From 7e4dc8d50016612550a08ef2bedde3d4adff31a0 Mon Sep 17 00:00:00 2001 From: Clemens Schwaighofer Date: Mon, 1 Dec 2025 16:53:50 +0900 Subject: [PATCH] Clean up bash shell code and add proper ENCRYPTION support - check for invalid encryption setting - switch from none to keyfile type (without password) - error for no password for repokey or authentication type encryption - update init and print out the key file data --- _borg_backup_set_prefix_cleanup.sh | 14 ++-- borg.backup.file.sh | 17 ++-- borg.backup.functions.check.sh | 29 ++++--- borg.backup.functions.close.sh | 5 +- borg.backup.functions.compact.sh | 23 +++--- borg.backup.functions.info.sh | 15 ++-- borg.backup.functions.init.sh | 91 ++++++++++++--------- borg.backup.functions.verify.sh | 125 ++++++++++++++++------------- borg.backup.gitea.sh | 5 +- borg.backup.mysql.sh | 15 ++-- borg.backup.settings-default | 7 +- borg.backup.zabbix.sh | 5 +- borg.mount.sh | 2 +- 13 files changed, 206 insertions(+), 147 deletions(-) diff --git a/_borg_backup_set_prefix_cleanup.sh b/_borg_backup_set_prefix_cleanup.sh index c8843a3..c197430 100755 --- a/_borg_backup_set_prefix_cleanup.sh +++ b/_borg_backup_set_prefix_cleanup.sh @@ -66,7 +66,7 @@ if [ ! -f "${BASE_FOLDER}${SETTINGS_FILE}" ]; then fi; . "${BASE_FOLDER}${SETTINGS_FILE}"; -if [ ! -z "${TARGET_BORG_PATH}" ]; then +if [ -n "${TARGET_BORG_PATH}" ]; then OPT_REMOTE="--remote-path="$(printf "%q" "${TARGET_BORG_PATH}"); fi; export BORG_BASE_DIR="${BASE_FOLDER}"; @@ -82,16 +82,16 @@ for MODULE in ${MODULE_LIST}; do TARGET_FOLDER=${TARGET_FOLDER#/} # and add slash front and back and escape the path TARGET_FOLDER=$(printf "%q" "/${TARGET_FOLDER}/"); - if [ ! -z "${TARGET_USER}" ] && [ ! -z "${TARGET_HOST}" ] && [ ! -z "${TARGET_PORT}" ]; then + if [ -n "${TARGET_USER}" ] && [ -n "${TARGET_HOST}" ] && [ -n "${TARGET_PORT}" ]; then TARGET_SERVER="ssh://${TARGET_USER}@${TARGET_HOST}:${TARGET_PORT}/"; # host/port - elif [ ! -z "${TARGET_HOST}" ] && [ ! -z "${TARGET_PORT}" ]; then + elif [ -n "${TARGET_HOST}" ] && [ -n "${TARGET_PORT}" ]; then TARGET_SERVER="ssh://${TARGET_HOST}:${TARGET_PORT}/"; # user/host - elif [ ! -z "${TARGET_USER}" ] && [ ! -z "${TARGET_HOST}" ]; then + elif [ -n "${TARGET_USER}" ] && [ -n "${TARGET_HOST}" ]; then TARGET_SERVER="${TARGET_USER}@${TARGET_HOST}:"; # host - elif [ ! -z "${TARGET_HOST}" ]; then + elif [ -n "${TARGET_HOST}" ]; then TARGET_SERVER="${TARGET_HOST}:"; fi; # we dont allow special characters, so we don't need to special escape it @@ -112,14 +112,14 @@ for MODULE in ${MODULE_LIST}; do if [ "${MODULE}" = "gitea" ]; then # if just date, add gitea, # else rename - if [ ! -z "${i##gitea*}" ]; then + if [ -n "${i##gitea*}" ]; then target_name="${MODULE},${i}"; else target_name=$(echo $i | sed -e 's/gitea-/gitea,/'); fi; elif [ "${MODULE}" = "zabbix" ]; then # if zabbix is missing, prefix - if [ ! -z "${i##zabbix*}" ]; then + if [ -n "${i##zabbix*}" ]; then target_name="${MODULE},${i}"; else target_name=$(echo $i | sed -e 's/zabbix-settings-/zabbix,settings-/'); diff --git a/borg.backup.file.sh b/borg.backup.file.sh index 14d7791..5801ea9 100755 --- a/borg.backup.file.sh +++ b/borg.backup.file.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + # Plain file backup # set last edit date + time @@ -35,7 +38,7 @@ FOLDERS=(); # this if for debug output with quoted folders FOLDERS_Q=(); # include list -while read include_folder; do +while read -r include_folder; do # strip any leading spaces from that folder include_folder=$(echo "${include_folder}" | sed -e 's/^[ \t]*//'); # check that those folders exist, warn on error, @@ -45,7 +48,7 @@ while read include_folder; do echo "# [C] Comment: '${include_folder}'"; else # skip if it is empty - if [ ! -z "${include_folder}" ]; then + if [ -n "${include_folder}" ]; then # if this is a glob, do a double check that the base folder actually exists (?) if [[ "${include_folder}" =~ $REGEX_GLOB ]]; then # if this is */ then allow it @@ -99,7 +102,7 @@ if [ -s "${BASE_FOLDER}${EXCLUDE_FILE}" ]; then # remove non valid ones and warn #TMP_EXCLUDE_FILE=$(mktemp --tmpdir ${EXCLUDE_FILE}.XXXXXXXX); # non mac TMP_EXCLUDE_FILE=$(mktemp "${TEMPDIR}${EXCLUDE_FILE}".XXXXXXXX); - while read exclude_folder; do + while read -r exclude_folder; do # strip any leading spaces from that folder exclude_folder=$(echo "${exclude_folder}" | sed -e 's/^[ \t]*//'); # folder or any type of file is ok @@ -108,10 +111,10 @@ if [ -s "${BASE_FOLDER}${EXCLUDE_FILE}" ]; then echo "# [C] Comment: '${exclude_folder}'"; else # skip if it is empty - if [ ! -z "${exclude_folder}" ]; then + if [ -n "${exclude_folder}" ]; then # if it DOES NOT start with a / we assume free folder and add as is if [[ "${exclude_folder}" != /* ]]; then - echo "${exclude_folder}" >> ${TMP_EXCLUDE_FILE}; + echo "${exclude_folder}" >> "${TMP_EXCLUDE_FILE}"; echo "+ [E] General exclude: '${exclude_folder}'"; # if this is a glob, do a double check that the base folder actually exists (?) elif [[ "${exclude_folder}" =~ $REGEX_GLOB ]]; then @@ -121,7 +124,7 @@ if [ -s "${BASE_FOLDER}${EXCLUDE_FILE}" ]; then if [ ! -d "${_exclude_folder}" ]; then echo "- [E] Exclude folder with glob '${exclude_folder}' does not exist or is not accessable"; else - echo "${exclude_folder}" >> ${TMP_EXCLUDE_FILE}; + echo "${exclude_folder}" >> "${TMP_EXCLUDE_FILE}"; echo "+ [E] Exclude folder with glob '${exclude_folder}'"; fi; # do a warning for a possible invalid folder @@ -129,7 +132,7 @@ if [ -s "${BASE_FOLDER}${EXCLUDE_FILE}" ]; then elif [ ! -d "${exclude_folder}" ] && [ ! -e "${exclude_folder}" ]; then echo "- [E] Exclude folder or file '${exclude_folder}' does not exist or is not accessable"; else - echo "${exclude_folder}" >> ${TMP_EXCLUDE_FILE}; + echo "${exclude_folder}" >> "${TMP_EXCLUDE_FILE}"; # if it is a folder, remove the last / or the symlink check will not work if [ -d "${exclude_folder}" ]; then _exclude_folder=${exclude_folder%/*}; diff --git a/borg.backup.functions.check.sh b/borg.backup.functions.check.sh index 07d4a57..cb38293 100644 --- a/borg.backup.functions.check.sh +++ b/borg.backup.functions.check.