From: Christian Ebner <c.ebner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [PATCH proxmox-backup v2 4/5] client: allow skipping signature check on previous manifest fetching
Date: Thu, 7 May 2026 15:01:34 +0200 [thread overview]
Message-ID: <20260507130135.589100-5-c.ebner@proxmox.com> (raw)
In-Reply-To: <20260507130135.589100-1-c.ebner@proxmox.com>
Extends the BackupWriter method to download the previous manifest
from a PBS instance, by a flag which allows skipping the signature
check even if the backup writer has a crypt_config set.
Silences misleading logs during encrypting push sync jobs.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---
pbs-client/src/backup_writer.rs | 19 ++++++++++++++-----
proxmox-backup-client/src/main.rs | 2 +-
src/server/push.rs | 2 +-
3 files changed, 16 insertions(+), 7 deletions(-)
diff --git a/pbs-client/src/backup_writer.rs b/pbs-client/src/backup_writer.rs
index 47f08840e..b60d71d3f 100644
--- a/pbs-client/src/backup_writer.rs
+++ b/pbs-client/src/backup_writer.rs
@@ -735,8 +735,14 @@ impl BackupWriter {
})
}
- /// Download backup manifest (index.json) of last backup
- pub async fn download_previous_manifest(&self) -> Result<BackupManifest, Error> {
+ /// Download backup manifest (index.json) of last backup.
+ ///
+ /// If `check_signature` is set and the writer stores a crypt config,
+ /// also checks the manifest's signature.
+ pub async fn download_previous_manifest(
+ &self,
+ check_signature: bool,
+ ) -> Result<BackupManifest, Error> {
let mut raw_data = Vec::with_capacity(64 * 1024);
let param = json!({ "archive-name": MANIFEST_BLOB_NAME.to_string() });
@@ -748,10 +754,13 @@ impl BackupWriter {
// manifest blobs are never encrypted and no expected digest available
let data = blob.decode(None, None)?;
- let manifest =
- BackupManifest::from_data(&data[..], self.crypt_config.as_ref().map(Arc::as_ref))?;
+ let crypt_config = if check_signature {
+ self.crypt_config.as_ref().map(Arc::as_ref)
+ } else {
+ None
+ };
- Ok(manifest)
+ BackupManifest::from_data(&data[..], crypt_config)
}
// We have no `self` here for `h2` and `verbose`, the only other arg "common" with 1 other
diff --git a/proxmox-backup-client/src/main.rs b/proxmox-backup-client/src/main.rs
index 5e8bb5393..c96db321f 100644
--- a/proxmox-backup-client/src/main.rs
+++ b/proxmox-backup-client/src/main.rs
@@ -1064,7 +1064,7 @@ async fn create_backup(
};
let previous_manifest = if download_previous_manifest {
- match client.download_previous_manifest().await {
+ match client.download_previous_manifest(true).await {
Ok(previous_manifest) => {
match previous_manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref)) {
Ok(()) => Some(Arc::new(previous_manifest)),
diff --git a/src/server/push.rs b/src/server/push.rs
index dac62c84a..afa78b751 100644
--- a/src/server/push.rs
+++ b/src/server/push.rs
@@ -1131,7 +1131,7 @@ pub(crate) async fn push_snapshot(
let mut previous_manifest = None;
// Use manifest of previous snapshots in group on target for chunk upload deduplication
if fetch_previous_manifest {
- match backup_writer.download_previous_manifest().await {
+ match backup_writer.download_previous_manifest(false).await {
Ok(manifest) => previous_manifest = Some(Arc::new(manifest)),
Err(err) => {
log_sender
--
2.47.3
next prev parent reply other threads:[~2026-05-07 13:02 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-07 13:01 [PATCH proxmox-backup v2 0/5] restrict previous manifest reuse checks for push sync jobs Christian Ebner
2026-05-07 13:01 ` [PATCH proxmox-backup v2 1/5] datastore: data blob: refactor crypt mode method Christian Ebner
2026-05-07 13:01 ` [PATCH proxmox-backup v2 2/5] datastore: data blob: refactor decoding method Christian Ebner
2026-05-07 13:01 ` [PATCH proxmox-backup v2 3/5] client: backup writer: pass no crypt config to manifest blob decoder Christian Ebner
2026-05-07 13:01 ` Christian Ebner [this message]
2026-05-07 13:01 ` [PATCH proxmox-backup v2 5/5] sync: push: gracefully handle previous manifest signature mismatches Christian Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260507130135.589100-5-c.ebner@proxmox.com \
--to=c.ebner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.