Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * pg_combinebackup.c
4 : * Combine incremental backups with prior backups.
5 : *
6 : * Copyright (c) 2017-2025, PostgreSQL Global Development Group
7 : *
8 : * IDENTIFICATION
9 : * src/bin/pg_combinebackup/pg_combinebackup.c
10 : *
11 : *-------------------------------------------------------------------------
12 : */
13 : #include "postgres_fe.h"
14 :
15 : #include <dirent.h>
16 : #include <fcntl.h>
17 : #include <limits.h>
18 :
19 : #ifdef HAVE_COPYFILE_H
20 : #include <copyfile.h>
21 : #endif
22 : #ifdef __linux__
23 : #include <sys/ioctl.h>
24 : #include <linux/fs.h>
25 : #endif
26 :
27 : #include "access/xlog_internal.h"
28 : #include "backup_label.h"
29 : #include "common/checksum_helper.h"
30 : #include "common/controldata_utils.h"
31 : #include "common/file_perm.h"
32 : #include "common/file_utils.h"
33 : #include "common/logging.h"
34 : #include "common/relpath.h"
35 : #include "copy_file.h"
36 : #include "fe_utils/option_utils.h"
37 : #include "getopt_long.h"
38 : #include "lib/stringinfo.h"
39 : #include "load_manifest.h"
40 : #include "reconstruct.h"
41 : #include "write_manifest.h"
42 :
43 : /* Incremental file naming convention. */
44 : #define INCREMENTAL_PREFIX "INCREMENTAL."
45 : #define INCREMENTAL_PREFIX_LENGTH (sizeof(INCREMENTAL_PREFIX) - 1)
46 :
47 : /*
48 : * Tracking for directories that need to be removed, or have their contents
49 : * removed, if the operation fails.
50 : */
51 : typedef struct cb_cleanup_dir
52 : {
53 : char *target_path;
54 : bool rmtopdir;
55 : struct cb_cleanup_dir *next;
56 : } cb_cleanup_dir;
57 :
58 : /*
59 : * Stores a tablespace mapping provided using -T, --tablespace-mapping.
60 : */
61 : typedef struct cb_tablespace_mapping
62 : {
63 : char old_dir[MAXPGPATH];
64 : char new_dir[MAXPGPATH];
65 : struct cb_tablespace_mapping *next;
66 : } cb_tablespace_mapping;
67 :
68 : /*
69 : * Stores data parsed from all command-line options.
70 : */
71 : typedef struct cb_options
72 : {
73 : bool debug;
74 : char *output;
75 : bool dry_run;
76 : bool no_sync;
77 : cb_tablespace_mapping *tsmappings;
78 : pg_checksum_type manifest_checksums;
79 : bool no_manifest;
80 : DataDirSyncMethod sync_method;
81 : CopyMethod copy_method;
82 : } cb_options;
83 :
84 : /*
85 : * Data about a tablespace.
86 : *
87 : * Every normal tablespace needs a tablespace mapping, but in-place tablespaces
88 : * don't, so the list of tablespaces can contain more entries than the list of
89 : * tablespace mappings.
90 : */
91 : typedef struct cb_tablespace
92 : {
93 : Oid oid;
94 : bool in_place;
95 : char old_dir[MAXPGPATH];
96 : char new_dir[MAXPGPATH];
97 : struct cb_tablespace *next;
98 : } cb_tablespace;
99 :
100 : /* Directories to be removed if we exit uncleanly. */
101 : static cb_cleanup_dir *cleanup_dir_list = NULL;
102 :
103 : static void add_tablespace_mapping(cb_options *opt, char *arg);
104 : static StringInfo check_backup_label_files(int n_backups, char **backup_dirs);
105 : static uint64 check_control_files(int n_backups, char **backup_dirs);
106 : static void check_input_dir_permissions(char *dir);
107 : static void cleanup_directories_atexit(void);
108 : static void create_output_directory(char *dirname, cb_options *opt);
109 : static void help(const char *progname);
110 : static bool parse_oid(char *s, Oid *result);
111 : static void process_directory_recursively(Oid tsoid,
112 : char *input_directory,
113 : char *output_directory,
114 : char *relative_path,
115 : int n_prior_backups,
116 : char **prior_backup_dirs,
117 : manifest_data **manifests,
118 : manifest_writer *mwriter,
119 : cb_options *opt);
120 : static int read_pg_version_file(char *directory);
121 : static void remember_to_cleanup_directory(char *target_path, bool rmtopdir);
122 : static void reset_directory_cleanup_list(void);
123 : static cb_tablespace *scan_for_existing_tablespaces(char *pathname,
124 : cb_options *opt);
125 : static void slurp_file(int fd, char *filename, StringInfo buf, int maxlen);
126 :
127 : /*
128 : * Main program.
129 : */
130 : int
131 50 : main(int argc, char *argv[])
132 : {
133 : static struct option long_options[] = {
134 : {"debug", no_argument, NULL, 'd'},
135 : {"dry-run", no_argument, NULL, 'n'},
136 : {"no-sync", no_argument, NULL, 'N'},
137 : {"output", required_argument, NULL, 'o'},
138 : {"tablespace-mapping", required_argument, NULL, 'T'},
139 : {"link", no_argument, NULL, 'k'},
140 : {"manifest-checksums", required_argument, NULL, 1},
141 : {"no-manifest", no_argument, NULL, 2},
142 : {"sync-method", required_argument, NULL, 3},
143 : {"clone", no_argument, NULL, 4},
144 : {"copy", no_argument, NULL, 5},
145 : {"copy-file-range", no_argument, NULL, 6},
146 : {NULL, 0, NULL, 0}
147 : };
148 :
149 : const char *progname;
150 : char *last_input_dir;
151 : int i;
152 : int optindex;
153 : int c;
154 : int n_backups;
155 : int n_prior_backups;
156 : int version;
157 : uint64 system_identifier;
158 : char **prior_backup_dirs;
159 : cb_options opt;
160 : cb_tablespace *tablespaces;
161 : cb_tablespace *ts;
162 : StringInfo last_backup_label;
163 : manifest_data **manifests;
164 : manifest_writer *mwriter;
165 :
166 50 : pg_logging_init(argv[0]);
167 50 : progname = get_progname(argv[0]);
168 50 : set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pg_combinebackup"));
169 50 : handle_help_version_opts(argc, argv, progname, help);
170 :
171 46 : memset(&opt, 0, sizeof(opt));
172 46 : opt.manifest_checksums = CHECKSUM_TYPE_CRC32C;
173 46 : opt.sync_method = DATA_DIR_SYNC_METHOD_FSYNC;
174 46 : opt.copy_method = COPY_METHOD_COPY;
175 :
176 : /* process command-line options */
177 144 : while ((c = getopt_long(argc, argv, "dknNo:T:",
178 : long_options, &optindex)) != -1)
179 : {
180 100 : switch (c)
181 : {
182 12 : case 'd':
183 12 : opt.debug = true;
184 12 : pg_logging_increase_verbosity();
185 12 : break;
186 2 : case 'k':
187 2 : opt.copy_method = COPY_METHOD_LINK;
188 2 : break;
189 0 : case 'n':
190 0 : opt.dry_run = true;
191 0 : break;
192 6 : case 'N':
193 6 : opt.no_sync = true;
194 6 : break;
195 40 : case 'o':
196 40 : opt.output = optarg;
197 40 : break;
198 2 : case 'T':
199 2 : add_tablespace_mapping(&opt, optarg);
200 2 : break;
201 4 : case 1:
