From: Christian Ebner <c.ebner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [PATCH proxmox-backup] sync: rename change-detection-fingerprint to sync-source-signature
Date: Tue, 28 Apr 2026 16:36:42 +0200 [thread overview]
Message-ID: <20260428143642.1012584-1-c.ebner@proxmox.com> (raw)
Introduced in 87a819311 ("datastore: manifest: add helper for change
detection fingerprint") the name was found to be confusion due to
the potential metal clash with the totally unrelated client parameter
named `change-detecton-mode`, especially in log output.
The new field name `sync-source-signature` better reflects that this
is the signature of the sync source snapshot stored on the target.
The previous field is kept for backwards compatibility with already
synced snapshots storing the field, the methods, comments and log
messages all updated accordingly.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---
pbs-datastore/src/manifest.rs | 24 +++++++++++++++---------
src/server/pull.rs | 18 ++++++++++--------
src/server/push.rs | 4 ++--
3 files changed, 27 insertions(+), 19 deletions(-)
diff --git a/pbs-datastore/src/manifest.rs b/pbs-datastore/src/manifest.rs
index 8bea0b042..c17e79539 100644
--- a/pbs-datastore/src/manifest.rs
+++ b/pbs-datastore/src/manifest.rs
@@ -242,22 +242,28 @@ impl BackupManifest {
Ok(Some(serde_json::from_value::<SnapshotVerifyState>(verify)?))
}
- /// Set the fingerprint used to detect changes for encrypted -> decrypted syncs
- pub fn set_change_detection_fingerprint(
+ /// Set the sync-source-signature used to detect changes for encrypted -> decrypted syncs
+ pub fn set_sync_source_signature(
&mut self,
fingerprint: &[u8; 32],
) -> Result<(), Error> {
let fp_str = Fingerprint::new(*fingerprint);
- self.unprotected["change-detection-fingerprint"] = serde_json::to_value(fp_str)?;
+ self.unprotected["sync-source-signature"] = serde_json::to_value(fp_str)?;
Ok(())
}
- /// Get the fingerprint used to detect changes for encrypted -> decrypted syncs
- pub fn get_change_detection_fingerprint(&self) -> Result<Option<Fingerprint>, Error> {
- match &self.unprotected["change-detection-fingerprint"] {
- Value::Null => Ok(None),
- value => Ok(Some(Deserialize::deserialize(value)?)),
- }
+ /// Get the sync-source-signature used to detect changes for encrypted -> decrypted syncs
+ pub fn get_sync_source_signature(&self) -> Result<Option<Fingerprint>, Error> {
+ let value = if !self.unprotected["sync-source-signature"].is_null() {
+ &self.unprotected["sync-source-signature"]
+ } else if !self.unprotected["change-detection-fingerprint"].is_null() {
+ // fallback to legacy field for sync-source-signature
+ &self.unprotected["change-detection-fingerprint"]
+ } else {
+ return Ok(None);
+ };
+
+ Ok(Some(Deserialize::deserialize(value)?))
}
}
diff --git a/src/server/pull.rs b/src/server/pull.rs
index c519ed5d8..03a4e631c 100644
--- a/src/server/pull.rs
+++ b/src/server/pull.rs
@@ -871,7 +871,9 @@ async fn pull_snapshot<'a>(
// reverified independent from the sync.
new_manifest.unprotected = manifest.unprotected.clone();
if let Some(unprotected) = new_manifest.unprotected.as_object_mut() {
+ // legacy field replaced by sync-source-signature
unprotected.remove("change-detection-fingerprint");
+ unprotected.remove("sync-souruce-fingerprint");
unprotected.remove("key-fingerprint");
unprotected.remove("verify_state");
} else {
@@ -880,7 +882,7 @@ async fn pull_snapshot<'a>(
if let Some(expected) = &manifest.signature {
let expected: Fingerprint = expected.parse().with_context(|| prefix.clone())?;
- new_manifest.set_change_detection_fingerprint(expected.bytes())?;
+ new_manifest.set_sync_source_signature(expected.bytes())?;
}
let manifest_string = new_manifest.to_string(None)?;
@@ -1012,8 +1014,8 @@ async fn optionally_use_decryption_key(
// avoid overwriting pre-existing target manifest
if let Some(existing_manifest) = existing_target_manifest {
if let Some(source_fp) = manifest
- .get_change_detection_fingerprint()
- .context("failed to parse change detection fingerprint of source manifest")
+ .get_sync_source_signature()
+ .context("failed to parse sync-source-signature of source manifest")
.with_context(|| prefix.clone())?
{
// Stored fp is HMAC over the unencrypted source's protected fields; recompute
@@ -1024,11 +1026,11 @@ async fn optionally_use_decryption_key(
if target_fp == *source_fp.bytes() {
skip_resync = true;
} else {
- bail!("Change detection fingerprint mismatch, refuse to continue!");
+ bail!("sync-source-signature mismatch, refuse to continue!");
}
} else if let Some(source_signature) = existing_manifest
- .get_change_detection_fingerprint()
- .context("failed to parse change detection fingerprint of existing target manifest")
+ .get_sync_source_signature()
+ .context("failed to parse sync-source-signature of existing target manifest")
.with_context(|| prefix.clone())?
{
let Some(expected) = &manifest.signature else {
@@ -1038,10 +1040,10 @@ async fn optionally_use_decryption_key(
if expected == source_signature {
skip_resync = true;
} else {
- bail!("Change detection fingerprint mismatch, refuse to continue!");
+ bail!("sync-source-signature mismatch, refuse to continue!");
}
} else {
- bail!("No change detection fingerprint found, refuse to continue!");
+ bail!("No sync-source-signature found, refuse to continue!");
}
}
diff --git a/src/server/push.rs b/src/server/push.rs
index b68b07ca4..dac62c84a 100644
--- a/src/server/push.rs
+++ b/src/server/push.rs
@@ -1365,8 +1365,8 @@ pub(crate) async fn push_snapshot(
// needs to update all relevant info for new manifest.
target_manifest.unprotected = source_manifest.unprotected.clone();
let manifest_string = if let Some((_id, crypt_config)) = &encrypt_using_key {
- let fp = source_manifest.signature(crypt_config)?;
- target_manifest.set_change_detection_fingerprint(&fp)?;
+ let sync_source_signature = source_manifest.signature(crypt_config)?;
+ target_manifest.set_sync_source_signature(&sync_source_signature)?;
target_manifest.to_string(Some(crypt_config))?
} else {
target_manifest.signature = source_manifest.signature.clone();
--
2.47.3
reply other threads:[~2026-04-28 14:37 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260428143642.1012584-1-c.ebner@proxmox.com \
--to=c.ebner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.