Bug 4857 - add --encrypted flag
Summary: add --encrypted flag
Status: NEW
Alias: None
Product: pve
Classification: Unclassified
Component: pve-zsync (show other bugs)
Version: 8
Hardware: PC Linux
: --- enhancement
Assignee: Bugs
URL:
Depends on: 2350
Blocks:
  Show dependency tree
 
Reported: 2023-07-18 00:00 CEST by tcstone
Modified: 2023-07-18 09:48 CEST (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description tcstone 2023-07-18 00:00:04 CEST 
Now that we have native ZFS encryption, pve-zsync needs to be able to pass the -w (--raw) flag to zfs send. This allows the sending of the encrypted dataset without being decrypted before transit. It allows incremental snapshot-based send and receive in the encrypted (and compressed if so) state.

So, like how --compressed passs the -c flag to zfs send, --encrypted would pass the -w flag.

Might take a bit of research if this will be incompatible with any other flags but otherwise should be easy to implement. Thank you.
Comment 1 Fabian Grünbichler 2023-07-18 09:08:26 CEST 
see the two linked bugs for some previous discussion..
Comment 2 Fiona Ebner 2023-07-18 09:38:16 CEST 
(In reply to Fabian Grünbichler from comment #1)
> see the two linked bugs for some previous discussion..

I think most of that discussion doesn't apply to the request here. Just adding an off-by-default option to pve-zsync shouldn't be problematic. Won't break existing jobs for encrypted datasets that already replicated without the raw flag before. And it's up to the user to opt-in to the option for new jobs.
Comment 3 Fiona Ebner 2023-07-18 09:48:32 CEST 
https://bugzilla.proxmox.com/show_bug.cgi?id=2350#c19

After some brief off-list chat, Fabian told me he is still concerned about this, i.e. stability of the feature.