Age Owner TLA Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * pg_verifybackup.c
4 : * Verify a backup against a backup manifest.
5 : *
6 : * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
7 : * Portions Copyright (c) 1994, Regents of the University of California
8 : *
9 : * src/bin/pg_verifybackup/pg_verifybackup.c
10 : *
11 : *-------------------------------------------------------------------------
12 : */
13 :
14 : #include "postgres_fe.h"
15 :
16 : #include <dirent.h>
17 : #include <fcntl.h>
18 : #include <sys/stat.h>
19 : #include <time.h>
20 :
21 : #include "common/hashfn.h"
22 : #include "common/logging.h"
23 : #include "fe_utils/simple_list.h"
24 : #include "getopt_long.h"
25 : #include "parse_manifest.h"
26 : #include "pgtime.h"
27 :
28 : /*
29 : * For efficiency, we'd like our hash table containing information about the
30 : * manifest to start out with approximately the correct number of entries.
31 : * There's no way to know the exact number of entries without reading the whole
32 : * file, but we can get an estimate by dividing the file size by the estimated
33 : * number of bytes per line.
34 : *
35 : * This could be off by about a factor of two in either direction, because the
36 : * checksum algorithm has a big impact on the line lengths; e.g. a SHA512
37 : * checksum is 128 hex bytes, whereas a CRC-32C value is only 8, and there
38 : * might be no checksum at all.
39 : */
40 : #define ESTIMATED_BYTES_PER_MANIFEST_LINE 100
41 :
42 : /*
43 : * How many bytes should we try to read from a file at once?
44 : */
45 : #define READ_CHUNK_SIZE 4096
46 :
47 : /*
48 : * Each file described by the manifest file is parsed to produce an object
49 : * like this.
50 : */
51 : typedef struct manifest_file
52 : {
53 : uint32 status; /* hash status */
54 : char *pathname;
55 : size_t size;
56 : pg_checksum_type checksum_type;
57 : int checksum_length;
58 : uint8 *checksum_payload;
59 : bool matched;
60 : bool bad;
61 : } manifest_file;
62 :
63 : #define should_verify_checksum(m) \
64 : (((m)->matched) && !((m)->bad) && (((m)->checksum_type) != CHECKSUM_TYPE_NONE))
65 :
66 : /*
67 : * Define a hash table which we can use to store information about the files
68 : * mentioned in the backup manifest.
69 : */
70 : static uint32 hash_string_pointer(char *s);
71 : #define SH_PREFIX manifest_files
72 : #define SH_ELEMENT_TYPE manifest_file
73 : #define SH_KEY_TYPE char *
74 : #define SH_KEY pathname
75 : #define SH_HASH_KEY(tb, key) hash_string_pointer(key)
76 : #define SH_EQUAL(tb, a, b) (strcmp(a, b) == 0)
77 : #define SH_SCOPE static inline
78 : #define SH_RAW_ALLOCATOR pg_malloc0
79 : #define SH_DECLARE
80 : #define SH_DEFINE
81 : #include "lib/simplehash.h"
82 :
83 : /*
84 : * Each WAL range described by the manifest file is parsed to produce an
85 : * object like this.
86 : */
87 : typedef struct manifest_wal_range
88 : {
89 : TimeLineID tli;
90 : XLogRecPtr start_lsn;
91 : XLogRecPtr end_lsn;
92 : struct manifest_wal_range *next;
93 : struct manifest_wal_range *prev;
94 : } manifest_wal_range;
95 :
96 : /*
97 : * Details we need in callbacks that occur while parsing a backup manifest.
98 : */
99 : typedef struct parser_context
100 : {
101 : manifest_files_hash *ht;
102 : manifest_wal_range *first_wal_range;
103 : manifest_wal_range *last_wal_range;
104 : } parser_context;
105 :
106 : /*
107 : * All of the context information we need while checking a backup manifest.
108 : */
109 : typedef struct verifier_context
110 : {
111 : manifest_files_hash *ht;
112 : char *backup_directory;
113 : SimpleStringList ignore_list;
114 : bool exit_on_error;
115 : bool saw_any_error;
116 : } verifier_context;
117 :
118 : static void parse_manifest_file(char *manifest_path,
119 : manifest_files_hash **ht_p,
120 : manifest_wal_range **first_wal_range_p);
121 :
122 : static void record_manifest_details_for_file(JsonManifestParseContext *context,
123 : char *pathname, size_t size,
124 : pg_checksum_type checksum_type,
125 : int checksum_length,
126 : uint8 *checksum_payload);
127 : static void record_manifest_details_for_wal_range(JsonManifestParseContext *context,
128 : TimeLineID tli,
129 : XLogRecPtr start_lsn,
130 : XLogRecPtr end_lsn);
131 : static void report_manifest_error(JsonManifestParseContext *context,
132 : const char *fmt,...)
133 : pg_attribute_printf(2, 3) pg_attribute_noreturn();
134 :
135 : static void verify_backup_directory(verifier_context *context,
136 : char *relpath, char *fullpath);
137 : static void verify_backup_file(verifier_context *context,
138 : char *relpath, char *fullpath);
139 : static void report_extra_backup_files(verifier_context *context);
140 : static void verify_backup_checksums(verifier_context *context);
141 : static void verify_file_checksum(verifier_context *context,
142 : manifest_file *m, char *fullpath);
143 : static void parse_required_wal(verifier_context *context,
144 : char *pg_waldump_path,
145 : char *wal_directory,
146 : manifest_wal_range *first_wal_range);
147 :
148 : static void report_backup_error(verifier_context *context,
149 : const char *pg_restrict fmt,...)
150 : pg_attribute_printf(2, 3);
151 : static void report_fatal_error(const char *pg_restrict fmt,...)
