From: Stefan Reiter <s.reiter@proxmox.com>
To: pve-devel@lists.proxmox.com, pbs-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH v2 proxmox-backup 03/13] file-restore: support encrypted VM backups
Date: Thu, 22 Apr 2021 17:34:47 +0200 [thread overview]
Message-ID: <20210422153457.12265-4-s.reiter@proxmox.com> (raw)
In-Reply-To: <20210422153457.12265-1-s.reiter@proxmox.com>
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
---
new in v2
src/bin/proxmox-file-restore.rs | 22 +++++++++++++++++---
src/bin/proxmox_file_restore/block_driver.rs | 1 +
src/bin/proxmox_file_restore/qemu_helper.rs | 9 ++++++--
3 files changed, 27 insertions(+), 5 deletions(-)
diff --git a/src/bin/proxmox-file-restore.rs b/src/bin/proxmox-file-restore.rs
index 2726eeb7..3d750152 100644
--- a/src/bin/proxmox-file-restore.rs
+++ b/src/bin/proxmox-file-restore.rs
@@ -30,7 +30,7 @@ pub mod proxmox_client_tools;
use proxmox_client_tools::{
complete_group_or_snapshot, complete_repository, connect, extract_repository_from_value,
key_source::{
- crypto_parameters, format_key_source, get_encryption_key_password, KEYFD_SCHEMA,
+ crypto_parameters_keep_fd, format_key_source, get_encryption_key_password, KEYFD_SCHEMA,
KEYFILE_SCHEMA,
},
REPO_URL_SCHEMA,
@@ -76,6 +76,18 @@ fn parse_path(path: String, base64: bool) -> Result<ExtractPath, Error> {
}
}
+fn keyfile_path(param: &Value) -> Option<String> {
+ if let Some(Value::String(keyfile)) = param.get("keyfile") {
+ return Some(keyfile.to_owned());
+ }
+
+ if let Some(Value::Number(keyfd)) = param.get("keyfd") {
+ return Some(format!("/dev/fd/{}", keyfd));
+ }
+
+ None
+}
+
#[api(
input: {
properties: {
@@ -138,7 +150,8 @@ async fn list(
let snapshot: BackupDir = snapshot.parse()?;
let path = parse_path(path, base64)?;
- let crypto = crypto_parameters(¶m)?;
+ let keyfile = keyfile_path(¶m);
+ let crypto = crypto_parameters_keep_fd(¶m)?;
let crypt_config = match crypto.enc_key {
None => None,
Some(ref key) => {
@@ -210,6 +223,7 @@ async fn list(
manifest,
repo,
snapshot,
+ keyfile,
};
let driver: Option<BlockDriverType> = match param.get("driver") {
Some(drv) => Some(serde_json::from_value(drv.clone())?),
@@ -309,7 +323,8 @@ async fn extract(
None => Some(std::env::current_dir()?),
};
- let crypto = crypto_parameters(¶m)?;
+ let keyfile = keyfile_path(¶m);
+ let crypto = crypto_parameters_keep_fd(¶m)?;
let crypt_config = match crypto.enc_key {
None => None,
Some(ref key) => {
@@ -360,6 +375,7 @@ async fn extract(
manifest,
repo,
snapshot,
+ keyfile,
};
let driver: Option<BlockDriverType> = match param.get("driver") {
Some(drv) => Some(serde_json::from_value(drv.clone())?),
diff --git a/src/bin/proxmox_file_restore/block_driver.rs b/src/bin/proxmox_file_restore/block_driver.rs
index 924503a7..ba9794e3 100644
--- a/src/bin/proxmox_file_restore/block_driver.rs
+++ b/src/bin/proxmox_file_restore/block_driver.rs
@@ -21,6 +21,7 @@ pub struct SnapRestoreDetails {
pub repo: BackupRepository,
pub snapshot: BackupDir,
pub manifest: BackupManifest,
+ pub keyfile: Option<String>,
}
/// Return value of a BlockRestoreDriver.status() call, 'id' must be valid for .stop(id)
diff --git a/src/bin/proxmox_file_restore/qemu_helper.rs b/src/bin/proxmox_file_restore/qemu_helper.rs
