i have made some weird observation, i cannot explain to myself
i switched my repos to encrypted a while ago and all unencrypted backups have been purged and removed by garbage collection.
in webui all backup snapshots show up encrypted.
for being sure that there is everything encrypted, i checked the repo if really everything is encrypted on disk ( i don't trust gui ).
for that i used tools "entropy" tool from https://github.com/merces/entropy and file utility ( https://bugzilla.proxmox.com/show_bug.cgi?id=7151 )
now, the weird thing is, i found ONE unencrypted file in my repo
# file -m /root/pbs.magic /backuppool/ds-pve2-bnkw-repli/.chunks/bb9f/bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8
/backuppool/ds-pve2-bnkw-repli/.chunks/bb9f/bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8: Proxmox Backup Server unencrypted compressed blob
# entropy /backuppool/ds-pve2-bnkw-repli/.chunks/bb9f/bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8
2.55 /backuppool/ds-pve2-bnkw-repli/.chunks/bb9f/bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8
as we can see this is not encrypted, as file utility is telling that and entropy tool shows value <<8
but where does that file belong to ?
# find . -name "*.fidx" |while read file;do proxmox-backup-debug inspect file $file;done|grep bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8
did not show up anything, so apparently it's not being referenced by the index files
BUT - if i start a GC, then the timestamp of this file is getting updated.
so, maybe this file be referenced by client.log.blob , index.json.blob or qemu-server.conf.blob ?
if yes, why is it unencrypted ?
i checked another backup repository, and it's the same there - there is ONE file with entropy <<8 which appears unencrypted, but it isn't referenced by any of the .fidx inside the same backup repo, at least proxmox-backup-debug inspect file ...fidx won't show it....
file -m /root/pbs.magic.mgc /backuppool/ds-pve-bigiron-repli/.chunks/bb9f/bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8
./.chunks/bb9f/bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8: Proxmox Backup Server unencrypted compressed blob
i switched my repos to encrypted a while ago and all unencrypted backups have been purged and removed by garbage collection.
in webui all backup snapshots show up encrypted.
for being sure that there is everything encrypted, i checked the repo if really everything is encrypted on disk ( i don't trust gui ).
for that i used tools "entropy" tool from https://github.com/merces/entropy and file utility ( https://bugzilla.proxmox.com/show_bug.cgi?id=7151 )
now, the weird thing is, i found ONE unencrypted file in my repo
# file -m /root/pbs.magic /backuppool/ds-pve2-bnkw-repli/.chunks/bb9f/bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8
/backuppool/ds-pve2-bnkw-repli/.chunks/bb9f/bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8: Proxmox Backup Server unencrypted compressed blob
# entropy /backuppool/ds-pve2-bnkw-repli/.chunks/bb9f/bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8
2.55 /backuppool/ds-pve2-bnkw-repli/.chunks/bb9f/bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8
as we can see this is not encrypted, as file utility is telling that and entropy tool shows value <<8
but where does that file belong to ?
# find . -name "*.fidx" |while read file;do proxmox-backup-debug inspect file $file;done|grep bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8
did not show up anything, so apparently it's not being referenced by the index files
BUT - if i start a GC, then the timestamp of this file is getting updated.
so, maybe this file be referenced by client.log.blob , index.json.blob or qemu-server.conf.blob ?
if yes, why is it unencrypted ?
i checked another backup repository, and it's the same there - there is ONE file with entropy <<8 which appears unencrypted, but it isn't referenced by any of the .fidx inside the same backup repo, at least proxmox-backup-debug inspect file ...fidx won't show it....
file -m /root/pbs.magic.mgc /backuppool/ds-pve-bigiron-repli/.chunks/bb9f/bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8
./.chunks/bb9f/bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8: Proxmox Backup Server unencrypted compressed blob
