Encrypted files are not removed after innobackupex --decrypt

Bug #1444261 reported by Nickolay Ihalainen
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona XtraBackup moved to https://jira.percona.com/projects/PXB

Bug Description

The bug https://bugs.launchpad.net/percona-xtrabackup/+bug/1413044 is not fixed properly:

If the encryption key is incorrect it could be detected by decrypting a file with predefined content before decrypting all files.

If encrypted files are not removed incremental backup failed:

innobackupex: Starting to copy non-InnoDB files in 'inc'
innobackupex: to the full backup directory '/srv/backup-test/mbkp2/x/restore'
innobackupex: Copying 'inc/xtrabackup_logfile.xbcrypt' to '/srv/backup-test/mbkp2/x/restore/xtrabackup_logfile.xbcrypt'
innobackupex: got a fatal error with the following stacktrace: at /usr/bin/innobackupex line 2221
        main::copy_file('inc/xtrabackup_logfile.xbcrypt', '/srv/backup-test/mbkp2/x/restore/xtrabackup_logfile.xbcrypt') called at /usr/bin/innobackupex line 2298
        main::process_file('CODE(0x11cbe08)') called at /usr/bin/innobackupex line 2308
        main::copy_file_callback() called at /usr/share/perl/5.14/File/Find.pm line 781
        File::Find::_find_dir('HASH(0x167ca88)', 'inc', 12) called at /usr/share/perl/5.14/File/Find.pm line 569
        File::Find::_find_opt('HASH(0x167ca88)', 'inc') called at /usr/share/perl/5.14/File/Find.pm line 1070
        File::Find::find('CODE(0x11d65c0)', 'inc') called at /usr/bin/innobackupex line 2362
        main::copy_dir_recursively('inc', '/srv/backup-test/mbkp2/x/restore', '^(\.\.?|backup-my\.cnf|xtrabackup_logfile|xtrabackup_binary|x...', 1, 0) called at /usr/bin/innobackupex line 2668

Steps to reproduce:
innobackupex --encrypt=AES256 --encrypt-key="4D27E0ED263A8F2BAF337DED0A5FFFBE" .
Get LSN info from xtrabackup_info, because xtrabackup_checkpoints is encrypted ( see https://bugs.launchpad.net/percona-xtrabackup/+bug/1444255 )

innobackupex --encrypt=AES256 --encrypt-key="4D27E0ED263A8F2BAF337DED0A5FFFBE" --incremental --incremental-lsn=<your lsn>

Decrypt both:
innobackupex --decrypt=AES256 --encrypt-key=4D27E0ED263A8F2BAF337DED0A5FFFBE .

prepare full backup:
innobackupex --apply-log --redo-only .

apply incremental log:
innobackupex --apply-log . --incremental-dir=inc # returns error

Revision history for this message
Sergei Glushchenko (sergei.glushchenko) wrote :

It will be fixed with implementation of https://blueprints.launchpad.net/percona-xtrabackup/+spec/checksum-unencrypted-chunk
Currently we don't have enough information to verify that decryption was successful.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.