From 734328691c00bbe2d66bf2b8f0a799eba842bdfc Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Mon, 4 Dec 2017 10:04:47 +0100 Subject: [PATCH] Import Spec and additional sources --- BackupPC-README.fedora | 17 ++ BackupPC.htaccess | 37 ++++ BackupPC.logrotate | 11 + BackupPC.tmpfiles | 1 + BackupPC4.spec | 552 +++++++++++++++++++++++++++++++++++++++++++++++++ BackupPC_Admin.c | 10 + README.RHEL | 22 ++ backuppc.service | 13 ++ 8 files changed, 663 insertions(+) create mode 100644 BackupPC-README.fedora create mode 100644 BackupPC.htaccess create mode 100644 BackupPC.logrotate create mode 100644 BackupPC.tmpfiles create mode 100644 BackupPC4.spec create mode 100644 BackupPC_Admin.c create mode 100644 README.RHEL create mode 100644 backuppc.service diff --git a/BackupPC-README.fedora b/BackupPC-README.fedora new file mode 100644 index 0000000..448c279 --- /dev/null +++ b/BackupPC-README.fedora @@ -0,0 +1,17 @@ +BackupPC's README file for Fedora + +## BackupPC's user +For security reasons, backuppc user cannot log in. If you want to start manual +backup (ie for debugging), you'll need to set it a shell : +usermod -s /bin/bash + +Do not forget to create an SSH key (ssk-keygen) and copy it to remote computers +if you plan to use tar/rsync over SSH backup method. + +## BackupPC's web interface +The CGI web interface is located at : +http://localhost/BackupPC + +You will need to create users in /etc/BackupPC/apache.users : +htpasswd -c /etc/BackupPC/apache.users username +(Note that the '-c' flag is only necessary to create the file) diff --git a/BackupPC.htaccess b/BackupPC.htaccess new file mode 100644 index 0000000..1ebc77e --- /dev/null +++ b/BackupPC.htaccess @@ -0,0 +1,37 @@ + +# BackupPC requires valid authentication in order for the web interface to +# function properly. One can view the web interface without authentication +# though all functionality is disabled. +# +# htpasswd -c /etc/BackupPC/apache.users yourusername +# + +AuthType Basic +AuthUserFile /etc/BackupPC/apache.users +AuthName "BackupPC" + + + # Apache 2.4 + + Require valid-user + + Require local + + + + + # Apache 2.2 + order deny,allow + deny from all + allow from 127.0.0.1 + allow from ::1 + require valid-user + + + + + + +Alias /BackupPC/images /usr/share/BackupPC/html/ +ScriptAlias /BackupPC /usr/share/BackupPC/sbin/BackupPC_Admin +ScriptAlias /backuppc /usr/share/BackupPC/sbin/BackupPC_Admin diff --git a/BackupPC.logrotate b/BackupPC.logrotate new file mode 100644 index 0000000..be99b63 --- /dev/null +++ b/BackupPC.logrotate @@ -0,0 +1,11 @@ +# ----- logrotate config ------------- +# BackupPC rotates its own logs! Do not enable this unless BackupPC's internal +# log rotation system has been disabled or if you REALLY know what you are doing. + +#/var/log/BackupPC/LOG { +# missingok +# weekly +# notifempty +# nocompress +# create 644 backuppc backuppc +#} diff --git a/BackupPC.tmpfiles b/BackupPC.tmpfiles new file mode 100644 index 0000000..3df527d --- /dev/null +++ b/BackupPC.tmpfiles @@ -0,0 +1 @@ +D /var/run/BackupPC 0775 root backuppc - diff --git a/BackupPC4.spec b/BackupPC4.spec new file mode 100644 index 0000000..9f651ac --- /dev/null +++ b/BackupPC4.spec @@ -0,0 +1,552 @@ +# enable -PIE build +%global _hardened_build 1 + +%if 0%{?rhel} && 0%{?rhel} < 5 +%global _without_selinux 1 +%endif + +# tmpfiles.d & systemd support in all supported Fedora now, but not RHEL < 7 +%if 0%{?fedora} || 0%{?rhel} >= 7 +%global _with_tmpfilesd 1 +%global _with_systemd 1 +%endif + +%global _updatedb_conf /etc/updatedb.conf + +%define realname BackupPC + +Name: %{realname}4 +Version: 4.1.3 +Release: 0.beta3%{?dist} +Summary: High-performance backup system +Group: Applications/System +License: GPLv2+ +URL: http://backuppc.github.io/backuppc/index.html +Provides: BackupPC +Conflicts: BackupPC + +Source0: https://github.com/backuppc/backuppc/releases/download/%{version}/%{realname}-%{version}.tar.gz +Patch0: BackupPC-4.1.3-locatedb.patch +Patch1: BackupPC-4.1.3-fix_substr_outside_of_string.patch +Source1: BackupPC.htaccess +Source2: BackupPC.logrotate +Source3: BackupPC-README.fedora +#A C wrapper to use since perl-suidperl is no longer provided +Source4: BackupPC_Admin.c +Source5: backuppc.service +Source6: BackupPC.tmpfiles +Source7: README.RHEL + +BuildRequires: %{_bindir}/smbclient, %{_bindir}/nmblookup +BuildRequires: rsync +BuildRequires: coreutils +BuildRequires: tar +BuildRequires: openssh-clients +BuildRequires: perl-generators +BuildRequires: perl(Compress::Zlib) +BuildRequires: perl(Data::Dumper) +BuildRequires: perl(Digest::MD5) +BuildRequires: perl(Pod::Usage) +BuildRequires: perl(BackupPC::XS) +BuildRequires: perl(Encode) +BuildRequires: perl(File::Listing) +BuildRequires: perl(version) +BuildRequires: perl(CGI) +BuildRequires: rsync-bpc +BuildRequires: rrdtool +%if 0%{?_with_systemd} +BuildRequires: systemd-units +%endif + +# Unbundled libraries +Requires: perl(Net::FTP::AutoReconnect) +Requires: perl(Net::FTP::RetrHandle) + +Requires: httpd +Requires: rrdtool +Requires: rsync-bpc +Requires: bzip2 +Requires: iputils +Requires: openssh-clients +Requires: tar +Requires: samba-client +%if 0%{?rhel} >= 7 +Requires: par2cmd +%endif +Requires: perl(Compress::Zlib) +Requires: perl(Archive::Zip) +Requires: perl(BackupPC::XS) +Requires: perl(CGI) +Requires: perl(Compress::Zlib) +Requires: perl(Digest::MD5) +Requires: perl(Encode) +Requires: perl(File::Listing) +Requires: perl-Time-modules +Requires: perl(version) +Requires: perl(XML::RSS) + +Requires(pre): %{_sbindir}/useradd +%if 0%{?_with_systemd} +Requires(preun): systemd-units +Requires(post): systemd-units, %{_sbindir}/usermod +Requires(postun): systemd-units +%else +Requires(preun): initscripts, chkconfig +Requires(post): initscripts, chkconfig, %{_sbindir}/usermod +Requires(postun): initscripts +%endif + +%if ! 0%{?_without_selinux} +Requires: policycoreutils +BuildRequires: selinux-policy-devel, checkpolicy +%endif +Provides: backuppc = %{version} + +# BuildRoot required for RHEL5 +BuildRoot: %{_tmppath}/%{realname}-%{version}-%{release}-root-%(%{__id_u} -n) + +%description +BackupPC is a high-performance, enterprise-grade system for backing up Linux +and WinXX and Mac OS X PCs and laptops to a server's disk. BackupPC is highly +configurable and easy to install and maintain. + +%prep + +%setup -q -n %{realname}-%{version} + +%patch0 -p1 -b .locatedb +%patch1 -p1 + +for f in ChangeLog; do + iconv -f ISO-8859-1 -t UTF-8 $f > $f.utf && mv $f.utf $f +done + +cp %{SOURCE3} README.fedora +cp %{SOURCE7} README.RHEL +cp %{SOURCE4} BackupPC_Admin.c + +%if ! 0%{?_without_selinux} +mkdir selinux +pushd selinux + +cat >%{realname}.te <%{realname}.fc < /dev/null || : + + +%preun +%if 0%{?_with_systemd} +%systemd_preun backuppc.service +%else +if [ $1 = 0 ]; then + # Package removal, not upgrade + service backuppc stop > /dev/null 2>&1 || : + chkconfig --del backuppc || : +fi +%endif + +%post +%if ! 0%{?_without_selinux} +( + # Install/update Selinux policy + semodule -i %{_datadir}/selinux/packages/%{realname}/%{realname}.pp + # files created by app + restorecon -R %{_sysconfdir}/%{realname} + restorecon -R %{_localstatedir}/log/%{realname} +) &>/dev/null +%endif + +%if 0%{?_with_systemd} +%systemd_post backuppc.service +%else +if [ $1 -eq 1 ]; then + # initial installation + chkconfig --add backuppc || : +fi +%{_sbindir}/usermod -a -G backuppc apache || : +%endif + +# add BackupPC backup directories to PRUNEPATHS in locate database +if [ -w %{_updatedb_conf} ]; then + grep ^PRUNEPATHS %{_updatedb_conf} | grep %{_localstatedir}/lib/%{realname} > /dev/null + if [ $? -eq 1 ]; then + sed -i '\@PRUNEPATHS@s@"$@ '%{_localstatedir}/lib/%{realname}'"@' %{_updatedb_conf} + fi +fi +: + +%postun +# clear out any BackupPC configuration in apache +service httpd condrestart > /dev/null 2>&1 || : + +if [ $1 -eq 0 ]; then + # uninstall + %if ! 0%{?_without_selinux} + # Remove the SElinux policy. + semodule -r %{realname} &> /dev/null || : + %endif + + # re move BackupPC backup directories from PRUNEPATHS in locate database + if [ -w %{_updatedb_conf} ]; then + sed -i '\@PRUNEPATHS@s@[ ]*'%{_localstatedir}/lib/%{realname}'@@' %{_updatedb_conf} || : + fi +fi + +%systemd_postun_with_restart backuppc.service + +%files +%defattr(-,root,root,-) +%doc README.md README.fedora README.RHEL ChangeLog doc/* +%license LICENSE + +%dir %attr(-,backuppc,backuppc) %{_localstatedir}/log/%{realname} +%dir %attr(-,backuppc,backuppc) %{_sysconfdir}/%{realname}/ + +%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{realname}.conf +%config(noreplace) %attr(-,backuppc,backuppc) %{_sysconfdir}/%{realname}/* +%config(noreplace) %{_sysconfdir}/logrotate.d/%{realname} + +%dir %{_datadir}/%{realname} +%dir %{_datadir}/%{realname}/sbin +%{_datadir}/%{realname}/share/doc/BackupPC/* +%{_datadir}/%{realname}/[^s]* + +%if 0%{?_with_tmpfilesd} +%config(noreplace) %{_sysconfdir}/tmpfiles.d/%{realname}.conf +%endif +%dir %attr(0775,backuppc,backuppc) %{_localstatedir}/run/%{realname} + +%if 0%{?_with_systemd} +%{_unitdir}/backuppc.service +%else +%attr(0755,root,root) %{_initrddir}/backuppc +%endif + +%attr(4750,backuppc,apache) %{_datadir}/%{realname}/sbin/BackupPC_Admin +%attr(750,backuppc,apache) %{_datadir}/%{realname}/sbin/BackupPC_Admin.pl +%attr(-,backuppc,root) %{_localstatedir}/lib/%{realname}/ + +%if ! 0%{?_without_selinux} +%{_datadir}/selinux/packages/%{realname}/%{realname}.pp +%endif + +%changelog +* Thu Jun 15 2017 Daniel Berteaud - 4.1.3-1 +- Update to 4.1.3 + +* Fri Jul 15 2016 Benjamin Lefoul - 3.3.1-5 +- Deprecation of defined(@array) in perl + +* Wed Jun 29 2016 Benjamin Lefoul - 3.3.1-4 +- Support for systemd and tmpfiles for RHEL >= 7 + +* Wed Feb 03 2016 Fedora Release Engineering - 3.3.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Jun 16 2015 Fedora Release Engineering - 3.3.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Mar 14 2015 Bernard Johnson - 3.3.1-1 +- v 3.3.1 + +* Fri Aug 15 2014 Fedora Release Engineering - 3.3.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Fri Jun 06 2014 Fedora Release Engineering - 3.3.