From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 9B3C81FF15C for ; Wed, 7 Aug 2024 12:33:41 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 86DE8484C; Wed, 7 Aug 2024 12:33:50 +0200 (CEST) MIME-Version: 1.0 In-Reply-To: <20240801074403.36229-10-c.ebner@proxmox.com> References: <20240801074403.36229-1-c.ebner@proxmox.com> <20240801074403.36229-10-c.ebner@proxmox.com> From: Fabian =?utf-8?q?Gr=C3=BCnbichler?= To: Christian Ebner , pbs-devel@lists.proxmox.com Date: Wed, 07 Aug 2024 12:33:08 +0200 Message-ID: <172302678802.107519.11113800752127746427@yuna.proxmox.com> User-Agent: alot/0.10 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.048 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com, mod.rs, benchmark.rs, upload-speed.rs, main.rs] Subject: Re: [pbs-devel] [PATCH v2 proxmox-backup 09/31] api: backup: add no-timestamp-check flag to backup endpoint X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" Quoting Christian Ebner (2024-08-01 09:43:41) > By setting the optional `no-timestamp-check` flag when calling the > `backup` endpoint, the check for a strictly monotonically increase > of the snapshots backup timestamp will be skipped. > This has to be used when pushing backups to a target, where monotonic > increase of the snapshot timestamp with respect to the previous > snapshot present in the group cannot be guaranteed. why is this the case for push based syncing, but not pull based syncing? both could have the same semantics, and use "last snapshot on sync target" as starting point for syncing.. I am not sure this needs to be part of a minimal implementation of push based syncing, we should probably rather tackle this for both kinds of syncs as a follow-up (e.g., the "re-sync corrupt and/or missing snapshots" feature). it's also a bit dangerous, since it allows "stuffing" a backup group retro-actively with fake backups, which in turn allows an attacker to abuse automatic pruning to prune all real backup snapshots.. > Signed-off-by: Christian Ebner > --- > changes since version 1: > - rename flag from `ignore-previous` to the now more fitting > `no-timestamp-check` > - Only ignore the timestamp check if the flag is set, but nevertheless > get the previous snapshots manifest if present to allow the upload of > reused chunks indexed in the previous snapshot. > > examples/upload-speed.rs | 1 + > pbs-client/src/backup_writer.rs | 4 +++- > proxmox-backup-client/src/benchmark.rs | 1 + > proxmox-backup-client/src/main.rs | 1 + > src/api2/backup/mod.rs | 4 +++- > 5 files changed, 9 insertions(+), 2 deletions(-) > > diff --git a/examples/upload-speed.rs b/examples/upload-speed.rs > index e4b570ec5..8a6594a47 100644 > --- a/examples/upload-speed.rs > +++ b/examples/upload-speed.rs > @@ -25,6 +25,7 @@ async fn upload_speed() -> Result { > &(BackupType::Host, "speedtest".to_string(), backup_time).into(), > false, > true, > + false, > ) > .await?; > > diff --git a/pbs-client/src/backup_writer.rs b/pbs-client/src/backup_writer.rs > index dbb7db0e8..9e59bbee8 100644 > --- a/pbs-client/src/backup_writer.rs > +++ b/pbs-client/src/backup_writer.rs > @@ -101,6 +101,7 @@ impl BackupWriter { > backup: &BackupDir, > debug: bool, > benchmark: bool, > + no_timestamp_check: bool, > ) -> Result, Error> { > let mut param = json!({ > "backup-type": backup.ty(), > @@ -108,7 +109,8 @@ impl BackupWriter { > "backup-time": backup.time, > "store": datastore, > "debug": debug, > - "benchmark": benchmark > + "benchmark": benchmark, > + "no-timestamp-check": no_timestamp_check, > }); > > if !ns.is_root() { > diff --git a/proxmox-backup-client/src/benchmark.rs b/proxmox-backup-client/src/benchmark.rs > index 2145d45e2..3fe45f5fe 100644 > --- a/proxmox-backup-client/src/benchmark.rs > +++ b/proxmox-backup-client/src/benchmark.rs > @@ -236,6 +236,7 @@ async fn test_upload_speed( > &(BackupType::Host, "benchmark".to_string(), backup_time).into(), > false, > true, > + false, > ) > .await?; > > diff --git a/proxmox-backup-client/src/main.rs b/proxmox-backup-client/src/main.rs > index 5edb2a824..c5d0da0aa 100644 > --- a/proxmox-backup-client/src/main.rs > +++ b/proxmox-backup-client/src/main.rs > @@ -967,6 +967,7 @@ async fn create_backup( > &snapshot, > true, > false, > + false, > ) > .await?; > > diff --git a/src/api2/backup/mod.rs b/src/api2/backup/mod.rs > index ea0d0292e..59a302f53 100644 > --- a/src/api2/backup/mod.rs > +++ b/src/api2/backup/mod.rs > @@ -52,6 +52,7 @@ pub const API_METHOD_UPGRADE_BACKUP: ApiMethod = ApiMethod::new( > ("backup-time", false, &BACKUP_TIME_SCHEMA), > ("debug", true, &BooleanSchema::new("Enable verbose debug logging.").schema()), > ("benchmark", true, &BooleanSchema::new("Job is a benchmark (do not keep data).").schema()), > + ("no-timestamp-check", true, &BooleanSchema::new("Ignore timestamp check relative to previous snapshot.").schema()), > ]), > ) > ).access( > @@ -78,6 +79,7 @@ fn upgrade_to_backup_protocol( > async move { > let debug = param["debug"].as_bool().unwrap_or(false); > let benchmark = param["benchmark"].as_bool().unwrap_or(false); > + let no_timestamp_check = param["no-timestamp-check"].as_bool().unwrap_or(false); > > let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?; > > @@ -178,7 +180,7 @@ fn upgrade_to_backup_protocol( > let backup_dir = backup_group.backup_dir(backup_dir_arg.time)?; > > let _last_guard = if let Some(last) = &last_backup { > - if backup_dir.backup_time() <= last.backup_dir.backup_time() { > + if !no_timestamp_check && backup_dir.backup_time() <= last.backup_dir.backup_time() { > bail!("backup timestamp is older than last backup."); > } > > -- > 2.39.2 > > > > _______________________________________________ > pbs-devel mailing list > pbs-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel > > _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel