From 85c0d3c1c73dfd8f625c99256f0e1706979b895e Mon Sep 17 00:00:00 2001
From: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue, 1 Apr 2025 20:07:59 +0200
Subject: [PATCH] include: Add the contents of the ipsec certs directory to the
 backup

- Previously only the .pem files were bacdked up from the /var/ipfire/certs/ directory.
   That was okay in the past as the serial and index files never changed after the
   root/host cert set waqs created.
- With the renew process then the serial and index files get updated and these are needed
   to match with the cert status that was backed up. Otherwise you could end up with one
   set of values in the serial and index files that did not match with the restored
   certs.
- This patch adds all the contents of the certs directory to the backup.
- Tested out on my vm testbed and successfully restored a backup and was able to connect
   with the same client settings.

Fixes: bug13737
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/backup/include | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/backup/include b/config/backup/include
index 0bf9440d3..7e1e9a76a 100644
--- a/config/backup/include
+++ b/config/backup/include
@@ -28,6 +28,7 @@ var/ipfire/backup/addons/backup
 var/ipfire/backup/exclude.user
 var/ipfire/backup/include.user
 var/ipfire/captive/*
+var/ipfire/certs
 var/ipfire/*/*.conf
 var/ipfire/*/config
 var/ipfire/dhcp/*
-- 
2.39.5