Browse Source

Make backups thread safe (#213)

v0.2.8
Luke Childs 4 years ago
committed by GitHub
parent
commit
514fad90cf
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 37
      scripts/backup/backup
  2. 4
      scripts/start
  3. 5
      scripts/update/01-run.sh

37
scripts/backup/backup

@ -3,9 +3,10 @@
set -euo pipefail set -euo pipefail
UMBREL_ROOT="$(readlink -f $(dirname "${BASH_SOURCE[0]}")/../..)" UMBREL_ROOT="$(readlink -f $(dirname "${BASH_SOURCE[0]}")/../..)"
BACKUP_FOLDER="backup" BACKUP_ROOT="${UMBREL_ROOT}/.backup/$RANDOM"
BACKUP_ROOT="${UMBREL_ROOT}/${BACKUP_FOLDER}" BACKUP_FOLDER_NAME="backup"
BACKUP_FILE="${UMBREL_ROOT}/backup.tar.gz.pgp" BACKUP_FOLDER_PATH="${BACKUP_ROOT}/${BACKUP_FOLDER_NAME}"
BACKUP_FILE="${BACKUP_ROOT}/backup.tar.gz.pgp"
check_dependencies () { check_dependencies () {
for cmd in "$@"; do for cmd in "$@"; do
@ -25,7 +26,6 @@ derive_entropy () {
if [[ -z "$umbrel_seed" ]] || [[ -z "$identifier" ]]; then if [[ -z "$umbrel_seed" ]] || [[ -z "$identifier" ]]; then
>&2 echo "Missing derivation parameter, this is unsafe, exiting." >&2 echo "Missing derivation parameter, this is unsafe, exiting."
rm -f "${UMBREL_ROOT}/statuses/backup-in-progress"
exit 1 exit 1
fi fi
@ -33,21 +33,9 @@ derive_entropy () {
printf "%s" "${identifier}" | openssl dgst -sha256 -hmac "${umbrel_seed}" | sed 's/^.* //' printf "%s" "${identifier}" | openssl dgst -sha256 -hmac "${umbrel_seed}" | sed 's/^.* //'
} }
# Make sure an update is not in progres
if [[ -f "${UMBREL_ROOT}/statuses/backup-in-progress" ]]; then
echo "A backup is already in progress. Exiting now."
exit 1
fi
echo "Creating lock..."
touch "${UMBREL_ROOT}/statuses/backup-in-progress"
[[ -f "${UMBREL_ROOT}/.env" ]] && source "${UMBREL_ROOT}/.env" [[ -f "${UMBREL_ROOT}/.env" ]] && source "${UMBREL_ROOT}/.env"
BITCOIN_NETWORK=${BITCOIN_NETWORK:-mainnet} BITCOIN_NETWORK=${BITCOIN_NETWORK:-mainnet}
[[ -d "${BACKUP_ROOT}" ]] && rm -rf "${BACKUP_ROOT}"
[[ -f "${BACKUP_FILE}" ]] && rm -f "${BACKUP_FILE}"
echo "Deriving keys..." echo "Deriving keys..."
backup_id=$(derive_entropy "umbrel_backup_id") backup_id=$(derive_entropy "umbrel_backup_id")
@ -57,19 +45,18 @@ echo "Creating backup..."
if [[ ! -f "${UMBREL_ROOT}/lnd/data/chain/bitcoin/${BITCOIN_NETWORK}/channel.backup" ]]; then if [[ ! -f "${UMBREL_ROOT}/lnd/data/chain/bitcoin/${BITCOIN_NETWORK}/channel.backup" ]]; then
echo "No channel.backup file found, skipping backup..." echo "No channel.backup file found, skipping backup..."
rm -f "${UMBREL_ROOT}/statuses/backup-in-progress"
exit 1 exit 1
fi fi
mkdir -p "${BACKUP_ROOT}" mkdir -p "${BACKUP_FOLDER_PATH}"
cp --archive "${UMBREL_ROOT}/lnd/data/chain/bitcoin/${BITCOIN_NETWORK}/channel.backup" "${BACKUP_ROOT}/channel.backup" cp --archive "${UMBREL_ROOT}/lnd/data/chain/bitcoin/${BITCOIN_NETWORK}/channel.backup" "${BACKUP_FOLDER_PATH}/channel.backup"
# We want to back up user settings too, however we currently store the encrypted # We want to back up user settings too, however we currently store the encrypted
# mnemonic in this file which is not safe to backup remotely. # mnemonic in this file which is not safe to backup remotely.
# Uncomment this in the future once we've ensured there's no critical data in # Uncomment this in the future once we've ensured there's no critical data in
# this file. # this file.
# cp --archive "${UMBREL_ROOT}/db/user.json" "${BACKUP_ROOT}/user.json" # cp --archive "${UMBREL_ROOT}/db/user.json" "${BACKUP_FOLDER_PATH}/user.json"
echo "Adding random padding..." echo "Adding random padding..."
@ -79,7 +66,7 @@ echo "Adding random padding..."
# this makes a (already very difficult) timing analysis attack to correlate backup # this makes a (already very difficult) timing analysis attack to correlate backup
# activity with channel state changes practically impossible. # activity with channel state changes practically impossible.
padding="$(shuf -i 0-10240 -n 1)" padding="$(shuf -i 0-10240 -n 1)"
dd if=/dev/urandom bs="${padding}" count=1 > "${BACKUP_ROOT}/.padding" dd if=/dev/urandom bs="${padding}" count=1 > "${BACKUP_FOLDER_PATH}/.padding"
echo "Creating encrypted tarball..." echo "Creating encrypted tarball..."
@ -87,8 +74,8 @@ tar \
--create \ --create \
--gzip \ --gzip \
--verbose \ --verbose \
--directory "${UMBREL_ROOT}" \ --directory "${BACKUP_FOLDER_PATH}/.." \
"${BACKUP_FOLDER}" \ "${BACKUP_FOLDER_NAME}" \
| gpg \ | gpg \
--batch \ --batch \
--symmetric \ --symmetric \
@ -124,10 +111,6 @@ fi
echo echo
rm -rf "${BACKUP_ROOT}" rm -rf "${BACKUP_ROOT}"
rm -f "${BACKUP_FILE}"
echo "Removing lock..."
rm -f "${UMBREL_ROOT}/statuses/backup-in-progress"
echo "=============================" echo "============================="
echo "${status}" echo "${status}"

4
scripts/start

@ -59,10 +59,6 @@ export COMPOSE_HTTP_TIMEOUT=240
cd "$UMBREL_ROOT" cd "$UMBREL_ROOT"
echo "Removing stale statuses and lock files..."
echo
[[ -f "${UMBREL_ROOT}/statuses/backup-in-progress" ]] && rm -f "${UMBREL_ROOT}/statuses/backup-in-progress"
echo "Starting karen..." echo "Starting karen..."
echo echo
./karen & ./karen &

5
scripts/update/01-run.sh

@ -102,6 +102,11 @@ EOF
cd "$UMBREL_ROOT" cd "$UMBREL_ROOT"
./scripts/start ./scripts/start
# Delete obselete backup lock file
# https://github.com/getumbrel/umbrel/pull/213
# Remove this in the next breaking update
[[ -f "${UMBREL_ROOT}/statuses/backup-in-progress" ]] && rm -f "${UMBREL_ROOT}/statuses/backup-in-progress"
# Make Umbrel OS specific post-update changes # Make Umbrel OS specific post-update changes
if [[ ! -z "${UMBREL_OS:-}" ]]; then if [[ ! -z "${UMBREL_OS:-}" ]]; then

Loading…
Cancel
Save