Merge pull request #1086 from github/3.7-main

Sync 3.7 main with stable

Author: dooleydevin

bin/ghe-backup

@@ -151,6 +151,30 @@ if [ -n "$GHE_ALLOW_REPLICA_BACKUP" ]; then
   echo "Warning: backing up a high availability replica may result in inconsistent or unreliable backups."
 fi
 
+# Output system information of the backup host
+
+# If /etc/issue.net exists, use it to get the OS version
+if [ -f /etc/issue.net ]; then
+  echo "Running on: $(cat /etc/issue.net)"
+else
+  echo "Running on: Unknown OS"
+fi
+
+# If nproc command exists, use it to get the number of CPUs
+if command -v nproc >/dev/null 2>&1; then
+  echo "CPUs: $(nproc)"
+else
+  echo "CPUs: Unknown"
+fi
+
+# If the free command exists, use it to get the memory details
+if command -v free >/dev/null 2>&1; then
+  echo "Memory $(free -m  | grep '^Mem:' | awk '{print "total/used/free+share/buff/cache: " $2 "/" $3 "/" $4 "+" $5 "/" $6 "/" $7}')"
+else
+  echo "Memory: Unknown"
+fi
+
+
 # Log backup start message in /var/log/syslog on remote instance
 ghe_remote_logger "Starting backup from $(hostname) with backup-utils v$BACKUP_UTILS_VERSION in snapshot $GHE_SNAPSHOT_TIMESTAMP ..."
 

bin/ghe-restore

@@ -367,6 +367,12 @@ if $RESTORE_SETTINGS; then
   ghe-restore-settings "$GHE_HOSTNAME"
 fi
 
+# Always restore column encryption keys
+if [ "$(version $GHE_REMOTE_VERSION)" -ge "$(version 3.7.0)" ]; then
+  echo "Always restore encrypted column encryption keys on GHES verions 3.7.0+"
+  ghe-restore-column-encryption-keys "$GHE_HOSTNAME"
+fi
+
 # Make sure mysql and elasticsearch are prep'd and running before restoring.
 # These services will not have been started on appliances that have not been
 # configured yet.

debian/changelog

@@ -1,3 +1,11 @@
+github-backup-utils (3.7.1) UNRELEASED; urgency=medium
+
+  * Don't fail a backup if the Management Console password isn't set #416
+  * Prevent restoring snapshots to older releases #420
+  * Use old rsync restore method for pages prior to 2.13 #426
+
+ -- Devin Dooley <[email protected]>  Fri, 21 Jul 2023 02:08:41 +0000
+
 github-backup-utils (3.7.0) UNRELEASED; urgency=medium
 
 

script/release

@@ -31,7 +31,8 @@ GH_REPO = ENV['GH_REPO'] || 'backup-utils'
 GH_OWNER = ENV['GH_OWNER'] || 'github'
 GH_AUTHOR = ENV['GH_AUTHOR']
 DEB_PKG_NAME = 'github-backup-utils'
-GH_BASE_BRANCH = ENV['GH_BASE_BRANCH'] || 'master'
+GH_BASE_BRANCH = ENV['GH_BASE_BRANCH'] || 'master' # TODO: should we even allow a default or require all params get set explicitly?
+GH_STABLE_BRANCH = ""
 
 CHANGELOG_TMPL = '''<%= package_name %> (<%= package_version %>) UNRELEASED; urgency=medium
 
@@ -137,7 +138,8 @@ def beautify_changes(changes)
 end
 
 def changelog
-  changes = `git log --pretty=oneline origin/stable...origin/#{GH_BASE_BRANCH} --reverse --grep "Merge pull request" | sort -t\# -k2`.lines.map(&:strip)
+  puts "building changelog by comparing origin/#{GH_STABLE_BRANCH}...origin/#{GH_BASE_BRANCH}"
+  changes = `git log --pretty=oneline origin/#{GH_STABLE_BRANCH}...origin/#{GH_BASE_BRANCH} --reverse --grep "Merge pull request" | sort -t\# -k2`.lines.map(&:strip)
   raise 'Building the changelog failed' if $CHILD_STATUS != 0
 
   changes
@@ -228,12 +230,12 @@ def push_release_branch(version)
 end
 
 def update_stable_branch
-  `git checkout --quiet stable`
+  `git checkout --quiet #{GH_STABLE_BRANCH}`
   unless (out = `git merge --quiet --ff-only origin/#{GH_BASE_BRANCH}`)
-    warn "Merging #{GH_BASE_BRANCH} into stable failed:\n\n#{out}"
+    warn "Merging #{GH_BASE_BRANCH} into #{GH_STABLE_BRANCH} failed:\n\n#{out}"
   end
-  unless (out = `git push --quiet origin stable`)
-    warn "Failed pushing the stable branch:\n\n#{out}"
+  unless (out = `git push --quiet origin #{GH_STABLE_BRANCH}`)
+    warn "Failed pushing the #{GH_STABLE_BRANCH} branch:\n\n#{out}"
   end
 end
 
@@ -333,9 +335,38 @@ def clean_up(version)
   `git branch --quiet -D tmp-packging >/dev/null 2>&1`
 end
 
+def is_base_branch_valid?(branch)
+  if branch == "master" || branch.match(/^\d+\.\d+-main$/)
+    return true
+  else
+    return false
+  end
+end
+
+def get_stable_branch_name(branch)
+  ## derive the proper stable branch. if the base branch is "master" the stable branch is just "stable"
+  ## if the base branch is a release branch, the stable branch will be "x.y-stable"
+  result = ""
+  if branch == "master"
+    result = "stable"
+  else
+    result = branch.gsub(/-main$/, "-stable")
+  end
+
+  result
+end
+
 #### All the action starts ####
 if $PROGRAM_NAME == __FILE__
   begin
+    ## validate base branch. this must either be "master" or a release branch which will match the pattern "x.y-main"
+    raise "The branch #{GH_BASE_BRANCH} is not valid for releasing backup-utils. branch name must be master or match x.y-main" if !is_base_branch_valid?(GH_BASE_BRANCH)
+
+    GH_STABLE_BRANCH = get_stable_branch_name(GH_BASE_BRANCH)
+
+    puts "base branch = " + GH_BASE_BRANCH
+    puts "stable branch = " + GH_STABLE_BRANCH
+
     args = ARGV.dup
     dry_run = false
     skip_version_bump_check = false
@@ -455,7 +486,7 @@ if $PROGRAM_NAME == __FILE__
     puts 'Cleaning up...'
     clean_up version
 
-    puts 'Updating stable branch...'
+    puts "Updating #{GH_STABLE_BRANCH} branch..."
     update_stable_branch
 
     puts 'Released!'

share/github-backup-utils/ghe-backup-mssql

@@ -38,18 +38,18 @@ add_minute() {
   # Expect date string in the format of yyyymmddTHHMMSS
   # Here parse date differently depending on GNU Linux vs BSD MacOS
   if date -v -1d > /dev/null 2>&1; then
-    echo "$(date -v +$2M -ujf'%Y%m%dT%H%M%S' $1 +%Y%m%dT%H%M%S)"
+    date -v +"$2"M -ujf'%Y%m%dT%H%M%S' "$1" +%Y%m%dT%H%M%S
   else
     dt=$1
-    echo "$(date -u '+%Y%m%dT%H%M%S' -d "${dt:0:8} ${dt:9:2}:${dt:11:2}:${dt:13:2} $2 minutes")"
+    date -u '+%Y%m%dT%H%M%S' -d "${dt:0:8} ${dt:9:2}:${dt:11:2}:${dt:13:2} $2 minutes"
   fi
 }
 
 find_timestamp() {
   filename="${1##*/}"
   IFS='@' read -ra parts <<< "$filename"
   datetime_part=${parts[1]:0:15}
-  echo $datetime_part
+  echo "$datetime_part"
 }
 
 actions_dbs() {
@@ -98,7 +98,7 @@ get_latest_backup_file() {
   db=$2
   ext=$3
 
-  latest_full_backup=$(find "$backups_dir" -type f -name "$db*.$ext" | egrep '[0-9]{8}T[0-9]{6}' | sort | tail -n 1)
+  latest_full_backup=$(find "$backups_dir" -type f -name "$db*.$ext" | grep -E '[0-9]{8}T[0-9]{6}' | sort | tail -n 1)
   latest_full_backup_file="${latest_full_backup##*/}"
   echo "$latest_full_backup_file"
 }
@@ -146,8 +146,8 @@ get_next_diff_backup_base_lsn() {
 
 last_mssql=$GHE_DATA_DIR/current/mssql
 
-if [ ! -d $last_mssql ] \
-  || [ -z "$(find $last_mssql -type f -name '*.bak' | head -n 1)" ]; then
+if [ ! -d "$last_mssql" ] \
+  || [ -z "$(find "$last_mssql" -type f -name '*.bak' | head -n 1)" ]; then
   ghe_verbose "Taking first full backup"
   backup_type="full"
 else
@@ -159,34 +159,34 @@ else
   current=$(date -u +%Y%m%d%H%M%S)
 
   full=$(find "$last_mssql" -type f -name "*.bak" | head -n 1)
-  full=$(find_timestamp $full)
-  full_expire=$(add_minute $full ${cadence[0]})
+  full=$(find_timestamp "$full")
+  full_expire=$(add_minute "$full" "${cadence[0]}")
   full_expire="${full_expire//T}"
 
   diff=$(find "$last_mssql" -type f -name "*.diff" | head -n 1)
   if [ -f "$diff" ]; then
-    diff=$(find_timestamp $diff)
-    diff_expire=$(add_minute $diff ${cadence[1]})
+    diff=$(find_timestamp "$diff")
+    diff_expire=$(add_minute "$diff" "${cadence[1]}")
     diff_expire="${diff_expire//T}"
   else
-    diff_expire=$(add_minute $full ${cadence[1]})
+    diff_expire=$(add_minute "$full" "${cadence[1]}")
     diff_expire="${diff_expire//T}"
   fi
 
-  tran=$(find "$last_mssql" -type f -name "*.log" | egrep '[0-9]{8}T[0-9]{6}' | sort | tail -1)
-  tran=$(find_timestamp $tran)
-  tran_expire=$(add_minute $tran ${cadence[2]})
+  tran=$(find "$last_mssql" -type f -name "*.log" | grep -E '[0-9]{8}T[0-9]{6}' | sort | tail -1)
+  tran=$(find_timestamp "$tran")
+  tran_expire=$(add_minute "$tran" "${cadence[2]}")
   tran_expire="${tran_expire//T}"
 
   ghe_verbose "current $current, full expire $full_expire, \
 diff expire $diff_expire, tran expire $tran_expire"
 
   # Determine the type of backup to take based on expiry time
-  if [ $current -gt $full_expire ]; then
+  if [ "$current" -gt "$full_expire" ]; then
     backup_type='full'
-  elif [ $current -gt $diff_expire ]; then
+  elif [ "$current" -gt "$diff_expire" ]; then
     backup_type='diff'
-  elif [ $current -gt $tran_expire ]; then
+  elif [ "$current" -gt "$tran_expire" ]; then
     backup_type='transaction'
   fi
 
@@ -264,8 +264,8 @@ fi
 mkdir -p "$backup_dir"
 
 # Use hard links to "copy" over previous applicable backups to the new snapshot folder to save disk space and time
-if [ -d $last_mssql ]; then
-  for p in $last_mssql/*
+if [ -d "$last_mssql" ]; then
+  for p in "$last_mssql"/*
   do
     [[ -e "$p" ]] || break
 
