[pbs-devel] [PATCH proxmox-backup 2/7] fix #3197: skip fingerprint check when restoring key
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Dec 16 14:41:06 CET 2020
when restoring an encrypted key, the original one is obviously not
available to check the fingerprint with.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
src/bin/proxmox-backup-client.rs | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/bin/proxmox-backup-client.rs b/src/bin/proxmox-backup-client.rs
index 1c456aab..36da624e 100644
--- a/src/bin/proxmox-backup-client.rs
+++ b/src/bin/proxmox-backup-client.rs
@@ -1273,10 +1273,15 @@ async fn restore(param: Value) -> Result<Value, Error> {
true,
).await?;
+ let (archive_name, archive_type) = parse_archive_type(archive_name);
+
let (manifest, backup_index_data) = client.download_manifest().await?;
- manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref))?;
- let (archive_name, archive_type) = parse_archive_type(archive_name);
+ if archive_name == ENCRYPTED_KEY_BLOB_NAME && crypt_config.is_none() {
+ eprintln!("Restoring encrypted key blob without original key - skipping manifest fingerprint check!")
+ } else {
+ manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref))?;
+ }
if archive_name == MANIFEST_BLOB_NAME {
if let Some(target) = target {
--
2.20.1
More information about the pbs-devel
mailing list