Commit ee6ff8d1 authored by intrigeri's avatar intrigeri

live-persist: don't backup empty configuration files (refs: #17112)

In some cases, the previous code would overwrite a non-empty backup file with an
empty one, making it harder to recover from the already painful #10976.

For example, if the permissions get wrong and we run
disable_and_create_empty_persistence_conf_file(), but the user does _not_
immediately fix the problem, then next time they unlock their persistence,
the (non-empty) backup gets overwritten by live-persist which replaces it with
the new, empty config file it created during last boot.
parent f68885ee
......@@ -259,14 +259,20 @@ disable_and_create_empty_persistence_conf_file ()
{
local conf="$1"
local mode="$2"
local dest="${conf}.insecure_disabled"
if [ -z "$mode" ]
then
mode=0600
fi
mv "$conf" "${conf}.insecure_disabled" \
|| error "Failed to disable '$conf': $?"
if [ -s "$conf" ]
then
mv "$conf" "$dest" || error "Failed to disable '$conf': $?"
else
rm "$conf" || error "Failed to delete '$conf': $?"
fi
create_empty_persistence_conf_file "$conf" "$mode"
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment