From f79e3a2077f60fb979d62299351187a6a91ca92a Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Mon, 1 Feb 2016 21:08:39 +0000 Subject: Add experimental rsync over SSL (stunnel) support --- bin/ftpsync | 47 +++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 43 insertions(+), 4 deletions(-) (limited to 'bin') diff --git a/bin/ftpsync b/bin/ftpsync index e8aa021..0088619 100755 --- a/bin/ftpsync +++ b/bin/ftpsync @@ -212,6 +212,7 @@ tracefile() { out="GUESSED:{${ARCHLIST}}" echo "Architectures: ${out}" echo "Upstream-mirror: ${RSYNC_HOST}" + echo "SSL: ${RSYNC_SSL}" total=0 if [[ -e ${LOGDIR}/rsync-${NAME}.log ]]; then for bytes in $(awk -F': ' '$1 == "Total bytes received" {print $2} ' "${LOGDIR}/rsync-${NAME}.log"); do @@ -255,6 +256,38 @@ tracefile() { esac } +setup_stunnel_config() { + if [[ "$(declare -p RSYNC)" =~ "declare -a" ]]; then + : # RSYNC already is an array + else + RSYNC=($RSYNC) + fi + + if [[ true != ${RSYNC_SSL} ]]; then + return + fi + STUNNEL_CONFIG="${BASEDIR}/etc/stunnel-${NAME}.conf" + cat << EOF > "$STUNNEL_CONFIG" +# This file has been automatically created by ftpsync for syncing +# from ${RSYNC_HOST}. +# +# Do not edit it, it will be overwritten next time ftpsync runs. +# +# To test if things works, try the following: +# rsync -e 'stunnel4 ${STUNNEL_CONFIG}' ${RSYNC_USER}@dummy:: +# +client = yes +verify = 2 +CApath = ${RSYNC_SSL_CAPATH} + +syslog = no +debug = 4 +output = /dev/stderr + +connect = ${RSYNC_HOST}:${RSYNC_SSL_PORT} +EOF + RSYNC+=('-e' "stunnel4 ${STUNNEL_CONFIG}") +} ######################################################################## ######################################################################## @@ -441,6 +474,10 @@ RSYNC_PASSWORD=${RSYNC_PASSWORD:-""} # a possible proxy RSYNC_PROXY=${RSYNC_PROXY:-""} +RSYNC_SSL=${RSYNC_SSL:-"false"} +RSYNC_SSL_PORT=${RSYNC_SSL_PORT:-"1873"} +RSYNC_SSL_CAPATH=${RSYNC_SSL_CAPATH:-"/etc/ssl/certs"} + # Do we sync stage1? SYNCSTAGE1=${SYNCSTAGE1:-"false"} # Do we sync stage2? @@ -493,6 +530,8 @@ HOOK5=${HOOK5:-""} # Are we a hub? HUB=${HUB:-"false"} +setup_stunnel_config + DATE_STARTED=$(LC_ALL=POSIX LANG=POSIX date -u -R) ######################################################################## # Really nothing to see below here. Only code follows. # @@ -596,12 +635,12 @@ while [[ -e ${UPDATEREQUIRED} ]]; do if [[ true = ${SYNCSTAGE1} ]] || [[ true = ${SYNCALL} ]]; then while [[ -e ${UPDATEREQUIRED} ]]; do rm -f "${UPDATEREQUIRED}" - log "Running stage1: ${RSYNC} ${RSYNC_OPTIONS} ${RSYNC_OPTIONS1} ${EXCLUDE} ${SOURCE_EXCLUDE} ${RSYNCPTH}::${RSYNC_PATH} ${TO}" + log "Running stage1: ${RSYNC[@]} ${RSYNC_OPTIONS} ${RSYNC_OPTIONS1} ${EXCLUDE} ${SOURCE_EXCLUDE} ${RSYNCPTH}::${RSYNC_PATH} ${TO}" set +e # Step one, sync everything except Packages/Releases rsync_started=$(date +%s) - ${RSYNC} ${RSYNC_OPTIONS} ${RSYNC_OPTIONS1} ${EXCLUDE} ${SOURCE_EXCLUDE} \ + "${RSYNC[@]}" ${RSYNC_OPTIONS} ${RSYNC_OPTIONS1} ${EXCLUDE} ${SOURCE_EXCLUDE} \ ${RSYNCPTH}::${RSYNC_PATH} "${TO}" >>"${LOGDIR}/rsync-${NAME}.log" 2>>"${LOGDIR}/rsync-${NAME}.error" result=$? rsync_ended=$(date +%s) @@ -670,13 +709,13 @@ while [[ -e ${UPDATEREQUIRED} ]]; do result=1 fi else - log "Running stage2: ${RSYNC} ${RSYNC_OPTIONS} ${RSYNC_OPTIONS2} ${EXCLUDE} ${SOURCE_EXCLUDE} ${RSYNCPTH}::${RSYNC_PATH} ${TO}" + log "Running stage2: ${RSYNC[@]} ${RSYNC_OPTIONS} ${RSYNC_OPTIONS2} ${EXCLUDE} ${SOURCE_EXCLUDE} ${RSYNCPTH}::${RSYNC_PATH} ${TO}" set +e # We are lucky, it worked. Now do step 2 and sync again, this time including # the packages/releases files rsync_started=$(date +%s) - ${RSYNC} ${RSYNC_OPTIONS} ${RSYNC_OPTIONS2} ${EXCLUDE} ${SOURCE_EXCLUDE} \ + "${RSYNC[@]}" ${RSYNC_OPTIONS} ${RSYNC_OPTIONS2} ${EXCLUDE} ${SOURCE_EXCLUDE} \ ${RSYNCPTH}::${RSYNC_PATH} "${TO}" >>"${LOGDIR}/rsync-${NAME}.log" 2>>"${LOGDIR}/rsync-${NAME}.error" result=$? rsync_ended=$(date +%s) -- cgit v1.2.3