152 : pg_attribute_printf(1, 2) pg_attribute_noreturn();
153 : static bool should_ignore_relpath(verifier_context *context, char *relpath);
154 :
155 : static void progress_report(bool finished);
156 : static void usage(void);
157 :
158 : static const char *progname;
159 :
160 : /* options */
161 : static bool show_progress = false;
162 : static bool skip_checksums = false;
163 :
164 : /* Progress indicators */
165 : static uint64 total_size = 0;
166 : static uint64 done_size = 0;
167 :
168 : /*
169 : * Main entry point.
170 : */
171 : int
1101 rhaas 172 GIC 98 : main(int argc, char **argv)
173 : {
174 : static struct option long_options[] = {
175 : {"exit-on-error", no_argument, NULL, 'e'},
176 : {"ignore", required_argument, NULL, 'i'},
177 : {"manifest-path", required_argument, NULL, 'm'},
178 : {"no-parse-wal", no_argument, NULL, 'n'},
179 : {"progress", no_argument, NULL, 'P'},
180 : {"quiet", no_argument, NULL, 'q'},
181 : {"skip-checksums", no_argument, NULL, 's'},
182 : {"wal-directory", required_argument, NULL, 'w'},
183 : {NULL, 0, NULL, 0}
184 : };
185 :
186 : int c;
1092 rhaas 187 ECB : verifier_context context;
188 : manifest_wal_range *first_wal_range;
1101 rhaas 189 GIC 98 : char *manifest_path = NULL;
190 98 : bool no_parse_wal = false;
191 98 : bool quiet = false;
192 98 : char *wal_directory = NULL;
193 98 : char *pg_waldump_path = NULL;
194 :
195 98 : pg_logging_init(argv[0]);
1092 196 98 : set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pg_verifybackup"));
1101 197 98 : progname = get_progname(argv[0]);
198 :
199 98 : memset(&context, 0, sizeof(context));
200 :
201 98 : if (argc > 1)
202 : {
1101 rhaas 203 CBC 97 : if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
1101 rhaas 204 ECB : {
1101 rhaas 205 CBC 1 : usage();
206 1 : exit(0);
1101 rhaas 207 ECB : }
1101 rhaas 208 GIC 96 : if (strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)
1101 rhaas 209 ECB : {
1092 rhaas 210 CBC 1 : puts("pg_verifybackup (PostgreSQL) " PG_VERSION);
1101 211 1 : exit(0);
212 : }
1101 rhaas 213 ECB : }
214 :
215 : /*
216 : * Skip certain files in the toplevel directory.
217 : *
218 : * Ignore the backup_manifest file, because it's not included in the
219 : * backup manifest.
220 : *
221 : * Ignore the pg_wal directory, because those files are not included in
222 : * the backup manifest either, since they are fetched separately from the
223 : * backup itself, and verified via a separate mechanism.
224 : *
225 : * Ignore postgresql.auto.conf, recovery.signal, and standby.signal,
226 : * because we expect that those files may sometimes be created or changed
227 : * as part of the backup process. For example, pg_basebackup -R will
228 : * modify postgresql.auto.conf and create standby.signal.
229 : */
1101 rhaas 230 GIC 96 : simple_string_list_append(&context.ignore_list, "backup_manifest");
231 96 : simple_string_list_append(&context.ignore_list, "pg_wal");
232 96 : simple_string_list_append(&context.ignore_list, "postgresql.auto.conf");
233 96 : simple_string_list_append(&context.ignore_list, "recovery.signal");
234 96 : simple_string_list_append(&context.ignore_list, "standby.signal");
235 :
62 michael 236 GNC 162 : while ((c = getopt_long(argc, argv, "ei:m:nPqsw:", long_options, NULL)) != -1)
237 : {
1101 rhaas 238 GIC 67 : switch (c)
239 : {
240 25 : case 'e':
241 25 : context.exit_on_error = true;
242 25 : break;
243 4 : case 'i':
1101 rhaas 244 ECB : {
1101 rhaas 245 CBC 4 : char *arg = pstrdup(optarg);
1101 rhaas 246 ECB :
1101 rhaas 247 CBC 4 : canonicalize_path(arg);
248 4 : simple_string_list_append(&context.ignore_list, arg);
1101 rhaas 249 GIC 4 : break;
1101 rhaas 250 ECB : }
1101 rhaas 251 GIC 15 : case 'm':
1101 rhaas 252 CBC 15 : manifest_path = pstrdup(optarg);
1101 rhaas 253 GIC 15 : canonicalize_path(manifest_path);
1101 rhaas 254 CBC 15 : break;
255 14 : case 'n':
256 14 : no_parse_wal = true;
257 14 : break;
62 michael 258 GNC 2 : case 'P':
259 2 : show_progress = true;
260 2 : break;
1101 rhaas 261 GIC 3 : case 'q':
1101 rhaas 262 CBC 3 : quiet = true;
1101 rhaas 263 GIC 3 : break;
1101 rhaas 264 CBC 2 : case 's':
265 2 : skip_checksums = true;
266 2 : break;
1101 rhaas 267 GIC 1 : case 'w':
1101 rhaas 268 CBC 1 : wal_directory = pstrdup(optarg);
269 1 : canonicalize_path(wal_directory);
270 1 : break;
271 1 : default:
366 tgl 272 ECB : /* getopt_long already emitted a complaint */
366 tgl 273 CBC 1 : pg_log_error_hint("Try \"%s --help\" for more information.", progname);
1101 rhaas 274 1 : exit(1);
1101 rhaas 275 ECB : }
276 : }
277 :
