src/bin/proxmox-backup-client.rs: add keyfile parameter for backup
This commit is contained in:
parent
181f097af9
commit
6d0983dbe1
@ -142,7 +142,7 @@ pub fn store_key_with_passphrase(
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn load_and_decrtypt_key(path: &std::path::Path, passphrase: fn() -> Result<Vec<u8>, Error>) -> Result<Vec<u8>, Error> {
|
pub fn load_and_decrtypt_key(path: &std::path::Path, passphrase: fn() -> Result<Vec<u8>, Error>) -> Result<[u8;32], Error> {
|
||||||
|
|
||||||
let raw = crate::tools::file_get_contents(&path)?;
|
let raw = crate::tools::file_get_contents(&path)?;
|
||||||
let data = String::from_utf8(raw)?;
|
let data = String::from_utf8(raw)?;
|
||||||
@ -151,7 +151,7 @@ pub fn load_and_decrtypt_key(path: &std::path::Path, passphrase: fn() -> Result<
|
|||||||
|
|
||||||
let raw_data = key_config.data;
|
let raw_data = key_config.data;
|
||||||
|
|
||||||
if let Some(kdf) = key_config.kdf {
|
let key = if let Some(kdf) = key_config.kdf {
|
||||||
|
|
||||||
let passphrase = passphrase()?;
|
let passphrase = passphrase()?;
|
||||||
if passphrase.len() < 5 {
|
if passphrase.len() < 5 {
|
||||||
@ -178,8 +178,13 @@ pub fn load_and_decrtypt_key(path: &std::path::Path, passphrase: fn() -> Result<
|
|||||||
&tag,
|
&tag,
|
||||||
).map_err(|err| format_err!("Unable to decrypt key - {}", err))?;
|
).map_err(|err| format_err!("Unable to decrypt key - {}", err))?;
|
||||||
|
|
||||||
Ok(decr_data)
|
decr_data
|
||||||
} else {
|
} else {
|
||||||
Ok(raw_data)
|
raw_data
|
||||||
}
|
};
|
||||||
|
|
||||||
|
let mut result = [0u8; 32];
|
||||||
|
result.copy_from_slice(&key);
|
||||||
|
|
||||||
|
Ok(result)
|
||||||
}
|
}
|
||||||
|
@ -407,6 +407,8 @@ fn create_backup(
|
|||||||
verify_chunk_size(size)?;
|
verify_chunk_size(size)?;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let keyfile = param["keyfile"].as_str().map(|p| PathBuf::from(p));
|
||||||
|
|
||||||
let backup_id = param["host-id"].as_str().unwrap_or(&tools::nodename());
|
let backup_id = param["host-id"].as_str().unwrap_or(&tools::nodename());
|
||||||
|
|
||||||
let mut upload_list = vec![];
|
let mut upload_list = vec![];
|
||||||
@ -466,7 +468,13 @@ fn create_backup(
|
|||||||
println!("Client name: {}", tools::nodename());
|
println!("Client name: {}", tools::nodename());
|
||||||
println!("Start Time: {}", backup_time.to_rfc3339());
|
println!("Start Time: {}", backup_time.to_rfc3339());
|
||||||
|
|
||||||
let crypt_config = None;
|
let crypt_config = match keyfile {
|
||||||
|
None => None,
|
||||||
|
Some(path) => {
|
||||||
|
let key = load_and_decrtypt_key(&path, get_encryption_key_password)?;
|
||||||
|
Some(Arc::new(CryptConfig::new(key)?))
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
let client = client.start_backup(repo.store(), "host", &backup_id, verbose).wait()?;
|
let client = client.start_backup(repo.store(), "host", &backup_id, verbose).wait()?;
|
||||||
|
|
||||||
@ -884,7 +892,7 @@ fn key_change_passphrase(
|
|||||||
store_key_config(&path, true, KeyConfig {
|
store_key_config(&path, true, KeyConfig {
|
||||||
kdf: None,
|
kdf: None,
|
||||||
created,
|
created,
|
||||||
data: key,
|
data: key.to_vec(),
|
||||||
})?;
|
})?;
|
||||||
|
|
||||||
Ok(Value::Null)
|
Ok(Value::Null)
|
||||||
@ -951,6 +959,9 @@ fn main() {
|
|||||||
backup_source_schema,
|
backup_source_schema,
|
||||||
).min_length(1)
|
).min_length(1)
|
||||||
)
|
)
|
||||||
|
.optional(
|
||||||
|
"keyfile",
|
||||||
|
StringSchema::new("Path to encryption key. All data will be encrypted using this key."))
|
||||||
.optional(
|
.optional(
|
||||||
"verbose",
|
"verbose",
|
||||||
BooleanSchema::new("Verbose output.").default(false))
|
BooleanSchema::new("Verbose output.").default(false))
|
||||||
@ -968,6 +979,7 @@ fn main() {
|
|||||||
.arg_param(vec!["repository", "backupspec"])
|
.arg_param(vec!["repository", "backupspec"])
|
||||||
.completion_cb("repository", complete_repository)
|
.completion_cb("repository", complete_repository)
|
||||||
.completion_cb("backupspec", complete_backup_source)
|
.completion_cb("backupspec", complete_backup_source)
|
||||||
|
.completion_cb("keyfile", tools::complete_file_name)
|
||||||
.completion_cb("chunk-size", complete_chunk_size);
|
.completion_cb("chunk-size", complete_chunk_size);
|
||||||
|
|
||||||
let list_cmd_def = CliCommand::new(
|
let list_cmd_def = CliCommand::new(
|
||||||
|
Loading…
Reference in New Issue
Block a user