index 7fd2f1f8..0f3a7feb 100644
--- a/src/bin/proxmox_file_restore/qemu_helper.rs
+++ b/src/bin/proxmox_file_restore/qemu_helper.rs
@@ -190,9 +190,14 @@ pub async fn start_vm(
continue;
}
drives.push("-drive".to_owned());
+ let keyfile = if let Some(ref keyfile) = details.keyfile {
+ format!(",,keyfile={}", keyfile)
+ } else {
+ "".to_owned()
+ };
drives.push(format!(
- "file=pbs:repository={},,snapshot={},,archive={},read-only=on,if=none,id=drive{}",
- details.repo, details.snapshot, file, id
+ "file=pbs:repository={},,snapshot={},,archive={}{},read-only=on,if=none,id=drive{}",
+ details.repo, details.snapshot, file, keyfile, id
));
drives.push("-device".to_owned());
// drive serial is used by VM to map .fidx files to /dev paths
--
2.20.1
WARNING: multiple messages have this Message-ID
From: Stefan Reiter <s.reiter@proxmox.com>
To: pve-devel@lists.proxmox.com, pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH v2 proxmox-backup 03/13] file-restore: support encrypted VM backups
Date: Thu, 22 Apr 2021 17:34:47 +0200 [thread overview]
Message-ID: <20210422153457.12265-4-s.reiter@proxmox.com> (raw)
In-Reply-To: <20210422153457.12265-1-s.reiter@proxmox.com>
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
---
new in v2
src/bin/proxmox-file-restore.rs | 22 +++++++++++++++++---
src/bin/proxmox_file_restore/block_driver.rs | 1 +
src/bin/proxmox_file_restore/qemu_helper.rs | 9 ++++++--
3 files changed, 27 insertions(+), 5 deletions(-)
diff --git a/src/bin/proxmox-file-restore.rs b/src/bin/proxmox-file-restore.rs
index 2726eeb7..3d750152 100644
--- a/src/bin/proxmox-file-restore.rs
+++ b/src/bin/proxmox-file-restore.rs
@@ -30,7 +30,7 @@ pub mod proxmox_client_tools;
use proxmox_client_tools::{
complete_group_or_snapshot, complete_repository, connect, extract_repository_from_value,
key_source::{
- crypto_parameters, format_key_source, get_encryption_key_password, KEYFD_SCHEMA,
+ crypto_parameters_keep_fd, format_key_source, get_encryption_key_password, KEYFD_SCHEMA,
KEYFILE_SCHEMA,
},
REPO_URL_SCHEMA,
@@ -76,6 +76,18 @@ fn parse_path(path: String, base64: bool) -> Result<ExtractPath, Error> {
}
}
+fn keyfile_path(param: &Value) -> Option<String> {
+ if let Some(Value::String(keyfile)) = param.get("keyfile") {
+ return Some(keyfile.to_owned());
+ }
+
+ if let Some(Value::Number(keyfd)) = param.get("keyfd") {
+ return Some(format!("/dev/fd/{}", keyfd));
+ }
+
+ None
+}
+
#[api(
input: {
properties: {
@@ -138,7 +150,8 @@ async fn list(
let snapshot: BackupDir = snapshot.parse()?;
let path = parse_path(path, base64)?;
- let crypto = crypto_parameters(¶m)?;
+ let keyfile = keyfile_path(¶m);
+ let crypto = crypto_parameters_keep_fd(¶m)?;
let crypt_config = match crypto.enc_key {
None => None,
Some(ref key) => {
@@ -210,6 +223,7 @@ async fn list(
manifest,
repo,
snapshot,
+ keyfile,
};
let driver: Option<BlockDriverType> = match param.get("driver") {
Some(drv) => Some(serde_json::from_value(drv.clone())?),
@@ -309,7 +323,8 @@ async fn extract(
None => Some(std::env::current_dir()?),
};
- let crypto = crypto_parameters(¶m)?;
+ let keyfile = keyfile_path(¶m);
+ let crypto = crypto_parameters_keep_fd(¶m)?;
