crypting remote data

Matt McCutchen matt at mattmccutchen.net
Mon Mar 10 22:48:13 GMT 2008


On Mon, 2008-03-10 at 22:55 +0100, david reinares wrote:
> After testing a bit more i discovered that fails when i pass the
> command to restore and decrypt with dest-filter (in the client side).
> Always the same file, no matter how many times i execute rsync. But
> after testing diferent folders, i can't see the conection between the
> failed files. html, java, etc, but all of them with more files exactly
> like them in the folder but rsync'd and decrypted perfectly.
> If i do the same with source-filter (server side) it seems to work ok,
> i can restore all files. But that is a problem, because we don't want
> to have the files decrypted in the server not even for a second,
> appart of the fact that having a big bunch of clients restoring at the
> same time with all the hard work of decrypting in the server side
> would overload the server.
> 
> 
> --------------------------------------------------------------------------------------------------------------------------------------------------
> Very good this patch...thank you
> 
> I've been testing this after patching rsync, and works fine to backup...but
> 
> when I'm restoring the crypted data after a while rsync shows
> rsync: Failed to close: Bad file descriptor (9)
> rsync: Failed dup/close: Bad file descriptor (9)
> rsync error: error in IPC code (code 14) at pipe.c(208) [receiver=3.0.0]
> 
> rsync error: error in IPC code (code 14) at pipe.c(195) [receiver=3.0.0]
> rsync: connection unexpectedly closed (55 bytes received so far) [generator]
> rsync error: error in rsync protocol data stream (code 12) at io.c(600)
> 
> [generat
> or=3.0.0]
> 
> It's a bit strange. It restores some files before failing, and they are
> perfectly decrypted...i'm using openssl as command

I will look into the problem with the patch if I get a chance.  One
workaround for restoring files would be to rsync the desired files to
the target machine without filtering and then decrypt them there (with
rsync and --source-filter or just a shell script).

Matt



More information about the rsync mailing list