--- /dev/null
+bacula-cn (20110307) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Valentin Vidic <Valentin.Vidic@CARNet.hr> Thu, 07 Mar 2011 14:32:30 +0100
--- /dev/null
+#! /bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+
+# Guess default hostname
+HOST=$( hostname -f )
+db_get bacula-cn/hostname || true
+if [ -z "$RET" ]; then
+ db_set bacula-cn/hostname "$HOST"
+fi
+
+# Guess default ip
+. /usr/share/carnet-tools/functions.sh
+cp_get_ifaddr
+IP=$RET
+db_get bacula-cn/ip || true
+if [ -z "$RET" ]; then
+ db_set bacula-cn/ip "$IP"
+fi
+
+# Sample contact
+db_get bacula-cn/contact || true
+if [ -z "$RET" ]; then
+ db_set bacula-cn/contact "Ime Prezime <korisnik@$HOST>"
+fi
+
+# Check hostname
+while true; do
+ ! db_input high bacula-cn/hostname && [ $? -eq 30 ] && break
+ db_go || true
+
+ db_get bacula-cn/hostname
+ [ -z "$RET" ] && continue
+ echo "$RET" | grep -Eqi '^[a-z0-9-]+(\.[a-z0-9.-]+)+$' || continue
+
+ break
+done
+
+# Check ip
+while true; do
+ ! db_input high bacula-cn/ip && [ $? -eq 30 ] && break
+ db_go || true
+
+ db_get bacula-cn/ip
+ [ -z "$RET" ] && continue
+ echo "$RET" | grep -Eqi '^[0-9]{1,3}(\.[0-9]{1,3}){3}$' || continue
+
+ break
+done
+
+# Check contact
+while true; do
+ ! db_input high bacula-cn/contact && [ $? -eq 30 ] && break
+ db_go || true
+
+ db_get bacula-cn/contact
+ [ -z "$RET" ] && continue
+ echo "$RET" | grep -Eqi '^([^@]*<)?[a-z0-9.+-]+@[a-z0-9-]+(\.[a-z0-9.-]+)+>?$' || continue
+
+ break
+done
+
+exit 0
--- /dev/null
+Source: bacula-cn
+Section: admin
+Priority: extra
+Maintainer: Grupa za izradu paketa <paketi@carnet.hr>
+Uploaders: Valentin Vidic <Valentin.Vidic@CARNet.hr>
+Build-Depends-Indep: debhelper (>= 7.0.50~), po-debconf
+Standards-Version: 3.9.1
+Bugs: mailto:paketi@carnet.hr
+Vcs-Git: http://ftp.carnet.hr/carnet-debian/scm/bacula-cn.git
+Vcs-Browser: http://ftp.carnet.hr/carnet-debian/scm/?p=bacula-cn.git;a=summary
+
+Package: bacula-cn
+Architecture: all
+Depends: bacula-fd (>= 5), bacula-console (>= 5), openssl, gnupg, debconf (>= 0.5) | debconf-2.0, carnet-tools-cn, ${misc:Depends}
+Description: Network backup configuration for CARNet members
+ This package install Bacula client daemon and configures it for use
+ with CARNet backup service for member institutions.
--- /dev/null
+This work was packaged for Debian by:
+
+ Valentin Vidic <Valentin.Vidic@CARNet.hr> on Thu, 03 Mar 2011 14:32:30 +0100
+
+Copyright:
+
+ <Copyright (C) 2011 CARNet>
+
+License:
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+On Debian systems, the complete text of the GNU General
+Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
+
+The Debian packaging is:
+
+ Copyright (C) 2011 Valentin Vidic <Valentin.Vidic@CARNet.hr>
+
+and is licensed under the GPL version 3, see above.
