diff --git a/src/bin/proxmox-backup-client.rs b/src/bin/proxmox-backup-client.rs index 66e6a3ba..f8bf6574 100644 --- a/src/bin/proxmox-backup-client.rs +++ b/src/bin/proxmox-backup-client.rs @@ -1095,14 +1095,8 @@ async fn restore_do(param: Value) -> Result { .map_err(|err| format_err!("unable to pipe data - {}", err))?; } } else if server_archive_name.ends_with(".fidx") { - let tmpfile = client.download(&server_archive_name, tmpfile).await?; - let index = FixedIndexReader::new(tmpfile) - .map_err(|err| format_err!("unable to read fixed index '{}' - {}", archive_name, err))?; - - // Note: do not use values stored in index (not trusted) - instead, computed them again - let (csum, size) = index.compute_csum(); - manifest.verify_file(&server_archive_name, &csum, size)?; + let index = client.download_fixed_index(&manifest, &server_archive_name).await?; let mut writer = if let Some(target) = target { std::fs::OpenOptions::new() diff --git a/src/client/backup_reader.rs b/src/client/backup_reader.rs index 01bba7f7..1eff6459 100644 --- a/src/client/backup_reader.rs +++ b/src/client/backup_reader.rs @@ -162,4 +162,32 @@ impl BackupReader { Ok(index) } + + /// Download fixed index file + /// + /// This creates a temorary file in /tmp (using O_TMPFILE). The index is verified using + /// the provided manifest. + pub async fn download_fixed_index( + &self, + manifest: &BackupManifest, + name: &str, + ) -> Result { + + let tmpfile = std::fs::OpenOptions::new() + .write(true) + .read(true) + .custom_flags(libc::O_TMPFILE) + .open("/tmp")?; + + let tmpfile = self.download(name, tmpfile).await?; + + let index = FixedIndexReader::new(tmpfile) + .map_err(|err| format_err!("unable to read fixed index '{}' - {}", name, err))?; + + // Note: do not use values stored in index (not trusted) - instead, computed them again + let (csum, size) = index.compute_csum(); + manifest.verify_file(name, &csum, size)?; + + Ok(index) + } }