Openrsync: An implementation of rsync, by the OpenBSD team

For those needing context for the development of this package; this project is presently being developed as part of a RPKI validator.

https://medium.com/@jobsnijders/a-proposal-for-a-new-rpki-va...

I've been using openrsync here and there since it was announced and it's definitely improved over time. I'm looking forward to when I can use it exclusively.

The one place in my usage where it doesn't match Samba rsync is with the following:

openrsync --rsync-path=openrsync -av -e ssh /etc/services example.com:/tmp/services

I would expect openrsync to create a remote file /tmp/services, but instead it creates /tmp/services/services.

Normal directory mirroring as in -av -e ssh /path/to/src/ example.com:/path/to/dst/ works as it does with Samba rsync.

There's also a Go implementation by Michael Stapelberg / the Gokrazy team: https://github.com/gokrazy/rsync

There is also a (stub) web page:

https://www.openrsync.org/

The problem with this fragmentation of rsync is that Apple and Android will prefer it, but the Linux and greater GPL world will adhere to the original implantation due to inertia. Power users will just have to know the quirks of each version.

The only way to stop this is for the original author(s) to release this under a BSD license.

This is the version used in macOS since 15.0.

The actual work of porting is matching the security features provided by OpenBSD's pledge(2) and unveil(2). These are critical elements to the functionality of the system. Without them, your system accepts arbitrary data from the public network.

https://justine.lol/pledge/

I am not seeing pledge on Alpine Linux in edge. Have people been testing Pledge on Linux? Did I perhaps misunderstand the risk of using Openrsync without pledge? Or is this article just for OpenBSD users?

rsync has specific running modes for the super-user. It also pumps arbitrary data from the network onto your file-system. openrsync is about 10 000 lines of C code: do you trust me not to make mistakes?

No, but that's why almost nobody runs it outside of strict trust boundaries. This security section would make more sense if rsync was like curl, which routinely deals with hostile counterparties. If the other side of your rsync is hostile, you probably have bigger problems!

(I'm not an rpki person so I don't know if there's some part of that problem domain that changes this equation. I'm not dunking on the project, just saying this snagged me in the README).

No-slop version for the sane of us

Context: https://mastodon.gamedev.place/@JeremiahFieldhaven/116654345...

I have not checked with OpenBSD 7.9, but as of 7.8 it did not support --exclude or -z. But outside of that openrsync works great.

(EDIT: --exclude is now supported on 7.9. Not sure when that was added, nice!)

But seems avoiding "slop" is getting very hard. I saw postfix now has a bit of AI code in it.

https://mastodon.sdf.org/@[email protected]/1...

This attempt to avoid things that use AI is increasingly looking like some weird kind of reverse whack-a-mole where each targeted hole becomes radioactive after. Just grabbing some popcorn to watch.

What's the deal with the name? Openrsync implies to me that it's an open source alternative to a closed source program. But the original Rsync is GPL? Is this just the pushover license making it "more open"?