LCOV - code coverage report
Current view: top level - src/bin/pg_verifybackup - pg_verifybackup.c (source / functions) Hit Total Coverage
Test: PostgreSQL 16beta1 Lines: 286 316 90.5 %
Date: 2023-06-01 12:12:28 Functions: 17 17 100.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*-------------------------------------------------------------------------
       2             :  *
       3             :  * pg_verifybackup.c
       4             :  *    Verify a backup against a backup manifest.
       5             :  *
       6             :  * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
       7             :  * Portions Copyright (c) 1994, Regents of the University of California
       8             :  *
       9             :  * src/bin/pg_verifybackup/pg_verifybackup.c
      10             :  *
      11             :  *-------------------------------------------------------------------------
      12             :  */
      13             : 
      14             : #include "postgres_fe.h"
      15             : 
      16             : #include <dirent.h>
      17             : #include <fcntl.h>
      18             : #include <sys/stat.h>
      19             : #include <time.h>
      20             : 
      21             : #include "common/hashfn.h"
      22             : #include "common/logging.h"
      23             : #include "fe_utils/simple_list.h"
      24             : #include "getopt_long.h"
      25             : #include "parse_manifest.h"
      26             : #include "pgtime.h"
      27             : 
      28             : /*
      29             :  * For efficiency, we'd like our hash table containing information about the
      30             :  * manifest to start out with approximately the correct number of entries.
      31             :  * There's no way to know the exact number of entries without reading the whole
      32             :  * file, but we can get an estimate by dividing the file size by the estimated
      33             :  * number of bytes per line.
      34             :  *
      35             :  * This could be off by about a factor of two in either direction, because the
      36             :  * checksum algorithm has a big impact on the line lengths; e.g. a SHA512
      37             :  * checksum is 128 hex bytes, whereas a CRC-32C value is only 8, and there
      38             :  * might be no checksum at all.
      39             :  */
      40             : #define ESTIMATED_BYTES_PER_MANIFEST_LINE   100
      41             : 
      42             : /*
      43             :  * How many bytes should we try to read from a file at once?
      44             :  */
      45             : #define READ_CHUNK_SIZE             4096
      46             : 
      47             : /*
      48             :  * Each file described by the manifest file is parsed to produce an object
      49             :  * like this.
      50             :  */
      51             : typedef struct manifest_file
      52             : {
      53             :     uint32      status;         /* hash status */
      54             :     char       *pathname;
      55             :     size_t      size;
      56             :     pg_checksum_type checksum_type;
      57             :     int         checksum_length;
      58             :     uint8      *checksum_payload;
      59             :     bool        matched;
      60             :     bool        bad;
      61             : } manifest_file;
      62             : 
      63             : #define should_verify_checksum(m) \
      64             :     (((m)->matched) && !((m)->bad) && (((m)->checksum_type) != CHECKSUM_TYPE_NONE))
      65             : 
      66             : /*
      67             :  * Define a hash table which we can use to store information about the files
      68             :  * mentioned in the backup manifest.
      69             :  */
      70             : static uint32 hash_string_pointer(char *s);
      71             : #define SH_PREFIX       manifest_files
      72             : #define SH_ELEMENT_TYPE manifest_file
      73             : #define SH_KEY_TYPE     char *
      74             : #define SH_KEY          pathname
      75             : #define SH_HASH_KEY(tb, key)    hash_string_pointer(key)
      76             : #define SH_EQUAL(tb, a, b)      (strcmp(a, b) == 0)
      77             : #define SH_SCOPE        static inline
      78             : #define SH_RAW_ALLOCATOR    pg_malloc0
      79             : #define SH_DECLARE
      80             : #define SH_DEFINE
      81             : #include "lib/simplehash.h"
      82             : 
      83             : /*
      84             :  * Each WAL range described by the manifest file is parsed to produce an
      85             :  * object like this.
      86             :  */
      87             : typedef struct manifest_wal_range
      88             : {
      89             :     TimeLineID  tli;
      90             :     XLogRecPtr  start_lsn;
      91             :     XLogRecPtr  end_lsn;
      92             :     struct manifest_wal_range *next;
      93             :     struct manifest_wal_range *prev;
      94             : } manifest_wal_range;
      95             : 
      96             : /*
      97             :  * Details we need in callbacks that occur while parsing a backup manifest.
      98             :  */
      99             : typedef struct parser_context
     100             : {
     101             :     manifest_files_hash *ht;
     102             :     manifest_wal_range *first_wal_range;
     103             :     manifest_wal_range *last_wal_range;
     104             : } parser_context;
     105             : 
     106             : /*
     107             :  * All of the context information we need while checking a backup manifest.
     108             :  */
     109             : typedef struct verifier_context
     110             : {
     111             :     manifest_files_hash *ht;
     112             :     char       *backup_directory;
     113             :     SimpleStringList ignore_list;
     114             :     bool        exit_on_error;
     115             :     bool        saw_any_error;
     116             : } verifier_context;
     117             : 
     118             : static void parse_manifest_file(char *manifest_path,
     119             :                                 manifest_files_hash **ht_p,
     120             :                                 manifest_wal_range **first_wal_range_p);
     121             : 
     122             : static void record_manifest_details_for_file(JsonManifestParseContext *context,
     123             :                                              char *pathname, size_t size,
     124             :                                              pg_checksum_type checksum_type,
     125             :                                              int checksum_length,
     126             :                                              uint8 *checksum_payload);
     127             : static void record_manifest_details_for_wal_range(JsonManifestParseContext *context,
     128             :                                                   TimeLineID tli,
     129             :                                                   XLogRecPtr start_lsn,
     130             :                                                   XLogRecPtr end_lsn);
     131             : static void report_manifest_error(JsonManifestParseContext *context,
     132             :                                   const char *fmt,...)
     133             :             pg_attribute_printf(2, 3) pg_attribute_noreturn();
     134             : 
     135             : static void verify_backup_directory(verifier_context *context,
     136             :                                     char *relpath, char *fullpath);
     137             : static void verify_backup_file(verifier_context *context,
     138             :                                char *relpath, char *fullpath);
     139             : static void report_extra_backup_files(verifier_context *context);
     140             : static void verify_backup_checksums(verifier_context *context);
     141             : static void verify_file_checksum(verifier_context *context,
     142             :                                  manifest_file *m, char *fullpath);
     143             : static void parse_required_wal(verifier_context *context,
     144             :                                char *pg_waldump_path,
     145             :                                char *wal_directory,
     146             :                                manifest_wal_range *first_wal_range);
     147             : 
     148             : static void report_backup_error(verifier_context *context,
     149             :                                 const char *pg_restrict fmt,...)
     150             :             pg_attribute_printf(2, 3);
     151             : static void report_fatal_error(const char *pg_restrict fmt,...)
     152             :             pg_attribute_printf(1, 2) pg_attribute_noreturn();
     153             : static bool should_ignore_relpath(verifier_context *context, char *relpath);
     154             : 
     155             : static void progress_report(bool finished);
     156             : static void usage(void);
     157             : 
     158             : static const char *progname;
     159             : 
     160             : /* options */
     161             : static bool show_progress = false;
     162             : static bool skip_checksums = false;
     163             : 
     164             : /* Progress indicators */
     165             : static uint64 total_size = 0;
     166             : static uint64 done_size = 0;
     167             : 
     168             : /*
     169             :  * Main entry point.
     170             :  */
     171             : int
     172         178 : main(int argc, char **argv)
     173             : {
     174             :     static struct option long_options[] = {
     175             :         {"exit-on-error", no_argument, NULL, 'e'},
     176             :         {"ignore", required_argument, NULL, 'i'},
     177             :         {"manifest-path", required_argument, NULL, 'm'},
     178             :         {"no-parse-wal", no_argument, NULL, 'n'},
     179             :         {"progress", no_argument, NULL, 'P'},
     180             :         {"quiet", no_argument, NULL, 'q'},
     181             :         {"skip-checksums", no_argument, NULL, 's'},
     182             :         {"wal-directory", required_argument, NULL, 'w'},
     183             :         {NULL, 0, NULL, 0}
     184             :     };
     185             : 
     186             :     int         c;
     187             :     verifier_context context;
     188             :     manifest_wal_range *first_wal_range;
     189         178 :     char       *manifest_path = NULL;
     190         178 :     bool        no_parse_wal = false;
     191         178 :     bool        quiet = false;
     192         178 :     char       *wal_directory = NULL;
     193         178 :     char       *pg_waldump_path = NULL;
     194             : 
     195         178 :     pg_logging_init(argv[0]);
     196         178 :     set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pg_verifybackup"));
     197         178 :     progname = get_progname(argv[0]);
     198             : 
     199         178 :     memset(&context, 0, sizeof(context));
     200             : 
     201         178 :     if (argc > 1)
     202             :     {
     203         176 :         if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
     204             :         {
     205           2 :             usage();
     206           2 :             exit(0);
     207             :         }
     208         174 :         if (strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)
     209             :         {
     210           2 :             puts("pg_verifybackup (PostgreSQL) " PG_VERSION);
     211           2 :             exit(0);
     212             :         }
     213             :     }
     214             : 
     215             :     /*
     216             :      * Skip certain files in the toplevel directory.
