From 185f29ba602b38fa8ac76a0715095e8691636b51 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Lebleu?= <jerome@maroufle.fr>
Date: Sun, 29 May 2016 23:24:51 +0200
Subject: [PATCH] [fix] Harden backup hooks with set options and use ynh_backup
---
data/hooks/backup/05-conf_ldap | 14 +++++++-------
data/hooks/backup/08-conf_ssh | 11 ++++++++---
data/hooks/backup/11-conf_ynh_mysql | 12 +++++++++---
data/hooks/backup/14-conf_ssowat | 11 ++++++++---
data/hooks/backup/17-data_home | 6 +++++-
data/hooks/backup/20-conf_ynh_firewall | 11 ++++++++---
data/hooks/backup/21-conf_ynh_certs | 11 ++++++++---
data/hooks/backup/23-data_mail | 6 +++++-
data/hooks/backup/26-conf_xmpp | 13 +++++++++----
data/hooks/backup/29-conf_nginx | 11 ++++++++---
data/hooks/backup/32-conf_cron | 13 ++++++++++---
data/hooks/backup/40-conf_ynh_currenthost | 11 ++++++++---
12 files changed, 93 insertions(+), 37 deletions(-)
mode change 100644 => 100755 data/hooks/backup/05-conf_ldap
mode change 100644 => 100755 data/hooks/backup/08-conf_ssh
mode change 100644 => 100755 data/hooks/backup/11-conf_ynh_mysql
mode change 100644 => 100755 data/hooks/backup/14-conf_ssowat
mode change 100644 => 100755 data/hooks/backup/17-data_home
mode change 100644 => 100755 data/hooks/backup/20-conf_ynh_firewall
mode change 100644 => 100755 data/hooks/backup/21-conf_ynh_certs
mode change 100644 => 100755 data/hooks/backup/23-data_mail
mode change 100644 => 100755 data/hooks/backup/26-conf_xmpp
mode change 100644 => 100755 data/hooks/backup/29-conf_nginx
mode change 100644 => 100755 data/hooks/backup/32-conf_cron
mode change 100644 => 100755 data/hooks/backup/40-conf_ynh_currenthost
diff --git a/data/hooks/backup/05-conf_ldap b/data/hooks/backup/05-conf_ldap
old mode 100644
new mode 100755
index b5613602a..42a465a6c
--- a/data/hooks/backup/05-conf_ldap
+++ b/data/hooks/backup/05-conf_ldap
@@ -1,13 +1,13 @@
-backup_dir="${1}/conf/ldap"
-sudo mkdir -p "$backup_dir"
+#!/bin/bash
-# Fix for first jessie yunohost where slapd.conf is called slapd-yuno.conf
-# without slapcat doesn't work
-[[ ! -f /etc/ldap/slapd.conf ]] \
- && sudo mv /etc/ldap/slapd-yuno.conf /etc/ldap/slapd.conf
+set -eu
+
+. /usr/share/yunohost/helpers.d/filesystem
+
+backup_dir="${1}/conf/ldap"
# Back up the configuration
-sudo cp -a /etc/ldap/slapd.conf "${backup_dir}/slapd.conf"
+ynh_backup "/etc/ldap/slapd.conf" "${backup_dir}/slapd.conf"
sudo slapcat -b cn=config -l "${backup_dir}/cn=config.master.ldif"
# Back up the database
diff --git a/data/hooks/backup/08-conf_ssh b/data/hooks/backup/08-conf_ssh
old mode 100644
new mode 100755
index 693dd8cf6..41ff32fe1
--- a/data/hooks/backup/08-conf_ssh
+++ b/data/hooks/backup/08-conf_ssh
