The branch, master has been updated
via 34141954 Add packaging notes to NEWS.
via cba00be6 Translate man page's option list into .h files for
options.h to use.
via de78dd68 Simplify the install of rsync-ssl by unifying 2 scripts.
via 88abb502 Promote newer compressors to the start of the list.
via 6d6b8595 Remove generated doc files via make clean.
via 66bd4774 Allow maintainer to build with /usr/local prefix but
document /usr.
from c117fa4b Create a get_device_size() helper function.
https://git.samba.org/?p=rsync.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 34141954c7179438f3b3c5e11f55089e5aee5a8e
Author: Wayne Davison <wa...@opencoder.net>
Date: Thu Jun 11 20:32:44 2020 -0700
Add packaging notes to NEWS.
commit cba00be6226a2888bf0eddfa593c0da1039b9499
Author: Wayne Davison <wa...@opencoder.net>
Date: Thu Jun 11 20:24:53 2020 -0700
Translate man page's option list into .h files for options.h to use.
commit de78dd685b60b4f138c48206500c24952ca66362
Author: Wayne Davison <wa...@opencoder.net>
Date: Thu Jun 11 18:47:43 2020 -0700
Simplify the install of rsync-ssl by unifying 2 scripts.
commit 88abb502297d9c27da7f856548d8eb08300e8aa2
Author: Wayne Davison <wa...@opencoder.net>
Date: Thu Jun 11 18:01:50 2020 -0700
Promote newer compressors to the start of the list.
commit 6d6b8595dfafe366f63618c42a91ca98a7fe3521
Author: Wayne Davison <wa...@opencoder.net>
Date: Thu Jun 11 17:34:17 2020 -0700
Remove generated doc files via make clean.
commit 66bd4774a8f67d7b822d585d4dbc269f34137cab
Author: Wayne Davison <wa...@opencoder.net>
Date: Thu Jun 11 17:09:33 2020 -0700
Allow maintainer to build with /usr/local prefix but document /usr.
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 1 +
Makefile.in | 26 ++++-
NEWS.md | 39 ++++++-
compat.c | 6 +-
md2man | 4 +-
options.c | 164 +-------------------------
packaging/lsb/rsync.spec | 1 -
prepare-source | 6 +-
rsync-ssl | 174 +++++++++++++++++++++++++---
rsync-ssl.1.md | 7 --
rsync.1.md | 296 ++++++++++++++++++++++++-----------------------
ssl-rsh | 127 --------------------
12 files changed, 374 insertions(+), 477 deletions(-)
delete mode 100755 ssl-rsh
Changeset truncated at 500 lines:
diff --git a/.gitignore b/.gitignore
index c4ab40ee..9c287d14 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,6 +18,7 @@ aclocal.m4
/rsync*.1
/rsync*.5
/rsync*.html
+/help-rsync*.h
/.md2man-works
/autom4te*.cache
/confdefs.h
diff --git a/Makefile.in b/Makefile.in
index dc0cb0b8..7cf73a38 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -74,10 +74,8 @@ all: Makefile rsync$(EXEEXT) stunnel-rsyncd.conf man
.PHONY: install
install: all
-${MKDIR_P} ${DESTDIR}${bindir}
- -${MKDIR_P} ${DESTDIR}${libdir}
${INSTALLCMD} ${INSTALL_STRIP} -m 755 rsync$(EXEEXT) ${DESTDIR}${bindir}
${INSTALLCMD} -m 755 rsync-ssl ${DESTDIR}${bindir}
- ${INSTALLCMD} -m 755 ssl-rsh ${DESTDIR}${libdir}
-${MKDIR_P} ${DESTDIR}${mandir}/man1
-${MKDIR_P} ${DESTDIR}${mandir}/man5
if test -f rsync.1; then ${INSTALLMAN} -m 644 rsync.1
${DESTDIR}${mandir}/man1; fi
@@ -101,10 +99,30 @@ rsync$(EXEEXT): $(OBJS)
$(OBJS): $(HEADERS)
$(CHECK_OBJS): $(HEADERS)
-options.o: latest-year.h
+options.o: latest-year.h help-rsync.h help-rsyncd.h
flist.o: rounding.h
+help-rsync.h: rsync.1.md
+ @sed -e '1,/^# OPTIONS SUMMARY/d' \
+ -e '1,/^```/d' \
+ -e '/^```/,$$d' \
+ -e 's/"/\\"/g' \
+ -e 's/^/ rprintf(F,"/' \
+ -e 's/$$/\\n");/' \
+ <"$(srcdir)/$<" >$@
+
+help-rsyncd.h: rsync.1.md
+ @sed -e '1,/^# OPTIONS SUMMARY/d' \
+ -e '1,/^```/d' \
+ -e '1,/^```/d' \
+ -e '1,/^```/d' \
+ -e '/^```/,$$d' \
+ -e 's/"/\\"/g' \
+ -e 's/^/ rprintf(F,"/' \
+ -e 's/$$/\\n");/' \
+ <"$(srcdir)/$<" >$@
+
rounding.h: rounding.c rsync.h proto.h
@for r in 0 1 3; do \
if $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o rounding
-DEXTRA_ROUNDING=$$r -I. $(srcdir)/rounding.c >rounding.out 2>&1; then \
@@ -236,7 +254,7 @@ rsyncd.conf.5: rsyncd.conf.5.md md2man NEWS.md Makefile
.PHONY: clean
clean: cleantests
rm -f *~ $(OBJS) $(CHECK_PROGS) $(CHECK_OBJS) $(CHECK_SYMLINKS) \
- rounding rounding.h *.old
+ rounding rounding.h *.old rsync*.1 rsync*.5 rsync*.html
.PHONY: cleantests
cleantests:
diff --git a/NEWS.md b/NEWS.md
index 4a29ec45..755275f9 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -88,12 +88,13 @@ Protocol: 31 (unchanged)
- Added the `--write-devices` option based on the long-standing patch.
- - Added openssl support to the rsync-ssl script via a (lib installed) helper
- script, ssl-rsh. Both bash scripts are now installed by default, removing
- the install-ssl-client make target. Rsync was also enhanced to set the
- `RSYNC_PORT` environment variable when running a daemon-over-rsh script. Its
- value is the user-specified port number (set via `--port` or an rsync://
- URL) or 0 if the user didn't override the port.
+ - Added openssl support to the rsync-ssl script, which is now installed by
+ default. This script was unified with the stunnel-rsync helper script to
+ simplify packaging.
+
+ - Rsync was enhanced to set the `RSYNC_PORT` environment variable when running
+ a daemon-over-rsh script. Its value is the user-specified port number (set
+ via `--port` or an rsync:// URL) or 0 if the user didn't override the port.
- Added the `haproxy header` daemon parameter that allows your rsyncd to know
the real remote IP when it is being proxied.
@@ -131,6 +132,32 @@ Protocol: 31 (unchanged)
- Made -V the short option for --version.
+### PACKAGING RELATED:
+
+ - Add installed binary: /usr/bin/rsync-sll
+
+ - Add installed man page: /usr/man/man1/rsync-ssl.1
+
+ - The rsync-ssl script wants to run either openssl or stunnel4, so consider
+ adding a dependency for openssl (though it's probably fine to just let it
+ complain about being unable to find either program and let the user decide
+ if they want to install one or the other).
+
+ - If you packaged rsync + rsync-ssl + rsync-ssl-daemon as separate packages,
+ the rsync-ssl package is now gone (along with its install-ssl-client make
+ target -- rsync-ssl should be considered to be mainstream now that Samba
+ requires SSL for its rsync daemon).
+
+ - Add _build_ dependency for liblz4-devel, libxxhash-devel, & libzstd-devel.
+ These development libraries will give rsync extra compression and checksum
+ algorithms.
+
+ - Remove yodl _build_ dependency (if you listed it).
+
+ - Add _build_ dependency for _either_ python3-cmarkcfm or python3-commonmark
+ to allow for patching of man pages or building a git release. Note that
+ cmarkcfm is faster than commonmark, but they generate the same data.