278 : /* Get backup directory name */
1101 rhaas 279 CBC 95 : if (optind >= argc)
1101 rhaas 280 ECB : {
366 tgl 281 CBC 1 : pg_log_error("no backup directory specified");
282 1 : pg_log_error_hint("Try \"%s --help\" for more information.", progname);
1101 rhaas 283 1 : exit(1);
1101 rhaas 284 ECB : }
1101 rhaas 285 CBC 94 : context.backup_directory = pstrdup(argv[optind++]);
286 94 : canonicalize_path(context.backup_directory);
1101 rhaas 287 ECB :
288 : /* Complain if any arguments remain */
1101 rhaas 289 GIC 94 : if (optind < argc)
1101 rhaas 290 ECB : {
366 tgl 291 CBC 1 : pg_log_error("too many command-line arguments (first is \"%s\")",
292 : argv[optind]);
366 tgl 293 GIC 1 : pg_log_error_hint("Try \"%s --help\" for more information.", progname);
1101 rhaas 294 1 : exit(1);
295 : }
1101 rhaas 296 ECB :
297 : /* Complain if the specified arguments conflict */
62 michael 298 GNC 93 : if (show_progress && quiet)
299 1 : pg_fatal("cannot specify both %s and %s",
300 : "-P/--progress", "-q/--quiet");
301 :
302 : /* Unless --no-parse-wal was specified, we will need pg_waldump. */
1101 rhaas 303 CBC 92 : if (!no_parse_wal)
1101 rhaas 304 ECB : {
305 : int ret;
306 :
1101 rhaas 307 CBC 78 : pg_waldump_path = pg_malloc(MAXPGPATH);
308 78 : ret = find_other_exec(argv[0], "pg_waldump",
309 : "pg_waldump (PostgreSQL) " PG_VERSION "\n",
310 : pg_waldump_path);
311 78 : if (ret < 0)
312 : {
1101 rhaas 313 ECB : char full_path[MAXPGPATH];
314 :
1101 rhaas 315 LBC 0 : if (find_my_exec(argv[0], full_path) < 0)
316 0 : strlcpy(full_path, progname, sizeof(full_path));
317 :
1101 rhaas 318 UIC 0 : if (ret == -1)
366 tgl 319 0 : pg_fatal("program \"%s\" is needed by %s but was not found in the same directory as \"%s\"",
366 tgl 320 ECB : "pg_waldump", "pg_verifybackup", full_path);
1101 rhaas 321 : else
366 tgl 322 UIC 0 : pg_fatal("program \"%s\" was found by \"%s\" but was not the same version as %s",
323 : "pg_waldump", full_path, "pg_verifybackup");
324 : }
1101 rhaas 325 ECB : }
326 :
327 : /* By default, look for the manifest in the backup directory. */
1101 rhaas 328 GIC 92 : if (manifest_path == NULL)
1101 rhaas 329 CBC 77 : manifest_path = psprintf("%s/backup_manifest",
1101 rhaas 330 ECB : context.backup_directory);
331 :
332 : /* By default, look for the WAL in the backup directory, too. */
1101 rhaas 333 CBC 92 : if (wal_directory == NULL)
1101 rhaas 334 GIC 91 : wal_directory = psprintf("%s/pg_wal", context.backup_directory);
335 :
336 : /*
1101 rhaas 337 EUB : * Try to read the manifest. We treat any errors encountered while parsing
338 : * the manifest as fatal; there doesn't seem to be much point in trying to
339 : * verify the backup directory against a corrupted manifest.
340 : */
1101 rhaas 341 GBC 92 : parse_manifest_file(manifest_path, &context.ht, &first_wal_range);
342 :
343 : /*
1101 rhaas 344 EUB : * Now scan the files in the backup directory. At this stage, we verify
345 : * that every file on disk is present in the manifest and that the sizes
346 : * match. We also set the "matched" flag on every manifest entry that
347 : * corresponds to a file on disk.
348 : */
1092 rhaas 349 GIC 60 : verify_backup_directory(&context, NULL, context.backup_directory);
1101 rhaas 350 ECB :
351 : /*
352 : * The "matched" flag should now be set on every entry in the hash table.
353 : * Any entries for which the bit is not set are files mentioned in the
354 : * manifest that don't exist on disk.
355 : */
1101 rhaas 356 CBC 59 : report_extra_backup_files(&context);
357 :
358 : /*
359 : * Now do the expensive work of verifying file checksums, unless we were
360 : * told to skip it.
361 : */
1101 rhaas 362 GIC 58 : if (!skip_checksums)
1092 rhaas 363 CBC 56 : verify_backup_checksums(&context);
364 :
365 : /*
366 : * Try to parse the required ranges of WAL records, unless we were told
367 : * not to do so.
368 : */
1101 rhaas 369 GIC 58 : if (!no_parse_wal)
370 44 : parse_required_wal(&context, pg_waldump_path,
1101 rhaas 371 ECB : wal_directory, first_wal_range);
372 :
373 : /*
374 : * If everything looks OK, tell the user this, unless we were asked to
375 : * work quietly.
376 : */
1101 rhaas 377 GIC 58 : if (!context.saw_any_error && !quiet)
1072 peter 378 CBC 42 : printf(_("backup successfully verified\n"));
379 :
1101 rhaas 380 GIC 58 : return context.saw_any_error ? 1 : 0;
381 : }
382 :
383 : /*
1101 rhaas 384 ECB : * Parse a manifest file. Construct a hash table with information about
385 : * all the files it mentions, and a linked list of all the WAL ranges it
386 : * mentions.
