Add rsync backup via dilion

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-02-13 13:07:06 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-04-25 00:04:48 +0200
commit: 783634622560445f999b11f8081087314e6a7409 (patch)
tree: 71e114099dcaa3e187702d475780b3e28880c864
parent: 2130ed48ceb0db955b942b942bac82a5b6aee57b (diff)
download: NUR-783634622560445f999b11f8081087314e6a7409.tar.gz
NUR-783634622560445f999b11f8081087314e6a7409.tar.zst
NUR-783634622560445f999b11f8081087314e6a7409.zip
3 files changed, 29 insertions, 0 deletions
diff --git a/pkgs/default.nix b/pkgs/default.nix
index 2ad79a2f..b6f9eae1 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -24,6 +24,7 @@ rec {
  pg_activity = callPackage ../pkgs/pg_activity { inherit mylibs; };
  pgloader = callPackage ../pkgs/pgloader {};
  predixy = callPackage ../pkgs/predixy { inherit mylibs; };
+  rrsync_sudo = callPackage ../pkgs/rrsync_sudo {};
  telegram-cli = callPackage ../pkgs/telegram-cli { inherit mylibs; };
  telegram-history-dump = callPackage ../pkgs/telegram-history-dump { inherit mylibs; };
  telegramircd = callPackage ../pkgs/telegramircd { inherit mylibs; telethon = callPackage ../pkgs/telethon_sync {}; };
diff --git a/pkgs/rrsync_sudo/default.nix b/pkgs/rrsync_sudo/default.nix
new file mode 100644
index 00000000..7a47320b
--- /dev/null
+++ b/pkgs/rrsync_sudo/default.nix
@@ -0,0 +1,8 @@
+{ rrsync }:
+rrsync.overrideAttrs(old: {
+  patches = old.patches or [] ++ [ ./sudo.patch ];
+  postPatch = old.postPatch + ''
+    substituteInPlace support/rrsync --replace /usr/bin/sudo /run/wrappers/bin/sudo
+  '';
+})
diff --git a/pkgs/rrsync_sudo/sudo.patch b/pkgs/rrsync_sudo/sudo.patch
new file mode 100644
index 00000000..6de9cc94
--- /dev/null
+++ b/pkgs/rrsync_sudo/sudo.patch
@@ -0,0 +1,20 @@
+--- a/support/rrsync    2015-09-14 01:23:54.000000000 +0200
+++ b/support/rrsync    2020-02-08 13:55:14.302163313 +0100
+@@ -48,7 +48,7 @@
+ 
+ my $command = $ENV{SSH_ORIGINAL_COMMAND};
+ die "$0: Not invoked via sshd\n$Usage" unless defined $command;
+-die "$0: SSH_ORIGINAL_COMMAND='$command' is not rsync\n" unless $command =~ s/^rsync\s+//;
+die "$0: SSH_ORIGINAL_COMMAND='$command' is not rsync\n" unless $command =~ s/^sudo rsync\s+//;
+ die "$0: --server option is not first\n" unless $command =~ /^--server\s/;
+ our $am_sender = $command =~ /^--server\s+--sender\s/; # Restrictive on purpose!
+ die "$0 sending to read-only server not allowed\n" if $only eq 'r' && !$am_sender;
+@@ -227,7 +227,7 @@
+ }
+ 
+ # Note: This assumes that the rsync protocol will not be maliciously hijacked.
+-exec(RSYNC, @opts, @args) or die "exec(rsync @opts @args) failed: $? $!";
+exec("/usr/bin/sudo", RSYNC, @opts, @args) or die "exec(sudo rsync @opts @args) failed: $? $!";
+ 
+ sub check_arg
+ {
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-02-13 13:07:06 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-04-25 00:04:48 +0200
commit	783634622560445f999b11f8081087314e6a7409 (patch)
tree	71e114099dcaa3e187702d475780b3e28880c864
parent	2130ed48ceb0db955b942b942bac82a5b6aee57b (diff)
download	NUR-783634622560445f999b11f8081087314e6a7409.tar.gz NUR-783634622560445f999b11f8081087314e6a7409.tar.zst NUR-783634622560445f999b11f8081087314e6a7409.zip

