From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 839E61FF136 for ; Mon, 20 Apr 2026 18:16:03 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 02F59840B; Mon, 20 Apr 2026 18:15:53 +0200 (CEST) From: Christian Ebner To: pbs-devel@lists.proxmox.com Subject: [PATCH proxmox-backup v4 05/30] datastore: manifest: add helper for change detection fingerprint Date: Mon, 20 Apr 2026 18:15:08 +0200 Message-ID: <20260420161533.1055484-6-c.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260420161533.1055484-1-c.ebner@proxmox.com> References: <20260420161533.1055484-1-c.ebner@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1776701663569 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.070 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: U7DOU7IHK5TA4ZUEKNCUPKWHQAHR7SUM X-Message-ID-Hash: U7DOU7IHK5TA4ZUEKNCUPKWHQAHR7SUM X-MailFrom: c.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Generates a checksum over the file names and checksums of the manifest, to be stored in the encrypted snapshots manifest when doing server side sync push encryption. The fingerprint will then be used on pull to detect if a manifests file contents did not change and are therefore fine to be skipped (no resync required). The usual byte-wise comparison is not feasible for this. Signed-off-by: Christian Ebner --- pbs-datastore/src/manifest.rs | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/pbs-datastore/src/manifest.rs b/pbs-datastore/src/manifest.rs index fb734a674..5f7d3efcc 100644 --- a/pbs-datastore/src/manifest.rs +++ b/pbs-datastore/src/manifest.rs @@ -236,6 +236,26 @@ impl BackupManifest { } Ok(Some(serde_json::from_value::(verify)?)) } + + /// Set the fingerprint used to detect changes for encrypted -> decrypted syncs + pub fn set_change_detection_fingerprint( + &mut self, + fingerprint: &[u8; 32], + ) -> Result<(), Error> { + let fp_str = hex::encode(fingerprint); + self.unprotected["change-detection-fingerprint"] = serde_json::to_value(fp_str)?; + Ok(()) + } + + /// Generate the fingerprint used to detect changes for encrypted -> decrypted syncs + pub fn change_detection_fingerprint(&self) -> Result<[u8; 32], Error> { + let mut csum = openssl::sha::Sha256::new(); + for file_info in self.files() { + csum.update(file_info.filename.as_bytes()); + csum.update(&file_info.csum); + } + Ok(csum.finish()) + } } impl TryFrom for BackupManifest { -- 2.47.3