From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gate001.proxmox.com (gate001.proxmox.com [45.144.208.40]) by lore.proxmox.com (Postfix) with ESMTPS id C70F61FF0E0 for ; Thu, 09 Jul 2026 14:21:41 +0200 (CEST) Received: from gate001.proxmox.com (localhost.localdomain [127.0.0.1]) by gate001.proxmox.com (Proxmox) with ESMTP id 6C344214EA; Thu, 09 Jul 2026 14:21:41 +0200 (CEST) From: Jakob Klocker To: pbs-devel@lists.proxmox.com Subject: [PATCH proxmox-backup 2/2] fix #6990: server: drop verify state on push job Date: Thu, 9 Jul 2026 14:21:35 +0200 Message-ID: <20260709122136.352839-3-j.klocker@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260709122136.352839-1-j.klocker@proxmox.com> References: <20260709122136.352839-1-j.klocker@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 2 AWL -0.375 Adjusted score from AWL reputation of From: address DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment (newer systems) KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RDNS_NONE 1.274 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Message-ID-Hash: XA4RC74ZFFPIC7UCCX3T6Z6HT2NVOHT7 X-Message-ID-Hash: XA4RC74ZFFPIC7UCCX3T6Z6HT2NVOHT7 X-MailFrom: jklocker@iris.proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Jakob Klocker X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: When pushing a snapshot the target manifest is recreated from the source manifest, copying its verify_state. As with pull, this makes the pushed snapshot appear verified on the remote without its stored copy having been checked there. Strip verify_state after copying the unprotected section so the pushed snapshot is verified independently on the target. Link: https://bugzilla.proxmox.com/show_bug.cgi?id=6990 Signed-off-by: Jakob Klocker --- src/server/push.rs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/server/push.rs b/src/server/push.rs index 7b3cac4cd..92d32bceb 100644 --- a/src/server/push.rs +++ b/src/server/push.rs @@ -1364,6 +1364,12 @@ pub(crate) async fn push_snapshot( // Rewrite manifest for pushed snapshot, recreating manifest from source on target, // needs to update all relevant info for new manifest. target_manifest.unprotected = source_manifest.unprotected.clone(); + + if let Some(unprotected) = target_manifest.unprotected.as_object_mut() { + unprotected.remove("verify_state"); + } else { + bail!("Encountered unexpected manifest without 'unprotected' section."); + } let manifest_string = if let Some((_id, crypt_config)) = &encrypt_using_key { let sync_source_signature = source_manifest.signature(crypt_config)?; target_manifest.set_sync_source_signature(&sync_source_signature)?; -- 2.47.3