src/bin/proxmox-backup-client.rs: sign index.json

src/bin/proxmox-backup-client.rs

@@ -626,7 +626,7 @@ fn create_backup(
     if let Some(rsa_encrypted_key) = rsa_encrypted_key {
         let target = "rsa-encrypted.key";
         println!("Upload RSA encoded key to '{:?}' as {}", repo, target);
-        let stats = client.upload_blob_from_data(rsa_encrypted_key, target, None, false).wait()?;
+        let stats = client.upload_blob_from_data(rsa_encrypted_key, target, None, false, false).wait()?;
         file_list.push((target.to_owned(), stats));
 
         // openssl rsautl -decrypt -inkey master-private.pem -in rsa-encrypted.key -out t
@@ -657,7 +657,7 @@ fn create_backup(
 
     println!("Upload index.json to '{:?}'", repo);
     let index_data = serde_json::to_string_pretty(&index)?.into();
-    client.upload_blob_from_data(index_data, "index.json", crypt_config.clone(), true).wait()?;
+    client.upload_blob_from_data(index_data, "index.json", crypt_config.clone(), true, true).wait()?;
 
     client.finish().wait()?;
 

src/client/http_client.rs

@@ -597,6 +597,7 @@ impl BackupClient {
         file_name: &str,
         crypt_config: Option<Arc<CryptConfig>>,
         compress: bool,
+        sign_only: bool,
      ) -> impl Future<Item=BackupStats, Error=Error> {
 
         let h2 = self.h2.clone();
@@ -606,7 +607,11 @@ impl BackupClient {
         futures::future::ok(())
             .and_then(move |_| {
                 let blob = if let Some(ref crypt_config) = crypt_config {
-                    DataBlob::encode(&data, Some(crypt_config), compress)?
+                    if sign_only {
+                        DataBlob::create_signed(&data, crypt_config, compress)?
+                    } else {
+                        DataBlob::encode(&data, Some(crypt_config), compress)?
+                    }
                 } else {
                     DataBlob::encode(&data, None, compress)?
                 };