From 92258308fee6fa4de44c1a1cb043670627c55f89 Mon Sep 17 00:00:00 2001 From: deajan Date: Thu, 1 Sep 2016 16:07:20 +0200 Subject: [PATCH] Encryption implemented --- dev/n_obackup.sh | 55 ++++++++++++++++++++++++++++++---------- host_backup.conf.example | 9 ++++--- 2 files changed, 47 insertions(+), 17 deletions(-) diff --git a/dev/n_obackup.sh b/dev/n_obackup.sh index e706ae9..0fe6c9a 100755 --- a/dev/n_obackup.sh +++ b/dev/n_obackup.sh @@ -8,7 +8,7 @@ PROGRAM="obackup" AUTHOR="(C) 2013-2016 by Orsiris de Jong" CONTACT="http://www.netpower.fr/obackup - ozy@netpower.fr" PROGRAM_VERSION=2.1-dev -PROGRAM_BUILD=2016080103 +PROGRAM_BUILD=2016090104 IS_STABLE=no source "./ofunctions.sh" @@ -684,6 +684,18 @@ function CheckDiskSpace { FILE_DRIVE=$DRIVE fi fi + if [ "$ENCRYPTION" != "no" ]; then + GetDiskSpaceRemote "$CRYPT_STORAGE" + if [ $? != 0 ]; then + CRYPT_DISK_SPACE=0 + CAN_BACKUP_FILES=false + CAN_BACKUP_SQL=false + else + CRYPT_DISK_SPACE=$DISK_SPACE + CRYPT_DRIVE=$DRIVE + fi + fi + fi if [ "$TOTAL_DATABASES_SIZE" == "" ]; then @@ -926,13 +938,11 @@ function PrepareEncryptFiles { __CheckArguments 1 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG - if [ "$BACKUP_TYPE" == "local" ] || [ "$BACKUP_TYPE" == "push" ]; then + if [ "$BACKUP_TYPE" == "local" ] || [ "$BACKUP_TYPE" == "pull" ]; then _CreateDirectoryLocal "$tmpPath" - elif [ "$BACKUP_TYPE" == "pull" ]; then - Logger "Encryption only works with [local] or [push] backup types." "CRITICAL" - exit 1 + elif [ "$BACKUP_TYPE" == "push" ]; then + _CreateDirectoryRemote "$tmpPath" fi - #WIP: check disk space in tmp dir and compare to backup size else error } #TODO: add ParallelExec here ? Also rework ParallelExec to use files or variables, vars are max 4M, if cannot be combined, create ParallelExecFromFile @@ -1043,6 +1053,7 @@ function Rsync { local fileStoragePath local rsyncCmd + local retval if [ "$KEEP_ABSOLUTE_PATHS" == "yes" ]; then fileStoragePath=$(dirname "$FILE_STORAGE/${backupDirectory#/}") @@ -1079,12 +1090,15 @@ function Rsync { Logger "cmd: $rsyncCmd" "DEBUG" eval "$rsyncCmd" & WaitForTaskCompletion $! $SOFT_MAX_EXEC_TIME_FILE_TASK $HARD_MAX_EXEC_TIME_FILE_TASK ${FUNCNAME[0]} true $KEEP_LOGGING - if [ $? != 0 ]; then + retval=$? + if [ $retval != 0 ]; then Logger "Failed to backup [$backupDirectory] to [$fileStoragePath]." "ERROR" Logger "Command output:\n $(cat $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.$SCRIPT_PID)" "ERROR" else Logger "File backup succeed." "NOTICE" fi + + return $retval } function FilesBackup { @@ -1096,15 +1110,20 @@ function FilesBackup { IFS=$PATH_SEPARATOR_CHAR read -r -a backupTasks <<< "$FILE_BACKUP_TASKS" for backupTask in "${backupTasks[@]}"; do Logger "Beginning file backup of [$backupTask]." "NOTICE" - if [ "$ENCRYPTION" == "yes" ]; then + if [ "$ENCRYPTION" == "yes" ] && ([ "$BACKUP_TYPE" == "local" ] || [ "$BACKUP_TYPE" == "push" ]); then EncryptFiles "$backupTask" "$CRYPT_STORAGE" "$GPG_RECIPIENT" true if [ $? == 0 ]; then Rsync "$CRYPT_STORAGE" true else Logger "backup failed." "ERROR" fi - else + elif [ "$ENCRYPTION" == "yes" ] && [ "$BACKUP_TYPE" "pull" ]; then Rsync "$backupTask" true + if [ $? == 0 ]; then + EncryptFiles "$backupTask" true + fi + else + Rsync "$backuptask" true fi CheckTotalExecutionTime done @@ -1112,15 +1131,20 @@ function FilesBackup { IFS=$PATH_SEPARATOR_CHAR read -r -a backupTasks <<< "$RECURSIVE_DIRECTORY_LIST" for backupTask in "${backupTasks[@]}"; do Logger "Beginning non recursive file backup of [$backupTask]." "NOTICE" - if [ "$ENCRYPTION" == "yes" ]; then + if [ "$ENCRYPTION" == "yes" ] && ([ "$BACKUP_TYPE" == "local" ] || [ "$BACKUP_TYPE" == "push" ]); then EncryptFiles "$backupTask" "$CRYPT_STORAGE" "$GPG_RECIPIENT" false if [ $? == 0 ]; then Rsync "$CRYPT_STORAGE" false else Logger "backup failed." "ERROR" fi - else + elif [ "$ENCRYPTION" == "yes" ] && [ "$BACKUP_TYPE" "pull" ]; then Rsync "$backupTask" false + if [ $? == 0 ]; then + EncryptFiles "$backupTask" false + fi + else + Rsync "$backuptask" false fi CheckTotalExecutionTime done @@ -1129,15 +1153,20 @@ function FilesBackup { for backupTask in "${backupTasks[@]}"; do # Backup sub directories of recursive directories Logger "Beginning recursive file backup of [$backupTask]." "NOTICE" - if [ "$ENCRYPTION" == "yes" ]; then + if [ "$ENCRYPTION" == "yes" ] && ([ "$BACKUP_TYPE" == "local" ] || [ "$BACKUP_TYPE" == "push" ]); then EncryptFiles "$backupTask" "$CRYPT_STORAGE" "$GPG_RECIPIENT" true if [ $? == 0 ]; then Rsync "$CRYPT_STORAGE" true else Logger "backup failed." "ERROR" fi - else + elif [ "$ENCRYPTION" == "yes" ] && [ "$BACKUP_TYPE" "pull" ]; then Rsync "$backupTask" true + if [ $? == 0 ]; then + EncryptFiles "$backupTask" true + fi + else + Rsync "$backuptask" true fi CheckTotalExecutionTime done diff --git a/host_backup.conf.example b/host_backup.conf.example index 5510689..f0fb665 100644 --- a/host_backup.conf.example +++ b/host_backup.conf.example @@ -2,7 +2,7 @@ ###### obackup - Local or Remote, push or pull backup script for files & mysql databases ###### (C) 2013-2016 by Orsiris de Jong (www.netpower.fr) -###### obackup v2.1x config file rev 2016083102 +###### obackup v2.1x config file rev 2016090101 ###### GENERAL BACKUP OPTIONS @@ -30,10 +30,10 @@ FILE_STORAGE="/home/storage/backup/files" ENCRYPTION=no ## Backup encryption needs a temporary storage space in order to encrypt files before sending them (absolute paths of the local or remote system) -ENCRYPT_STORAGE=/home/storage/backup/crpyt +CRYPT_STORAGE=/home/storage/backup/crpyt -## GPG Public key path -ENCRYPT_PUBKEY=${HOME}/.gpg/pubkey +## GPG recipient (pubkey for this recipient must exist, see gpg2 --list-keys or gpg --list-keys +GPG_RECIPIENT="Orsiris de Jong" ## Create backup directories if they do not exist CREATE_DIRS=yes @@ -102,6 +102,7 @@ MYSQLDUMP_OPTIONS="--opt --single-transaction" ## Preferred SQL dump compression. Compression methods can be xz, lzma, pigz or gzip (will fallback from xz to gzip depending if available) ## Generally, level 5 is a good compromise between cpu, memory hunger and compress ratio. Gzipped files are set to be rsyncable. +## If you use encryption, compression will only bring small benefits as GPG already has pretty good compression included COMPRESSION_LEVEL=3 ###### FILES SPECIFIC OPTIONS