From owner-svn-src-all@freebsd.org  Sat Jul 11 20:53:32 2020
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id A771D3710B5;
 Sat, 11 Jul 2020 20:53:32 +0000 (UTC)
 (envelope-from allanjude@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4B42F840xmz4b1Q;
 Sat, 11 Jul 2020 20:53:32 +0000 (UTC)
 (envelope-from allanjude@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6D61219691;
 Sat, 11 Jul 2020 20:53:32 +0000 (UTC)
 (envelope-from allanjude@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 06BKrW91048646;
 Sat, 11 Jul 2020 20:53:32 GMT (envelope-from allanjude@FreeBSD.org)
Received: (from allanjude@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 06BKrVxv048643;
 Sat, 11 Jul 2020 20:53:31 GMT (envelope-from allanjude@FreeBSD.org)
Message-Id: <202007112053.06BKrVxv048643@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: allanjude set sender to
 allanjude@FreeBSD.org using -f
From: Allan Jude <allanjude@FreeBSD.org>
Date: Sat, 11 Jul 2020 20:53:31 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r363110 - in head: share/man/man5 usr.sbin/periodic
 usr.sbin/periodic/etc/daily
X-SVN-Group: head
X-SVN-Commit-Author: allanjude
X-SVN-Commit-Paths: in head: share/man/man5 usr.sbin/periodic
 usr.sbin/periodic/etc/daily
X-SVN-Commit-Revision: 363110
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jul 2020 20:53:32 -0000

Author: allanjude
Date: Sat Jul 11 20:53:31 2020
New Revision: 363110
URL: https://svnweb.freebsd.org/changeset/base/363110

Log:
  Add a periodic script to backup the partition table and boot code
  
  Optionally, alert you if the contents change from the previous backup
  
  PR:		86388
  Submitted by:	Rob Fairbanks <rob.fx907@gmail.com>, Miroslav Lachman <000.fbsd@quip.cz> (Original Version)
  MFC after:	4 weeks
  Relnotes:	yes
  Sponsored by:	Klara Inc.
  Event:		July 2020 Bugathon
  Differential Revision:	https://reviews.freebsd.org/D25628

Added:
  head/usr.sbin/periodic/etc/daily/221.backup-gpart   (contents, props changed)
Modified:
  head/share/man/man5/periodic.conf.5
  head/usr.sbin/periodic/periodic.conf

Modified: head/share/man/man5/periodic.conf.5
==============================================================================
--- head/share/man/man5/periodic.conf.5	Sat Jul 11 19:44:12 2020	(r363109)
+++ head/share/man/man5/periodic.conf.5	Sat Jul 11 20:53:31 2020	(r363110)
@@ -252,6 +252,22 @@ Files will be deleted using the same criteria as
 would normally use when determining whether to believe the cached information,
 as configured in
 .Pa /etc/mail/sendmail.cf .
+.It Va daily_backup_efi_enable
+.Pq Vt bool
+Set to
+.Dq Li YES
+To create backup of EFI System Partion (ESP).
+.It Va daily_backup_gpart_enable
+.Pq Vt bool
+Set to
+.Dq Li YES
+To create backups of partition tables, and bootcode partition contents.
+.It Va daily_backup_gpart_verbose
+.Pq Vt bool
+Set to
+.Dq Li YES
+To be verbose if existing backups for kern.geom.conftxt or the partition tables differ
+from the new backups.
 .It Va daily_backup_passwd_enable
 .Pq Vt bool
 Set to

