From e22e500135fd17ae1100d859fda6d84caeeb7acd Mon Sep 17 00:00:00 2001 From: cytopia Date: Thu, 18 Aug 2016 21:34:16 +0200 Subject: [PATCH] Temporary SMIME bug enhancements for #21 --- CHANGELOG.md | 6 ++++++ README.md | 10 ++-------- bin/mysqldump-secure | 32 ++++++++++++++++++++++++++++++-- doc/INSTALL.md | 4 ++-- etc/mysqldump-secure.conf | 11 +++++++++++ man/mysqldump-secure.1 | 2 +- 6 files changed, 52 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 410a1f8..d481eab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ Version 0.17 (unreleased) ------------ +Version 0.16.2 +-------------- + +- [Fix] Warn about SMIME bug if db size > 1200MB (https://github.com/cytopia/mysqldump-secure/issues/21) + + Version 0.16.1 -------------- diff --git a/README.md b/README.md index 69c8a01..56b7dd7 100644 --- a/README.md +++ b/README.md @@ -3,13 +3,7 @@ ---- **ATTENTION** -`WHEN USING ENCRYPTION WITH DATABASES LARGER THEN A FEW GIGABYTES, BACKUPS SEEM TO BE BROKEN.` - -https://github.com/cytopia/mysqldump-secure/issues/21 - -PLEASE TURN OFF ENCRYPTION FOR LARGE DATABASES. - ----- +Please upgrade to the latest version in order to be notified about the [OpenSSL SMIME Bug](https://github.com/cytopia/mysqldump-secure/issues/21) in case you are affected. ---- @@ -90,7 +84,7 @@ See [https://travis-ci.org/cytopia/mysqldump-secure](https://travis-ci.org/cytop ### 2.1 Linux, BSD and OSX ```shell -wget https://github.com/cytopia/mysqldump-secure/archive/0.16.1.tar.gz -O - | tar -xz +wget https://github.com/cytopia/mysqldump-secure/archive/0.16.2.tar.gz -O - | tar -xz cd mysqldump-secure ./configure make diff --git a/bin/mysqldump-secure b/bin/mysqldump-secure index 26b97ab..d703aaf 100755 --- a/bin/mysqldump-secure +++ b/bin/mysqldump-secure @@ -76,8 +76,8 @@ INFO_GPGKEY="0x28BF179F" INFO_LICENSE="MIT" INFO_URL="http://mysqldump-secure.org" INFO_REPO="https://github.com/cytopia/mysqldump-secure" -INFO_DATE="2016-03-21" -INFO_VERSION="0.16.1" +INFO_DATE="2016-08-18" +INFO_VERSION="0.16.2" @@ -4078,6 +4078,21 @@ elif [ "${ENCRYPT}" = "1" ]; then exit $EXIT_ABORT fi + # ENABLE_SMIME_BUG_WARNING + if ! set | grep '^ENABLE_SMIME_BUG_WARNING=' >/dev/null; then + debug "warn" "(CFG): \$ENABLE_SMIME_BUG_WARNING variable is not defined" "${OUT_VERBOSITY}" "${LOG_VERBOSITY}" "${LOG_FILE}" + debug "warn" "(CFG): Setting \$ENABLE_SMIME_BUG_WARNING=1" "${OUT_VERBOSITY}" "${LOG_VERBOSITY}" "${LOG_FILE}" + ENABLE_SMIME_BUG_WARNING=1 + elif [ -z "${ENABLE_SMIME_BUG_WARNING}" ]; then + debug "warn" "(CFG): \$ENABLE_SMIME_BUG_WARNING variable should not be empty" "${OUT_VERBOSITY}" "${LOG_VERBOSITY}" "${LOG_FILE}" + debug "warn" "(CFG): Setting \$ENABLE_SMIME_BUG_WARNING=1" "${OUT_VERBOSITY}" "${LOG_VERBOSITY}" "${LOG_FILE}" + ENABLE_SMIME_BUG_WARNING=1 + elif [ "${ENABLE_SMIME_BUG_WARNING}" != "0" ] && [ "${ENABLE_SMIME_BUG_WARNING}" != "1" ]; then + debug "warn" "(CFG): \$ENABLE_SMIME_BUG_WARNING variable has a wrong value: '${ENABLE_SMIME_BUG_WARNING}'" "${OUT_VERBOSITY}" "${LOG_VERBOSITY}" "${LOG_FILE}" + debug "warn" "(CFG): Setting \$ENABLE_SMIME_BUG_WARNING=1" "${OUT_VERBOSITY}" "${LOG_VERBOSITY}" "${LOG_FILE}" + ENABLE_SMIME_BUG_WARNING=1 + fi + debug "info" "(OPT): Encryption