all lists on lists.proxmox.com
 help / color / mirror / Atom feed
* [PATCH proxmox-backup] pull: decrypt: set and check change-detection-fingerprint
@ 2026-04-28  9:44 Fabian Grünbichler
  2026-04-28 10:01 ` Dominik Csapak
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Fabian Grünbichler @ 2026-04-28  9:44 UTC (permalink / raw)
  To: pbs-devel

when decrypt-pulling a snapshot that was not created by encrypt-pushing, but by
a regular encrypted backup, resyncing requires matching the local plain text
manifest and the remote encrypted one.

in addition to storing a signature of the plain manifest when encrypt-pushing,
store the already existing signature of the encrypted source manifest when
decrypt-pulling, but only use it for matching if the former does not exist.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 src/server/pull.rs | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/server/pull.rs b/src/server/pull.rs
index 4a41ea7da..c519ed5d8 100644
--- a/src/server/pull.rs
+++ b/src/server/pull.rs
@@ -21,8 +21,8 @@ use tokio::io::AsyncWriteExt;
 
 use pbs_api_types::{
     print_store_and_ns, ArchiveType, Authid, BackupArchiveName, BackupDir, BackupGroup,
-    BackupNamespace, CryptMode, GroupFilter, Operation, RateLimitConfig, Remote, SnapshotListItem,
-    VerifyState, CLIENT_LOG_BLOB_NAME, MANIFEST_BLOB_NAME, MAX_NAMESPACE_DEPTH,
+    BackupNamespace, CryptMode, Fingerprint, GroupFilter, Operation, RateLimitConfig, Remote,
+    SnapshotListItem, VerifyState, CLIENT_LOG_BLOB_NAME, MANIFEST_BLOB_NAME, MAX_NAMESPACE_DEPTH,
     PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_BACKUP,
 };
 use pbs_client::BackupRepository;
@@ -878,6 +878,11 @@ async fn pull_snapshot<'a>(
             bail!("Encountered unexpected manifest without 'unprotected' section.");
         }
 
+        if let Some(expected) = &manifest.signature {
+            let expected: Fingerprint = expected.parse().with_context(|| prefix.clone())?;
+            new_manifest.set_change_detection_fingerprint(expected.bytes())?;
+        }
+
         let manifest_string = new_manifest.to_string(None)?;
         let manifest_blob = DataBlob::encode(manifest_string.as_bytes(), None, true)?;
         // update contents to be uploaded to backend
@@ -1021,6 +1026,20 @@ async fn optionally_use_decryption_key(
             } else {
                 bail!("Change detection fingerprint mismatch, refuse to continue!");
             }
+        } else if let Some(source_signature) = existing_manifest
+            .get_change_detection_fingerprint()
+            .context("failed to parse change detection fingerprint of existing target manifest")
+            .with_context(|| prefix.clone())?
+        {
+            let Some(expected) = &manifest.signature else {
+                bail!("No signature on source manifest.");
+            };
+            let expected: Fingerprint = expected.parse().with_context(|| prefix.clone())?;
+            if expected == source_signature {
+                skip_resync = true;
+            } else {
+                bail!("Change detection fingerprint mismatch, refuse to continue!");
+            }
         } else {
             bail!("No change detection fingerprint found, refuse to continue!");
         }
-- 
2.47.3





^ permalink raw reply related	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-04-28 13:08 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-28  9:44 [PATCH proxmox-backup] pull: decrypt: set and check change-detection-fingerprint Fabian Grünbichler
2026-04-28 10:01 ` Dominik Csapak
2026-04-28 12:56 ` Christian Ebner
2026-04-28 13:07 ` applied: " Thomas Lamprecht

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal