},
# openssl s_client -connect <host>:8007 2>&1 |openssl x509 -fingerprint -sha256
fingerprint => get_standard_option('fingerprint-sha256'),
- encryption_key => {
- description => "Encryption key.",
+ 'encryption-key' => {
+ description => "Encryption key. Use 'autogen' to generate one automatically without passphrase.",
type => 'string',
},
};
disable => { optional => 1},
content => { optional => 1},
username => { optional => 1 },
- password => { optional => 1},
- encryption_key => { optional => 1 },
+ password => { optional => 1 },
+ 'encryption-key' => { optional => 1 },
maxfiles => { optional => 1 },
fingerprint => { optional => 1 },
};
return "${storeid}:${volname}";
}
+my $USE_CRYPT_PARAMS = {
+ backup => 1,
+ restore => 1,
+ 'upload-log' => 1,
+};
+
my sub do_raw_client_cmd {
- my ($scfg, $storeid, $client_cmd, $param, $can_encrypt, %opts) = @_;
+ my ($scfg, $storeid, $client_cmd, $param, %opts) = @_;
+
+ my $use_crypto = $USE_CRYPT_PARAMS->{$client_cmd};
my $client_exe = '/usr/bin/proxmox-backup-client';
die "executable not found '$client_exe'! Proxmox backup client not installed?\n"
# This must live in the top scope to not get closed before the `run_command`
my $keyfd;
- if ($can_encrypt) {
+ if ($use_crypto) {
if (defined($keyfd = pbs_open_encryption_key($scfg, $storeid))) {
my $flags = fcntl($keyfd, F_GETFD, 0)
// die "failed to get file descriptor flags: $!\n";
# - restore backups
# - restore files
# with a sane API
-sub run_raw_client_cmd{
+sub run_raw_client_cmd {
my ($scfg, $storeid, $client_cmd, $param, %opts) = @_;
- return do_raw_client_cmd($scfg, $storeid, $client_cmd, $param, 1, %opts);
+ return do_raw_client_cmd($scfg, $storeid, $client_cmd, $param, %opts);
}
sub run_client_cmd {
$param = [@$param, '--output-format=json'] if !$no_output;
- do_raw_client_cmd($scfg, $storeid, $client_cmd, $param, 0,
+ do_raw_client_cmd($scfg, $storeid, $client_cmd, $param,
outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
return undef if $no_output;
die "unable to extract configuration for backup format '$format'\n";
}
- do_raw_client_cmd($scfg, $storeid, 'restore', [ $name, $config_name, '-' ], 0,
+ do_raw_client_cmd($scfg, $storeid, 'restore', [ $name, $config_name, '-' ],
outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
return $config;
}
+my $autogen_encryption_key = sub {
+ my ($scfg, $storeid) = @_;
+ my $encfile = pbs_encryption_key_file_name($scfg, $storeid);
+ run_command(['proxmox-backup-client', 'key', 'create', '--kdf', 'none', $encfile]);
+};
+
sub on_add_hook {
my ($class, $storeid, $scfg, %param) = @_;
pbs_delete_password($scfg, $storeid);
}
- if (defined(my $encryption_key = $param{encryption_key})) {
- pbs_set_encryption_key($scfg, $storeid, $encryption_key);
+ if (defined(my $encryption_key = $param{'encryption-key'})) {
+ if ($encryption_key eq 'autogen') {
+ $autogen_encryption_key->($scfg, $storeid);
+ } else {
+ pbs_set_encryption_key($scfg, $storeid, $encryption_key);
+ }
} else {
pbs_delete_encryption_key($scfg, $storeid);
}
}
}
- if (exists($param{encryption_key})) {
- if (defined(my $encryption_key = delete($param{encryption_key}))) {
- pbs_set_encryption_key($scfg, $storeid, $encryption_key);
+ if (exists($param{'encryption-key'})) {
+ if (defined(my $encryption_key = delete($param{'encryption-key'}))) {
+ if ($encryption_key eq 'autogen') {
+ $autogen_encryption_key->($scfg, $storeid);
+ } else {
+ pbs_set_encryption_key($scfg, $storeid, $encryption_key);
+ }
} else {
pbs_delete_encryption_key($scfg, $storeid);
}
sub activate_storage {
my ($class, $storeid, $scfg, $cache) = @_;
+
+ run_client_cmd($scfg, $storeid, "status");
+
return 1;
}