387 : */
388 : static void
1101 rhaas 389 GIC 92 : parse_manifest_file(char *manifest_path, manifest_files_hash **ht_p,
390 : manifest_wal_range **first_wal_range_p)
1101 rhaas 391 ECB : {
392 : int fd;
393 : struct stat statbuf;
394 : off_t estimate;
395 : uint32 initial_size;
396 : manifest_files_hash *ht;
397 : char *buffer;
398 : int rc;
399 : parser_context private_context;
400 : JsonManifestParseContext context;
401 :
402 : /* Open the manifest file. */
1101 rhaas 403 GIC 92 : if ((fd = open(manifest_path, O_RDONLY | PG_BINARY, 0)) < 0)
404 2 : report_fatal_error("could not open file \"%s\": %m", manifest_path);
405 :
406 : /* Figure out how big the manifest is. */
407 90 : if (fstat(fd, &statbuf) != 0)
1101 rhaas 408 UIC 0 : report_fatal_error("could not stat file \"%s\": %m", manifest_path);
409 :
410 : /* Guess how large to make the hash table based on the manifest size. */
1101 rhaas 411 CBC 90 : estimate = statbuf.st_size / ESTIMATED_BYTES_PER_MANIFEST_LINE;
1101 rhaas 412 GIC 90 : initial_size = Min(PG_UINT32_MAX, Max(estimate, 256));
413 :
414 : /* Create the hash table. */
415 90 : ht = manifest_files_create(initial_size, NULL);
416 :
417 : /*
418 : * Slurp in the whole file.
419 : *
420 : * This is not ideal, but there's currently no easy way to get
421 : * pg_parse_json() to perform incremental parsing.
422 : */
423 90 : buffer = pg_malloc(statbuf.st_size);
424 90 : rc = read(fd, buffer, statbuf.st_size);
1101 rhaas 425 CBC 90 : if (rc != statbuf.st_size)
1101 rhaas 426 ECB : {
1101 rhaas 427 UIC 0 : if (rc < 0)
428 0 : report_fatal_error("could not read file \"%s\": %m",
1101 rhaas 429 ECB : manifest_path);
1101 rhaas 430 EUB : else
927 peter 431 UIC 0 : report_fatal_error("could not read file \"%s\": read %d of %lld",
432 0 : manifest_path, rc, (long long int) statbuf.st_size);
1101 rhaas 433 ECB : }
434 :
435 : /* Close the manifest file. */
1101 rhaas 436 GIC 90 : close(fd);
1101 rhaas 437 ECB :
438 : /* Parse the manifest. */
1101 rhaas 439 GIC 90 : private_context.ht = ht;
440 90 : private_context.first_wal_range = NULL;
441 90 : private_context.last_wal_range = NULL;
442 90 : context.private_data = &private_context;
443 90 : context.perfile_cb = record_manifest_details_for_file;
444 90 : context.perwalrange_cb = record_manifest_details_for_wal_range;
1101 rhaas 445 CBC 90 : context.error_cb = report_manifest_error;
446 90 : json_parse_manifest(&context, buffer, statbuf.st_size);
1101 rhaas 447 ECB :
448 : /* Done with the buffer. */
1101 rhaas 449 GBC 60 : pfree(buffer);
1101 rhaas 450 EUB :
451 : /* Return the file hash table and WAL range list we constructed. */
1101 rhaas 452 GIC 60 : *ht_p = ht;
1101 rhaas 453 GBC 60 : *first_wal_range_p = private_context.first_wal_range;
454 60 : }
455 :
456 : /*
457 : * Report an error while parsing the manifest.
1101 rhaas 458 ECB : *
459 : * We consider all such errors to be fatal errors. The manifest parser
460 : * expects this function not to return.
461 : */
462 : static void
1072 peter 463 CBC 29 : report_manifest_error(JsonManifestParseContext *context, const char *fmt,...)
1101 rhaas 464 ECB : {
465 : va_list ap;
466 :
1101 rhaas 467 CBC 29 : va_start(ap, fmt);
366 tgl 468 29 : pg_log_generic_v(PG_LOG_ERROR, PG_LOG_PRIMARY, gettext(fmt), ap);
1101 rhaas 469 GIC 29 : va_end(ap);
470 :
1101 rhaas 471 CBC 29 : exit(1);
472 : }
473 :
1101 rhaas 474 ECB : /*
475 : * Record details extracted from the backup manifest for one file.
476 : */
477 : static void
1101 rhaas 478 GIC 59003 : record_manifest_details_for_file(JsonManifestParseContext *context,
479 : char *pathname, size_t size,
480 : pg_checksum_type checksum_type,
481 : int checksum_length, uint8 *checksum_payload)
482 : {
483 59003 : parser_context *pcxt = context->private_data;
484 59003 : manifest_files_hash *ht = pcxt->ht;
1101 rhaas 485 ECB : manifest_file *m;
486 : bool found;
487 :
488 : /* Make a new entry in the hash table for this file. */
1101 rhaas 489 CBC 59003 : m = manifest_files_insert(ht, pathname, &found);
490 59003 : if (found)
937 peter 491 1 : report_fatal_error("duplicate path name in backup manifest: \"%s\"",
492 : pathname);
1101 rhaas 493 ECB :
494 : /* Initialize the entry. */
1101 rhaas 495 GIC 59002 : m->size = size;
496 59002 : m->checksum_type = checksum_type;
497 59002 : m->checksum_length = checksum_length;
498 59002 : m->checksum_payload = checksum_payload;
499 59002 : m->matched = false;
1101 rhaas 500 CBC 59002 : m->bad = false;
1101 rhaas 501 GIC 59002 : }
502 :
503 : /*
504 : * Record details extracted from the backup manifest for one WAL range.
