From 21a8f80b7a34c26f620fd9bb612dc4a8fb1c1049 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 2 Nov 2021 05:50:39 -0400 Subject: [PATCH] import rear-2.6-8.el9 --- .gitignore | 1 + .rear.metadata | 1 + .../0001-skip-kernel-buildin-modules.patch | 47 +++ SOURCES/rear-bz1492177-warning.patch | 15 + SOURCES/rear-bz1832394.patch | 351 ++++++++++++++++++ SOURCES/rear-sfdc02772301.patch | 38 ++ SOURCES/rear.cron | 4 + SOURCES/rear.service | 6 + SOURCES/rear.timer | 10 + SPECS/rear.spec | 185 +++++++++ 10 files changed, 658 insertions(+) create mode 100644 .gitignore create mode 100644 .rear.metadata create mode 100644 SOURCES/0001-skip-kernel-buildin-modules.patch create mode 100644 SOURCES/rear-bz1492177-warning.patch create mode 100644 SOURCES/rear-bz1832394.patch create mode 100644 SOURCES/rear-sfdc02772301.patch create mode 100644 SOURCES/rear.cron create mode 100644 SOURCES/rear.service create mode 100644 SOURCES/rear.timer create mode 100644 SPECS/rear.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5d90595 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/rear-2.6.tar.gz diff --git a/.rear.metadata b/.rear.metadata new file mode 100644 index 0000000..a5f7fb3 --- /dev/null +++ b/.rear.metadata @@ -0,0 +1 @@ +13c23ad59254438ffcd0cde6400fd991cbfe194e SOURCES/rear-2.6.tar.gz diff --git a/SOURCES/0001-skip-kernel-buildin-modules.patch b/SOURCES/0001-skip-kernel-buildin-modules.patch new file mode 100644 index 0000000..c7d07f5 --- /dev/null +++ b/SOURCES/0001-skip-kernel-buildin-modules.patch @@ -0,0 +1,47 @@ +From df5e18b8d7c8359b48bc133bfa29734934d18160 Mon Sep 17 00:00:00 2001 +From: Johannes Meixner +Date: Mon, 10 Aug 2020 16:20:38 +0200 +Subject: [PATCH] Merge pull request #2469 from + rear/skip-kernel-builtin-modules-issue2414 + +In 400_copy_modules.sh skip copying kernel modules that are builtin modules. +The new behaviour is that when modules are listed in modules.builtin +and are also shown by modinfo then those modules are now skipped. +Before for such modules the modules file(s) would have been included +in the recovery system. +See https://github.com/rear/rear/issues/2414 +--- + usr/share/rear/build/GNU/Linux/400_copy_modules.sh | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/usr/share/rear/build/GNU/Linux/400_copy_modules.sh b/usr/share/rear/build/GNU/Linux/400_copy_modules.sh +index d8d733d2..641b7f83 100644 +--- a/usr/share/rear/build/GNU/Linux/400_copy_modules.sh ++++ b/usr/share/rear/build/GNU/Linux/400_copy_modules.sh +@@ -133,8 +133,13 @@ for dummy in "once" ; do + module=${module#.o} + # Strip trailing ".ko" if there: + module=${module#.ko} +- # Continue with the next module if the current one does not exist: ++ # Continue with the next module if the current one does not exist as a module file: + modinfo $module 1>/dev/null || continue ++ # Continue with the next module if the current one is a kernel builtin module ++ # cf. https://github.com/rear/rear/issues/2414#issuecomment-668632798 ++ # Quoting the grep search value is mandatory here ($module might be empty or blank), ++ # cf. "Beware of the emptiness" in https://github.com/rear/rear/wiki/Coding-Style ++ grep -q "$( echo $module | tr '_-' '..' )" /lib/modules/$KERNEL_VERSION/modules.builtin && continue + # Resolve module dependencies: + # Get the module file plus the module files of other needed modules. + # This is currently only a "best effort" attempt because +@@ -166,7 +171,10 @@ done + + # Remove those modules that are specified in the EXCLUDE_MODULES array: + for exclude_module in "${EXCLUDE_MODULES[@]}" ; do +- # Continue with the next module if the current one does not exist: ++ # Continue with the next module only if the current one does not exist as a module file ++ # but do not continue with the next module if the current one is a kernel builtin module ++ # so when a module file exists that gets removed regardless if it is also a builtin module ++ # cf. https://github.com/rear/rear/issues/2414#issuecomment-669115481 + modinfo $exclude_module 1>/dev/null || continue + # In this case it is ignored when a module exists but 'modinfo -F filename' cannot show its filename + # because then it is assumed that also no module file had been copied above: diff --git a/SOURCES/rear-bz1492177-warning.patch