Comments (16)
Had the same issue; and as of 1/1/2022 it is now important to be sogis.eu compliant (EU version of a lot of the NIST federal processing regulation) - filed #165
from amanda.
Still patching manually on backup servers :-(
from amanda.
Still not fixed upstream.
I hit this again as some manually patched Debian servers reinstalled the old unpatched scripts when upgrading to Debian Buster 10.4
bump
edit: we need to be careful here, in my tests I noticed problems at the restore.
from amanda.
Any update on this? Encountering this in Amanda version 3.5.1.
from amanda.
one year gone, still no reply from the responsible maintainers
from amanda.
I have since stopped using Amanda and moved to Restic. But Amanda stays in a special place in my heart. :)
from amanda.
Who are the "responsible maintainers"?
from amanda.
Who are the "responsible maintainers"?
I donβt know who specifically, but I would assume anyone with commit access to this repo counts.
from amanda.
It can be corrected by adding -pbkdf2 to the amcrypt-ossl calls to openssl:
if [ "$1" = -d ]; then # decrypt "${OPENSSL}" enc -pbkdf2 -d "-${CIPHER}" -nopad -salt -pass fd:3 3< "${PASSPHRASE}" else # encrypt pad | "${OPENSSL}" enc -pbkdf2 -e "-${CIPHER}" -nopad -salt -pass fd:3 3< "${PASSPHRASE}" fi
Still facing these issues. Applied that patch on a debian 11.3 machine, running amdump gives me a "FAIL" run with:
[missing size line from sendbackup]
Anyone else seeing this, any better workaround?
from amanda.
I have replaced my encryption needs with:
# cat /etc/amanda/encrypt
#!/bin/bash
AMANDA_HOME=~amanda
PASSPHRASE=$AMANDA_HOME/.am_passphrase # required
RANDFILE=$AMANDA_HOME/.rnd
export RANDFILE
if [ "$1" = -d ]; then
/usr/bin/openssl enc -pbkdf2 -d -aes-256-ctr -salt -pass fd:3 3< "${PASSPHRASE}"
else
/usr/bin/openssl enc -pbkdf2 -e -aes-256-ctr -salt -pass fd:3 3< "${PASSPHRASE}"
fi
pbkdf2 to fix the deprecated key derivation, aes-256-ctr for better and faster encryption (ctr can be parallelized). Also padding is not needed with this encryption method.
from amanda.
great. Let me add this one for completeness: the file defined in $RANDFILE has to be created and seeded like in:
backup:~$ dd if=/dev/urandom of=.rnd bs=256 count=1
Could that maybe even be done by the wrapper script itself?
from amanda.
from amanda.
@exuvo thanks for the explanation. Correct, I see it replaced already. So it would make even more sense to add some block to the wrapper like "if not exists file $RANDFILE, dd some random bytes into it". This would help the initial configuration/setup (which I tend to put into some HOWTO somewhere).
from amanda.
This should do it:
if [ ! -f "$RANDFILE"]; then
dd if=/dev/urandom of="$RANDFILE" bs=256 count=1
fi
from amanda.
Yep, looks ok. Will test, thanks.
from amanda.
A whitespace before the closing bracket was missing, tiny correction:
if [ ! -f "$RANDFILE" ]; then
Edit: unfortunately I see "missing size line from sendbackup" in the amanda reports.
My quick tests show that this is with DLEs using amsamba
plus the encryption.
The simpler tar-based DLEs seem to work fine.
from amanda.
Related Issues (20)
- Matriz
- Wiki: Page-Improvement (Sendbackup_error)
- Compile 3.5.3 with latest version
- /dev/nst0 assumed to be drive 0 in changer HOT 2
- segfault in planner: NULL dp->program pointer, after removing disklistentry
- About Amanda's specifications HOT 1
- tapechange/tapetype Definitions
- Wiki Page Request: document high port usage HOT 3
- Maximum DLEs HOT 5
- Is there a procedure documented to recover an amanda backup server from scratch if I have all my backup tapes? HOT 1
- Not high enough throughput when using 10 GbE and AMANDA 3.5.1 HOT 1
- Support to install on Rocky Linux 9 HOT 5
- Web Based Centralized Management Console (suggestion) HOT 2
- 3.5.4 -- ndmp-src/ndmprotocol.h calls nonexistant ndmp0.h HOT 4
- Recommended Way to Report a Potential Security Issue HOT 2
- Only the first backup in disklist is made HOT 4
- autoconf error on debian
- Amanda estimating incrementals but dumping full backups HOT 12
- SignatureDoesNotMatch Error While Uploading to Amazon S3 HOT 2
- Short write on tape device
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from amanda.