let crypt_config = match crypto.enc_key {
None => None,
Some(ref key) => {
@@ -360,6 +375,7 @@ async fn extract(
manifest,
repo,
snapshot,
+ keyfile,
};
let driver: Option<BlockDriverType> = match param.get("driver") {
Some(drv) => Some(serde_json::from_value(drv.clone())?),
diff --git a/src/bin/proxmox_file_restore/block_driver.rs b/src/bin/proxmox_file_restore/block_driver.rs
index 924503a7..ba9794e3 100644
--- a/src/bin/proxmox_file_restore/block_driver.rs
+++ b/src/bin/proxmox_file_restore/block_driver.rs
@@ -21,6 +21,7 @@ pub struct SnapRestoreDetails {
pub repo: BackupRepository,
pub snapshot: BackupDir,
pub manifest: BackupManifest,
+ pub keyfile: Option<String>,
}
/// Return value of a BlockRestoreDriver.status() call, 'id' must be valid for .stop(id)
diff --git a/src/bin/proxmox_file_restore/qemu_helper.rs b/src/bin/proxmox_file_restore/qemu_helper.rs
index 7fd2f1f8..0f3a7feb 100644
--- a/src/bin/proxmox_file_restore/qemu_helper.rs
+++ b/src/bin/proxmox_file_restore/qemu_helper.rs
@@ -190,9 +190,14 @@ pub async fn start_vm(
continue;
}
drives.push("-drive".to_owned());
+ let keyfile = if let Some(ref keyfile) = details.keyfile {
+ format!(",,keyfile={}", keyfile)
+ } else {
+ "".to_owned()
+ };
drives.push(format!(
- "file=pbs:repository={},,snapshot={},,archive={},read-only=on,if=none,id=drive{}",
- details.repo, details.snapshot, file, id
+ "file=pbs:repository={},,snapshot={},,archive={}{},read-only=on,if=none,id=drive{}",
+ details.repo, details.snapshot, file, keyfile, id
));
drives.push("-device".to_owned());
// drive serial is used by VM to map .fidx files to /dev paths
--
2.20.1
next prev parent reply other threads:[~2021-04-22 15:35 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-22 15:34 [pve-devel] [PATCH v2 00/13] Single-file-restore GUI for PBS snapshots Stefan Reiter
2021-04-22 15:34 ` [pbs-devel] " Stefan Reiter
2021-04-22 15:34 ` [pve-devel] [PATCH v2 proxmox-backup 01/13] file-restore: don't force PBS_FINGERPRINT env var Stefan Reiter
2021-04-22 15:34 ` [pbs-devel] " Stefan Reiter
2021-04-22 17:07 ` [pve-devel] applied: " Thomas Lamprecht
2021-04-22 17:07 ` [pbs-devel] applied: " Thomas Lamprecht
2021-04-22 15:34 ` [pve-devel] [PATCH v2 proxmox-backup 02/13] client-tools: add crypto_parameters_keep_fd Stefan Reiter
2021-04-22 15:34 ` [pbs-devel] " Stefan Reiter
2021-04-22 17:07 ` [pve-devel] applied: " Thomas Lamprecht
2021-04-22 17:07 ` [pbs-devel] applied: " Thomas Lamprecht
2021-04-22 15:34 ` Stefan Reiter [this message]
2021-04-22 15:34 ` [pbs-devel] [PATCH v2 proxmox-backup 03/13] file-restore: support encrypted VM backups Stefan Reiter
2021-04-22 17:07 ` [pve-devel] applied: " Thomas Lamprecht
2021-04-22 17:07 ` [pbs-devel] applied: " Thomas Lamprecht
2021-04-22 15:34 ` [pve-devel] [PATCH v2 common 04/13] PBSClient: adapt error message to include full package names Stefan Reiter
2021-04-22 15:34 ` [pbs-devel] " Stefan Reiter
2021-04-23 12:17 ` [pve-devel] applied: " Thomas Lamprecht
2021-04-23 12:17 ` [pbs-devel] applied: [pve-devel] " Thomas Lamprecht
2021-04-22 15:34 ` [pve-devel] [PATCH v2 common 05/13] PBSClient: add file_restore_list command Stefan Reiter
2021-04-22 15:34 ` [pbs-devel] " Stefan Reiter
