From: Wayne Davison <wayne@opencoder.net>
Date: Wed, 22 Apr 2020 17:53:38 +0000 (-0700)
Subject: Some more rsync-ssl improvements:
X-Git-Tag: v3.2.0pre1~166
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3249824264f90241a8acd0bbf7aa5ab3c88442ff;p=thirdparty%2Frsync.git

Some more rsync-ssl improvements:

- Make the rsync-ssl default behavior more user friendly.
- Install rsync-ssl & rsync-ssl-rsh in the regular install rules.
- Add a manpage for rsync-ssl (which is also installed).
- Get rid of the rsync-ssl-client package in our spec file.
---

diff --git a/.gitignore b/.gitignore
index 519bd3bc..f601caed 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,8 +15,8 @@ config.status
 aclocal.m4
 /proto.h
 /proto.h-tstamp
-/rsync.1
-/rsyncd.conf.5
+/*.1
+/*.5
 /autom4te*.cache
 /confdefs.h
 /conftest*
diff --git a/Makefile.in b/Makefile.in
index b5aa9862..6ce3c74c 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -29,7 +29,7 @@ VERSION=@RSYNC_VERSION@
 .SUFFIXES:
 .SUFFIXES: .c .o
 
-GENFILES=configure.sh aclocal.m4 config.h.in proto.h proto.h-tstamp rsync.1 rsyncd.conf.5
+GENFILES=configure.sh aclocal.m4 config.h.in proto.h proto.h-tstamp rsync.1 rsync-ssl.1 rsyncd.conf.5
 HEADERS=byteorder.h config.h errcode.h proto.h rsync.h ifuncs.h itypes.h inums.h \
 	lib/pool_alloc.h
 LIBOBJ=lib/wildmatch.o lib/compat.o lib/snprintf.o lib/mdfour.o lib/md5.o \
@@ -68,16 +68,14 @@ all: Makefile rsync$(EXEEXT) rsync-ssl stunnel-rsyncd.conf @MAKE_MAN@
 install: all
 	-${MKDIR_P} ${DESTDIR}${bindir}
 	${INSTALLCMD} ${INSTALL_STRIP} -m 755 rsync$(EXEEXT) ${DESTDIR}${bindir}
+	${INSTALLCMD} -m 755 rsync-ssl ${DESTDIR}${bindir}
+	${INSTALLCMD} -m 755 rsync-ssl-rsh ${DESTDIR}${bindir}
 	-${MKDIR_P} ${DESTDIR}${mandir}/man1
 	-${MKDIR_P} ${DESTDIR}${mandir}/man5
 	if test -f rsync.1; then ${INSTALLMAN} -m 644 rsync.1 ${DESTDIR}${mandir}/man1; fi
+	if test -f rsync-ssl.1; then ${INSTALLMAN} -m 644 rsync-ssl.1 ${DESTDIR}${mandir}/man1; fi
 	if test -f rsyncd.conf.5; then ${INSTALLMAN} -m 644 rsyncd.conf.5 ${DESTDIR}${mandir}/man5; fi
 
-install-ssl-client: rsync-ssl
-	-${MKDIR_P} ${DESTDIR}${bindir}
-	${INSTALLCMD} -m 755 rsync-ssl ${DESTDIR}${bindir}
-	${INSTALLCMD} -m 755 rsync-ssl-rsh ${DESTDIR}${bindir}
-
 install-ssl-daemon: stunnel-rsyncd.conf
 	-${MKDIR_P} ${DESTDIR}/etc/stunnel
 	${INSTALLCMD} -m 644 stunnel-rsyncd.conf ${DESTDIR}/etc/stunnel/rsyncd.conf
@@ -209,16 +207,28 @@ proto.h: proto.h-tstamp
 proto.h-tstamp: $(srcdir)/*.c $(srcdir)/lib/compat.c config.h
 	awk -f $(srcdir)/mkproto.awk $(srcdir)/*.c $(srcdir)/lib/compat.c
 
-man: rsync.1 rsyncd.conf.5 man-copy
+man: rsync.1 rsync-ssl.1 rsyncd.conf.5 man-copy
 
 man-copy:
-	@if test -f rsync.1; then :; elif test -f $(srcdir)/rsync.1; then echo 'Copying srcdir rsync.1'; cp -p $(srcdir)/rsync.1 .; else echo "NOTE: rsync.1 cannot be created."; fi
-	@if test -f rsyncd.conf.5; then :; elif test -f $(srcdir)/rsyncd.conf.5; then echo 'Copying srcdir rsyncd.conf.5'; cp -p $(srcdir)/rsyncd.conf.5 .; else echo "NOTE: rsyncd.conf.5 cannot be created."; fi
+	@for fn in rsync.1 rsync-ssl.1 rsyncd.conf.5; do \
+	    if test -f $$fn; then \
+		: ; \
+	    elif test -f $(srcdir)/$$fn; then \
+		echo "Copying srcdir $$fn" ; \
+		cp -p $(srcdir)/$$fn . ; \
+	    else \
+		echo "NOTE: $$fn cannot be created." ; \
+	    fi ; \
+	done
 
 rsync.1: rsync.yo
 	yodl2man -o rsync.1 $(srcdir)/rsync.yo
 	-$(srcdir)/tweak_manpage rsync.1
 
+rsync-ssl.1: rsync-ssl.yo
+	yodl2man -o rsync-ssl.1 $(srcdir)/rsync-ssl.yo
+	-$(srcdir)/tweak_manpage rsync-ssl.1
+
 rsyncd.conf.5: rsyncd.conf.yo
 	yodl2man -o rsyncd.conf.5 $(srcdir)/rsyncd.conf.yo
 	-$(srcdir)/tweak_manpage rsyncd.conf.5
diff --git a/packaging/lsb/rsync.spec b/packaging/lsb/rsync.spec
index 2db26074..65a442e8 100644
--- a/packaging/lsb/rsync.spec
+++ b/packaging/lsb/rsync.spec
@@ -13,11 +13,6 @@ URL: http://rsync.samba.org/
 Prefix: %{_prefix}
 BuildRoot: /var/tmp/%{name}-root
 
-%package ssl-client
-Summary: Provides rsync-ssl
-Group: Applications/Internet
-Requires: rsync, stunnel >= 4
-
 %package ssl-daemon
 Summary: An stunnel config file to support ssl rsync daemon connections.
 Group: Applications/Internet
@@ -34,11 +29,6 @@ differences between the source files and the existing files in the
 destination.  Rsync is widely used for backups and mirroring and as an
 improved copy command for everyday use.
 
-%description ssl-client
-Provides the rsync-ssl script that makes use of stunnel 4 to open an ssl
-connection to an rsync daemon (on port 874).  This setup does NOT require
-any local stunnel daemon to be running to connect to the remote ssl rsyncd.
-
 %description ssl-daemon
 Provides a config file for stunnel that will (if you start your stunnel
 service) cause stunnel to listen for ssl rsync-daemon connections and run
@@ -66,7 +56,7 @@ make
 
 %install
 rm -rf $RPM_BUILD_ROOT
-make install install-ssl-client install-ssl-daemon DESTDIR=$RPM_BUILD_ROOT
+make install install-ssl-daemon DESTDIR=$RPM_BUILD_ROOT
 
 mkdir -p $RPM_BUILD_ROOT/etc/xinetd.d $RPM_BUILD_ROOT/etc/rsync-ssl/certs
 install -m 644 packaging/lsb/rsync.xinetd $RPM_BUILD_ROOT/etc/xinetd.d/rsync
@@ -79,12 +69,11 @@ rm -rf $RPM_BUILD_ROOT
 %doc COPYING NEWS OLDNEWS README support/ tech_report.tex
 %config(noreplace) /etc/xinetd.d/rsync
 %{_prefix}/bin/rsync
-%{_mandir}/man1/rsync.1*
-%{_mandir}/man5/rsyncd.conf.5*
-
-%files ssl-client
 %{_prefix}/bin/rsync-ssl
 %{_prefix}/bin/rsync-ssl-rsh
+%{_mandir}/man1/rsync.1*
+%{_mandir}/man1/rsync-ssl.1*
+%{_mandir}/man5/rsyncd.conf.5*
 
