Innobackupex does not overwrite files that were decrypted with the wrong key
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Percona XtraBackup moved to https://jira.percona.com/projects/PXB |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Fix for bug #1413044 removes the ability for innobackupex to remove the *.xbcrypt and *.qp files when running --decompress and/or --decrypt.
If you run innobackupex with wrong key, innobackupex will still create decrypted files which will be unusable. If you run innobackupex with --decrypt for the second time using the correct key it will error out and complain that it can't create/write to file...
[root@i51169 tmp]# innobackupex --decrypt=AES256 --encrypt-
InnoDB Backup Utility v1.5.1-xtrabackup; Copyright 2003, 2009 Innobase Oy
and Percona LLC and/or its affiliates 2009-2013. All Rights Reserved.
This software is published under
the GNU GENERAL PUBLIC LICENSE Version 2, June 1991.
Get the latest version of Percona XtraBackup, documentation, and help resources:
http://
150330 19:55:35 innobackupex: Starting the decryption and decompression operation
IMPORTANT: Please check that the decryption and decompression run completes successfully.
At the end of a successful decryption and decompression run innobackupex
prints "completed OK!".
innobackupex: xbcrypt --decrypt --encrypt-
xbcrypt: Can't create/write to file '/tmp/2015-
xbcrypt: failed to create output file "/tmp/2015-
xbcrypt: Error on close of 'UNKNOWN' (Errcode: 9 - Bad file descriptor)
innobackupex: got a fatal error with the following stacktrace: at /usr/bin/
main::
main::
innobackupex: Error: xbcrypt --decrypt --encrypt-
How to repeat:
- create an encrypted backup (eg innobackupex --encrypt=AES256 --encrypt-
- decrypt the backup with the wrong key (eg innobackupex --decrypt=AES256 --encrypt-
- decrypt the same backup with the right key (eg innobackupex --decrypt=AES256 --encrypt-
Workaround:
- remove all files created by the first --decrypt command, this would be tedious for some users
Suggested fix:
- allow innobackupex to overwrite the file if it exists
Verified. We might add some extra option for this.
root@desktop: /home/nilnandan /backup# innobackupex --decrypt=AES256 --encrypt- key="eXvnDS/ 38pBNpURacKH4OJ fFiAeAAYNZ" 2015-04- 09_13-32- 26/
InnoDB Backup Utility v1.5.1-xtrabackup; Copyright 2003, 2009 Innobase Oy
and Percona LLC and/or its affiliates 2009-2013. All Rights Reserved.
This software is published under
the GNU GENERAL PUBLIC LICENSE Version 2, June 1991.
Get the latest version of Percona XtraBackup, documentation, and help resources: www.percona. com/xb/ p
http://
150409 13:33:13 innobackupex: Starting the decryption and decompression operation
IMPORTANT: Please check that the decryption and decompression run completes successfully.
At the end of a successful decryption and decompression run innobackupex
prints "completed OK!".
innobackupex: xbcrypt --decrypt --encrypt- algo=AES256 --encrypt- key=eXvnDS/ 38pBNpURacKH4OJ fFiAeAAYNZ --input= /home/nilnandan /backup/ 2015-04- 09_13-32- 26/ibdata3. xbcrypt --output= /home/nilnandan /backup/ 2015-04- 09_13-32- 26/ibdata3 nilnandan/ backup/ 2015-04- 09_13-32- 26/ibdata3' (Errcode: 17 - File exists) nilnandan/ backup/ 2015-04- 09_13-32- 26/ibdata3" . innobackupex line 1782. decrypt_ decompress_ file(1, "/home/ nilnandan/ backup/ 2015-04- 09_13-32- 26/ibdata3. xbcrypt" , ".xbcrypt", "--encrypt- algo=AES256 --encrypt- key=eXvnDS/ 38pBNpURacKH4OJ fFi"... ) called at /usr/bin/ innobackupex line 1829 decrypt_ decompress( 1) called at /usr/bin/ innobackupex line 1588 algo=AES256 --encrypt- key=eXvnDS/ 38pBNpURacKH4OJ fFiAeAAYNZ --input= /home/nilnandan /backup/ 2015-04- 09_13-32- 26/ibdata3. xbcrypt --output= /home/nilnandan /backup/ 2015-04- 09_13-32- 26/ibdata3 failed with No such file or directory at /usr/bin/ innobackupex line 1782. /home/nilnandan /backup# /home/nilnandan /backup# /home/nilnandan /backup# xtrabackup --version /home/nilnandan /backup#
xbcrypt: Can't create/write to file '/home/
xbcrypt: failed to create output file "/home/
xbcrypt: Error on close of 'UNKNOWN' (Errcode: 9 - Bad file descriptor)
innobackupex: got a fatal error with the following stacktrace: at /usr/bin/
main::
main::
innobackupex: Error: xbcrypt --decrypt --encrypt-
root@desktop:
root@desktop:
root@desktop:
xtrabackup version 2.2.10 based on MySQL server 5.6.22 Linux (x86_64) (revision id: )
root@desktop: