Delete encryption at rest

[gxglass]

Delete encryption at rest in accordance with plans circulated in PR #12400.

Development of this PR was mostly straightforward. Several issues of note:

1. Upgrade tests which use Redwood want to use the old "encrypt by 0xFF XOR" test-only encoding/encryption algorithm. I wanted to delete that in main and did so. Upgrade tests have been modified not to use Redwood (storage engine 3, mentioned in various storageEngineExcludeTypes test options updates). 7.1 did not define storageEngineExcludeTypes. After some discussion we have decided to delete 7.1-based upgrade tests. 7.3- and 7.4-based upgrade tests remain in place.

2. Cross-version compatibility (such as it is, I assume in client library startup) remains super easy to break when deleting code. Tips: (A) removing unnecessary arguments to functions is bread and butter code editing when removing code, but if you find yourself removing arguments from a serializer() invocation, you might be breaking a protocol. (B) run ctest -R upgrade early and often.

An implication of these changes is that we are going to rely on the community to make us aware of any {upgrade+Redwood}-specific bugs. In other words, we are declining to continue to go out of our way to test functionality that we have no plans to use.

On the plus side this reclaims 15,000 more lines of code that we don't have to look at or think about, including in common areas such as commit proxy, backups, and generic storage server code.

Testing:
20260129-230241-gglass-15694f5f80af6932 compressed=True data_size=34905446 duration=4335357 ended=100000 fail_fast=1000 max_runs=100000 pass=100000 priority=100 remaining=0 runtime=6:21:47 sanity=False started=100000 stopped=20260130-052428 submitted=20260129-230241 timeout=5400 username=gglass

20260202-214159-gglass-69b90c779cf8ec68 compressed=True data_size=35007141 duration=4612639 ended=100000 fail_fast=1000 max_runs=100000 pass=100000 priority=100 remaining=0 runtime=3:00:25 sanity=False started=100000 stopped=20260203-004224 submitted=20260202-214159 timeout=5400 username=gglass

[foundationdb-ci]

Result of foundationdb-pr-clang-ide on Linux RHEL 9

• Commit ID: da87e3f
• Duration 0:04:18
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr on Linux RHEL 9

• Commit ID: da87e3f
• Duration 0:04:17
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang on Linux RHEL 9

• Commit ID: da87e3f
• Duration 0:04:16
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang-arm on Linux CentOS 7

• Commit ID: da87e3f
• Duration 0:04:32
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-cluster-tests on Linux RHEL 9

• Commit ID: da87e3f
• Duration 0:07:02
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)
• Cluster Test Logs zip file of the test logs (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-macos-m1 on macOS Ventura 13.x

• Commit ID: da87e3f
• Duration 0:07:42
• Result: ❌ FAILED
• Error: Error while executing command: ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${HOME}/.ssh_key ec2-user@${MAC_EC2_HOST} /opt/homebrew/bin/bash --login -c ./build_pr_macos.sh. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[gxglass]

@gxglass Additional removal request:

1. There's code in the BackupConfig as well related to encryption at rest.
   Can this be removed as well
2. Backup Submit and Restore APIs has argument encryptionEnabled that can be removed.

Code Pointers https://github.com/apple/foundationdb/blob/9afb302b6af8da5f238a6f551c7615f823fe20a4/fdbclient/include/fdbclient/BackupAgent.actor.h#L298C1-L299C1
https://github.com/apple/foundationdb/blob/9afb302b6af8da5f238a6f551c7615f823fe20a4/fdbclient/include/fdbclient/BackupAgent.actor.h#L935C26-L935C56

Thanks, looking into it.

@akankshamahajan15 addressed in followup commit. Compiled but not tested (will let CI do its thing).

[foundationdb-ci]

Result of foundationdb-pr-macos on macOS Ventura 13.x

• Commit ID: 2c23e9e
• Duration 0:08:04
• Result: ❌ FAILED
• Error: Error while executing command: ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${HOME}/.ssh_key ec2-user@${MAC_EC2_HOST} /usr/local/bin/bash --login -c ./build_pr_macos.sh. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-macos-m1 on macOS Ventura 13.x

• Commit ID: 2c23e9e
• Duration 0:08:23
• Result: ❌ FAILED
• Error: Error while executing command: ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${HOME}/.ssh_key ec2-user@${MAC_EC2_HOST} /opt/homebrew/bin/bash --login -c ./build_pr_macos.sh. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang-ide on Linux RHEL 9

• Commit ID: 2c23e9e
• Duration 0:22:58
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[akankshamahajan15]

This can also be removed

[akankshamahajan15]

@gxglass There are few places with encryptionEnabled code in backup.actor.cpp like:

https://github.com/gxglass/foundationdb/blob/2c23e9e91adf31533704e646023e6a372660652f/fdbbackup/backup.actor.cpp#L3778C1-L3779C1

[foundationdb-ci]

Result of foundationdb-pr-clang-arm on Linux CentOS 7

• Commit ID: 2c23e9e
• Duration 0:43:50
• Result: ❌ FAILED
• Error: Error while executing command: ctest -j ${NPROC} --no-compress-output -T test --output-on-failure. Reason: exit status 8
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr on Linux RHEL 9

• Commit ID: 2c23e9e
• Duration 0:56:41
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang on Linux RHEL 9

• Commit ID: 2c23e9e
• Duration 0:55:57
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[gxglass]

@gxglass There are few places with encryptionEnabled code in backup.actor.cpp like:

https://github.com/gxglass/foundationdb/blob/2c23e9e91adf31533704e646023e6a372660652f/fdbbackup/backup.actor.cpp#L3778C1-L3779C1

Thanks. Should this stuff also be removed?

{ OPT_ENCRYPT_FILES, "--encrypt-files", SO_REQ_SEP },

That said, intuition is telling me that this is needed for file-level encryption:

{ OPT_ENCRYPTION_KEY_FILE, "--encryption-key-file", SO_REQ_SEP },

Can you confirm?

[akankshamahajan15]

@gxglass There are few places with encryptionEnabled code in backup.actor.cpp like:
https://github.com/gxglass/foundationdb/blob/2c23e9e91adf31533704e646023e6a372660652f/fdbbackup/backup.actor.cpp#L3778C1-L3779C1

Thanks. Should this stuff also be removed?

{ OPT_ENCRYPT_FILES, "--encrypt-files", SO_REQ_SEP },

That said, intuition is telling me that this is needed for file-level encryption:

{ OPT_ENCRYPTION_KEY_FILE, "--encryption-key-file", SO_REQ_SEP },

Can you confirm?

{ OPT_ENCRYPTION_KEY_FILE, "--encryption-key-file", SO_REQ_SEP }, is for file-level encryption so we need this.

printf("  --encrypt-files 0/1"
	       "                 If passed, this argument will allow the user to override the database encryption state to "
	       "either enable (1) or disable (0) encryption at rest with snapshot backups. This option refers to block "
	       "level encryption of snapshot backups while --encryption-key-file (above) refers to file level encryption. "
	       "Generally, these two options should not be used together.\n");

[akankshamahajan15]

@gxglass Code says:

case OPT_ENCRYPT_FILES: {
				const char* a = args->OptionArg();
				int encryptFiles;
				if (!sscanf(a, "%d", &encryptFiles)) {
					fprintf(stderr, "ERROR: Could not parse encrypt-files `%s'\n", a);
					return FDB_EXIT_ERROR;
				}
				if (encryptFiles != 0 && encryptFiles != 1) {
					fprintf(stderr, "ERROR: encrypt-files must be either 0 or 1\n");
					return FDB_EXIT_ERROR;
				}
				encryptSnapshotFilesPresent = true;
				if (encryptFiles == 0) {
					encryptionEnabled = false;
				} else {
					encryptionEnabled = true;
				}
				break;
			}

It's not super clear and bit confusing. From the code it looks like related to encryption at rest for backups.

[gxglass]

@gxglass Code says:

case OPT_ENCRYPT_FILES: {
				const char* a = args->OptionArg();
				int encryptFiles;
				if (!sscanf(a, "%d", &encryptFiles)) {
					fprintf(stderr, "ERROR: Could not parse encrypt-files `%s'\n", a);
					return FDB_EXIT_ERROR;
				}
				if (encryptFiles != 0 && encryptFiles != 1) {
					fprintf(stderr, "ERROR: encrypt-files must be either 0 or 1\n");
					return FDB_EXIT_ERROR;
				}
				encryptSnapshotFilesPresent = true;
				if (encryptFiles == 0) {
					encryptionEnabled = false;
				} else {
					encryptionEnabled = true;
				}
				break;
			}

It's not super clear and bit confusing. From the code it looks like related to encryption at rest for backups.

That's what it looks like to me, and I think that usage blurb confirms it. I will remove this.

[gxglass]

Result of foundationdb-pr-clang-arm on Linux CentOS 7

• Commit ID: 2c23e9e
• Duration 0:43:50
• Result: ❌ FAILED
• Error: Error while executing command: ctest -j ${NPROC} --no-compress-output -T test --output-on-failure. Reason: exit status 8
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

CI failure looks like rdar://168252045

[foundationdb-ci]

Result of foundationdb-pr-macos-m1 on macOS Ventura 13.x

• Commit ID: 0c50a33
• Duration 0:07:03
• Result: ❌ FAILED
• Error: Error while executing command: ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${HOME}/.ssh_key ec2-user@${MAC_EC2_HOST} /opt/homebrew/bin/bash --login -c ./build_pr_macos.sh. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-macos on macOS Ventura 13.x

• Commit ID: 0c50a33
• Duration 0:07:33
• Result: ❌ FAILED
• Error: Error while executing command: ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${HOME}/.ssh_key ec2-user@${MAC_EC2_HOST} /usr/local/bin/bash --login -c ./build_pr_macos.sh. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang-ide on Linux RHEL 9

• Commit ID: 0c50a33
• Duration 0:23:24
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-cluster-tests on Linux RHEL 9

• Commit ID: 2c23e9e
• Duration 1:54:48
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)
• Cluster Test Logs zip file of the test logs (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang-arm on Linux CentOS 7

• Commit ID: 0c50a33
• Duration 0:42:20
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang on Linux RHEL 9

• Commit ID: 0c50a33
• Duration 0:47:02
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr on Linux RHEL 9

• Commit ID: 0c50a33
• Duration 0:53:35
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-cluster-tests on Linux RHEL 9

• Commit ID: 0c50a33
• Duration 1:52:26
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)
• Cluster Test Logs zip file of the test logs (available for 30 days)