 %files ssl-daemon
 %config(noreplace) /etc/stunnel/rsyncd.conf
diff --git a/packaging/nightly-rsync b/packaging/nightly-rsync
index 060f1a40..9959952f 100755
--- a/packaging/nightly-rsync
+++ b/packaging/nightly-rsync
@@ -119,7 +119,7 @@ if ($make_tar) {
     symlink("$name.tar.gz", $nightly_symlink);
 }
 
-foreach my $fn (qw( rsync.yo rsyncd.conf.yo )) {
+foreach my $fn (qw( rsync.yo rsync-ssl.yo rsyncd.conf.yo )) {
     my $yo_tmp = "$dest/$fn";
     (my $html_fn = "$dest/$fn") =~ s/\.yo/.html/;
 
diff --git a/packaging/release-rsync b/packaging/release-rsync
index 20d8ea07..cc4c28f7 100755
--- a/packaging/release-rsync
+++ b/packaging/release-rsync
@@ -385,8 +385,9 @@ About to:
     os.link(f"{dest}/NEWS", news_file)
     cmd_chk(f"git log --name-status | gzip -9 >{dest}/ChangeLog.gz")
 
-    cmd_chk(f"yodl2html -o {dest}/rsync.html rsync.yo")
-    cmd_chk(f"yodl2html -o {dest}/rsyncd.conf.html rsyncd.conf.yo")
+    for yo_fn in glob.glob('*.yo'):
+        html_fn = yo_fn.replace('.yo', '.html')
+        cmd_chk(['yodl2html', '-o', dest +'/'+ html_fn, yo_fn])
 
     for fn in (srctar_file, pattar_file, diff_file):
         asc_fn = fn + '.asc'
diff --git a/rsync-ssl-rsh b/rsync-ssl-rsh
index 84487adb..f99aa901 100755
--- a/rsync-ssl-rsh
+++ b/rsync-ssl-rsh
@@ -12,38 +12,52 @@
 
 # The environment can override our defaults using RSYNC_SSL_* variables
 
+function path_search {
+    IFS_SAVE="$IFS"
+    IFS=:
+    for prog in "${@}"; do
+	for dir in $PATH; do
+	    [[ -z "$dir" ]] && dir=.
+	    if [[ -f "$dir/$prog" && -x "$dir/$prog" ]]; then
+		echo "$dir/$prog"
+		IFS="$IFS_SAVE"
+		return 0
+	    fi
+	done
+    done
+
+    IFS="$IFS_SAVE"
+    echo "Failed to find on your path: $*" 1>&2
+    echo "See the rsync-ssl manpage for configuration assistance." 1>&2
+    return 1
+}
+
 if [[ -z "$RSYNC_SSL_TYPE" ]]; then
-    RSYNC_SSL_TYPE=stunnel
+    found=`path_search stunnel4 stunnel openssl` || exit 1
+    if [[ "$found" == */openssl ]]; then
+	RSYNC_SSL_TYPE=openssl
+	RSYNC_SSL_OPENSSL="$found"
+    else
+	RSYNC_SSL_TYPE=stunnel
+	RSYNC_SSL_STUNNEL="$found"
+    fi
 fi
 
 case "$RSYNC_SSL_TYPE" in
-    stunnel)
-	if [[ -z "$RSYNC_SSL_STUNNEL" ]]; then
-	    IFS_SAVE="$IFS"
-	    IFS=:
-	    for prog in stunnel4 stunnel; do
-		for dir in $PATH; do
-		    [[ -z "$dir" ]] && dir=.
-		    if [[ -f "$dir/$prog" && -x "$dir/$prog" ]]; then
-			RSYNC_SSL_STUNNEL="$dir/$prog"
-			break 2
-		    fi
-		done
-	    done
-	    IFS="$IFS_SAVE"
+    openssl)
+	if [[ -z "$RSYNC_SSL_OPENSSL" ]]; then
+	    RSYNC_SSL_OPENSSL=`path_search openssl` || exit 1
 	fi
+	optsep=' '
+	;;
+    stunnel)
 	if [[ -z "$RSYNC_SSL_STUNNEL" ]]; then
-	    echo "Failed to find stunnel on your path." 1>&2
-	    echo "Maybe export RSYNC_SSL_STUNNEL=/path or RSYNC_SSL_TYPE=openssl." 1>&2
-	    exit 1
+	    RSYNC_SSL_STUNNEL=`path_search stunnel4 stunnel` || exit 1
 	fi
 	optsep=' = '
 	;;
-    openssl)
-	optsep=' '
-	;;
     *)
-	echo "The RSYNC_SSL_TYPE is not set to a known type: $RSYNC_SSL_TYPE" 1>&2
+	echo "The RSYNC_SSL_TYPE specifies an unknown type: $RSYNC_SSL_TYPE" 1>&2
 	exit 1
 	;;
 esac
@@ -97,10 +111,10 @@ if [[ -z "$hostname" || "$1" != rsync || "$2" != --server || "$3" != --daemon ]]
 fi
 
 if [[ $RSYNC_SSL_TYPE == openssl ]]; then
-    exec openssl s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
+    exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
 else
     # devzero@web.de came up with this no-tmpfile calling syntax:
-    exec stunnel -fd 10 11<&0 <<EOF 10<&0 0<&11 11<&-
+    exec $RSYNC_SSL_STUNNEL -fd 10 11<&0 <<EOF 10<&0 0<&11 11<&-
 foreground = yes
 debug = crit
 connect = $hostname:$port
diff --git a/rsync-ssl.yo b/rsync-ssl.yo
new file mode 100644
index 00000000..dd3774d2
--- /dev/null
+++ b/rsync-ssl.yo
@@ -0,0 +1,69 @@
+mailto(rsync-bugs@samba.org)
+manpage(rsync-ssl)(1)(22 Apr 2020)()()
+manpagename(rsync-ssl)(a helper script for connecting to an ssl rsync daemon)
+manpagesynopsis()
+
+verb(rsync-ssl [--type=openssl|stunnel] RSYNC_ARGS)
+
+manpagedescription()
+
+The rsync-ssl script helps you to run an rsync copy to/from an rsync daemon
+that requires ssl connections.
+
+If the bf(first) arg is a bf(--type=NAME) option, the script will only use that
+particular program to open an ssl connection instead of trying to find an
+stunnel or openssl executable via a simple heuristic (assuming that the
+bf(RSYNC_SSL_TYPE) environment variable is not set as well -- see below).  This
+option must be one of bf(--type=openssl) or bf(--type=stunnel).  The equal sign
+is required for this particular option.
+
+All the other options are passed through to the rsync command, so consult the
+bf(rsync) manpage for more information on how it works.
+
+Note that the stunnel connection type requires at least version 4 of stunnel,
+which should be the case on modern systems.
+
+manpagesection(ENVIRONMENT VARIABLES)
+
+The ssl helper scripts are affected by the following environment variables:
+
+description(
+
+dit(bf(RSYNC_SSL_TYPE)) Specifies the program type that should be used to open
+the ssl connection.  It must be one of "openssl" or "stunnel".  The
+bf(--type=NAME) option overrides this, if specified.
+
+dit(bf(RSYNC_SSL_PORT)) If specified, the value is the port number that is used
+as the default when the user does not specify a port in their rsync command.
+When not specified, the default port number is 874.  (Note that older rsync
+versions (prior to 3.1.4) did not communicate an overriding port number value
+to the helper script.)
+
+dit(bf(RSYNC_SSL_CERT)) If specified, the value is a filename that contains a
+certificate to use for the connection.
+
+dit(bf(RSYNC_SSL_CA_CERT)) If specified, the value is a filename that contains
+a certificate authority certificate that is used to validate the connection.
+
+dit(bf(RSYNC_SSL_STUNNEL)) Specifies the stunnel executable to run when the
+connection type is set to stunnel.  If unspecified, the $PATH is searched first
+for "stunnel4" and then for "stunnel".
+
+dit(bf(RSYNC_SSL_OPENSSL)) Specifies the openssl executable to run when the
+connection type is set to openssl.  If unspecified, the $PATH is searched for
+"openssl".
+
+)
+
+manpagesection(EXAMPLES)
+
+verb(    rsync-ssl -aiv example.com::src/ dest)
+
+verb(    rsync-ssl --type=openssl -aiv example.com::src/ dest)
+
+manpageauthor()
+
+This manpage was written by Wayne Davison.
+
+Mailing lists for support and development are available at
+url(http://lists.samba.org)(lists.samba.org)