Compare commits

..

5 Commits

Author SHA1 Message Date
Asif Bacchus
b4f8834d51 rename update script 2020-09-14 23:18:53 -06:00
Asif Bacchus
3bc3683b11 partial rewrite of script and new update location 2020-09-14 23:18:28 -06:00
Asif Bacchus
edf6a13e38 match container version, rename backup script 2020-09-14 16:33:55 -06:00
Asif Bacchus
368f4bb5fc fixed typo 2020-09-14 16:29:53 -06:00
Asif Bacchus
c9adb535b2 fix incorrect form of its 2020-09-14 16:25:05 -06:00
3 changed files with 60 additions and 68 deletions

View File

@ -1,15 +1,13 @@
####### #
### openLDAP backup script parameters file # openLDAP backup script parameters file
### version 3.2 # version 4.0
####### #
### This file should be protected since it contains the password used to
### encrypt your backup files!
### recommend at least:
### chown root:root backup.parameters
### chmod 600 backup.parameters
# This file should be protected since it contains the password used to
# encrypt your backup files!
# recommend at least:
# chown root:root backup.parameters
# chmod 600 backup.parameters
# password used to encrypt backup # password used to encrypt backup
password='myPassword' password='myPassword'
@ -17,11 +15,11 @@ password='myPassword'
### encryption options ### encryption options
# encryption cipher # encryption cipher
# use 'openssl enc --ciphers' to see which ciphers are supported by your # use 'openssl enc --ciphers' to see which ciphers are supported by your
# openSSL installation # openSSL installation
encryptionCipher='aes-256-cbc' encryptionCipher='aes-256-cbc'
# number of iterations used to derive the private key, higher is better but # number of iterations used to derive the private key, higher is better but
# more CPU intensive - minimum of 20000 recommended # more CPU intensive - minimum of 20000 recommended
encryptionIterations=25000 encryptionIterations=25000

View File

@ -1,8 +1,8 @@
#!/bin/sh #!/bin/sh
# #
### backup openLDAP configuration and frontend database(s) # backup openLDAP configuration and frontend database(s)
# version 3.2 # version 4.0
# #
@ -27,7 +27,7 @@ scriptPath="$( CDPATH='' cd -- "$( dirname -- "$0" )" && pwd -P )"
scriptName="$( basename "$0" )" scriptName="$( basename "$0" )"
# logfile default: same location and name as this script, with '.log' extension # logfile default: same location and name as this script, with '.log' extension
logfile="$scriptPath/${scriptName%.*}.log" logfile="$scriptPath/${scriptName%.*}.log"
# encryption parameters file default: same location and name as this script, # encryption parameters file default: same location and name as this script,
# with '.params' extension # with '.params' extension
encParams="$scriptPath/${scriptName%.*}.params" encParams="$scriptPath/${scriptName%.*}.params"
# backup mode by default # backup mode by default
@ -63,11 +63,11 @@ consoleError () {
exit "$1" exit "$1"
} }
decryptionNote () { decryptionNote () {
printf "\n" printf "\n"
textblock "${bold}${magenta}Decrypting your backup archive:${norm}" textblock "${bold}${magenta}Decrypting your backup archive:${norm}"
printf "\n" printf "\n"
textblock 'To decrypt and extract your backup file, you need the following information:' textblock 'To decrypt and extract your backup file, you need the following information:'
textblock '1. The password used to encrypt the file' textblock '1. The password used to encrypt the file'
textblock '2. The encryption cipher used (default: AES-256-CBC)' textblock '2. The encryption cipher used (default: AES-256-CBC)'
@ -132,12 +132,12 @@ scriptHelp () {
textblock "${bold}${magenta}Usage: ${scriptName} [parameters]${norm}" textblock "${bold}${magenta}Usage: ${scriptName} [parameters]${norm}"
