tech-userlevel: Re: /var/backups and /etc/security (round 2 -- last call?)

Subject: Re: /var/backups and /etc/security (round 2 -- last call?)
To: None <tech-userlevel@netbsd.org>
From: Andrew Brown <atatat@atatdot.net>
List: tech-userlevel
Date: 03/20/2001 13:20:11
--NzB8fVQJ5HfG6fxh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

here's a patch against current to do what i've been mumbling about.
bill suggested i change the default, and luke had a few comments about
the actual backup routine, all of which have been incorporated.

any final comments?

On Thu, Mar 15, 2001 at 03:31:36PM -0500, Andrew Brown wrote:
>currently, /var/backups currently contains two copies of files that
>are being backed up: a copy of the current version and a copy of the
>previous version.  that's not very helpful if you wanna see what you
>were doing six months ago.  or even three days ago, if you change
>stuff a lot.
>
>i've just rewritten (yes, again...the last rewrite is on my laptop
>which is being serviced) changes to /etc/security to use rcs as an
>alternative to the "two copy" method.  of course, each time i redo it,
>i redo it better.  :)
>
> * added a variable to /etc/defaults/security.conf: backup_uses_rcs=NO
>   (1 line)
>
> * added a routine called do_backup to /etc/rc.subr to handle the
>   cp/mv method and the rcs method (61 lines, including comments)
>
> * changed /etc/security to call do_backup instead of using cp/mv
>   (95 lines, in unified diff format)
>
>comments, please?  i'd like to add this to -current.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."

--NzB8fVQJ5HfG6fxh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="security.patch"

Index: rc.subr
===================================================================
RCS file: /cvsroot/basesrc/etc/rc.subr,v
retrieving revision 1.30
diff -u -r1.30 rc.subr
--- rc.subr	2001/02/28 16:49:19	1.30
+++ rc.subr	2001/03/20 18:18:02
@@ -591,3 +591,82 @@
 	logger "$0: WARNING: $*"
 	echo 1>&2 "$0: WARNING: $*"
 }
+
+#
+# backup_file action file cur backup
+#	Make a backup copy of `file' into `cur', and save the previous
+#	version of `cur' as `backup' or use rcs for archiving.
+#
+#	This routine checks the value of the backup_uses_rcs variable,
+#	which can be either YES or NO.
+#
+#	The `action' keyword can be one of the following:
+#
+#	add		`file' is now being backed up (and is possibly
+#			being reentered into the backups system).  `cur'
+#			is created and RCS files, if necessary, are
+#			created as well.
+#
+#	update		`file' has changed and needs to be backed up.
+#			If `cur' exists, it is copied to to `back' or
+#			checked into RCS (if the repository file is old),
+#			and then `file' is copied to `cur'.  Another RCS
+#			check in done here if RCS is being used.
+#
+#	remove		`file' is no longer being tracked by the backups
+#			system.  If RCS is not being used, `cur' is moved
+#			to `back', otherwise an empty file is checked in,
+#			and then `cur' is removed.
+#
+#
+backup_file()
+{
+	_action=$1
+	_file=$2
+	_cur=$3
+	_back=$4
+
+	if checkyesno backup_uses_rcs; then
+		_msg0="backup archive"
+		_msg1="update"
+
+		# ensure after switching to rcs that the
+		# current backup is not lost
+		if [ -f $_cur ]; then
+			# no archive, or current newer than archive
+			if [ ! -f $_cur,v -o $_cur -nt $_cur,v ]; then
+				ci -q -f -l -t-"$_msg0" -m"$_msg1" $_cur
+				rcs -q -kb $_cur
+			fi
+		fi
+
+		case $_action in
+		add|update)
+			cp -p $_file $_cur
+			ci -q -f -l -t-"$_msg0" -m"$_msg1" $_cur
+			rcs -q -kb $_cur
+			chown root:wheel $_cur $_cur,v
+			;;
+		remove)
+			cp /dev/null $_cur
+			ci -q -f -l -t-"$_msg0" -m"$_msg1" $_cur
+			rcs -q -kb $_cur
+			chown root:wheel $_cur $_cur,v
+			rm $_cur
+			;;
+		esac
+	else
+		case $_action in
+		add|update)
+			if [ -f $_cur ]; then
+				cp -p $_cur $_back
+			fi
+			cp -p $_file $_cur
+			chown root:wheel $_cur
+			;;
+		remove)
+			mv -f $_cur $_back
+			;;
+		esac
+	fi
+}
Index: security
===================================================================
RCS file: /cvsroot/basesrc/etc/security,v
retrieving revision 1.51
diff -u -r1.51 security
--- security	2001/03/15 02:23:47	1.51
+++ security	2001/03/20 18:18:02
@@ -139,13 +139,10 @@
 	if cmp -s $CUR $MP; then
 		:
 	else
-		cp -p $CUR $BACK
-		cp -p $MP $CUR
-		chown root:wheel $CUR
+		backup_file update $MP $CUR $BACK
 	fi
 else
-	cp -p $MP $CUR
-	chown root:wheel $CUR
+	backup_file add $MP $CUR $BACK
 fi
 
