Compare commits
No commits in common. "b4f8834d5177689fb13a9ddeefafe2bbcdfbb017" and "edba57caaf6c0cc034b5646f6499a96b42bdd61f" have entirely different histories.
b4f8834d51
...
edba57caaf
@ -1,13 +1,15 @@
|
|||||||
#
|
#######
|
||||||
# openLDAP backup script parameters file
|
### openLDAP backup script parameters file
|
||||||
# version 4.0
|
### version 3.2
|
||||||
#
|
#######
|
||||||
|
|
||||||
|
|
||||||
|
### This file should be protected since it contains the password used to
|
||||||
|
### encrypt your backup files!
|
||||||
|
### recommend at least:
|
||||||
|
### chown root:root backup.parameters
|
||||||
|
### chmod 600 backup.parameters
|
||||||
|
|
||||||
# This file should be protected since it contains the password used to
|
|
||||||
# encrypt your backup files!
|
|
||||||
# recommend at least:
|
|
||||||
# chown root:root backup.parameters
|
|
||||||
# chmod 600 backup.parameters
|
|
||||||
|
|
||||||
# password used to encrypt backup
|
# password used to encrypt backup
|
||||||
password='myPassword'
|
password='myPassword'
|
||||||
@ -15,11 +17,11 @@ password='myPassword'
|
|||||||
### encryption options
|
### encryption options
|
||||||
|
|
||||||
# encryption cipher
|
# encryption cipher
|
||||||
# use 'openssl enc --ciphers' to see which ciphers are supported by your
|
# use 'openssl enc --ciphers' to see which ciphers are supported by your
|
||||||
# openSSL installation
|
# openSSL installation
|
||||||
encryptionCipher='aes-256-cbc'
|
encryptionCipher='aes-256-cbc'
|
||||||
|
|
||||||
# number of iterations used to derive the private key, higher is better but
|
# number of iterations used to derive the private key, higher is better but
|
||||||
# more CPU intensive - minimum of 20000 recommended
|
# more CPU intensive - minimum of 20000 recommended
|
||||||
encryptionIterations=25000
|
encryptionIterations=25000
|
||||||
|
|
@ -1,8 +1,8 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
#
|
#
|
||||||
# backup openLDAP configuration and frontend database(s)
|
### backup openLDAP configuration and frontend database(s)
|
||||||
# version 4.0
|
# version 3.2
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
@ -27,7 +27,7 @@ scriptPath="$( CDPATH='' cd -- "$( dirname -- "$0" )" && pwd -P )"
|
|||||||
scriptName="$( basename "$0" )"
|
scriptName="$( basename "$0" )"
|
||||||
# logfile default: same location and name as this script, with '.log' extension
|
# logfile default: same location and name as this script, with '.log' extension
|
||||||
logfile="$scriptPath/${scriptName%.*}.log"
|
logfile="$scriptPath/${scriptName%.*}.log"
|
||||||
# encryption parameters file default: same location and name as this script,
|
# encryption parameters file default: same location and name as this script,
|
||||||
# with '.params' extension
|
# with '.params' extension
|
||||||
encParams="$scriptPath/${scriptName%.*}.params"
|
encParams="$scriptPath/${scriptName%.*}.params"
|
||||||
# backup mode by default
|
# backup mode by default
|
||||||
@ -63,11 +63,11 @@ consoleError () {
|
|||||||
exit "$1"
|
exit "$1"
|
||||||
}
|
}
|
||||||
|
|
||||||
decryptionNote () {
|
decryptionNote () {
|
||||||
printf "\n"
|
printf "\n"
|
||||||
textblock "${bold}${magenta}Decrypting your backup archive:${norm}"
|
textblock "${bold}${magenta}Decrypting your backup archive:${norm}"
|
||||||
printf "\n"
|
printf "\n"
|
||||||
|
|
||||||
textblock 'To decrypt and extract your backup file, you need the following information:'
|
textblock 'To decrypt and extract your backup file, you need the following information:'
|
||||||
textblock '1. The password used to encrypt the file'
|
textblock '1. The password used to encrypt the file'
|
||||||
textblock '2. The encryption cipher used (default: AES-256-CBC)'
|
textblock '2. The encryption cipher used (default: AES-256-CBC)'
|
||||||
@ -132,12 +132,12 @@ scriptHelp () {
|
|||||||
textblock "${bold}${magenta}Usage: ${scriptName} [parameters]${norm}"
|
textblock "${bold}${magenta}Usage: ${scriptName} [parameters]${norm}"
|
||||||
printf "\n"
|
printf "\n"
|
||||||
textblock "${cyan}Parameters ${yellow}(default value):${norm}"
|
textblock "${cyan}Parameters ${yellow}(default value):${norm}"
|
||||||
textblock "There are NO mandatory parameters. By default the script will run in 'backup' mode and save an encrypted backup archive to the current directory. If a parameter is not supplied, its default value will be used. In the case of a switch parameter, it will remain deactivated if not specified."
