gentoo-overlay/app-backup/amanda/files/amanda-2.6.0p2-amcrypt-ossl-asym-race-fix.patch

There is a race condition inside the client-side sendbackup. The short version
is that any output from the compression or encryption pipes that gets send
before the "sendbackup:" headers gets discarded by the server on receipt.

For any pipe command that outputs headers, a sufficiently fast machine will
allow this to happen.

As a solution, we buffer the header from amcrypt-ossl-asym, and only output it
after we have started receiving real data. At the time of writing this patch,
amaespipe looks to suffer from the same problem.

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
(Forward ported from the 2.5.2p1 patch)

diff -Nuar --exclude '*~' --exclude '*.orig' --exclude '*.rej' amanda-2.6.0p2.orig/common-src/amcrypt-ossl-asym.sh amanda-2.6.0p2/common-src/amcrypt-ossl-asym.sh
--- amanda-2.6.0p2.orig/common-src/amcrypt-ossl-asym.sh	2008-01-17 16:31:41.000000000 -0800
+++ amanda-2.6.0p2/common-src/amcrypt-ossl-asym.sh	2008-09-21 22:32:21.265609630 -0700
@@ -95,7 +95,7 @@
 	perl -pe 'BEGIN { $bs = 96; $/ = \8192 } $nbytes = ($nbytes + length) % $bs; END { print "\0" x ($bs - $nbytes) }'
 }
 
-encrypt() {
+encrypt_setup() {
 	# generate a random printable cipher key (on one line)
 	echo `"${OPENSSL}" rand -base64 80` >"${WORKDIR}/pass"
 
@@ -105,11 +105,20 @@
 
 	# print magic
 	printf "%s" "${MAGIC}"
+	[ $? -eq 0 ] || return 1
 
 	# print the encrypted cipher key, preceded by size
 	ls -l "${WORKDIR}/pass.ciphertext" | awk '{ printf("%-10d", $5) }'
+	[ $? -eq 0 ] || return 1
 	cat "${WORKDIR}/pass.ciphertext"
+	[ $? -eq 0 ] || return 1
 
+	# Do a test encryption to see that it will work and we will not lose data
+	echo "foo" | encrypt >/dev/null
+	[ $? -eq 0 ] || return 1
+}
+
+encrypt() {
 	# encrypt data using the cipher key and print
 	pad | "${OPENSSL}" enc "-${CIPHER}" -nopad -e -pass "file:${WORKDIR}/pass" -nosalt
 	[ $? -eq 0 ] || return 1
@@ -180,7 +189,26 @@
 		exit 1
 	fi
 
-	encrypt
+	# we must perform the encryption setup, but not produce any output until we start getting input
+	encrypt_setup >"${WORKDIR}/encryption-header"
+	if [ $? -ne 0 ]; then
+		echo "${ME}: encryption setup failed" >&2
+		exit 1
+	fi
+	# block until the first of the input
+	dd of="${WORKDIR}/data.buffer" bs=4 count=1 2>/dev/null
+	if [ $? -ne 0 ]; then
+		echo "${ME}: encryption failed to get input data" >&2
+		exit 1
+	fi
+	# now spit out the encryption header
+	cat "${WORKDIR}/encryption-header" 
+	if [ $? -ne 0 ]; then
+		echo "${ME}: encryption failed to output encryption header" >&2
+		exit 1
+	fi
+	# followed by our first bit of input, then the rest
+	cat "${WORKDIR}/data.buffer" - | encrypt
 	if [ $? -ne 0 ]; then
 		echo `_ '%s: encryption failed' "${ME}"` >&2
 		exit 1