diff --git a/pkgs/default.nix b/pkgs/default.nix index 2ad79a2f..b6f9eae1 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix
@@ -24,6 +24,7 @@ rec {
24	pg_activity = callPackage ../pkgs/pg_activity { inherit mylibs; };	24	pg_activity = callPackage ../pkgs/pg_activity { inherit mylibs; };
25	pgloader = callPackage ../pkgs/pgloader {};	25	pgloader = callPackage ../pkgs/pgloader {};
26	predixy = callPackage ../pkgs/predixy { inherit mylibs; };	26	predixy = callPackage ../pkgs/predixy { inherit mylibs; };
		27	rrsync_sudo = callPackage ../pkgs/rrsync_sudo {};
27	telegram-cli = callPackage ../pkgs/telegram-cli { inherit mylibs; };	28	telegram-cli = callPackage ../pkgs/telegram-cli { inherit mylibs; };
28	telegram-history-dump = callPackage ../pkgs/telegram-history-dump { inherit mylibs; };	29	telegram-history-dump = callPackage ../pkgs/telegram-history-dump { inherit mylibs; };
29	telegramircd = callPackage ../pkgs/telegramircd { inherit mylibs; telethon = callPackage ../pkgs/telethon_sync {}; };	30	telegramircd = callPackage ../pkgs/telegramircd { inherit mylibs; telethon = callPackage ../pkgs/telethon_sync {}; };


diff --git a/pkgs/rrsync_sudo/default.nix b/pkgs/rrsync_sudo/default.nix new file mode 100644 index 00000000..7a47320b --- /dev/null +++ b/pkgs/rrsync_sudo/default.nix
@@ -0,0 +1,8 @@
		1	{ rrsync }:
		2
		3	rrsync.overrideAttrs(old: {
		4	patches = old.patches or [] ++ [ ./sudo.patch ];
		5	postPatch = old.postPatch + ''
		6	substituteInPlace support/rrsync --replace /usr/bin/sudo /run/wrappers/bin/sudo
		7	'';
		8	})


diff --git a/pkgs/rrsync_sudo/sudo.patch b/pkgs/rrsync_sudo/sudo.patch new file mode 100644 index 00000000..6de9cc94 --- /dev/null +++ b/pkgs/rrsync_sudo/sudo.patch
@@ -0,0 +1,20 @@
		1	--- a/support/rrsync 2015-09-14 01:23:54.000000000 +0200
		2	+++ b/support/rrsync 2020-02-08 13:55:14.302163313 +0100
		3	@@ -48,7 +48,7 @@
		4
		5	my $command = $ENV{SSH_ORIGINAL_COMMAND};
		6	die "$0: Not invoked via sshd\n$Usage" unless defined $command;
		7	-die "$0: SSH_ORIGINAL_COMMAND='$command' is not rsync\n" unless $command =~ s/^rsync\s+//;
		8	+die "$0: SSH_ORIGINAL_COMMAND='$command' is not rsync\n" unless $command =~ s/^sudo rsync\s+//;
		9	die "$0: --server option is not first\n" unless $command =~ /^--server\s/;
		10	our $am_sender = $command =~ /^--server\s+--sender\s/; # Restrictive on purpose!
		11	die "$0 sending to read-only server not allowed\n" if $only eq 'r' && !$am_sender;
		12	@@ -227,7 +227,7 @@
		13	}
		14
		15	# Note: This assumes that the rsync protocol will not be maliciously hijacked.
		16	-exec(RSYNC, @opts, @args) or die "exec(rsync @opts @args) failed: $? $!";
		17	+exec("/usr/bin/sudo", RSYNC, @opts, @args) or die "exec(sudo rsync @opts @args) failed: $? $!";
		18
		19	sub check_arg
		20	{