""
|
||||
output=`$DD if="${dev}" of="${outputfile}" bs=512 count="${headersize}" 2>&1`
|
||||
exit_code=$?
|
||||
if [ $exit_code -eq 0 ]; then
|
||||
debug $output
|
||||
info "The Luks header of $dev was saved to $outputfile."
|
||||
else
|
||||
debug $output
|
||||
fatal "The Luks header of $dev could not be saved."
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
Loading…
Reference in New Issue
Block a user