@@ -1,8 +1,13 @@
-backup_dir="$1/conf/ssh"
-sudo mkdir -p $backup_dir
+#!/bin/bash
+
+set -eu
+
+. /usr/share/yunohost/helpers.d/filesystem
+
+backup_dir="${1}/conf/ssh"
if [ -d /etc/ssh/ ]; then
- sudo cp -a /etc/ssh/. $backup_dir
+ ynh_backup "/etc/ssh" "$backup_dir"
else
echo "SSH is not installed"
fi
diff --git a/data/hooks/backup/11-conf_ynh_mysql b/data/hooks/backup/11-conf_ynh_mysql
old mode 100644
new mode 100755
index 435ba2807..cae7dbcf3
--- a/data/hooks/backup/11-conf_ynh_mysql
+++ b/data/hooks/backup/11-conf_ynh_mysql
@@ -1,4 +1,10 @@
-backup_dir="$1/conf/ynh/mysql"
-sudo mkdir -p $backup_dir
+#!/bin/bash
-sudo cp -a /etc/yunohost/mysql "${backup_dir}/root_pwd"
+set -eu
+
+. /usr/share/yunohost/helpers.d/filesystem
+
+backup_dir="${1}/conf/ynh/mysql"
+
+# Save MySQL root password
+ynh_backup "/etc/yunohost/mysql" "${backup_dir}/root_pwd"
diff --git a/data/hooks/backup/14-conf_ssowat b/data/hooks/backup/14-conf_ssowat
old mode 100644
new mode 100755
index 3b23c2645..b1d1876b8
--- a/data/hooks/backup/14-conf_ssowat
+++ b/data/hooks/backup/14-conf_ssowat
@@ -1,4 +1,9 @@
-backup_dir="$1/conf/ssowat"
-sudo mkdir -p $backup_dir
+#!/bin/bash
-sudo cp -a /etc/ssowat/. $backup_dir
+set -eu
+
+. /usr/share/yunohost/helpers.d/filesystem
+
+backup_dir="${1}/conf/ssowat"
+
+ynh_backup "/etc/ssowat" "$backup_dir"
diff --git a/data/hooks/backup/17-data_home b/data/hooks/backup/17-data_home
old mode 100644
new mode 100755
index cd4fe61c1..4b57918cf
--- a/data/hooks/backup/17-data_home
+++ b/data/hooks/backup/17-data_home
@@ -1,4 +1,8 @@
-. /usr/share/yunohost/helpers
+#!/bin/bash
+
+set -eu
+
+. /usr/share/yunohost/helpers.d/filesystem
for f in $(find /home/* -type d -prune | awk -F/ '{print $NF}'); do
if [[ ! "$f" =~ ^yunohost|lost\+found ]]; then
diff --git a/data/hooks/backup/20-conf_ynh_firewall b/data/hooks/backup/20-conf_ynh_firewall
old mode 100644
new mode 100755
index f478e0fdf..09785cf92
--- a/data/hooks/backup/20-conf_ynh_firewall
+++ b/data/hooks/backup/20-conf_ynh_firewall
@@ -1,4 +1,9 @@
-backup_dir="$1/conf/ynh/firewall"
-sudo mkdir -p $backup_dir
+#!/bin/bash
-sudo cp -a /etc/yunohost/firewall* $backup_dir
+set -eu
+
+. /usr/share/yunohost/helpers.d/filesystem
+
+backup_dir="${1}/conf/ynh/firewall"
+
+ynh_backup "/etc/yunohost/firewall.yml" "${backup_dir}/firewall.yml"
diff --git a/data/hooks/backup/21-conf_ynh_certs b/data/hooks/backup/21-conf_ynh_certs
old mode 100644
new mode 100755
index 19483ae5a..b89d060f5
--- a/data/hooks/backup/21-conf_ynh_certs
+++ b/data/hooks/backup/21-conf_ynh_certs
@@ -1,4 +1,9 @@
-backup_dir="$1/conf/ynh/certs"
-sudo mkdir -p $backup_dir
+#!/bin/bash