b/SOURCES/rear-bz1492177-warning.patch new file mode 100644 index 0000000..1f5556f --- /dev/null +++ b/SOURCES/rear-bz1492177-warning.patch @@ -0,0 +1,15 @@ +diff --git a/usr/share/rear/output/ISO/Linux-i386/249_check_rhel_grub2_efi_package.sh b/usr/share/rear/output/ISO/Linux-i386/249_check_rhel_grub2_efi_package.sh +new file mode 100644 +index 00000000..4c4ded08 +--- /dev/null ++++ b/usr/share/rear/output/ISO/Linux-i386/249_check_rhel_grub2_efi_package.sh +@@ -0,0 +1,9 @@ ++# 249_check_rhel_grub2_efi_package.sh ++ ++is_true $USING_UEFI_BOOTLOADER || return # empty or 0 means NO UEFI ++ ++( ++ VERBOSE=1 ++ test -r /usr/lib/grub/x86_64-efi/moddep.lst ++ PrintIfError "WARNING: /usr/lib/grub/x86_64-efi/moddep.lst not found, grub2-mkimage will likely fail. Please install the grub2-efi-x64-modules package to fix this." ++) diff --git a/SOURCES/rear-bz1832394.patch b/SOURCES/rear-bz1832394.patch new file mode 100644 index 0000000..3405422 --- /dev/null +++ b/SOURCES/rear-bz1832394.patch @@ -0,0 +1,351 @@ +diff --git a/doc/user-guide/06-layout-configuration.adoc b/doc/user-guide/06-layout-configuration.adoc +index f59384db..88ba0420 100644 +--- a/doc/user-guide/06-layout-configuration.adoc ++++ b/doc/user-guide/06-layout-configuration.adoc +@@ -630,7 +630,7 @@ lvmvol [key:value ...] + + === LUKS Devices === + ---------------------------------- +-crypt /dev/mapper/ [cipher=] [key_size=] [hash=] [uuid=] [keyfile=] [password=] ++crypt /dev/mapper/ [type=] [cipher=] [key_size=] [hash=] [uuid=] [keyfile=] [password=] + ---------------------------------- + + === DRBD === +diff --git a/usr/share/rear/layout/prepare/GNU/Linux/160_include_luks_code.sh b/usr/share/rear/layout/prepare/GNU/Linux/160_include_luks_code.sh +index 05279bc8..0c662f67 100644 +--- a/usr/share/rear/layout/prepare/GNU/Linux/160_include_luks_code.sh ++++ b/usr/share/rear/layout/prepare/GNU/Linux/160_include_luks_code.sh +@@ -1,35 +1,75 @@ ++ + # Code to recreate and/or open LUKS volumes. + + create_crypt() { ++ # See the create_device() function in lib/layout-functions.sh what "device type" means: ++ local device_type="$1" ++ if ! grep -q "^crypt $device_type " "$LAYOUT_FILE" ; then ++ LogPrintError "Skip recreating LUKS volume $device_type (no 'crypt $device_type' entry in $LAYOUT_FILE)" ++ # FIXME: The return code is ignored in the create_device() function in lib/layout-functions.sh: ++ return 1 ++ fi ++ + local crypt target_device source_device options +- read crypt target_device source_device options < <(grep "^crypt $1 " "$LAYOUT_FILE") ++ local mapping_name option key value ++ local cryptsetup_options="" keyfile="" password="" + +- local target_name=${target_device#/dev/mapper/} ++ read crypt target_device source_device options < <( grep "^crypt $device_type " "$LAYOUT_FILE" ) ++ ++ # Careful! One cannot 'test -b $source_device' here at the time when this code is run ++ # because the source device is usually a disk partition block device like /dev/sda2 ++ # but disk partition block devices usually do not yet exist (in particular not on a new clean disk) ++ # because partitions are actually created later when the diskrestore.sh script is run ++ # but not here when this code is run which only generates the diskrestore.sh script: ++ if ! test $source_device ; then ++ LogPrintError "Skip recreating LUKS volume $device_type: No source device (see the 'crypt $device_type' entry in $LAYOUT_FILE)" ++ # FIXME: The return code is ignored in the create_device() function in lib/layout-functions.sh: ++ return 1 ++ fi ++ ++ mapping_name=${target_device#/dev/mapper/} ++ if ! test $mapping_name ; then ++ LogPrintError "Skip recreating LUKS volume $device_type on $source_device: No /dev/mapper/... mapping name (see the 'crypt $device_type' entry in $LAYOUT_FILE)" ++ # FIXME: The return code is ignored in the create_device() function in lib/layout-functions.sh: ++ return 1 ++ fi + +- local cryptsetup_options="" keyfile="" password="" +- local option key value + for option in $options ; do +- key=${option%=*} ++ # $option is of the form keyword=value and ++ # we assume keyword has no '=' character but value could be anything that may have a '=' character ++ # so we split keyword=value at the leftmost '=' character so that ++ # e.g. keyword=foo=bar gets split into