Percona XtraBackup moved to https://jira.percona.com/projects/PXB

Innobackupex does not overwrite files that were decrypted with the wrong key

Bug #1438560 reported by Jericho Rivera on 2015-03-31

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Percona XtraBackup moved to https://jira.percona.com/projects/PXB	Confirmed	Undecided	Unassigned

Bug Description

Fix for bug #1413044 removes the ability for innobackupex to remove the *.xbcrypt and *.qp files when running --decompress and/or --decrypt.

If you run innobackupex with wrong key, innobackupex will still create decrypted files which will be unusable. If you run innobackupex with --decrypt for the second time using the correct key it will error out and complain that it can't create/write to file...

[root@i51169 tmp]# innobackupex --decrypt=AES256 --encrypt-key="eXvnDS/38pBNpURacKH4OJfFiAeAAYNZ" 2015-03-30_19-20-51-copy/

This software is published under
the GNU GENERAL PUBLIC LICENSE Version 2, June 1991.

Get the latest version of Percona XtraBackup, documentation, and help resources:
http://www.percona.com/xb/p

150330 19:55:35 innobackupex: Starting the decryption and decompression operation

IMPORTANT: Please check that the decryption and decompression run completes successfully.
At the end of a successful decryption and decompression run innobackupex
prints "completed OK!".

innobackupex: xbcrypt --decrypt --encrypt-algo=AES256 --encrypt-key=eXvnDS/38pBNpURacKH4OJfFiAeAAYNZ --input=/tmp/2015-03-30_19-20-51-copy/ibdata1.qp.xbcrypt --output=/tmp/2015-03-30_19-20-51-copy/ibdata1.qp
xbcrypt: Can't create/write to file '/tmp/2015-03-30_19-20-51-copy/ibdata1.qp' (Errcode: 17 - File exists)
xbcrypt: failed to create output file "/tmp/2015-03-30_19-20-51-copy/ibdata1.qp".
xbcrypt: Error on close of 'UNKNOWN' (Errcode: 9 - Bad file descriptor)
innobackupex: got a fatal error with the following stacktrace: at /usr/bin/innobackupex line 1782
main::decrypt_decompress_file(1, '/tmp/2015-03-30_19-20-51-copy/ibdata1.qp.xbcrypt', '.xbcrypt', '--encrypt-algo=AES256 --encrypt-key=eXvnDS/38pBNpURacKH4OJfFi...') called at /usr/bin/innobackupex line 1829
main::decrypt_decompress(1) called at /usr/bin/innobackupex line 1588
innobackupex: Error: xbcrypt --decrypt --encrypt-algo=AES256 --encrypt-key=eXvnDS/38pBNpURacKH4OJfFiAeAAYNZ --input=/tmp/2015-03-30_19-20-51-copy/ibdata1.qp.xbcrypt --output=/tmp/2015-03-30_19-20-51-copy/ibdata1.qp failed with No such file or directory at /usr/bin/innobackupex line 1782.

How to repeat:
- create an encrypted backup (eg innobackupex --encrypt=AES256 --encrypt-key="<enc_key>" /tmp/backup)
- decrypt the backup with the wrong key (eg innobackupex --decrypt=AES256 --encrypt-key="<wrong_enc_key>" /tmp/backup/<timestamp>)
- decrypt the same backup with the right key (eg innobackupex --decrypt=AES256 --encrypt-key="<correct_enc_key>" /tmp/backup/<timestamp>)

Workaround:
- remove all files created by the first --decrypt command, this would be tedious for some users

Suggested fix:
- allow innobackupex to overwrite the file if it exists

Revision history for this message

Nilnandan Joshi (nilnandan-joshi) wrote on 2015-04-09:

Verified. We might add some extra option for this.

root@desktop:/home/nilnandan/backup# innobackupex --decrypt=AES256 --encrypt-key="eXvnDS/38pBNpURacKH4OJfFiAeAAYNZ" 2015-04-09_13-32-26/

This software is published under
the GNU GENERAL PUBLIC LICENSE Version 2, June 1991.

