rsync - Sep 2020 - Skip source files that differ from existing destination files with a warning?

Hi again, rsync list!  I was heavily involved in rsync development and
support back in 2005-2010.  I've largely lost interest in that now and
my knowledge of rsync is beginning to become stale, but I'm still a big
fan and user of rsync, so I'm back with a user question. :)  I did
search the web and didn't find anything relevant.

I have a scenario in which regular files are created in a source
directory over time and shouldn't change after creation.  I run rsync
periodically to copy the source to a destination, and if a source file
differs from an existing destination file, I want rsync to warn me and
not transfer it.

For the "not transfer" part, I can use --ignore-existing, but I
don't
see a direct way to be warned only about source files that differ from
existing destination files.  If I use --info=SKIP1, rsync warns about
all source files that exist on the destination, whether or not they
differ.  So as a workaround, after the --ignore-existing run, I'm using
a separate dry run without --ignore-existing to warn about any
remaining differences.

Is there a better solution?  Do people think that filing an enhancement
request to show the --ignore-existing warning only for files with
itemizable differences would be justified?

My reading of the code also suggests that if the sender is malicious,
--ignore-existing will not stop the receiver from processing a transfer
of an existing destination file initiated by the sender, though I
haven't attempted an actual test to confirm this.  I can work around
this security gap by transferring from the source to a temporary
directory and then from there to the destination; in the second step,
my local version of rsync serves as both sender and receiver, so there
is no risk.  I suspect several other rsync options may similarly not be
enforced against a malicious peer.  Is this worth fixing?

Thanks,
Matt

On Thu, Sep 17, 2020 at 5:32 AM Matt McCutchen wrote:
> For the "not transfer" part, I can use --ignore-existing, but I
don't see
> a direct way to be warned only about source files that differ from
> existing destination files.
>
Indeed, the 2-step approach that you mentioned is all that the released
rsync supports.  I've just checked-in a change that adds the `--info=skip2`
option that will add a suffix to the "exists" message that indicates
the
existence-skipped file's status: "type change", or "sum
change" (requires
`-c`), "file change" (based on quick check), "attr change",
or "uptodate".

My reading of the code also suggests that if the sender
is
> malicious, --ignore-existing will not stop the receiver from processing a
> transfer of an existing destination file initiated by the sender

Undoubtedly true, since the only thing the option does is limit what files
the generator will request. At some point it will be good to double-check
that the receiver doesn't get a file that the generator didn't request,
but
the current nature of the round-robin pipe through the sender makes that
difficult without some new kind of direct generator-to-receiver flow of
information.  I have an idea of how I'd like to improve rsync's
receiver-side process setup in the future, but it's not easy to tweak in
the current version.

..wayne..
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.samba.org/pipermail/rsync/attachments/20200923/356b6204/attachment.htm>