From 2bc4cfb86644e5de3fd5ec0137912ea006bf53bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Tue, 16 Aug 2022 12:33:53 +0200
Subject: [PATCH] pbs: detect mismatch of encryption settings and key
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

if the key file doesn't exist (anymore), but the storage.cfg references
one, die on commands that should use encryption instead of falling back
to plain-text operations.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 PVE/Storage/PBSPlugin.pm | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/PVE/Storage/PBSPlugin.pm b/PVE/Storage/PBSPlugin.pm
index 56632ca..b90a2dd 100644
--- a/PVE/Storage/PBSPlugin.pm
+++ b/PVE/Storage/PBSPlugin.pm
@@ -155,7 +155,12 @@ sub pbs_open_encryption_key {
 
     my $keyfd;
     if (!open($keyfd, '<', $encryption_key_file)) {
-	return undef if $! == ENOENT;
+	if ($! == ENOENT) {
+	    my $encryption_fp = $scfg->{'encryption-key'};
+	    die "encryption configured ('$encryption_fp') but no encryption key file found!\n"
+		if $encryption_fp;
+	    return undef;
+	}
 	die "failed to open encryption key: $encryption_key_file: $!\n";
     }