key="keyword" and value="foo=bar": ++ key=${option%%=*} + value=${option#*=} +- ++ # The "cryptseup luksFormat" command does not require any of the type, cipher, key-size, hash, uuid option values ++ # because if omitted a cryptseup default value is used so we treat those values as optional. ++ # Using plain test to ensure the value is a single non empty and non blank word ++ # without quoting because test " " would return zero exit code ++ # cf. "Beware of the emptiness" in https://github.com/rear/rear/wiki/Coding-Style + case "$key" in +- cipher) +- cryptsetup_options+=" --cipher $value" ++ (type) ++ test $value && cryptsetup_options+=" --type $value" ++ ;; ++ (cipher) ++ test $value && cryptsetup_options+=" --cipher $value" ++ ;; ++ (key_size) ++ test $value && cryptsetup_options+=" --key-size $value" + ;; +- key_size) +- cryptsetup_options+=" --key-size $value" ++ (hash) ++ test $value && cryptsetup_options+=" --hash $value" + ;; +- hash) +- cryptsetup_options+=" --hash $value" ++ (uuid) ++ test $value && cryptsetup_options+=" --uuid $value" + ;; +- uuid) +- cryptsetup_options+=" --uuid $value" ++ (keyfile) ++ test $value && keyfile=$value + ;; +- keyfile) +- keyfile=$value ++ (password) ++ test $value && password=$value + ;; +- password) +- password=$value ++ (*) ++ LogPrintError "Skipping unsupported LUKS cryptsetup option '$key' in 'crypt $target_device $source_device' entry in $LAYOUT_FILE" + ;; + esac + done +@@ -37,26 +77,25 @@ create_crypt() { + cryptsetup_options+=" $LUKS_CRYPTSETUP_OPTIONS" + + ( +- echo "Log \"Creating LUKS device $target_name on $source_device\"" ++ echo "LogPrint \"Creating LUKS volume $mapping_name on $source_device\"" + if [ -n "$keyfile" ] ; then + # Assign a temporary keyfile at this stage so that original keyfiles do not leak onto the rescue medium. + # The original keyfile will be restored from the backup and then re-assigned to the LUKS device in the + # 'finalize' stage. + # The scheme for generating a temporary keyfile path must be the same here and in the 'finalize' stage. +- keyfile="${TMPDIR:-/tmp}/LUKS-keyfile-$target_name" ++ keyfile="$TMP_DIR/LUKS-keyfile-$mapping_name" + dd bs=512 count=4 if=/dev/urandom of="$keyfile" + chmod u=rw,go=- "$keyfile" +- + echo "cryptsetup luksFormat --batch-mode $cryptsetup_options $source_device $keyfile" +- echo "cryptsetup luksOpen --key-file $keyfile $source_device $target_name" ++ echo "cryptsetup luksOpen --key-file $keyfile $source_device $mapping_name" + elif [ -n "$password" ] ; then + echo "echo \"$password\" | cryptsetup luksFormat --batch-mode $cryptsetup_options $source_device" +- echo "echo \"$password\" | cryptsetup luksOpen $source_device $target_name" ++ echo "echo \"$password\" | cryptsetup luksOpen $source_device $mapping_name" + else +- echo "LogPrint \"Please enter the password for LUKS device $target_name ($source_device):\"" ++ echo "LogUserOutput \"Set the password for LUKS volume $mapping_name (for 'cryptsetup luksFormat' on $source_device):\"" + echo "cryptsetup luksFormat --batch-mode $cryptsetup_options $source_device" +- echo "LogPrint \"Please re-enter the password for LUKS device $target_name ($source_device):\"" +- echo "cryptsetup luksOpen $source_device $target_name" ++ echo "LogUserOutput \"Enter the password for LUKS volume $mapping_name (for 'cryptsetup luksOpen' on $source_device):\"" ++ echo "cryptsetup luksOpen $source_device $mapping_name" + fi + echo "" + ) >> "$LAYOUT_CODE" +@@ -64,38 +103,61 @@ create_crypt() { + + # Function open_crypt() is meant to be used by the 'mountonly' workflow + open_crypt() { ++ # See the do_mount_device() function in lib/layout-functions.sh what "device type" means: ++ local device_type="$1" ++ if ! grep -q "^crypt $device_type " "$LAYOUT_FILE" ; then ++ LogPrintError "Skip opening LUKS volume $device_type (no 'crypt $device_type' entry in $LAYOUT_FILE)" ++ # FIXME: The return code is ignored in the do_mount_device() function in lib/layout-functions.sh: ++ return 1 ++ fi ++ + local crypt target_device source_device options +- read crypt target_device source_device options < <(grep "^crypt $1 " "$LAYOUT_FILE") ++ local mapping_name option key value ++ local cryptsetup_options="" keyfile="" password="" + +- local target_name=${target_device#/dev/mapper/} ++ read crypt target_device source_device options < <( grep "^crypt $device_type " "$LAYOUT_FILE" ) ++ ++ if ! test -b "$source_device" ; then ++ LogPrintError "Skip opening LUKS volume $device_type on device '$source_device' that is no block device (see the 'crypt $device_type' entry in $LAYOUT_FILE)" ++ # FIXME: The return code is ignored in the do_mount_device() function in lib/layout-functions.sh: ++ return 1 ++ fi ++ ++ mapping_name=${target_device#/dev/mapper/} ++ if ! test $mapping_name ; then ++ LogPrintError "Skip opening LUKS volume $device_type on $source_device: No /dev/mapper/... mapping name (see the 'crypt $device_type' entry in $LAYOUT_FILE)" ++ # FIXME: The return code is ignored in the do_mount_device() function in lib/layout-functions.sh: ++ return 1 ++ fi + +- local cryptsetup_options="" keyfile="" password="" +- local option key value + for option in $options ; do +- key=${option%=*} ++ # $option is of the form keyword=value and ++ # we assume keyword has no '=' character but value could be anything that may have a '=' character ++ # so we split keyword=value at the leftmost '=' character so that ++ # e.g. keyword=foo=bar gets split into key="keyword" and value="foo=bar": ++ key=${option%%=*} + value=${option#*=} +- + case "$key" in +- keyfile) +- keyfile=$value ++ (keyfile) ++ test $value && keyfile=$value + ;; +- password) +- password=$value ++ (password) ++ test $value && password=$value + ;; + esac + done + + ( +- echo "Log \"Opening LUKS device $target_name on $source_device\"" ++ echo "LogPrint \"Opening LUKS volume $mapping_name on $source_device\"" + if [ -n "$keyfile" ] ; then + # During a 'mountonly' workflow, the original keyfile is supposed to be + # available at this point. +- echo "cryptsetup luksOpen --key-file $keyfile $source_device $target_name" ++ echo "cryptsetup luksOpen --key-file $keyfile $source_device $mapping_name" + elif [ -n "$password" ] ; then +- echo "echo \"$password\" | cryptsetup luksOpen $source_device $target_name" ++ echo "echo \"$password\" | cryptsetup luksOpen $source_device $mapping_name" + else +- echo "LogPrint \"Please enter the password for LUKS device $target_name ($source_device):\"" +- echo "cryptsetup luksOpen $source_device $target_name" ++ echo "LogUserOutput \"Enter the password for LUKS volume $mapping_name (for 'cryptsetup luksOpen' on $source_device):\"" ++ echo "cryptsetup luksOpen $source_device $mapping_name" + fi + echo "" + ) >> "$LAYOUT_CODE" +diff --git a/usr/share/rear/layout/save/GNU/Linux/260_crypt_layout.sh b/usr/share/rear/layout/save/GNU/Linux/260_crypt_layout.sh +index c1e1cfd5..afeabf6a 100644 +--- a/usr/share/rear/layout/save/GNU/Linux/260_crypt_layout.sh ++++ b/usr/share/rear/layout/save/GNU/Linux/260_crypt_layout.sh +@@ -9,6 +9,8 @@ Log "Saving Encrypted volumes." + REQUIRED_PROGS+=( cryptsetup dmsetup ) + COPY_AS_IS+=( /usr/share/cracklib/\* /etc/security/pwquality.conf ) + ++local invalid_cryptsetup_option_value="no" ++ + while read target_name junk ; do + # find the target device we're mapping + if ! [ -e /dev/mapper/$target_name ] ; then +@@ -30,29 +32,96 @@ while read target_name junk ; do + source_device="$(get_device_name ${slave##*/})" + done + +- if ! cryptsetup isLuks $source_device >/dev/null 2>&1; then ++ if ! blkid -p -o export $source_device >$TMP_DIR/blkid.output ; then ++ LogPrintError "Error: Cannot get attributes for $target_name ('blkid -p -o export $source_device' failed)" + continue + fi + +- # gather crypt information +- cipher=$(cryptsetup luksDump $source_device | grep "Cipher name" | sed -r 's/^.+:\s*(.+)$/\1/') +- mode=$(cryptsetup luksDump $source_device | grep "Cipher mode" | cut -d: -f2- | awk '{printf("%s",$1)};') +- key_size=$(cryptsetup luksDump $source_device | grep "MK bits" | sed -r 's/^.+:\s*(.+)$/\1/') +- hash=$(cryptsetup luksDump $source_device | grep "Hash spec" | sed -r 's/^.+:\s*(.+)$/\1/') +- uuid=$(cryptsetup luksDump $source_device | grep "UUID" | sed -r 's/^.+:\s*(.