From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 3C6541FF13F for ; Fri, 24 Apr 2026 00:44:12 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0091D300B; Fri, 24 Apr 2026 00:44:12 +0200 (CEST) From: Thomas Lamprecht To: pbs-devel@lists.proxmox.com, Christian Ebner Subject: applied: [PATCH proxmox{,-backup} v5 00/30] fix #7251: implement server side encryption support for push sync jobs Date: Fri, 24 Apr 2026 00:38:10 +0200 Message-ID: <177698386724.726567.13658777666523962267.b4-ty@b4> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260420161533.1055484-1-c.ebner@proxmox.com> References: <20260420161533.1055484-1-c.ebner@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1776984157819 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.123 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LOTSOFHASH 0.25 Emails with lots of hash-like gibberish SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: ZORG3DH3BBPTPICFOCMOYGAFU57CKTFL X-Message-ID-Hash: ZORG3DH3BBPTPICFOCMOYGAFU57CKTFL X-MailFrom: t.lamprecht@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Mon, 20 Apr 2026 18:15:03 +0200, Christian Ebner wrote: > This patch series implements support for encrypting backup snapshots > when pushing from a source PBS instance to an untrusted remote target > PBS instance. Further, it adds support to decrypt snapshots being > encrypted on the remote source PBS when pulling the contents to the > local target PBS instance. This allows to perform full server side > encryption/decryption when syncing with a less trusted remote PBS. > > [...] NOTE: I applied the **v5** you had on the staff repo with some fixes from offlist discussion, but I figured it still made sense to reply here as applied for the sake of tracking and having a record here, thanks! I also made a few selected follow-up changes that I squashed in, I annotated the commits where I did for transparency. Should I overlooked something please just holler at me and I'll take a look to fix this again. Oh, and very nice work! FWIW, I did e2e test relatively late in the series and mostly just a few nits with the UI, which is rather rare. [01/28] sync: push: use tracing macros instead of log (no commit info) [02/28] datastore: blob: implement async reader for data blobs commit: e929be4d7f3672e8b1167fdc3439b98b0ff6f299 [03/28] datastore: manifest: add helper for change detection fingerprint commit: 87a819311a43a293ae8b75c2ef5056da9a4a23ab [04/28] pbs-key-config: introduce store_with() for KeyConfig commit: 55f66ba2eccfc40abcb7a0e8f993367e86c3b79f [05/28] pbs-config: implement encryption key config handling commit: a78dd6f221abd4a7dcfddba100aefe3513e0f76e [06/28] pbs-config: acls: add 'encryption-keys' as valid 'system' subpath commit: 0511b092d83221a22234530f9005668570b61d0a [07/28] ui: expose 'encryption-keys' as acl subpath for 'system' commit: 94d1b50b8ca4cc8f8db61b5428d2f5d855766673 [08/28] sync: add helper to check encryption key acls and load key commit: e303c9f275f0da83cf37675bbcb252480fd954f2 [09/28] api: config: add endpoints for encryption key manipulation commit: 8e0af7302f6942e092dbfd128d9ecd7a09afe103 [10/28] api: config: check sync owner has access to en-/decryption keys commit: 4de98e18629873956bccd1d3420c3507efedc4f8 [11/28] api: config: allow encryption key manipulation for sync job commit: bd30281d4f5fd87c4f317c8ce6503fdc2d7d68fb [12/28] sync: push: rewrite manifest instead of pushing pre-existing one commit: e79c5b693af491d79754d8202d94214876c2aabb [13/28] api: push sync: expose optional encryption key for push sync commit: 017367f0e95903df53897d434c0246269343db34 [14/28] sync: push: optionally encrypt data blob on upload commit: 43392b2f337d05b989d96d64191eaff91476a903 [15/28] sync: push: optionally encrypt client log on upload if key is given commit: d5d32af287673ed1781445b7261f6879ca78cf91 [16/28] sync: push: add helper for loading known chunks from previous snapshot commit: 0f4222a68dc54ce128a8ab7438803c84448e38e5 [17/28] fix #7251: api: push: encrypt snapshots using configured encryption key commit: eed12fb0e78899beea45016d4e215a7a75ca0e58 [18/28] ui: define and expose encryption key management menu item and windows commit: d4725c6002227c3587b74790a951cba394f238b0 [19/28] ui: expose assigning encryption key to sync jobs commit: 8c12731a1259b3531c2b3011fdb25381c2059e82 [20/28] sync: pull: load encryption key if given in job config commit: 0bdb658a5f8a199b32edbe7bf7929ee5112625bb [21/28] sync: expand source chunk reader trait by crypt config commit: 6949158306c163159e073e63cb223ead9a072145 [22/28] sync: pull: introduce and use decrypt index writer if crypt config commit: ad4e3caa6b2b96ddd661fb4efd7516a9555d1aad [23/28] sync: pull: extend encountered chunk by optional decrypted digest commit: 23e79689671c9432a70fbedc3e09488834be4e03 [24/28] sync: pull: decrypt blob files on pull if encryption key is configured commit: 2f94320db105d255387e1de4254c42c5c7b62fae [25/28] sync: pull: decrypt chunks and rewrite index file for matching key commit: 18327080fb4333fb03d245f1e62b4c61090c12ff [26/28] sync: pull: decrypt snapshots with matching encryption key fingerprint commit: 8d389d42313aafdc59f47f1f86dee7c156835691 [27/28] api: encryption keys: allow to toggle the archived state for keys commit: 4bb90f6e00f3b6097bd4ce425766060448c28c42 [28/28] docs: add section describing server side encryption for sync jobs commit: 809c769493e3d8c0b6a18d006e467ee9e36aa30f