 # Check the group file syntax.
@@ -525,14 +522,13 @@
 					printf "\n" >> $ERR
 				fi
 
-				cp $CUR $BACK
-				cp $TMP1 $CUR
+				backup_file update $TMP1 $CUR $BACK
 			fi
 		else
 			printf "Setuid additions:\n" >> $ERR
 			column -t $TMP1 >> $ERR
 			printf "\n" >> $ERR
-			cp $TMP1 $CUR
+			backup_file add $TMP1 $CUR $BACK
 		fi
 	fi
 
@@ -595,14 +591,13 @@
 					printf "\n" >> $ERR
 				fi
 
-				cp $CUR $BACK
-				cp $TMP1 $CUR
+				backup_file update $TMP1 $CUR $BACK
 			fi
 		else
 			printf "Device additions:\n" >> $ERR
 			column -t $TMP1 >> $ERR
 			printf "\n" >> $ERR
-			cp $TMP1 $CUR >> $ERR
+			backup_file add $TMP1 $CUR $BACK >> $ERR
 		fi
 	fi
 	if [ -s $ERR ] ; then
@@ -656,7 +651,7 @@
 if checkyesno check_disklabels; then
 		# generate list of old disklabels and remove them
 	ls -1d $backup_dir/disklabel.* 2>/dev/null |
-	    egrep -v '\.(backup|current)$' > $LABELS
+	    egrep -v '\.(backup|current)(,v)?$' > $LABELS
 	xargs rm < $LABELS
 
 	disks=`iostat -x | sed 1d | awk '$1 !~ /^[cfm]d/ { print $1; }'`
@@ -667,7 +662,7 @@
 
 		# append list of new disklabels, sort list
 	ls -1d $backup_dir/disklabel.* 2>/dev/null |
-	    egrep -v '\.(backup|current)$' >> $LABELS
+	    egrep -v '\.(backup|current)(,v)?$' >> $LABELS
 	sort -u -o $LABELS $LABELS
 	CHANGELIST=$LABELS
 fi
@@ -690,21 +685,18 @@
 				if [ -s $OUTPUT ] ; then
 		printf "\n======\n%s diffs (OLD < > NEW)\n======\n" $file
 					cat $OUTPUT
-					mv -f $CUR $BACK
-					cp -p $file $CUR
-					chown root:wheel $CUR
+					backup_file update $file $CUR $BACK
 				fi
 			else
 		printf "\n======\n%s added\n======\n" $file
 				diff /dev/null $file
-				cp -p $file $CUR
-				chown root:wheel $CUR
+				backup_file add $file $CUR $BACK
 			fi
 		else
 			if [ -f $CUR ]; then
 		printf "\n======\n%s removed\n======\n" $file
 				diff $CUR /dev/null
-				mv -f $CUR $BACK
+				backup_file remove $file $CUR $BACK
 			fi
 		fi
 	done
Index: defaults/security.conf
===================================================================
RCS file: /cvsroot/basesrc/etc/defaults/security.conf,v
retrieving revision 1.5
diff -u -r1.5 security.conf
--- defaults/security.conf	2001/03/15 02:23:48	1.5
+++ defaults/security.conf	2001/03/20 18:18:02
@@ -24,6 +24,7 @@
 check_changelist=YES
 
 backup_dir=/var/backups
+backup_uses_rcs=YES
 
 max_loginlen=8
 max_grouplen=8

--NzB8fVQJ5HfG6fxh--