* [pbs-devel] [PATCH proxmox-backup(-qemu) 0/3] switch to fingerprint for tracking key
@ 2020-11-24 13:05 Fabian Grünbichler
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint Fabian Grünbichler
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Fabian Grünbichler @ 2020-11-24 13:05 UTC (permalink / raw)
To: pbs-devel
one patch in proxmox-backup to make the inner bytes accessible from
other crates, after that has been applied + bumped the other two can be
used to switch over proxmox-backup-qemu to using the fingerprint()
method. forwards migration works without invalidating the bitmap,
backwards migration will invalidate the bitmap but otherwise work.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pbs-devel] [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint
2020-11-24 13:05 [pbs-devel] [PATCH proxmox-backup(-qemu) 0/3] switch to fingerprint for tracking key Fabian Grünbichler
@ 2020-11-24 13:05 ` Fabian Grünbichler
2020-11-24 15:36 ` Dietmar Maurer
2020-11-25 7:28 ` [pbs-devel] applied: " Dietmar Maurer
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup] fingerprint: add bytes() accessor Fabian Grünbichler
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup-qemu 2/2] fingerprint: rename variables Fabian Grünbichler
2 siblings, 2 replies; 8+ messages in thread
From: Fabian Grünbichler @ 2020-11-24 13:05 UTC (permalink / raw)
To: pbs-devel
but accept old variant as well for now, to not invalidate bitmaps for
freshly migrated VMs.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
Notes:
needs proxmox-backup with Fingerprint::bytes()
src/commands.rs | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/src/commands.rs b/src/commands.rs
index 7a24b7c..dcee5a1 100644
--- a/src/commands.rs
+++ b/src/commands.rs
@@ -108,6 +108,8 @@ fn archive_name(device_name: &str) -> String {
const CRYPT_CONFIG_HASH_INPUT:&[u8] = b"this is just a static string to protect against key changes";
/// Create an identifying digest for the crypt config
+/// legacy version for VMs freshly migrated from old version
+/// TODO: remove in PVE 7.0
pub(crate) fn crypt_config_digest(
config: Arc<CryptConfig>,
) -> [u8;32] {
@@ -152,7 +154,8 @@ pub(crate) fn check_last_encryption_key(
let digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
match (*digest_guard, config) {
(Some(last_digest), Some(current_config)) => {
- crypt_config_digest(current_config) == last_digest
+ current_config.fingerprint().bytes() == &last_digest
+ || crypt_config_digest(current_config) == last_digest
},
(None, None) => true,
_ => false,
@@ -440,7 +443,13 @@ pub(crate) async fn finish_backup(
{
let crypt_config_digest = match crypt_config {
- Some(current_config) => Some(crypt_config_digest(current_config)),
+ Some(current_config) => {
+ let fp = current_config
+ .fingerprint()
+ .bytes()
+ .to_owned();
+ Some(fp)
+ },
None => None,
};
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pbs-devel] [PATCH proxmox-backup] fingerprint: add bytes() accessor
2020-11-24 13:05 [pbs-devel] [PATCH proxmox-backup(-qemu) 0/3] switch to fingerprint for tracking key Fabian Grünbichler
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint Fabian Grünbichler
@ 2020-11-24 13:05 ` Fabian Grünbichler
2020-11-25 7:27 ` [pbs-devel] applied: " Dietmar Maurer
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup-qemu 2/2] fingerprint: rename variables Fabian Grünbichler
2 siblings, 1 reply; 8+ messages in thread
From: Fabian Grünbichler @ 2020-11-24 13:05 UTC (permalink / raw)
To: pbs-devel
needed for libproxmox-backup-qemu0
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
src/backup/crypt_config.rs | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/backup/crypt_config.rs b/src/backup/crypt_config.rs
index 7d27706a..67482a75 100644
--- a/src/backup/crypt_config.rs
+++ b/src/backup/crypt_config.rs
@@ -47,6 +47,12 @@ pub struct Fingerprint {
bytes: [u8; 32],
}
+impl Fingerprint {
+ pub fn bytes(&self) -> &[u8; 32] {
