From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 0E1C71FF13F for ; Thu, 07 May 2026 15:02:07 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 9FE761B7D2; Thu, 7 May 2026 15:02:06 +0200 (CEST) From: Christian Ebner To: pbs-devel@lists.proxmox.com Subject: [PATCH proxmox-backup v2 0/5] restrict previous manifest reuse checks for push sync jobs Date: Thu, 7 May 2026 15:01:30 +0200 Message-ID: <20260507130135.589100-1-c.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1778158809450 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.070 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: PRERLKWRBJNGGX2XMWTPBT6OQHLBTAT3 X-Message-ID-Hash: PRERLKWRBJNGGX2XMWTPBT6OQHLBTAT3 X-MailFrom: c.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Restrict and rework the checks for reuse of previous snapshots manifest's for push sync jobs, in particular with key and signature mismatches for sync jobs with active encryption key. In particular, only allow reuse of the previous manifest if either the previous manifest is not encrypted, and the push sync will also not encrypt or the previous manifest is encrypted with the matching active encryption key configured for the sync job, the manifest's signature being verified with that key. This patches thereby also more gracefully handle an otherwise rather alerting log message during push sync jobs with configured active encryption key, stating a key mismatch in the manifest signature check error. The series includes also some patches with code style cleanups encountered while working on the code. Changes since version 1 (thanks @Fabian for review): - use boolean flag to skip signature check in download_previous_manifest() - do not pass crypt config on manifest blob decode - refine checks for when the previous manifest should be reusable - drop now outdated checks when pulling reusable index chunks - refactor DataBlob methods for improved code style proxmox-backup: Christian Ebner (5): datastore: data blob: refactor crypt mode method datastore: data blob: refactor decoding method client: backup writer: pass no crypt config to manifest blob decoder client: allow skipping signature check on previous manifest fetching sync: push: gracefully handle previous manifest signature mismatches pbs-client/src/backup_writer.rs | 23 +++++-- pbs-datastore/src/data_blob.rs | 102 ++++++++++++++---------------- proxmox-backup-client/src/main.rs | 2 +- src/server/push.rs | 81 ++++++++++++++++++------ 4 files changed, 126 insertions(+), 82 deletions(-) Summary over all repositories: 4 files changed, 126 insertions(+), 82 deletions(-) -- Generated by murpp 0.11.0