@@ -274,23 +274,23 @@ if [ -d $last_mssql ]; then
     transfer=
 
     # Copy full backups unless we're taking a new full backup
-    if [ $extension = "bak" ] && [ "$backup_type" != 'full' ]; then
+    if [ "$extension" = "bak" ] && [ "$backup_type" != 'full' ]; then
       transfer=1
     fi
 
     # Copy diff backups unless we're taking a new full or diff backup
-    if [ $extension = "diff" ] && [ "$backup_type" != 'full' ] && [ "$backup_type" != 'diff' ]; then
+    if [ "$extension" = "diff" ] && [ "$backup_type" != 'full' ] && [ "$backup_type" != 'diff' ]; then
       transfer=1
     fi
 
     # Copy transaction log backups unless we're taking a new full or diff backup
-    if [ $extension = "log" ] && [ "$backup_type" != 'full' ] && [ "$backup_type" != 'diff' ]; then
+    if [ "$extension" = "log" ] && [ "$backup_type" != 'full' ] && [ "$backup_type" != 'diff' ]; then
       transfer=1
     fi
 
     if [ -n "$transfer" ]; then
       ghe_verbose "Creating hard link to $filename"
-      ln $last_mssql/$filename $backup_dir/$filename
+      ln "$last_mssql"/"$filename" "$backup_dir"/"$filename"
     fi
   done
 fi
@@ -305,9 +305,9 @@ if [ -n "$backup_type" ]; then
     backup_command='ghe-export-mssql -t'
   fi
 
-  bm_start "$(basename $0)"
-  ghe-ssh "$GHE_HOSTNAME" -- "$backup_command" || failures="$failures mssql"
-  bm_end "$(basename $0)"
+  bm_start "$(basename "$0")"
+  ghe-ssh "$GHE_HOSTNAME" -- "$backup_command"
+  bm_end "$(basename "$0")"
 
   # Configure the backup cadence on the appliance, which is used for diagnostics
   ghe-ssh "$GHE_HOSTNAME" "ghe-config mssql.backup.cadence $GHE_MSSQL_BACKUP_CADENCE"
@@ -319,6 +319,6 @@ if [ -n "$backup_type" ]; then
   for b in $backups
   do
     ghe_verbose "Transferring to backup host $b"
-    ghe-ssh "$GHE_HOSTNAME" "sudo cat $appliance_dir/$b" > $backup_dir/$b
+    ghe-ssh "$GHE_HOSTNAME" "sudo cat $appliance_dir/$b" > "$backup_dir"/"$b"
   done
 fi

share/github-backup-utils/ghe-backup-settings

@@ -76,6 +76,24 @@ backup-secret() {
 
 backup-secret "management console password" "manage-password" "secrets.manage"
 backup-secret "password pepper" "password-pepper" "secrets.github.user-password-secrets"
+backup-secret "encrypted column encryption keying material" "encrypted-column-encryption-keying-material" "secrets.github.encrypted-column-keying-material"
+backup-secret "kredz.credz HMAC key" "kredz-credz-hmac" "secrets.kredz.credz-hmac-secret"
+backup-secret "kredz.varz HMAC key" "kredz-varz-hmac" "secrets.kredz.varz-hmac-secret"
+
+# backup encryption keying material for GHES 3.7.0 onwards
+if [ "$(version $GHE_REMOTE_VERSION)" -ge "$(version 3.7.0)" ]; then
+  backup-secret "encrypted column encryption keying material" "encrypted-column-encryption-keying-material" "secrets.github.encrypted-column-keying-material"
+fi
+
+# backup current encryption key for GHES 3.8.0 onwards
+if [ "$(version $GHE_REMOTE_VERSION)" -ge "$(version 3.8.0)" ]; then
+  backup-secret "encrypted column current encryption key" "encrypted-column-current-encryption-key" "secrets.github.encrypted-column-current-encryption-key"
+fi
+
+# Backup argon secrets for multiuser from ghes version 3.8 onwards
+if [[ "$(version $GHE_REMOTE_VERSION)" -ge "$(version 3.8.0)" && "$(version $GHE_REMOTE_VERSION)" -lt "$(version 3.8.2)" ]]; then
+  backup-secret "management console argon2 secret" "manage-argon-secret" "secrets.manage-auth.argon-secret"
+fi
 
