From patchwork Mon Feb 26 15:05:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7562 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Tk3wT1Q6nz3wvB for ; Mon, 26 Feb 2024 15:11:05 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Tk3wL6x7xz1wf; Mon, 26 Feb 2024 15:10:58 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Tk3wH2zDXz2yb1; Mon, 26 Feb 2024 15:10:55 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Tk3wD0whWz2xVd for ; Mon, 26 Feb 2024 15:10:52 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Tk3nd3PbKz1wf; Mon, 26 Feb 2024 15:05:09 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1708959909; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F+vTa/bo48g9V6YnHe0/yjubOwhAk0V6MkZnBlqy1mw=; b=6eGm1MIL1bn7haMsYwZ+A4NMV4wRb8ZGJ2t3d9SCzdHJ7IGNVWXQnXu240yY74GJdgKX83 0peJTZdx8QtvgxBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1708959909; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F+vTa/bo48g9V6YnHe0/yjubOwhAk0V6MkZnBlqy1mw=; b=cpDx0Owdzo7tP1fUckxuw1CN9Xm+ogSitM3pWxOnknvJQXE70Ut2VFm4QT23YtFUuyQNu2 U7G3L7dHSgoTP5pfqB6KXaYAv/ep+/yKongg1Jcrt9Yw+mL8Ut158aYOzV5u4lcpCxup0q j5Yn4BKfsy2/8j059Ub7G3yRo+WUdiH+0ubmexLt/sS9DKZJl//lZJ2Yzb48uW2G5rJB+T WgImMAZahYn8QovT0jxdBg0gS8GzsgOrV5jrFqr2QfczKeVb3fdjYB8DWqTP3RwWFAuzY+ 0F2vjsXYGMnKNGf1BQsKy7jNw7OK5gpp259ZNGyxQSh08hTzmlu6a803caXvFg== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 2/2] backup.pl: Fixes bug#13404 - Clear out OpenVPN certs before doing restore Date: Mon, 26 Feb 2024 16:05:01 +0100 Message-ID: <20240226150501.16508-2-adolf.belka@ipfire.org> In-Reply-To: <20240226150501.16508-1-adolf.belka@ipfire.org> References: <20240226150501.16508-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: 5HFZ6FIHNNK7TIMEUDRH2VC6REPIUG7M X-Message-ID-Hash: 5HFZ6FIHNNK7TIMEUDRH2VC6REPIUG7M X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Existing situation is if four new client connections are created and then it is decided to restore to an earlier stage the new certficates will be in the certs directory but not usable from the WUI page as they are no longer shown in the client connection table as that now shows the ones from the restored backup. - This patch clears the /var/ipfire/ovpn/certs/ directory before restoring the contents of the backup so that the certs directory only holds what was in the backup. Fixes: Bug#13404 Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- config/backup/backup.pl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/backup/backup.pl b/config/backup/backup.pl index 7992f21c5..b43420740 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -75,6 +75,10 @@ make_backup() { restore_backup() { local filename="${1}" + # remove all openvpn certs to prevent old unusable + # certificates being left in directory after a restore + rm -f /var/ipfire/ovpn/certs/* + # Extract backup if ! tar xvzpf "${filename}" -C / \ --exclude-from="/var/ipfire/backup/exclude" \