From: Jakob Klocker <j.klocker@proxmox.com>
To: pbs-devel@lists.proxmox.com
Cc: Jakob Klocker <j.klocker@proxmox.com>
Subject: [PATCH proxmox-backup 2/2] fix #6990: server: drop verify state on push job
Date: Thu, 9 Jul 2026 14:21:35 +0200 [thread overview]
Message-ID: <20260709122136.352839-3-j.klocker@proxmox.com> (raw)
In-Reply-To: <20260709122136.352839-1-j.klocker@proxmox.com>
When pushing a snapshot the target manifest is recreated from the source
manifest, copying its verify_state. As with pull, this makes the pushed
snapshot appear verified on the remote without its stored copy having
been checked there.
Strip verify_state after copying the unprotected section so the pushed
snapshot is verified independently on the target.
Link: https://bugzilla.proxmox.com/show_bug.cgi?id=6990
Signed-off-by: Jakob Klocker <j.klocker@proxmox.com>
---
src/server/push.rs | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/server/push.rs b/src/server/push.rs
index 7b3cac4cd..92d32bceb 100644
--- a/src/server/push.rs
+++ b/src/server/push.rs
@@ -1364,6 +1364,12 @@ pub(crate) async fn push_snapshot(
// Rewrite manifest for pushed snapshot, recreating manifest from source on target,
// needs to update all relevant info for new manifest.
target_manifest.unprotected = source_manifest.unprotected.clone();
+
+ if let Some(unprotected) = target_manifest.unprotected.as_object_mut() {
+ unprotected.remove("verify_state");
+ } else {
+ bail!("Encountered unexpected manifest without 'unprotected' section.");
+ }
let manifest_string = if let Some((_id, crypt_config)) = &encrypt_using_key {
let sync_source_signature = source_manifest.signature(crypt_config)?;
target_manifest.set_sync_source_signature(&sync_source_signature)?;
--
2.47.3
prev parent reply other threads:[~2026-07-09 12:21 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-09 12:21 [PATCH proxmox-backup 0/2] fix #6990: server: drop verify state on push & pull job Jakob Klocker
2026-07-09 12:21 ` [PATCH proxmox-backup 1/2] fix #6990: server: drop verify state on non-decrypt " Jakob Klocker
2026-07-09 12:21 ` Jakob Klocker [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260709122136.352839-3-j.klocker@proxmox.com \
--to=j.klocker@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox