git.ipfire.org Git - people/mfischer/ipfire-2.x.git/commit

author	Adolf Belka <adolf.belka@ipfire.org>
	Tue, 29 Apr 2025 14:42:19 +0000 (16:42 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 29 Apr 2025 15:22:53 +0000 (15:22 +0000)
commit	f0acc9e4a3a446307684dfe9ee9031313407546a
tree	08bd3067c209480018a8f444882d6da86251eaa3	tree
parent	5f0a9eb10ee55181179dbb54985c9559e5390ba9	commit \| diff

backup.pl: Fix restores for ipsec backups before regen was fixed

- Prior to the ipsec host cert regen fix, the backup did not include the serial or the
   index.txt files.
- After the ipsec regen patch set, if a backup from before the change is retsored then
   the serial and index.attr could end up not matching. This would break the ipsec regen
   again.
- All backups before the change will have hostcerts with serial numbers of 1.
- This patch extracts the serial number from the restored hostcert.pem. If the serial
   number is 1 and if the existing serial number file does not contain 02, then the
   serial file contents are replaced by 02 and the index.txt contents are deleted.
- If the restored hostcert.pem  serial number is greater than 1 then the backup will
   contain the serial anf index.txt files.
- If the restored hostcert.pem serial number is 1 and the serial file contains 02 then
   the ipsec regen will work correctly.

Fixes: bug13737
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>