enabled" "${OUT_VERBOSITY}" "${LOG_VERBOSITY}" "${LOG_FILE}" debug "debug" "(OPT): Encryption algorithm: ${OPENSSL_ALGO_ARG}" "${OUT_VERBOSITY}" "${LOG_VERBOSITY}" "${LOG_FILE}" debug "debug" "(OPT): Encryption pub key: ${OPENSSL_PUBKEY_PEM}" "${OUT_VERBOSITY}" "${LOG_VERBOSITY}" "${LOG_FILE}" @@ -4725,6 +4740,19 @@ for db in ${DB_LIST_ALL}; do + ########################################################## + # SMIME WARNING + # https://github.com/cytopia/mysqldump-secure/issues/21 + + # Warn about SMIME bug for files > 1200MB + SMIME_CRITICAL_SIZE_MB="12" + if [ "${ENCRYPT}" = "1" ] && [ "${ENABLE_SMIME_BUG_WARNING}" = "1" ] && [ "$( printf "%.0f\n" "${DB_SIZE_MB}" )" -gt "${SMIME_CRITICAL_SIZE_MB}" ]; then + debug "warn" "(SQL): ${_cnt} Warning: Encryption is enabled and database size is > ${SMIME_CRITICAL_SIZE_MB} MB" "${OUT_VERBOSITY}" "${LOG_VERBOSITY}" "${LOG_FILE}" + debug "warn" "(SQL): ${_cnt} Warning: Verify that your backup can be decrypted." "${OUT_VERBOSITY}" "${LOG_VERBOSITY}" "${LOG_FILE}" + debug "warn" "(SQL): ${_cnt} Warning: This warning can be disabled via 'ENABLE_SMIME_BUG_WARNING=0'" "${OUT_VERBOSITY}" "${LOG_VERBOSITY}" "${LOG_FILE}" + debug "warn" "(SQL): ${_cnt} Warning: Read here: https://github.com/cytopia/mysqldump-secure/issues/21" "${OUT_VERBOSITY}" "${LOG_VERBOSITY}" "${LOG_FILE}" + fi + ########################################################## # MAKE THE BACKUPS diff --git a/doc/INSTALL.md b/doc/INSTALL.md index 29f1c14..39089bc 100644 --- a/doc/INSTALL.md +++ b/doc/INSTALL.md @@ -42,7 +42,7 @@ brew install --HEAD cytopia/tap/mysqldump-secure **Tarball (stable)** ```shell -wget https://github.com/cytopia/mysqldump-secure/archive/0.16.1.tar.gz -O - | tar -xz +wget https://github.com/cytopia/mysqldump-secure/archive/0.16.2.tar.gz -O - | tar -xz cd mysqldump-secure ``` **Tarball (devel)** @@ -55,7 +55,7 @@ cd mysqldump-secure ```shell git clone https://github.com/cytopia/mysqldump-secure.git cd mysqldump-secure -git checkout 0.16.1 +git checkout 0.16.2 ``` **Git (devel)** ```shell diff --git a/etc/mysqldump-secure.conf b/etc/mysqldump-secure.conf index 2f2bda3..6279dea 100644 --- a/etc/mysqldump-secure.conf +++ b/etc/mysqldump-secure.conf @@ -637,6 +637,17 @@ OPENSSL_ALGO_ARG="-aes256" +# There is a Bug in OpenSSL's SMIME implementation +# for files larger than about 1.5 GB. The final output +# will be truncated at 1.9 GB and the file won't be able to +# be decrypted. +# mysqldump-secure will warn, once the database is larger than +# 1200 MB just to make sure. +# If you are really sure about what you are doing, you can disabled +# this warning here. +ENABLE_SMIME_BUG_WARNING=1 + + ############################################################ # (OPT) Automatic deletions (tmpwatch/tmpreaper) ############################################################ diff --git a/man/mysqldump-secure.1 b/man/mysqldump-secure.1 index 1706cb8..d520c5b 100644 --- a/man/mysqldump-secure.1 +++ b/man/mysqldump-secure.1 @@ -1,4 +1,4 @@ -.TH mysqldump-secure 1 "21 March 2016" "version 0.16.1" +.TH mysqldump-secure 1 "18 August 2016" "version 0.16.2" .SH NAME mysqldump-secure - secure mysqldump wrapper with encryption .SH SYNOPSIS