printf "\n" printf "\n"
textblock "${cyan}Parameters ${yellow}(default value):${norm}" textblock "${cyan}Parameters ${yellow}(default value):${norm}"
textblock "There are NO mandatory parameters. By default the script will run in 'backup' mode and save an encrypted backup archive to the current directory. If a parameter is not supplied, it's default value will be used. In the case of a switch parameter, it will remain deactivated if not specified." textblock "There are NO mandatory parameters. By default the script will run in 'backup' mode and save an encrypted backup archive to the current directory. If a parameter is not supplied, its default value will be used. In the case of a switch parameter, it will remain deactivated if not specified."
printf "\n" printf "\n"
textblock "${bold}*** Common parameters ***${norm}" textblock "${bold}*** Common parameters ***${norm}"
printf "\n" printf "\n"
textblock "${cyan}-l, --log ${yellow}(scriptPath/scriptName.log)${norm}" textblock "${cyan}-l, --log ${yellow}(scriptPath/scriptName.log)${norm}"
textblock "FULL path to write log file. If you supply a path ending with a slash ('/') it will be assumed you mean a directory and the log file will be written to that directory using the format 'path/scriptname.log'. If you supply only a filename (no slashes anywhere), it will assumed you want to save the log using that name in the script directory. The script will attempt to create any provided paths/directories if they do not exist." textblock "FULL path to write log file. If you supply a path ending with a slash ('/') it will be assumed you mean a directory and the log file will be written to that directory using the format 'path/scriptname.log'. If you supply only a filename (no slashes anywhere), it will be assumed you want to save the log using that name in the script directory. The script will attempt to create any provided paths/directories if they do not exist."
printf "\n" printf "\n"
textblock "${cyan}-o, --output ${yellow}(scriptPath/)${norm}" textblock "${cyan}-o, --output ${yellow}(scriptPath/)${norm}"
textblock "Location where the output files should be saved on this machine. You should only specify a *directory* here (trailing slash optional). File names are automatic and cannot be changed via this script. All restore operations will create a 'restore' subdirectory in this specified directory." textblock "Location where the output files should be saved on this machine. You should only specify a *directory* here (trailing slash optional). File names are automatic and cannot be changed via this script. All restore operations will create a 'restore' subdirectory in this specified directory."
@ -401,7 +401,7 @@ else
;; ;;
esac esac
logInfo "Imported: '$encParams'" logInfo "Imported: '$encParams'"
# verify import # verify import
logInfo 'task' 'Verify encryption password' logInfo 'task' 'Verify encryption password'
if [ -z "$password" ]; then if [ -z "$password" ]; then
@ -435,7 +435,7 @@ if [ $extract = 'true' ]; then
# extract backupFile to outputLocation # extract backupFile to outputLocation
logInfo "Extracting backup file ($backupFile)" logInfo "Extracting backup file ($backupFile)"
# create extraction target directory # create extraction target directory
if [ ! -d "${outputLocation%/}/restore" ]; then if [ ! -d "${outputLocation%/}/restore" ]; then
# create subdirectory for restored files # create subdirectory for restored files
@ -537,7 +537,7 @@ elif [ $extract = 'false' ]; then
else else
logInfo 'done' logInfo 'done'
fi fi
i=$((i+1)) i=$((i+1))
done done
# compress and encrypt exported ldif files # compress and encrypt exported ldif files