1101 rhaas 505 ECB : */
506 : static void
1101 rhaas 507 GIC 62 : record_manifest_details_for_wal_range(JsonManifestParseContext *context,
508 : TimeLineID tli,
509 : XLogRecPtr start_lsn, XLogRecPtr end_lsn)
510 : {
1101 rhaas 511 CBC 62 : parser_context *pcxt = context->private_data;
1101 rhaas 512 ECB : manifest_wal_range *range;
513 :
514 : /* Allocate and initialize a struct describing this WAL range. */
1101 rhaas 515 GIC 62 : range = palloc(sizeof(manifest_wal_range));
516 62 : range->tli = tli;
1101 rhaas 517 CBC 62 : range->start_lsn = start_lsn;
518 62 : range->end_lsn = end_lsn;
519 62 : range->prev = pcxt->last_wal_range;
520 62 : range->next = NULL;
1101 rhaas 521 ECB :
522 : /* Add it to the end of the list. */
1101 rhaas 523 CBC 62 : if (pcxt->first_wal_range == NULL)
1101 rhaas 524 GIC 62 : pcxt->first_wal_range = range;
525 : else
1101 rhaas 526 UIC 0 : pcxt->last_wal_range->next = range;
1101 rhaas 527 GIC 62 : pcxt->last_wal_range = range;
528 62 : }
1101 rhaas 529 ECB :
530 : /*
531 : * Verify one directory.
532 : *
1092 533 : * 'relpath' is NULL if we are to verify the top-level backup directory,
534 : * and otherwise the relative path to the directory that is to be verified.
535 : *
536 : * 'fullpath' is the backup directory with 'relpath' appended; i.e. the actual
1101 537 : * filesystem path at which it can be found.
538 : */
539 : static void
1092 rhaas 540 CBC 1470 : verify_backup_directory(verifier_context *context, char *relpath,
1092 rhaas 541 ECB : char *fullpath)
1101 542 : {
543 : DIR *dir;
544 : struct dirent *dirent;
545 :
1101 rhaas 546 CBC 1470 : dir = opendir(fullpath);
1101 rhaas 547 GIC 1470 : if (dir == NULL)
1101 rhaas 548 EUB : {
1101 rhaas 549 ECB : /*
550 : * If even the toplevel backup directory cannot be found, treat this
551 : * as a fatal error.
552 : */
1101 rhaas 553 GIC 2 : if (relpath == NULL)
554 1 : report_fatal_error("could not open directory \"%s\": %m", fullpath);
555 :
556 : /*
557 : * Otherwise, treat this as a non-fatal error, but ignore any further
558 : * errors related to this path and anything beneath it.
559 : */
560 1 : report_backup_error(context,
561 : "could not open directory \"%s\": %m", fullpath);
1101 rhaas 562 CBC 1 : simple_string_list_append(&context->ignore_list, relpath);
563 :
1101 rhaas 564 GIC 1 : return;
565 : }
566 :
567 62069 : while (errno = 0, (dirent = readdir(dir)) != NULL)
1101 rhaas 568 ECB : {
1101 rhaas 569 CBC 60601 : char *filename = dirent->d_name;
1101 rhaas 570 GIC 60601 : char *newfullpath = psprintf("%s/%s", fullpath, filename);
571 : char *newrelpath;
572 :
573 : /* Skip "." and ".." */
574 60601 : if (filename[0] == '.' && (filename[1] == '\0'
1101 rhaas 575 CBC 1468 : || strcmp(filename, "..") == 0))
576 2936 : continue;
577 :
1101 rhaas 578 GIC 57665 : if (relpath == NULL)
579 1410 : newrelpath = pstrdup(filename);
580 : else
581 56255 : newrelpath = psprintf("%s/%s", relpath, filename);
1101 rhaas 582 ECB :
1101 rhaas 583 GIC 57665 : if (!should_ignore_relpath(context, newrelpath))
1092 rhaas 584 CBC 57501 : verify_backup_file(context, newrelpath, newfullpath);
585 :
1101 586 57665 : pfree(newfullpath);
1101 rhaas 587 GIC 57665 : pfree(newrelpath);
588 : }
1101 rhaas 589 ECB :
1101 rhaas 590 GIC 1468 : if (closedir(dir))
1101 rhaas 591 ECB : {
1101 rhaas 592 LBC 0 : report_backup_error(context,
593 : "could not close directory \"%s\": %m", fullpath);
1101 rhaas 594 UIC 0 : return;
595 : }
1101 rhaas 596 ECB : }
597 :
598 : /*
599 : * Verify one file (which might actually be a directory or a symlink).
600 : *
601 : * The arguments to this function have the same meaning as the arguments to
602 : * verify_backup_directory.
603 : */
604 : static void
1092 rhaas 605 CBC 57501 : verify_backup_file(verifier_context *context, char *relpath, char *fullpath)
1101 rhaas 606 ECB : {
607 : struct stat sb;
608 : manifest_file *m;
609 :
1101 rhaas 610 GIC 57501 : if (stat(fullpath, &sb) != 0)
611 : {
1101 rhaas 612 CBC 3 : report_backup_error(context,
613 : "could not stat file or directory \"%s\": %m",
1101 rhaas 614 EUB : relpath);
615 :
616 : /*
617 : * Suppress further errors related to this path name and, if it's a
618 : * directory, anything underneath it.