202 4 : if (!pg_checksum_parse_type(optarg,
203 : &opt.manifest_checksums))
204 0 : pg_fatal("unrecognized checksum algorithm: \"%s\"",
205 : optarg);
206 4 : break;
207 2 : case 2:
208 2 : opt.no_manifest = true;
209 2 : break;
210 0 : case 3:
211 0 : if (!parse_sync_method(optarg, &opt.sync_method))
212 0 : exit(1);
213 0 : break;
214 0 : case 4:
215 0 : opt.copy_method = COPY_METHOD_CLONE;
216 0 : break;
217 30 : case 5:
218 30 : opt.copy_method = COPY_METHOD_COPY;
219 30 : break;
220 0 : case 6:
221 0 : opt.copy_method = COPY_METHOD_COPY_FILE_RANGE;
222 0 : break;
223 2 : default:
224 : /* getopt_long already emitted a complaint */
225 2 : pg_log_error_hint("Try \"%s --help\" for more information.", progname);
226 2 : exit(1);
227 : }
228 : }
229 :
230 44 : if (optind >= argc)
231 : {
232 2 : pg_log_error("no input directories specified");
233 2 : pg_log_error_hint("Try \"%s --help\" for more information.", progname);
234 2 : exit(1);
235 : }
236 :
237 42 : if (opt.output == NULL)
238 2 : pg_fatal("no output directory specified");
239 :
240 : /* If no manifest is needed, no checksums are needed, either. */
241 40 : if (opt.no_manifest)
242 2 : opt.manifest_checksums = CHECKSUM_TYPE_NONE;
243 :
244 : /* Check that the platform supports the requested copy method. */
245 40 : if (opt.copy_method == COPY_METHOD_CLONE)
246 : {
247 : #if (defined(HAVE_COPYFILE) && defined(COPYFILE_CLONE_FORCE)) || \
248 : (defined(__linux__) && defined(FICLONE))
249 :
250 0 : if (opt.dry_run)
251 0 : pg_log_debug("would use cloning to copy files");
252 : else
253 0 : pg_log_debug("will use cloning to copy files");
254 :
255 : #else
256 : pg_fatal("file cloning not supported on this platform");
257 : #endif
258 : }
259 40 : else if (opt.copy_method == COPY_METHOD_COPY_FILE_RANGE)
260 : {
261 : #if defined(HAVE_COPY_FILE_RANGE)
262 :
263 0 : if (opt.dry_run)
264 0 : pg_log_debug("would use copy_file_range to copy blocks");
265 : else
266 0 : pg_log_debug("will use copy_file_range to copy blocks");
267 :
268 : #else
269 : pg_fatal("copy_file_range not supported on this platform");
270 : #endif
271 : }
272 :
273 : /* Read the server version from the final backup. */
274 40 : version = read_pg_version_file(argv[argc - 1]);
275 :
276 : /* Sanity-check control files. */
277 40 : n_backups = argc - optind;
278 40 : system_identifier = check_control_files(n_backups, argv + optind);
279 :
280 : /* Sanity-check backup_label files, and get the contents of the last one. */
281 38 : last_backup_label = check_backup_label_files(n_backups, argv + optind);
282 :
283 : /*
284 : * We'll need the pathnames to the prior backups. By "prior" we mean all
285 : * but the last one listed on the command line.
286 : */
287 28 : n_prior_backups = argc - optind - 1;
288 28 : prior_backup_dirs = argv + optind;
289 :
290 : /* Load backup manifests. */
291 28 : manifests = load_backup_manifests(n_backups, prior_backup_dirs);
292 :
293 : /*
294 : * Validate the manifest system identifier against the backup system
295 : * identifier.
296 : */
297 80 : for (i = 0; i < n_backups; i++)
298 : {
299 54 : if (manifests[i] &&
300 54 : manifests[i]->system_identifier != system_identifier)
301 : {
302 : char *controlpath;
303 :
304 2 : controlpath = psprintf("%s/%s", prior_backup_dirs[i], XLOG_CONTROL_FILE);
305 :
306 2 : pg_fatal("%s: manifest system identifier is %" PRIu64 ", but control file has %" PRIu64,
307 : controlpath,
308 : manifests[i]->system_identifier,
309 : system_identifier);
310 : }
311 : }
312 :
313 : /* Figure out which tablespaces are going to be included in the output. */
314 26 : last_input_dir = argv[argc - 1];
315 26 : check_input_dir_permissions(last_input_dir);
316 26 : tablespaces = scan_for_existing_tablespaces(last_input_dir, &opt);
317 :
318 : /*
319 : * Create output directories.
320 : *
321 : * We create one output directory for the main data directory plus one for
322 : * each non-in-place tablespace. create_output_directory() will arrange
323 : * for those directories to be cleaned up on failure. In-place tablespaces
324 : * aren't handled at this stage because they're located beneath the main
325 : * output directory, and thus the cleanup of that directory will get rid
326 : * of them. Plus, the pg_tblspc directory that needs to contain them
327 : * doesn't exist yet.
328 : */
329 26 : atexit(cleanup_directories_atexit);
330 26 : create_output_directory(opt.output, &opt);
331 28 : for (ts = tablespaces; ts != NULL; ts = ts->next)
332 2 : if (!ts->in_place)
333 2 : create_output_directory(ts->new_dir, &opt);
334 :
335 : /* If we need to write a backup_manifest, prepare to do so. */
336 26 : if (!opt.dry_run && !opt.no_manifest)
337 : {
338 24 : mwriter = create_manifest_writer(opt.output, system_identifier);
339 :
340 : /*
341 : * Verify that we have a backup manifest for the final backup; else we
342 : * won't have the WAL ranges for the resulting manifest.
343 : */
344 24 : if (manifests[n_prior_backups] == NULL)
345 0 : pg_fatal("cannot generate a manifest because no manifest is available for the final input backup");
346 : }
347 : else
348 2 : mwriter = NULL;
349 :
350 : /* Write backup label into output directory. */
351 26 : if (opt.dry_run)
352 0 : pg_log_debug("would generate \"%s/backup_label\"", opt.output);
353 : else
354 : {
355 26 : pg_log_debug("generating \"%s/backup_label\"", opt.output);
356 26 : last_backup_label->cursor = 0;
357 26 : write_backup_label(opt.output, last_backup_label,
358 : opt.manifest_checksums, mwriter);
359 : }
360 :
361 : /* Process everything that's not part of a user-defined tablespace. */
362 26 : pg_log_debug("processing backup directory \"%s\"", last_input_dir);
363 26 : process_directory_recursively(InvalidOid, last_input_dir, opt.output,
364 : NULL, n_prior_backups, prior_backup_dirs,
365 : manifests, mwriter, &opt);
366 :
367 : /* Process user-defined tablespaces. */
368 26 : for (ts = tablespaces; ts != NULL; ts = ts->next)
369 : {
370 2 : pg_log_debug("processing tablespace directory \"%s\"", ts->old_dir);
371 :
372 : /*
373 : * If it's a normal tablespace, we need to set up a symbolic link from
374 : * pg_tblspc/${OID} to the target directory; if it's an in-place
375 : * tablespace, we need to create a directory at pg_tblspc/${OID}.
