From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 7A7391FF140 for ; Fri, 10 Apr 2026 18:54:58 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 6A80A22E85; Fri, 10 Apr 2026 18:55:43 +0200 (CEST) From: Christian Ebner To: pbs-devel@lists.proxmox.com Subject: [PATCH proxmox-backup v2 04/27] datastore: manifest: add helper for change detection fingerprint Date: Fri, 10 Apr 2026 18:54:31 +0200 Message-ID: <20260410165454.1578501-5-c.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260410165454.1578501-1-c.ebner@proxmox.com> References: <20260410165454.1578501-1-c.ebner@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1775840035991 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.068 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: GLQQ5QB7WLEKFQYKHKQE3YLHAKIMQFVA X-Message-ID-Hash: GLQQ5QB7WLEKFQYKHKQE3YLHAKIMQFVA X-MailFrom: c.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Generates a checksum over the file names and checksums of the manifest, to be stored in the encrypted snapshots manifest when doing server side sync push encryption. The fingerprint will then be used on pull to detect if a manifests file contents did not change and are therefore fine to be skipped (no resync required). The usual byte-wise comparison is not feasible for this. Signed-off-by: Christian Ebner --- pbs-datastore/src/manifest.rs | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/pbs-datastore/src/manifest.rs b/pbs-datastore/src/manifest.rs index fb734a674..5f7d3efcc 100644 --- a/pbs-datastore/src/manifest.rs +++ b/pbs-datastore/src/manifest.rs @@ -236,6 +236,26 @@ impl BackupManifest { } Ok(Some(serde_json::from_value::(verify)?)) } + + /// Set the fingerprint used to detect changes for encrypted -> decrypted syncs + pub fn set_change_detection_fingerprint( + &mut self, + fingerprint: &[u8; 32], + ) -> Result<(), Error> { + let fp_str = hex::encode(fingerprint); + self.unprotected["change-detection-fingerprint"] = serde_json::to_value(fp_str)?; + Ok(()) + } + + /// Generate the fingerprint used to detect changes for encrypted -> decrypted syncs + pub fn change_detection_fingerprint(&self) -> Result<[u8; 32], Error> { + let mut csum = openssl::sha::Sha256::new(); + for file_info in self.files() { + csum.update(file_info.filename.as_bytes()); + csum.update(&file_info.csum); + } + Ok(csum.finish()) + } } impl TryFrom for BackupManifest { -- 2.47.3