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + if [ -z "${MODULE}" ]; then echo "Script cannot be run on its own"; exit 1; @@ -18,13 +21,13 @@ if [ $# -ge 1 ] && [ "$1" = "auto" ]; then # get current date timestmap CURRENT_DATE=$(date +%s); # if =1 always ok - if [ ${CHECK_INTERVAL} -eq 1 ]; then + if [ "${CHECK_INTERVAL}" -eq 1 ]; then RUN_CHECK=1; # always add verify data for automatic check OPT_CHECK_VERIFY_DATA="--verify-data"; # set new check time here - echo ${CURRENT_DATE} > "${BASE_FOLDER}${BACKUP_CHECK_FILE}"; - elif [ ${CHECK_INTERVAL} -gt 1 ]; then + echo "${CURRENT_DATE}" > "${BASE_FOLDER}${BACKUP_CHECK_FILE}"; + elif [ "${CHECK_INTERVAL}" -gt 1 ]; then # else load last timestamp and check if today - last time stamp > days if [ -z "${LAST_CHECK_DATE}" ]; then LAST_CHECK_DATE=$(cat "${BASE_FOLDER}${BACKUP_CHECK_FILE}" 2>/dev/null | sed -e 's/ //g'); @@ -34,19 +37,19 @@ if [ $# -ge 1 ] && [ "$1" = "auto" ]; then LAST_CHECK_DATE=0; fi; # if the difference greate than check date, run. CHECK INTERVAL is in days - if [ $(($CURRENT_DATE-$LAST_CHECK_DATE)) -ge $((${CHECK_INTERVAL}*86400)) ]; then + if [ $((CURRENT_DATE - LAST_CHECK_DATE)) -ge $((CHECK_INTERVAL * 86400)) ]; then RUN_CHECK=1; # always add verify data for automatic check OPT_CHECK_VERIFY_DATA="--verify-data"; # set new check time here - echo ${CURRENT_DATE} > "${BASE_FOLDER}${BACKUP_CHECK_FILE}"; + echo "${CURRENT_DATE}" > "${BASE_FOLDER}${BACKUP_CHECK_FILE}"; fi; fi; -elif [ ${CHECK} -eq 1 ]; then +elif [ "${CHECK}" -eq 1 ]; then RUN_CHECK=1; fi; -if [ ${RUN_CHECK} -eq 1 ]; then +if [ "${RUN_CHECK}" -eq 1 ]; then # run borg check command IFS=${_IFS}; printf "${PRINTF_SUB_BLOCK}" "CHECK" "$(date +'%F %T')" "${MODULE}"; @@ -54,25 +57,25 @@ if [ ${RUN_CHECK} -eq 1 ]; then OPT_GLOB=""; if [[ "${CHECK_PREFIX}" =~ $REGEX_GLOB ]]; then OPT_GLOB="-a '${CHECK_PREFIX}'" - elif [ ! -z "${CHECK_PREFIX}" ]; then + elif [ -n "${CHECK_PREFIX}" ]; then OPT_GLOB="-P ${CHECK_PREFIX}"; fi; # debug/dryrun - if [ ${DEBUG} -eq 1 ] || [ ${DRYRUN} -eq 1 ]; then + if [ "${DEBUG}" -eq 1 ] || [ "${DRYRUN}" -eq 1 ]; then echo "export BORG_BASE_DIR=\"${BASE_FOLDER}\";${BORG_COMMAND} check ${OPT_REMOTE} ${OPT_PROGRESS} ${OPT_CHECK_VERIFY_DATA} ${OPT_GLOB} ${REPOSITORY}"; fi; # run info command if not a dry drun - if [ ${DRYRUN} -eq 0 ]; then + if [ "${DRYRUN}" -eq 0 ]; then # if glob add glob command directly if [[ "${CHECK_PREFIX}" =~ $REGEX_GLOB ]]; then - ${BORG_COMMAND} check ${OPT_REMOTE} ${OPT_PROGRESS} ${OPT_CHECK_VERIFY_DATA} -a "${CHECK_PREFIX}" ${REPOSITORY}; + ${BORG_COMMAND} check ${OPT_REMOTE} ${OPT_PROGRESS} ${OPT_CHECK_VERIFY_DATA} -a "${CHECK_PREFIX}" "${REPOSITORY}"; else - ${BORG_COMMAND} check ${OPT_REMOTE} ${OPT_PROGRESS} ${OPT_CHECK_VERIFY_DATA} ${OPT_GLOB} ${REPOSITORY}; + ${BORG_COMMAND} check ${OPT_REMOTE} ${OPT_PROGRESS} ${OPT_CHECK_VERIFY_DATA} ${OPT_GLOB} "${REPOSITORY}"; fi; fi; # print additional info for use --repair command # but only for manual checks - if [ ${VERBOSE} -eq 1 ] && [ ${CHECK} -eq 1 ]; then + if [ "${VERBOSE}" -eq 1 ] && [ "${CHECK}" -eq 1 ]; then echo ""; echo "In case of needed repair: " echo "export BORG_BASE_DIR=\"${BASE_FOLDER}\";${BORG_COMMAND} check ${OPT_REMOTE} ${OPT_PROGRESS} --repair ${OPT_GLOB} ${REPOSITORY}"; diff --git a/borg.backup.functions.close.sh b/borg.backup.functions.close.sh index 8730511..446857d 100644 --- a/borg.backup.functions.close.sh +++ b/borg.backup.functions.close.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + if [ -z "${MODULE}" ]; then echo "Script cannot be run on its own"; exit 1; @@ -16,7 +19,7 @@ if [ $# -ge 1 ] && [ "$1" = "1" ]; then printf "${PRINTF_MASTER_BLOCK}" "ERROR" "$(date +'%F %T')" "${MODULE}"; else # running time calculation - DURATION=$[ $(date +'%s')-$START ]; + DURATION=$(( $(date +'%s') - START )); echo "=== [Run time: $(convert_time ${DURATION})]"; printf "${PRINTF_MASTER_BLOCK}" "END" "$(date +'%F %T')" "${MODULE}"; fi; diff --git a/borg.backup.functions.compact.sh b/borg.backup.functions.compact.sh index 565055d..2d7df51 100644 --- a/borg.backup.functions.compact.sh +++ b/borg.backup.functions.compact.