376 : */
377 2 : if (!ts->in_place)
378 : {
379 : char linkpath[MAXPGPATH];
380 :
381 2 : snprintf(linkpath, MAXPGPATH, "%s/%s/%u", opt.output, PG_TBLSPC_DIR,
382 : ts->oid);
383 :
384 2 : if (opt.dry_run)
385 0 : pg_log_debug("would create symbolic link from \"%s\" to \"%s\"",
386 : linkpath, ts->new_dir);
387 : else
388 : {
389 2 : pg_log_debug("creating symbolic link from \"%s\" to \"%s\"",
390 : linkpath, ts->new_dir);
391 2 : if (symlink(ts->new_dir, linkpath) != 0)
392 0 : pg_fatal("could not create symbolic link from \"%s\" to \"%s\": %m",
393 : linkpath, ts->new_dir);
394 : }
395 : }
396 : else
397 : {
398 0 : if (opt.dry_run)
399 0 : pg_log_debug("would create directory \"%s\"", ts->new_dir);
400 : else
401 : {
402 0 : pg_log_debug("creating directory \"%s\"", ts->new_dir);
403 0 : if (pg_mkdir_p(ts->new_dir, pg_dir_create_mode) == -1)
404 0 : pg_fatal("could not create directory \"%s\": %m",
405 : ts->new_dir);
406 : }
407 : }
408 :
409 : /* OK, now handle the directory contents. */
410 2 : process_directory_recursively(ts->oid, ts->old_dir, ts->new_dir,
411 : NULL, n_prior_backups, prior_backup_dirs,
412 : manifests, mwriter, &opt);
413 : }
414 :
415 : /* Finalize the backup_manifest, if we're generating one. */
416 24 : if (mwriter != NULL)
417 22 : finalize_manifest(mwriter,
418 22 : manifests[n_prior_backups]->first_wal_range);
419 :
420 : /* fsync that output directory unless we've been told not to do so */
421 24 : if (!opt.no_sync)
422 : {
423 18 : if (opt.dry_run)
424 0 : pg_log_debug("would recursively fsync \"%s\"", opt.output);
425 : else
426 : {
427 18 : pg_log_debug("recursively fsyncing \"%s\"", opt.output);
428 18 : sync_pgdata(opt.output, version * 10000, opt.sync_method, true);
429 : }
430 : }
431 :
432 : /* Warn about the possibility of compromising the backups, when link mode */
433 24 : if (opt.copy_method == COPY_METHOD_LINK)
434 2 : pg_log_warning("--link mode was used; any modifications to the output "
435 : "directory may destructively modify input directories");
436 :
437 : /* It's a success, so don't remove the output directories. */
438 24 : reset_directory_cleanup_list();
439 24 : exit(0);
440 : }
441 :
442 : /*
443 : * Process the option argument for the -T, --tablespace-mapping switch.
444 : */
445 : static void
446 2 : add_tablespace_mapping(cb_options *opt, char *arg)
447 : {
448 2 : cb_tablespace_mapping *tsmap = pg_malloc0(sizeof(cb_tablespace_mapping));
449 : char *dst;
450 : char *dst_ptr;
451 : char *arg_ptr;
452 :
453 : /*
454 : * Basically, we just want to copy everything before the equals sign to
455 : * tsmap->old_dir and everything afterwards to tsmap->new_dir, but if
456 : * there's more or less than one equals sign, that's an error, and if
457 : * there's an equals sign preceded by a backslash, don't treat it as a
458 : * field separator but instead copy a literal equals sign.
459 : */
460 2 : dst_ptr = dst = tsmap->old_dir;
461 100 : for (arg_ptr = arg; *arg_ptr != '\0'; arg_ptr++)
462 : {
463 98 : if (dst_ptr - dst >= MAXPGPATH)
464 0 : pg_fatal("directory name too long");
465 :
466 98 : if (*arg_ptr == '\\' && *(arg_ptr + 1) == '=')
467 : ; /* skip backslash escaping = */
468 98 : else if (*arg_ptr == '=' && (arg_ptr == arg || *(arg_ptr - 1) != '\\'))
469 : {
470 2 : if (tsmap->new_dir[0] != '\0')
471 0 : pg_fatal("multiple \"=\" signs in tablespace mapping");
472 : else
473 2 : dst = dst_ptr = tsmap->new_dir;
474 : }
475 : else
476 96 : *dst_ptr++ = *arg_ptr;
477 : }
478 2 : if (!tsmap->old_dir[0] || !tsmap->new_dir[0])
479 0 : pg_fatal("invalid tablespace mapping format \"%s\", must be \"OLDDIR=NEWDIR\"", arg);
480 :
481 : /*
482 : * All tablespaces are created with absolute directories, so specifying a
483 : * non-absolute path here would never match, possibly confusing users.
484 : *
485 : * In contrast to pg_basebackup, both the old and new directories are on
486 : * the local machine, so the local machine's definition of an absolute
487 : * path is the only relevant one.
488 : */
489 2 : if (!is_absolute_path(tsmap->old_dir))
490 0 : pg_fatal("old directory is not an absolute path in tablespace mapping: %s",
491 : tsmap->old_dir);
492 :
493 2 : if (!is_absolute_path(tsmap->new_dir))
494 0 : pg_fatal("old directory is not an absolute path in tablespace mapping: %s",
495 : tsmap->new_dir);
496 :
497 : /* Canonicalize paths to avoid spurious failures when comparing. */
498 2 : canonicalize_path(tsmap->old_dir);
499 2 : canonicalize_path(tsmap->new_dir);
500 :
501 : /* Add it to the list. */
502 2 : tsmap->next = opt->tsmappings;
503 2 : opt->tsmappings = tsmap;
504 2 : }
505 :
506 : /*
507 : * Check that the backup_label files form a coherent backup chain, and return
508 : * the contents of the backup_label file from the latest backup.
509 : */
510 : static StringInfo
511 38 : check_backup_label_files(int n_backups, char **backup_dirs)
512 : {
513 38 : StringInfo buf = makeStringInfo();
514 38 : StringInfo lastbuf = buf;
515 : int i;
516 38 : TimeLineID check_tli = 0;
517 38 : XLogRecPtr check_lsn = InvalidXLogRecPtr;
518 :
519 : /* Try to read each backup_label file in turn, last to first. */
520 102 : for (i = n_backups - 1; i >= 0; --i)
521 : {
522 : char pathbuf[MAXPGPATH];
523 : int fd;
524 : TimeLineID start_tli;
525 : TimeLineID previous_tli;
526 : XLogRecPtr start_lsn;
527 : XLogRecPtr previous_lsn;
528 :
529 : /* Open the backup_label file. */
530 74 : snprintf(pathbuf, MAXPGPATH, "%s/backup_label", backup_dirs[i]);
531 74 : pg_log_debug("reading \"%s\"", pathbuf);
532 74 : if ((fd = open(pathbuf, O_RDONLY, 0)) < 0)
533 0 : pg_fatal("could not open file \"%s\": %m", pathbuf);
534 :
535 : /*
536 : * Slurp the whole file into memory.
537 : *
538 : * The exact size limit that we impose here doesn't really matter --
539 : * most of what's supposed to be in the file is fixed size and quite
540 : * short. However, the length of the backup_label is limited (at least
541 : * by some parts of the code) to MAXPGPATH, so include that value in
542 : * the maximum length that we tolerate.