|
textblock "There are NO mandatory parameters. By default the script will run in 'backup' mode and save an encrypted backup archive to the current directory. If a parameter is not supplied, it's default value will be used. In the case of a switch parameter, it will remain deactivated if not specified."
|
||||||
printf "\n"
|
printf "\n"
|
||||||
textblock "${bold}*** Common parameters ***${norm}"
|
textblock "${bold}*** Common parameters ***${norm}"
|
||||||
printf "\n"
|
printf "\n"
|
||||||
textblock "${cyan}-l, --log ${yellow}(scriptPath/scriptName.log)${norm}"
|
textblock "${cyan}-l, --log ${yellow}(scriptPath/scriptName.log)${norm}"
|
||||||
textblock "FULL path to write log file. If you supply a path ending with a slash ('/') it will be assumed you mean a directory and the log file will be written to that directory using the format 'path/scriptname.log'. If you supply only a filename (no slashes anywhere), it will be assumed you want to save the log using that name in the script directory. The script will attempt to create any provided paths/directories if they do not exist."
|
textblock "FULL path to write log file. If you supply a path ending with a slash ('/') it will be assumed you mean a directory and the log file will be written to that directory using the format 'path/scriptname.log'. If you supply only a filename (no slashes anywhere), it will assumed you want to save the log using that name in the script directory. The script will attempt to create any provided paths/directories if they do not exist."
|
||||||
printf "\n"
|
printf "\n"
|
||||||
textblock "${cyan}-o, --output ${yellow}(scriptPath/)${norm}"
|
textblock "${cyan}-o, --output ${yellow}(scriptPath/)${norm}"
|
||||||
textblock "Location where the output files should be saved on this machine. You should only specify a *directory* here (trailing slash optional). File names are automatic and cannot be changed via this script. All restore operations will create a 'restore' subdirectory in this specified directory."
|
textblock "Location where the output files should be saved on this machine. You should only specify a *directory* here (trailing slash optional). File names are automatic and cannot be changed via this script. All restore operations will create a 'restore' subdirectory in this specified directory."
|
||||||
@ -401,7 +401,7 @@ else
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
logInfo "Imported: '$encParams'"
|
logInfo "Imported: '$encParams'"
|
||||||
|
|
||||||
# verify import
|
# verify import
|
||||||
logInfo 'task' 'Verify encryption password'
|
logInfo 'task' 'Verify encryption password'
|
||||||
if [ -z "$password" ]; then
|
if [ -z "$password" ]; then
|
||||||
@ -435,7 +435,7 @@ if [ $extract = 'true' ]; then
|
|||||||
|
|
||||||
# extract backupFile to outputLocation
|
# extract backupFile to outputLocation
|
||||||
logInfo "Extracting backup file ($backupFile)"
|
logInfo "Extracting backup file ($backupFile)"
|
||||||
|
|
||||||
# create extraction target directory
|
# create extraction target directory
|
||||||
if [ ! -d "${outputLocation%/}/restore" ]; then
|
if [ ! -d "${outputLocation%/}/restore" ]; then
|
||||||
# create subdirectory for restored files
|
# create subdirectory for restored files
|
||||||
@ -537,7 +537,7 @@ elif [ $extract = 'false' ]; then
|
|||||||
else
|
else
|
||||||
logInfo 'done'
|
logInfo 'done'
|
||||||
fi
|
fi
|
||||||
i=$((i+1))
|
i=$((i+1))
|
||||||
done
|
done
|
||||||
|
|
||||||
# compress and encrypt exported ldif files
|
# compress and encrypt exported ldif files
|
@ -1,12 +1,11 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
#
|
