Qubes-backup verify only verifies dom0, not appVMs

[tetra...@danwin1210.me]

When I verify my backups, it happens ~instantaneously. It used to take
hours, because it would extract every VM backup and verify it. Judging
by the logs, it's only verifying dom0.

Unless something has changed with how Qubes verifies its backups, there
may be a bug that causes verification to only check dom0, rather than
verifying the AppVMs as well.

This is really bad, because what I care about is the data in the
AppVMs... being able to restore the AppVMs is more important than being
able to restore dom0!


Here's how I back up:
```
nice qvm-backup \
--verbose \
--passphrase-file $PASSFILE \
--exclude $IGNORE_VM \
--dest-vm $DEST_VM \
--compress \
--yes \
$BACKUP_DIR
```

And here's how I restore:
```
qvm-backup-restore \
--dest-vm $DEST_VM \
--passphrase-file $PASSFILE \
--verify-only \
--verbose \
$BACKUP_FILE
```

When it starts restoring, it shows that none of my VMs will be restored,
except for dom0:
```
The following VMs are included in the backup:

------------------------+--------------+-------------------+-----------------+--------+
name | type | template | netvm | label |
------------------------+--------------+-------------------+-----------------+--------+
dom0 | AdminVM | n/a | (default) | black |
myvm | StandaloneVM | n/a | my-net-vm-xxxxx | orange | <-- Excluded from restore
my-other-vm-xxxxxxx | AppVM | debian-10 | (default) | blue | <-- Excluded from restore
another-vm-xx | AppVM | fedora-33 | (default) | green | <-- Excluded from restore
[... continuing for the list of all VMs ...]
```

And in fact only dom0 gets verified, the others seem to be ignored.

[Andrew David Wong]

I cannot seem to reproduce this. My verify-only attempts also verify
domUs. I'm using the same qvm-backup-restore command, just without
`--verbose`.

--
Andrew David Wong
Community Manager
The Qubes OS Project
https://www.qubes-os.org

[tetra...@danwin1210.me]

On Wed, Aug 25, 2021 at 07:31:33AM -0700, Andrew David Wong wrote:
>>And in fact only dom0 gets verified, the others seem to be ignored.
>>
>
>I cannot seem to reproduce this. My verify-only attempts also verify
>domUs. I'm using the same qvm-backup-restore command, just without
>`--verbose`.

That's very strange. Are restore settings stored anywhere on the local
machine, like how VMs can have an "exclude from backups" option?

[Andrew David Wong]

It's possible to create "backup profiles," but I haven't personally used
them, so I'm not familiar with the details of how they work. This option
is mentioned in the `--help` text for qvm-backup but not qvm-backup-restore.

[tetra...@danwin1210.me]

On Thu, Aug 26, 2021 at 07:11:49AM -0700, Andrew David Wong wrote:
>It's possible to create "backup profiles," but I haven't personally
>used them, so I'm not familiar with the details of how they work. This
>option is mentioned in the `--help` text for qvm-backup but not
>qvm-backup-restore.

It looks like the profiles are stored in /etc/qubes/backup/. I checked
that directory and there are no profiles, so that can't be the problem.

Unfortunately at this point I'm all out of ideas for troubleshooting
this -- even though it's a very important issue! Unverified backups are
very dangerous, and I've caught problems before because backups failed
to verify.

[Rusty Bird]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

tetrahedra:

> And here's how I restore:
> ```
> qvm-backup-restore \
> --dest-vm $DEST_VM \
> --passphrase-file $PASSFILE \
> --verify-only \
> --verbose \
> $BACKUP_FILE
> ```
>
> When it starts restoring, it shows that none of my VMs will be restored,
> except for dom0:
> ```
> The following VMs are included in the backup:
>
> ------------------------+--------------+-------------------+-----------------+--------+
> name | type | template | netvm | label |
> ------------------------+--------------+-------------------+-----------------+--------+
> dom0 | AdminVM | n/a | (default) | black |
> myvm | StandaloneVM | n/a | my-net-vm-xxxxx | orange | <-- Excluded from restore
> my-other-vm-xxxxxxx | AppVM | debian-10 | (default) | blue | <-- Excluded from restore
> another-vm-xx | AppVM | fedora-33 | (default) | green | <-- Excluded from restore
> [... continuing for the list of all VMs ...]
> ```

It acts as if you accidentally passed a whitelist of VMs to restore,
and none of them are part of the backup file. Some ideas:

- - If you posted a simplified version instead of the command you're
really using, make sure there's no extra argument after the backup
file

- - Use quoted shell variables, e.g. "$BACKUP_FILE" with quotation marks

- - Just to ensure that nothing's somehow tripping up the options
parser, try using = instead of a space for option arguments, e.g.
--dest-vm="$DEST_VM"

Rusty
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAmFAeVxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0
QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv
Kt/aYw/8DeauzLcPRP5+iAdiaDIKFABLjhkGLklORCvDTzj1nD5m66xCQjx52Tfm
3MHc8nn1A/VljWrsOQnd/SvZHiMBriQzuOisRzr0gVV9nzlsQU+bO2kj2HjLpWsS
JRN26Gw6F53Jc4Pogi+Zh6EtUZCjo99WekIaiDN/K82W3GtowT1uny8ou3V2niRd
mstTFHcdSVXCyFK5vD7zA3P23Iclp97Bi2JnseN1LbXwWX2usNtrDlKcm2x5cWGj
gEOThcCNmb6jNw6r1X06SX63E2eQKzQryQ6doOXmI5vhcTMcwDbttW8m5HFQiXVo
Cc/yrV2ZFnfPOhxox1hggUsSBOYOYI6e/o6gFCByTf5lvEQOvtkwt0UX8xpk3ZOv
vMRcAGIM6GhIHTTSKhCpVm2rYTNOmPh/FB+F73fNygfLomU7ColFsvi1QS/mIKID
EmtbnsOtrHgG2kar6LypsUSu/AklVu8jNPfMTM0ERbN/w4RIQUptrw34kYz8hJ1i
GeLHhSmtrmPJpa3VYy9YgL9gL6GY7N5Dy4KbbBCfsbjCHQFb3d064EwMRUEF2Vnt
+pxEROD4CguozrC+msAcSRWuzWsVnwBZQ/Inlx1LnPadz+6HzDQFVKCfFIescizp
zkEOhMkkcK5FE2exD2ZboMROneRL5tYyDsfTwz7MRrtDZm7u6gw=
=v7rs
-----END PGP SIGNATURE-----