From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id B1A131FF135 for ; Sun, 19 Apr 2026 23:07:51 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 5E59517376; Sun, 19 Apr 2026 23:07:51 +0200 (CEST) From: Thomas Lamprecht To: c.ebner@proxmox.com Subject: Re: [PATCH proxmox-backup v3 07/30] pbs-config: implement encryption key config handling Date: Sun, 19 Apr 2026 22:41:51 +0200 Message-ID: <20260419210610.3915597-2-t.lamprecht@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260414125923.892345-8-c.ebner@proxmox.com> References: <20260419210610.3915597-1-t.lamprecht@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1776632780433 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.001 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: ZXPCUOWVTOCR4ZAX4CNSH2453S32A6GU X-Message-ID-Hash: ZXPCUOWVTOCR4ZAX4CNSH2453S32A6GU X-MailFrom: t.lamprecht@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: pbs-devel@lists.proxmox.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Am 14.04.26 um 14:59 schrieb Christian Ebner: > diff --git a/pbs-config/src/encryption_keys.rs b/pbs-config/src/encryption_keys.rs > > +/// Mark the key as archived by setting the `archived-at` timestamp. > +pub fn archive_key(id: &str, mut config: SectionConfigData) -> Result<(), Error> { nit: Unlike delete_key, which has a "Safety: caller must acquire and hold config lock" doc comment, archive_key has no such note even though it has the same precondition (takes `mut config` without re-locking). Might be good to add an equivalent note here for consistency - this also nicely documents the intent alongside the pending must_use-based fix for the missing lock binding in store_key. > +/// Config type for encryption key config entries > +pub const ENCRYPTION_KEYS_CFG_TYPE_ID: &str = "sync-key"; nit: the type id "sync-key" hardcodes a sync-only assumption into what is otherwise named as a generic "encryption keys" config. If there's any intent to reuse this config outside of sync jobs later, albeit renaming it is a minor migration cost, if some use cases really come up, just wanted to notice this tiny boundary "leak" as now it'd be still trivial to adapt the name, but really no hard feelings at all.