543 : */
544 74 : slurp_file(fd, pathbuf, buf, 10000 + MAXPGPATH);
545 :
546 : /* Close the file. */
547 74 : if (close(fd) != 0)
548 0 : pg_fatal("could not close file \"%s\": %m", pathbuf);
549 :
550 : /* Parse the file contents. */
551 74 : parse_backup_label(pathbuf, buf, &start_tli, &start_lsn,
552 : &previous_tli, &previous_lsn);
553 :
554 : /*
555 : * Sanity checks.
556 : *
557 : * XXX. It's actually not required that start_lsn == check_lsn. It
558 : * would be OK if start_lsn > check_lsn provided that start_lsn is
559 : * less than or equal to the relevant switchpoint. But at the moment
560 : * we don't have that information.
561 : */
562 74 : if (i > 0 && previous_tli == 0)
563 2 : pg_fatal("backup at \"%s\" is a full backup, but only the first backup should be a full backup",
564 : backup_dirs[i]);
565 72 : if (i == 0 && previous_tli != 0)
566 2 : pg_fatal("backup at \"%s\" is an incremental backup, but the first backup should be a full backup",
567 : backup_dirs[i]);
568 70 : if (i < n_backups - 1 && start_tli != check_tli)
569 0 : pg_fatal("backup at \"%s\" starts on timeline %u, but expected %u",
570 : backup_dirs[i], start_tli, check_tli);
571 70 : if (i < n_backups - 1 && start_lsn != check_lsn)
572 6 : pg_fatal("backup at \"%s\" starts at LSN %X/%X, but expected %X/%X",
573 : backup_dirs[i],
574 : LSN_FORMAT_ARGS(start_lsn),
575 : LSN_FORMAT_ARGS(check_lsn));
576 64 : check_tli = previous_tli;
577 64 : check_lsn = previous_lsn;
578 :
579 : /*
580 : * The last backup label in the chain needs to be saved for later use,
581 : * while the others are only needed within this loop.
582 : */
583 64 : if (lastbuf == buf)
584 36 : buf = makeStringInfo();
585 : else
586 28 : resetStringInfo(buf);
587 : }
588 :
589 : /* Free memory that we don't need any more. */
590 28 : if (lastbuf != buf)
591 28 : destroyStringInfo(buf);
592 :
593 : /*
594 : * Return the data from the first backup_info that we read (which is the
595 : * backup_label from the last directory specified on the command line).
596 : */
597 28 : return lastbuf;
598 : }
599 :
600 : /*
601 : * Sanity check control files and return system_identifier.
602 : */
603 : static uint64
604 40 : check_control_files(int n_backups, char **backup_dirs)
605 : {
606 : int i;
607 40 : uint64 system_identifier = 0; /* placate compiler */
608 40 : uint32 data_checksum_version = 0; /* placate compiler */
609 40 : bool data_checksum_mismatch = false;
610 :
611 : /* Try to read each control file in turn, last to first. */
612 120 : for (i = n_backups - 1; i >= 0; --i)
613 : {
614 : ControlFileData *control_file;
615 : bool crc_ok;
616 : char *controlpath;
617 :
618 82 : controlpath = psprintf("%s/%s", backup_dirs[i], XLOG_CONTROL_FILE);
619 82 : pg_log_debug("reading \"%s\"", controlpath);
620 82 : control_file = get_controlfile_by_exact_path(controlpath, &crc_ok);
621 :
622 : /* Control file contents not meaningful if CRC is bad. */
623 82 : if (!crc_ok)
624 0 : pg_fatal("%s: CRC is incorrect", controlpath);
625 :
626 : /* Can't interpret control file if not current version. */
627 82 : if (control_file->pg_control_version != PG_CONTROL_VERSION)
628 0 : pg_fatal("%s: unexpected control file version",
629 : controlpath);
630 :
631 : /* System identifiers should all match. */
632 82 : if (i == n_backups - 1)
633 40 : system_identifier = control_file->system_identifier;
634 42 : else if (system_identifier != control_file->system_identifier)
635 2 : pg_fatal("%s: expected system identifier %" PRIu64 ", but found %" PRIu64,
636 : controlpath, system_identifier,
637 : control_file->system_identifier);
638 :
639 : /*
640 : * Detect checksum mismatches, but only if the last backup in the
641 : * chain has checksums enabled.
642 : */
643 80 : if (i == n_backups - 1)
644 40 : data_checksum_version = control_file->data_checksum_version;
645 40 : else if (data_checksum_version != 0 &&
646 40 : data_checksum_version != control_file->data_checksum_version)
647 0 : data_checksum_mismatch = true;
648 :
649 : /* Release memory. */
650 80 : pfree(control_file);
651 80 : pfree(controlpath);
652 : }
653 :
654 : /*
655 : * If debug output is enabled, make a note of the system identifier that
656 : * we found in all of the relevant control files.
657 : */
658 38 : pg_log_debug("system identifier is %" PRIu64, system_identifier);
659 :
660 : /*
661 : * Warn the user if not all backups are in the same state with regards to
662 : * checksums.
663 : */
664 38 : if (data_checksum_mismatch)
665 : {
666 0 : pg_log_warning("only some backups have checksums enabled");
667 0 : pg_log_warning_hint("Disable, and optionally reenable, checksums on the output directory to avoid failures.");
668 : }
669 :
670 38 : return system_identifier;
671 : }
672 :
673 : /*
674 : * Set default permissions for new files and directories based on the
675 : * permissions of the given directory. The intent here is that the output
676 : * directory should use the same permissions scheme as the final input
677 : * directory.
678 : */
679 : static void
680 26 : check_input_dir_permissions(char *dir)
681 : {
682 : struct stat st;
683 :
684 26 : if (stat(dir, &st) != 0)
685 0 : pg_fatal("could not stat file \"%s\": %m", dir);
686 :
687 26 : SetDataDirectoryCreatePerm(st.st_mode);
688 26 : }
689 :
690 : /*
691 : * Clean up output directories before exiting.
692 : */
693 : static void
694 26 : cleanup_directories_atexit(void)
695 : {
696 28 : while (cleanup_dir_list != NULL)
697 : {
698 2 : cb_cleanup_dir *dir = cleanup_dir_list;
699 :
700 2 : if (dir->rmtopdir)
701 : {
702 2 : pg_log_info("removing output directory \"%s\"", dir->target_path);
703 2 : if (!rmtree(dir->target_path, dir->rmtopdir))
704 0 : pg_log_error("failed to remove output directory");
705 : }
706 : else
707 : {
708 0 : pg_log_info("removing contents of output directory \"%s\"",
709 : dir->target_path);
710 0 : if (!rmtree(dir->target_path, dir->rmtopdir))
711 0 : pg_log_error("failed to remove contents of output directory");
712 : }
713 :
714 2 : cleanup_dir_list = cleanup_dir_list->next;
715 2 : pfree(dir);
716 : }
717 26 : }
718 :
719 : /*
720 : * Create the named output directory, unless it already exists or we're in
721 : * dry-run mode. If it already exists but is not empty, that's a fatal error.
722 : *
723 : * Adds the created directory to the list of directories to be cleaned up
724 : * at process exit.