View File

@ -1,11 +1,12 @@
#!/bin/sh #!/bin/sh
### update script for ab-openldap container and utility scripts #
# update script for ab-openldap container and utility scripts
# version 1.0.0 # version 1.0.0
# script by Asif Bacchus # script by Asif Bacchus
# usage of this script is subject to the license terms found at: # usage of this script is subject to the license terms found at:
# https://git.asifbacchus.app/ab-docker/scripts/LICENSE # https://git.asifbacchus.app/ab-docker/scripts/LICENSE
#
### pre-requisites ### pre-requisites
@ -32,55 +33,53 @@ updateSuccess=0
# reference constants # reference constants
containerName='ab-openldap' containerName='ab-openldap'
containerUpdatePath='docker.asifbacchus.app/ldap/ab-openldap:latest' containerUpdatePath='docker.asifbacchus.app/ldap/ab-openldap:latest'
server="https://git.asifbacchus.app/ab-docker/scripts/raw/branch/master/$containerName/" serverPath="https://asifbacchus.app/public/$containerName/"
checksumFilename='checksums.sha256' checksumFilename='checksums.sha256'
# files to update # files to update
localScriptName='update.sh' scriptName='ab-openldap-update.sh'
repoScriptName='update.sh' updateFiles="ab-openldap-backup.params.template ab-openldap-backup.sh ab-openldap.params.template ab-openldap.sh"
updateFiles="ab-openldap.sh ab-openldap.params.template backup.sh backup.params.template"
printf "\nUpdating %s:\n" "$containerName"
### update container ### update container
printf "\n*** Updating %s container and service scripts ***\n\n" "$containerName"
printf "Updating container:\n" printf "updating container... "
if ! docker pull "$containerUpdatePath"; then if ! docker pull "$containerUpdatePath"; then
printf "[ERROR]\n\n"
printf "There was an error updating the container. Try again later.\n\n" printf "There was an error updating the container. Try again later.\n\n"
exit 1 exit 1
else
printf "Container updated!\n\n"
fi
### update scripts
printf "Updating %s service scripts\n" "$containerName"
## download latest checksums
printf "Getting latest checksums from ab-git server... "
if ! wget --quiet --tries=3 --timeout=10 -N "${server}${checksumFilename}"; then
printf "[ERROR]\n"
printf "Unable to download checksums from ab-git server. Try again later.\n\n"
exit 1
else else
printf "[OK]\n" printf "[OK]\n"
fi fi
## check for updates to this script ### checksums
printf "Checking for updates to this script... " printf "downloading latest checksums... "
repoScriptChecksum=$( grep "$repoScriptName" "$checksumFilename" | grep -o '^\S*' ) if ! wget --quiet --tries=3 --timeout=10 -O "$checksumFilename" "$serverPath$checksumFilename"; then
localScriptChecksum=$( sha256sum "$localScriptName" | grep -o '^\S*' ) printf "[ERROR]\n\n"
printf "Unable to download updated checksums. Try again later.\n\n"
exit 1
else
printf "[OK]\n"
fi
### script self-update
printf "checking for updates to this script... "
localScriptChecksum=$( sha256 "./$scriptName" | grep -o '^\S*' )
repoScriptChecksum=$( grep "$scriptName" "$checksumFilename" | grep -o '^\S*' )
if [ "$localScriptChecksum" = "$repoScriptChecksum" ]; then if [ "$localScriptChecksum" = "$repoScriptChecksum" ]; then
printf "[NONE]\n" printf "[NONE]\n"
else else
# download updated script # download updated script
if ! wget --quiet --tries=3 --timeout=10 -O $localScriptName "${server}${repoScriptName}"; then if ! wget --quiet --tries=3 --timeout=10 -O "$scriptName" "$serverPath$scriptName"; then
printf "[ERROR]\n" printf "[ERROR]\n\n"
printf "Unable to download script update. Try again later.\n\n" printf "Unable to download script update. Try again later.\n\n"
exit 1 exit 1
else else
# verify download # verify download
localScriptChecksum=$( sha256sum "$localScriptName" | grep -o '^\S*' ) localScriptChecksum=$( sha256sum "$scriptName" | grep -o '^\S*' )
if ! [ "$localScriptChecksum" = "$repoScriptChecksum" ]; then if ! [ "$localScriptChecksum" = "$repoScriptChecksum" ]; then
printf "[ERROR]\n" printf "[ERROR]\n"
printf "Unable to verify checksum of updated script. Try again later.\n\n" printf "Unable to verify checksum of updated script. Try again later.\n\n"
@ -96,36 +95,31 @@ fi
set -- dummy $updateFiles set -- dummy $updateFiles
shift shift
for file; do for file; do
updateTarget="$file" printf "\nchecking '%s' for updates... " "$file"
printf "\nChecking '%s' for updates... " "$updateTarget" repoFileChecksum=$( grep "$file" "$checksumFilename" | grep -o '^\S*' )
repoFile=$( grep "$updateTarget" "$checksumFilename" | grep -o '^\S*' )
if [ -f "$file" ]; then if [ -f "$file" ]; then
localFile=$( sha256sum "$updateTarget" | grep -o '^\S*' ) localFileChecksum=$( sha256sum "$file" | grep -o '^\S*' )
else else
localFile=0 localFileChecksum=0
fi fi
if ! [ "$localFileChecksum" = "$repoFileChecksum" ]; then
if ! [ "$localFile" = "$repoFile" ]; then
printf "[AVAILABLE]\n" printf "[AVAILABLE]\n"
updatesAvailable=$((updatesAvailable+1)) updatesAvailable=$((updatesAvailable+1))
# download update # download update
printf "Downloading updated '%s'... " "$updateTarget" printf "Downloading updated '%s'... " "$file"
# specify a name here instead of using the server name so that wget if ! wget --quiet --tries=3 --timeout=10 -O "$file" "$serverPath$file"; then
# overwrites the file
if ! wget --quiet --tries=3 --timeout=10 -O "$updateTarget" "${server}${updateTarget}"; then
printf "[ERROR]\n" printf "[ERROR]\n"
downloadFailed=$((downloadFailed+1)) downloadFailed=$((downloadFailed+1))
else else
printf "[OK]\n" printf "[OK] "
downloadSuccess=$((downloadSuccess+1)) downloadSuccess=$((downloadSuccess+1))
# verify download # verify download
printf "Verifying '%s'... " "$updateTarget" localFileChecksum=$( sha256sum "$file" | grep -o '^\S*' )
localFile=$( sha256sum "$updateTarget" | grep -o '^\S*' ) if ! [ "$localFileChecksum" = "$repoFileChecksum" ]; then
if ! [ "$localFile" = "$repoFile" ]; then
printf "[INVALID]\n" printf "[INVALID]\n"
updateFailed=$((updateFailed+1)) updateFailed=$((updateFailed+1))
else else
printf "[OK]\n" printf "[VERIFIED]\n"
updateSuccess=$((updateSuccess+1)) updateSuccess=$((updateSuccess+1))
fi fi
fi fi