619 : */
1101 rhaas 620 GIC 3 : simple_string_list_append(&context->ignore_list, relpath);
621 :
622 1415 : return;
623 : }
624 :
625 : /* If it's a directory, just recurse. */
626 57498 : if (S_ISDIR(sb.st_mode))
1101 rhaas 627 ECB : {
1092 rhaas 628 GIC 1410 : verify_backup_directory(context, relpath, fullpath);
1101 629 1410 : return;
630 : }
631 :
1101 rhaas 632 ECB : /* If it's not a directory, it should be a plain file. */
1101 rhaas 633 GIC 56088 : if (!S_ISREG(sb.st_mode))
1101 rhaas 634 ECB : {
1101 rhaas 635 UIC 0 : report_backup_error(context,
636 : "\"%s\" is not a file or directory",
637 : relpath);
638 0 : return;
639 : }
640 :
641 : /* Check whether there's an entry in the manifest hash. */
1101 rhaas 642 CBC 56088 : m = manifest_files_lookup(context->ht, relpath);
1101 rhaas 643 GIC 56088 : if (m == NULL)
1101 rhaas 644 ECB : {
1101 rhaas 645 GIC 2 : report_backup_error(context,
646 : "\"%s\" is present on disk but not in the manifest",
647 : relpath);
1101 rhaas 648 CBC 2 : return;
649 : }
1101 rhaas 650 ECB :
651 : /* Flag this entry as having been encountered in the filesystem. */
1101 rhaas 652 GIC 56086 : m->matched = true;
653 :
654 : /* Check that the size matches. */
1101 rhaas 655 CBC 56086 : if (m->size != sb.st_size)
656 : {
1101 rhaas 657 GBC 2 : report_backup_error(context,
658 : "\"%s\" has size %lld on disk but size %zu in the manifest",
927 peter 659 GIC 2 : relpath, (long long int) sb.st_size, m->size);
1101 rhaas 660 GBC 2 : m->bad = true;
661 : }
662 :
663 : /* Update statistics for progress report, if necessary */
62 michael 664 GNC 56086 : if (show_progress && !skip_checksums && should_verify_checksum(m))
665 964 : total_size += m->size;
666 :
667 : /*
1060 tgl 668 ECB : * We don't verify checksums at this stage. We first finish verifying that
669 : * we have the expected set of files with the expected sizes, and only
670 : * afterwards verify the checksums. That's because computing checksums may
671 : * take a while, and we'd like to report more obvious problems quickly.
672 : */
673 : }
1101 rhaas 674 :
675 : /*
676 : * Scan the hash table for entries where the 'matched' flag is not set; report
677 : * that such files are present in the manifest but not on disk.
678 : */
679 : static void
1092 rhaas 680 GIC 59 : report_extra_backup_files(verifier_context *context)
1101 rhaas 681 ECB : {
682 : manifest_files_iterator it;
683 : manifest_file *m;
684 :
1101 rhaas 685 CBC 59 : manifest_files_start_iterate(context->ht, &it);
686 56260 : while ((m = manifest_files_iterate(context->ht, &it)) != NULL)
1101 rhaas 687 GIC 56143 : if (!m->matched && !should_ignore_relpath(context, m->pathname))
688 5 : report_backup_error(context,
689 : "\"%s\" is present in the manifest but not on disk",
1101 rhaas 690 ECB : m->pathname);
1101 rhaas 691 CBC 58 : }
692 :
693 : /*
694 : * Verify checksums for hash table entries that are otherwise unproblematic.
695 : * If we've already reported some problem related to a hash table entry, or
696 : * if it has no checksum, just skip it.
697 : */
698 : static void
1092 rhaas 699 GIC 56 : verify_backup_checksums(verifier_context *context)
700 : {
701 : manifest_files_iterator it;
702 : manifest_file *m;
703 :
62 michael 704 GNC 56 : progress_report(false);
705 :
1101 rhaas 706 GIC 56 : manifest_files_start_iterate(context->ht, &it);
707 54225 : while ((m = manifest_files_iterate(context->ht, &it)) != NULL)
1101 rhaas 708 ECB : {
62 michael 709 GNC 54169 : if (should_verify_checksum(m) &&
1101 rhaas 710 GIC 52225 : !should_ignore_relpath(context, m->pathname))
711 : {
712 : char *fullpath;
1101 rhaas 713 ECB :
714 : /* Compute the full pathname to the target file. */
1101 rhaas 715 CBC 52225 : fullpath = psprintf("%s/%s", context->backup_directory,
1101 rhaas 716 ECB : m->pathname);
717 :
718 : /* Do the actual checksum verification. */
1092 rhaas 719 CBC 52225 : verify_file_checksum(context, m, fullpath);
720 :
721 : /* Avoid leaking memory. */
1101 rhaas 722 GIC 52225 : pfree(fullpath);
723 : }
724 : }
725 :
62 michael 726 GNC 56 : progress_report(true);
1101 rhaas 727 GIC 56 : }
728 :
1101 rhaas 729 ECB : /*
730 : * Verify the checksum of a single file.
731 : */
732 : static void
1092 rhaas 733 GIC 52225 : verify_file_checksum(verifier_context *context, manifest_file *m,
1060 tgl 734 ECB : char *fullpath)
735 : {
1101 rhaas 736 : pg_checksum_context checksum_ctx;
1101 rhaas 737 CBC 52225 : char *relpath = m->pathname;
738 : int fd;
1101 rhaas 739 ECB : int rc;
1101 rhaas 740 CBC 52225 : size_t bytes_read = 0;
741 : uint8 buffer[READ_CHUNK_SIZE];
742 : uint8 checksumbuf[PG_CHECKSUM_MAX_LENGTH];
743 : int checksumlen;
744 :
1101 rhaas 745 ECB : /* Open the target file. */
1101 rhaas 746 GIC 52225 : if ((fd = open(fullpath, O_RDONLY | PG_BINARY, 0)) < 0)
747 : {
748 1 : report_backup_error(context, "could not open file \"%s\": %m",
1101 rhaas 749 ECB : relpath);
1101 rhaas 750 GIC 1 : return;
751 : }
1101 rhaas 752 ECB :
753 : /* Initialize checksum context. */
858 michael 754 GIC 52224 : if (pg_checksum_init(&checksum_ctx, m->checksum_type) < 0)
755 : {
858 michael 756 LBC 0 : report_backup_error(context, "could not initialize checksum of file \"%s\"",
858 michael 757 ECB : relpath);
853 michael 758 UIC 0 : close(fd);
858 759 0 : return;
760 : }
761 :
762 : /* Read the file chunk by chunk, updating the checksum as we go. */
1101 rhaas 763 CBC 364361 : while ((rc = read(fd, buffer, READ_CHUNK_SIZE)) > 0)
764 : {
1101 rhaas 765 GIC 312137 : bytes_read += rc;
858 michael 766 312137 : if (pg_checksum_update(&checksum_ctx, buffer, rc) < 0)
858 michael 767 ECB : {
858 michael 768 UIC 0 : report_backup_error(context, "could not update checksum of file \"%s\"",
769 : relpath);
858 michael 770 LBC 0 : close(fd);
858 michael 771 UIC 0 : return;
772 : }
773 :
774 : /* Report progress */
62 michael 775 GNC 312137 : done_size += rc;
776 312137 : progress_report(false);
777 : }
1101 rhaas 778 GIC 52224 : if (rc < 0)
1101 rhaas 779 UIC 0 : report_backup_error(context, "could not read file \"%s\": %m",
1101 rhaas 780 ECB : relpath);
781 :
782 : /* Close the file. */
1101 rhaas 783 GIC 52224 : if (close(fd) != 0)
1101 rhaas 784 ECB : {
1101 rhaas 785 UIC 0 : report_backup_error(context, "could not close file \"%s\": %m",
786 : relpath);
787 0 : return;
1101 rhaas 788 ECB : }
789 :
1101 rhaas 790 EUB : /* If we didn't manage to read the whole file, bail out now. */
1101 rhaas 791 GIC 52224 : if (rc < 0)
1101 rhaas 792 UBC 0 : return;
1101 rhaas 793 EUB :
794 : /*
795 : * Double-check that we read the expected number of bytes from the file.
796 : * Normally, a file size mismatch would be caught in verify_backup_file
1101 rhaas 797 ECB : * and this check would never be reached, but this provides additional
798 : * safety and clarity in the event of concurrent modifications or
799 : * filesystem misbehavior.
800 : */
1101 rhaas 801 GIC 52224 : if (bytes_read != m->size)
1101 rhaas 802 EUB : {
1101 rhaas 803 UIC 0 : report_backup_error(context,
1101 rhaas 804 EUB : "file \"%s\" should contain %zu bytes, but read %zu bytes",
805 : relpath, m->size, bytes_read);
1101 rhaas 806 UIC 0 : return;
807 : }
808 :
1101 rhaas 809 ECB : /* Get the final checksum. */
1101 rhaas 810 CBC 52224 : checksumlen = pg_checksum_final(&checksum_ctx, checksumbuf);
858 michael 811 GIC 52224 : if (checksumlen < 0)
858 michael 812 ECB : {
858 michael 813 UBC 0 : report_backup_error(context,
814 : "could not finalize checksum of file \"%s\"",
815 : relpath);
858 michael 816 UIC 0 : return;
858 michael 817 ECB : }
818 :
1101 rhaas 819 EUB : /* And check it against the manifest. */
1101 rhaas 820 GIC 52224 : if (checksumlen != m->checksum_length)
1101 rhaas 821 UBC 0 : report_backup_error(context,
822 : "file \"%s\" has checksum of length %d, but expected %d",
823 : relpath, m->checksum_length, checksumlen);
1101 rhaas 824 GIC 52224 : else if (memcmp(checksumbuf, m->checksum_payload, checksumlen) != 0)
1101 rhaas 825 CBC 3 : report_backup_error(context,
1101 rhaas 826 EUB : "checksum mismatch for file \"%s\"",
827 : relpath);
828 : }
829 :
830 : /*
831 : * Attempt to parse the WAL files required to restore from backup using
832 : * pg_waldump.
833 : */
834 : static void
1092 rhaas 835 CBC 44 : parse_required_wal(verifier_context *context, char *pg_waldump_path,
836 : char *wal_directory, manifest_wal_range *first_wal_range)
1101 rhaas 837 EUB : {
1101 rhaas 838 GIC 44 : manifest_wal_range *this_wal_range = first_wal_range;
839 :
1101 rhaas 840 GBC 88 : while (this_wal_range != NULL)
841 : {
842 : char *pg_waldump_cmd;
843 :
1101 rhaas 844 CBC 44 : pg_waldump_cmd = psprintf("\"%s\" --quiet --path=\"%s\" --timeline=%u --start=%X/%X --end=%X/%X\n",
1101 rhaas 845 ECB : pg_waldump_path, wal_directory, this_wal_range->tli,
775 peter 846 GIC 44 : LSN_FORMAT_ARGS(this_wal_range->start_lsn),
775 peter 847 GBC 44 : LSN_FORMAT_ARGS(this_wal_range->end_lsn));
223 tgl 848 GNC 44 : fflush(NULL);
1101 rhaas 849 GIC 44 : if (system(pg_waldump_cmd) != 0)
850 2 : report_backup_error(context,
1101 rhaas 851 EUB : "WAL parsing failed for timeline %u",
852 : this_wal_range->tli);
853 :
1101 rhaas 854 GIC 44 : this_wal_range = this_wal_range->next;
1101 rhaas 855 ECB : }
1101 rhaas 856 GBC 44 : }
857 :
858 : /*
1101 rhaas 859 ECB : * Report a problem with the backup.
860 : *
861 : * Update the context to indicate that we saw an error, and exit if the
862 : * context says we should.
863 : */
864 : static void
1092 rhaas 865 GIC 19 : report_backup_error(verifier_context *context, const char *pg_restrict fmt,...)
866 : {
867 : va_list ap;
868 :
1101 869 19 : va_start(ap, fmt);
366 tgl 870 CBC 19 : pg_log_generic_v(PG_LOG_ERROR, PG_LOG_PRIMARY, gettext(fmt), ap);
1101 rhaas 871 GIC 19 : va_end(ap);
872 :
1101 rhaas 873 CBC 19 : context->saw_any_error = true;
1101 rhaas 874 GIC 19 : if (context->exit_on_error)
1101 rhaas 875 CBC 1 : exit(1);
1101 rhaas 876 GIC 18 : }
877 :
878 : /*
1101 rhaas 879 ECB : * Report a fatal error and exit
880 : */
881 : static void
1101 rhaas 882 CBC 4 : report_fatal_error(const char *pg_restrict fmt,...)