725 : */
726 : static void
727 28 : create_output_directory(char *dirname, cb_options *opt)
728 : {
729 28 : switch (pg_check_dir(dirname))
730 : {
731 28 : case 0:
732 28 : if (opt->dry_run)
733 : {
734 0 : pg_log_debug("would create directory \"%s\"", dirname);
735 0 : return;
736 : }
737 28 : pg_log_debug("creating directory \"%s\"", dirname);
738 28 : if (pg_mkdir_p(dirname, pg_dir_create_mode) == -1)
739 0 : pg_fatal("could not create directory \"%s\": %m", dirname);
740 28 : remember_to_cleanup_directory(dirname, true);
741 28 : break;
742 :
743 0 : case 1:
744 0 : pg_log_debug("using existing directory \"%s\"", dirname);
745 0 : remember_to_cleanup_directory(dirname, false);
746 0 : break;
747 :
748 0 : case 2:
749 : case 3:
750 : case 4:
751 0 : pg_fatal("directory \"%s\" exists but is not empty", dirname);
752 :
753 0 : case -1:
754 0 : pg_fatal("could not access directory \"%s\": %m", dirname);
755 : }
756 : }
757 :
758 : /*
759 : * help
760 : *
761 : * Prints help page for the program
762 : *
763 : * progname: the name of the executed program, such as "pg_combinebackup"
764 : */
765 : static void
766 2 : help(const char *progname)
767 : {
768 2 : printf(_("%s reconstructs full backups from incrementals.\n\n"), progname);
769 2 : printf(_("Usage:\n"));
770 2 : printf(_(" %s [OPTION]... DIRECTORY...\n"), progname);
771 2 : printf(_("\nOptions:\n"));
772 2 : printf(_(" -d, --debug generate lots of debugging output\n"));
773 2 : printf(_(" -k, --link link files instead of copying\n"));
774 2 : printf(_(" -n, --dry-run do not actually do anything\n"));
775 2 : printf(_(" -N, --no-sync do not wait for changes to be written safely to disk\n"));
776 2 : printf(_(" -o, --output=DIRECTORY output directory\n"));
777 2 : printf(_(" -T, --tablespace-mapping=OLDDIR=NEWDIR\n"
778 : " relocate tablespace in OLDDIR to NEWDIR\n"));
779 2 : printf(_(" --clone clone (reflink) files instead of copying\n"));
780 2 : printf(_(" --copy copy files (default)\n"));
781 2 : printf(_(" --copy-file-range copy using copy_file_range() system call\n"));
782 2 : printf(_(" --manifest-checksums=SHA{224,256,384,512}|CRC32C|NONE\n"
783 : " use algorithm for manifest checksums\n"));
784 2 : printf(_(" --no-manifest suppress generation of backup manifest\n"));
785 2 : printf(_(" --sync-method=METHOD set method for syncing files to disk\n"));
786 2 : printf(_(" -V, --version output version information, then exit\n"));
787 2 : printf(_(" -?, --help show this help, then exit\n"));
788 :
789 2 : printf(_("\nReport bugs to <%s>.\n"), PACKAGE_BUGREPORT);
790 2 : printf(_("%s home page: <%s>\n"), PACKAGE_NAME, PACKAGE_URL);
791 2 : }
792 :
793 : /*
794 : * Try to parse a string as a non-zero OID without leading zeroes.
795 : *
796 : * If it works, return true and set *result to the answer, else return false.
797 : */
798 : static bool
799 4 : parse_oid(char *s, Oid *result)
800 : {
801 : Oid oid;
802 : char *ep;
803 :
804 4 : errno = 0;
805 4 : oid = strtoul(s, &ep, 10);
806 4 : if (errno != 0 || *ep != '\0' || oid < 1 || oid > PG_UINT32_MAX)
807 0 : return false;
808 :
809 4 : *result = oid;
810 4 : return true;
811 : }
812 :
813 : /*
814 : * Copy files from the input directory to the output directory, reconstructing
815 : * full files from incremental files as required.
816 : *
817 : * If processing a user-defined tablespace, the tsoid should be the OID
818 : * of that tablespace and input_directory and output_directory should be the
819 : * toplevel input and output directories for that tablespace. Otherwise,
820 : * tsoid should be InvalidOid and input_directory and output_directory should
821 : * be the main input and output directories.
822 : *
823 : * relative_path is the path beneath the given input and output directories
824 : * that we are currently processing. If NULL, it indicates that we're
825 : * processing the input and output directories themselves.
826 : *
827 : * n_prior_backups is the number of prior backups that we have available.
828 : * This doesn't count the very last backup, which is referenced by
829 : * input_directory, just the older ones. prior_backup_dirs is an array of
830 : * the locations of those previous backups.
831 : */
832 : static void
833 708 : process_directory_recursively(Oid tsoid,
834 : char *input_directory,
835 : char *output_directory,
836 : char *relative_path,
837 : int n_prior_backups,
838 : char **prior_backup_dirs,
839 : manifest_data **manifests,
840 : manifest_writer *mwriter,
841 : cb_options *opt)
842 : {
843 : char ifulldir[MAXPGPATH];
844 : char ofulldir[MAXPGPATH];
845 : char manifest_prefix[MAXPGPATH];
846 : DIR *dir;
847 : struct dirent *de;
848 708 : bool is_pg_tblspc = false;
849 708 : bool is_pg_wal = false;
850 708 : bool is_incremental_dir = false;
851 708 : manifest_data *latest_manifest = manifests[n_prior_backups];
852 : pg_checksum_type checksum_type;
853 :
854 : /*
855 : * Classify this directory.
856 : *
857 : * We set is_pg_tblspc only for the toplevel pg_tblspc directory, because
858 : * the symlinks in that specific directory require special handling.
859 : *
860 : * We set is_pg_wal for the toplevel WAL directory and all of its
861 : * subdirectories, because those files are not included in the backup
862 : * manifest and hence need special treatment. (Since incremental backup
863 : * does not exist in pre-v10 versions, we don't have to worry about the
864 : * old pg_xlog naming.)
865 : *
866 : * We set is_incremental_dir for directories that can contain incremental
867 : * files requiring reconstruction. If such files occur outside these
868 : * directories, we want to just copy them straight to the output
869 : * directory. This is to protect against a user creating a file with a
870 : * strange name like INCREMENTAL.config and then complaining that
871 : * incremental backups don't work properly. The test here is a bit tricky:
872 : * incremental files occur in subdirectories of base, in pg_global itself,
873 : * and in subdirectories of pg_tblspc only if in-place tablespaces are
874 : * used.
875 : */
876 708 : if (OidIsValid(tsoid))
877 6 : is_incremental_dir = true;
878 702 : else if (relative_path != NULL)
879 : {
880 676 : is_pg_tblspc = strcmp(relative_path, PG_TBLSPC_DIR) == 0;
881 1326 : is_pg_wal = (strcmp(relative_path, "pg_wal") == 0 ||
882 650 : strncmp(relative_path, "pg_wal/", 7) == 0);
883 676 : is_incremental_dir = strncmp(relative_path, "base/", 5) == 0 ||
884 1244 : strcmp(relative_path, "global") == 0 ||
885 568 : strncmp(relative_path, PG_TBLSPC_DIR_SLASH, 10) == 0;
886 : }
887 :
888 : /*
889 : * If we're under pg_wal, then we don't need checksums, because these
890 : * files aren't included in the backup manifest. Otherwise use whatever
891 : * type of checksum is configured.
892 : */
893 708 : if (!is_pg_wal)
894 630 : checksum_type = opt->manifest_checksums;
895 : else
896 78 : checksum_type = CHECKSUM_TYPE_NONE;
897 :
898 : /*
899 : * Append the relative path to the input and output directories, and
900 : * figure out the appropriate prefix to add to files in this directory
901 : * when looking them up in a backup manifest.
