X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=handlers%2Fdup;h=b6c2bfd2991f77b8ee39471981bbae176c695b42;hb=0d606253af6ecb8ede07b0991a1f295fb70e7e65;hp=2d759b0eee22f01155294256ce36e671ef4c1b29;hpb=26a57c396c75e0e782ffaf3946f6912da0ecf4ae;p=matthijs%2Fupstream%2Fbackupninja.git

diff --git a/handlers/dup b/handlers/dup
index 2d759b0..b6c2bfd 100644
--- a/handlers/dup
+++ b/handlers/dup
@@ -1,3 +1,4 @@
+# -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
 #
 # duplicity script for backupninja
 # requires duplicity
@@ -11,14 +12,19 @@ setsection gpg
 getconf password
 getconf sign no
 getconf encryptkey
+getconf signkey
 
 setsection source
 getconf include
+getconf vsnames all
+getconf vsinclude
 getconf exclude
 
 setsection dest
+getconf incremental yes
 getconf keep 60
 getconf sshoptions
+getconf bandwidthlimit 0
 getconf desthost
 getconf destdir
 getconf destuser
@@ -26,13 +32,39 @@ destdir=${destdir%/}
 
 [ "$destdir" != "" ] || fatal "Destination directory not set"
 [ "$include" != "" ] || fatal "No source includes specified"
-[ "$password" != "" ] || fatal "No password specified"
 
-# see if we can login
+### vservers stuff ###
+
+# See if vservers are configured.
+# If so, check that the ones listed in $vsnames do exist.
+if [ "$vservers" == "yes" ]; then
+    [ -d "$VROOTDIR" ] || fatal "vservers enabled, but $VROOTDIR does not exist!"
+    if [ "$vsnames" == "all" ]; then
+	vsnames=""
+    	for vserver in `ls $VROOTDIR | grep -E -v "lost+found|ARCHIVES"`; do
+	    vsnames="$vserver $vsnames"
+	done
+    else
+	for vserver in "$vsnames"; do
+	    [ -d "$VROOTDIR/$vserver" ] || fatal "vserver '$vserver' does not exist."
+	done
+    fi
+    if [ -n "$vsnames" ]; then
+	if [ -n "$vsinclude" ]; then
+	    info "Using vservers '$vsnames'"
+	    usevserver=1
+	fi
+    else
+	[ -z "$vsinclude" ] || warning 'vsnames is empty, vsinclude configuration lines will be ignored'
+    fi
+fi
+
+### see if we can login ###
+
 if [ "$testconnect" == "yes" ]; then
     debug "ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'"
     if [ ! $test ]; then
-	result=`ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1' 2>&1`
+	result=`ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'`
 	if [ "$result" != "1" ]; then
 	    fatal "Can't connect to $desthost as $destuser."
 	else
@@ -43,13 +75,32 @@ fi
 
 ### COMMAND-LINE MANGLING ###
 
-execstr="$options --no-print-statistics --scp-command 'scp $sshoptions' --ssh-command 'ssh $sshoptions' "
+scpoptions="$sshoptions"
+[ "$bandwidthlimit" == 0 ] || scpoptions="$scpoptions -l $bandwidthlimit"
 
-if [ "$encryptkey" == "" ]; then
-    [ "$sign" != "yes" ] || fatal "encryptkey option must be set when signing."
-else
+execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --ssh-command 'ssh $sshoptions' "
+
+# deal with symmetric or asymmetric (public/private key pair) encryption
+if [ -n "$encryptkey" ]; then
     execstr="${execstr}--encrypt-key $encryptkey "
-    [ "$sign" != "yes" ] || execstr="${execstr}--sign-key $encryptkey "
+    debug "Data will be encrypted with the GnuPG key $encryptkey."
+else
+    [ -n "$password" ] || fatal "The password option must be set when using symmetric encryption."
+    debug "Data will be encrypted using symmetric encryption."
+fi
+
+# deal with data signing
+if [ "$sign" == yes ]; then
+    # duplicity is not able to sign data when using symmetric encryption
+    [ -n "$encryptkey" ] || fatal "The encryptkey option must be set when signing."
+    # if needed, initialize signkey to a value that is not empty (checked above)
+    [ -n "$signkey" ] || signkey="$encryptkey"
+    # check password validity
+    [ -n "$password" ] || fatal "The password option must be set when signing."
+    execstr="${execstr}--sign-key $signkey "
+    debug "Data will be signed will the GnuPG key $signkey."
+else
+    debug "Data won't be signed."
 fi
 
 if [ "$keep" != "yes" ]; then
@@ -59,6 +110,10 @@ if [ "$keep" != "yes" ]; then
     execstr="${execstr}--remove-older-than $keep "
 fi
 
+if [ "$incremental" == "no" ]; then
+    execstr="${execstr}--full "
+fi
+
 execstr_serverpart="scp://$destuser@$desthost/$destdir"
 execstr_clientpart="/"
 
@@ -67,15 +122,25 @@ execstr_clientpart="/"
 # excludes
 for i in $exclude; do
 	str="${i//__star__/*}"
-	execstr="${execstr}--exclude $str "
+	execstr="${execstr}--exclude '$str' "
 done
 	
 # includes 
 for i in $include; do
 	str="${i//__star__/*}"
-	execstr="${execstr}--include $str "
+	execstr="${execstr}--include '$str' "
 done
 
+# vsincludes
+if [ $usevserver ]; then
+    for vserver in $vsnames; do
+	for vi in $vsinclude; do
+	    str="${vi//__star__/*}"
+	    execstr="${execstr}--include '$VROOTDIR/$vserver$str' "
+	done
+    done
+fi
+
 ### EXECUTE ###
 
 # exclude everything else, start with root
@@ -88,17 +153,17 @@ execstr=${execstr//\\*/\\\\\\*}
 
 debug "duplicity $execstr --exclude '**' / $execstr_serverpart"
 if [ ! $test ]; then
+        export PASSPHRASE=$password
 	output=`nice -n $nicelevel \
                   su -c \
-                    "export PASSPHRASE=$password \
-                     && duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
+                    "duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
 	code=$?
-	if [ "$code" == "0" ]; then
+	if [ $code -eq 0 ]; then
 		debug $output
 		info "Duplicity finished successfully."
 	else
-		warning $output
-		warning "Duplicity failed."
+		debug $output
+		fatal "Duplicity failed."
 	fi
 fi