+ &self.bytes
+ }
+}
+
/// Display as short key ID
impl Display for Fingerprint {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pbs-devel] [PATCH proxmox-backup-qemu 2/2] fingerprint: rename variables
2020-11-24 13:05 [pbs-devel] [PATCH proxmox-backup(-qemu) 0/3] switch to fingerprint for tracking key Fabian Grünbichler
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint Fabian Grünbichler
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup] fingerprint: add bytes() accessor Fabian Grünbichler
@ 2020-11-24 13:05 ` Fabian Grünbichler
2 siblings, 0 replies; 8+ messages in thread
From: Fabian Grünbichler @ 2020-11-24 13:05 UTC (permalink / raw)
To: pbs-devel
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
src/commands.rs | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/src/commands.rs b/src/commands.rs
index dcee5a1..cd81dae 100644
--- a/src/commands.rs
+++ b/src/commands.rs
@@ -23,7 +23,7 @@ lazy_static!{
Mutex::new(HashMap::new())
};
- static ref PREVIOUS_CRYPT_CONFIG_DIGEST: Mutex<Option<[u8;32]>> = {
+ static ref PREVIOUS_KEY_FINGERPRINT: Mutex<Option<[u8;32]>> = {
Mutex::new(None)
};
}
@@ -40,16 +40,16 @@ pub struct ImageUploadInfo {
pub(crate) fn serialize_state() -> Vec<u8> {
let prev_csums = &*PREVIOUS_CSUMS.lock().unwrap();
- let prev_crypt_digest = &*PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
- bincode::serialize(&(prev_csums, prev_crypt_digest)).unwrap()
+ let prev_key_fingerprint = &*PREVIOUS_KEY_FINGERPRINT.lock().unwrap();
+ bincode::serialize(&(prev_csums, prev_key_fingerprint)).unwrap()
}
pub(crate) fn deserialize_state(data: &[u8]) -> Result<(), Error> {
- let (prev_csums, prev_crypt_digest) = bincode::deserialize(data)?;
+ let (prev_csums, prev_key_fingerprint) = bincode::deserialize(data)?;
let mut prev_csums_guard = PREVIOUS_CSUMS.lock().unwrap();
- let mut prev_crypt_digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
+ let mut prev_key_fingerprint_guard = PREVIOUS_KEY_FINGERPRINT.lock().unwrap();
*prev_csums_guard = prev_csums;
- *prev_crypt_digest_guard = prev_crypt_digest;
+ *prev_key_fingerprint_guard = prev_key_fingerprint;
Ok(())
}
@@ -151,11 +151,11 @@ pub(crate) fn check_last_encryption_mode(
pub(crate) fn check_last_encryption_key(
config: Option<Arc<CryptConfig>>,
) -> bool {
- let digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
- match (*digest_guard, config) {
- (Some(last_digest), Some(current_config)) => {
- current_config.fingerprint().bytes() == &last_digest
- || crypt_config_digest(current_config) == last_digest
+ let fingerprint_guard = PREVIOUS_KEY_FINGERPRINT.lock().unwrap();
+ match (*fingerprint_guard, config) {
+ (Some(last_fingerprint), Some(current_config)) => {
+ current_config.fingerprint().bytes() == &last_fingerprint
+ || crypt_config_digest(current_config) == last_fingerprint
},
(None, None) => true,
_ => false,
@@ -442,7 +442,7 @@ pub(crate) async fn finish_backup(
};
{
- let crypt_config_digest = match crypt_config {
+ let key_fingerprint = match crypt_config {
Some(current_config) => {
let fp = current_config
.fingerprint()
@@ -453,8 +453,8 @@ pub(crate) async fn finish_backup(
None => None,
};
- let mut crypt_config_digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
- *crypt_config_digest_guard = crypt_config_digest;
+ let mut key_fingerprint_guard = PREVIOUS_KEY_FINGERPRINT.lock().unwrap();
+ *key_fingerprint_guard = key_fingerprint;
}
client
--
2.20.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [pbs-devel] [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint Fabian Grünbichler
@ 2020-11-24 15:36 ` Dietmar Maurer
2020-11-24 15:44 ` Fabian Grünbichler
2020-11-25 7:28 ` [pbs-devel] applied: " Dietmar Maurer
1 sibling, 1 reply; 8+ messages in thread
From: Dietmar Maurer @ 2020-11-24 15:36 UTC (permalink / raw)
To: Proxmox Backup Server development discussion, Fabian Grünbichler
Does this improve something? I can't see the purpose of this change.
