Percona XtraBackup moved to https://jira.percona.com/projects/PXB

Encrypted files are not removed after innobackupex --decrypt

Series 2.3
Bug #1444261

Bug #1444261 reported by Nickolay Ihalainen on 2015-04-15

This bug report is a duplicate of: Bug #1446487: Feature request: add option to remove *.qp files on decompress. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Percona XtraBackup moved to https://jira.percona.com/projects/PXB	Triaged	High	Unassigned	Percona XtraBackup moved to https://jira.percona.com/projects/PXB future-2.3-releases
	2.3	Triaged	High	Unassigned	Percona XtraBackup moved to https://jira.percona.com/projects/PXB future-2.3-releases

Bug Description

The bug https://bugs.launchpad.net/percona-xtrabackup/+bug/1413044 is not fixed properly:

If the encryption key is incorrect it could be detected by decrypting a file with predefined content before decrypting all files.

If encrypted files are not removed incremental backup failed:

innobackupex: Starting to copy non-InnoDB files in 'inc'
innobackupex: to the full backup directory '/srv/backup-test/mbkp2/x/restore'
innobackupex: Copying 'inc/xtrabackup_logfile.xbcrypt' to '/srv/backup-test/mbkp2/x/restore/xtrabackup_logfile.xbcrypt'
innobackupex: got a fatal error with the following stacktrace: at /usr/bin/innobackupex line 2221
        main::copy_file('inc/xtrabackup_logfile.xbcrypt', '/srv/backup-test/mbkp2/x/restore/xtrabackup_logfile.xbcrypt') called at /usr/bin/innobackupex line 2298
        main::process_file('CODE(0x11cbe08)') called at /usr/bin/innobackupex line 2308
        main::copy_file_callback() called at /usr/share/perl/5.14/File/Find.pm line 781
        File::Find::_find_dir('HASH(0x167ca88)', 'inc', 12) called at /usr/share/perl/5.14/File/Find.pm line 569
        File::Find::_find_opt('HASH(0x167ca88)', 'inc') called at /usr/share/perl/5.14/File/Find.pm line 1070
        File::Find::find('CODE(0x11d65c0)', 'inc') called at /usr/bin/innobackupex line 2362
        main::copy_dir_recursively('inc', '/srv/backup-test/mbkp2/x/restore', '^(\.\.?|backup-my\.cnf|xtrabackup_logfile|xtrabackup_binary|x...', 1, 0) called at /usr/bin/innobackupex line 2668

Steps to reproduce:
innobackupex --encrypt=AES256 --encrypt-key="4D27E0ED263A8F2BAF337DED0A5FFFBE" .
Get LSN info from xtrabackup_info, because xtrabackup_checkpoints is encrypted ( see https://bugs.launchpad.net/percona-xtrabackup/+bug/1444255 )

innobackupex --encrypt=AES256 --encrypt-key="4D27E0ED263A8F2BAF337DED0A5FFFBE" --incremental --incremental-lsn=<your lsn>

Decrypt both:
innobackupex --decrypt=AES256 --encrypt-key=4D27E0ED263A8F2BAF337DED0A5FFFBE .

prepare full backup:
innobackupex --apply-log --redo-only .

apply incremental log:
innobackupex --apply-log . --incremental-dir=inc # returns error

Revision history for this message

Sergei Glushchenko (sergei.glushchenko) wrote on 2015-04-15:

It will be fixed with implementation of https://blueprints.launchpad.net/percona-xtrabackup/+spec/checksum-unencrypted-chunk
Currently we don't have enough information to verify that decryption was successful.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1446487 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Related blueprints

Add SHA256 value of 'before' chunk to xbcrypt payload

Remote bug watches

Bug watches keep track of this bug in other bug trackers.