     217             :      *
     218             :      * Ignore the backup_manifest file, because it's not included in the
     219             :      * backup manifest.
     220             :      *
     221             :      * Ignore the pg_wal directory, because those files are not included in
     222             :      * the backup manifest either, since they are fetched separately from the
     223             :      * backup itself, and verified via a separate mechanism.
     224             :      *
     225             :      * Ignore postgresql.auto.conf, recovery.signal, and standby.signal,
     226             :      * because we expect that those files may sometimes be created or changed
     227             :      * as part of the backup process. For example, pg_basebackup -R will
     228             :      * modify postgresql.auto.conf and create standby.signal.
     229             :      */
     230         174 :     simple_string_list_append(&context.ignore_list, "backup_manifest");
     231         174 :     simple_string_list_append(&context.ignore_list, "pg_wal");
     232         174 :     simple_string_list_append(&context.ignore_list, "postgresql.auto.conf");
     233         174 :     simple_string_list_append(&context.ignore_list, "recovery.signal");
     234         174 :     simple_string_list_append(&context.ignore_list, "standby.signal");
     235             : 
     236         260 :     while ((c = getopt_long(argc, argv, "ei:m:nPqsw:", long_options, NULL)) != -1)
     237             :     {
     238          88 :         switch (c)
     239             :         {
     240          32 :             case 'e':
     241          32 :                 context.exit_on_error = true;
     242          32 :                 break;
     243           8 :             case 'i':
     244             :                 {
     245           8 :                     char       *arg = pstrdup(optarg);
     246             : 
     247           8 :                     canonicalize_path(arg);
     248           8 :                     simple_string_list_append(&context.ignore_list, arg);
     249           8 :                     break;
     250             :                 }
     251          16 :             case 'm':
     252          16 :                 manifest_path = pstrdup(optarg);
     253          16 :                 canonicalize_path(manifest_path);
     254          16 :                 break;
     255          14 :             case 'n':
     256          14 :                 no_parse_wal = true;
     257          14 :                 break;
     258           4 :             case 'P':
     259           4 :                 show_progress = true;
     260           4 :                 break;
     261           6 :             case 'q':
     262           6 :                 quiet = true;
     263           6 :                 break;
     264           4 :             case 's':
     265           4 :                 skip_checksums = true;
     266           4 :                 break;
     267           2 :             case 'w':
     268           2 :                 wal_directory = pstrdup(optarg);
     269           2 :                 canonicalize_path(wal_directory);
     270           2 :                 break;
     271           2 :             default:
     272             :                 /* getopt_long already emitted a complaint */
     273           2 :                 pg_log_error_hint("Try \"%s --help\" for more information.", progname);
     274           2 :                 exit(1);
     275             :         }
     276             :     }
     277             : 
     278             :     /* Get backup directory name */
     279         172 :     if (optind >= argc)
     280             :     {
     281           2 :         pg_log_error("no backup directory specified");
     282           2 :         pg_log_error_hint("Try \"%s --help\" for more information.", progname);
     283           2 :         exit(1);
     284             :     }
     285         170 :     context.backup_directory = pstrdup(argv[optind++]);
     286         170 :     canonicalize_path(context.backup_directory);
     287             : 
     288             :     /* Complain if any arguments remain */
     289         170 :     if (optind < argc)
     290             :     {
     291           2 :         pg_log_error("too many command-line arguments (first is \"%s\")",
     292             :                      argv[optind]);
     293           2 :         pg_log_error_hint("Try \"%s --help\" for more information.", progname);
     294           2 :         exit(1);
     295             :     }
     296             : 
     297             :     /* Complain if the specified arguments conflict */
     298         168 :     if (show_progress && quiet)
     299           2 :         pg_fatal("cannot specify both %s and %s",
     300             :                  "-P/--progress", "-q/--quiet");
     301             : 