+
### DEVELOPER RELATED:
- Silenced some annoying warnings about major()|minor() due to the autoconf
diff --git a/compat.c b/compat.c
index a124c200..91b2771d 100644
--- a/compat.c
+++ b/compat.c
@@ -88,16 +88,14 @@ int filesfrom_convert = 0;
struct name_num_obj valid_compressions = {
"compress", NULL, NULL, 0, 0, {
- { CPRES_ZLIBX, "zlibx", NULL },
- { CPRES_ZLIB, "zlib", NULL },
#ifdef SUPPORT_ZSTD
- /* TODO decide where in the default preference order this
should go. */
{ CPRES_ZSTD, "zstd", NULL },
#endif
#ifdef SUPPORT_LZ4
- /* TODO decide where in the default preference order this
should go. */
{ CPRES_LZ4, "lz4", NULL },
#endif
+ { CPRES_ZLIBX, "zlibx", NULL },
+ { CPRES_ZLIB, "zlib", NULL },
{ CPRES_NONE, "none", NULL },
{ 0, NULL, NULL }
}
diff --git a/md2man b/md2man
index c623efb9..c914cd96 100755
--- a/md2man
+++ b/md2man
@@ -94,7 +94,7 @@ def main():
fi.date = time.strftime('%d %b %Y', time.localtime(fi.mtime))
- env_subs = { }
+ env_subs = { 'prefix': os.environ.get('RSYNC_OVERRIDE_PREFIX', None) }
with open(fi.srcdir + 'Makefile', 'r', encoding='utf-8') as fh:
for line in fh:
@@ -102,6 +102,8 @@ def main():
if not m:
continue
var, val = (m[1], m[2])
+ if var == 'prefix' and env_subs[var] is not None:
+ continue
while re.search(r'\$\{', val):
val = re.sub(r'\$\{(\w+)\}', lambda m: env_subs[m[1]], val)
env_subs[var] = val
diff --git a/options.c b/options.c
index c93abfcb..a0c973ce 100644
--- a/options.c
+++ b/options.c
@@ -728,154 +728,7 @@ void usage(enum logcode F)
rprintf(F,"to an rsync daemon, and require SRC or DEST to start with a
module name.\n");
rprintf(F,"\n");
rprintf(F,"Options\n");
- rprintf(F," -v, --verbose increase verbosity\n");
- rprintf(F," --info=FLAGS fine-grained informational
verbosity\n");
- rprintf(F," --debug=FLAGS fine-grained debug verbosity\n");
- rprintf(F," --msgs2stderr output messages directly to
stderr\n");
- rprintf(F," -q, --quiet suppress non-error messages\n");
- rprintf(F," --no-motd suppress daemon-mode MOTD (see
manpage caveat)\n");
- rprintf(F," -c, --checksum skip based on checksum, not mod-time
& size\n");
- rprintf(F," -a, --archive archive mode; equals -rlptgoD (no
-H,-A,-X)\n");
- rprintf(F," --no-OPTION turn off an implied OPTION (e.g.
--no-D)\n");
- rprintf(F," -r, --recursive recurse into directories\n");
- rprintf(F," -R, --relative use relative path names\n");
- rprintf(F," --no-implied-dirs don't send implied dirs with
--relative\n");
- rprintf(F," -b, --backup make backups (see --suffix &
--backup-dir)\n");
- rprintf(F," --backup-dir=DIR make backups into hierarchy based in
DIR\n");
- rprintf(F," --suffix=SUFFIX set backup suffix (default %s w/o
--backup-dir)\n",BACKUP_SUFFIX);
- rprintf(F," -u, --update skip files that are newer on the
receiver\n");
- rprintf(F," --inplace update destination files in-place
(SEE MAN PAGE)\n");
- rprintf(F," --append append data onto shorter files\n");
- rprintf(F," --append-verify like --append, but with old data in
file checksum\n");
- rprintf(F," -d, --dirs transfer directories without
recursing\n");
- rprintf(F," -l, --links copy symlinks as symlinks\n");
- rprintf(F," -L, --copy-links transform symlink into referent
file/dir\n");
- rprintf(F," --copy-unsafe-links only \"unsafe\" symlinks are
transformed\n");
- rprintf(F," --safe-links ignore symlinks that point outside
the source tree\n");
- rprintf(F," --munge-links munge symlinks to make them safer
(but unusable)\n");
- rprintf(F," -k, --copy-dirlinks transform symlink to a dir into
referent dir\n");
- rprintf(F," -K, --keep-dirlinks treat symlinked dir on receiver as