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri Feb 21 2014 Bernard Johnson 3.3.0-2 +- fix typo in README.RHEL +- enable PIE build (bz #965523) +- add patch that causes getpwnam to return only uid to fix selinux denials + (bz #827854) +- add local-fs.target and remote-fs.target to startup dependency (bz #959309) + +* Fri Feb 21 2014 Johan Cwiklinski 3.3.0-1 +- Last upstream release +- Remove no longer needeed patches +- Fix incorrect-fsf-address to reduce rpmlint output + +* Fri Feb 21 2014 Bernard Johnson - 3.3.0-1 +- v 3.3.0 +- fixed typos + +* Fri Aug 02 2013 Fedora Release Engineering - 3.2.1-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 17 2013 Petr Pisar - 3.2.1-14 +- Perl 5.18 rebuild + +* Sun Mar 31 2013 Ville Skyttä - 3.2.1-13 +- Add build dependency on Pod::Usage (#913855). +- Fix bogus dates in %%changelog. + +* Wed Feb 13 2013 Fedora Release Engineering - 3.2.1-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Sun Jan 20 2013 Bernard Johnson 3.2.1-11 +- Missing backuppc.service file after upgrade to 3.2.1-10 causes service to + exit at start (bz #896626) + +* Mon Dec 24 2012 Bernard Johnson 3.2.1-10 +- cleanup build macros for Fedora +- fix deprecated qw messages (partial fix for bz #755076) +- CVE-2011-5081 BackupPC: XSS flaw in RestoreFile.pm + (bz #795017, #795018, #795019) +- Broken configuration for httpd 2.4 (bz #871353) + +* Sun Dec 9 2012 Peter Robinson 3.2.1-9 +- Fix FTBFS on F-18+ + +* Wed Jul 18 2012 Fedora Release Engineering - 3.2.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sun Jan 22 2012 Bernard Johnson - 3.2.1-7 +- change %%{_sharedstatedir} to %%{_localstatedir}/lib as these expand + differently on EL (bz #767719) +- fix XSS vulnerability (bz #749846, bz #749847, bz #749848) CVE-2011-3361 +- additional documentation about enabling correct channels in RHEL to resolve + all dependencies (bz #749627) +- fix bug with missing tmpfiles.d directory +- add perl(Digest::MD5) to list of build and install dependencies + +* Wed Sep 21 2011 Bernard Johnson - 3.2.1-6 +- fix postun scriptlet error (bz #736946) +- make postun scriptlet more coherent +- change selinux context on log files to httpd_log_t and allow access + to them (bz #730704) + +* Fri Aug 12 2011 Bernard Johnson - 3.2.1-4 +- change macro conditionals to include tmpfiles.d support starting at + Fedora 15 (bz #730053) +- change install lines to preserve timestamps + +* Fri Jul 08 2011 Bernard Johnson - 3.2.1-1 +- v 3.2.1 +- add lower case script URL alias for typing impaired +- cleanup selinux macros +- spec cleanup +- make samba dependency on actual files required to EL5 can use samba-client + or samba3x-client (bz #667479) +- unbundle perl(Net::FTP::AutoReconnect) and perl(Net::FTP::RetrHandle) +- remove old patch that is no longer needed +- attempt to make sure $Conf{TopDir} is listed in updatedb PRUNEPATHS, + otherwise at least generate a warning on statup (bz #554491) +- move sockets to /var/run (bz #719499) +- add support for systemd starting at F16 (bz #699441) +- patch to move pid dir under /var/run +- unbundle Net::FTP::* +- add support for tmpfiles.d + +* Mon Feb 07 2011 Fedora Release Engineering - 3.1.0-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Aug 02 2010 Johan Cwiklinski 3.1.0-16 +- Debugingo with no sources (fix bug #620257) + +* Sat Jul 31 2010 Johan Cwiklinski 3.1.0-15 +- perl-suidperl is no longer available (fix bug #611009) + +* Fri Jul 09 2010 Mike McGrath 3.1.0-14.1 +- Rebuilding to fix perl-suidperl broken dep + +* Mon May 17 2010 Johan Cwiklinski 3.1.0-14 +- Fix for bug #592762 + +* Sun Feb 28 2010 Johan Cwiklinski 3.1.0-12 +- Add "::1" to the apache config file for default allowed adresses +- Fix a typo in the apache config file + +* Sun Jan 17 2010 Johan Cwiklinski 3.1.0-11 +- Really fix selinux labelling backup directory (bug #525948) + +* Fri Jan 15 2010 Johan Cwiklinski 3.1.0-10 +- Fix selinux labelling backup directory (bug #525948) + +* Fri Sep 25 2009 Johan Cwiklinski 3.1.0-9 +- Fix security bug (bug #518412) + +* Wed Sep 23 2009 Johan Cwiklinski 3.1.0-8 +- Rebuild with latest SELinux policy (bug #524630) + +* Fri Sep 18 2009 Johan Cwiklinski 3.1.0-7 +- Fix SELinux policy module for UserEmailInfo.pl file + +* Fri Jul 24 2009 Fedora Release Engineering - 3.1.