yesBad/pve-storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

pbs: detect mismatch of encryption settings and key

Browse Source 
if the key file doesn't exist (anymore), but the storage.cfg references
one, die on commands that should use encryption instead of falling back
to plain-text operations.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Stoiko Ivanov <s.ivanov@proxmox.com>
This commit is contained in:
Fabian Grünbichler
2022-08-16 12:33:53 +02:00
committed by Wolfgang Bumiller
parent 0eb1803679
commit 2bc4cfb866
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
PVE/Storage/PBSPlugin.pm
View File

@ -155,7 +155,12 @@ sub pbs_open_encryption_key {
my $keyfd;
if (!open($keyfd, '<', $encryption_key_file)) {
return undef if $! == ENOENT;
if ($! == ENOENT) {
my $encryption_fp = $scfg->{'encryption-key'};
die "encryption configured ('$encryption_fp') but no encryption key file found!\n"
if $encryption_fp;
return undef;
}
die "failed to open encryption key: $encryption_key_file: $!\n";
}