client: check fingerprint after downloading manifest
this is stricter than the check that happened on manifest load, as it also fails if the manifest is signed but we don't have a key available. add some additional output at the start of a backup to indicate whether a previous manifest is available to base the backup on. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
parent
a0ef68b93c
commit
23f9503a31
|
@ -1099,10 +1099,23 @@ async fn create_backup(
|
||||||
false
|
false
|
||||||
).await?;
|
).await?;
|
||||||
|
|
||||||
let previous_manifest = if let Ok(previous_manifest) = client.download_previous_manifest().await {
|
let previous_manifest = match client.download_previous_manifest().await {
|
||||||
|
Ok(previous_manifest) => {
|
||||||
|
match previous_manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref)) {
|
||||||
|
Ok(()) => {
|
||||||
|
println!("Successfully downloaded previous manifest.");
|
||||||
Some(Arc::new(previous_manifest))
|
Some(Arc::new(previous_manifest))
|
||||||
} else {
|
},
|
||||||
|
Err(err) => {
|
||||||
|
println!("Couldn't re-use pevious manifest - {}", err);
|
||||||
None
|
None
|
||||||
|
},
|
||||||
|
}
|
||||||
|
},
|
||||||
|
Err(err) => {
|
||||||
|
println!("Couldn't download pevious manifest - {}", err);
|
||||||
|
None
|
||||||
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
let snapshot = BackupDir::new(backup_type, backup_id, backup_time)?;
|
let snapshot = BackupDir::new(backup_type, backup_id, backup_time)?;
|
||||||
|
@ -1400,6 +1413,7 @@ async fn restore(param: Value) -> Result<Value, Error> {
|
||||||
).await?;
|
).await?;
|
||||||
|
|
||||||
let (manifest, backup_index_data) = client.download_manifest().await?;
|
let (manifest, backup_index_data) = client.download_manifest().await?;
|
||||||
|
manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref))?;
|
||||||
|
|
||||||
let (archive_name, archive_type) = parse_archive_type(archive_name);
|
let (archive_name, archive_type) = parse_archive_type(archive_name);
|
||||||
|
|
||||||
|
|
|
@ -92,6 +92,7 @@ async fn dump_catalog(param: Value) -> Result<Value, Error> {
|
||||||
).await?;
|
).await?;
|
||||||
|
|
||||||
let (manifest, _) = client.download_manifest().await?;
|
let (manifest, _) = client.download_manifest().await?;
|
||||||
|
manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref))?;
|
||||||
|
|
||||||
let index = client.download_dynamic_index(&manifest, CATALOG_NAME).await?;
|
let index = client.download_dynamic_index(&manifest, CATALOG_NAME).await?;
|
||||||
|
|
||||||
|
@ -199,6 +200,7 @@ async fn catalog_shell(param: Value) -> Result<(), Error> {
|
||||||
.open("/tmp")?;
|
.open("/tmp")?;
|
||||||
|
|
||||||
let (manifest, _) = client.download_manifest().await?;
|
let (manifest, _) = client.download_manifest().await?;
|
||||||
|
manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref))?;
|
||||||
|
|
||||||
let index = client.download_dynamic_index(&manifest, &server_archive_name).await?;
|
let index = client.download_dynamic_index(&manifest, &server_archive_name).await?;
|
||||||
let most_used = index.find_most_used_chunks(8);
|
let most_used = index.find_most_used_chunks(8);
|
||||||
|
|
|
@ -214,6 +214,7 @@ async fn mount_do(param: Value, pipe: Option<RawFd>) -> Result<Value, Error> {
|
||||||
).await?;
|
).await?;
|
||||||
|
|
||||||
let (manifest, _) = client.download_manifest().await?;
|
let (manifest, _) = client.download_manifest().await?;
|
||||||
|
manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref))?;
|
||||||
|
|
||||||
let file_info = manifest.lookup_file_info(&server_archive_name)?;
|
let file_info = manifest.lookup_file_info(&server_archive_name)?;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue