backuppc: new package

Signed-off-by: Carsten Wolff <carsten@wolffcarsten.de>
Reviewed-by: Rosen Penev <rosenp@gmail.com>

4 files changed, 143 insertions, 0 deletions

diff --git a/admin/backuppc/files/backuppc.init b/admin/backuppc/files/backuppc.init
new file mode 100644
index 000000000..7f5253ddc
--- /dev/null
+++ b/admin/backuppc/files/backuppc.init
@@ -0,0 +1,66 @@
+#!/bin/sh /etc/rc.common
+
+. /lib/functions.sh
+
+START=95
+STOP=10
+
+USE_PROCD=1
+BACKUPPC_BIN="/usr/share/backuppc/bin/BackupPC"
+BACKUPPC_USER=backuppc
+
+# it would be better if it was possible to do this at install time, but we
+# can't, because in case of an openwrt image bundled with backuppc, all
+# ownerships other than root are lost.
+preconfigure() {
+    # create backuppc group and user if needed
+    if ! group_exists backuppc; then
+        group_add backuppc 864
+    fi
+    if ! user_exists backuppc; then
+        user_add backuppc 864 864 "BackupPC user" /data/backuppc /bin/sh
+    fi
+    # install default config if none exists, yet
+    if [ ! -e /data/backuppc/conf/config.pl ]; then
+        cp /usr/share/backuppc/conf/config.pl /data/backuppc/conf/config.pl
+    fi
+    # ensure proper ownerships and rights
+    chown backuppc:backuppc /data/backuppc /data/backuppc/* \
+                            /www/cgi-bin/BackupPC_Admin
+    chmod 750 /data/backuppc /data/backuppc/*
+    chmod 755 /usr/share/backuppc/bin/BackupPC_Admin_real
+    # The CGI needs to be world-executable, because uhttpd-cgi.c:386 checks
+    # for exactly that. We don't want that, but can't avoid it, currently.
+    chmod 6751 /www/cgi-bin/BackupPC_Admin
+    chown -R :backuppc /data/backuppc/conf
+    chmod 2770 /data/backuppc/conf
+    # protect webinterface with a random password by default
+    if [ -x /usr/sbin/uhttpd ] && ! grep -q backuppc /etc/httpd.conf >/dev/null 2>&1; then
+        PASS=$(perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..8)')
+        PASSHASH=$(/usr/sbin/uhttpd -m "${PASS}")
+        echo "/cgi-bin/BackupPC_Admin:backuppc:${PASSHASH}" >> /etc/httpd.conf
+        uci set uhttpd.main.config=/etc/httpd.conf
+        /etc/init.d/uhttpd restart
+        # inform user
+        echo
+        echo "To protect access to the backuppc web interface, HTTP basic authentication in"
+        echo "uhttpd for http://$(/sbin/uci get "system.@system[0].hostname")/cgi-bin/BackupPC_Admin has been configured:"
+        echo "user: backuppc"
+        echo "pass: ${PASS}"
+        echo
+        echo "It is also recommended to follow the steps in"
+        echo "https://wiki.openwrt.org/doc/uci/uhttpd#securing_uhttpd"
+        echo "to secure access to uhttpd."
+    fi
+}
+
+start_service() {
+    # don't run preconfigure steps if called during image build
+    if [ -z "${IPKG_INSTROOT}" ]; then
+        preconfigure
+    fi
+    procd_open_instance
+    procd_set_param user $BACKUPPC_USER
+    procd_set_param reload_signal 1
+    procd_set_param command $BACKUPPC_BIN
+}
diff --git a/admin/backuppc/files/backuppc.upgrade b/admin/backuppc/files/backuppc.upgrade
new file mode 100644
index 000000000..aaf016f5c
--- /dev/null
+++ b/admin/backuppc/files/backuppc.upgrade
@@ -0,0 +1,2 @@
+/etc/httpd.conf
+/data/backuppc/conf/
diff --git a/admin/backuppc/files/fixup-config-pl.patch b/admin/backuppc/files/fixup-config-pl.patch
new file mode 100644
index 000000000..2fa567c6f
--- /dev/null
+++ b/admin/backuppc/files/fixup-config-pl.patch
@@ -0,0 +1,67 @@
+--- config.pl	2018-03-11 09:30:28.000000000 +0100
++++ config.pl.new	2018-04-05 08:40:29.180000000 +0200
+@@ -41,7 +41,10 @@
+ #
+ # Host name on which the BackupPC server is running.
+ #
+-$Conf{ServerHost} = 'XXXXXX';
++$ENV{'PATH'} = '/bin:/usr/bin';
++delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
++$Conf{ServerHost} = $ENV{'HOSTNAME'};
++chomp($Conf{ServerHost});
+ 
+ #
+ # TCP port number on which the BackupPC server listens for and accepts
+@@ -223,7 +226,7 @@
+ #
+ # Full path to various commands for archiving
+ #
+-$Conf{SplitPath} = '/usr/bin/split';
++$Conf{SplitPath} = '/usr/bin/split' if ( -x '/usr/bin/split' );
+ $Conf{ParPath}   = '';
+ $Conf{CatPath}   = '/bin/cat';
+ $Conf{GzipPath}  = '/bin/gzip';
+@@ -1572,7 +1575,7 @@
+ # Full path for ssh. Security caution: normal users should not
+ # allowed to write to this file or directory.
+ #
+-$Conf{SshPath} = '/usr/bin/ssh';
++$Conf{SshPath} = '/usr/bin/ssh' if ( -x '/usr/bin/ssh' );
+ 
+ #
+ # Full path for nmblookup. Security caution: normal users should not
+@@ -1874,7 +1877,7 @@
+ # Full path to the sendmail command.  Security caution: normal users
+ # should not allowed to write to this file or directory.
+ #
+-$Conf{SendmailPath} = '/usr/sbin/sendmail';
++$Conf{SendmailPath} = '/usr/sbin/sendmail' if ( -x '/usr/sbin/sendmail' );
+ 
+ #
+ # Minimum period between consecutive emails to a single user.
+@@ -2028,13 +2031,13 @@
+ #    $Conf{CgiAdminUsers}     = 'craig celia';
+ #    --> administrative users are only craig and celia'.
+ #
+-$Conf{CgiAdminUserGroup} = '';
+-$Conf{CgiAdminUsers}     = '';
++$Conf{CgiAdminUserGroup} = 'backuppc';
++$Conf{CgiAdminUsers}     = 'backuppc';
+ 
+ #
+ # URL of the BackupPC_Admin CGI script.  Used for email messages.
+ #
+-$Conf{CgiURL} = 'http://XXXXXX/cgi-bin//BackupPC_Admin';
++$Conf{CgiURL} = 'http://' . $Conf{ServerHost} . '/cgi-bin//BackupPC_Admin';
+ 
+ #   
+ # Language to use.  See lib/BackupPC/Lang for the list of supported
+@@ -2076,7 +2079,7 @@
+ # dates (MM/DD), a value of 2 uses full YYYY-MM-DD format, and zero
+ # for international dates (DD/MM).
+ #
+-$Conf{CgiDateFormatMMDD} = 1;
++$Conf{CgiDateFormatMMDD} = 2;
+ 
+ #
+ # If set, the complete list of hosts appears in the left navigation
diff --git a/admin/backuppc/files/setuidwrapper.c b/admin/backuppc/files/setuidwrapper.c
new file mode 100644
index 000000000..b4496ffd5
--- /dev/null
+++ b/admin/backuppc/files/setuidwrapper.c
@@ -0,0 +1,8 @@
+#include <unistd.h>
+
+int main(int argc, char* argv[])
+{
+    execv("/usr/share/backuppc/bin/BackupPC_Admin_real", argv);
+    return 0;
+}
+