> @@ -152,7 +154,8 @@ pub(crate) fn check_last_encryption_key(
> let digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
> match (*digest_guard, config) {
> (Some(last_digest), Some(current_config)) => {
> - crypt_config_digest(current_config) == last_digest
> + current_config.fingerprint().bytes() == &last_digest
> + || crypt_config_digest(current_config) == last_digest
> },
> (None, None) => true,
> _ => false,
> @@ -440,7 +443,13 @@ pub(crate) async fn finish_backup(
>
> {
> let crypt_config_digest = match crypt_config {
> - Some(current_config) => Some(crypt_config_digest(current_config)),
> + Some(current_config) => {
> + let fp = current_config
> + .fingerprint()
> + .bytes()
> + .to_owned();
> + Some(fp)
> + },
> None => None,
> };
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [pbs-devel] [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint
2020-11-24 15:36 ` Dietmar Maurer
@ 2020-11-24 15:44 ` Fabian Grünbichler
0 siblings, 0 replies; 8+ messages in thread
From: Fabian Grünbichler @ 2020-11-24 15:44 UTC (permalink / raw)
To: Dietmar Maurer, Proxmox Backup Server development discussion
On November 24, 2020 4:36 pm, Dietmar Maurer wrote:
> Does this improve something? I can't see the purpose of this change.
it allows use to display this remembered fingerprint (e.g., in the
'invalidating bitmap' message or via the WIP 'query-proxmox-support'.
(also, I'd rather harmonize this now while PVE->PBS is still in beta,
and not afterwards)
>> @@ -152,7 +154,8 @@ pub(crate) fn check_last_encryption_key(
>> let digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
>> match (*digest_guard, config) {
>> (Some(last_digest), Some(current_config)) => {
>> - crypt_config_digest(current_config) == last_digest
>> + current_config.fingerprint().bytes() == &last_digest
>> + || crypt_config_digest(current_config) == last_digest
>> },
>> (None, None) => true,
>> _ => false,
>> @@ -440,7 +443,13 @@ pub(crate) async fn finish_backup(
>>
>> {
>> let crypt_config_digest = match crypt_config {
>> - Some(current_config) => Some(crypt_config_digest(current_config)),
>> + Some(current_config) => {
>> + let fp = current_config
>> + .fingerprint()
>> + .bytes()
>> + .to_owned();
>> + Some(fp)
>> + },
>> None => None,
>> };
>>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pbs-devel] applied: [PATCH proxmox-backup] fingerprint: add bytes() accessor
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup] fingerprint: add bytes() accessor Fabian Grünbichler
@ 2020-11-25 7:27 ` Dietmar Maurer
0 siblings, 0 replies; 8+ messages in thread
From: Dietmar Maurer @ 2020-11-25 7:27 UTC (permalink / raw)
To: Proxmox Backup Server development discussion, Fabian Grünbichler
applied
> On 11/24/2020 2:05 PM Fabian Grünbichler <f.gruenbichler@proxmox.com> wrote:
>
>
> needed for libproxmox-backup-qemu0
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
> src/backup/crypt_config.rs | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/src/backup/crypt_config.rs b/src/backup/crypt_config.rs
> index 7d27706a..67482a75 100644
> --- a/src/backup/crypt_config.rs
> +++ b/src/backup/crypt_config.rs
> @@ -47,6 +47,12 @@ pub struct Fingerprint {
> bytes: [u8; 32],
> }
>
> +impl Fingerprint {
> + pub fn bytes(&self) -> &[u8; 32] {
> + &self.bytes
> + }
> +}
> +
> /// Display as short key ID
> impl Display for Fingerprint {
> fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
> --
> 2.20.1
>
>
>
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 8+ messages in thread
* [pbs-devel] applied: [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint Fabian Grünbichler
2020-11-24 15:36 ` Dietmar Maurer
@ 2020-11-25 7:28 ` Dietmar Maurer
1 sibling, 0 replies; 8+ messages in thread
From: Dietmar Maurer @ 2020-11-25 7:28 UTC (permalink / raw)
To: Proxmox Backup Server development discussion, Fabian Grünbichler
applied both patches.
