From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 8566364551 for ; Mon, 20 Jul 2020 10:26:58 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 6EC28B49F for ; Mon, 20 Jul 2020 10:26:28 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id E2839B495 for ; Mon, 20 Jul 2020 10:26:27 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id A742743193 for ; Mon, 20 Jul 2020 10:26:27 +0200 (CEST) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pve-devel@lists.proxmox.com Date: Mon, 20 Jul 2020 10:26:21 +0200 Message-Id: <20200720082621.1259558-1-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.081 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH qemu-server] fix #2857: restore: pass keyfile to pbs-restore X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jul 2020 08:26:58 -0000 if configured. otherwise restoring encrypted backups will be quite hard.. Signed-off-by: Fabian Grünbichler --- Note: for restore to actually work, we need pbs-restore linked with a bumped libproxmox-backup-qemu which has all the recent changes w.r.t. encryption. we might want to bump pve-qemu-kvm as well to encode these breaking changes in package relations, or add a libproxmox-backup-qemu dependency in qemu-server? PVE/QemuServer.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm index 809124c..0a09f3a 100644 --- a/PVE/QemuServer.pm +++ b/PVE/QemuServer.pm @@ -5937,6 +5937,7 @@ sub restore_proxmox_backup_archive { my $datastore = $scfg->{datastore}; my $username = $scfg->{username} // 'root@pam'; my $fingerprint = $scfg->{fingerprint}; + my $keyfile = PVE::Storage::PBSPlugin::pbs_encryption_key_file_name($storecfg, $storeid); my $repo = "$username\@$server:$datastore"; @@ -6054,6 +6055,7 @@ sub restore_proxmox_backup_archive { ]; push @$pbs_restore_cmd, '--format', $d->{format} if $d->{format}; + push @$pbs_restore_cmd, '--keyfile', $keyfile if -e $keyfile; if (PVE::Storage::volume_has_feature($storecfg, 'sparseinit', $volid)) { push @$pbs_restore_cmd, '--skip-zero'; -- 2.20.1