Added: head/usr.sbin/periodic/etc/daily/221.backup-gpart
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/usr.sbin/periodic/etc/daily/221.backup-gpart	Sat Jul 11 20:53:31 2020	(r363110)
@@ -0,0 +1,124 @@
+#!/bin/sh
+
+## $FreeBSD$
+## Created by: Miroslav Lachman <000.fbsd@quip.cz>
+
+## Backup of disk partitions layout, useful for gpart restore.
+## Data are stored on local filesystem, in /var/backup.
+## It is recommended to copy those files to off-site storage.
+
+
+## If there is a global system configuration file, suck it in.
+##
+if [ -r /etc/defaults/periodic.conf ]
+then
+	. /etc/defaults/periodic.conf
+	source_periodic_confs
+fi
+
+bak_dir=/var/backups
+
+rotate() {
+	base_name=$1
+	show_diff=$2
+	file="$bak_dir/$base_name"
+
+	if [ -f "${file}.bak" ] ; then
+		rc=0
+		if cmp -s "${file}.bak" "${file}.tmp"; then
+			rm "${file}.tmp"
+		else
+			rc=1
+			[ -n "$show_diff" ] && diff "${file}.bak" "${file}.tmp"
+			mv "${file}.bak" "${file}.bak2" || rc=3
+			mv "${file}.tmp" "${file}.bak" || rc=3
+		fi
+	else
+		rc=1
+		mv "${file}.tmp" "${file}.bak" || rc=3
+		[ -n "$show_diff" ] && cat "${file}.bak"
+	fi
+}
+
+case "$daily_backup_gpart_verbose" in
+	[Yy][Ee][Ss]) show="YES"
+esac
+
+case "$daily_backup_gpart_enable" in
+	[Yy][Ee][Ss])
+
+	echo ""
+	echo "Dump of kern.geom.conftxt:";
+	sysctl -n kern.geom.conftxt > "$bak_dir/kern.geom.conftxt.tmp"
+	rotate "kern.geom.conftxt" $show
+
+	gpart_devs=$(gpart show | awk '$1 == "=>" { print $4 }')
+	if [ -n "$daily_backup_gpart_exclude" ]; then
+		gpart_devs=$(echo ${gpart_devs} | grep -E -v "${daily_backup_gpart_exclude}")
+	fi
+
+	if [ -z "$gpart_devs"  ]; then
+		echo '$daily_backup_gpart_enable is set but no disk probed by kernel.' \
+		"perhaps NFS diskless client."
+		rc=2
+	else
+		echo ""
+		echo "Backup of partitions information for:";
+
+		for d in ${gpart_devs}; do
+			echo "$d"
+			safe_name=$(echo "gpart.${d}" | tr -cs ".[:alnum:]\n" "_")
+			gpart backup "$d" > "$bak_dir/$safe_name.tmp"
+			rotate "$safe_name" $show
+		done
+
+		gpart_show=$(gpart show -p)
+		boot_part=$(echo "$gpart_show" | awk '$4 ~ /(bios|freebsd)-boot/ { print $3 }')
+		if [ -n "$boot_part" ]; then
+			echo ""
+			echo "Backup of boot partition content:"
+			for b in ${boot_part}; do
+				echo "$b"
+				safe_name=$(echo "boot.${b}" | tr -cs ".[:alnum:]\n" "_")
+				dd if="/dev/${b}" of="$bak_dir/$safe_name.tmp" 2> /dev/null
+				rotate "$safe_name"
+			done
+		fi
+
+		mbr_part=$(echo "$gpart_show" | awk '$1 == "=>" && $5 == "MBR" { print $4 }')
+		if [ -n "$mbr_part" ]; then
+			echo ""
+			echo "Backup of MBR record:"
+			for mb in ${mbr_part}; do
+				echo "$mb"
+				safe_name=$(echo "boot.${mb}" | tr -cs ".[:alnum:]\n" "_")
+				dd if="/dev/${mb}" of="$bak_dir/$safe_name.tmp" bs=512 count=1 2> /dev/null
+				rotate "$safe_name"
+			done
+		fi
+
+	fi
+	;;
+
+	*)  rc=0
+	;;
+esac
+
+case "$daily_backup_efi_enable" in
+    [Yy][Ee][Ss])
+
+    efi_part=$(gpart show -p | awk '$4 ~ /efi/ {print $3}')
+    if [ -n "$efi_part" ]; then
+        echo ""
+        echo "Backup of EFI partition content:"
+        for efi in ${efi_part}; do
+            echo "$efi"
+            safe_name=$(echo "efi.${efi}" | tr -cs ".[:alnum:]\n" "_")
+            dd if="/dev/${efi}" of="$bak_dir/$safe_name.tmp" 2> /dev/null
+            rotate "$safe_name"
+        done
+    fi
+    ;;
+esac
+
+exit $rc

Modified: head/usr.sbin/periodic/periodic.conf
==============================================================================
--- head/usr.sbin/periodic/periodic.conf	Sat Jul 11 19:44:12 2020	(r363109)
+++ head/usr.sbin/periodic/periodic.conf	Sat Jul 11 20:53:31 2020	(r363110)
@@ -77,6 +77,11 @@ daily_backup_passwd_enable="YES"			# Backup passwd & g
 # 210.backup-aliases
 daily_backup_aliases_enable="YES"			# Backup mail aliases
 
+# 221.backup-gpart
+daily_backup_gpart_enable="YES"             		# Backup partition table/boot partition/MBR
+daily_backup_gpart_verbose="NO"             		# Be verbose if new backup differs from the new one
+daily_backup_efi_enable="NO"                		# Backup EFI system partition (ESP)
+
 # 300.calendar
 daily_calendar_enable="NO"				# Run calendar -a