From 4510c70e65f2191853995f8424db5c623ce79ed6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=B5=B5=E6=B0=91=E5=8B=87?= Date: Wed, 16 Nov 2022 14:00:35 +0800 Subject: [PATCH] =?UTF-8?q?147597=20=E3=80=90grub=E8=BF=98=E5=8E=9F?= =?UTF-8?q?=E3=80=91=E4=BD=BF=E7=94=A8grub=E8=BF=98=E5=8E=9F=E6=9C=AA?= =?UTF-8?q?=E6=81=A2=E5=A4=8D=E5=88=B0=E5=87=BA=E5=8E=82=E7=8A=B6=E6=80=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backup-daemon/customizesystemrestoreproxy.cpp | 1 + backup-daemon/data/backup-auto | 1 + backup-daemon/data/backup-auto-efi | 6 ++++++ .../data/initramfs-tools/scripts/local-bottom/kybackup | 1 + backup-daemon/systemrestoreproxy.cpp | 1 + backup-daemon/udisksystemrestoreproxy.cpp | 1 + common/utils.cpp | 8 ++++++++ 7 files changed, 19 insertions(+) diff --git a/backup-daemon/customizesystemrestoreproxy.cpp b/backup-daemon/customizesystemrestoreproxy.cpp index 38c8d1f..2308005 100755 --- a/backup-daemon/customizesystemrestoreproxy.cpp +++ b/backup-daemon/customizesystemrestoreproxy.cpp @@ -263,6 +263,7 @@ QStringList CustomizeSystemRestoreProxy::getRsyncArgs(CustomizeSystemRestoreScen args << "--exclude=/usr/share/rsync"; args << "--exclude=/usr/share/initramfs-tools/hooks/kybackup-hooks"; args << "--exclude=/usr/share/initramfs-tools/scripts/local-bottom/kybackup"; + args << "--exclude=/data/security-dir"; for (const QString& item : excludes) { args << QString("--exclude=") + item; diff --git a/backup-daemon/data/backup-auto b/backup-daemon/data/backup-auto index 07cde1f..8e7a750 100755 --- a/backup-daemon/data/backup-auto +++ b/backup-daemon/data/backup-auto @@ -545,6 +545,7 @@ generateExcludeFile() { echo "/swap_file" >>$EXCLUDEFILE echo "/var/lib/docker/overlay2" >>$EXCLUDEFILE echo "/var/log" >>$EXCLUDEFILE + echo "/data/security-dir" >>$EXCLUDEFILE #bind挂载的目录不进行备份或还原 cat ${rootpath}/etc/fstab | awk '{if($4~/bind/) print $1}' | diff --git a/backup-daemon/data/backup-auto-efi b/backup-daemon/data/backup-auto-efi index f8acd39..c48c215 100755 --- a/backup-daemon/data/backup-auto-efi +++ b/backup-daemon/data/backup-auto-efi @@ -6,6 +6,7 @@ #backup-auto --autobackup ${rootpath} /backup #backup-auto --autorestore ${rootpath} /backup +echo $* #xgs备份还原要保留更多的文件或目录: #kybackup/maindialog.cpp, backup-daemon/mountpoint.cpp, backup-daemon/data/backup-auto-efi XGS=false @@ -566,6 +567,7 @@ generateExcludeFile() { echo "/var/lib/docker/overlay2" >>$EXCLUDEFILE echo "*/backup/snapshots" >>$EXCLUDEFILE echo "/var/log" >>$EXCLUDEFILE + echo "/data/security-dir" >>$EXCLUDEFILE #bind挂载的目录不进行备份或还原 if [ -z $fstab_path ]; then @@ -1075,6 +1077,7 @@ restoreAuto() { #还原 echo "Begin to restore other directories..." >>$PLOGFILE #保留用户数据还原 if [[ x${m_isRetainUserData} = x"true" ]]; then + echo "保留用户数据还原" >> ${rootpath}/var/log/backup.log # 用户数据目录或文件 if [ -e "${rootpath}/var/lib/biometric-auth" ]; then excludes="${excludes} --exclude=/var/lib/biometric-auth" @@ -1135,6 +1138,7 @@ restoreAuto() { #还原 fi excludes="${excludes} --exclude=/var/log" excludes="${excludes} --exclude=*/backup/snapshots" + excludes="${excludes} --exclude=/data/security-dir" #yi jian huan yuan if [ ! -e "${restoreDir}/data/data" ]; then #这两行要一致 @@ -1188,6 +1192,8 @@ fi mkdir -p ${rootpath}/var/log +echo "参数:" $* >> ${rootpath}/var/log/backup.log +echo "m_isRetainUserData=" $m_isRetainUserData >> ${rootpath}/var/log/backup.log if [ $backupORrestore = "--autobackup" ]; then mountBackup mount >>$PLOGFILE diff --git a/backup-daemon/data/initramfs-tools/scripts/local-bottom/kybackup b/backup-daemon/data/initramfs-tools/scripts/local-bottom/kybackup index 9c5b067..612bf6c 100755 --- a/backup-daemon/data/initramfs-tools/scripts/local-bottom/kybackup +++ b/backup-daemon/data/initramfs-tools/scripts/local-bottom/kybackup @@ -1,5 +1,6 @@ #!/bin/bash +echo $* BACKUP_FLAG=backup RESTORE_FLAG=restore ROLLBACK_FLAG=rollback-backup diff --git a/backup-daemon/systemrestoreproxy.cpp b/backup-daemon/systemrestoreproxy.cpp index 2b8c789..b1fa125 100755 --- a/backup-daemon/systemrestoreproxy.cpp +++ b/backup-daemon/systemrestoreproxy.cpp @@ -278,6 +278,7 @@ QStringList SystemRestoreProxy::getRsyncArgs(SystemRestoreScene scene) args << "--exclude=/usr/share/rsync"; args << "--exclude=/usr/share/initramfs-tools/hooks/kybackup-hooks"; args << "--exclude=/usr/share/initramfs-tools/scripts/local-bottom/kybackup"; + args << "--exclude=/data/security-dir"; // 以前的出厂备份和grub备份没有备份/data,还原时需要判断/data是否存在,如不存在需要屏蔽掉,不然会将主机上的/data删除,造成问题 // 此为兼容以前备份的老数据而改,等以后老的备份估计不存在了可已去掉 diff --git a/backup-daemon/udisksystemrestoreproxy.cpp b/backup-daemon/udisksystemrestoreproxy.cpp index 1f2486c..83f7064 100755 --- a/backup-daemon/udisksystemrestoreproxy.cpp +++ b/backup-daemon/udisksystemrestoreproxy.cpp @@ -281,6 +281,7 @@ QStringList UDiskSystemRestoreProxy::getRsyncArgs(SystemRestoreScene scene) args << "--exclude=/usr/share/rsync"; args << "--exclude=/usr/share/initramfs-tools/hooks/kybackup-hooks"; args << "--exclude=/usr/share/initramfs-tools/scripts/local-bottom/kybackup"; + args << "--exclude=/data/security-dir"; // 以前的出厂备份和grub备份没有备份/data,还原时需要判断/data是否存在,如不存在需要屏蔽掉,不然会将主机上的/data删除,造成问题 // 此为兼容以前备份的老数据而改,等以后老的备份估计不存在了可已去掉 diff --git a/common/utils.cpp b/common/utils.cpp index b75b602..0bbfc38 100755 --- a/common/utils.cpp +++ b/common/utils.cpp @@ -486,6 +486,10 @@ bool Utils::generateExcludePathsFile() in << "/var/lib/udisks2" << END_LINE; in << "/var/log" << END_LINE; in << "*/backup/snapshots" << END_LINE; + // 跟wps的研发沟通了,安全目录的使用场景,主要是两个场景: + // 1、在用户浏览信创加密文档时,解密出来的临时明文文件会放在安全目录,关闭文档后,临时文件被删除。 + // 2、用户离线授权的某个加密文档的解密私钥也会放在安全目录中。因此跟他讨论,从安全角度来看,最好不要备份还原这个目录。 + in << "/data/security-dir" << END_LINE; // 系统安装后有的会将/data/home /data/root挂载到的/home /root上,实际文件是存放在/data/home /data/root下面,为了统一标准保留/home /root排除/data/home /data/root QStringList excludes; @@ -543,6 +547,10 @@ QStringList Utils::getFromExcludePathsFile() list << "/var/lib/udisks2"; list << "/var/log"; list << "*/backup/snapshots"; + // 跟wps的研发沟通了,安全目录的使用场景,主要是两个场景: + // 1、在用户浏览信创加密文档时,解密出来的临时明文文件会放在安全目录,关闭文档后,临时文件被删除。 + // 2、用户离线授权的某个加密文档的解密私钥也会放在安全目录中。因此跟他讨论,从安全角度来看,最好不要备份还原这个目录。 + list << "/data/security-dir"; // 系统安装后有的会将/data/home /data/root挂载到的/home /root上,实际文件是存放在/data/home /data/root下面 QStringList excludes;