2021-04-23 12:17 ` [pve-devel] applied: " Thomas Lamprecht
2021-04-23 12:17 ` [pbs-devel] applied: [pve-devel] " Thomas Lamprecht
2021-04-22 15:34 ` [pve-devel] [PATCH v2 common 06/13] PBSClient: add file_restore_extract function Stefan Reiter
2021-04-22 15:34 ` [pbs-devel] " Stefan Reiter
2021-04-23 12:17 ` [pve-devel] applied: " Thomas Lamprecht
2021-04-23 12:17 ` [pbs-devel] applied: [pve-devel] " Thomas Lamprecht
2021-04-22 15:34 ` [pve-devel] [PATCH v2 common 07/13] PBSClient: use crypt params for file 'list' and 'extract' Stefan Reiter
2021-04-22 15:34 ` [pbs-devel] " Stefan Reiter
2021-04-22 19:14 ` [pve-devel] " Thomas Lamprecht
2021-04-22 19:14 ` [pbs-devel] " Thomas Lamprecht
2021-04-23 12:18 ` [pve-devel] applied: " Thomas Lamprecht
2021-04-23 12:18 ` [pbs-devel] applied: [pve-devel] " Thomas Lamprecht
2021-04-22 15:34 ` [pve-devel] [PATCH v2 http-server 08/13] support streaming data form fh to client Stefan Reiter
2021-04-22 15:34 ` [pbs-devel] " Stefan Reiter
2021-04-23 11:56 ` [pve-devel] applied: " Thomas Lamprecht
2021-04-23 11:56 ` [pbs-devel] applied: [pve-devel] " Thomas Lamprecht
2021-04-22 15:34 ` [pve-devel] [PATCH v2 http-server 09/13] allow stream download from path and over pvedaemon-proxy Stefan Reiter
2021-04-22 15:34 ` [pbs-devel] " Stefan Reiter
2021-04-23 11:56 ` [pve-devel] applied: " Thomas Lamprecht
2021-04-23 11:56 ` [pbs-devel] applied: [pve-devel] " Thomas Lamprecht
2021-04-22 15:34 ` [pve-devel] [PATCH v2 storage 10/13] add FileRestore API for PBS Stefan Reiter
2021-04-22 15:34 ` [pbs-devel] " Stefan Reiter
2021-04-23 10:34 ` [pve-devel] [PATCH manager] file-restore: pass in full volume ID Fabian Grünbichler
2021-04-23 10:34 ` [pve-devel] [PATCH storage 1/2] file-restore: return perl-y booleans Fabian Grünbichler
2021-04-23 10:34 ` [pve-devel] [PATCH storage 2/2] file-restore: pass in volume ID or name Fabian Grünbichler
2021-04-22 15:34 ` [pve-devel] [PATCH v2 proxmox-widget-toolkit 11/13] Utils: add errorCallback to monStoreErrors Stefan Reiter
2021-04-22 15:34 ` [pbs-devel] " Stefan Reiter
2021-04-22 18:41 ` [pve-devel] applied: " Thomas Lamprecht
2021-04-22 18:41 ` [pbs-devel] applied: [pve-devel] " Thomas Lamprecht
2021-04-22 15:34 ` [pve-devel] [PATCH v2 proxmox-widget-toolkit 12/13] FileBrowser: support 'virtual'/'v' file type Stefan Reiter
2021-04-22 15:34 ` [pbs-devel] " Stefan Reiter
2021-04-22 18:41 ` [pve-devel] applied: " Thomas Lamprecht
2021-04-22 18:41 ` [pbs-devel] applied: [pve-devel] " Thomas Lamprecht
2021-04-22 15:34 ` [pve-devel] [PATCH v2 proxmox-widget-toolkit 13/13] FileBrowser: show errors in messagebox and allow expand 'all' Stefan Reiter
2021-04-22 15:34 ` [pbs-devel] " Stefan Reiter
2021-04-22 18:41 ` [pve-devel] applied: " Thomas Lamprecht
2021-04-22 18:41 ` [pbs-devel] applied: [pve-devel] " Thomas Lamprecht
2021-04-22 15:47 ` [pve-devel] [PATCH v2 manager 1/2] backupview: add file restore button Stefan Reiter
2021-04-22 15:47 ` [pve-devel] [PATCH v2 manager 2/2] gui: add task name for 'pbs-download' Stefan Reiter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210422153457.12265-4-s.reiter@proxmox.com \
--to=s.reiter@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.