From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 465011FF143 for ; Sat, 11 Apr 2026 10:51:36 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 03A304E79; Sat, 11 Apr 2026 10:52:13 +0200 (CEST) From: Thomas Lamprecht To: c.ebner@proxmox.com Subject: Re: [PATCH proxmox-backup v2 25/27] sync: pull: decrypt blob files on pull if encryption key is configured Date: Sat, 11 Apr 2026 10:02:14 +0200 Message-ID: <20260411085154.1961287-10-t.lamprecht@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260410165454.1578501-26-c.ebner@proxmox.com> References: <20260411085154.1961287-1-t.lamprecht@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1775897455345 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.002 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [pull.rs] Message-ID-Hash: UOIK6LI2P5JWBABMKQ325TQUMD7JPJ6H X-Message-ID-Hash: UOIK6LI2P5JWBABMKQ325TQUMD7JPJ6H X-MailFrom: t.lamprecht@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: pbs-devel@lists.proxmox.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Am 10.04.26 um 18:54 schrieb Christian Ebner: > diff --git a/src/server/pull.rs b/src/server/pull.rs > @@ -409,6 +411,49 @@ async fn pull_single_archive<'a>( > > + let mut decrypted_tmp_path = tmp_path.clone(); > + decrypted_tmp_path.set_extension("dectmp"); > + let result = proxmox_lang::try_block!({ Good, the .dectmp cleanup on error is handled now - thanks for fixing that from v1. The blob decryption computes csum/size here but they seem to be unused? the new_manifest and the add_file() calls for blobs only appear in patch 27. At this commit the decrypted file replaces the encrypted one on disk, but the manifest still carries the encrypted file's checksum. Consider squashing the manifest registration into this commit, or at least comment that this is intentionally "disarmed" and completed by the later patch (similar to how patch 23 documents it for the index writer).