Re: Updating of access times
Karl - thanks heaps! ( I think I was looking at an old man page, that doesn't show that option). Just what we need - thanks. Rob. On 10/2/20, 15:51, "Karl O. Pinc" wrote: On Mon, 10 Feb 2020 03:27:39 + "Bell, Robert \(IM, Clayton\) via rsync" wrote: > We have a scenario where we need to take a copy of a filesystem, and > use rsync to do so, but would like to retain the original access > times on the source files. I did not find an option to do this, and > would be grateful for advice if this is possible. From the man page: --noatime do not alter atime when opening source files Regards, Karl Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Updating of access times
rsync Folks, Firstly, thanks heaps to the maintainers of rsync - such a valuable utility. We have a scenario where we need to take a copy of a filesystem, and use rsync to do so, but would like to retain the original access times on the source files. I did not find an option to do this, and would be grateful for advice if this is possible. If not, we have a case where an enhancement (--restore-access-times ?) would be valuable, to us at least. --restore-access-times rsync restores the pre-existing access time after accessing a file (System dump utilities like xfsdump do restore (or not update) access times.) Thanks Rob. Dr Robert C. Bell Retirement Fellow CSIRO Australia Information Management and Technology Scientific Computing -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
[RFC PATCH] Add SHA1 support
From: Sebastian Andrzej Siewior
This is a huge all-in-one patch and deserves a little cleanup and
splitting. However, I wanted to get it out here for some feedback.
My primar motivation to use SHA1 for checksumming (by default) instead
of MD5 is not the additional security bits but performance. On a decent
x86 box the SHA1 performance is almost the same as MD5's but with
acceleration it outperforms MD5.
The other alternative would be to go for xxHash64 [0] which has the
superior performance but provides a non-cryptographic hash so I though
SHA1 would be better here.
For linking against OpenSSL as of today the rsync license would need an
"OpenSSL exception" [1]. The master branch of OpenSSL is licensed under
the Apache License 2.0 so we could wait until 3.0 is released and use
the C version of the algorithm in the meantime.
Here are numbers from a ryzen test box:
small file:
|$ dd if=/dev/zero of=/dev/shm/out bs=1073741824 count=1
|1+0 records in
|1+0 records out
|1073741824 bytes (1,1 GB, 1,0 GiB) copied, 0,503252 s, 2,1 GB/s
Old hash:
|$ time ./rsync -c /dev/shm/out --checksum-choice=md4
|-rw-r--r-- 1,073,741,824 2020/02/08 16:34:42 out
|
|real0m1,064s
|user0m0,984s
|sys 0m0,080s
MD5 from openssl (should match built-in speed):
|$ time ./rsync -c /dev/shm/out --checksum-choice=md5
|-rw-r--r-- 1,073,741,824 2020/02/08 16:34:42 out
|
|real0m1,433s
|user0m1,293s
|sys 0m0,140s
SHA1 from openssl:
|$ time ./rsync -c /dev/shm/out --checksum-choice=sha1
|-rw-r--r-- 1,073,741,824 2020/02/08 16:34:42 out
|
|real0m0,619s
|user0m0,524s
|sys 0m0,096s
SHA1 from the built-in code:
|time ./rsync -c /dev/shm/out --checksum-choice=sha1
|-rw-r--r-- 1,073,741,824 2020/02/08 16:34:42 out
|
|real0m1,561s
|user0m1,465s
|sys 0m0,096s
[1]
https://opensource.stackexchange.com/questions/2233/gpl-v3-with-openssl-exception
[0] https://github.com/Cyan4973/xxHash
Signed-off-by: Sebastian Andrzej Siewior
---
Makefile.in | 4 +-
checksum.c| 144 +
configure.ac | 5 +
lib/md32_common.h | 258 +
lib/md5.c | 15 +-
lib/mdigest.h | 77 -
lib/sha1.c| 19 +++
lib/sha1.h| 20 +++
lib/sha_local.h | 401 ++
main.c| 2 +
rsync.h | 2 +-
11 files changed, 902 insertions(+), 45 deletions(-)
create mode 100644 lib/md32_common.h
create mode 100644 lib/sha1.c
create mode 100644 lib/sha1.h
create mode 100644 lib/sha_local.h
diff --git a/Makefile.in b/Makefile.in
index 9bb977eb6b0a8..a390afe4ed829 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -32,7 +32,7 @@ VERSION=@RSYNC_VERSION@
GENFILES=configure.sh aclocal.m4 config.h.in proto.h proto.h-tstamp rsync.1
rsyncd.conf.5
HEADERS=byteorder.h config.h errcode.h proto.h rsync.h ifuncs.h itypes.h
inums.h \
lib/pool_alloc.h
-LIBOBJ=lib/wildmatch.o lib/compat.o lib/snprintf.o lib/mdfour.o lib/md5.o \
+LIBOBJ=lib/wildmatch.o lib/compat.o lib/snprintf.o lib/mdfour.o lib/md5.o
lib/sha1.o \
lib/permstring.o lib/pool_alloc.o lib/sysacls.o lib/sysxattrs.o
@LIBOBJS@
zlib_OBJS=zlib/deflate.o zlib/inffast.o zlib/inflate.o zlib/inftrees.o \
zlib/trees.o zlib/zutil.o zlib/adler32.o zlib/compress.o zlib/crc32.o
diff --git a/checksum.c b/checksum.c
index 3295252ba0120..77c36b59c93ec 100644
--- a/checksum.c
+++ b/checksum.c
@@ -32,6 +32,7 @@ extern char *checksum_choice;
#define CSUM_MD4_OLD 3
#define CSUM_MD4 4
#define CSUM_MD5 5
+#define CSUM_SHA1 6
int xfersum_type = 0; /* used for the file transfer checksums */
int checksum_type = 0; /* used for the pre-transfer (--checksum) checksums */
@@ -54,6 +55,8 @@ int parse_csum_name(const char *name, int len)
len = strlen(name);
if (!name || (len == 4 && strncasecmp(name, "auto", 4) == 0)) {
+ if (protocol_version >= 31)
+ return CSUM_SHA1;
if (protocol_version >= 30)
return CSUM_MD5;
if (protocol_version >= 27)
@@ -68,6 +71,8 @@ int parse_csum_name(const char *name, int len)
return CSUM_MD5;
if (len == 4 && strncasecmp(name, "none", 4) == 0)
return CSUM_NONE;
+ if (len == 4 && strncasecmp(name, "sha1", 4) == 0)
+ return CSUM_SHA1;
rprintf(FERROR, "unknown checksum name: %s\n", name);
exit_cleanup(RERR_UNSUPPORTED);
@@ -88,6 +93,8 @@ int csum_len_for_type(int cst, BOOL flist_csum)
return MD4_DIGEST_LEN;
case CSUM_MD5:
return MD5_DIGEST_LEN;
+ case CSUM_SHA1:
+ return SHA1_DIGEST_LEN;
default: /* paranoia to prevent missing case values */
exit_cleanup(RERR_UNSUPPORTED);
}
@@ -121,30 +128,48 @@ uint32 get_checksum1(char *buf1, int32 len)
return (s1 & 0x) + (s2 << 16);
}
+static void
[draft PATCH] whitelist support for refuse options
This adds support for whitelisting the acceptable options in the
"refuse options" setting in rsyncd.conf. It introduces "!" as a
special option string that refuses most options and interprets
any following strings as patterns of options to allow.
For example, to allow only verbose and archive:
refuse options = ! verbose archive
The "!" does't refuse no-iconv, but you can still refuse it and
use a whitelist if you want:
refuse options = no-iconv ! verbose archive
It's not finished (needs tests and doc) I just wanted to see if
there'd be any interest in merging something of this shape
before I put more work into it.
My use case is setting up a restricted trust relationship by
allowing host A to ssh to host B with a forced command of
"rsync --server --daemon --config=/path/to/rsyncd.conf ." and
configuring the restictions in rsyncd.conf. I know what options
I want to use, it'd be nice to enforce that on the server side
without listing every other option in "refuse options".
---
options.c | 114 +++---
1 file changed, 82 insertions(+), 32 deletions(-)
diff --git a/options.c b/options.c
index e5b0cb68..02d1b174 100644
--- a/options.c
+++ b/options.c
@@ -1133,39 +1133,101 @@ static void set_refuse_options(char *bp)
{
struct poptOption *op;
char *cp, shortname[2];
- int is_wild, found_match;
+ int is_wild, found_match, whitelist_mode, archive_whitelisted;
shortname[1] = '\0';
+ whitelist_mode = 0;
+ archive_whitelisted = 0;
+ /* We flag options for refusal by abusing the "descrip" field of
+* struct poptOption (which we don't use) to temporarily store
+* a refuse flag. Refused options may be un-refused later in the
+* loop if whitelist mode is triggered. */
while (1) {
while (*bp == ' ') bp++;
if (!*bp)
break;
if ((cp = strchr(bp, ' ')) != NULL)
*cp= '\0';
- is_wild = strpbrk(bp, "*?[") != NULL;
- found_match = 0;
+ if (!strcmp(bp, "!")) {
+ whitelist_mode = 1;
+ for (op = long_options; ; op++) {
+ *shortname = op->shortName;
+ if (!op->longName && !*shortname)
+ break;
+ if (*shortname != 'e' && (!op->longName ||(
+ strcmp("server", op->longName) &&
+ strcmp("sender", op->longName) &&
+ strcmp("no-iconv", op->longName
+ op->descrip = "refused";
+ }
+ } else {
+ is_wild = strpbrk(bp, "*?[") != NULL;
+ found_match = 0;
+ for (op = long_options; ; op++) {
+ *shortname = op->shortName;
+ if (!op->longName && !*shortname)
+ break;
+ if ((op->longName && wildmatch(bp,
op->longName))
+ || (*shortname && wildmatch(bp,
shortname))) {
+ op->descrip = whitelist_mode ? 0 :
"refused";
+ found_match = 1;
+ if (whitelist_mode && *shortname == 'a')
+ archive_whitelisted = 1;
+ if (!is_wild)
+ break;
+ }
+ }
+ if (!found_match) {
+ rprintf(FLOG, "No match for refuse-options
string \"%s\"\n",
+ bp);
+ }
+ }
+ if (!cp)
+ break;
+ *cp = ' ';
+ bp = cp + 1;
+ }
+
+ /* For the --archive option, the client sends the implied options
+* explicitly to the server, so if --archive is whitelisted then
+* we must individually whitelist the implied options as well. */
+ if (archive_whitelisted) {
for (op = long_options; ; op++) {
*shortname = op->shortName;
if (!op->longName && !*shortname)
break;
- if ((op->longName && wildmatch(bp, op->longName))
- || (*shortname && wildmatch(bp, shortname))) {
- if (op->argInfo == POPT_ARG_VAL)
- op->argInfo = POPT_ARG_NONE;
- op->val = (op - long_options) +
OPT_REFUSED_BASE;
-
