Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restore backup from CCU2 with user defined system key is not working #566

Closed
tzahari opened this Issue Feb 27, 2019 · 3 comments

Comments

Projects
None yet
3 participants
@tzahari
Copy link

commented Feb 27, 2019

Describe the bug
I want to migrate form my CCU2 to Raspberrymatic. Therefore I created a backup of my CCU2 as described in the howto.
But the restore with the Web UI is failing with the error message: No Internet / Keyserver Timeout.
Then I tried it with the Restore script via SSH.
Cause of the SHA256 missing file I took this one https://raw.githubusercontent.com/jens-maus/RaspberryMatic/abb84990ba038c6b1b1d267422d7e742f30c1810/buildroot-external/overlay/base-raspmatic/bin/restoreBackup.sh
and tried it.
But this also fails with "ERROR: inconsistent backup archive identified (crypttool)."

To Reproduce
Steps to reproduce the behavior:

  1. Create a backup on a CCU2 with user defends security key
  2. Try to restore it on RaspberryMatic

Expected behavior
Restore should work

System information (please complete the following information):

  • Version [RaspberryMatic-3.43.15.20190223-rpi3]
  • Hardware [RaspberryPi3B+]

Additional context
I found a documentation how to create a CCU2 backup via SSH manually.
I think the crypttool is using the user defined key: crypttool -s -t 1 to create the backup. Not the default one. Wich is used in the restoreBackup.sh script.

Hope that helps.

@hoedlmoser

This comment has been minimized.

Copy link
Contributor

commented Mar 2, 2019

looks like this is broken since 57d1e1a line 47 for all restores of backups with foreign key.

as a workaround you could remove

    rm -rf "${TMPDIR}"
    exit 1

after

    echo "ERROR: inconsistent backup archive identified (crypttool)."

but a fix could be only either of

  1. asking user for key
  2. not exiting, just giving user a hint
  3. ignoring key at all (as before)

because on a virgin RM where usually a restore is done, no user key is known (except in option 1 above).

hoedlmoser referenced this issue Mar 2, 2019

slightly reworked restoreBackup.sh to check all included archive
checksums before actually starting a backup restore. In addition, it
also makes sure now to really only extract files in the embedded
usr_local archive that are located in /usr/local. This should prevent
from accidently overwriting certain things in the rootfs or other
filesystem just because a user incorrectly patched the backup archive.

@jens-maus jens-maus added this to the next release milestone Mar 2, 2019

@jens-maus

This comment has been minimized.

Copy link
Owner

commented Mar 2, 2019

Thanks for the hint and discussion. I will review this ASAP and will see if I can work out a fix. However, such a Backup should usually perfectly be installablw using the WebUI?!? Isn't it?

@tzahari

This comment has been minimized.

Copy link
Author

commented Mar 2, 2019

Thanks to @hoedlmoser,
but I fixed the backup with the signature created by the crypttool on the Raspberry Matic.
Afterwards the script was working. The restore was then also not 100% successfully restored.

Also many thanks to you @jens-maus,
This is great project!

The restore was also not working with the WebUI.
The WebUI also requested the Key, but after some time, there was an error message. Like "No Internet / Keyserver timeout" (Kein Internet / Keyserver Timeout). And no Homematic components where learned into the Raspberry Matic .

I will do now a manuell migration (remove components from old CCU2 and put them on the Raspberry Matic). Maybe my configuration is not perfect. Cause I migrated them already from the CCU1 to the CCU2.

But I wanted to talk about the restore script and opened this bug.

Thanks for your support

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.