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Fri Apr 10 2009 Johan Cwiklinski 3.1.0-5 +- Fix TopDir change (bug #473944) + +* Mon Feb 23 2009 Fedora Release Engineering - 3.1.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Aug 11 2008 Johan Cwiklinski 3.1.0-3 +- using /dev/null with SELinux policy to avoid broken pipe errors (bug #432149) + +* Sat Apr 05 2008 Johan Cwiklinski 3.1.0-2 +- correcting nologin path + +* Thu Nov 29 2007 Johan Cwiklinski 3.1.0-1 +- New upstream version +- Added samba-client as a dependency +- Added readme.fedora +- Changed CGI admin path in default config file + +* Fri Sep 21 2007 Johan Cwiklinski 3.0.0-3 +- Fixed SELinux policy module + +* Wed Sep 12 2007 Johan Cwiklinski 3.0.0-2 +- Added SELinux policy module + +* Tue Jan 30 2007 Johan Cwiklinski 3.0.0-1 +- Rebuild RPM for v 3.0.0 + +* Sat Aug 26 2006 Mike McGrath 2.1.2-7 +- Release bump for rebuild + +* Tue Jul 25 2006 Mike McGrath 2.1.2-6 +- One more config change + +* Sun Jul 23 2006 Mike McGrath 2.1.2-5 +- Added upstream patch for better support for rsync + +* Sun Jul 23 2006 Mike McGrath 2.1.2-4 +- Properly marking config files as such + +* Sun Jul 23 2006 Mike McGrath 2.1.2-3 +- Changes to defaults in config.pl +- Added Requires: rsync + +* Fri Jul 21 2006 Mike McGrath 2.1.2-2 +- Added requires: perl(File::RsyncP) + +* Tue Jul 18 2006 Mike McGrath 2.1.2-1 +- Initial Fedora Packaging diff --git a/BackupPC_Admin.c b/BackupPC_Admin.c new file mode 100644 index 0000000..be3137f --- /dev/null +++ b/BackupPC_Admin.c @@ -0,0 +1,10 @@ +#include +#ifndef REAL_PATH +#define REAL_PATH "/usr/share/BackupPC/sbin/BackupPC_Admin.pl" +#endif +int main(ac, av) +char **av; +{ + execv(REAL_PATH, av); + return 0; +} diff --git a/README.RHEL b/README.RHEL new file mode 100644 index 0000000..3acd5d5 --- /dev/null +++ b/README.RHEL @@ -0,0 +1,22 @@ +If you are installing this software on a Red Hat Enterprise Linux (RHEL) +server, you will have to subscribe to the "RHEL Server Optional" before +attempting to install this component. If you do not enable this channel, you +will receive an error that looks similar to this: + + --> Finished Dependency Resolution + Error: Package: BackupPC-3.2.1-1.el6.x86_64 (epel) + Requires: perl(Archive::Zip) + Error: Package: BackupPC-3.2.1-1.el6.x86_64 (epel) + Requires: perl(XML::RSS) + Error: Package: BackupPC-3.2.1-1.el6.x86_64 (epel) + Requires: perl-Time-modules + Error: Package: BackupPC-3.2.1-1.el6.x86_64 (epel) + Requires: perl(Time::ParseDate) + You could try using --skip-broken to work around the problem + You could try running: rpm -Va --nofiles --nodigest + + +References: +http://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F +https://access.redhat.com/kb/docs/DOC-11313 +https://bugzilla.redhat.com/show_bug.cgi?id=749627 diff --git a/backuppc.service b/backuppc.service new file mode 100644 index 0000000..1b0bd86 --- /dev/null +++ b/backuppc.service @@ -0,0 +1,13 @@ +[Unit] +Description= BackupPC server +After=syslog.target local-fs.target remote-fs.target + +[Service] +Type=simple +User=backuppc +Group=backuppc +ExecStart=/usr/share/BackupPC/bin/BackupPC +PIDFile=/var/run/BackupPC/BackupPC.pid + +[Install] +WantedBy=multi-user.target