Get the latest version of Percona XtraBackup, documentation, and help resources:
http://www.percona.com/xb/p

150409 13:33:13 innobackupex: Starting the decryption and decompression operation

IMPORTANT: Please check that the decryption and decompression run completes successfully.
At the end of a successful decryption and decompression run innobackupex
prints "completed OK!".

innobackupex: xbcrypt --decrypt --encrypt-algo=AES256 --encrypt-key=eXvnDS/38pBNpURacKH4OJfFiAeAAYNZ --input=/home/nilnandan/backup/2015-04-09_13-32-26/ibdata3.xbcrypt --output=/home/nilnandan/backup/2015-04-09_13-32-26/ibdata3
xbcrypt: Can't create/write to file '/home/nilnandan/backup/2015-04-09_13-32-26/ibdata3' (Errcode: 17 - File exists)
xbcrypt: failed to create output file "/home/nilnandan/backup/2015-04-09_13-32-26/ibdata3".
xbcrypt: Error on close of 'UNKNOWN' (Errcode: 9 - Bad file descriptor)
innobackupex: got a fatal error with the following stacktrace: at /usr/bin/innobackupex line 1782.
main::decrypt_decompress_file(1, "/home/nilnandan/backup/2015-04-09_13-32-26/ibdata3.xbcrypt", ".xbcrypt", "--encrypt-algo=AES256 --encrypt-key=eXvnDS/38pBNpURacKH4OJfFi"...) called at /usr/bin/innobackupex line 1829
main::decrypt_decompress(1) called at /usr/bin/innobackupex line 1588
innobackupex: Error: xbcrypt --decrypt --encrypt-algo=AES256 --encrypt-key=eXvnDS/38pBNpURacKH4OJfFiAeAAYNZ --input=/home/nilnandan/backup/2015-04-09_13-32-26/ibdata3.xbcrypt --output=/home/nilnandan/backup/2015-04-09_13-32-26/ibdata3 failed with No such file or directory at /usr/bin/innobackupex line 1782.
root@desktop:/home/nilnandan/backup#
root@desktop:/home/nilnandan/backup#
root@desktop:/home/nilnandan/backup# xtrabackup --version
xtrabackup version 2.2.10 based on MySQL server 5.6.22 Linux (x86_64) (revision id: )
root@desktop:/home/nilnandan/backup#

Verified. We might add some extra option for this.

root@desktop:/home/nilnandan/backup# innobackupex --decrypt=AES256 --encrypt-key="eXvnDS/38pBNpURacKH4OJfFiAeAAYNZ" 2015-04-09_13-32-26/

This software is published under
the GNU GENERAL PUBLIC LICENSE Version 2, June 1991.

Get the latest version of Percona XtraBackup, documentation, and help resources:
http://www.percona.com/xb/p

150409 13:33:13  innobackupex: Starting the decryption and decompression operation

IMPORTANT: Please check that the decryption and decompression run completes successfully.
           At the end of a successful decryption and decompression run innobackupex
           prints "completed OK!".

innobackupex: xbcrypt --decrypt --encrypt-algo=AES256 --encrypt-key=eXvnDS/38pBNpURacKH4OJfFiAeAAYNZ --input=/home/nilnandan/backup/2015-04-09_13-32-26/ibdata3.xbcrypt --output=/home/nilnandan/backup/2015-04-09_13-32-26/ibdata3
xbcrypt: Can't create/write to file '/home/nilnandan/backup/2015-04-09_13-32-26/ibdata3' (Errcode: 17 - File exists)
xbcrypt: failed to create output file "/home/nilnandan/backup/2015-04-09_13-32-26/ibdata3".
xbcrypt: Error on close of 'UNKNOWN' (Errcode: 9 - Bad file descriptor)
innobackupex: got a fatal error with the following stacktrace: at /usr/bin/innobackupex line 1782.
	main::decrypt_decompress_file(1, "/home/nilnandan/backup/2015-04-09_13-32-26/ibdata3.xbcrypt", ".xbcrypt", "--encrypt-algo=AES256 --encrypt-key=eXvnDS/38pBNpURacKH4OJfFi"...) called at /usr/bin/innobackupex line 1829
	main::decrypt_decompress(1) called at /usr/bin/innobackupex line 1588
innobackupex: Error: xbcrypt --decrypt --encrypt-algo=AES256 --encrypt-key=eXvnDS/38pBNpURacKH4OJfFiAeAAYNZ --input=/home/nilnandan/backup/2015-04-09_13-32-26/ibdata3.xbcrypt --output=/home/nilnandan/backup/2015-04-09_13-32-26/ibdata3 failed with No such file or directory at /usr/bin/innobackupex line 1782.
root@desktop:/home/nilnandan/backup# 
root@desktop:/home/nilnandan/backup# 
root@desktop:/home/nilnandan/backup# xtrabackup --version
xtrabackup version 2.2.10 based on MySQL server 5.6.22 Linux (x86_64) (revision id: )
root@desktop:/home/nilnandan/backup#

Changed in percona-xtrabackup:
status:	New → Confirmed

Revision history for this message

Shahriyar Rzayev (rzayev-sehriyar) wrote on 2018-01-20:

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXB-1319

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.