From: Christian Ebner <c.ebner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [PATCH proxmox-backup v2 0/5] restrict previous manifest reuse checks for push sync jobs
Date: Thu, 7 May 2026 15:01:30 +0200 [thread overview]
Message-ID: <20260507130135.589100-1-c.ebner@proxmox.com> (raw)
Restrict and rework the checks for reuse of previous snapshots
manifest's for push sync jobs, in particular with key and signature
mismatches for sync jobs with active encryption key.
In particular, only allow reuse of the previous manifest if either
the previous manifest is not encrypted, and the push sync will also
not encrypt or the previous manifest is encrypted with the matching
active encryption key configured for the sync job, the manifest's
signature being verified with that key.
This patches thereby also more gracefully handle an otherwise rather
alerting log message during push sync jobs with configured active
encryption key, stating a key mismatch in the manifest signature
check error.
The series includes also some patches with code style cleanups
encountered while working on the code.
Changes since version 1 (thanks @Fabian for review):
- use boolean flag to skip signature check in download_previous_manifest()
- do not pass crypt config on manifest blob decode
- refine checks for when the previous manifest should be reusable
- drop now outdated checks when pulling reusable index chunks
- refactor DataBlob methods for improved code style
proxmox-backup:
Christian Ebner (5):
datastore: data blob: refactor crypt mode method
datastore: data blob: refactor decoding method
client: backup writer: pass no crypt config to manifest blob decoder
client: allow skipping signature check on previous manifest fetching
sync: push: gracefully handle previous manifest signature mismatches
pbs-client/src/backup_writer.rs | 23 +++++--
pbs-datastore/src/data_blob.rs | 102 ++++++++++++++----------------
proxmox-backup-client/src/main.rs | 2 +-
src/server/push.rs | 81 ++++++++++++++++++------
4 files changed, 126 insertions(+), 82 deletions(-)
Summary over all repositories:
4 files changed, 126 insertions(+), 82 deletions(-)
--
Generated by murpp 0.11.0
next reply other threads:[~2026-05-07 13:02 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-07 13:01 Christian Ebner [this message]
2026-05-07 13:01 ` [PATCH proxmox-backup v2 1/5] datastore: data blob: refactor crypt mode method Christian Ebner
2026-05-07 13:01 ` [PATCH proxmox-backup v2 2/5] datastore: data blob: refactor decoding method Christian Ebner
2026-05-07 13:01 ` [PATCH proxmox-backup v2 3/5] client: backup writer: pass no crypt config to manifest blob decoder Christian Ebner
2026-05-07 13:01 ` [PATCH proxmox-backup v2 4/5] client: allow skipping signature check on previous manifest fetching Christian Ebner
2026-05-07 13:01 ` [PATCH proxmox-backup v2 5/5] sync: push: gracefully handle previous manifest signature mismatches Christian Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260507130135.589100-1-c.ebner@proxmox.com \
--to=c.ebner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.