+)$/\1/') +- keyfile_option=$([ -f /etc/crypttab ] && awk '$1 == "'"$target_name"'" && $3 != "none" && $3 != "-" && $3 != "" { print "keyfile=" $3; }' /etc/crypttab) ++ if ! grep -q "TYPE=crypto_LUKS" $TMP_DIR/blkid.output ; then ++ Log "Skipping $target_name (no 'TYPE=crypto_LUKS' in 'blkid -p -o export $source_device' output)" ++ continue ++ fi + +- # LUKS version 2 is not yet suppported, see https://github.com/rear/rear/issues/2204 +- # When LUKS version 2 is used the above code fails at least to determine the hash value +- # so we use an empty hash value as a simple test if gathering crypt information was successful: +- test "$hash" || Error "No hash value for LUKS device '$target_name' at '$source_device' (only LUKS version 1 is supported)" ++ # Detect LUKS version: ++ # Remove all non-digits in particular to avoid leading or trailing spaces in the version string ++ # cf. "Beware of the emptiness" in https://github.com/rear/rear/wiki/Coding-Style ++ # that could happen if the blkid output contains "VERSION = 2" so that 'cut -d= -f2' results " 2". ++ version=$( grep "VERSION" $TMP_DIR/blkid.output | cut -d= -f2 | tr -c -d '[:digit:]' ) ++ if ! test "$version" = "1" -o "$version" = "2" ; then ++ LogPrintError "Error: Unsupported LUKS version for $target_name ('blkid -p -o export $source_device' shows 'VERSION=$version')" ++ continue ++ fi ++ luks_type=luks$version + +- echo "crypt /dev/mapper/$target_name $source_device cipher=$cipher-$mode key_size=$key_size hash=$hash uuid=$uuid $keyfile_option" >> $DISKLAYOUT_FILE +-done < <( dmsetup ls --target crypt ) ++ # Gather crypt information: ++ if ! cryptsetup luksDump $source_device >$TMP_DIR/cryptsetup.luksDump ; then ++ LogPrintError "Error: Cannot get LUKS$version values for $target_name ('cryptsetup luksDump $source_device' failed)" ++ continue ++ fi ++ uuid=$( grep "UUID" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' ) ++ keyfile_option=$( [ -f /etc/crypttab ] && awk '$1 == "'"$target_name"'" && $3 != "none" && $3 != "-" && $3 != "" { print "keyfile=" $3; }' /etc/crypttab ) ++ if test $luks_type = "luks1" ; then ++ cipher_name=$( grep "Cipher name" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' ) ++ cipher_mode=$( grep "Cipher mode" $TMP_DIR/cryptsetup.luksDump | cut -d: -f2- | awk '{printf("%s",$1)};' ) ++ cipher=$cipher_name-$cipher_mode ++ key_size=$( grep "MK bits" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' ) ++ hash=$( grep "Hash spec" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' ) ++ elif test $luks_type = "luks2" ; then ++ cipher=$( grep "cipher:" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' ) ++ # More than one keyslot may be defined - use key_size from the first slot. ++ # Depending on the version the "cryptsetup luksDump" command outputs the key_size value ++ # as a line like ++ # Key: 512 bits ++ # and/or as a line like ++ # Cipher key: 512 bits ++ # cf. https://github.com/rear/rear/pull/2504#issuecomment-718729198 and subsequent comments ++ # so we grep for both lines but use only the first match from the first slot: ++ key_size=$( egrep -m 1 "Key:|Cipher key:" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+) bits$/\1/' ) ++ hash=$( grep "Hash" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' ) ++ fi + +-# cryptsetup is required in the recovery system if disklayout.conf contains at least one 'crypt' entry +-# see the create_crypt function in layout/prepare/GNU/Linux/160_include_luks_code.sh +-# what program calls are written to diskrestore.sh +-# cf. https://github.com/rear/rear/issues/1963 +-grep -q '^crypt ' $DISKLAYOUT_FILE && REQUIRED_PROGS+=( cryptsetup ) || true ++ # Basic checks that the cipher key_size hash uuid values exist ++ # cf. https://github.com/rear/rear/pull/2504#issuecomment-718729198 ++ # because some values are needed during "rear recover" ++ # to set cryptsetup options in layout/prepare/GNU/Linux/160_include_luks_code.sh ++ # and it seems cryptsetup fails when options with empty values are specified ++ # cf. https://github.com/rear/rear/pull/2504#issuecomment-719479724 ++ # For example a LUKS1 crypt entry in disklayout.conf looks like ++ # crypt /dev/mapper/luks1test /dev/sda7 type=luks1 cipher=aes-xts-plain64 key_size=256 hash=sha256 uuid=1b4198c9-d9b0-4c57-b9a3-3433e391e706 ++ # and a LUKS1 crypt entry in disklayout.conf looks like ++ # crypt /dev/mapper/luks2test /dev/sda8 type=luks2 cipher=aes-xts-plain64 key_size=256 hash=sha256 uuid=3e874a28-7415-4f8c-9757-b3f28a96c4d2 ++ # Only the keyfile_option value is optional and the luks_type value is