add encrypted info to Manifest

we want to save if a file of a backup is encrypted, so that we can
* show that info on the gui
* can later decide if we need to decrypt the backup

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
Dominik Csapak 2020-06-18 13:55:23 +02:00 committed by Dietmar Maurer
parent 16021f6ab7
commit e181d2f6da
4 changed files with 28 additions and 12 deletions

View File

@ -57,12 +57,14 @@ fn read_backup_index(store: &DataStore, backup_dir: &BackupDir) -> Result<Vec<Ba
for item in manifest.files() { for item in manifest.files() {
result.push(BackupContent { result.push(BackupContent {
filename: item.filename.clone(), filename: item.filename.clone(),
encrypted: item.encrypted,
size: Some(item.size), size: Some(item.size),
}); });
} }
result.push(BackupContent { result.push(BackupContent {
filename: MANIFEST_BLOB_NAME.to_string(), filename: MANIFEST_BLOB_NAME.to_string(),
encrypted: Some(false),
size: Some(index_size), size: Some(index_size),
}); });
@ -213,7 +215,7 @@ pub fn list_snapshot_files(
for file in info.files { for file in info.files {
if file_set.contains(&file) { continue; } if file_set.contains(&file) { continue; }
files.push(BackupContent { filename: file, size: None }); files.push(BackupContent { filename: file, size: None, encrypted: None });
} }
Ok(files) Ok(files)

View File

@ -503,6 +503,9 @@ pub const PRUNE_SCHEMA_KEEP_YEARLY: Schema = IntegerSchema::new(
/// Basic information about archive files inside a backup snapshot. /// Basic information about archive files inside a backup snapshot.
pub struct BackupContent { pub struct BackupContent {
pub filename: String, pub filename: String,
/// Info if file is encrypted (or empty if we do not have that info)
#[serde(skip_serializing_if="Option::is_none")]
pub encrypted: Option<bool>,
/// Archive size (from backup manifest). /// Archive size (from backup manifest).
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if="Option::is_none")]
pub size: Option<u64>, pub size: Option<u64>,

View File

@ -11,6 +11,7 @@ pub const CLIENT_LOG_BLOB_NAME: &str = "client.log.blob";
pub struct FileInfo { pub struct FileInfo {
pub filename: String, pub filename: String,
pub encrypted: Option<bool>,
pub size: u64, pub size: u64,
pub csum: [u8; 32], pub csum: [u8; 32],
} }
@ -48,9 +49,9 @@ impl BackupManifest {
Self { files: Vec::new(), snapshot } Self { files: Vec::new(), snapshot }
} }
pub fn add_file(&mut self, filename: String, size: u64, csum: [u8; 32]) -> Result<(), Error> { pub fn add_file(&mut self, filename: String, size: u64, csum: [u8; 32], encrypted: Option<bool>) -> Result<(), Error> {
let _archive_type = archive_type(&filename)?; // check type let _archive_type = archive_type(&filename)?; // check type
self.files.push(FileInfo { filename, size, csum }); self.files.push(FileInfo { filename, size, csum, encrypted });
Ok(()) Ok(())
} }
@ -90,11 +91,18 @@ impl BackupManifest {
"backup-time": self.snapshot.backup_time().timestamp(), "backup-time": self.snapshot.backup_time().timestamp(),
"files": self.files.iter() "files": self.files.iter()
.fold(Vec::new(), |mut acc, info| { .fold(Vec::new(), |mut acc, info| {
acc.push(json!({ let mut value = json!({
"filename": info.filename, "filename": info.filename,
"encrypted": info.encrypted,
"size": info.size, "size": info.size,
"csum": proxmox::tools::digest_to_hex(&info.csum), "csum": proxmox::tools::digest_to_hex(&info.csum),
})); });
if let Some(encrypted) = info.encrypted {
value["encrypted"] = encrypted.into();
}
acc.push(value);
acc acc
}) })
}) })
@ -134,7 +142,8 @@ impl TryFrom<Value> for BackupManifest {
let csum = required_string_property(item, "csum")?; let csum = required_string_property(item, "csum")?;
let csum = proxmox::tools::hex_to_digest(csum)?; let csum = proxmox::tools::hex_to_digest(csum)?;
let size = required_integer_property(item, "size")? as u64; let size = required_integer_property(item, "size")? as u64;
manifest.add_file(filename, size, csum)?; let encrypted = item["encrypted"].as_bool();
manifest.add_file(filename, size, csum, encrypted)?;
} }
if manifest.files().is_empty() { if manifest.files().is_empty() {

View File

@ -950,6 +950,8 @@ async fn create_backup(
} }
}; };
let is_encrypted = Some(crypt_config.is_some());
let client = BackupWriter::start( let client = BackupWriter::start(
client, client,
repo.store(), repo.store(),
@ -972,14 +974,14 @@ async fn create_backup(
let stats = client let stats = client
.upload_blob_from_file(&filename, &target, crypt_config.clone(), true) .upload_blob_from_file(&filename, &target, crypt_config.clone(), true)
.await?; .await?;
manifest.add_file(target, stats.size, stats.csum)?; manifest.add_file(target, stats.size, stats.csum, is_encrypted)?;
} }
BackupSpecificationType::LOGFILE => { // fixme: remove - not needed anymore ? BackupSpecificationType::LOGFILE => { // fixme: remove - not needed anymore ?
println!("Upload log file '{}' to '{:?}' as {}", filename, repo, target); println!("Upload log file '{}' to '{:?}' as {}", filename, repo, target);
let stats = client let stats = client
.upload_blob_from_file(&filename, &target, crypt_config.clone(), true) .upload_blob_from_file(&filename, &target, crypt_config.clone(), true)
.await?; .await?;
manifest.add_file(target, stats.size, stats.csum)?; manifest.add_file(target, stats.size, stats.csum, is_encrypted)?;
} }
BackupSpecificationType::PXAR => { BackupSpecificationType::PXAR => {
// start catalog upload on first use // start catalog upload on first use
@ -1005,7 +1007,7 @@ async fn create_backup(
pattern_list.clone(), pattern_list.clone(),
entries_max as usize, entries_max as usize,
).await?; ).await?;
manifest.add_file(target, stats.size, stats.csum)?; manifest.add_file(target, stats.size, stats.csum, is_encrypted)?;
catalog.lock().unwrap().end_directory()?; catalog.lock().unwrap().end_directory()?;
} }
BackupSpecificationType::IMAGE => { BackupSpecificationType::IMAGE => {
@ -1019,7 +1021,7 @@ async fn create_backup(
verbose, verbose,
crypt_config.clone(), crypt_config.clone(),
).await?; ).await?;
manifest.add_file(target, stats.size, stats.csum)?; manifest.add_file(target, stats.size, stats.csum, is_encrypted)?;
} }
} }
} }
@ -1036,7 +1038,7 @@ async fn create_backup(
if let Some(catalog_result_rx) = catalog_result_tx { if let Some(catalog_result_rx) = catalog_result_tx {
let stats = catalog_result_rx.await??; let stats = catalog_result_rx.await??;
manifest.add_file(CATALOG_NAME.to_owned(), stats.size, stats.csum)?; manifest.add_file(CATALOG_NAME.to_owned(), stats.size, stats.csum, is_encrypted)?;
} }
} }
@ -1046,7 +1048,7 @@ async fn create_backup(
let stats = client let stats = client
.upload_blob_from_data(rsa_encrypted_key, target, None, false, false) .upload_blob_from_data(rsa_encrypted_key, target, None, false, false)
.await?; .await?;
manifest.add_file(format!("{}.blob", target), stats.size, stats.csum)?; manifest.add_file(format!("{}.blob", target), stats.size, stats.csum, is_encrypted)?;
// openssl rsautl -decrypt -inkey master-private.pem -in rsa-encrypted.key -out t // openssl rsautl -decrypt -inkey master-private.pem -in rsa-encrypted.key -out t
/* /*