introduce a CryptMode enum

This also replaces the recently introduced --encryption
parameter on the client with a --crypt-mode parameter.

This can be "none", "encrypt" or "sign-only".

Note that this introduces various changes in the API types
which previously did not take the above distinction into
account properly:

Both `BackupContent` and the manifest's `FileInfo`:
    lose `encryption: Option<bool>`
    gain `crypt_mode: Option<CryptMode>`

Within the backup manifest itself, the "crypt-mode" property
will always be set.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

src/api2/admin/datastore.rs

@@ -52,14 +52,14 @@ fn read_backup_index(store: &DataStore, backup_dir: &BackupDir) -> Result<Vec<Ba
     for item in manifest.files() {
         result.push(BackupContent {
             filename: item.filename.clone(),
-            encrypted: item.encrypted,
+            crypt_mode: Some(item.crypt_mode),
             size: Some(item.size),
         });
     }
 
     result.push(BackupContent {
         filename: MANIFEST_BLOB_NAME.to_string(),
-        encrypted: Some(false),
+        crypt_mode: None,
         size: Some(index_size),
     });
 
@@ -79,7 +79,11 @@ fn get_all_snapshot_files(
 
     for file in &info.files {
         if file_set.contains(file) { continue; }
-        files.push(BackupContent { filename: file.to_string(), size: None, encrypted: None });
+        files.push(BackupContent {
+            filename: file.to_string(),
+            size: None,
+            crypt_mode: None,
+        });
     }
 
     Ok(files)
@@ -350,7 +354,15 @@ pub fn list_snapshots (
             },
             Err(err) => {
                 eprintln!("error during snapshot file listing: '{}'", err);
-                info.files.iter().map(|x| BackupContent { filename: x.to_string(), size: None, encrypted: None }).collect()
+                info
+                    .files
+                    .iter()
+                    .map(|x| BackupContent {
+                        filename: x.to_string(),
+                        size: None,
+                        crypt_mode: None,
+                    })
+                    .collect()
             },
         };
 
@@ -902,7 +914,7 @@ fn download_file_decoded(
 
         let files = read_backup_index(&datastore, &backup_dir)?;
         for file in files {
-            if file.filename == file_name && file.encrypted == Some(true) {
+            if file.filename == file_name && file.crypt_mode == Some(CryptMode::Encrypt) {
                 bail!("cannot decode '{}' - is encrypted", file_name);
             }
         }

src/api2/types.rs

@@ -5,6 +5,8 @@ use proxmox::api::{api, schema::*};
 use proxmox::const_regex;
 use proxmox::{IPRE, IPV4RE, IPV6RE, IPV4OCTET, IPV6H16, IPV6LS32};
 
+use crate::backup::CryptMode;
+
 // File names: may not contain slashes, may not start with "."
 pub const FILENAME_FORMAT: ApiStringFormat = ApiStringFormat::VerifyFn(|name| {
     if name.starts_with('.') {
@@ -496,6 +498,10 @@ pub const PRUNE_SCHEMA_KEEP_YEARLY: Schema = IntegerSchema::new(
         "filename": {
             schema: BACKUP_ARCHIVE_NAME_SCHEMA,
         },
+        "crypt-mode": {
+            type: CryptMode,
+            optional: true,
+        },
     },
 )]
 #[derive(Serialize, Deserialize)]
@@ -503,9 +509,9 @@ pub const PRUNE_SCHEMA_KEEP_YEARLY: Schema = IntegerSchema::new(
 /// Basic information about archive files inside a backup snapshot.
 pub struct BackupContent {
     pub filename: String,
-    /// Info if file is encrypted (or empty if we do not have that info)
+    /// Info if file is encrypted, signed, or neither.
     #[serde(skip_serializing_if="Option::is_none")]
-    pub encrypted: Option<bool>,
+    pub crypt_mode: Option<CryptMode>,
     /// Archive size (from backup manifest).
     #[serde(skip_serializing_if="Option::is_none")]
     pub size: Option<u64>,