already tested above. ++ # Using plain test to ensure a value is a single non empty and non blank word ++ # without quoting because test " " would return zero exit code ++ # cf. "Beware of the emptiness" in https://github.com/rear/rear/wiki/Coding-Style ++ # Do not error out instantly here but only report errors here so the user can see all messages ++ # and actually error out at the end of this script if there was one actually invalid value: ++ if ! test $cipher ; then ++ LogPrint "No 'cipher' value for LUKS$version volume $target_name in $source_device" ++ fi ++ if test $key_size ; then ++ if ! is_positive_integer $key_size ; then ++ LogPrintError "Error: 'key_size=$key_size' is no positive integer for LUKS$version volume $target_name in $source_device" ++ invalid_cryptsetup_option_value="yes" ++ fi ++ else ++ LogPrint "No 'key_size' value for LUKS$version volume $target_name in $source_device" ++ fi ++ if ! test $hash ; then ++ LogPrint "No 'hash' value for LUKS$version volume $target_name in $source_device" ++ fi ++ if ! test $uuid ; then ++ # Report a missig uuid value as an error to have the user informed ++ # but do not error out here because things can be fixed manually during "rear recover" ++ # cf. https://github.com/rear/rear/pull/2506#issuecomment-721757810 ++ # and https://github.com/rear/rear/pull/2506#issuecomment-722315498 ++ # and https://github.com/rear/rear/issues/2509 ++ LogPrintError "Error: No 'uuid' value for LUKS$version volume $target_name in $source_device (mounting it or booting the recreated system may fail)" ++ fi ++ ++ echo "crypt /dev/mapper/$target_name $source_device type=$luks_type cipher=$cipher key_size=$key_size hash=$hash uuid=$uuid $keyfile_option" >> $DISKLAYOUT_FILE ++ ++done < <( dmsetup ls --target crypt ) + ++# Let this script return successfully when invalid_cryptsetup_option_value is not true: ++is_true $invalid_cryptsetup_option_value && Error "Invalid or empty LUKS cryptsetup option value(s) in $DISKLAYOUT_FILE" || true diff --git a/SOURCES/rear-sfdc02772301.patch b/SOURCES/rear-sfdc02772301.patch new file mode 100644 index 0000000..74456dd --- /dev/null +++ b/SOURCES/rear-sfdc02772301.patch @@ -0,0 +1,38 @@ +diff --git a/usr/share/rear/conf/default.conf b/usr/share/rear/conf/default.conf +index 9ada92c3..455aa3ce 100644 +--- a/usr/share/rear/conf/default.conf ++++ b/usr/share/rear/conf/default.conf +@@ -1813,7 +1813,7 @@ OBDR_BLOCKSIZE=2048 + # BACKUP=NBU stuff (Symantec/Veritas NetBackup) + ## + # +-COPY_AS_IS_NBU=( /usr/openv/bin/vnetd /usr/openv/bin/vopied /usr/openv/lib /usr/openv/netbackup /usr/openv/var/auth/[mn]*.txt ) ++COPY_AS_IS_NBU=( /usr/openv/bin/vnetd /usr/openv/bin/vopied /usr/openv/lib /usr/openv/netbackup /usr/openv/var/auth/[mn]*.txt /opt/VRTSpbx /etc/vx/VxICS /etc/vx/vrtslog.conf ) + COPY_AS_IS_EXCLUDE_NBU=( /usr/openv/netbackup/logs "/usr/openv/netbackup/bin/bpjava*" /usr/openv/netbackup/bin/xbp /usr/openv/netbackup/bin/private /usr/openv/lib/java /usr/openv/lib/shared/vddk /usr/openv/netbackup/baremetal ) + # See https://github.com/rear/rear/issues/2105 why /usr/openv/netbackup/sec/at/lib/ is needed: + NBU_LD_LIBRARY_PATH="/usr/openv/lib:/usr/openv/netbackup/sec/at/lib/" +diff --git a/usr/share/rear/rescue/NBU/default/450_prepare_netbackup.sh b/usr/share/rear/rescue/NBU/default/450_prepare_netbackup.sh +index cd48b8d9..ae5a3ccc 100644 +--- a/usr/share/rear/rescue/NBU/default/450_prepare_netbackup.sh ++++ b/usr/share/rear/rescue/NBU/default/450_prepare_netbackup.sh +@@ -7,6 +7,12 @@ + + [[ $NBU_version -lt 7 ]] && return # NBU is using xinetd when version <7.x + ++if [ -e "/etc/init.d/vxpbx_exchanged" ]; then ++ cp $v /etc/init.d/vxpbx_exchanged $ROOTFS_DIR/etc/scripts/system-setup.d/vxpbx_exchanged.real ++ chmod $v +x $ROOTFS_DIR/etc/scripts/system-setup.d/vxpbx_exchanged.real ++ echo "( /etc/scripts/system-setup.d/vxpbx_exchanged.real start )" > $ROOTFS_DIR/etc/scripts/system-setup.d/89-vxpbx_exchanged.sh ++fi ++ + if [ -e "/etc/init.d/netbackup" ]; then + cp $v /etc/init.d/netbackup $ROOTFS_DIR/etc/scripts/system-setup.d/netbackup.real + chmod $v +x $ROOTFS_DIR/etc/scripts/system-setup.d/netbackup.real +diff --git a/usr/share/rear/skel/NBU/usr/openv/tmp/.gitignore b/usr/share/rear/skel/NBU/usr/openv/tmp/.gitignore +new file mode 