 # Backup external MySQL password if running external MySQL DB.
 if is_service_external 'mysql'; then

share/github-backup-utils/ghe-restore-column-encryption-keys

@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+#/ Usage: ghe-restore-column-encryption-keys <host>
+#/ Restore the column encryption keys from a snapshot to the given <host>.
+#/ This script will be run automatically by `ghe-restore
+set -e
+
+# Bring in the backup configuration
+# shellcheck source=share/github-backup-utils/ghe-backup-config
+. "$( dirname "${BASH_SOURCE[0]}" )/ghe-backup-config"
+
+# Show usage and bail with no arguments
+[ -z "$*" ] && print_usage
+
+bm_start "$(basename "$0")"
+
+# Grab host arg
+GHE_HOSTNAME="$1"
+
+# Perform a host-check and establish GHE_REMOTE_XXX variables.
+ghe_remote_version_required "$GHE_HOSTNAME"
+
+# The snapshot to restore should be set by the ghe-restore command but this lets
+# us run this script directly.
+: "${GHE_RESTORE_SNAPSHOT:=current}"
+
+# Path to snapshot dir we're restoring from
+: "${GHE_RESTORE_SNAPSHOT_PATH:="$GHE_DATA_DIR/current"}"
+
+# Restore encrypted column encryption keying material for GHES 3.7.0 onward
+if [ "$(version "$GHE_REMOTE_VERSION")" -ge "$(version 3.7.0)" ]; then
+  echo "Restoring encrypted column encryption keying material"
+  restore-secret "encrypted column encryption keying material" "encrypted-column-encryption-keying-material" "secrets.github.encrypted-column-keying-material"
+fi
+
+# Restore encrypted column current encryption key for GHES 3.8.0 onwards
+if [ "$(version "$GHE_REMOTE_VERSION")" -ge "$(version 3.8.0)" ]; then
+  echo "Restoring encrypted column current encryption key"
+  restore-secret "encrypted column current encryption key" "encrypted-column-current-encryption-key" "secrets.github.encrypted-column-current-encryption-key"
+fi
+
+
+bm_end "$(basename "$0")"

share/github-backup-utils/ghe-restore-settings

@@ -44,6 +44,18 @@ ghe-restore-packages "$GHE_HOSTNAME" 1>&3
 # Restore management console password hash if present.
 restore-secret "management console password" "manage-password" "secrets.manage"
 
+# Restore management console argon2 secret if present.
+restore-secret "management console argon2 secret" "manage-argon-secret" "secrets.manage-auth.argon-secret"
+
+# Restore encrypted column encryption keying material if present
+restore-secret "encrypted column encryption keying material" "encrypted-column-encryption-keying-material" "secrets.github.encrypted-column-keying-material"
+
+# Restore kredz.credz HMAC key if present.
+restore-secret "kredz.credz HMAC key" "kredz-credz-hmac" "secrets.kredz.credz-hmac-secret"
+
+# Restore kredz.varz HMAC key if present.
+restore-secret "kredz.varz HMAC key" "kredz-varz-hmac" "secrets.kredz.varz-hmac-secret"
+
 # Restore SAML keys if present.
 if [ -f "$GHE_RESTORE_SNAPSHOT_PATH/saml-keys.tar" ]; then
   echo "Restoring SAML keys ..."

share/github-backup-utils/version

@@ -1 +1 @@
-3.7.0
+3.7.1