902 : */
903 708 : if (relative_path == NULL)
904 : {
905 28 : strlcpy(ifulldir, input_directory, MAXPGPATH);
906 28 : strlcpy(ofulldir, output_directory, MAXPGPATH);
907 28 : if (OidIsValid(tsoid))
908 2 : snprintf(manifest_prefix, MAXPGPATH, "%s/%u/", PG_TBLSPC_DIR, tsoid);
909 : else
910 26 : manifest_prefix[0] = '\0';
911 : }
912 : else
913 : {
914 680 : snprintf(ifulldir, MAXPGPATH, "%s/%s", input_directory,
915 : relative_path);
916 680 : snprintf(ofulldir, MAXPGPATH, "%s/%s", output_directory,
917 : relative_path);
918 680 : if (OidIsValid(tsoid))
919 4 : snprintf(manifest_prefix, MAXPGPATH, "%s/%u/%s/",
920 : PG_TBLSPC_DIR, tsoid, relative_path);
921 : else
922 676 : snprintf(manifest_prefix, MAXPGPATH, "%s/", relative_path);
923 : }
924 :
925 : /*
926 : * Toplevel output directories have already been created by the time this
927 : * function is called, but any subdirectories are our responsibility.
928 : */
929 708 : if (relative_path != NULL)
930 : {
931 680 : if (opt->dry_run)
932 0 : pg_log_debug("would create directory \"%s\"", ofulldir);
933 : else
934 : {
935 680 : pg_log_debug("creating directory \"%s\"", ofulldir);
936 680 : if (mkdir(ofulldir, pg_dir_create_mode) == -1)
937 0 : pg_fatal("could not create directory \"%s\": %m", ofulldir);
938 : }
939 : }
940 :
941 : /* It's time to scan the directory. */
942 708 : if ((dir = opendir(ifulldir)) == NULL)
943 0 : pg_fatal("could not open directory \"%s\": %m", ifulldir);
944 28776 : while (errno = 0, (de = readdir(dir)) != NULL)
945 : {
946 : PGFileType type;
947 : char ifullpath[MAXPGPATH];
948 : char ofullpath[MAXPGPATH];
949 : char manifest_path[MAXPGPATH];
950 28074 : Oid oid = InvalidOid;
951 28074 : int checksum_length = 0;
952 28074 : uint8 *checksum_payload = NULL;
953 : pg_checksum_context checksum_ctx;
954 :
955 : /* Ignore "." and ".." entries. */
956 28074 : if (strcmp(de->d_name, ".") == 0 ||
957 27366 : strcmp(de->d_name, "..") == 0)
958 2146 : continue;
959 :
960 : /* Construct input path. */
961 26658 : snprintf(ifullpath, MAXPGPATH, "%s/%s", ifulldir, de->d_name);
962 :
963 : /* Figure out what kind of directory entry this is. */
964 26658 : type = get_dirent_type(ifullpath, de, false, PG_LOG_ERROR);
965 26658 : if (type == PGFILETYPE_ERROR)
966 0 : exit(1);
967 :
968 : /*
969 : * If we're processing pg_tblspc, then check whether the filename
970 : * looks like it could be a tablespace OID. If so, and if the
971 : * directory entry is a symbolic link or a directory, skip it.
972 : *
973 : * Our goal here is to ignore anything that would have been considered
974 : * by scan_for_existing_tablespaces to be a tablespace.
975 : */
976 26658 : if (is_pg_tblspc && parse_oid(de->d_name, &oid) &&
977 0 : (type == PGFILETYPE_LNK || type == PGFILETYPE_DIR))
978 2 : continue;
979 :
980 : /* If it's a directory, recurse. */
981 26656 : if (type == PGFILETYPE_DIR)
982 : {
983 : char new_relative_path[MAXPGPATH];
984 :
985 : /* Append new pathname component to relative path. */
986 680 : if (relative_path == NULL)
987 440 : strlcpy(new_relative_path, de->d_name, MAXPGPATH);
988 : else
989 240 : snprintf(new_relative_path, MAXPGPATH, "%s/%s", relative_path,
990 240 : de->d_name);
991 :
992 : /* And recurse. */
993 680 : process_directory_recursively(tsoid,
994 : input_directory, output_directory,
995 : new_relative_path,
996 : n_prior_backups, prior_backup_dirs,
997 : manifests, mwriter, opt);
998 676 : continue;
999 : }
1000 :
1001 : /* Skip anything that's not a regular file. */
1002 25976 : if (type != PGFILETYPE_REG)
1003 : {
1004 0 : if (type == PGFILETYPE_LNK)
1005 0 : pg_log_warning("skipping symbolic link \"%s\"", ifullpath);
1006 : else
1007 0 : pg_log_warning("skipping special file \"%s\"", ifullpath);
1008 0 : continue;
1009 : }
1010 :
1011 : /*
1012 : * Skip the backup_label and backup_manifest files; they require
1013 : * special handling and are handled elsewhere.
1014 : */
1015 25976 : if (relative_path == NULL &&
1016 190 : (strcmp(de->d_name, "backup_label") == 0 ||
1017 164 : strcmp(de->d_name, "backup_manifest") == 0))
1018 52 : continue;
1019 :
1020 : /*
1021 : * If it's an incremental file, hand it off to the reconstruction
1022 : * code, which will figure out what to do.
1023 : */
1024 25924 : if (is_incremental_dir &&
1025 25654 : strncmp(de->d_name, INCREMENTAL_PREFIX,
1026 : INCREMENTAL_PREFIX_LENGTH) == 0)
1027 : {
1028 : /* Output path should not include "INCREMENTAL." prefix. */
1029 12926 : snprintf(ofullpath, MAXPGPATH, "%s/%s", ofulldir,
1030 12926 : de->d_name + INCREMENTAL_PREFIX_LENGTH);
1031 :
1032 :
1033 : /* Manifest path likewise omits incremental prefix. */
1034 12926 : snprintf(manifest_path, MAXPGPATH, "%s%s", manifest_prefix,
1035 12926 : de->d_name + INCREMENTAL_PREFIX_LENGTH);
1036 :
1037 : /* Reconstruction logic will do the rest. */
1038 12926 : reconstruct_from_incremental_file(ifullpath, ofullpath,
1039 : manifest_prefix,
1040 12926 : de->d_name + INCREMENTAL_PREFIX_LENGTH,
1041 : n_prior_backups,
1042 : prior_backup_dirs,
1043 : manifests,
1044 : manifest_path,
1045 : checksum_type,
1046 : &checksum_length,
1047 : &checksum_payload,
1048 : opt->copy_method,
1049 12926 : opt->debug,
1050 12926 : opt->dry_run);
1051 : }
1052 : else
1053 : {
1054 : /* Construct the path that the backup_manifest will use. */
1055 12998 : snprintf(manifest_path, MAXPGPATH, "%s%s", manifest_prefix,
1056 12998 : de->d_name);
1057 :
1058 : /*
1059 : * It's not an incremental file, so we need to copy the entire
1060 : * file to the output directory.
1061 : *
1062 : * If a checksum of the required type already exists in the
1063 : * backup_manifest for the final input directory, we can save some
1064 : * work by reusing that checksum instead of computing a new one.
