mirror of
https://github.com/zrepl/zrepl.git
synced 2024-11-21 16:03:32 +01:00
fb6a9be954
fixes https://github.com/zrepl/zrepl/issues/504 Problem: plain send + recv with root_fs encrypted + placeholders causes plain recvs whereas user would expect encrypt-on-recv Reason: We create placeholder filesytems with -o encryption=off. Thus, children received below those placeholders won't inherit encryption of root_fs. Fix: We'll have three values for `recv.placeholders.encryption: unspecified (default) | off | inherit`. When we create a placeholder, we will fail the operation if `recv.placeholders.encryption = unspecified`. The exception is if the placeholder filesystem is to encode the client identity ($root_fs/$client_identity) in a pull job. Those are created in `inherit` mode if the config field is `unspecified` so that users who don't need placeholders are not bothered by these details. Future Work: Automatically warn existing users of encrypt-on-recv about the problem if they are affected. The problem that I hit during implementation of this is that the `encryption` prop's `source` doesn't quite behave like other props: `source` is `default` for `encryption=off` and `-` when `encryption=on`. Hence, we can't use `source` to distinguish the following 2x2 cases: (1) placeholder created with explicit -o encryption=off (2) placeholder created without specifying -o encryption with (A) an encrypted parent at creation time (B) an unencrypted parent at creation time |
||
|---|---|---|
| .. | ||
| _static | ||
| configuration | ||
| installation | ||
| quickstart | ||
| sphinxconf | ||
| usage/runbooks | ||
| .gitignore | ||
| changelog.rst | ||
| conf.py | ||
| configuration.rst | ||
| gen-sphinx-versioning-flags.py | ||
| global.rst.inc | ||
| index.rst | ||
| installation.rst | ||
| Makefile | ||
| pr.rst | ||
| publish.sh | ||
| quickstart.rst | ||
| requirements.txt | ||
| supporters.rst | ||
| usage.rst | ||