From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 75C221FF137 for ; Tue, 14 Apr 2026 14:58:58 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 3054F18134; Tue, 14 Apr 2026 14:59:42 +0200 (CEST) From: Christian Ebner To: pbs-devel@lists.proxmox.com Subject: [PATCH proxmox-backup v3 05/30] datastore: manifest: add helper for change detection fingerprint Date: Tue, 14 Apr 2026 14:58:58 +0200 Message-ID: <20260414125923.892345-6-c.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260414125923.892345-1-c.ebner@proxmox.com> References: <20260414125923.892345-1-c.ebner@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1776171497952 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.068 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [manifest.rs] Message-ID-Hash: BQSIZHWYKBRXNUARGJ7SJRVT5KJDU7CY X-Message-ID-Hash: BQSIZHWYKBRXNUARGJ7SJRVT5KJDU7CY X-MailFrom: c.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Generates a checksum over the file names and checksums of the manifest, to be stored in the encrypted snapshots manifest when doing server side sync push encryption. The fingerprint will then be used on pull to detect if a manifests file contents did not change and are therefore fine to be skipped (no resync required). The usual byte-wise comparison is not feasible for this. Signed-off-by: Christian Ebner --- changes since version 2: - no changes pbs-datastore/src/manifest.rs | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/pbs-datastore/src/manifest.rs b/pbs-datastore/src/manifest.rs index fb734a674..5f7d3efcc 100644 --- a/pbs-datastore/src/manifest.rs +++ b/pbs-datastore/src/manifest.rs @@ -236,6 +236,26 @@ impl BackupManifest { } Ok(Some(serde_json::from_value::(verify)?)) } + + /// Set the fingerprint used to detect changes for encrypted -> decrypted syncs + pub fn set_change_detection_fingerprint( + &mut self, + fingerprint: &[u8; 32], + ) -> Result<(), Error> { + let fp_str = hex::encode(fingerprint); + self.unprotected["change-detection-fingerprint"] = serde_json::to_value(fp_str)?; + Ok(()) + } + + /// Generate the fingerprint used to detect changes for encrypted -> decrypted syncs + pub fn change_detection_fingerprint(&self) -> Result<[u8; 32], Error> { + let mut csum = openssl::sha::Sha256::new(); + for file_info in self.files() { + csum.update(file_info.filename.as_bytes()); + csum.update(&file_info.csum); + } + Ok(csum.finish()) + } } impl TryFrom for BackupManifest { -- 2.47.3