Given that the normal amcrypt scripts work it must be some of the setup rows
they have that are needed. They seemed superfluous for my use so i removed them.
Try prepending the following to the script:
prefix="/usr"
exec_prefix="${prefix}"
sbindir="/usr/bin"
amlibexecdir="/usr/lib/amanda"
. "${amlibexecdir}/amanda-sh-lib.sh"
OPENSSL= # whatever's in $PATH
# where might openssl be?
PATH=/bin:/usr/bin:/usr/local/bin:/usr/ssl/bin:/usr/local/ssl/bin:/opt/csw/bin
export PATH
ME=`basename "$0"`
if [ -z "${OPENSSL:=`which openssl`}" ]; then
echo `_ '%s: openssl not found' "${ME}"` >&2
exit 1
elif [ ! -x "${OPENSSL}" ]; then
echo `_ "%s: can't execute %s (%s)" "${ME}" "openssl" "${OPENSSL}"` >&2
exit 1
fi
And then replace /usr/bin/openssl with "${OPENSSL}" at the bottom.
Anton "exuvo" Olsson
ex...@exuvo.se
On 2022-05-06 12:34, Exuvo wrote:
Sorry for a lot of replies.
I looked at my config and i only use estimate calcsize and estimate server as
estimate client was so slow when it was using that.
I probably never tested my encryption script with estimate client which i think
is the default.
Anton "exuvo" Olsson
ex...@exuvo.se
On 2022-05-06 12:29, Exuvo wrote:
Actually it might be related to the estimates. Try and see if it works if you use another estimate
mode like "estimate server" or "estimate calcsize".
Anton "exuvo" Olsson
ex...@exuvo.se
On 2022-05-06 12:21, Exuvo wrote:
I have never used amsamba, i only use dd and tar type backups.
If you change my encryption script to write its arguments and errors to a file
it might be easier to see what is going wrong or if amsamba uses it differently
somehow.
echo "$@" > /tmp/encryptparams
/usr/bin/openssl enc -pbkdf2 -e -aes-256-ctr -salt -pass fd:3 3< "${PASSPHRASE}"
2> /tmp/encrypterrors
Anton "exuvo" Olsson
ex...@exuvo.se
On 2022-05-06 11:03, Stefan G. Weichinger wrote:
Am 04.05.22 um 16:46 schrieb Exuvo:
Ah yes my RANDFILE was probably already created long ago when i initially set
up encryption.
From what i have read the random file is not really on most systems as it is
only there to help with low entropy systems (ie server that does nothing most
of the time).
Each time openssl runs it uses that file (if specified) for random seeds and at
command end it replaces the file with 256 new bytes of randomness for the next
invocation.
It is not needed for decryption.
From the man page the digest is only used to create the real encryption key
from the text key you supply. It should not affect speed at all.
The default digest is sha-256, sha-512 just has more bits. The only thing you
would gain is more protection against brute force attacks i think.
Thanks, great.
As mentioned on Github, I still see issues with your crypt-script when combined with
amsamba: that leads to dumps with "missing size line from sendbackup". Would be
great to get that fixed as well.
I will try to streamline and cleanup my config and report the actual dumptype
definition.