From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 2/7] fix #3197: skip fingerprint check when restoring key
Date: Wed, 16 Dec 2020 14:41:06 +0100 [thread overview]
Message-ID: <20201216134111.445581-3-f.gruenbichler@proxmox.com> (raw)
In-Reply-To: <20201216134111.445581-1-f.gruenbichler@proxmox.com>
when restoring an encrypted key, the original one is obviously not
available to check the fingerprint with.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
src/bin/proxmox-backup-client.rs | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/bin/proxmox-backup-client.rs b/src/bin/proxmox-backup-client.rs
index 1c456aab..36da624e 100644
--- a/src/bin/proxmox-backup-client.rs
+++ b/src/bin/proxmox-backup-client.rs
@@ -1273,10 +1273,15 @@ async fn restore(param: Value) -> Result<Value, Error> {
true,
).await?;
+ let (archive_name, archive_type) = parse_archive_type(archive_name);
+
let (manifest, backup_index_data) = client.download_manifest().await?;
- manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref))?;
- let (archive_name, archive_type) = parse_archive_type(archive_name);
+ if archive_name == ENCRYPTED_KEY_BLOB_NAME && crypt_config.is_none() {
+ eprintln!("Restoring encrypted key blob without original key - skipping manifest fingerprint check!")
+ } else {
+ manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref))?;
+ }
if archive_name == MANIFEST_BLOB_NAME {
if let Some(target) = target {
--
2.20.1
next prev parent reply other threads:[~2020-12-16 13:41 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-16 13:41 [pbs-devel] [PATCH proxmox-backup 0/7] master key improvements Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 1/7] master key: store blob name in constant Fabian Grünbichler
2020-12-16 13:41 ` Fabian Grünbichler [this message]
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 3/7] key: move RSA-encryption to KeyConfig Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 4/7] client: add 'import-with-master-key' command Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 5/7] docs: replace openssl command with client Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [PATCH proxmox-backup 6/7] KeyConfig: add encrypt/decrypt test Fabian Grünbichler
2020-12-16 13:41 ` [pbs-devel] [RFC proxmox-backup 7/7] KeyConfig: always calculate fingerprint Fabian Grünbichler
2020-12-17 5:55 ` Dietmar Maurer
2020-12-17 10:37 ` [pbs-devel] applied: " Fabian Grünbichler
2020-12-17 5:53 ` [pbs-devel] applied: [PATCH proxmox-backup 0/7] master key improvements Dietmar Maurer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201216134111.445581-3-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal