From: Alain Spineux <alain@baculasystems.com>
Date: Tue, 10 Jan 2023 16:49:15 +0000 (+0100)
Subject: new installation script install-volume-encryption.sh
X-Git-Tag: Beta-15.0.0~281
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=330f0a9d5aad7aebf5439310b261c61a94bbbc80;p=thirdparty%2Fbacula.git

new installation script install-volume-encryption.sh

- the script setup a default the etc/key-manager.conf and initialize
  gnupg in etc/gnupg
---

diff --git a/bacula/.gitignore b/bacula/.gitignore
index c533a43b7..ef8b1b3eb 100644
--- a/bacula/.gitignore
+++ b/bacula/.gitignore
@@ -185,6 +185,8 @@ scripts/wxconsole.console_apps
 scripts/wxconsole.desktop.consolehelper
 scripts/wxconsole.desktop.xsu
 scripts/disk-changer
+scripts/key-manager.py
+scripts/install-key-manager.sh
 scripts/bacula-tray-monitor.desktop
 scripts/bacula-tray-monior.desktop
 scripts/.xvpics
diff --git a/bacula/autoconf/configure.in b/bacula/autoconf/configure.in
index de8ee9150..8761cc428 100644
--- a/bacula/autoconf/configure.in
+++ b/bacula/autoconf/configure.in
@@ -4124,6 +4124,14 @@ if test "x${subsysdir}" = "x${sbindir}" ; then
    exit 1
 fi
 
+if test -f src/plugins/fd/kubernetes-backend/Makefile.in; then
+    PFILES="${PFILES}  src/plugins/fd/kubernetes-backend/Makefile"
+fi
+
+if test -f src/plugins/fd/kubernetes-backend/baculak8s/plugins/k8sbackend/baculabackupimage.py.in; then
+   PFILES="${PFILES} src/plugins/fd/kubernetes-backend/baculak8s/plugins/k8sbackend/baculabackupimage.py"
+fi
+
 AC_CONFIG_FILES([
    autoconf/Make.common \
    Makefile \
@@ -4141,6 +4149,7 @@ AC_CONFIG_FILES([
    scripts/mtx-changer \
    scripts/disk-changer \
    scripts/key-manager.py \
+   scripts/install-key-manager.sh \
    scripts/logwatch/Makefile \
    scripts/logwatch/logfile.bacula.conf \
    scripts/bat.desktop \
@@ -4287,7 +4296,8 @@ cd ${BUILD_DIR}
 
 cd scripts
 chmod 755 bacula btraceback mtx-changer
-chmod 755 bconsole disk-changer devel_bacula logrotate key-manager.py
+chmod 755 bconsole disk-changer devel_bacula logrotate
+chmod 755 key-manager.py install-key-manager.sh
 cd ..
 
 c=updatedb
diff --git a/bacula/scripts/Makefile.in b/bacula/scripts/Makefile.in
index c0c90be8c..1d688493f 100755
--- a/bacula/scripts/Makefile.in
+++ b/bacula/scripts/Makefile.in
@@ -79,8 +79,7 @@ install: installdirs
 	  $(MV) -f ${DESTDIR}${scriptdir}/key-manager.py ${DESTDIR}${scriptdir}/key-manager.py.old; \
 	fi
 	$(INSTALL_SCRIPT) key-manager.py $(DESTDIR)$(scriptdir)/key-manager.py
- 
-
+	$(INSTALL_SCRIPT) install-key-manager.sh $(DESTDIR)$(scriptdir)/install-key-manager.sh
 
 
 uninstall:
@@ -104,6 +103,8 @@ uninstall:
 	(cd $(DESTDIR)$(sbindir);   $(RMF) btraceback)
 	(cd $(DESTDIR)$(sbindir);   $(RMF) generic_cloud_driver)
 	(cd $(DESTDIR)$(sbindir);   $(RMF) aws_cloud_driver)
+	(cd $(DESTDIR)$(scriptdir); $(RMF) key-manager.py)
+	(cd $(DESTDIR)$(scriptdir); $(RMF) install-key-manager.sh)
 
 
 aws_cloud_driver.C: aws_cloud_driver
@@ -128,6 +129,7 @@ Makefile: Makefile.in
 	chmod 755 bacula btraceback
 	chmod 755 bacula-ctl-dir bacula-ctl-fd bacula-ctl-sd bacula_config
 	chmod 755 disk-changer mtx-changer bconsole tapealert
+	chmod 755 key-manager.py install-key-manager.sh
 