dir\n");
- rprintf(F," -H, --hard-links preserve hard links\n");
- rprintf(F," -p, --perms preserve permissions\n");
- rprintf(F," -E, --executability preserve the file's
executability\n");
- rprintf(F," --chmod=CHMOD affect file and/or directory
permissions\n");
-#ifdef SUPPORT_ACLS
- rprintf(F," -A, --acls preserve ACLs (implies --perms)\n");
-#endif
-#ifdef SUPPORT_XATTRS
- rprintf(F," -X, --xattrs preserve extended attributes\n");
-#endif
- rprintf(F," -o, --owner preserve owner (super-user only)\n");
- rprintf(F," -g, --group preserve group\n");
- rprintf(F," --devices preserve device files (super-user
only)\n");
- rprintf(F," --specials preserve special files\n");
- rprintf(F," -D same as --devices --specials\n");
- rprintf(F," -t, --times preserve modification times\n");
- rprintf(F," -U, --atimes preserve access (last-used)
times\n");
- rprintf(F," --open-noatime avoid changing the atime on opened
files\n");
- rprintf(F," -O, --omit-dir-times omit directories from --times\n");
- rprintf(F," -J, --omit-link-times omit symlinks from --times\n");
- rprintf(F," --super receiver attempts super-user
activities\n");
-#ifdef SUPPORT_XATTRS
- rprintf(F," --fake-super store/recover privileged attrs using
xattrs\n");
-#endif
- rprintf(F," -S, --sparse turn sequences of nulls into sparse
blocks\n");
-#ifdef SUPPORT_PREALLOCATION
- rprintf(F," --preallocate allocate dest files before writing
them\n");
-#else
- rprintf(F," --preallocate pre-allocate dest files on remote
receiver\n");
-#endif
- rprintf(F," --write-devices write to devices as files (implies
--inplace)\n");
- rprintf(F," -n, --dry-run perform a trial run with no changes
made\n");
- rprintf(F," -W, --whole-file copy files whole (without delta-xfer
algorithm)\n");
- rprintf(F," --checksum-choice=STR choose the checksum algorithms\n");
- rprintf(F," -x, --one-file-system don't cross filesystem
boundaries\n");
- rprintf(F," -B, --block-size=SIZE force a fixed checksum
block-size\n");
- rprintf(F," -e, --rsh=COMMAND specify the remote shell to use\n");
- rprintf(F," --rsync-path=PROGRAM specify the rsync to run on the
remote machine\n");
- rprintf(F," --existing skip creating new files on
receiver\n");
- rprintf(F," --ignore-existing skip updating files that already
exist on receiver\n");
- rprintf(F," --remove-source-files sender removes synchronized files
(non-dirs)\n");
- rprintf(F," --del an alias for --delete-during\n");
- rprintf(F," --delete delete extraneous files from
destination dirs\n");
- rprintf(F," --delete-before receiver deletes before transfer,
not during\n");
- rprintf(F," --delete-during receiver deletes during the
transfer\n");
- rprintf(F," --delete-delay find deletions during, delete
after\n");
- rprintf(F," --delete-after receiver deletes after transfer, not
during\n");
- rprintf(F," --delete-excluded also delete excluded files from
destination dirs\n");
- rprintf(F," --ignore-missing-args ignore missing source args without
error\n");
- rprintf(F," --delete-missing-args delete missing source args from
destination\n");
- rprintf(F," --ignore-errors delete even if there are I/O
errors\n");
- rprintf(F," --force force deletion of directories even
if not empty\n");
- rprintf(F," --max-delete=NUM don't delete more than NUM files\n");
- rprintf(F," --max-size=SIZE don't transfer any file larger than
SIZE\n");
- rprintf(F," --min-size=SIZE don't transfer any file smaller than
SIZE\n");
- rprintf(F," --partial keep partially transferred files\n");
- rprintf(F," --partial-dir=DIR put a partially transferred file
