From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 8830B1FF13A for ; Wed, 29 Apr 2026 11:29:34 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 25E59252AE; Wed, 29 Apr 2026 11:29:34 +0200 (CEST) From: Christian Ebner To: pbs-devel@lists.proxmox.com Subject: [PATCH proxmox-backup 0/2] gracefully handle signature mismatch from previous manifest load during encrypting push sync Date: Wed, 29 Apr 2026 11:28:45 +0200 Message-ID: <20260429092847.381438-1-c.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1777454842058 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.071 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [push.rs] Message-ID-Hash: CSD2V7AYOMQFNZUDV7TKZ2N7JWHASIW7 X-Message-ID-Hash: CSD2V7AYOMQFNZUDV7TKZ2N7JWHASIW7 X-MailFrom: c.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This patches more gracefully handle an otherwise rather alerting log message during push sync jobs with configured active encryption key, stating a key mismatch in the manifest signature check error. During push, the previous snapshot of the backup group on the remote target is being used for chunk deduplicaton on upload. When fetching, the previous manifest's signature is checked against the backup writer's key, which may however not match if the previous snapshot is encrypted by a different key. This being normal operation, log a less alerting log message stating that deduplication using the previous snapshot is skipped instead. Christian Ebner (2): client: allow skipping signature check on previous manifest fetching sync: push: gracefully handle previous manifest signature mismatches pbs-client/src/backup_writer.rs | 22 +++++++++++++++++++--- src/server/push.rs | 24 ++++++++++++++++++++++-- 2 files changed, 41 insertions(+), 5 deletions(-) -- 2.47.3