 Makefiles:
 	$(SHELL) config.status
diff --git a/bacula/scripts/install-key-manager.sh.in b/bacula/scripts/install-key-manager.sh.in
new file mode 100644
index 000000000..cac8b6264
--- /dev/null
+++ b/bacula/scripts/install-key-manager.sh.in
@@ -0,0 +1,151 @@
+#!/bin/sh
+#
+# Copyright (C) 2023 Bacula Systems SA
+# License: BSD 2-Clause; see file LICENSE-FOSS
+#
+# This script setup a "master-key" for the volume encryption on the SD
+#
+
+# tell where GNUPG will work (usually in /opt/bacula/etc/gnupg)
+GNUPGHOME="@sysconfdir@/gnupg"
+KEYMAN_CONF="@sysconfdir@/key-manager.conf"
+
+#############################################################################
+#
+# usage
+#
+#############################################################################
+usage()
+{
+   echo "$0 [ check | install ]"
+   echo "setup a master key for the key-manager"
+   exit 1
+}
+
+#############################################################################
+#
+# check_gnupg
+#
+#############################################################################
+check_gnupg()
+{
+   # Check if GnuPG is installed
+   GNUPGBIN=`which gpg`
+   if [ -z "$GNUPGBIN" ] ; then
+      echo "GnuPG is not found or not installed" >&2
+      exit 1
+   fi
+}
+
+#############################################################################
+#
+# check_gnupg
+#
+#############################################################################
+check_gnupg()
+{
+   # Check if GnuPG is installed
+   GNUPGBIN=`which gpg`
+   if [ -z "$GNUPGBIN" ] ; then
+      echo "GnuPG is not found or not installed" >&2
+      exit 1
+   fi
+}
+
+#############################################################################
+#
+# check
+#
+#############################################################################
+check()
+{
+   check_gnupg
+
+   if [ -e $GNUPGHOME ] ; then
+      echo "Directory \"$GNUPGHOME\" exists"
+      exit 0
+   else
+      echo "Directory \"$GNUPGHOME\" don't exist"
+      exit 1
+   fi
+}
+
+#############################################################################
+#
+# install
+#
+#############################################################################
+install()
+{
+   check_gnupg
+
+   # Don't overwrite an existing configuration
+   if [ -e "$GNUPGHOME" ] ; then
+      echo "Directory \"$GNUPGHOME\" already exists, abort" >&2
+      exit 1
+   fi
+
+   mkdir $GNUPGHOME
+   chmod go-rwx $GNUPGHOME
+   export GNUPGHOME
+
+   PASSPHRASE=`openssl rand -base64 10`
+
+   GNUPG_SCRIPT=`mktemp`
+   cat > $GNUPG_SCRIPT <<EOF
+Key-Type: default
+Subkey-Type: default
+Name-Real: Bacula
+Name-Email: bacula@localhost
+Expire-Date: 0
+Passphrase: $PASSPHRASE
+%commit
+%echo done
+EOF
+
+   GNUPG_OUT=`mktemp`
+   $GNUPGBIN --batch --full-gen-key $GNUPG_SCRIPT >$GNUPG_OUT 2>&1
+   if [ $? != 0 ] ; then
+      cat $GNUPG_OUT
+      rm $GNUPG_OUT
+      echo "Error with gpg" >&2
+      exit 1
+   fi
+   rm $GNUPG_SCRIPT
+
+   # retrieve the fingerprint of the key
+   fpr=`$GNUPGBIN -k --with-colons | awk -F : '$1 ~/fpr/ { print $10;exit }'`
+
+   cat >$KEYMAN_CONF <<EOF
+[DEFAULT]
+gnupghome="$GNUPGHOME"
+
+[$fpr]
+#volume_regex=Volume[0-9]+|TestVolume[0-9]+
+uid=bacula@localhost
+passphrase=$PASSPHRASE
+stealth=off
+EOF
+   if [ "$USER" = root -o "$UID" = 0  ]; then
+      echo change ownership to user bacula
+      chown -R bacula.bacula $KEYMAN_CONF $GNUPGHOME
+   fi
+   echo "public and private keys have been created in $GNUPGHOME"
+   echo "the key-manager configuration file is in $KEYMAN_CONF"
+   exit 0
+}
+
+operation=$1
+shift
+
+case $operation in
+   "check")
+      check
+      ;;
+   "install")
+      install
+      ;;
+   *)
+      usage
+      ;;
+esac
diff --git a/bacula/scripts/key-manager.py.in b/bacula/scripts/key-manager.py.in
index c5d6cfa85..e9fecbc8e 100644
--- a/bacula/scripts/key-manager.py.in
+++ b/bacula/scripts/key-manager.py.in
@@ -2,21 +2,6 @@
 # -*- coding: utf-8 -*-
 #
 #   Bacula(R) - The Network Backup Solution
-
-   Copyright (C) 2000-2023 Kern Sibbald
-
-   The original author of Bacula is Kern Sibbald, with contributions
-   from many others, a complete list can be found in the file AUTHORS.
-
-   You may use this file and others of this release according to the
-   license defined in the LICENSE file, which includes the Affero General
-   Public License, v3.0 ("AGPLv3") and some additional permissions and
-   terms pursuant to its AGPLv3 Section 7.
-
-   This notice must be preserved when any source code is
-   conveyed and/or propagated.
-
-   Bacula(R) is a registered trademark of Kern Sibbald.
 #
 # License: BSD 2-Clause; see file LICENSE-FOSS
 #