Skip to content

Commit 98834bf

Browse files
authored
Merge pull request #683 from github/dbussink/fix-pepper-restore
Fix restoring the password pepper for already configured instances
2 parents 477de7d + cec1a75 commit 98834bf

File tree

2 files changed

+8
-6
lines changed

2 files changed

+8
-6
lines changed

share/github-backup-utils/ghe-restore-mysql

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ ghe_remote_version_required "$GHE_HOSTNAME"
2727
export GHE_RESTORE_SNAPSHOT
2828

2929
# The directory holding the snapshot to restore
30-
snapshot_dir="$GHE_DATA_DIR/$GHE_RESTORE_SNAPSHOT"
30+
GHE_RESTORE_SNAPSHOT_PATH="$GHE_DATA_DIR/$GHE_RESTORE_SNAPSHOT"
3131

3232
if is_external_database_snapshot; then
3333
if [ -n "$EXTERNAL_DATABASE_RESTORE_SCRIPT" ]; then
@@ -40,7 +40,7 @@ if is_external_database_snapshot; then
4040
bm_end "$(basename $0)"
4141
exit 0
4242
else
43-
if is_binary_backup "$snapshot_dir"; then
43+
if is_binary_backup "$GHE_RESTORE_SNAPSHOT_PATH"; then
4444
echo "Error: Restore of a binary backup to appliance with an external database configured is not supported."
4545
echo "Please provide a custom external database restore script with EXTERNAL_DATABASE_RESTORE_SCRIPT"
4646
exit 1
@@ -63,18 +63,22 @@ if is_external_database_snapshot; then
6363
fi
6464

6565
if is_binary_backup_feature_on; then
66+
# Always restore the password pepper here since it is tied to the MySQL data.
67+
restore-secret "password pepper" "password-pepper" "secrets.github.user-password-secrets"
6668
# Feature "mysql.backup.binary" is on, which means new backup scripts are available
67-
if is_binary_backup "$snapshot_dir"; then
69+
if is_binary_backup "$GHE_RESTORE_SNAPSHOT_PATH"; then
6870
ghe-restore-mysql-binary $GHE_HOSTNAME
6971
else
7072
ghe-restore-mysql-logical $GHE_HOSTNAME
7173
fi
7274
else
7375
# We do not allow to restore binary backup without "mysql.backup.binary" set
74-
if is_binary_backup "$snapshot_dir"; then
76+
if is_binary_backup "$GHE_RESTORE_SNAPSHOT_PATH"; then
7577
echo "To restore from a binary backup, you have to set ghe-config \"mysql.backup.binary\" to true" >&2
7678
exit 2
7779
else
80+
# Always restore the password pepper here since it is tied to the MySQL data.
81+
restore-secret "password pepper" "password-pepper" "secrets.github.user-password-secrets"
7882
if is_default_external_database_snapshot; then
7983
ghe-restore-mysql-logical $GHE_HOSTNAME
8084
else

share/github-backup-utils/ghe-restore-settings

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -40,8 +40,6 @@ restore-secret "external MySQL password" "external-mysql-password" "secrets.exte
4040

4141
# Restore management console password hash if present.
4242
restore-secret "management console password" "manage-password" "secrets.manage"
43-
# Restore password pepper if present
44-
restore-secret "password pepper" "password-pepper" "secrets.github.user-password-secrets"
4543

4644
# Restore SAML keys if present.
4745
if [ -f "$GHE_RESTORE_SNAPSHOT_PATH/saml-keys.tar" ]; then

0 commit comments

Comments
 (0)