From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 42B8D1FF140 for ; Fri, 24 Apr 2026 12:36:52 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 1FB5913334; Fri, 24 Apr 2026 12:36:52 +0200 (CEST) From: Christian Ebner To: pbs-devel@lists.proxmox.com Subject: [PATCH proxmox-backup 0/3] fixup for server side decryption Date: Fri, 24 Apr 2026 12:36:04 +0200 Message-ID: <20260424103607.531400-1-c.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1777026888252 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.071 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [pull.rs] Message-ID-Hash: D5PJTOT7QR4LEH5UZILVDJ2CVETB35DK X-Message-ID-Hash: D5PJTOT7QR4LEH5UZILVDJ2CVETB35DK X-MailFrom: c.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: When decryption keys are set for a pull job, currently it is not correctly distinguished whether the snapshot to be pulled is trueley encrypted or just signed, for both cases the key fingerprint being present on the manifest. Fix this by explicitley checking each files blob crypt mode as registered in the manifest. Further, extend error messages on key mismatch with pre-existing local manifests to also include the signed-only case. Path 1 is a bugfix for a missing check of snapshots being encrypted or signed only on decrypting pull syncs. Patch 2 and 3 are related code cleanups only. Christian Ebner (3): sync: pull decrypt: check if contents only signed or fully encrypted sync: pull: refactor decryption key loading checks api: encryption keys: refactor associated keys check src/api2/config/encryption_keys.rs | 18 +-- src/server/pull.rs | 211 +++++++++++++++++++---------- 2 files changed, 147 insertions(+), 82 deletions(-) -- 2.47.3