--- /dev/null
+sysbackup.pem etc/bacula/
+gpg var/lib/bacula-cn/
--- /dev/null
+[type: gettext/rfc822deb] templates
--- /dev/null
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: bacula-cn@packages.debian.org\n"
+"POT-Creation-Date: 2011-03-04 17:32+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: string
+#. Description
+#: ../templates:1001
+msgid "Naziv posluzitelja:"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../templates:1001
+msgid ""
+"Unesite puno ime posluzitelja koji se dodaje u backup sustav. Najcesce se "
+"koristi oblik ime.ustanova.hr."
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../templates:2001
+msgid "IP adresa posluzitelja:"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../templates:2001
+msgid ""
+"Unesite javnu IP adresu posluzitelja. Putem ove adrese obavljat ce se "
+"backup posluzitelja."
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../templates:3001
+msgid "Kontakt adresa:"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../templates:3001
+msgid "Unesite ime i kontakt adresu administratora posluzitelja u obliku:"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../templates:3001
+msgid "Ime Prezime <moj.kontakt@ustanova.hr>"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../templates:3001
+msgid ""
+"Ova adresa koristit ce se prilikom slanja zahtjeva za pokretanje usluge "
+"backupa i za kontakt u slucaju problema. Zbog toga molimo da unesete radecu "
+"mail adresu."
+msgstr ""
--- /dev/null
+#!/bin/sh
+# postinst script for bacula-cn
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# Source debconf library.
+. /usr/share/debconf/confmodule
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <postinst> `abort-remove'
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+generate_fd_config() {
+ FD_CONFIG=/etc/bacula/bacula-fd.conf
+
+ if [ -s $FD_CONFIG ] && grep -q 'PKI Keypair' $FD_CONFIG; then
+ echo $FD_CONFIG already exists, skipping.
+ else
+ umask 077
+
+ if [ -e $FD_CONFIG -a ! -e $FD_CONFIG.bak ]; then
+ cp -av $FD_CONFIG $FD_CONFIG.bak
+ fi
+
+ echo Generating $FD_CONFIG
+ CONFIG_CHANGED=1
+ cat >$FD_CONFIG <<EOF
+#
+# List Directors who are permitted to contact this File daemon
+#
+Director {
+ Name = sysbackup-dir
+ Password = "$PASS_FD"
+
+ TLS Enable = yes
+ TLS Require = yes
+ TLS Verify Peer = yes
+ # Allow only the Director to connect
+ TLS Allowed CN = "sysbackup.carnet.hr"
+ TLS CA Certificate File = "/etc/bacula/sysbackup.pem"
+ # This is a server certificate. It is used by connecting
+ # directors to verify the authenticity of this file daemon
+ TLS Certificate = "/etc/bacula/bacula-fd.pem"
+ TLS Key = "/etc/bacula/bacula-fd.pem"
+ TLS DH File = "/etc/bacula/dh1024.pem"
+}
+
+#
+# "Global" File daemon configuration specifications
+#
+FileDaemon { # this is me
+ Name = $HOST-fd
+ FDport = 9102 # where we listen for the director
+ WorkingDirectory = /var/lib/bacula
+ Pid Directory = /var/run/bacula
+ Maximum Concurrent Jobs = 20
+ FDAddress = $IP
+
+ # you need these TLS entries so the FD and SD can communicate
+ TLS Enable = yes
+ TLS Require = yes
+ TLS CA Certificate File = "/etc/bacula/sysbackup.pem"
+ TLS Certificate = "/etc/bacula/bacula-fd.pem"
+ TLS Key = "/etc/bacula/bacula-fd.pem"
+
+ # you need these PKI entries to encrypt data before sending it to backup
+ PKI Signatures = Yes # Enable Data Signing
+ PKI Encryption = Yes # Enable Data Encryption
+ PKI Keypair = "/etc/bacula/bacula-fd.pem" # Public and Private Keys
+}
+
+# Send all messages except skipped files back to Director
+Messages {
+ Name = Standard
+ director = sysbackup-dir = all, !skipped, !restored
+}
+EOF
+ fi
+}
+
+generate_bconsole_config() {
+ BCONSOLE_CONFIG=/etc/bacula/bconsole.conf
+
+ if [ -s $BCONSOLE_CONFIG ] && grep -q 'sysbackup-dir' $BCONSOLE_CONFIG; then
+ echo $BCONSOLE_CONFIG already exists, skipping.
+ else
+ umask 077
+
+ if [ -e $BCONSOLE_CONFIG -a ! -e $BCONSOLE_CONFIG.bak ]; then
+ cp -av $BCONSOLE_CONFIG $BCONSOLE_CONFIG.bak
+ fi
+
+ echo Generating $BCONSOLE_CONFIG
+ CONFIG_CHANGED=1
+ cat >$BCONSOLE_CONFIG <<EOF
+#
+# Bacula User Agent (or Console) Configuration File
+#
+
+Director {
+ Name = sysbackup-dir
+ DIRport = 9101
+ address = sysbackup.carnet.hr
+ Password = "$PASS_BCONSOLE"
+
+ # you need these TLS entries so the bconsole and Director can communicate
+ TLS Enable = yes
+ TLS Require = yes
+ TLS CA Certificate File = "/etc/bacula/sysbackup.pem"
+ TLS Certificate = "/etc/bacula/bacula-fd.pem"
+ TLS Key = "/etc/bacula/bacula-fd.pem"
+}
+EOF
+ fi
+}
+
+generate_dh() {
+ DH_FILE=/etc/bacula/dh1024.pem
+
+ if [ -s $DH_FILE ]; then
+ echo $DH_FILE already exists, skipping.
+ else
+ umask 077
+
+ echo Generating $DH_FILE
+ openssl dhparam -out $DH_FILE -5 1024
+ fi
+}
+
+generate_cert() {
+ CERT_FILE=/etc/bacula/bacula-fd.pem
+
+ if [ -s $CERT_FILE ]; then
+ echo $CERT_FILE already exists, skipping.
+ else
+ umask 077
+
+ echo Generating $CERT_FILE
+ CONFIG_CHANGED=1
+ openssl req -new -newkey rsa:2048 -nodes -keyout $CERT_FILE \
+ -subj "/C=HR/ST=Croatia/O=CARNet/OU=sysbackup/CN=$IP" \
+ -x509 -extensions usr_cert -days $((365*5)) \
+ -out $CERT_FILE
+ fi
+}
+
+restart_bacula() {
+ if [ -x "/etc/init.d/bacula-fd" ]; then
+ if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
+ invoke-rc.d bacula-fd restart || exit $?
+ else
+ /etc/init.d/bacula-fd restart || exit $?
+ fi
+ fi
+}
+
+send_mail() {
+ REQUEST_FILE=/etc/bacula/bacula-fd.txt
+ GPG_HOME=/var/lib/bacula-cn/gpg
+
+ BOUNDARY=$( head -20 /dev/urandom | openssl dgst -sha1 )
+ GPG="gpg --homedir $GPG_HOME --batch --encrypt --armour --recipient rt@tt.carnet.hr --always-trust"
+
+ if [ -z "$CONFIG_CHANGED" ]; then
+ echo Config has not changed, skipping request.
+ return
+ fi
+
+ umask 077
+ chmod 0700 $GPG_HOME
+ echo Generating request in $REQUEST_FILE
+
+ # Header
+ cat > $REQUEST_FILE <<EOF
+From: $CONTACT
+To: sysbackup@carnet.hr
+Subject: Backup za $HOST
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="$BOUNDARY"
+
+This is a message with multiple parts in MIME format.
+--$BOUNDARY
+Content-Type: text/plain
+Content-Transfer-Encoding: 7bit
+Content-Disposition: inline
+
+Ime posluzitelja: $HOST
+IP adresa: $IP
+Kontakt adresa: $CONTACT
+EOF
+
+# attachment: disk sizes
+cat >> $REQUEST_FILE <<EOF
+--$BOUNDARY
+Content-Type: text/plain
+Content-Transfer-Encoding: 7bit
+Content-Disposition: inline; filename="df.txt.gpg"
+
+EOF
+
+ df -h | $GPG >> $REQUEST_FILE
+
+# attachment: client config
+cat >> $REQUEST_FILE <<EOF
+--$BOUNDARY
+Content-Type: text/plain
+Content-Transfer-Encoding: 7bit
+Content-Disposition: inline; filename="$HOST-fd.conf.gpg"
+
+EOF
+
+ cat <<EOF | $GPG >> $REQUEST_FILE
+# Requested by $CONTACT on $DATE
+Client {
+ Name = $HOST-fd
+ Address = $IP
+ Password = "$PASS_FD" # password for bacula-fd(8)
+ @/etc/bacula/include/client-debian-default.conf
+
+ TLS Enable = yes
+ TLS Require = yes
+ TLS CA Certificate File = "/etc/bacula/clients.d/$HOST-fd.pem"
+ TLS Certificate = "/etc/bacula/bacula.pem"
+ TLS Key = "/etc/bacula/bacula.pem"
+}
+
+Job {
+ Name = "$HOST"
+ Client = $HOST-fd
+ JobDefs = "Job_SysBackup"
+}
+
+Console {
+ Name = $HOST-acl
+ Password = "$PASS_BCONSOLE" # password for bconsole(8)
+ JobACL = $HOST, RestoreFiles
+ ClientACL = $HOST-fd
+ @/etc/bacula/include/acl-default.conf
+}
+EOF
+
+# attachment: client certificate
+cat >> $REQUEST_FILE <<EOF
+--$BOUNDARY
+Content-Type: text/plain
+Content-Transfer-Encoding: 7bit
+Content-Disposition: inline; filename="$HOST-fd.pem.gpg"
+
+EOF
+
+ sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' /etc/bacula/bacula-fd.pem \
+ | $GPG >> $REQUEST_FILE
+
+cat >> $REQUEST_FILE <<EOF
+--$BOUNDARY--
+EOF
+
+ # Send it
+ echo Mailing request from $REQUEST_FILE
+ sendmail -t -oi < $REQUEST_FILE
+}
+
+load_config() {
+ db_get bacula-cn/hostname
+ HOST=$RET
+
+ db_get bacula-cn/ip
+ IP=$RET
+
+ db_get bacula-cn/contact
+ CONTACT=$RET
+
+ db_stop
+
+ PASS_FD=$( head -20 /dev/urandom | openssl dgst -sha1 )
+ PASS_BCONSOLE=$( head -20 /dev/urandom | openssl dgst -sha1 )
+
+ DATE=$( date '+%Y-%m-%d' )
+
+ CONFIG_CHANGED=
+}
+
+case "$1" in
+ configure)
+ load_config
+
+ generate_cert
+ generate_dh
+ generate_fd_config
+ generate_bconsole_config
+
+ restart_bacula
+ send_mail
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/bin/sh
+# postrm script for bacula-cn
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postrm> `remove'
+# * <postrm> `purge'
+# * <old-postrm> `upgrade' <new-version>
+# * <new-postrm> `failed-upgrade' <old-version>
+# * <new-postrm> `abort-install'
+# * <new-postrm> `abort-install' <old-version>
+# * <new-postrm> `abort-upgrade' <old-version>
+# * <disappearer's-postrm> `disappear' <overwriter>
+# <overwriter-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+clean_gpg() {
+ rm -rf /var/lib/bacula-cn/
+}
+
+case "$1" in
+ purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ clean_gpg
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+%:
+ dh $@
--- /dev/null
+3.0 (native)
--- /dev/null
+Template: bacula-cn/hostname
+Type: string
+_Description: Naziv posluzitelja:
+ Unesite puno ime posluzitelja koji se dodaje u backup sustav.
