/usr/sbin/gm-zip+sign_backups is in gnumed-server 20.10-1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 | #!/bin/bash
#==============================================================
# author: Karsten Hilbert
# license: GPL v2 or later
#
# anacron
# -------
# The following line could be added to a system's
# /etc/anacrontab to make sure it creates daily
# database backups for GNUmed:
#
# 1 15 gnumed-<your-company>-sign-backups /usr/bin/gm-zip+sign_backups.sh
#
#
# cron
# ----
# Add the following line to a crontab file to sign
# database backups at 12:47 and 19:47 every day:
#
# 47 12,19 * * * * /usr/bin/gm-zip+sign_backups.sh
#
#
# It is useful to have a PROCMAIL rule for the GNotary server replies
# piping them into the stoarage area where the backups are kept.
#==============================================================
CONF="/etc/gnumed/gnumed-backup.conf"
#==============================================================
# There really should not be any need to
# change anything below this line.
#==============================================================
# load config file
if [ -r ${CONF} ] ; then
. ${CONF}
else
echo "Cannot read configuration file ${CONF}. Aborting."
exit 1
fi
TS=`date +%Y-%m-%d-%H-%M-%S`
BACKUP_BASENAME="backup-${GM_DATABASE}-${INSTANCE_OWNER}"
cd ${BACKUP_DIR}
if test "$?" != "0" ; then
echo "Cannot change into backup directory [${BACKUP_DIR}]. Aborting."
exit 1
fi
shopt -s -q nullglob
# zip up any backups
for BACKUP in ${BACKUP_BASENAME}-*.tar ; do
# are the backup and ...
TAR_OPEN=`lsof | grep ${BACKUP}`
# ... the corresponding bz2 both open at the moment ?
BZ2_OPEN=`lsof | grep ${BACKUP}.bz2`
if test -z "${TAR_OPEN}" -a -z "${BZ2_OPEN}" ; then
# no: remove the bz2 and start over compressing
rm -f ${BACKUP}.bz2
else
# yes: skip to next backup
continue
fi
# I have tried "xz -9 -e" and it did not make much of
# a difference (48 MB in a 1.2 GB backup)
bzip2 -zq -${COMPRESSION_LEVEL} ${BACKUP}
bzip2 -tq ${BACKUP}.bz2
# FIXME: add check for exit code
chmod ${BACKUP_MASK} ${BACKUP}.bz2
chown ${BACKUP_OWNER} ${BACKUP}.bz2
# Reed-Solomon error protection support
# if test -n ${ADD_ECC} ; then
# rsbep
# fi
# GNotary support
if test -n ${GNOTARY_TAN} ; then
LOCAL_MAILER=`which mail`
#SHA512="SHA 512:"`sha512sum -b ${BACKUP_FILENAME}.tar.bz2`
SHA512=`openssl dgst -sha512 -hex ${BACKUP}.bz2`
RMD160=`openssl dgst -ripemd160 -hex ${BACKUP}.bz2`
export REPLYTO=${SIG_RECEIVER}
# send mail
(
echo " "
echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\" ?>"
echo "<message>"
echo " <tan>$GNOTARY_TAN</tan>"
echo " <action>notarize</action>"
echo " <hashes number=\"2\">"
echo " <hash file=\"${BACKUP}.bz2\" modified=\"${TS}\" algorithm=\"SHA-512\">${SHA512}</hash>"
echo " <hash file=\"${BACKUP}.bz2\" modified=\"${TS}\" algorithm=\"RIPE-MD-160\">${RMD160}</hash>"
echo " </hashes>"
echo "</message>"
echo " "
) | $LOCAL_MAILER -s "gnotarize" $GNOTARY_SERVER
fi
done
exit 0
#==============================================================
|