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + if [ -z "${MODULE}" ]; then echo "Script cannot be run on its own"; exit 1; @@ -7,7 +10,7 @@ fi; # compact (only if BORG COMPACT is set) # only for borg 1.2 -if [ $(version $BORG_VERSION) -ge $(version "1.2.0") ]; then +if [ "$(version "$BORG_VERSION")" -ge "$(version "1.2.0")" ]; then RUN_COMPACT=0; if [ $# -ge 1 ] && [ "$1" = "auto" ]; then # strip any spaces and convert to int @@ -18,11 +21,11 @@ if [ $(version $BORG_VERSION) -ge $(version "1.2.0") ]; then fi; # get current date timestmap CURRENT_DATE=$(date +%s); - if [ ${COMPACT_INTERVAL} -eq 1 ]; then + if [ "${COMPACT_INTERVAL}" -eq 1 ]; then RUN_COMPACT=1; # set new compact time here - echo ${CURRENT_DATE} > "${BASE_FOLDER}${BACKUP_COMPACT_FILE}"; - elif [ ${COMPACT_INTERVAL} -gt 1 ]; then + echo "${CURRENT_DATE}" > "${BASE_FOLDER}${BACKUP_COMPACT_FILE}"; + elif [ "${COMPACT_INTERVAL}" -gt 1 ]; then # else load last timestamp and check if today - last time stamp > days if [ -z "${LAST_COMPACT_DATE}" ]; then LAST_COMPACT_DATE=$(cat "${BASE_FOLDER}${BACKUP_COMPACT_FILE}" 2>/dev/null | sed -e 's/ //g'); @@ -32,25 +35,25 @@ if [ $(version $BORG_VERSION) -ge $(version "1.2.0") ]; then LAST_COMPACT_DATE=0; fi; # if the difference greate than compact date, run. COMPACT INTERVAL is in days - if [ $(($CURRENT_DATE-$LAST_COMPACT_DATE)) -ge $((${COMPACT_INTERVAL}*86400)) ]; then + if [ $((CURRENT_DATE - LAST_COMPACT_DATE)) -ge $((COMPACT_INTERVAL * 86400)) ]; then RUN_COMPACT=1; # set new compact time here - echo ${CURRENT_DATE} > "${BASE_FOLDER}${BACKUP_COMPACT_FILE}"; + echo "${CURRENT_DATE}" > "${BASE_FOLDER}${BACKUP_COMPACT_FILE}"; fi; fi; - elif [ ${COMPACT} -eq 1 ]; then + elif [ "${COMPACT}" -eq 1 ]; then RUN_COMPACT=1; fi; - if [ ${RUN_COMPACT} -eq 1 ]; then + if [ "${RUN_COMPACT}" -eq 1 ]; then # reset to normal IFS, so command works here IFS=${_IFS}; printf "${PRINTF_SUB_BLOCK}" "COMPACT" "$(date +'%F %T')" "${MODULE}"; BORG_COMPACT="${BORG_COMMAND} compact ${OPT_REMOTE} -v ${OPT_PROGRESS} ${REPOSITORY}"; - if [ ${DEBUG} -eq 1 ]; then + if [ "${DEBUG}" -eq 1 ]; then echo "${BORG_COMPACT}"; fi; - if [ ${DRYRUN} -eq 0 ]; then + if [ "${DRYRUN}" -eq 0 ]; then ${BORG_COMPACT}; fi; fi; diff --git a/borg.backup.functions.info.sh b/borg.backup.functions.info.sh index e18eed2..83341f4 100644 --- a/borg.backup.functions.info.sh +++ b/borg.backup.functions.info.sh @@ -1,25 +1,28 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + if [ -z "${MODULE}" ]; then echo "Script cannot be run on its own"; exit 1; fi; -if [ ${INFO} -eq 1 ]; then +if [ "${INFO}" -eq 1 ]; then printf "${PRINTF_SUB_BLOCK}" "INFO" "$(date +'%F %T')" "${MODULE}"; # show command on debug or dry run - if [ ${DEBUG} -eq 1 ] || [ ${DRYRUN} -eq 1 ]; then + if [ "${DEBUG}" -eq 1 ] || [ "${DRYRUN}" -eq 1 ]; then echo "export BORG_BASE_DIR=\"${BASE_FOLDER}\";${BORG_COMMAND} info ${OPT_REMOTE} ${REPOSITORY}"; fi; # run info command if not a dry drun - if [ ${DRYRUN} -eq 0 ]; then - ${BORG_COMMAND} info ${OPT_REMOTE} ${REPOSITORY}; + if [ "${DRYRUN}" -eq 0 ]; then + ${BORG_COMMAND} info ${OPT_REMOTE} "${REPOSITORY}"; fi; if [ "${MODULE}" = "files" ]; then - if [ $FOLDER_OK -eq 1 ]; then + if [ "${FOLDER_OK}" -eq 1 ]; then echo "--- [Run command]:"; #IFS="#"; - echo "export BORG_BASE_DIR=\"${BASE_FOLDER}\";${COMMAND} "${FOLDERS_Q[*]}; + echo "export BORG_BASE_DIR=\"${BASE_FOLDER}\";${COMMAND} ${FOLDERS_Q[*]}"; else echo "[!] No folders where set for the backup"; fi; diff --git a/borg.backup.functions.init.sh b/borg.backup.functions.init.sh index afa506b..687571e 100644 --- a/borg.backup.functions.init.sh +++ b/borg.backup.functions.init.sh @@ -125,7 +125,7 @@ COMPRESSION_LEVEL=""; SUB_COMPRESSION=""; SUB_COMPRESSION_LEVEL=""; # encryption settings -DEFAULT_ENCRYPTION="none"; +DEFAULT_ENCRYPTION="keyfile"; ENCRYPTION=""; # force verify always DEFAULT_FORCE_VERIFY="false"; @@ -334,31 +334,31 @@ if [ ${VERIFY} -eq 1 ] || [ ${INIT} -eq 1 ] && [ ${INFO} -eq 1 ]; then exit 1; fi; # print -P cannot be run with -i/-C/-I together -if [ ${PRINT} -eq 1 ] && ([ ${INIT} -eq 1 ] || [ ${VERIFY} -eq 1 ] || [ ${INFO} -eq 1 ]); then +if [ ${PRINT} -eq 1 ] && { [ ${INIT} -eq 1 ] || [ ${VERIFY} -eq 1 ] || [ ${INFO} -eq 1 ]; }; then echo "Cannot have -P print option and -i info, -V verify or -I initizalize option at the same time"; exit 1; fi; # if tag is set, you can't have init, verify, info, etc -if [ ! -z "${ONE_TIME_TAG}" ] && ([ ${PRINT} -eq 1 ] || [ ${INIT} -eq 1 ] || [ ${VERIFY} -eq 1 ] || [ ${INFO} -eq 1 ]); then +if [ -n "${ONE_TIME_TAG}" ] && { [ ${PRINT} -eq 1 ] || [ ${INIT} -eq 1 ] || [ ${VERIFY} -eq 1 ] || [ ${INFO} -eq 1 ]; }; then echo "Cannot have -T '${ONE_TIME_TAG}' option with -i info, -V verify, -I initialize or -P print option at the same time"; exit 1; fi; # verify only alphanumeric, no spaces, only underscore and dash -if [ ! -z "${ONE_TIME_TAG}" ] && ! [[ "${ONE_TIME_TAG}" =~ ^[A-Za-z0-9_-]+$ ]]; then +if [ -n "${ONE_TIME_TAG}" ] && ! [[ "${ONE_TIME_TAG}" =~ ^[A-Za-z0-9_-]+$ ]]; then echo "One time tag '${ONE_TIME_TAG}' must be alphanumeric with dashes and underscore only."; exit 1; -elif [ ! -z "${ONE_TIME_TAG}" ]; then +elif [ -n "${ONE_TIME_TAG}" ]; then # all ok, attach . at the end ONE_TIME_TAG=${ONE_TIME_TAG}"."; fi; # if -D, cannot be with -T, -i, -C, -I, -P -if [ ! -z "${DELETE_ONE_TIME_TAG}" ] && ([ ! -z "${ONE_TIME_TAG}" ] || [ ${PRINT} -eq 1 ] || [ ${INIT} -eq 1 ] || [ ${VERIFY} -eq 1 ] || [ ${INFO} -eq 1 ]); then +if [ -n "${DELETE_ONE_TIME_TAG}" ] && { [ -n "${ONE_TIME_TAG}" ] || [ ${PRINT} -eq 1 ] || [ ${INIT} -eq 1 ] || [ ${VERIFY} -eq 1 ] || [ ${INFO} -eq 1 ]; }; then echo "Cannot have -D delete tag option with -T one time tag, -i info, -V verify, -I initialize or -P print option at the same time"; exit 1; fi; # -D also must be in valid backup set format # ! [[ "${DELETE_ONE_TIME_TAG}" =~ ^[A-Za-z0-9_-]+\.