1101 rhaas 883 ECB : {
884 : va_list ap;
885 :
1101 rhaas 886 GIC 4 : va_start(ap, fmt);
366 tgl 887 4 : pg_log_generic_v(PG_LOG_ERROR, PG_LOG_PRIMARY, gettext(fmt), ap);
1101 rhaas 888 4 : va_end(ap);
1101 rhaas 889 ECB :
1101 rhaas 890 GIC 4 : exit(1);
1101 rhaas 891 ECB : }
892 :
893 : /*
894 : * Is the specified relative path, or some prefix of it, listed in the set
895 : * of paths to ignore?
896 : *
897 : * Note that by "prefix" we mean a parent directory; for this purpose,
898 : * "aa/bb" is not a prefix of "aa/bbb", but it is a prefix of "aa/bb/cc".
899 : */
900 : static bool
1092 rhaas 901 GIC 110870 : should_ignore_relpath(verifier_context *context, char *relpath)
902 : {
903 : SimpleStringListCell *cell;
1101 rhaas 904 ECB :
1101 rhaas 905 CBC 674585 : for (cell = context->ignore_list.head; cell != NULL; cell = cell->next)
1101 rhaas 906 ECB : {
1101 rhaas 907 GIC 564854 : char *r = relpath;
1101 rhaas 908 CBC 564854 : char *v = cell->val;
1101 rhaas 909 ECB :
1101 rhaas 910 CBC 790695 : while (*v != '\0' && *r == *v)
911 225841 : ++r, ++v;
912 :
1101 rhaas 913 GIC 564854 : if (*v == '\0' && (*r == '\0' || *r == '/'))
914 1139 : return true;
915 : }
916 :
1101 rhaas 917 CBC 109731 : return false;
918 : }
919 :
920 : /*
1101 rhaas 921 ECB : * Helper function for manifest_files hash table.
922 : */
923 : static uint32
1101 rhaas 924 GIC 138639 : hash_string_pointer(char *s)
1101 rhaas 925 ECB : {
1101 rhaas 926 GIC 138639 : unsigned char *ss = (unsigned char *) s;
927 :
928 138639 : return hash_bytes(ss, strlen(s));
929 : }
930 :
931 : /*
932 : * Print a progress report based on the global variables.
933 : *
934 : * Progress report is written at maximum once per second, unless the finished
935 : * parameter is set to true.
936 : *
937 : * If finished is set to true, this is the last progress report. The cursor
938 : * is moved to the next line.
939 : */
940 : static void
62 michael 941 GNC 312249 : progress_report(bool finished)
942 : {
943 : static pg_time_t last_progress_report = 0;
944 : pg_time_t now;
945 312249 : int percent_size = 0;
946 : char totalsize_str[32];
947 : char donesize_str[32];
948 :
949 312249 : if (!show_progress)
950 312247 : return;
951 :
952 5778 : now = time(NULL);
953 5778 : if (now == last_progress_report && !finished)
954 5776 : return; /* Max once per second */
955 :
956 2 : last_progress_report = now;
957 2 : percent_size = total_size ? (int) ((done_size * 100 / total_size)) : 0;
958 :
959 2 : snprintf(totalsize_str, sizeof(totalsize_str), UINT64_FORMAT,
960 : total_size / 1024);
961 2 : snprintf(donesize_str, sizeof(donesize_str), UINT64_FORMAT,
962 : done_size / 1024);
963 :
964 2 : fprintf(stderr,
965 2 : _("%*s/%s kB (%d%%) verified"),
966 2 : (int) strlen(totalsize_str),
967 : donesize_str, totalsize_str, percent_size);
968 :
969 : /*
970 : * Stay on the same line if reporting to a terminal and we're not done
971 : * yet.
972 : */
973 2 : fputc((!finished && isatty(fileno(stderr))) ? '\r' : '\n', stderr);
974 : }
975 :
976 : /*
977 : * Print out usage information and exit.
978 : */
979 : static void
1101 rhaas 980 GIC 1 : usage(void)
1101 rhaas 981 ECB : {
1092 rhaas 982 GIC 1 : printf(_("%s verifies a backup against the backup manifest.\n\n"), progname);
1101 983 1 : printf(_("Usage:\n %s [OPTION]... BACKUPDIR\n\n"), progname);
984 1 : printf(_("Options:\n"));
1101 rhaas 985 CBC 1 : printf(_(" -e, --exit-on-error exit immediately on error\n"));
1101 rhaas 986 GIC 1 : printf(_(" -i, --ignore=RELATIVE_PATH ignore indicated path\n"));
1081 fujii 987 CBC 1 : printf(_(" -m, --manifest-path=PATH use specified path for manifest\n"));
1101 rhaas 988 1 : printf(_(" -n, --no-parse-wal do not try to parse WAL files\n"));
62 michael 989 GNC 1 : printf(_(" -P, --progress show progress information\n"));
1081 fujii 990 GIC 1 : printf(_(" -q, --quiet do not print any output, except for errors\n"));
1101 rhaas 991 CBC 1 : printf(_(" -s, --skip-checksums skip checksum verification\n"));
992 1 : printf(_(" -w, --wal-directory=PATH use specified path for WAL files\n"));
1101 rhaas 993 GIC 1 : printf(_(" -V, --version output version information, then exit\n"));
1101 rhaas 994 CBC 1 : printf(_(" -?, --help show this help, then exit\n"));
995 1 : printf(_("\nReport bugs to <%s>.\n"), PACKAGE_BUGREPORT);
1101 rhaas 996 GIC 1 : printf(_("%s home page: <%s>\n"), PACKAGE_NAME, PACKAGE_URL);
997 1 : }
|