into DIR\n");
- rprintf(F," --delay-updates put all updated files into place at
transfer's end\n");
- rprintf(F," -m, --prune-empty-dirs prune empty directory chains from
the file-list\n");
- rprintf(F," --numeric-ids don't map uid/gid values by
user/group name\n");
- rprintf(F," --usermap=STRING custom username mapping\n");
- rprintf(F," --groupmap=STRING custom groupname mapping\n");
- rprintf(F," --chown=USER:GROUP simple username/groupname
mapping\n");
- rprintf(F," --timeout=SECONDS set I/O timeout in seconds\n");
- rprintf(F," --contimeout=SECONDS set daemon connection timeout in
seconds\n");
- rprintf(F," -I, --ignore-times don't skip files that match in size
and mod-time\n");
- rprintf(F," -M, --remote-option=OPTION send OPTION to the remote side
only\n");
- rprintf(F," --size-only skip files that match in size\n");
- rprintf(F," -@, --modify-window=NUM set the accuracy for mod-time
comparisons\n");
- rprintf(F," -T, --temp-dir=DIR create temporary files in directory
DIR\n");
- rprintf(F," -y, --fuzzy find similar file for basis if no
dest file\n");
- rprintf(F," --compare-dest=DIR also compare destination files
relative to DIR\n");
- rprintf(F," --copy-dest=DIR ... and include copies of unchanged
files\n");
- rprintf(F," --link-dest=DIR hardlink to files in DIR when
unchanged\n");
- rprintf(F," -z, --compress compress file data during the
transfer\n");
- rprintf(F," --compress-level=NUM explicitly set compression level\n");
- rprintf(F," --skip-compress=LIST skip compressing files with a suffix
in LIST\n");
- rprintf(F," -C, --cvs-exclude auto-ignore files the same way CVS
does\n");
- rprintf(F," -f, --filter=RULE add a file-filtering RULE\n");
- rprintf(F," -F same as --filter='dir-merge
/.rsync-filter'\n");
- rprintf(F," repeated: --filter='-
.rsync-filter'\n");
- rprintf(F," --exclude=PATTERN exclude files matching PATTERN\n");
- rprintf(F," --exclude-from=FILE read exclude patterns from FILE\n");
- rprintf(F," --include=PATTERN don't exclude files matching
PATTERN\n");
- rprintf(F," --include-from=FILE read include patterns from FILE\n");
- rprintf(F," --files-from=FILE read list of source-file names from
FILE\n");
- rprintf(F," -0, --from0 all *-from/filter files are
delimited by 0s\n");
- rprintf(F," -s, --protect-args no space-splitting; only wildcard
special-chars\n");
- rprintf(F," --copy-as=USER[:GROUP] specify user & optional group for
the copy\n");
- rprintf(F," --address=ADDRESS bind address for outgoing socket to
daemon\n");
- rprintf(F," --port=PORT specify double-colon alternate port
number\n");
- rprintf(F," --sockopts=OPTIONS specify custom TCP options\n");
- rprintf(F," --blocking-io use blocking I/O for the remote
shell\n");
- rprintf(F," --stats give some file-transfer stats\n");
- rprintf(F," -8, --8-bit-output leave high-bit chars unescaped in
output\n");
- rprintf(F," -h, --human-readable output numbers in a human-readable
format\n");
- rprintf(F," --progress show progress during transfer\n");
- rprintf(F," -P same as --partial --progress\n");
- rprintf(F," -i, --itemize-changes output a change-summary for all
updates\n");
- rprintf(F," --out-format=FORMAT output updates using the specified
FORMAT\n");
- rprintf(F," --log-file=FILE log what we're doing to the
specified FILE\n");
- rprintf(F," --log-file-format=FMT log updates using the specified
FMT\n");
- rprintf(F," --password-file=FILE read daemon-access password from
FILE\n");
- rprintf(F," --list-only list the files instead of copying
them\n");
- rprintf(F," --bwlimit=RATE limit socket I/O bandwidth\n");
-#ifdef HAVE_SETVBUF
