New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
More fail safe BACKUP_PROG_CRYPT_KEY handling (issue 2157) #2178
More fail safe BACKUP_PROG_CRYPT_KEY handling (issue 2157) #2178
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jsmeix Code looks clean to me - thank you for cleaning up this mess
…00_make_backup.sh
I tested the
so it seems at least the new Let's see if that BACKUP_PROG_CRYPT_KEY also works |
…ult/500_make_backup.sh
Surprisingly "rear mkbackup" and "rear recover"
in etc/rear/local.conf so that I will "just merge" it now. Testing a single quote within BACKUP_PROG_CRYPT_KEY |
Use single quotes in the password settings examples echo 'my_recovery_system_root_password' | openssl passwd -1 -stdin ZYPPER_ROOT_PASSWORD='root' YUM_ROOT_PASSWORD='root' because single quotes avoid issues with the special bash characters like $ in the password, cf. #2178
Type: Bug Fix Enhancement
Impact: Normal
Reference to related issue (URL):
Backup tar file 0 bytes if encryption enabled when BACKUP_PROG_CRYPT_KEY contains special characters #2157
How was this pull request tested?
Not yet tested at all by me - I will do that later...
Brief description of the changes in this pull request:
Make the code that deals with BACKUP_PROG_CRYPT_KEY more fail safe:
Use double quotes
"$BACKUP_PROG_CRYPT_KEY"
so thatthe BACKUP_PROG_CRYPT_KEY value can contain spaces.
Escape special regexp characters in the BACKUP_PROG_CRYPT_KEY value
when it is used as a regexp in
grep
orsed
.Use single quotes
BACKUP_PROG_CRYPT_KEY='my_secret_passphrase'
in the documentation examples so that the BACKUP_PROG_CRYPT_KEY value
can contain special characters like
$
,cf. Backup tar file 0 bytes if encryption enabled when BACKUP_PROG_CRYPT_KEY contains special characters #2157 (comment)
Recommend to not use special characters in the
BACKUP_PROG_CRYPT_KEY value to be on the safe side
against things breaking in unexpected weird ways when certain code
in ReaR is not yet safe against arbitrary special characters in values
cf. Make ReaR safe against blanks or special characters in file and directory names #1372