Upstream release notes:
Release Notes for 3.3.9:
new --with-security-file configure option
It set the default security file.
default to /etc/amanda-security.conf
security-fix
All previous release of amanda allow the 'amanda' user
to execute any code as root, and to execute an interactive shell
as root.
This is a security vulnerability if you do not trust the 'amanda' user.
There is no need to upgrade if you trust the 'amanda' user
and the account is secure
good password.
secure xinetd.conf setting.
secure .amandahosts setting.
The 'amanda' user can read all files in the machine, it is
what a backup program do.
The set of fix disable the abilities to run unwanted code
as root or to write file anywhere in the filesystem.
/etc/amanda-security.conf/etc/amanda-security.conf
A file that contains security setting.
It list all binaries amanda can execute as root.
restore_by_amanda_user
It tell if the 'amanda' user can do restore as root.
It allow the 'amanda' user to write files anywhere
in the filesystem.
amgtar/amstar/ambsdtar/runtar
Disable arguments that can fork program.
Verify the realpath (with symbolic link resolved) is
in the amanda-security.conf file.
Verify the tar/star/bsdtar realpath program is secure
owned by root and modifiable only by root.
On restore, check the restore_by_amanda_user setting
if not run by root.
Release Notes for 3.3.8:
s3 devices
New NEARLINE S3-STORAGE-CLASS for Google storage.
New AWS4 STORAGE-API
amcryptsimple
Works with newer gpg2.
amgtar
Default SPARSE value is NO if tar < 1.28.
Because a bug in tar with some filesystem.
amstar
support include in backup mode.
ampgsql
Add FULL-WAL property.
Many bugs fix.
Release Notes for 3.3.7p1:
Fix build in 3.3.7.
Release Notes for 3.3.7:
amvault
new --no-interactivity argument.
new --src-labelstr argument.
amdump
compute crc32 of the streams and write them to the debug files.
chg-robot
Add a BROKEN-DRIVE-LOADED-SLOT property.
Many bugs fix.
Release Notes for 3.3.6:
ambsdtar
new application that use BSD tar to do the backup.
Many bugs fix.
Release Notes for 3.3.5:
amtape
faster 'verify' command.
fix parsing of config override arguments.
amsamba
Add REGEX-MATCH property.
amvault
Print progress status.
ndmp device
INDIRECT property default to yes.
Many bugs fix.
Release Notes for 3.3.4:
amreport
new --format argument
new 'json' and 'json_raw' format.
amanda.conf
new REPORT-FORMAT option.
amtape
new 'verify' command.
amadmin
new 'force-level-1' command.
ampgsql
Add VERBOSE property.
S3 device
handle DURABLE_REDUCED_AVAILABILITY for google storage.
Many bugs fix.
Release Notes for 3.3.3:
amdump.X log files use timestamp instead of number, amdump
and amdump.1 are maintained as symlink.
chg-disk
Use the changerfile for the statefile.
s3 device
Support CASTOR storage
amanda.conf
New REPORT-USE-MEDIA and REPORT-NEXT-MEDIA setting.
amfetchdump
New --extract, --directory, --data-path and
--application-property arguments. It allow to do the extraction
on the server.
--exact-match argument to many command, and '=' prefix to expression.
It diable use of expression for host, disk, level and datestamp
on command line argument.
All changer scripts.
Add LOCK-TIMEOUT property.
Many bug fix
Release Notes for 3.3.2:
amgtar
New IGNORE-ZEROS property
amsamba
Fix use of subdir for restore
s3 device
New PROXY property
New PASSWORD, USERNAME, TENANT_ID, TENANT_NAME properties
New STORAGE_API property
New S3_MULTI_DELETE property
New CLIENT_ID, CLIENT_SECRET and REFRESH_TOKEN properties
New CREATE-BUCKET property
New PROJECT-ID property
New REUSE-CONNECTION property
Works with swift and google storage.
NDMP device
Add INDIRECT property
amanda.conf
Add 'max-warnings', The maximum number of warning lines in the report.
Default 'columspec' changed to:
HostName=0:-12:12,Disk=1:-11:11,Level=1👎1,OrigKB=1:-7:0,OutKB=1:-7:0, Compress=1:-6:1,DumpTime=1:-7:7,Dumprate=1:-6:1,TapeTime=1:-6:6, TapeRate=1:-6:1
amadmin
Add --no-default and --print-source arguments for config and
disklist command.
amfetchdump
Print progress.