+ Najcesce se koristi oblik ime.ustanova.hr.
+
+Template: bacula-cn/ip
+Type: string
+_Description: IP adresa posluzitelja:
+ Unesite javnu IP adresu posluzitelja. Putem ove adrese obavljat
+ ce se backup posluzitelja.
+
+Template: bacula-cn/contact
+Type: string
+_Description: Kontakt adresa:
+ Unesite ime i kontakt adresu administratora posluzitelja u obliku:
+ .
+ Ime Prezime <moj.kontakt@ustanova.hr>
+ .
+ Ova adresa koristit ce se prilikom slanja zahtjeva za pokretanje
+ usluge backupa i za kontakt u slucaju problema. Zbog toga molimo
+ da unesete radecu mail adresu.
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIJAItXEkopbZMZMA0GCSqGSIb3DQEBBQUAMEgxCzAJBgNV
+BAYTAkhSMQowCAYDVQQIEwEgMQ8wDQYDVQQKEwZDQVJOZXQxHDAaBgNVBAMTE3N5
+c2JhY2t1cC5jYXJuZXQuaHIwHhcNMTEwMzAxMTIzMzIwWhcNMjEwMjI2MTIzMzIw
+WjBIMQswCQYDVQQGEwJIUjEKMAgGA1UECBMBIDEPMA0GA1UEChMGQ0FSTmV0MRww
+GgYDVQQDExNzeXNiYWNrdXAuY2FybmV0LmhyMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAv7eWehDt9gb1y9GJzchDuOxXOktVABkUHJq1ZH2JEsx2MWpQ
+4OFYQJlsGqf46TYNF9LkwuaXALxozdpuATzdK0x8c1Ii2/dMh+fmPMTuws/11LfG
+rfLr9A9MS0P9D4h6mwyaUahdh1hAXrFLHX3d9kAKjLaqX3yv5/WE7kJyhqYhwi96
+F95OBjVC/Ni6Qaxc3JdgeH2uPoQ5TWbB90+VI91j41+AMHm2bHNG8oPcnONci4oQ
+D0eBrwldk4aGiCG9hTMsAp4j9aGPPafsH8h/dVxIHZuENwVXdGr/F0YtyTj9eIjc
+dHghG7G7VyXk3q9zG/lZ1qb3+4Nhr5krXv1UewIDAQABo4GqMIGnMB0GA1UdDgQW
+BBR3UAIZsJzyJGQzMLF4RdPu7K4PfDB4BgNVHSMEcTBvgBR3UAIZsJzyJGQzMLF4
+RdPu7K4PfKFMpEowSDELMAkGA1UEBhMCSFIxCjAIBgNVBAgTASAxDzANBgNVBAoT
+BkNBUk5ldDEcMBoGA1UEAxMTc3lzYmFja3VwLmNhcm5ldC5ocoIJAItXEkopbZMZ
+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAL6bEQglh70emSr4o5Xp
+VAVLxOnDjtochPbWUY44Q5yA1AWyDQW5d+sJ6vGA8cMqpq2IB6G3slZ9kVghEnGK
+JC2rEJKGp/sGj8YTXk0sYE8I7Y/+NAFNJ/ov+9pO1N6iNT0I6oxb3nOChoGLtmsr
+UXJ4Fgcl25neKKUWVuOtkrHpRp7MhjWie3NLjwxK/J08V7cX/pGhPO37bkA8vdc0
+IUVib8YhnGjGFRDgu37mxQLPoDzImxTjPziLTLeP8tc58Ho1erW3S9vmjhXsD9WJ
+T7e4HfH0vlIeTIwYhjtkPB3x0wWAGRssCyU0sql7jar/2UQyJ0YVA3gdf/+Ph9tF
+hHo=
+-----END CERTIFICATE-----
projects / bacula-cn.git / commitdiff