-sudo cp -a /etc/yunohost/certs/. $backup_dir
+set -eu
+
+. /usr/share/yunohost/helpers.d/filesystem
+
+backup_dir="${1}/conf/ynh/certs"
+
+ynh_backup "/etc/yunohost/certs" "$backup_dir"
diff --git a/data/hooks/backup/23-data_mail b/data/hooks/backup/23-data_mail
old mode 100644
new mode 100755
index fd4849101..66868091a
--- a/data/hooks/backup/23-data_mail
+++ b/data/hooks/backup/23-data_mail
@@ -1,3 +1,7 @@
-. /usr/share/yunohost/helpers
+#!/bin/bash
+
+set -eu
+
+. /usr/share/yunohost/helpers.d/filesystem
ynh_backup /var/mail "${1}/data/mail" 1
diff --git a/data/hooks/backup/26-conf_xmpp b/data/hooks/backup/26-conf_xmpp
old mode 100644
new mode 100755
index f207975e3..c5abac04f
--- a/data/hooks/backup/26-conf_xmpp
+++ b/data/hooks/backup/26-conf_xmpp
@@ -1,5 +1,10 @@
-backup_dir="$1/conf/xmpp"
-sudo mkdir -p $backup_dir/{etc,var}
+#!/bin/bash
-sudo cp -a /etc/metronome/. $backup_dir/etc
-sudo cp -a /var/lib/metronome/. $backup_dir/var
+set -eu
+
+. /usr/share/yunohost/helpers.d/filesystem
+
+backup_dir="${1}/conf/xmpp"
+
+ynh_backup /etc/metronome "${backup_dir}/etc"
+ynh_backup /var/lib/metronome "${backup_dir}/var"
diff --git a/data/hooks/backup/29-conf_nginx b/data/hooks/backup/29-conf_nginx
old mode 100644
new mode 100755
index 19bd1b456..b87b1ed8f
--- a/data/hooks/backup/29-conf_nginx
+++ b/data/hooks/backup/29-conf_nginx
@@ -1,4 +1,9 @@
-backup_dir="$1/conf/nginx"
-sudo mkdir -p $backup_dir
+#!/bin/bash
-sudo cp -a /etc/nginx/conf.d/. $backup_dir
+set -eu
+
+. /usr/share/yunohost/helpers.d/filesystem
+
+backup_dir="${1}/conf/nginx"
+
+ynh_backup "/etc/nginx/conf.d" "$backup_dir"
diff --git a/data/hooks/backup/32-conf_cron b/data/hooks/backup/32-conf_cron
old mode 100644
new mode 100755
index efa18f34a..d4655dd0a
--- a/data/hooks/backup/32-conf_cron
+++ b/data/hooks/backup/32-conf_cron
@@ -1,4 +1,11 @@
-backup_dir="$1/conf/cron"
-sudo mkdir -p $backup_dir
+#!/bin/bash
-sudo cp -a /etc/cron.d/yunohost* $backup_dir/
+set -eu
+
+. /usr/share/yunohost/helpers.d/filesystem
+
+backup_dir="${1}/conf/cron"
+
+for f in $(ls -1B /etc/cron.d/yunohost*); do
+ ynh_backup "$f" "${backup_dir}/${f##*/}"
+done
diff --git a/data/hooks/backup/40-conf_ynh_currenthost b/data/hooks/backup/40-conf_ynh_currenthost
old mode 100644
new mode 100755
index af054cad4..99425744a
--- a/data/hooks/backup/40-conf_ynh_currenthost
+++ b/data/hooks/backup/40-conf_ynh_currenthost
@@ -1,4 +1,9 @@
-backup_dir="$1/conf/ynh"
-sudo mkdir -p $backup_dir
+#!/bin/bash
-sudo cp -a /etc/yunohost/current_host "${backup_dir}/current_host"
+set -eu
+
+. /usr/share/yunohost/helpers.d/filesystem
+
+backup_dir="${1}/conf/ynh"
+
+ynh_backup "/etc/yunohost/current_host" "${backup_dir}/current_host"