srvbackup

Backup server configuration with privledge separation
git clone git://jacobedwards.org/srvbackup
Log | Files | Refs | README

srvbackup (1923B)

      1 #!/bin/sh
      2 # Copyright 2023, 2024 Jacob R. Edwards
      3 # srvbackup, a server backup script
      4 #
      5 # This script is to be put on the server and is meant to be used
      6 # by both the server to generate the backup and by clients connecting
      7 # through ssh(1) to retrive the backup.
      8 #
      9 # The backup is available to everyone (permissions-wise) but will
     10 # in the future be able to be encrypted with an age(1) key if
     11 # /etc/backup/key exists.
     12 #
     13 # Example usage:
     14 #
     15 # Make a backup at the beginning of every day using
     16 # a crontab(5):
     17 #	0 0 * * * srvbackup make
     18 #
     19 # Update 'local-backup.tar.age' from the 'server.dom':
     20 #	ssh unprivledged@server.dom srvbackup get "$(sha256 < local-backup.tar.age)" > tmp
     21 #	(test -s tmp && mv tmp local-backup.tar.age) || rm tmp
     22 
     23 set -e
     24 
     25 dir=/var/backup
     26 backup="$dir"/backup.tar
     27 checksum="$dir"/sha256
     28 
     29 createdir() {
     30 	! test -d "$dir" &&
     31 		mkdir -m 0755 "$dir" # not -p
     32 }
     33 
     34 update() (
     35 	IFS='
     36 	'
     37 	cd /
     38 
     39 	matchfiles | pax -w -uf "$backup"
     40 )
     41 
     42 matchfiles() (
     43 	IFS='
     44 '
     45 	sed '/^!/d; /^[ 	]*#/d' < /etc/backup/list |
     46 		xargs -I% find % -type f -or -type d -and -empty |
     47 		awk 'BEGIN {
     48 			for (a in ARGV) {
     49 				argv[a] = ARGV[a]
     50 				delete ARGV[a]
     51 			}
     52 		}
     53 		{
     54 			for (a in argv) {
     55 				if (substr($0, 1, length(argv[a])) == argv[a]) {
     56 					next
     57 				}
     58 			}
     59 			print
     60 		}' $(sed -n '/^!/ s///p' < /etc/backup/list)
     61 )
     62 
     63 if test $# -eq 0; then
     64 	c=make
     65 else
     66 	c="$1"
     67 	shift
     68 fi
     69 
     70 umask 022
     71 
     72 case "$c" in
     73 (make)
     74 	createdir
     75 	update "$backup"
     76 	sha256 < "$backup" > "$checksum"
     77 	;;
     78 (path)
     79 	echo "$backup"
     80 	;;
     81 (sha256)
     82 	cat "$checksum"
     83 	;;
     84 (get)
     85 	if test $# -gt 0 -a "X$1" = X-c
     86 	then
     87 		shift
     88 		write=compress
     89 	else
     90 		write=cat
     91 	fi
     92 	test "$#" -gt 0 -a "$1" = "$(<"$checksum")" &&
     93 		exit 0
     94 	$write < "$backup"
     95 	;;
     96 (*)
     97 	{
     98 		echo "$c: Command not known"
     99 		echo "usage: srvbackup make
    100                  path
    101                  sha256 
    102                  get [-c] [sha256] # (compress(1) if -c is given, only if checksums differ)"
    103 	} 1>&2
    104 	exit 1
    105 esac