${MODULE},(\*-)?[0-9]{4}-[0-9]{2}-[0-9]{2}T\*$ ]] -if [ ! -z "${DELETE_ONE_TIME_TAG}" ] && ! [[ "${DELETE_ONE_TIME_TAG}" =~ ^[A-Za-z0-9_-]+\.${MODULE},([A-Za-z0-9_-]+-)?[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}$ ]] && ! [[ "${DELETE_ONE_TIME_TAG}" =~ ^[A-Za-z0-9_-]+\.${MODULE},(\*-)?[0-9]{4}-[0-9]{2}-[0-9]{2}T\*$ ]]; then +if [ -n "${DELETE_ONE_TIME_TAG}" ] && ! [[ "${DELETE_ONE_TIME_TAG}" =~ ^[A-Za-z0-9_-]+\.${MODULE},([A-Za-z0-9_-]+-)?[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}$ ]] && ! [[ "${DELETE_ONE_TIME_TAG}" =~ ^[A-Za-z0-9_-]+\.${MODULE},(\*-)?[0-9]{4}-[0-9]{2}-[0-9]{2}T\*$ ]]; then echo "Delete one time tag '${DELETE_ONE_TIME_TAG}' is in an invalid format. " echo "Please verify existing tags with -P option." echo "For a globing be sure it is in the format of: TAG.MODULE,*-YYYY-MM-DDT*"; @@ -371,7 +371,7 @@ if [ ${CHECK_VERIFY_DATA} -eq 1 ] && [ ${CHECK} -eq 0 ]; then exit 1; fi; # -p can't be set without -C -if [ ! -z "${CHECK_PREFIX}" ] && [ ${CHECK} -eq 0 ]; then +if [ -n "${CHECK_PREFIX}" ] && [ ${CHECK} -eq 0 ]; then echo "-p (pattern|glob) for check cannot be run without -C (Check) options"; exit 1; fi; @@ -404,14 +404,14 @@ fi; . "${BASE_FOLDER}${SETTINGS_FILE}"; # if OPTION SET overrides ALL others -if [ ! -z "${OPT_BORG_EXECUTEABLE}" ]; then +if [ -n "${OPT_BORG_EXECUTEABLE}" ]; then BORG_COMMAND="${OPT_BORG_EXECUTEABLE}"; if [ ! -f "${BORG_COMMAND}" ]; then echo "borg command not found with option -b: ${BORG_COMMAND}"; exit; fi; # if in setting file, use this -elif [ ! -z "${BORG_EXECUTEABLE}" ]; then +elif [ -n "${BORG_EXECUTEABLE}" ]; then BORG_COMMAND="${BORG_EXECUTEABLE}"; if [ ! -f "${BORG_COMMAND}" ]; then echo "borg command not found with setting: ${BORG_COMMAND}"; @@ -451,7 +451,7 @@ if [ -z "${CHECK_INTERVAL}" ]; then CHECK_INTERVAL="${DEFAULT_CHECK_INTERVAL}"; fi; # deprecated name FORCE_CHECK, use FORCE_VERIFY instead -if [ ! -z "${FORCE_CHECK}" ]; then +if [ -n "${FORCE_CHECK}" ]; then FORCE_VERIFY="${FORCE_CHECK}"; fi; if [ -z "${FORCE_VERIFY}" ]; then @@ -482,48 +482,48 @@ SETTINGS_FILE_SUB=$(echo "${SETTINGS_FILE}" | sed -e "s/\.settings/\.${MODULE,,} if [ -f "${BASE_FOLDER}${SETTINGS_FILE_SUB}" ]; then . "${BASE_FOLDER}${SETTINGS_FILE_SUB}"; # if SUB_ set override master - if [ ! -z "${SUB_BACKUP_FILE}" ]; then + if [ -n "${SUB_BACKUP_FILE}" ]; then BACKUP_FILE=${SUB_BACKUP_FILE} fi; # if sub backup set it set, override current - if [ ! -z "${SUB_BACKUP_SET}" ]; then + if [ -n "${SUB_BACKUP_SET}" ]; then BACKUP_SET=${SUB_BACKUP_SET}; fi; # ovrride compression - if [ ! -z "${SUB_COMPRESSION}" ]; then + if [ -n "${SUB_COMPRESSION}" ]; then COMPRESSION=${SUB_COMPRESSION}; fi; - if [ ! -z "${SUB_COMPRESSION_LEVEL}" ]; then + if [ -n "${SUB_COMPRESSION_LEVEL}" ]; then COMPRESSION_LEVEL=${SUB_COMPRESSION_LEVEL}; fi; # compact interval override - if [ ! -z "${SUB_COMPACT_INTERVAL}" ]; then + if [ -n "${SUB_COMPACT_INTERVAL}" ]; then COMPACT_INTERVAL="${SUB_COMPACT_INTERVAL}"; fi; # override check interval - if [ ! -z "${SUB_CHECK_INTERVAL}" ]; then + if [ -n "${SUB_CHECK_INTERVAL}" ]; then CHECK_INTERVAL="${SUB_CHECK_INTERVAL}"; fi; # check override for keep time - if [ ! -z "${SUB_KEEP_LAST}" ]; then + if [ -n "${SUB_KEEP_LAST}" ]; then KEEP_LAST=${SUB_KEEP_LAST}; fi; - if [ ! -z "${SUB_KEEP_HOURS}" ]; then + if [ -n "${SUB_KEEP_HOURS}" ]; then KEEP_HOURS=${SUB_KEEP_HOURS}; fi; - if [ ! -z "${SUB_KEEP_DAYS}" ]; then + if [ -n "${SUB_KEEP_DAYS}" ]; then KEEP_DAYS=${SUB_KEEP_DAYS}; fi; - if [ ! -z "${SUB_KEEP_WEEKS}" ]; then + if [ -n "${SUB_KEEP_WEEKS}" ]; then KEEP_WEEKS=${SUB_KEEP_WEEKS}; fi; - if [ ! -z "${SUB_KEEP_MONTHS}" ]; then + if [ -n "${SUB_KEEP_MONTHS}" ]; then KEEP_MONTHS=${SUB_KEEP_MONTHS}; fi; - if [ ! -z "${SUB_KEEP_YEARS}" ]; then + if [ -n "${SUB_KEEP_YEARS}" ]; then KEEP_YEARS=${SUB_KEEP_YEARS}; fi; - if [ ! -z "${SUB_KEEP_WITHIN}" ]; then + if [ -n "${SUB_KEEP_WITHIN}" ]; then KEEP_WITHIN=${SUB_KEEP_WITHIN}; fi; fi; @@ -571,7 +571,7 @@ fi # log file set and check # option folder overrides all other folders -if [ ! -z "${OPT_LOG_FOLDER}" ]; then +if [ -n "${OPT_LOG_FOLDER}" ]; then LOG_FOLDER="${OPT_LOG_FOLDER}"; fi; # if empty folder set to default folder @@ -599,11 +599,26 @@ fi; # if ENCRYPTION is empty or not in the valid list fall back to none # NOTE This is currently set in default and doesn't need to be set on empty # only ivalid should be checked -#if [ -z "${ENCRYPTION}" ]; then -# ENCRYPTION="none"; -#else - # TODO check for invalid encryption string -#fi; +if + [ "${ENCRYPTION}" = "authenticated" ] || + [ "${ENCRYPTION}" = "repokey" ] || + [ "${ENCRYPTION}" = "authenticated-blake2" ] || + [ "${ENCRYPTION}" = "repokey-blake2" ] ; +then + # if "authenticated" or "repokey" a password must be set + if [[ ! -v BORG_PASSPHRASE ]] && [[ ! -v BORG_PASSCOMMAND ]] && [[ ! -v BORG_PASSPHRASE_FD ]]; then + echo "Encryption method '${ENCRYPTION}' requires a BORG_PASSPHRASE, BORG_PASSCOMMAND or BORG_PASSPHRASE_FD to be set."; + exit 1; + fi; +elif [ "${ENCRYPTION}" = "keyfile" ] || [ "${ENCRYPTION}" = "keyfile-blake2" ]; then + # if no password, set empty password + if [[ ! -v BORG_PASSPHRASE ]] && [[ ! -v BORG_PASSCOMMAND ]] && [[ ! -v BORG_PASSPHRASE_FD ]]; then + export BORG_PASSPHRASE=""; + fi; +elif [ "${ENCRYPTION}" != "none" ]; then + echo "Encryption method '${ENCRYPTION}' is not valid."; + exit 1; +fi; ## FUNCTIONS @@ -618,30 +633,30 @@ function convert_time { timestamp=${1}; # round to four digits for ms - timestamp=$(printf "%1.4f" $timestamp); + timestamp=$(printf "%1.4f" "$timestamp"); # get the ms part and remove any leading 0 - ms=$(echo ${timestamp} | cut -d "." -f 2 | sed -e 's/^0*//'); - timestamp=$(echo ${timestamp} | cut -d "." -f 1); + ms=$(echo "${timestamp}" | cut -d "." -f 2 | sed -e 's/^0*//'); + timestamp=$(echo "${timestamp}" | cut -d "." -f 1); timegroups=(86400 3600 60 1); # day, hour, min, sec timenames=("d" "h" "m" "s"); # day, hour, min, sec output=( ); time_string=; - for timeslice in ${timegroups[@]}; do + for timeslice in "${timegroups[@]}"; do # floor for the division, push to output output[${#output[*]}]=$(awk "BEGIN {printf \"%d\", ${timestamp}/${timeslice}}"); timestamp=$(awk "BEGIN {printf \"%d\", ${timestamp}%${timeslice}}"); done; for ((i=0; i<${#output[@]}; i++)); do - if [ ${output[$i]} -gt 0 ] || [ ! -z "$time_string" ]; then - if [ ! -z "${time_string}" ]; then + if [ "${output[$i]}" -gt 0 ] || [ -n "$time_string" ]; then + if [ -n "${time_string}" ]; then time_string=${time_string}" "; fi; time_string=${time_string}${output[$i]}${timenames[$i]}; fi; done; - if [ ! -z ${ms} ] && [ "${ms}" != "nan" ] && [ ${ms} -gt 0 ]; then - time_string=${time_string}" "${ms}"ms"; + if [ -n "${ms}" ] && [ "${ms}" != "nan" ] && [ "${ms}" -gt 0 ]; then + time_string="${time_string} ${ms}ms"; fi; # just in case the time is 0 if [ -z "${time_string}" ]; then diff --git a/borg.backup.functions.verify.sh b/borg.backup.functions.verify.sh index 594adf7..6d108f2 100644 --- a/borg.backup.functions.verify.sh +++ b/borg.backup.functions.verify.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + if [ -z "${MODULE}" ]; then echo "Script cannot be run on its own"; exit 1; @@ -10,7 +13,7 @@ START=$(date +'%s'); # set init date, or today if not file is set BACKUP_INIT_DATE=''; if [ -f "${BASE_FOLDER}${BACKUP_INIT_FILE}" ]; then - BACKUP_INIT_DATE=$(printf '%(%c)T' $(cat "${BASE_FOLDER}${BACKUP_INIT_FILE}" 2>/dev/null)); + BACKUP_INIT_DATE=$(printf '%(%c)T' "$(cat "${BASE_FOLDER}${BACKUP_INIT_FILE}" 2>/dev/null)"); fi; # start logging from here exec &> >(tee -a "${LOG}"); @@ -30,13 +33,13 @@ printf "${PRINTF_INFO_STRING}" "Base folder" "${BASE_FOLDER}"; printf "${PRINTF_INFO_STRING}" "Module init date" "${BACKUP_INIT_DATE}"; # print last compact date if positive integer # only if borg > 1.2 -if [ $(version $BORG_VERSION) -ge $(version "1.2.0") ]; then +if [ "$(version "$BORG_VERSION")" -ge "$(version "1.2.0")" ]; then if [ "${COMPACT_INTERVAL##*[!0-9]*}" ]; then printf "${PRINTF_INFO_STRING}" "Module compact interval" "${COMPACT_INTERVAL}"; if [ -f "${BASE_FOLDER}${BACKUP_COMPACT_FILE}" ]; then LAST_COMPACT_DATE=$(cat "${BASE_FOLDER}${BACKUP_COMPACT_FILE}" 2>/dev/null); printf "${PRINTF_INFO_STRING}" "Module last compact" \ - "$(printf '%(%c)T' ${LAST_COMPACT_DATE}) ($(convert_time $(($(date +%s)-${LAST_COMPACT_DATE}))) ago)"; + "$(printf '%(%c)T' "${LAST_COMPACT_DATE}") ($(convert_time $(($(date +%s) - LAST_COMPACT_DATE))) ago)"; else printf "${PRINTF_INFO_STRING}" "Module last compact" "No compact run yet" fi; @@ -49,7 +52,7 @@ if [ "${CHECK_INTERVAL##*[!0-9]*}" ]; then if [ -f "${BASE_FOLDER}${BACKUP_CHECK_FILE}" ]; then LAST_CHECK_DATE=$(cat "${BASE_FOLDER}${BACKUP_CHECK_FILE}" 2>/dev/null); printf "${PRINTF_INFO_STRING}" "Module last check" \ - "$(printf '%(%c)T' ${LAST_CHECK_DATE}) ($(convert_time $(($(date +%s)-${LAST_CHECK_DATE}))) ago)"; + "$(printf '%(%c)T' "${LAST_CHECK_DATE}") ($(convert_time $(($(date +%s) - LAST_CHECK_DATE))) ago)"; else printf "${PRINTF_INFO_STRING}" "Module last check" "No check run yet"; fi; @@ -57,15 +60,15 @@ fi; # if force verify is true set VERIFY to 1 unless INFO is 1 # Needs bash 4.0 at lesat for this -if [ "${FORCE_VERIFY,,}" = "true" ] && [ ${INFO} -eq 0 ]; then +if [ "${FORCE_VERIFY,,}" = "true" ] && [ "${INFO}" -eq 0 ]; then VERIFY=1; - if [ ${DEBUG} -eq 1 ]; then + if [ "${DEBUG}" -eq 1 ]; then echo "Force repository verify"; fi; fi; # remote borg path -if [ ! -z "${TARGET_BORG_PATH}" ]; then +if [ -n "${TARGET_BORG_PATH}" ]; then if [[ "${TARGET_BORG_PATH}" =~ \ |\' ]]; then echo "Space found in ${TARGET_BORG_PATH}. Aborting"; echo "There are issues with passing on paths with spaces" @@ -102,16 +105,16 @@ TARGET_SERVER=''; # allow host only (if full setup in .ssh/config) # user@host OR ssh://user@host:port/ IF TARGET_PORT is set # user/host/port -if [ ! -z "${TARGET_USER}" ] && [ ! -z "${TARGET_HOST}" ] && [ ! -z "${TARGET_PORT}" ]; then +if [ -n "${TARGET_USER}" ] && [ -n "${TARGET_HOST}" ] && [ -n "${TARGET_PORT}" ]; then TARGET_SERVER="ssh://${TARGET_USER}@${TARGET_HOST}:${TARGET_PORT}/"; # host/port -elif [ ! -z "${TARGET_HOST}" ] && [ ! -z "${TARGET_PORT}" ]; then +elif [ -n "${TARGET_HOST}" ] && [ -n "${TARGET_PORT}" ]; then TARGET_SERVER="ssh://${TARGET_HOST}:${TARGET_PORT}/"; # user/host -elif [ ! -z "${TARGET_USER}" ] && [ ! -z "${TARGET_HOST}" ]; then +elif [ -n "${TARGET_USER}" ] && [ -n "${TARGET_HOST}" ]; then TARGET_SERVER="${TARGET_USER}@${TARGET_HOST}:"; # host -elif [ ! -z "${TARGET_HOST}" ]; then +elif [ -n "${TARGET_HOST}" ]; then TARGET_SERVER="${TARGET_HOST}:"; fi; # we dont allow special characters, so we don't need to special escape it @@ -120,13 +123,13 @@ printf "${PRINTF_INFO_STRING}" "Repository" "${REPOSITORY}"; # check if given compression name and level are valid OPT_COMPRESSION=''; -if [ ! -z "${COMPRESSION}" ]; then +if [ -n "${COMPRESSION}" ]; then # valid compression if [ "${COMPRESSION}" = "lz4" ] || [ "${COMPRESSION}" = "zlib" ] || [ "${COMPRESSION}" = "lzma" ] || [ "${COMPRESSION}" = "zstd" ]; then OPT_COMPRESSION="-C=${COMPRESSION}"; # if COMPRESSION_LEVEL, check it is a valid regex # for zlib, zstd, lzma - if [ ! -z "${COMPRESSION_LEVEL}" ] && ([ "${COMPRESSION}" = "zlib" ] || [ "${COMPRESSION}" = "lzma" ] || [ "${COMPRESSION}" = "zstd" ]); then + if [ -n "${COMPRESSION_LEVEL}" ] && { [ "${COMPRESSION}" = "zlib" ] || [ "${COMPRESSION}" = "lzma" ] || [ "${COMPRESSION}" = "zstd" ]; }; then MIN_COMPRESSION=0; MAX_COMPRESSION=0; case "${COMPRESSION}" in @@ -152,10 +155,10 @@ if [ ! -z "${COMPRESSION}" ]; then # fi; error_message="[! $(date +'%F %T')] Compression level for ${COMPRESSION} needs to be a numeric value between ${MIN_COMPRESSION} and ${MAX_COMPRESSION}: ${COMPRESSION_LEVEL}"; if ! [[ "${COMPRESSION_LEVEL}" =~ ${REGEX_NUMERIC} ]]; then - echo ${error_message}; + echo "${error_message}"; exit 1; - elif [ ${COMPRESSION_LEVEL} -lt ${MIN_COMPRESSION} ] || [ ${COMPRESSION_LEVEL} -gt ${MAX_COMPRESSION} ]; then - echo ${error_message}; + elif [ "${COMPRESSION_LEVEL}" -lt "${MIN_COMPRESSION}" ] || [ "${COMPRESSION_LEVEL}" -gt "${MAX_COMPRESSION}" ]; then + echo "${error_message}"; exit 1; else OPT_COMPRESSION=${OPT_COMPRESSION}","${COMPRESSION_LEVEL}; @@ -177,7 +180,7 @@ KEEP_OPTIONS=(); # keep info string (for files) KEEP_INFO=""; # override standard keep for tagged backups -if [ ! -z "${ONE_TIME_TAG}" ]; then +if [ -n "${ONE_TIME_TAG}" ]; then BACKUP_SET="{now:%Y-%m-%dT%H:%M:%S}"; # set empty to avoid problems KEEP_OPTIONS=(""); @@ -185,32 +188,32 @@ else # build options and info string, # also flag BACKUP_SET check if hourly is set BACKUP_SET_VERIFY=0; - if [ ${KEEP_LAST} -gt 0 ]; then + if [ "${KEEP_LAST}" -gt 0 ]; then KEEP_OPTIONS+=("--keep-last=${KEEP_LAST}"); KEEP_INFO="${KEEP_INFO}, last: ${KEEP_LAST}"; fi; - if [ ${KEEP_HOURS} -gt 0 ]; then + if [ "${KEEP_HOURS}" -gt 0 ]; then KEEP_OPTIONS+=("--keep-hourly=${KEEP_HOURS}"); KEEP_INFO="${KEEP_INFO}, hourly: ${KEEP_HOURS}"; BACKUP_SET_VERIFY=1; fi; - if [ ${KEEP_DAYS} -gt 0 ]; then + if [ "${KEEP_DAYS}" -gt 0 ]; then KEEP_OPTIONS+=("--keep-daily=${KEEP_DAYS}"); KEEP_INFO="${KEEP_INFO}, daily: ${KEEP_DAYS}"; fi; - if [ ${KEEP_WEEKS} -gt 0 ]; then + if [ "${KEEP_WEEKS}" -gt 0 ]; then KEEP_OPTIONS+=("--keep-weekly=${KEEP_WEEKS}"); KEEP_INFO="${KEEP_INFO}, weekly: ${KEEP_WEEKS}"; fi; - if [ ${KEEP_MONTHS} -gt 0 ]; then + if [ "${KEEP_MONTHS}" -gt 0 ]; then KEEP_OPTIONS+=("--keep-monthly=${KEEP_MONTHS}"); KEEP_INFO="${KEEP_INFO}, monthly: ${KEEP_MONTHS}"; fi; - if [ ${KEEP_YEARS} -gt 0 ]; then + if [ "${KEEP_YEARS}" -gt 0 ]; then KEEP_OPTIONS+=("--keep-yearly=${KEEP_YEARS}"); KEEP_INFO="${KEEP_INFO}, yearly: ${KEEP_YEARS}"; fi; - if [ ! -z "${KEEP_WITHIN}" ]; then + if [ -n "${KEEP_WITHIN}" ]; then # check for invalid string. can only be number + H|d|w|m|y if [[ "${KEEP_WITHIN}" =~ ^[0-9]+[Hdwmy]{1}$ ]]; then KEEP_OPTIONS+=("--keep-within=${KEEP_WITHIN}"); @@ -244,7 +247,7 @@ fi; if [ -f "${BASE_FOLDER}${BACKUP_LOCK_FILE}" ]; then LOCK_PID=$(cat "${BASE_FOLDER}${BACKUP_LOCK_FILE}" 2>/dev/null); # check if lock file pid has an active program attached to it - if [ -f /proc/${LOCK_PID}/cmdline ]; then + if [ -f "/proc/${LOCK_PID}/cmdline" ]; then echo "Script is already running on PID: ${$}"; . "${DIR}/borg.backup.functions.close.sh" 1; exit 1; @@ -272,11 +275,11 @@ _BORG_PRUNE="${BORG_COMMAND} prune ${OPT_REMOTE} -v --list ${OPT_PROGRESS} ${DRY # set base path to config directory to keep cache/config separated export BORG_BASE_DIR="${BASE_FOLDER}"; # ignore non encrypted access -export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=${_BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK}; +export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK="${_BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK}"; # ignore moved repo access -export BORG_RELOCATED_REPO_ACCESS_IS_OK=${_BORG_RELOCATED_REPO_ACCESS_IS_OK}; +export BORG_RELOCATED_REPO_ACCESS_IS_OK="${_BORG_RELOCATED_REPO_ACCESS_IS_OK}"; # and for debug print that tout -if [ ${DEBUG} -eq 1 ]; then +if [ "${DEBUG}" -eq 1 ]; then echo "export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=${_BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK};"; echo "export BORG_RELOCATED_REPO_ACCESS_IS_OK=${_BORG_RELOCATED_REPO_ACCESS_IS_OK};"; echo "export BORG_BASE_DIR=\"${BASE_FOLDER}\";"; @@ -288,10 +291,10 @@ COMMAND_INFO="${COMMAND_EXPORT}${BORG_COMMAND} info ${OPT_REMOTE} ${REPOSITORY}" # if this is user@host, we need to use ssh command to verify if the file is there # else a normal verify is ok # unless explicit given, verify is skipped -if [ ${VERIFY} -eq 1 ] || [ ${INIT} -eq 1 ]; then +if [ "${VERIFY}" -eq 1 ] || [ "${INIT}" -eq 1 ]; then printf "${PRINTF_SUB_BLOCK}" "VERIFY" "$(date +'%F %T')" "${MODULE}"; - if [ ! -z "${TARGET_SERVER}" ]; then - if [ ${DEBUG} -eq 1 ]; then + if [ -n "${TARGET_SERVER}" ]; then + if [ "${DEBUG}" -eq 1 ]; then echo "${BORG_COMMAND} info ${OPT_REMOTE} ${REPOSITORY} 2>&1|grep \"Repository ID:\""; fi; # use borg info and verify if it returns "Repository ID:" in the first line @@ -305,19 +308,19 @@ if [ ${VERIFY} -eq 1 ] || [ ${INIT} -eq 1 ]; then INIT_REPOSITORY=1; fi; # if verrify but no init and repo is there but init file is missing set it - if [ ${VERIFY} -eq 1 ] && [ ${INIT} -eq 0 ] && [ ${INIT_REPOSITORY} -eq 0 ] && + if [ "${VERIFY}" -eq 1 ] && [ "${INIT}" -eq 0 ] && [ "${INIT_REPOSITORY}" -eq 0 ] && [ ! -f "${BASE_FOLDER}${BACKUP_INIT_FILE}" ]; then # write init file echo "[!] Add missing init verify file"; - echo "$(date +%s)" > "${BASE_FOLDER}${BACKUP_INIT_FILE}"; + date +%s > "${BASE_FOLDER}${BACKUP_INIT_FILE}"; fi; # end if verified but repository is not here - if [ ${VERIFY} -eq 1 ] && [ ${INIT} -eq 0 ] && [ ${INIT_REPOSITORY} -eq 1 ]; then + if [ "${VERIFY}" -eq 1 ] && [ "${INIT}" -eq 0 ] && [ "${INIT_REPOSITORY}" -eq 1 ]; then echo "[! $(date +'%F %T')] No repository. Please run with -I flag to initialze repository"; . "${DIR}/borg.backup.functions.close.sh" 1; exit 1; fi; - if [ ${EXIT} -eq 1 ] && [ ${VERIFY} -eq 1 ] && [ ${INIT} -eq 0 ]; then + if [ "${EXIT}" -eq 1 ] && [ "${VERIFY}" -eq 1 ] && [ "${INIT}" -eq 0 ]; then echo "Repository exists"; echo "For more information run:" echo "${COMMAND_INFO}"; @@ -325,16 +328,30 @@ if [ ${VERIFY} -eq 1 ] || [ ${INIT} -eq 1 ]; then exit; fi; fi; -if [ ${INIT} -eq 1 ] && [ ${INIT_REPOSITORY} -eq 1 ]; then +# MARK: INIT +if [ "${INIT}" -eq 1 ] && [ "${INIT_REPOSITORY}" -eq 1 ]; then + printf "${PRINTF_SUB_BLOCK}" "INIT" "$(date +'%F %T')" "${MODULE}"; - if [ ${DEBUG} -eq 1 ] || [ ${DRYRUN} -eq 1 ]; then + if [ "${DEBUG}" -eq 1 ] || [ "${DRYRUN}" -eq 1 ]; then echo "${BORG_COMMAND} init ${OPT_REMOTE} -e ${ENCRYPTION} ${OPT_VERBOSE} ${REPOSITORY}"; + echo "${BORG_COMMAND} key export ${REPOSITORY}"; + echo "${BORG_COMMAND} key export --paper ${REPOSITORY}"; fi - if [ ${DRYRUN} -eq 0 ]; then + if [ "${DRYRUN}" -eq 0 ]; then # should trap and exit properly here ${BORG_COMMAND} init ${OPT_REMOTE} -e ${ENCRYPTION} ${OPT_VERBOSE} ${REPOSITORY}; + # show the key file + if [ "${ENCRYPTION}" = "keyfile" ]; then + echo "--- [ENCRYPTION KEY] --[START]-------------------------------------------------->"; + echo "Store the key and password in a safe place"; + echo "----[BORG KEY] -------------------------------->"; + ${BORG_COMMAND} key export "${REPOSITORY}"; + echo "----[BORG KEY:paper] -------------------------->"; + ${BORG_COMMAND} key export --paper "${REPOSITORY}"; + echo "--- [ENCRYPTION KEY] --[END ]-------------------------------------------------->"; + fi; # write init file - echo "$(date +%s)" > "${BASE_FOLDER}${BACKUP_INIT_FILE}"; + date +%s > "${BASE_FOLDER}${BACKUP_INIT_FILE}"; echo "Repository initialized"; echo "For more information run:" echo "${COMMAND_INFO}"; @@ -342,7 +359,7 @@ if [ ${INIT} -eq 1 ] && [ ${INIT_REPOSITORY} -eq 1 ]; then . "${DIR}/borg.backup.functions.close.sh"; # exit after init exit; -elif [ ${INIT} -eq 1 ] && [ ${INIT_REPOSITORY} -eq 0 ]; then +elif [ "${INIT}" -eq 1 ] && [ "${INIT_REPOSITORY}" -eq 0 ]; then echo "[! $(date +'%F %T')] Repository already initialized"; echo "For more information run:" echo "${COMMAND_INFO}"; @@ -359,18 +376,18 @@ if [ ! -f "${BASE_FOLDER}${BACKUP_INIT_FILE}" ]; then fi; # PRINT OUT current data, only do this if REPO exists -if [ ${PRINT} -eq 1 ]; then +if [ "${PRINT}" -eq 1 ]; then printf "${PRINTF_SUB_BLOCK}" "PRINT" "$(date +'%F %T')" "${MODULE}"; FORMAT="{archive:<45} {comment:6} {start} - {end} [{id}] ({username}@{hostname}){NL}" # show command on debug or dry run - if [ ${DEBUG} -eq 1 ] || [ ${DRYRUN} -eq 1 ]; then + if [ "${DEBUG}" -eq 1 ] || [ "${DRYRUN}" -eq 1 ]; then echo "export BORG_BASE_DIR=\"${BASE_FOLDER}\";${BORG_COMMAND} list ${OPT_REMOTE} --format ${FORMAT} ${REPOSITORY}"; fi; # run info command if not a dry drun - if [ ${DRYRUN} -eq 0 ]; then - ${BORG_COMMAND} list ${OPT_REMOTE} --format "${FORMAT}" ${REPOSITORY} ; + if [ "${DRYRUN}" -eq 0 ]; then + ${BORG_COMMAND} list ${OPT_REMOTE} --format "${FORMAT}" "${REPOSITORY}" ; fi; - if [ ${VERBOSE} -eq 1 ]; then + if [ "${VERBOSE}" -eq 1 ]; then echo ""; echo "Base command info:" echo "export BORG_BASE_DIR=\"${BASE_FOLDER}\";${BORG_COMMAND} [COMMAND] ${OPT_REMOTE} ${REPOSITORY}::[BACKUP] [PATH]"; @@ -389,21 +406,21 @@ if [ ${PRINT} -eq 1 ]; then fi; # run borg compact command and exit -if [ ${COMPACT} -eq 1 ]; then +if [ "${COMPACT}" -eq 1 ]; then . "${DIR}/borg.backup.functions.compact.sh"; . "${DIR}/borg.backup.functions.close.sh"; exit; fi; # run borg check command and exit -if [ ${CHECK} -eq 1 ]; then +if [ "${CHECK}" -eq 1 ]; then . "${DIR}/borg.backup.functions.check.sh"; . "${DIR}/borg.backup.functions.close.sh"; exit; fi; # DELETE ONE TIME TAG -if [ ! -z "${DELETE_ONE_TIME_TAG}" ]; then +if [ -n "${DELETE_ONE_TIME_TAG}" ]; then printf "${PRINTF_SUB_BLOCK}" "DELETE" "$(date +'%F %T')" "${MODULE}"; # if a "*" is inside we don't do ONE archive, but globbing via -a option DELETE_ARCHIVE="" @@ -415,12 +432,12 @@ if [ ! -z "${DELETE_ONE_TIME_TAG}" ]; then DELETE_ARCHIVE="::"${DELETE_ONE_TIME_TAG}; fi # if this is borg <1.2 OPT_LIST does not work - if [ $(version $BORG_VERSION) -lt $(version "1.2.0") ]; then + if [ "$(version "$BORG_VERSION")" -lt "$(version "1.2.0")" ]; then OPT_LIST=""; fi; # if exists, delete and exit # show command on debug or dry run - if [ ${DEBUG} -eq 1 ]; then + if [ "${DEBUG}" -eq 1 ]; then echo "${BORG_COMMAND} delete ${OPT_REMOTE} ${OPT_LIST} -s ${OPT_GLOB} ${REPOSITORY}${DELETE_ARCHIVE}"; fi; # run delete command if not a dry drun @@ -432,11 +449,11 @@ if [ ! -z "${DELETE_ONE_TIME_TAG}" ]; then fi; # if not a dry run, compact repository after delete # not that compact only works on borg 1.2 - if [ $(version $BORG_VERSION) -ge $(version "1.2.0") ]; then - if [ ${DRYRUN} -eq 0 ]; then - ${BORG_COMMAND} compact ${OPT_REMOTE} ${REPOSITORY}; + if [ "$(version "$BORG_VERSION")" -ge "$(version "1.2.0")" ]; then + if [ "${DRYRUN}" -eq 0 ]; then + ${BORG_COMMAND} compact ${OPT_REMOTE} "${REPOSITORY}"; fi; - if [ ${DEBUG} -eq 1 ]; then + if [ "${DEBUG}" -eq 1 ]; then echo "${BORG_COMMAND} compact ${OPT_REMOTE} ${REPOSITORY}"; fi; fi; diff --git a/borg.backup.gitea.sh b/borg.backup.gitea.sh index 46c4c8a..adc77fb 100755 --- a/borg.backup.gitea.sh +++ b/borg.backup.gitea.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + # Backup gitea database, all git folders and gitea settings MODULE="gitea" @@ -93,7 +96,7 @@ if [ ${DRYRUN} -eq 0 ]; then fi; chown -R ${GIT_USER}: "${GITEA_WORKING_DIR}"; # this needs to be run in a folder that can be stat by git user - cd "${GITEA_WORKING_DIR}"; + cd "${GITEA_WORKING_DIR}" || exit 1; sudo -u ${GIT_USER} ${GITEA_BIN} dump -c ${GITEA_CONFIG} -w ${GITEA_WORKING_DIR} -t ${GITEA_TEMP_DIR} --type ${GITEA_EXPORT_TYPE} -L -f - | ${BORG_CALL}; ) 2>&1 | sed 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' # remove all ESC strings fi; diff --git a/borg.backup.mysql.sh b/borg.backup.mysql.sh index 9a1e539..cf67829 100755 --- a/borg.backup.mysql.sh +++ b/borg.backup.mysql.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + # Backup MySQL/MariaDB # default is per table dump, can be set to one full dump # config override set in borg.backup.mysql.settings @@ -87,7 +90,7 @@ EVENTDB="mysql" EVENTS="--events" # ALL IN ONE FILE or PER DATABASE FLAG -if [ ! -z "${DATABASE_FULL_DUMP}" ]; then +if [ -n "${DATABASE_FULL_DUMP}" ]; then SCHEMA_ONLY=''; schema_flag='data'; if [ "${DATABASE_FULL_DUMP}" = "schema" ]; then @@ -126,11 +129,11 @@ if [ ! -z "${DATABASE_FULL_DUMP}" ]; then echo "Prune repository with keep${KEEP_INFO:1}"; ${BORG_PRUNE}; fi; - DURATION=$[ $(date +'%s')-$LOCAL_START ]; + DURATION=$(( $(date +'%s') - LOCAL_START )); printf "${PRINTF_DB_RUN_TIME_SUB_BLOCK}" "DONE" "all databases" "${MODULE}" "$(convert_time ${DURATION})"; else ${MYSQL_CMD} ${MYSQL_DB_CONFIG_PARAM} -B -N -e "show databases" | - while read db; do + while read -r db; do LOCAL_START=$(date +'%s'); printf "${PRINTF_DB_SUB_BLOCK}" "DB" "${db}" "${MODULE}"; printf "${PRINTF_SUBEXT_BLOCK}" "BACKUP" "${db}" "$(date +'%F %T')" "${MODULE}"; @@ -148,7 +151,7 @@ else fi; exclude=0; if [ -f "${BASE_FOLDER}${EXCLUDE_FILE}" ]; then - while read excl_db; do + while read -r excl_db; do if [ "${db}" = "${excl_db}" ]; then exclude=1; break; @@ -178,7 +181,7 @@ else SCHEMA_ONLY=''; # empty for all schema_flag='data'; # or data if [ -s "${BASE_FOLDER}${SCHEMA_ONLY_FILE}" ]; then - while read schema_db; do + while read -r schema_db; do if [ "${db}" = "${schema_db}" ]; then SCHEMA_ONLY='--no-data'; schema_flag='schema'; @@ -218,7 +221,7 @@ else else echo "- [E] ${db}"; fi; - DURATION=$[ $(date +'%s')-$LOCAL_START ]; + DURATION=$(( $(date +'%s') - LOCAL_START )); printf "${PRINTF_DB_RUN_TIME_SUB_BLOCK}" "DONE" "${db}" "${MODULE}" "$(convert_time ${DURATION})"; done; fi; diff --git a/borg.backup.settings-default b/borg.backup.settings-default index 07940d1..393a407 100644 --- a/borg.backup.settings-default +++ b/borg.backup.settings-default @@ -23,10 +23,13 @@ COMPRESSION_LEVEL=""; # encryption settings: # SHA-256: 'none', 'authenticated', 'repokey', 'keyfile' # BLAKE2b: 'authenticated-blake2', 'repokey-blake2', 'keyfile-blake2' -# Note: none or empty does not encrypt +# Note: none does not encrypt # Blank passwords allowed for only key (if used, use keyfile) +# Default is keyfile +# passwords have to be set via BORG_PASSPHRASE or BORG_PASSCOMMAND +# keyfile can have blank passwords # See: http://borgbackup.readthedocs.io/en/stable/faq.html#how-can-i-specify-the-encryption-passphrase-programmatically -ENCRYPTION=""; +ENCRYPTION="" # force repository verify, default is off, set to true for verify on every run FORCE_VERIFY=""; # compact interval, only if using borg 1.2 or higher diff --git a/borg.backup.zabbix.sh b/borg.backup.zabbix.sh index cb33c9f..f44b0a3 100755 --- a/borg.backup.zabbix.sh +++ b/borg.backup.zabbix.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# allow variables in printf format string +# shellcheck disable=SC2059 + # Backup zabbix config and settings only MODULE="zabbix" @@ -26,7 +29,7 @@ BACKUP_LOCK_FILE="borg.backup.${MODULE}.lock"; if [ -z "${ZABBIX_DUMP_BIN}" ]; then ZABBIX_DUMP_BIN="/usr/local/bin/zabbix-dump"; fi; -if [ ! -z "${ZABBIX_CONFIG}" ] && [ ! -f "${ZABBIX_CONFIG}" ]; then +if [ -n "${ZABBIX_CONFIG}" ] && [ ! -f "${ZABBIX_CONFIG}" ]; then echo "[! $(date +'%F %T')] Cannot find zabbix config: ${ZABBIX_CONFIG}"; . "${DIR}/borg.backup.functions.close.sh" 1; exit 1; diff --git a/borg.mount.sh b/borg.mount.sh index ef980d7..94bcf78 100755 --- a/borg.mount.sh +++ b/borg.mount.sh @@ -33,7 +33,7 @@ function usage () } # set options -while getopts ":c:m:uf:h" opt do +while getopts ":c:m:uf:h" opt; do case "${opt}" in c|config) BASE_FOLDER=${OPTARG};