### update script for ab-openldap container and utility scripts
|
||||||
# update script for ab-openldap container and utility scripts
|
|
||||||
# version 1.0.0
|
# version 1.0.0
|
||||||
# script by Asif Bacchus
|
# script by Asif Bacchus
|
||||||
# usage of this script is subject to the license terms found at:
|
# usage of this script is subject to the license terms found at:
|
||||||
# https://git.asifbacchus.app/ab-docker/scripts/LICENSE
|
# https://git.asifbacchus.app/ab-docker/scripts/LICENSE
|
||||||
#
|
|
||||||
|
|
||||||
### pre-requisites
|
### pre-requisites
|
||||||
|
|
||||||
@ -33,53 +32,55 @@ updateSuccess=0
|
|||||||
# reference constants
|
# reference constants
|
||||||
containerName='ab-openldap'
|
containerName='ab-openldap'
|
||||||
containerUpdatePath='docker.asifbacchus.app/ldap/ab-openldap:latest'
|
containerUpdatePath='docker.asifbacchus.app/ldap/ab-openldap:latest'
|
||||||
serverPath="https://asifbacchus.app/public/$containerName/"
|
server="https://git.asifbacchus.app/ab-docker/scripts/raw/branch/master/$containerName/"
|
||||||
checksumFilename='checksums.sha256'
|
checksumFilename='checksums.sha256'
|
||||||
|
|
||||||
# files to update
|
# files to update
|
||||||
scriptName='ab-openldap-update.sh'
|
localScriptName='update.sh'
|
||||||
updateFiles="ab-openldap-backup.params.template ab-openldap-backup.sh ab-openldap.params.template ab-openldap.sh"
|
repoScriptName='update.sh'
|
||||||
|
updateFiles="ab-openldap.sh ab-openldap.params.template backup.sh backup.params.template"
|
||||||
printf "\nUpdating %s:\n" "$containerName"
|
|
||||||
|
|
||||||
|
|
||||||
### update container
|
### update container
|
||||||
|
printf "\n*** Updating %s container and service scripts ***\n\n" "$containerName"
|
||||||
|
|
||||||
printf "updating container... "
|
printf "Updating container:\n"
|
||||||
if ! docker pull "$containerUpdatePath"; then
|
if ! docker pull "$containerUpdatePath"; then
|
||||||
printf "[ERROR]\n\n"
|
|
||||||
printf "There was an error updating the container. Try again later.\n\n"
|
printf "There was an error updating the container. Try again later.\n\n"
|
||||||
exit 1
|
exit 1
|
||||||
else
|
else
|
||||||
printf "[OK]\n"
|
printf "Container updated!\n\n"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
### checksums
|
|
||||||
printf "downloading latest checksums... "
|
### update scripts
|
||||||
if ! wget --quiet --tries=3 --timeout=10 -O "$checksumFilename" "$serverPath$checksumFilename"; then
|
printf "Updating %s service scripts\n" "$containerName"
|
||||||
printf "[ERROR]\n\n"
|
|
||||||
printf "Unable to download updated checksums. Try again later.\n\n"
|
## download latest checksums
|
||||||
|
printf "Getting latest checksums from ab-git server... "
|
||||||
|
if ! wget --quiet --tries=3 --timeout=10 -N "${server}${checksumFilename}"; then
|
||||||
|
printf "[ERROR]\n"
|
||||||
|
printf "Unable to download checksums from ab-git server. Try again later.\n\n"
|
||||||
exit 1
|
exit 1
|
||||||
else
|
else
|
||||||
printf "[OK]\n"
|
printf "[OK]\n"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
## check for updates to this script
|
||||||
### script self-update
|
printf "Checking for updates to this script... "
|
||||||
printf "checking for updates to this script... "
|
repoScriptChecksum=$( grep "$repoScriptName" "$checksumFilename" | grep -o '^\S*' )
|
||||||
localScriptChecksum=$( sha256 "./$scriptName" | grep -o '^\S*' )
|
localScriptChecksum=$( sha256sum "$localScriptName" | grep -o '^\S*' )
|
||||||
repoScriptChecksum=$( grep "$scriptName" "$checksumFilename" | grep -o '^\S*' )
|
|
||||||
if [ "$localScriptChecksum" = "$repoScriptChecksum" ]; then
|
if [ "$localScriptChecksum" = "$repoScriptChecksum" ]; then
|
||||||
printf "[NONE]\n"
|
printf "[NONE]\n"
|
||||||
else
|
else
|
||||||
# download updated script
|
# download updated script
|
||||||
if ! wget --quiet --tries=3 --timeout=10 -O "$scriptName" "$serverPath$scriptName"; then
|
if ! wget --quiet --tries=3 --timeout=10 -O $localScriptName "${server}${repoScriptName}"; then
|
||||||
printf "[ERROR]\n\n"
|
printf "[ERROR]\n"
|
||||||
printf "Unable to download script update. Try again later.\n\n"
|
printf "Unable to download script update. Try again later.\n\n"
|
||||||
exit 1
|
exit 1
|
||||||
else
|
else
|
||||||
# verify download
|
# verify download
|
||||||
localScriptChecksum=$( sha256sum "$scriptName" | grep -o '^\S*' )
|
localScriptChecksum=$( sha256sum "$localScriptName" | grep -o '^\S*' )
|
||||||
if ! [ "$localScriptChecksum" = "$repoScriptChecksum" ]; then
|
if ! [ "$localScriptChecksum" = "$repoScriptChecksum" ]; then
|
||||||
printf "[ERROR]\n"
|
printf "[ERROR]\n"
|
||||||
printf "Unable to verify checksum of updated script. Try again later.\n\n"
|
printf "Unable to verify checksum of updated script. Try again later.\n\n"
|
||||||
@ -95,31 +96,36 @@ fi
|
|||||||
set -- dummy $updateFiles
|
set -- dummy $updateFiles
|
||||||
shift
|
shift
|
||||||
for file; do
|
for file; do
|
||||||
printf "\nchecking '%s' for updates... " "$file"
|
updateTarget="$file"
|
||||||
repoFileChecksum=$( grep "$file" "$checksumFilename" | grep -o '^\S*' )
|
printf "\nChecking '%s' for updates... " "$updateTarget"
|
||||||
|
repoFile=$( grep "$updateTarget" "$checksumFilename" | grep -o '^\S*' )
|
||||||
if [ -f "$file" ]; then
|
if [ -f "$file" ]; then
|
||||||
localFileChecksum=$( sha256sum "$file" | grep -o '^\S*' )
|
localFile=$( sha256sum "$updateTarget" | grep -o '^\S*' )
|
||||||
else
|
else
|
||||||
localFileChecksum=0
|
localFile=0
|
||||||
fi
|
fi
|
||||||
if ! [ "$localFileChecksum" = "$repoFileChecksum" ]; then
|
|
||||||
|
if ! [ "$localFile" = "$repoFile" ]; then
|
||||||
printf "[AVAILABLE]\n"
|
printf "[AVAILABLE]\n"
|
||||||
updatesAvailable=$((updatesAvailable+1))
|
updatesAvailable=$((updatesAvailable+1))
|
||||||
# download update
|
# download update
|
||||||
printf "Downloading updated '%s'... " "$file"
|
printf "Downloading updated '%s'... " "$updateTarget"
|
||||||
if ! wget --quiet --tries=3 --timeout=10 -O "$file" "$serverPath$file"; then
|
# specify a name here instead of using the server name so that wget
|
||||||
|
# overwrites the file
|
||||||
|
if ! wget --quiet --tries=3 --timeout=10 -O "$updateTarget" "${server}${updateTarget}"; then
|
||||||
printf "[ERROR]\n"
|
printf "[ERROR]\n"
|
||||||
downloadFailed=$((downloadFailed+1))
|
downloadFailed=$((downloadFailed+1))
|
||||||
else
|
else
|
||||||
printf "[OK] "
|
printf "[OK]\n"
|
||||||
downloadSuccess=$((downloadSuccess+1))
|
downloadSuccess=$((downloadSuccess+1))
|
||||||
# verify download
|
# verify download
|
||||||
localFileChecksum=$( sha256sum "$file" | grep -o '^\S*' )
|
printf "Verifying '%s'... " "$updateTarget"
|
||||||
if ! [ "$localFileChecksum" = "$repoFileChecksum" ]; then
|
localFile=$( sha256sum "$updateTarget" | grep -o '^\S*' )
|
||||||
|
if ! [ "$localFile" = "$repoFile" ]; then
|
||||||
printf "[INVALID]\n"
|
printf "[INVALID]\n"
|
||||||
updateFailed=$((updateFailed+1))
|
updateFailed=$((updateFailed+1))
|
||||||
else
|
else
|
||||||
printf "[VERIFIED]\n"
|
printf "[OK]\n"
|
||||||
updateSuccess=$((updateSuccess+1))
|
updateSuccess=$((updateSuccess+1))
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
Loading…
Reference in New Issue
Block a user