     302             :     /* Unless --no-parse-wal was specified, we will need pg_waldump. */
     303         166 :     if (!no_parse_wal)
     304             :     {
     305             :         int         ret;
     306             : 
     307         152 :         pg_waldump_path = pg_malloc(MAXPGPATH);
     308         152 :         ret = find_other_exec(argv[0], "pg_waldump",
     309             :                               "pg_waldump (PostgreSQL) " PG_VERSION "\n",
     310             :                               pg_waldump_path);
     311         152 :         if (ret < 0)
     312             :         {
     313             :             char        full_path[MAXPGPATH];
     314             : 
     315           0 :             if (find_my_exec(argv[0], full_path) < 0)
     316           0 :                 strlcpy(full_path, progname, sizeof(full_path));
     317             : 
     318           0 :             if (ret == -1)
     319           0 :                 pg_fatal("program \"%s\" is needed by %s but was not found in the same directory as \"%s\"",
     320             :                          "pg_waldump", "pg_verifybackup", full_path);
     321             :             else
     322           0 :                 pg_fatal("program \"%s\" was found by \"%s\" but was not the same version as %s",
     323             :                          "pg_waldump", full_path, "pg_verifybackup");
     324             :         }
     325             :     }
     326             : 
     327             :     /* By default, look for the manifest in the backup directory. */
     328         166 :     if (manifest_path == NULL)
     329         150 :         manifest_path = psprintf("%s/backup_manifest",
     330             :                                  context.backup_directory);
     331             : 
     332             :     /* By default, look for the WAL in the backup directory, too. */
     333         166 :     if (wal_directory == NULL)
     334         164 :         wal_directory = psprintf("%s/pg_wal", context.backup_directory);
     335             : 
     336             :     /*
     337             :      * Try to read the manifest. We treat any errors encountered while parsing
     338             :      * the manifest as fatal; there doesn't seem to be much point in trying to
     339             :      * verify the backup directory against a corrupted manifest.
     340             :      */
     341         166 :     parse_manifest_file(manifest_path, &context.ht, &first_wal_range);
     342             : 
     343             :     /*
     344             :      * Now scan the files in the backup directory. At this stage, we verify
     345             :      * that every file on disk is present in the manifest and that the sizes
     346             :      * match. We also set the "matched" flag on every manifest entry that
     347             :      * corresponds to a file on disk.
     348             :      */
     349         102 :     verify_backup_directory(&context, NULL, context.backup_directory);
     350             : 
     351             :     /*
     352             :      * The "matched" flag should now be set on every entry in the hash table.
     353             :      * Any entries for which the bit is not set are files mentioned in the
     354             :      * manifest that don't exist on disk.
     355             :      */
     356         100 :     report_extra_backup_files(&context);
     357             : 
     358             :     /*
     359             :      * Now do the expensive work of verifying file checksums, unless we were
     360             :      * told to skip it.
     361             :      */
     362          98 :     if (!skip_checksums)
     363          94 :         verify_backup_checksums(&context);
     364             : 
     365             :     /*
     366             :      * Try to parse the required ranges of WAL records, unless we were told
     367             :      * not to do so.
     368             :      */
     369          98 :     if (!no_parse_wal)
     370          84 :         parse_required_wal(&context, pg_waldump_path,
     371             :                            wal_directory, first_wal_range);
     372             : 
     373             :     /*
     374             :      * If everything looks OK, tell the user this, unless we were asked to
     375             :      * work quietly.
     376             :      */
     377          98 :     if (!context.saw_any_error && !quiet)
     378          66 :         printf(_("backup successfully verified\n"));
     379             : 
     380          98 :     return context.saw_any_error ? 1 : 0;
     381             : }
     382             : 
     383             : /*
     384             :  * Parse a manifest file. Construct a hash table with information about
     385             :  * all the files it mentions, and a linked list of all the WAL ranges it
     386             :  * mentions.
     387             :  */
     388             : static void
     389         166 : parse_manifest_file(char *manifest_path, manifest_files_hash **ht_p,
     390             :                     manifest_wal_range **first_wal_range_p)
     391             : {
     392             :     int         fd;
     393             :     struct stat statbuf;
     394             :     off_t       estimate;
     395             :     uint32      initial_size;
     396             :     manifest_files_hash *ht;
     397             :     char       *buffer;
     398             :     int         rc;
     399             :     parser_context private_context;
     400             :     JsonManifestParseContext context;
     401             : 
     402             :     /* Open the manifest file. */
     403         166 :     if ((fd = open(manifest_path, O_RDONLY | PG_BINARY, 0)) < 0)
     404           4 :         report_fatal_error("could not open file \"%s\": %m", manifest_path);
     405             : 
     406             :     /* Figure out how big the manifest is. */
     407         162 :     if (fstat(fd, &statbuf) != 0)
     408           0 :         report_fatal_error("could not stat file \"%s\": %m", manifest_path);
     409             : 
     410             :     /* Guess how large to make the hash table based on the manifest size. */
     411         162 :     estimate = statbuf.st_size / ESTIMATED_BYTES_PER_MANIFEST_LINE;
     412         162 :     initial_size = Min(PG_UINT32_MAX, Max(estimate, 256));
     413             : 
     414             :     /* Create the hash table. */
     415         162 :     ht = manifest_files_create(initial_size, NULL);
     416             : 
     417             :     /*
     418             :      * Slurp in the whole file.
     419             :      *
     420             :      * This is not ideal, but there's currently no easy way to get
     421             :      * pg_parse_json() to perform incremental parsing.
     422             :      */
     423         162 :     buffer = pg_malloc(statbuf.st_size);
     424         162 :     rc = read(fd, buffer, statbuf.st_size);
     425         162 :     if (rc != statbuf.st_size)
     426             :     {
     427           0 :         if (rc < 0)
     428           0 :             report_fatal_error("could not read file \"%s\": %m",
     429             :                                manifest_path);
     430             :         else
     431           0 :             report_fatal_error("could not read file \"%s\": read %d of %lld",
     432           0 :                                manifest_path, rc, (long long int) statbuf.st_size);
     433             :     }
     434             : 
     435             :     /* Close the manifest file. */
     436         162 :     close(fd);
     437             : 
     438             :     /* Parse the manifest. */
     439         162 :     private_context.ht = ht;
     440         162 :     private_context.first_wal_range = NULL;
     441         162 :     private_context.last_wal_range = NULL;
     442         162 :     context.private_data = &private_context;
     443         162 :     context.perfile_cb = record_manifest_details_for_file;
     444         162 :     context.perwalrange_cb = record_manifest_details_for_wal_range;
     445         162 :     context.error_cb = report_manifest_error;
     446         162 :     json_parse_manifest(&context, buffer, statbuf.st_size);
     447             : 
     448             :     /* Done with the buffer. */
     449         102 :     pfree(buffer);
     450             : 
     451             :     /* Return the file hash table and WAL range list we constructed. */
     452         102 :     *ht_p = ht;
     453         102 :     *first_wal_range_p = private_context.first_wal_range;
     454         102 : }
     455             : 
     456             : /*
     457             :  * Report an error while parsing the manifest.
     458             :  *
     459             :  * We consider all such errors to be fatal errors. The manifest parser
     460             :  * expects this function not to return.
     461             :  */
     462             : static void
     463          58 : report_manifest_error(JsonManifestParseContext *context, const char *fmt,...)
     464             : {
     465             :     va_list     ap;
     466             : 
     467          58 :     va_start(ap, fmt);
     468          58 :     pg_log_generic_v(PG_LOG_ERROR, PG_LOG_PRIMARY, gettext(fmt), ap);
     469          58 :     va_end(ap);
     470             : 
     471          58 :     exit(1);
     472             : }
     473             : 
     474             : /*
     475             :  * Record details extracted from the backup manifest for one file.
     476             :  */
     477             : static void
     478      100586 : record_manifest_details_for_file(JsonManifestParseContext *context,
     479             :                                  char *pathname, size_t size,
     480             :                                  pg_checksum_type checksum_type,
     481             :                                  int checksum_length, uint8 *checksum_payload)
     482             : {
     483      100586 :     parser_context *pcxt = context->private_data;
     484      100586 :     manifest_files_hash *ht = pcxt->ht;
     485             :     manifest_file *m;
     486             :     bool        found;
     487             : 
     488             :     /* Make a new entry in the hash table for this file. */
     489      100586 :     m = manifest_files_insert(ht, pathname, &found);
     490      100586 :     if (found)
     491           2 :         report_fatal_error("duplicate path name in backup manifest: \"%s\"",
     492             :                            pathname);
     493             : 
     494             :     /* Initialize the entry. */
     495      100584 :     m->size = size;
     496      100584 :     m->checksum_type = checksum_type;
     497      100584 :     m->checksum_length = checksum_length;
     498      100584 :     m->checksum_payload = checksum_payload;
     499      100584 :     m->matched = false;
     500      100584 :     m->bad = false;
     501      100584 : }
     502             : 
     503             : /*
     504             :  * Record details extracted from the backup manifest for one WAL range.
     505             :  */
     506             : static void
     507         106 : record_manifest_details_for_wal_range(JsonManifestParseContext *context,
     508             :                                       TimeLineID tli,
     509             :                                       XLogRecPtr start_lsn, XLogRecPtr end_lsn)
     510             : {
     511         106 :     parser_context *pcxt = context->private_data;
     512             :     manifest_wal_range *range;
     513             : 
     514             :     /* Allocate and initialize a struct describing this WAL range. */
     515         106 :     range = palloc(sizeof(manifest_wal_range));
     516         106 :     range->tli = tli;
     517         106 :     range->start_lsn = start_lsn;
     518         106 :     range->end_lsn = end_lsn;
     519         106 :     range->prev = pcxt->last_wal_range;
     520         106 :     range->next = NULL;
     521             : 
     522             :     /* Add it to the end of the list. */
     523         106 :     if (pcxt->first_wal_range == NULL)
     524         106 :         pcxt->first_wal_range = range;
     525             :     else
     526           0 :         pcxt->last_wal_range->next = range;
     527         106 :     pcxt->last_wal_range = range;
     528         106 : }
     529             : 
     530             : /*
     531             :  * Verify one directory.
     532             :  *
     533             :  * 'relpath' is NULL if we are to verify the top-level backup directory,
     534             :  * and otherwise the relative path to the directory that is to be verified.
     535             :  *
     536             :  * 'fullpath' is the backup directory with 'relpath' appended; i.e. the actual
     537             :  * filesystem path at which it can be found.
     538             :  */
     539             : static void
     540        2508 : verify_backup_directory(verifier_context *context, char *relpath,
     541             :                         char *fullpath)
     542             : {
     543             :     DIR        *dir;
     544             :     struct dirent *dirent;
     545             : 
     546        2508 :     dir = opendir(fullpath);
     547        2508 :     if (dir == NULL)
     548             :     {
     549             :         /*
     550             :          * If even the toplevel backup directory cannot be found, treat this
     551             :          * as a fatal error.
     552             :          */
     553           4 :         if (relpath == NULL)
     554           2 :             report_fatal_error("could not open directory \"%s\": %m", fullpath);
     555             : 
     556             :         /*
     557             :          * Otherwise, treat this as a non-fatal error, but ignore any further
     558             :          * errors related to this path and anything beneath it.
     559             :          */
     560           2 :         report_backup_error(context,
     561             :                             "could not open directory \"%s\": %m", fullpath);
     562           2 :         simple_string_list_append(&context->ignore_list, relpath);
     563             : 
     564           2 :         return;
     565             :     }
     566             : 
     567      105004 :     while (errno = 0, (dirent = readdir(dir)) != NULL)
     568             :     {
     569      102500 :         char       *filename = dirent->d_name;
     570      102500 :         char       *newfullpath = psprintf("%s/%s", fullpath, filename);
     571             :         char       *newrelpath;
     572             : 
     573             :         /* Skip "." and ".." */
     574      102500 :         if (filename[0] == '.' && (filename[1] == '\0'
     575        2504 :                                    || strcmp(filename, "..") == 0))
     576        5008 :             continue;
     577             : 
     578       97492 :         if (relpath == NULL)
     579        2388 :             newrelpath = pstrdup(filename);
     580             :         else
     581       95104 :             newrelpath = psprintf("%s/%s", relpath, filename);
     582             : 
     583       97492 :         if (!should_ignore_relpath(context, newrelpath))
     584       97204 :             verify_backup_file(context, newrelpath, newfullpath);
     585             : 
     586       97492 :         pfree(newfullpath);
     587       97492 :         pfree(newrelpath);
     588             :     }
     589             : 
     590        2504 :     if (closedir(dir))
     591             :     {
     592           0 :         report_backup_error(context,
     593             :                             "could not close directory \"%s\": %m", fullpath);
     594           0 :         return;
     595             :     }
     596             : }
     597             : 
     598             : /*
     599             :  * Verify one file (which might actually be a directory or a symlink).