> On 11/24/2020 2:05 PM Fabian Grünbichler <f.gruenbichler@proxmox.com> wrote:
>
>
> but accept old variant as well for now, to not invalidate bitmaps for
> freshly migrated VMs.
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
>
> Notes:
> needs proxmox-backup with Fingerprint::bytes()
>
> src/commands.rs | 13 +++++++++++--
> 1 file changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/src/commands.rs b/src/commands.rs
> index 7a24b7c..dcee5a1 100644
> --- a/src/commands.rs
> +++ b/src/commands.rs
> @@ -108,6 +108,8 @@ fn archive_name(device_name: &str) -> String {
> const CRYPT_CONFIG_HASH_INPUT:&[u8] = b"this is just a static string to protect against key changes";
>
> /// Create an identifying digest for the crypt config
> +/// legacy version for VMs freshly migrated from old version
> +/// TODO: remove in PVE 7.0
> pub(crate) fn crypt_config_digest(
> config: Arc<CryptConfig>,
> ) -> [u8;32] {
> @@ -152,7 +154,8 @@ pub(crate) fn check_last_encryption_key(
> let digest_guard = PREVIOUS_CRYPT_CONFIG_DIGEST.lock().unwrap();
> match (*digest_guard, config) {
> (Some(last_digest), Some(current_config)) => {
> - crypt_config_digest(current_config) == last_digest
> + current_config.fingerprint().bytes() == &last_digest
> + || crypt_config_digest(current_config) == last_digest
> },
> (None, None) => true,
> _ => false,
> @@ -440,7 +443,13 @@ pub(crate) async fn finish_backup(
>
> {
> let crypt_config_digest = match crypt_config {
> - Some(current_config) => Some(crypt_config_digest(current_config)),
> + Some(current_config) => {
> + let fp = current_config
> + .fingerprint()
> + .bytes()
> + .to_owned();
> + Some(fp)
> + },
> None => None,
> };
>
> --
> 2.20.1
>
>
>
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-11-25 7:29 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-24 13:05 [pbs-devel] [PATCH proxmox-backup(-qemu) 0/3] switch to fingerprint for tracking key Fabian Grünbichler
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup-qemu 1/2] encryption key tracking: use fingerprint Fabian Grünbichler
2020-11-24 15:36 ` Dietmar Maurer
2020-11-24 15:44 ` Fabian Grünbichler
2020-11-25 7:28 ` [pbs-devel] applied: " Dietmar Maurer
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup] fingerprint: add bytes() accessor Fabian Grünbichler
2020-11-25 7:27 ` [pbs-devel] applied: " Dietmar Maurer
2020-11-24 13:05 ` [pbs-devel] [PATCH proxmox-backup-qemu 2/2] fingerprint: rename variables Fabian Grünbichler
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal