You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/requirements.md
+20-4Lines changed: 20 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,15 +5,31 @@ storage and must have network connectivity with the GitHub Enterprise Server app
5
5
6
6
## Backup host requirements
7
7
8
-
Backup host software requirements are modest: Linux or other modern Unix operating
9
-
system (Ubuntu is highly recommended) with [bash][1], [git][2], [OpenSSH][3] 5.6 or newer, [rsync][4] v2.6.4 or newer, and [jq][11] v1.5 or newer.
8
+
Backup host software requirements are modest: Linux or other modern Unix operating system (Ubuntu is highly recommended) with [bash][1], [git][2], [OpenSSH][3] 5.6 or newer, [rsync][4] v2.6.4 or newer* (see [below](april-2023-update-of-rsync-requirements) for exceptions), and [jq][11] v1.5 or newer. See below for an update on rsync.
10
9
11
10
The parallel backup and restore feature will require [GNU awk][10] and [moreutils][9] to be installed.
12
11
13
12
We encourage the use of [Docker](docker.md), as it ensures compatible versions of the aforementioned software are available to backup-utils.
14
13
15
-
The backup host must be able to establish outbound network connections to the
16
-
GitHub appliance over SSH. TCP port 122 is used to backup GitHub Enterprise Server.
14
+
The backup host must be able to establish outbound network connections to the GitHub appliance over SSH. TCP port 122 is used to backup GitHub Enterprise Server.
15
+
16
+
### April 2023 Update of Rsync Requirements
17
+
18
+
The [fix in rsync `3.2.5`](https://github.com/WayneD/rsync/blob/master/NEWS.md#news-for-rsync-325-14-aug-2022) for [CVE-2022-29154](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154) can cause severe performance degradation to `backup-utils`.
19
+
20
+
If you encounter this degradation you can mitigate it by using the `--trust-sender` flag, which is available in rsync >= v3.2.5.
21
+
22
+
If your backup host is running rsync < v3.2.5 you may or may not need to make changes to your rsync package, depending on whether your rsync package has backported the fix for CVE-2022-29154 without also backporting the `--trust-sender` flag.
23
+
24
+
If your rsync package has backported the CVE fix _and_ the `--trust-sender` flag then you don't need to change anything.
25
+
26
+
However, if your rsync package has backported the CVE fix without backporting the `--trust-sender` flag then you have three options:
27
+
28
+
1. Downgrade (using the package manager on your host) the rsync package to a version before the CVE fix was backported
29
+
2. Upgrade (using the package manager on your host) the rsync package to v3.2.5 or newer
30
+
3. Manually download rsync v3.2.5 or newer and build the rsync binary
31
+
32
+
Option #3 is required if your operating system's package manager does not have access to rsync v3.2.5 or later (e.g. Ubuntu Focal).
0 commit comments