1065 : */
1066 12998 : if (checksum_type != CHECKSUM_TYPE_NONE &&
1067 : latest_manifest != NULL)
1068 : {
1069 : manifest_file *mfile;
1070 :
1071 9094 : mfile = manifest_files_lookup(latest_manifest->files,
1072 : manifest_path);
1073 9094 : if (mfile == NULL)
1074 : {
1075 : char *bmpath;
1076 :
1077 : /*
1078 : * The directory is out of sync with the backup_manifest,
1079 : * so emit a warning.
1080 : */
1081 0 : bmpath = psprintf("%s/%s", input_directory,
1082 : "backup_manifest");
1083 0 : pg_log_warning("manifest file \"%s\" contains no entry for file \"%s\"",
1084 : bmpath, manifest_path);
1085 0 : pfree(bmpath);
1086 : }
1087 9094 : else if (mfile->checksum_type == checksum_type)
1088 : {
1089 7156 : checksum_length = mfile->checksum_length;
1090 7156 : checksum_payload = mfile->checksum_payload;
1091 : }
1092 : }
1093 :
1094 : /*
1095 : * If we're reusing a checksum, then we don't need copy_file() to
1096 : * compute one for us, but otherwise, it needs to compute whatever
1097 : * type of checksum we need.
1098 : */
1099 12998 : if (checksum_length != 0)
1100 7156 : pg_checksum_init(&checksum_ctx, CHECKSUM_TYPE_NONE);
1101 : else
1102 5842 : pg_checksum_init(&checksum_ctx, checksum_type);
1103 :
1104 : /* Actually copy the file. */
1105 12998 : snprintf(ofullpath, MAXPGPATH, "%s/%s", ofulldir, de->d_name);
1106 12998 : copy_file(ifullpath, ofullpath, &checksum_ctx,
1107 12998 : opt->copy_method, opt->dry_run);
1108 :
1109 : /*
1110 : * If copy_file() performed a checksum calculation for us, then
1111 : * save the results (except in dry-run mode, when there's no
1112 : * point).
1113 : */
1114 12998 : if (checksum_ctx.type != CHECKSUM_TYPE_NONE && !opt->dry_run)
1115 : {
1116 1938 : checksum_payload = pg_malloc(PG_CHECKSUM_MAX_LENGTH);
1117 1938 : checksum_length = pg_checksum_final(&checksum_ctx,
1118 : checksum_payload);
1119 : }
1120 : }
1121 :
1122 : /* Generate manifest entry, if needed. */
1123 25922 : if (mwriter != NULL)
1124 : {
1125 : struct stat sb;
1126 :
1127 : /*
1128 : * In order to generate a manifest entry, we need the file size
1129 : * and mtime. We have no way to know the correct mtime except to
1130 : * stat() the file, so just do that and get the size as well.
1131 : *
1132 : * If we didn't need the mtime here, we could try to obtain the
1133 : * file size from the reconstruction or file copy process above,
1134 : * although that is actually not convenient in all cases. If we
1135 : * write the file ourselves then clearly we can keep a count of
1136 : * bytes, but if we use something like CopyFile() then it's
1137 : * trickier. Since we have to stat() anyway to get the mtime,
1138 : * there's no point in worrying about it.
1139 : */
1140 23982 : if (stat(ofullpath, &sb) < 0)
1141 0 : pg_fatal("could not stat file \"%s\": %m", ofullpath);
1142 :
1143 : /* OK, now do the work. */
1144 23982 : add_file_to_manifest(mwriter, manifest_path,
1145 23982 : sb.st_size, sb.st_mtime,
1146 : checksum_type, checksum_length,
1147 : checksum_payload);
1148 : }
1149 :
1150 : /* Avoid leaking memory. */
1151 25922 : if (checksum_payload != NULL)
1152 22018 : pfree(checksum_payload);
1153 : }
1154 :
1155 702 : closedir(dir);
1156 702 : }
1157 :
1158 : /*
1159 : * Read the version number from PG_VERSION and convert it to the usual server
1160 : * version number format. (e.g. If PG_VERSION contains "14\n" this function
1161 : * will return 140000)
1162 : */
1163 : static int
1164 40 : read_pg_version_file(char *directory)
1165 : {
1166 : char filename[MAXPGPATH];
1167 : StringInfoData buf;
1168 : int fd;
1169 : int version;
1170 : char *ep;
1171 :
1172 : /* Construct pathname. */
1173 40 : snprintf(filename, MAXPGPATH, "%s/PG_VERSION", directory);
1174 :
1175 : /* Open file. */
1176 40 : if ((fd = open(filename, O_RDONLY, 0)) < 0)
1177 0 : pg_fatal("could not open file \"%s\": %m", filename);
1178 :
1179 : /* Read into memory. Length limit of 128 should be more than generous. */
1180 40 : initStringInfo(&buf);
1181 40 : slurp_file(fd, filename, &buf, 128);
1182 :
1183 : /* Close the file. */
1184 40 : if (close(fd) != 0)
1185 0 : pg_fatal("could not close file \"%s\": %m", filename);
1186 :
1187 : /* Convert to integer. */
1188 40 : errno = 0;
1189 40 : version = strtoul(buf.data, &ep, 10);
1190 40 : if (errno != 0 || *ep != '\n')
1191 : {
1192 : /*
1193 : * Incremental backup is not relevant to very old server versions that
1194 : * used multi-part version number (e.g. 9.6, or 8.4). So if we see
1195 : * what looks like the beginning of such a version number, just bail
1196 : * out.
1197 : */
1198 0 : if (version < 10 && *ep == '.')
1199 0 : pg_fatal("%s: server version too old", filename);
1200 0 : pg_fatal("%s: could not parse version number", filename);
1201 : }
1202 :
1203 : /* Debugging output. */
1204 40 : pg_log_debug("read server version %d from file \"%s\"", version, filename);
1205 :
1206 : /* Release memory and return result. */
1207 40 : pfree(buf.data);
1208 40 : return version * 10000;
1209 : }
1210 :
1211 : /*
1212 : * Add a directory to the list of output directories to clean up.
1213 : */
1214 : static void
1215 28 : remember_to_cleanup_directory(char *target_path, bool rmtopdir)
1216 : {
1217 28 : cb_cleanup_dir *dir = pg_malloc(sizeof(cb_cleanup_dir));
1218 :
1219 28 : dir->target_path = target_path;
1220 28 : dir->rmtopdir = rmtopdir;
1221 28 : dir->next = cleanup_dir_list;
1222 28 : cleanup_dir_list = dir;
1223 28 : }
1224 :
1225 : /*
1226 : * Empty out the list of directories scheduled for cleanup at exit.
1227 : *
1228 : * We want to remove the output directories only on a failure, so call this
1229 : * function when we know that the operation has succeeded.
1230 : *
1231 : * Since we only expect this to be called when we're about to exit, we could
1232 : * just set cleanup_dir_list to NULL and be done with it, but we free the
1233 : * memory to be tidy.
1234 : */
1235 : static void
1236 24 : reset_directory_cleanup_list(void)
1237 : {
1238 50 : while (cleanup_dir_list != NULL)
1239 : {
1240 26 : cb_cleanup_dir *dir = cleanup_dir_list;
1241 :
1242 26 : cleanup_dir_list = cleanup_dir_list->next;
1243 26 : pfree(dir);
1244 : }
1245 24 : }
1246 :
1247 : /*
1248 : * Scan the pg_tblspc directory of the final input backup to get a canonical
1249 : * list of what tablespaces are part of the backup.
1250 : *
1251 : * 'pathname' should be the path to the toplevel backup directory for the
1252 : * final backup in the backup chain.
1253 : */
1254 : static cb_tablespace *
1255 26 : scan_for_existing_tablespaces(char *pathname, cb_options *opt)
1256 : {
1257 : char pg_tblspc[MAXPGPATH];
1258 : DIR *dir;
1259 : struct dirent *de;
1260 26 : cb_tablespace *tslist = NULL;
1261 :
1262 26 : snprintf(pg_tblspc, MAXPGPATH, "%s/%s", pathname, PG_TBLSPC_DIR);
1263 26 : pg_log_debug("scanning \"%s\"", pg_tblspc);
1264 :
1265 26 : if ((dir = opendir(pg_tblspc)) == NULL)
1266 0 : pg_fatal("could not open directory \"%s\": %m", pg_tblspc);
1267 :
1268 80 : while (errno = 0, (de = readdir(dir)) != NULL)
1269 : {
1270 : Oid oid;
1271 : char tblspcdir[MAXPGPATH];
1272 : char link_target[MAXPGPATH];
1273 : int link_length;
1274 : cb_tablespace *ts;
1275 : cb_tablespace *otherts;
1276 : PGFileType type;
1277 :
1278 : /* Silently ignore "." and ".." entries. */
1279 54 : if (strcmp(de->d_name, ".") == 0 || strcmp(de->d_name, "..") == 0)
1280 52 : continue;
1281 :
1282 : /* Construct full pathname. */
1283 2 : snprintf(tblspcdir, MAXPGPATH, "%s/%s", pg_tblspc, de->d_name);
1284 :
1285 : /* Ignore any file name that doesn't look like a proper OID. */
1286 2 : if (!parse_oid(de->d_name, &oid))
1287 : {
1288 0 : pg_log_debug("skipping \"%s\" because the filename is not a legal tablespace OID",
1289 : tblspcdir);
1290 0 : continue;
1291 : }
1292 :
1293 : /* Only symbolic links and directories are tablespaces. */
1294 2 : type = get_dirent_type(tblspcdir, de, false, PG_LOG_ERROR);
1295 2 : if (type == PGFILETYPE_ERROR)
1296 0 : exit(1);
1297 2 : if (type != PGFILETYPE_LNK && type != PGFILETYPE_DIR)
1298 : {
1299 0 : pg_log_debug("skipping \"%s\" because it is neither a symbolic link nor a directory",
1300 : tblspcdir);
1301 0 : continue;
1302 : }
1303 :
1304 : /* Create a new tablespace object. */
1305 2 : ts = pg_malloc0(sizeof(cb_tablespace));
1306 2 : ts->oid = oid;
1307 :
1308 : /*
1309 : * If it's a link, it's not an in-place tablespace. Otherwise, it must
1310 : * be a directory, and thus an in-place tablespace.
1311 : */
1312 2 : if (type == PGFILETYPE_LNK)
1313 : {
1314 : cb_tablespace_mapping *tsmap;
1315 :
1316 : /* Read the link target. */
1317 2 : link_length = readlink(tblspcdir, link_target, sizeof(link_target));
1318 2 : if (link_length < 0)
1319 0 : pg_fatal("could not read symbolic link \"%s\": %m",
1320 : tblspcdir);
1321 2 : if (link_length >= sizeof(link_target))
1322 0 : pg_fatal("target of symbolic link \"%s\" is too long", tblspcdir);
1323 2 : link_target[link_length] = '\0';
1324 2 : if (!is_absolute_path(link_target))
1325 0 : pg_fatal("target of symbolic link \"%s\" is relative", tblspcdir);
1326 :
1327 : /* Canonicalize the link target. */
1328 2 : canonicalize_path(link_target);
1329 :
1330 : /*
1331 : * Find the corresponding tablespace mapping and copy the relevant
1332 : * details into the new tablespace entry.
1333 : */
1334 2 : for (tsmap = opt->tsmappings; tsmap != NULL; tsmap = tsmap->next)
1335 : {
1336 2 : if (strcmp(tsmap->old_dir, link_target) == 0)
1337 : {
1338 2 : strlcpy(ts->old_dir, tsmap->old_dir, MAXPGPATH);
1339 2 : strlcpy(ts->new_dir, tsmap->new_dir, MAXPGPATH);
1340 2 : ts->in_place = false;
1341 2 : break;
1342 : }
1343 : }
1344 :
1345 : /* Every non-in-place tablespace must be mapped. */
1346 2 : if (tsmap == NULL)
1347 0 : pg_fatal("tablespace at \"%s\" has no tablespace mapping",
1348 : link_target);
1349 : }
1350 : else
1351 : {
1352 : /*
1353 : * For an in-place tablespace, there's no separate directory, so
1354 : * we just record the paths within the data directories.
1355 : */
1356 0 : snprintf(ts->old_dir, MAXPGPATH, "%s/%s", pg_tblspc, de->d_name);
1357 0 : snprintf(ts->new_dir, MAXPGPATH, "%s/%s/%s", opt->output,
1358 0 : PG_TBLSPC_DIR, de->d_name);
1359 0 : ts->in_place = true;
1360 : }
1361 :
1362 : /* Tablespaces should not share a directory. */
1363 2 : for (otherts = tslist; otherts != NULL; otherts = otherts->next)
1364 0 : if (strcmp(ts->new_dir, otherts->new_dir) == 0)
1365 0 : pg_fatal("tablespaces with OIDs %u and %u both point at directory \"%s\"",
1366 : otherts->oid, oid, ts->new_dir);
1367 :
1368 : /* Add this tablespace to the list. */
1369 2 : ts->next = tslist;
1370 2 : tslist = ts;
1371 : }
1372 :
1373 26 : if (closedir(dir) != 0)
1374 0 : pg_fatal("could not close directory \"%s\": %m", pg_tblspc);
1375 :
1376 26 : return tslist;
1377 : }
1378 :
1379 : /*
1380 : * Read a file into a StringInfo.
1381 : *
1382 : * fd is used for the actual file I/O, filename for error reporting purposes.
1383 : * A file longer than maxlen is a fatal error.
1384 : */
1385 : static void
1386 114 : slurp_file(int fd, char *filename, StringInfo buf, int maxlen)
1387 : {
1388 : struct stat st;
1389 : ssize_t rb;
1390 :
1391 : /* Check file size, and complain if it's too large. */
1392 114 : if (fstat(fd, &st) != 0)
1393 0 : pg_fatal("could not stat file \"%s\": %m", filename);
1394 114 : if (st.st_size > maxlen)
1395 0 : pg_fatal("file \"%s\" is too large", filename);
1396 :
1397 : /* Make sure we have enough space. */
1398 114 : enlargeStringInfo(buf, st.st_size);
1399 :
1400 : /* Read the data. */
1401 114 : rb = read(fd, &buf->data[buf->len], st.st_size);
1402 :
1403 : /*
1404 : * We don't expect any concurrent changes, so we should read exactly the
1405 : * expected number of bytes.
1406 : */
1407 114 : if (rb != st.st_size)
1408 : {
1409 0 : if (rb < 0)
1410 0 : pg_fatal("could not read file \"%s\": %m", filename);
1411 : else
1412 0 : pg_fatal("could not read file \"%s\": read %zd of %lld",
1413 : filename, rb, (long long int) st.st_size);
1414 : }
1415 :
1416 : /* Adjust buffer length for new data and restore trailing-\0 invariant */
1417 114 : buf->len += rb;
1418 114 : buf->data[buf->len] = '\0';
1419 114 : }
|