100644 +index 00000000..d6b7ef32 +--- /dev/null ++++ b/usr/share/rear/skel/NBU/usr/openv/tmp/.gitignore +@@ -0,0 +1,2 @@ ++* ++!.gitignore diff --git a/SOURCES/rear.cron b/SOURCES/rear.cron new file mode 100644 index 0000000..b4dbce1 --- /dev/null +++ b/SOURCES/rear.cron @@ -0,0 +1,4 @@ +# cronjob for ReaR +# periodically check if disk layout has changed and update +# the rescue image +30 1 * * * root test -f /var/lib/rear/layout/disklayout.conf && /usr/sbin/rear checklayout || /usr/sbin/rear mkrescue diff --git a/SOURCES/rear.service b/SOURCES/rear.service new file mode 100644 index 0000000..e1e359a --- /dev/null +++ b/SOURCES/rear.service @@ -0,0 +1,6 @@ +[Unit] +Description=Update ReaR rescue image + +[Service] +Type=oneshot +ExecStart=/usr/sbin/rear checklayout || /usr/sbin/rear mkrescue diff --git a/SOURCES/rear.timer b/SOURCES/rear.timer new file mode 100644 index 0000000..6012724 --- /dev/null +++ b/SOURCES/rear.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Update ReaR rescue image + +[Timer] +OnCalendar=daily +RandomizedDelaySec=1h +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/SPECS/rear.spec b/SPECS/rear.spec new file mode 100644 index 0000000..395283c --- /dev/null +++ b/SPECS/rear.spec @@ -0,0 +1,185 @@ +# this is purely a shell script, so no debug packages +%global debug_package %{nil} + +Name: rear +Version: 2.6 +Release: 8%{?dist} +Summary: Relax-and-Recover is a Linux disaster recovery and system migration tool +URL: http://relax-and-recover.org/ +License: GPLv3 + +Source0: https://github.com/rear/rear/archive/%{version}.tar.gz#/rear-%{version}.tar.gz +# Add cronjob and systemd timer as documentation +Source1: rear.cron +Source2: rear.service +Source3: rear.timer +# Skip buildin modules, RHBZ#1831311 +Patch0: 0001-skip-kernel-buildin-modules.patch +Patch4: rear-bz1492177-warning.patch +Patch29: rear-bz1832394.patch +Patch30: rear-sfdc02772301.patch + +# rear contains only bash scripts plus documentation so that on first glance it could be "BuildArch: noarch" +# but actually it is not "noarch" because it only works on those architectures that are explicitly supported. +# Of course the rear bash scripts can be installed on any architecture just as any binaries can be installed on any architecture. +# But the meaning of architecture dependent packages should be on what architectures they will work. +# Therefore only those architectures that are actually supported are explicitly listed. +# This avoids that rear can be "just installed" on architectures that are actually not supported (e.g. ARM): +ExclusiveArch: %ix86 x86_64 ppc ppc64 ppc64le ia64 s390x +# Furthermore for some architectures it requires architecture dependent packages (like syslinux for x86 and x86_64) +# so that rear must be architecture dependent because ifarch conditions never match in case of "BuildArch: noarch" +# see the GitHub issue https://github.com/rear/rear/issues/629 +%ifarch %ix86 x86_64 +Requires: syslinux +%endif +# In the end this should tell the user that rear is known to work only on ix86 x86_64 ppc ppc64 ppc64le ia64 +# and on ix86 x86_64 syslinux is explicitly required to make the bootable ISO image +# (in addition to the default installed bootloader grub2) while on ppc ppc64 the +# default installed bootloader yaboot is also useed to make the bootable ISO image. + +# Required for HTML user guide +BuildRequires: make +BuildRequires: asciidoctor + +### Mandatory dependencies: +Requires: binutils +Requires: ethtool +Requires: gzip +Requires: iputils +Requires: parted +Requires: tar +Requires: openssl +Requires: gawk +Requires: attr +Requires: bc +Requires: iproute +Requires: xorriso +Requires: file +Requires: dhcp-client +%if 0%{?rhel} +Requires: util-linux +%endif + +%description +Relax-and-Recover is the leading Open Source disaster recovery and system +migration solution. It comprises of a modular +frame-work and ready-to-go workflows for many common situations to produce +a bootable image and restore from backup using this image. As a benefit, +it allows to restore to different hardware and can therefore be used as +a migration tool as well. + +Currently Relax-and-Recover supports various boot media (incl. ISO, PXE, +OBDR tape, USB or eSATA storage), a variety of network protocols (incl. +sftp, ftp, http, nfs, cifs) as well as a multitude of backup strategies +(incl. IBM TSM, MircroFocus Data Protector, Symantec NetBackup, EMC NetWorker, +Bacula, Bareos, BORG, Duplicity, rsync). + +Relax-and-Recover was designed to be easy to set up, requires no maintenance +and is there to assist when disaster strikes. Its setup-and-forget nature +removes any excuse for not having a disaster recovery solution implemented. + +Professional services and support are available. + +#-- PREP, BUILD & INSTALL -----------------------------------------------------# +%prep +%autosetup -p1 + +### Add a specific os.conf so we do not depend on LSB dependencies +%{?fedora:echo -e "OS_VENDOR=Fedora\nOS_VERSION=%{?fedora}" >etc/rear/os.conf} +%{?rhel:echo -e "OS_VENDOR=RedHatEnterpriseServer\nOS_VERSION=%{?rhel}" >etc/rear/os.conf} + +# Change /lib to /usr/lib for COPY_AS_IS +sed -E -e "s:([\"' ])/lib:\1/usr/lib:g" \ + -i usr/share/rear/prep/GNU/Linux/*include*.sh + +# Same for Linux.conf +sed -e 's:/lib/:/usr/lib/:g' \ + -e 's:/lib\*/:/usr/lib\*/:g' \ + -e 's:/usr/usr/lib:/usr/lib:g' \ + -i 'usr/share/rear/conf/GNU/Linux.conf' + +%build +# build HTML user guide +# asciidoc writes a timestamp to files it produces, based on the last +# modified date of the source file, but is sensitive to the timezone. +# This makes the results differ according to the timezone of the build machine +# and spurious changes will be seen. +# Set the timezone to UTC as a workaround. +# https://wiki.debian.org/ReproducibleBuilds/TimestampsInDocumentationGeneratedByAsciidoc +TZ=UTC make doc + +%install +%{make_install} +install -p -d %{buildroot}%{_docdir}/%{name}/ +install -m 0644 %{SOURCE1} %{buildroot}%{_docdir}/%{name}/ +install -m 0644 %{SOURCE2} %{buildroot}%{_docdir}/%{name}/ +install -m 0644 %{SOURCE3} %{buildroot}%{_docdir}/%{name}/ + +#-- FILES ---------------------------------------------------------------------# +%files +%doc MAINTAINERS COPYING README.adoc doc/*.txt doc/user-guide/*.html +%doc %{_mandir}/man8/rear.8* +%doc %{_docdir}/%{name}/rear.* +%config(noreplace) %{_sysconfdir}/rear/ +%{_datadir}/rear/ +%{_sharedstatedir}/rear/ +%{_sbindir}/rear + +#-- CHANGELOG -----------------------------------------------------------------# +%changelog +* Tue Aug 10 2021 Mohan Boddu - 2.6-8 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jun 30 2021 Pavel Cahyna - 2.6-7 +- Sync spec changes and downstream patches from RHEL 8 + - Require xorriso instead of genisoimage + - Add S/390 support and forgotten dependency on the file utility + - Backport upstream code related to LUKS2 support + - Modify the cron command to avoid an e-mail with error message after + ReaR is installed but not properly configured when the cron command + is triggered for the first time + - Changes for NetBackup (NBU) support, upstream PR2544 +- Add dependency on dhcp-client, RHBZ #1926451 + +* Fri Apr 16 2021 Mohan Boddu - 2.6-6 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Fri Feb 26 2021 Christopher Engelhard - 2.6-5 +- Change /lib to /usr/lib in scripts to fix RHBZ #1931112 + +* Wed Jan 27 2021 Fedora Release Engineering - 2.6-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Sep 23 2020 Christopher Engelhard - 2.6-3 +- Stop auto-creating a cronjob, but ship example cronjob/ + systemd timer units in docdir instead (upstream issue #1829) +- Build & ship HTML user guide +- Remove %pre scriptlet, as it was introduced only to fix a + specific upgrade issue with v1.15 in 2014 + +* Tue Sep 22 2020 Christopher Engelhard - 2.6-2 +- Backport upstream PR#2469 to fix RHBZ #1831311 + +* Tue Sep 22 2020 Christopher Engelhard - 2.6-1 +- Update to 2.6 +- Streamline & clean up spec file + +* Wed Jul 29 2020 Fedora Release Engineering - 2.4-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Thu Jan 30 2020 Fedora Release Engineering - 2.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jul 26 2019 Fedora Release Engineering - 2.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sat Feb 02 2019 Fedora Release Engineering - 2.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Sat Jul 14 2018 Fedora Release Engineering - 2.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Jul 30 2015 Johannes Meixner +- For a changelog see the rear-release-notes.txt file. +