Add --decrypt, --no-decrypt, --server-decrypt, --client-decrypt,
--compress, --no-compress, --server-compress and
--client-compress options.
fix for compilation with newer glib
fix for compilation on cigwin
Many bug fix
Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.
There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
fstab.
(It can also potentially prevent true matches and the whole chunk of
code involved should ideally be rewritten sanely, but it's better than
randomly doing entirely the wrong thing.)
The find-prefix infrastructure was required in a pkgviews world where
packages installed from pkgsrc could have different installation
prefixes, and this was a way for a dependency prefix to be determined.
Now that pkgviews has been removed there is no longer any need for the
overhead of this infrastructure. Instead we use BUILDLINK_PREFIX.pkg
for dependencies pulled in via buildlink, or LOCALBASE/PREFIX where the
dependency is coming from pkgsrc.
Provides a reasonable performance win due to the reduction of `pkg_info
-qp` calls, some of which were redundant anyway as they were duplicating
the same information provided by BUILDLINK_PREFIX.pkg.
Problems found with existing digests:
Package memconf distfile memconf-2.16/memconf.gz
b6f4b736cac388dddc5070670351cf7262aba048 [recorded]
95748686a5ad8144232f4d4abc9bf052721a196f [calculated]
Problems found locating distfiles:
Package dc-tools: missing distfile dc-tools/abs0-dc-burn-netbsd-1.5-0-gae55ec9
Package ipw-firmware: missing distfile ipw2100-fw-1.2.tgz
Package iwi-firmware: missing distfile ipw2200-fw-2.3.tgz
Package nvnet: missing distfile nvnet-netbsd-src-20050620.tgz
Package syslog-ng: missing distfile syslog-ng-3.7.2.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
directory in their OS for probably some twenty years. Use /var
instead. In particular, fix the defaults for CNF_INFOFILE, CNF_LOGDIR,
and CNF_INDEXDIR to use the configured LOCALSTATEDIR, which in pkgsrc
will be ${VARBASE}/amanda, instead of hardwiring /usr/adm/amanda.
PR 38958.
PKGREVISION -> 9.
While amanda-client 3.3 has been stable on NetBSD for a while, the
server code has apparently never worked. This commit adds several
patches:
- include sys/{types,time}.h so autoconf tape drive checks pass
- improve error messages when tape drive code is not compiled in
- avoid perl crash in report generation
These changes have been tested on NetBSD 6 kernel with NetBSD 5
userland, amd64 (for no good reason, but this was the machine with the
tape drive), dumping many machines and writing to LTO.
The first two patches are taken from an upstream patch committed to
the 3.3 branch due to this problem being reported. The third patch is
ad hoc based on perl debugging, and needs further investigation. (But
it's better to get a report without a header line than an empty mail
message.)
Add an 'ndmp' option, disabled by default.
Disable kerberos option by default.
These two changes allow amanda to build again on OS X. My belief,
posited on pkgsrc-users without contradiction, is that no pkgsrc users
use these features anyway. Normal amanda usage these days is over ssh
(which gets one PFS). NDMP is for direct dumping of NAS: usage is
probably rare and also in large installations where rebuilding is not
hard.
All in all, I thought it better for the pkgsrc/amanda universe to have
consistent options across platforms than to selectively disable on OS
X.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
Amanda::Constants::AMANDA_COMPONENTS having 'server' as one of it's
values. Instead of conditionally trying to eval in Amanda::XferServer,
do it unconditionally. The effect is (nearly) the same.
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
Changes in release 3.3.1
* amrecover
o New 'settransalte' command.
* amanda.conf
o new '$s' substitution in autolabel.
o new 'max-dle-by-volume' global option.
o new 'eject-volume' global option.
* diskfile
o new 'includefile' option.
* amcheck
o new '--client-verbose' argument.
* All programs have a new '--version' argument.
* ampgsql can take property from server configuration.
* amgetconf can print one property of a section.
* s3 device
o new S3_SERVER_SIDE_ENCRYPTION property.
o use multiple thread to speedup deleting a volume.
* Many bug fix.
