vzdump/pbs: die with missing, but configured master key

the created backups are encrypted, but are not restorable with the
master key in case the original PVE system is lost.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

diff --git a/PVE/VZDump/QemuServer.pm b/PVE/VZDump/QemuServer.pm
index 0738051dbb22bdd102d7df42ca65d9b2c1ffb424..202e53ddebfbdc7857674a47c9e08acc46b8e12b 100644 (file)
--- a/PVE/VZDump/QemuServer.pm
+++ b/PVE/VZDump/QemuServer.pm
@@ -554,9 +554,13 @@ sub archive_pbs {
            $self->loginfo("enabling encryption");
            $params->{keyfile} = $keyfile;
            $params->{encrypt} = JSON::true;
-           if (defined($master_keyfile) && -e $master_keyfile) {
-               $self->loginfo("enabling master key feature");
-               $params->{"master-keyfile"} = $master_keyfile;
+           if (defined($master_keyfile)) {
+               if (-e $master_keyfile) {
+                   $self->loginfo("enabling master key feature");
+                   $params->{"master-keyfile"} = $master_keyfile;
+               } elsif ($scfg->{'master-pubkey'}) {
+                   die "master public key configured but no key file found\n";
+               }
            }
        } else {
            my $encryption_fp = $scfg->{'encryption-key'};