yesBad/pve-storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

pbs: autogen key: rename old one if existing

Browse Source 
it could be debated do have some security implications and that
deletion is safer, but key deletion is a pretty hairy thing.

Should be documented, and people just should use delete instead of
autogen if they want to "destroy" a key.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht
2020-11-24 22:05:21 +01:00
parent 7e6a7a7f39
commit 478609d3bc
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
PVE/Storage/PBSPlugin.pm
View File

@ -371,6 +371,9 @@ sub prune_backups {
my $autogen_encryption_key = sub { my $autogen_encryption_key = sub {
my ($scfg, $storeid) = @_; my ($scfg, $storeid) = @_;
my $encfile = pbs_encryption_key_file_name($scfg, $storeid); my $encfile = pbs_encryption_key_file_name($scfg, $storeid);
if (-f $encfile) {
rename $encfile, "$encfile.old";
}
my $cmd = ['proxmox-backup-client', 'key', 'create', '--kdf', 'none', $encfile]; my $cmd = ['proxmox-backup-client', 'key', 'create', '--kdf', 'none', $encfile];
run_command($cmd, errmsg => 'failed to create encryption key'); run_command($cmd, errmsg => 'failed to create encryption key');
return PVE::Tools::file_get_contents($encfile); return PVE::Tools::file_get_contents($encfile);