- rprintf(F," --outbuf=N|L|B set output buffering to None, Line,
or Block\n");
-#endif
- rprintf(F," --write-batch=FILE write a batched update to FILE\n");
- rprintf(F," --only-write-batch=FILE like --write-batch but w/o updating
destination\n");
- rprintf(F," --read-batch=FILE read a batched update from FILE\n");
- rprintf(F," --protocol=NUM force an older protocol version to
be used\n");
-#ifdef ICONV_OPTION
- rprintf(F," --iconv=CONVERT_SPEC request charset conversion of
filenames\n");
-#endif
- rprintf(F," --checksum-seed=NUM set block/file checksum seed
(advanced)\n");
- rprintf(F," -4, --ipv4 prefer IPv4\n");
- rprintf(F," -6, --ipv6 prefer IPv6\n");
- rprintf(F," -V, --version print the version & other info and
exit\n");
- rprintf(F,"(-h) --help show this help (-h is --help only if
used alone)\n");
-
+#include "help-rsync.h"
rprintf(F,"\n");
rprintf(F,"Use \"rsync --daemon --help\" to see the daemon-mode command-line
options.\n");
rprintf(F,"Please see the rsync(1) and rsyncd.conf(5) man pages for full
documentation.\n");
@@ -1139,20 +992,7 @@ static void daemon_usage(enum logcode F)
rprintf(F,"\n");
rprintf(F,"Usage: rsync --daemon [OPTION]...\n");
- rprintf(F," --address=ADDRESS bind to the specified address\n");
- rprintf(F," --bwlimit=RATE limit socket I/O bandwidth\n");
- rprintf(F," --config=FILE specify alternate rsyncd.conf
file\n");
- rprintf(F," -M, --dparam=OVERRIDE override global daemon config
parameter\n");
- rprintf(F," --no-detach do not detach from the parent\n");
- rprintf(F," --port=PORT listen on alternate port number\n");
- rprintf(F," --log-file=FILE override the \"log file\"
setting\n");
- rprintf(F," --log-file-format=FMT override the \"log format\"
setting\n");
- rprintf(F," --sockopts=OPTIONS specify custom TCP options\n");
- rprintf(F," -v, --verbose increase verbosity\n");
- rprintf(F," -4, --ipv4 prefer IPv4\n");
- rprintf(F," -6, --ipv6 prefer IPv6\n");
- rprintf(F," --help show this help screen\n");
-
+#include "help-rsyncd.h"
rprintf(F,"\n");
rprintf(F,"If you were not trying to invoke rsync as a daemon, avoid using
any of the\n");
rprintf(F,"daemon-specific rsync options. See also the rsyncd.conf(5) man
page.\n");
diff --git a/packaging/lsb/rsync.spec b/packaging/lsb/rsync.spec
index ea02c7e6..4f44db5c 100644
--- a/packaging/lsb/rsync.spec
+++ b/packaging/lsb/rsync.spec
@@ -70,7 +70,6 @@ rm -rf $RPM_BUILD_ROOT
%config(noreplace) /etc/xinetd.d/rsync
%{_prefix}/bin/rsync
%{_prefix}/bin/rsync-ssl
-%{_prefix}/lib/rsync/ssl-rsh
%{_mandir}/man1/rsync.1*
%{_mandir}/man1/rsync-ssl.1*
%{_mandir}/man5/rsyncd.conf.5*
diff --git a/prepare-source b/prepare-source
index 3514a4c8..e4232408 100755
--- a/prepare-source
+++ b/prepare-source
@@ -31,13 +31,13 @@ for action in "${@}"; do
else
files='[cap]*'
fi
- rsync -ipe ./ssl-rsh
rsync://download.samba.org/rsyncftp/generated-files/"$files" .
+ ./rsync-ssl -ip
rsync://download.samba.org/rsyncftp/generated-files/"$files" .
;;
fetchgen)
- rsync -ipe ./ssl-rsh
rsync://download.samba.org/rsyncftp/generated-files/'*' .
+ ./rsync-ssl -ip rsync://download.samba.org/rsyncftp/generated-files/'*'
.
;;
fetchSRC)
- rsync -ipre ./ssl-rsh --exclude=/.git/
rsync://download.samba.org/ftp/pub/unpacked/rsync/ .
+ ./rsync-ssl -ipr --exclude=/.git/
rsync://download.samba.org/ftp/pub/unpacked/rsync/ .
;;
*)
echo "Unknown action: $action"
diff --git a/rsync-ssl b/rsync-ssl
index c9a8db90..c55dc7a8 100755
--- a/rsync-ssl
+++ b/rsync-ssl
@@ -1,23 +1,167 @@
#!/bin/bash
+
# This script supports using stunnel or openssl to secure an rsync daemon
connection.
-# The first option can be --type=stunnel or --type=openssl to choose your
connection
-# type (overriding any $RSYNC_SSL_TYPE default value).
-if [[ "$1" == --type=* ]]; then
- export RSYNC_SSL_TYPE="${1/--type=/}"
+# By default this script takes rsync args and hands them off to the actual
+# rsync command with an --rsh option that makes it open an SSL connection to an
+# rsync daemon. See the rsync-ssl manpage for usage details and env variables.
+
+# When the first arg is --HELPER, we are being used by rsync as an --rsh helper
+# script, and the args are (note the trailing dot):
+#
+# rsync-ssl --HELPER HOSTNAME rsync --server --daemon .
+#
+# --HELPER is not a user-facing option, so it is not documented in the manpage.
+
+# The first SSL setup was based on:
http://dozzie.jarowit.net/trac/wiki/RsyncSSL
+# Note that an stunnel connection requires at least version 4.x of stunnel.
+
+function rsync_ssl_run {
+ case "$*" in
+ *rsync://*) ;;
+ *::*) ;;
+ *)
+ echo "You must use rsync-ssl with a daemon-style hostname." 1>&2
+ exit 1
+ ;;
+ esac
+
+ exec rsync --rsh="$0 --HELPER" "${@}"
+}
+
+function rsync_ssl_helper {
+ if [[ -z "$RSYNC_SSL_TYPE" ]]; then
+ found=`path_search stunnel4 stunnel openssl` || exit 1
+ if [[ "$found" == */openssl ]]; then
+ RSYNC_SSL_TYPE=openssl
+ RSYNC_SSL_OPENSSL="$found"
+ else
+ RSYNC_SSL_TYPE=stunnel
+ RSYNC_SSL_STUNNEL="$found"
+ fi
+ fi
+
+ case "$RSYNC_SSL_TYPE" in
+ openssl)
+ if [[ -z "$RSYNC_SSL_OPENSSL" ]]; then
+ RSYNC_SSL_OPENSSL=`path_search openssl` || exit 1
+ fi
+ optsep=' '
+ ;;
+ stunnel)
+ if [[ -z "$RSYNC_SSL_STUNNEL" ]]; then
+ RSYNC_SSL_STUNNEL=`path_search stunnel4 stunnel` || exit 1
+ fi
+ optsep=' = '
+ ;;
+ *)
+ echo "The RSYNC_SSL_TYPE specifies an unknown type:
$RSYNC_SSL_TYPE" 1>&2
+ exit 1
+ ;;
+ esac
+
+ if [[ -z "$RSYNC_SSL_CERT" ]]; then
+ certopt=""
+ else
+ certopt="cert$optsep$RSYNC_SSL_CERT"
+ fi
+
+ if [[ -z ${RSYNC_SSL_CA_CERT+x} ]]; then
+ # RSYNC_SSL_CA_CERT unset - default CA set AND verify:
+ # openssl:
+ caopt="-verify_return_error -verify 4"
+ # stunnel:
+ cafile=""
+ verify=0
+ elif [[ "$RSYNC_SSL_CA_CERT" == "" ]]; then
+ # RSYNC_SSL_CA_CERT set but empty -do NO verifications:
+ # openssl:
+ caopt="-verify 1"
+ # stunnel:
+ cafile=""
+ verify=0
+ else
+ # RSYNC_SSL_CA_CERT set - use CA AND verify:
+ # openssl:
+ caopt="-CAfile $RSYNC_SSL_CA_CERT -verify_return_error -verify 4"
+ # stunnel:
+ cafile="CAfile = $RSYNC_SSL_CA_CERT"
+ verify=3
+ fi
+
+ port="${RSYNC_PORT:-0}"
+ if [[ "$port" == 0 ]]; then
+ port="${RSYNC_SSL_PORT:-874}"
+ fi
+
+ # If the user specified USER@HOSTNAME::module, then rsync passes us
+ # the -l USER option too, so we must be prepared to ignore it.
+ if [[ "$1" == "-l" ]]; then
+ shift 2
+ fi
+
+ hostname="$1"
shift
-fi
--
The rsync repository.
_______________________________________________
rsync-cvs mailing list
rsync-cvs@lists.samba.org
https://lists.samba.org/mailman/listinfo/rsync-cvs