Changes in release 3.3.0
* The default auth is changed to "bsdtcp", if you are using the default bsd
then you must add it to your configuration.
o in amanda.conf
o in amanda-client.conf
o in dumptype/disklist
o in xinetd (if no '-auth' argument to amandad)
* amdump trap crtl-c, it still send the report and do cleanup if you do
one crtl-c, do it more than once to abort the run.
* s3 device
o use multiple threads to speedup the transfer
o can connect to eucalytus.
o new NB_THREADS_BACKUP property
o new NB_THREADS_RECOVERY property
o new S3_HOST property
o new S3_SERVICE_PATH property
o new S3_SUBDOMAIN property
* chg-aggregate: new changer that use other changer sequentially.
* meta-volume
* Add meta label in tapelist file
* chg-disk:
o support for removable disk
o new NUM-SLOT property
o new AUTO-CREATE-SLOT property
o new REMOVABLE property
o new MOUNT property
o new UMOUNT property
o new UMOUNT-LOCKFILE property
o new UMOUNT-IDLE property
* new taperscan algorithm:
o oldest: this algorithm try to run through the volumes in the oldest
order
o lexical: this algorithm try to run through the volumes in the natural
order
* Change in amanda.conf
o new meta-autolabel option
o autolabel can include org, config, barcode, meta in the label
o new client-name option in appication and script.
* application and script in amanda-client.conf can be used to set default
properties for application or script.
* amlabel
o The label argument is no longer required, an autolabel can be
generated
o new --meta option
o new --barcode option
o new --assign option
* amgtar, amstar: The path must be specified, it will not works with a
device.
* amrecover: decompression and decryption are now done on the client if
compression/encryption was done on the client.
* amtape: inventory print the current slot
* amanda.conf:
o autoflush have value "no|yes|all"
o script have single-execution setting.
o Add pre-amcheck, post-amcheck, pre-estimate, post-estimate, pre-backup
and post-backup to execute-on of script.
o Add taperscan and interactivity section.
o add 'server' value in recovery-limit.
o add dump-limit in a dumptype.
* amanda-client.conf
o add amdump-server setting.
* script are searched in $APPLICATION_DIR, $CONFIG_DIR/<conf>/application
and $CONFIG_DIR/application
* amservice
o add -s argument
o is also installed on client
* new amdumpd server service, if enable, it allow client to start a backup
of itself.
* new amdump_client program, it is use on client to start a backup of itself
* implement restore command amzfs-sendrecv, it can be use with amrecover.
Changes in release 3.2.2
* Do not restore the NUL padding bytes, some program fail with them.
* Fix driver doing nothing if taper crash early.
* Fix taperalog *FIT no going to second volume.
* Fix amrestore '-p' not going to next file.
* flush even if flush threshold are not met if it save tape space.
* fix crash in amtrmidx due to memory leak.
* amsamba use 'Use smbclient -TF' for restore.
Changes in release 3.2.1
* barcode are added to the tapelist file.
* Faster 'amadmin find', improve speed on many programs.
* device-output-buffer-size default to a minimum of 4*block_size.
* ssh auth use the client-port
* Bug fixed:
o "Can't opendata output stream: Connection refused".
o Better handling of dump to tape.
o Corrupted 'amdump' log file, amstatus not showing correct state.
o Execute subprocess with the config overwrite.
o tape-device allow to set LEOM.
o Crash in robot changer.
o Script output property are not sent to application.
Changes in release 3.2.0
* Support for multiple simultaneous writes to storage devices
o Can write to all available drives in parallel.
o Works only with the new changer API.
o Useful if two or more volumes are used in a single run.
o dump direct to tape can be scheduled any time during the run,
previously they were done sequencially after all dump to holding disk.
o enabled with the new 'taper-parallel-write' configuration option.
* Support for LEOM in storage devices
o allows splitting without partial parts, saving space
o much more efficient, since parts need not be cached on disk in most
cases
* new, simpler splitting commands in the tapetype section:
part-size, part-cache-type, part-cache-dir, part-cache-max-size; see
amanda.conf(5) for details
* Amanda server configuration file changes (amanda.conf)
o new configuration keyword:
+ taper-parallel-write -- How many drive amanda can write to
in parallel.
o deprecated configuration keywords:
+ amrecover_do_fsf
+ amrecover_check_label
* the CONFIG parameter to amidxtaped is now required; this means that
versions of amrecover older than 2.4.3 will be unable to recover from
servers running Amanda-3.2 and later.
* The new dumptype and global parameters 'recovery-limit' can be used to
limit which hosts may recover from a particular DLE. See amanda.conf(5)
and amanda-auth(7) for more information.
* Several old changers have been removed - these changers will work with
Amanda for the forseeable future, but are no longer included in the
distribution.
o chg-chio
o chg-chs
o chg-iomega
o chg-juke
o chg-mcutil
o chg-mtx
o chg-null (use the new "chg-null:")
o chg-rait (use the new "chg-rait:{dev1,dev2}")
o chg-rth
o chg-scsi-chio
o chg-scsi
* Amdump change:
o new '--no-taper' option to start the run in degraded mode
* Amvault is much improved, but still experimental:
o supports assembling split parts on the source volume and re-splitting
them on the destination
o supports filtering dumps with the same syntax as amfetchdump
o a --fulls-only option skips all incremental dumps on the source
o an --export option tries to move tertiary volumes to import/export
slots when completed
o command-line syntax has changed incompatibly; see manpage or
'amvault --help'
* Rewritten and improved:
o amoverview
o amcheckdump
Changes in release 3.1.0
* Deprecated old changers; see amanda-changers(7) for replacements. These
changers are still available in the distribution, but will be removed in a
future release.
o chg-null
o chg-zd-mtx
o chg-rait
o chg-disk
o chg-multi
* Although chg-zd-mtx is still supported, we recommend that all users upgrade
to the more efficient chg-robot. See contrib/convert-zd-mtx-to-robot.sh
for a useful conversion script.
* Amanda server configuration file changes (amanda.conf)
o deprecated configuration keywords:
+ label_new_tapes
o keywords deprecated in 2.6.1:
+ rawtapedev
+ tapebufs
+ file-pad
o new configuration keyword
+ autolabel -- replace label_new_tapes
+ columnspec -- can specify a precision.
+ order -- in script, to specify script order execution.
+ client_port -- in dumptype, to specify which port to connect on
the client.
+ estimate -- in dumptype, can specify multiple estimate method.
o accept 'define' keyword for defining an holdingdisk
* Amanda client configuration file changes (amanda-client.conf)
o new configuration keyword
+ debug_days -- how many days to keep debug files.
+ client_port -- use by amrecover, specify which port to connect on
the server.
* Removed compile-time default --with-changer-device: specify a device
explicitly in amanda.conf instead
* amtape behavior has changed:
o 'device' subcommand removed
o 'slot advance' subcommand removed
o 'update' subcommand no longer displays each slot as it is updated, and
is not supported by all changers
o taperscan output has changed
o new 'inventory' subcommand
* amrmtape rewrite
o use long option
+ --changer -- Specify which changer to use
+ --cleanup -- Remove logs and indexes associated with label
+ --dryrun -- do not update the original copies.
+ --erase -- Attempt to erase the data contained on the volume
+ --keep-label -- Do not remove label from the tapelist
+ --quiet -- Opposite of --verbose
+ --verbose -- List backups of hosts and disks that are being
discarded.
* amdevcheck
o new --label option.
o new --properties option.
* Device API
o changed wildcard setting for S3_BUCKET_LOCATION from "" to "*"
o new 'ndmp:' device to write to a tape on an ndmp server.
o new 'dvdrw:' device to write to a dvd drive.
* Application API
o new properties to many applications
o amgtar
+ new ACLS, SELINUX and XATTRS properties
o amsamba
+ Allow '\' in diskname and amandapass.
+ new ALLOW-ANONYMOUS property.
o new applications:
+ ampgsql -- Backup PostgreSQL using continuous WAL archiving
+ amsuntar -- Backup filesytem with the SUN tar
+ amraw -- Backup only one directory entry
* New taper, with DirectTCP support, changed tape and catalog format:
o all dumpfiles are now F_SPLIT_DUMPFILE
o all on-tape dumpfiles have numparts=-1, since it's no longer possible
to calculate this value in advance
o there is no logging or reporting of zero-byte, successful parts (this
may cause gaps in filenums in the catalog)
* Redesigned amreport
o much more natural command-line interface (just run 'amreport $config')
o experimental XML output
* configuration override for dumptype works with inheritance.
Changes in release 2.6.1p2
* amtapetype: new -p option
* Bugs fixed
o S3 device driver
o amcheckdump
o file not removed from holding disk
o sendbackup compatibility with a 2.4.2 server
o handle EROFS error from tape device.
o zfs snapshot name us the diskname.
o fix fd allocation in amandad
o crash in amflush
Changes in release 2.6.1p1
* amplot: better output
* Don't include genversion.h in distribution tarballs.
* Bugs fixed
o S3 device driver
o rait device driver
o amstatus
o configure
o application-api
o compilation on some platform
o others small bug
Changes in release 2.6.1
* Amanda server configuration file changes (amanda.conf)
o deprecated configuration keywords:
+ rawtapedev
+ tapebufs
+ file-pad
* Application API: Allow to easily write wrappers around any backup program,
See the 'amanda-applications' man page.
o amgtar: Use GNU tar, it is a lot more configurable than the GNUTAR
program. See 'amgtar' man page.
o amstar: Use star to do a backup, it work only on a partition. See
'amstar' man page.
o amsamba: Use smbclient to backup a cifs share, see amsamba man page.
o amzfs-sendrecv: Do a backup of a ZFS filesystem with 'zfs send'.
* Script API: Allow to run script before and after amanda process, see the
'amanda-scripts' man page.
o amzfs-snapshot: Do a snapshot of a ZFS filesystem, then 'amgtar'
application will backup the snapshot. See 'amzfs-snapshot' man page.
o script-email: Simple script to send email. see 'script-email' man page.
* Changer API v2.0: perl-based changer interface supporting concurrent
use of multiple devices and changers.
o currently operating in "compatibility mode," calling old changer
shell scripts.
o under active development.
* Xfer API: generic library to move and filter data with maximal efficiency
o can read from and write to arbitrary devices, files, etc.
o only used in some applications.
* Amanda archive format: A simple archive format that an application can
use to create backup image.
* 'amarchiver' program to manipulate file in amanda archive format.
* Many improvements to report better error message to user.
* amtape subcommands 'slot prev' and 'slot last' are removed.
* Dozens more perl libraries, with more stable interfaces.
* Many bugs fixed and improvement.
* amgetconf '--client' option to retrieve config from
amanda-client.conf on a client.
* Amanda configuration file changes
o new application-tool section
o new script-tool section
o new device section
o new changer section
Changes in release 2.6.0
* configure --disable-shared doesn't work because perl modules require
shared libraries. Use configure --with-static-binaries to build
statically linked binaries.
* 'amverify' and 'amverifyrun' are deprecated and replaced with the
new, more flexible 'amcheckdump'
* 'amdd' and 'ammt' are deprecated.
* Some Amanda files are now installed in new "amanda/" subdirectories:
libraries are now installed in $libdir/amanda and internal programs
are now installed in $libexecdir/amanda.
* The amandates file, previously at /etc/amandates, is now at
$localstatedir/amanda/amandates. You may want to move your existing
/etc/amandates when you upgrade Amanda.
* New 'amcryptsimple', 'amgpgcrypt' - encryption plugins based on gpg.
* New 'amserverconfig', 'amaddclient' - Initial Amanda configuration tools
these tools make assumptions, please see man page.
* Many bugs fixed and code rewrite/cleanup
* glib is required to compile and run amanda.
* Device API: pluggable interface to storage devices, supporting tapes,
vtapes, RAIT, and Amazon S3
* New perl modules link directly to Amanda, to support writing Amanda
applications in Perl. Perl module are installed by default in the perl
installsitelib directory. It can be changed with
'configure --with-amperldir'.
* New 'local' security driver supports backups of the amanda server
without any network connection or other configuration.
* Almost 200 unit tests are available via 'make installcheck'.
* Amanda configuration file changes
o amanda.conf changes
+ flush-threshold-dumped
+ flush-threshold-scheduled
+ taperflush
+ device_property
+ usetimestamps default to yes
distributions:
+ Add bsd-security, bsdtcp-security, bsdudp-security.
+ Set default index and tape server to localhost
+ Build with assertions.
+ Use a debugging log directory (and add it to OWN_DIRS_PERMS
in amanda-common)