[SCM] The rsync repository. - branch master updated
Rsync CVS commit messages
rsync-cvs at lists.samba.org
Mon Jun 15 16:39:34 UTC 2020
The branch, master has been updated
via 00ec415a Tweak the stunnel4 Verify config; tweak the rsync-ssl docs/usage.
via ec8035ce A minor NEWS tweak.
from 775f64f4 Add a warning header to the generated help-*.h files.
https://git.samba.org/?p=rsync.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 00ec415a6965cf36bb05a7efbfdcc693ea2e0195
Author: Wayne Davison <wayne at opencoder.net>
Date: Mon Jun 15 09:21:28 2020 -0700
Tweak the stunnel4 Verify config; tweak the rsync-ssl docs/usage.
commit ec8035cef90babb5ef07c0e5303753d7170e2a9f
Author: Wayne Davison <wayne at opencoder.net>
Date: Mon Jun 15 09:21:26 2020 -0700
A minor NEWS tweak.
-----------------------------------------------------------------------
Summary of changes:
NEWS.md | 4 ++--
rsync-ssl | 11 ++++++-----
rsync-ssl.1.md | 22 +++++++++++++---------
3 files changed, 21 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/NEWS.md b/NEWS.md
index f2b808de..32163f8a 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -173,8 +173,8 @@ Protocol: 31 (unchanged)
autoconf include-file check.
- Converted the man pages from yodl to markdown. They are now processed via a
- simple python3 script using the cmarkgfm OR commonmark library. This should
- make it easier to package rsync, since yodl has gotten obscure.
+ simple python3 script using the cmarkgfm **or** commonmark library. This
+ should make it easier to package rsync, since yodl has gotten obscure.
- Improved some configure checks to work better with strict C99 compilers.
diff --git a/rsync-ssl b/rsync-ssl
index f48f44f8..4f0e86ba 100755
--- a/rsync-ssl
+++ b/rsync-ssl
@@ -72,21 +72,21 @@ function rsync_ssl_helper {
caopt="-verify_return_error -verify 4"
# stunnel:
cafile=""
- verify=0
+ verify=""
elif [[ "$RSYNC_SSL_CA_CERT" == "" ]]; then
# RSYNC_SSL_CA_CERT set but empty -do NO verifications:
# openssl:
caopt="-verify 1"
# stunnel:
cafile=""
- verify=0
+ verify="verifyChain = no"
else
# RSYNC_SSL_CA_CERT set - use CA AND verify:
# openssl:
caopt="-CAfile $RSYNC_SSL_CA_CERT -verify_return_error -verify 4"
# stunnel:
cafile="CAfile = $RSYNC_SSL_CA_CERT"
- verify=3
+ verify="verifyChain = yes"
fi
port="${RSYNC_PORT:-0}"
@@ -118,7 +118,7 @@ debug = crit
connect = $hostname:$port
client = yes
TIMEOUTclose = 0
-verify = $verify
+$verify
$certopt
$cafile
EOF
@@ -146,7 +146,8 @@ function path_search {
}
if [[ "$#" == 0 ]]; then
- echo "Usage: rsync-ssl [--type=openssl|stunnel] RSYNC_ARG [...]" 1>&2
+ echo "Usage: rsync-ssl [--type=SSL_TYPE] RSYNC_ARG [...]" 1>&2
+ echo "The SSL_TYPE can be stunnel or openssl"
exit 1
fi
diff --git a/rsync-ssl.1.md b/rsync-ssl.1.md
index c8def0fa..c16b9657 100644
--- a/rsync-ssl.1.md
+++ b/rsync-ssl.1.md
@@ -5,7 +5,7 @@ rsync-ssl - a helper script for connecting to an ssl rsync daemon
# SYNOPSIS
```
-rsync-ssl [--type=openssl|stunnel] RSYNC_ARGS
+rsync-ssl [--type=SSL_TYPE] RSYNC_ARGS
```
# DESCRIPTION
@@ -13,26 +13,25 @@ rsync-ssl [--type=openssl|stunnel] RSYNC_ARGS
The rsync-ssl script helps you to run an rsync copy to/from an rsync daemon
that requires ssl connections.
-If the **first** arg is a `--type=NAME` option, the script will only use that
-particular program to open an ssl connection instead of trying to find an
+# OPTIONS
+
+If the **first** arg is a `--type=SSL_TYPE` option, the script will only use
+that particular program to open an ssl connection instead of trying to find an
stunnel or openssl executable via a simple heuristic (assuming that the
`RSYNC_SSL_TYPE` environment variable is not set as well -- see below). This
-option must be one of `--type=openssl` or `--type=stunnel`. The equal sign is
+option must specify one of `openssl` or `stunnel`. The equal sign is
required for this particular option.
All the other options are passed through to the rsync command, so consult the
**rsync** manpage for more information on how it works.
-Note that the stunnel connection type requires at least version 4 of stunnel,
-which should be the case on modern systems.
-
# ENVIRONMENT VARIABLES
The ssl helper scripts are affected by the following environment variables:
0. `RSYNC_SSL_TYPE` Specifies the program type that should be used to open the
- ssl connection. It must be one of "openssl" or "stunnel". The
- `--type=NAME` option overrides this, if specified.
+ ssl connection. It must be one of `openssl` or `stunnel`. The
+ `--type=SSL_TYPE` option overrides this, when specified.
0. `RSYNC_SSL_PORT` If specified, the value is the port number that is used as
the default when the user does not specify a port in their rsync command.
When not specified, the default port number is 874. (Note that older rsync
@@ -49,6 +48,11 @@ The ssl helper scripts are affected by the following environment variables:
connection type is set to openssl. If unspecified, the $PATH is searched
for "openssl".
+# CAVEATS
+
+Note that using an stunnel connection requires at least version 4 of stunnel,
+which should be the case on modern systems.
+
# EXAMPLES
> rsync-ssl -aiv example.com::src/ dest
--
The rsync repository.
More information about the rsync-cvs
mailing list