1: #!/bin/bash
2: # This must be called as (note the trailing dot):
3: #
4: # stunnel-rsync HOSTNAME rsync --server --daemon .
5: #
6: # ... which is typically done via the rsync-ssl script, which results in something like this:
7: #
8: # rsync --rsh=stunnel-rsync -aiv HOSTNAME::module [ARGS]
9: #
10: # This SSL setup based on the files by: http://dozzie.jarowit.net/trac/wiki/RsyncSSL
11: # Note that this requires at least version 4.x of stunnel.
12:
13: # The current environment can override using the RSYNC_SSL_* values:
14: if [ x"$RSYNC_SSL_CERT" = x ]; then
15: cert=""
16: else
17: cert="cert = $RSYNC_SSL_CERT"
18: fi
19: if [ x"$RSYNC_SSL_CA_CERT" ]; then
20: cafile=""
21: verify=0
22: else
23: cafile="CAfile = $RSYNC_SSL_CA_CERT"
24: verify=3
25: fi
26: port=${RSYNC_SSL_PORT:-874}
27:
28: # If the user specified USER@HOSTNAME::module, then rsync passes us
29: # the -l USER option too, so we must be prepared to ignore it.
30: if [ x"$1" = x"-l" ]; then
31: shift 2
32: fi
33:
34: hostname=$1
35: shift
36:
37: if [ x"$hostname" = x -o x"$1" != x"rsync" -o x"$2" != x"--server" -o x"$3" != x"--daemon" ]; then
38: echo "Usage: stunnel-rsync HOSTNAME rsync --server --daemon ." 1>&2
39: exit 1
40: fi
41:
42: # devzero@web.de came up with this no-tmpfile calling syntax:
43: @stunnel4@ -fd 10 11<&0 <<EOF 10<&0 0<&11 11<&-
44: foreground = yes
45: debug = crit
46: connect = $hostname:$port
47: client = yes
48: TIMEOUTclose = 0
49: verify = $verify
50: $cert
51: $cafile
52: EOF
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to stunnel-rsync.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / rsync