     600             :  *
     601             :  * The arguments to this function have the same meaning as the arguments to
     602             :  * verify_backup_directory.
     603             :  */
     604             : static void
     605       97204 : verify_backup_file(verifier_context *context, char *relpath, char *fullpath)
     606             : {
     607             :     struct stat sb;
     608             :     manifest_file *m;
     609             : 
     610       97204 :     if (stat(fullpath, &sb) != 0)
     611             :     {
     612           6 :         report_backup_error(context,
     613             :                             "could not stat file or directory \"%s\": %m",
     614             :                             relpath);
     615             : 
     616             :         /*
     617             :          * Suppress further errors related to this path name and, if it's a
     618             :          * directory, anything underneath it.
     619             :          */
     620           6 :         simple_string_list_append(&context->ignore_list, relpath);
     621             : 
     622        2416 :         return;
     623             :     }
     624             : 
     625             :     /* If it's a directory, just recurse. */
     626       97198 :     if (S_ISDIR(sb.st_mode))
     627             :     {
     628        2406 :         verify_backup_directory(context, relpath, fullpath);
     629        2406 :         return;
     630             :     }
     631             : 
     632             :     /* If it's not a directory, it should be a plain file. */
     633       94792 :     if (!S_ISREG(sb.st_mode))
     634             :     {
     635           0 :         report_backup_error(context,
     636             :                             "\"%s\" is not a file or directory",
     637             :                             relpath);
     638           0 :         return;
     639             :     }
     640             : 
     641             :     /* Check whether there's an entry in the manifest hash. */
     642       94792 :     m = manifest_files_lookup(context->ht, relpath);
     643       94792 :     if (m == NULL)
     644             :     {
     645           4 :         report_backup_error(context,
     646             :                             "\"%s\" is present on disk but not in the manifest",
     647             :                             relpath);
     648           4 :         return;
     649             :     }
     650             : 
     651             :     /* Flag this entry as having been encountered in the filesystem. */
     652       94788 :     m->matched = true;
     653             : 
     654             :     /* Check that the size matches. */
     655       94788 :     if (m->size != sb.st_size)
     656             :     {
     657           4 :         report_backup_error(context,
     658             :                             "\"%s\" has size %lld on disk but size %zu in the manifest",
     659           4 :                             relpath, (long long int) sb.st_size, m->size);
     660           4 :         m->bad = true;
     661             :     }
     662             : 
     663             :     /* Update statistics for progress report, if necessary */
     664       94788 :     if (show_progress && !skip_checksums && should_verify_checksum(m))
     665        1928 :         total_size += m->size;
     666             : 
     667             :     /*
     668             :      * We don't verify checksums at this stage. We first finish verifying that
     669             :      * we have the expected set of files with the expected sizes, and only
     670             :      * afterwards verify the checksums. That's because computing checksums may
     671             :      * take a while, and we'd like to report more obvious problems quickly.
     672             :      */
     673             : }
     674             : 
     675             : /*
     676             :  * Scan the hash table for entries where the 'matched' flag is not set; report
     677             :  * that such files are present in the manifest but not on disk.
     678             :  */
     679             : static void
     680         100 : report_extra_backup_files(verifier_context *context)
     681             : {
     682             :     manifest_files_iterator it;
     683             :     manifest_file *m;
     684             : 
     685         100 :     manifest_files_start_iterate(context->ht, &it);
     686       94966 :     while ((m = manifest_files_iterate(context->ht, &it)) != NULL)
     687       94868 :         if (!m->matched && !should_ignore_relpath(context, m->pathname))
     688          10 :             report_backup_error(context,
     689             :                                 "\"%s\" is present in the manifest but not on disk",
     690             :                                 m->pathname);
     691          98 : }
     692             : 
     693             : /*
     694             :  * Verify checksums for hash table entries that are otherwise unproblematic.
     695             :  * If we've already reported some problem related to a hash table entry, or
     696             :  * if it has no checksum, just skip it.
     697             :  */
     698             : static void
     699          94 : verify_backup_checksums(verifier_context *context)
     700             : {
     701             :     manifest_files_iterator it;
     702             :     manifest_file *m;
     703             : 
     704          94 :     progress_report(false);
     705             : 
     706          94 :     manifest_files_start_iterate(context->ht, &it);
     707       91012 :     while ((m = manifest_files_iterate(context->ht, &it)) != NULL)
     708             :     {
     709       90918 :         if (should_verify_checksum(m) &&
     710       87066 :             !should_ignore_relpath(context, m->pathname))
     711             :         {
     712             :             char       *fullpath;
     713             : 
     714             :             /* Compute the full pathname to the target file. */
     715       87066 :             fullpath = psprintf("%s/%s", context->backup_directory,
     716             :                                 m->pathname);
     717             : 
     718             :             /* Do the actual checksum verification. */
     719       87066 :             verify_file_checksum(context, m, fullpath);
     720             : 
     721             :             /* Avoid leaking memory. */
     722       87066 :             pfree(fullpath);
     723             :         }
     724             :     }
     725             : 
     726          94 :     progress_report(true);
     727          94 : }
     728             : 
     729             : /*
     730             :  * Verify the checksum of a single file.
     731             :  */
     732             : static void
     733       87066 : verify_file_checksum(verifier_context *context, manifest_file *m,
     734             :                      char *fullpath)
     735             : {
     736             :     pg_checksum_context checksum_ctx;
     737       87066 :     char       *relpath = m->pathname;
     738             :     int         fd;
     739             :     int         rc;
     740       87066 :     size_t      bytes_read = 0;
     741             :     uint8       buffer[READ_CHUNK_SIZE];
     742             :     uint8       checksumbuf[PG_CHECKSUM_MAX_LENGTH];
     743             :     int         checksumlen;
     744             : 
     745             :     /* Open the target file. */
     746       87066 :     if ((fd = open(fullpath, O_RDONLY | PG_BINARY, 0)) < 0)
     747             :     {
     748           2 :         report_backup_error(context, "could not open file \"%s\": %m",
     749             :                             relpath);
     750           2 :         return;
     751             :     }
     752             : 
     753             :     /* Initialize checksum context. */
     754       87064 :     if (pg_checksum_init(&checksum_ctx, m->checksum_type) < 0)
     755             :     {
     756           0 :         report_backup_error(context, "could not initialize checksum of file \"%s\"",
     757             :                             relpath);
     758           0 :         close(fd);
     759           0 :         return;
     760             :     }
     761             : 
     762             :     /* Read the file chunk by chunk, updating the checksum as we go. */
     763      597092 :     while ((rc = read(fd, buffer, READ_CHUNK_SIZE)) > 0)
     764             :     {
     765      510028 :         bytes_read += rc;
     766      510028 :         if (pg_checksum_update(&checksum_ctx, buffer, rc) < 0)
     767             :         {
     768           0 :             report_backup_error(context, "could not update checksum of file \"%s\"",
     769             :                                 relpath);
     770           0 :             close(fd);
     771           0 :             return;
     772             :         }
     773             : 
     774             :         /* Report progress */
     775      510028 :         done_size += rc;
     776      510028 :         progress_report(false);
     777             :     }
     778       87064 :     if (rc < 0)
     779           0 :         report_backup_error(context, "could not read file \"%s\": %m",
     780             :                             relpath);
     781             : 
     782             :     /* Close the file. */
     783       87064 :     if (close(fd) != 0)
     784             :     {
     785           0 :         report_backup_error(context, "could not close file \"%s\": %m",
     786             :                             relpath);
     787           0 :         return;
     788             :     }
     789             : 
     790             :     /* If we didn't manage to read the whole file, bail out now. */
     791       87064 :     if (rc < 0)
     792           0 :         return;
     793             : 
     794             :     /*
     795             :      * Double-check that we read the expected number of bytes from the file.
     796             :      * Normally, a file size mismatch would be caught in verify_backup_file
     797             :      * and this check would never be reached, but this provides additional
     798             :      * safety and clarity in the event of concurrent modifications or
     799             :      * filesystem misbehavior.
     800             :      */
     801       87064 :     if (bytes_read != m->size)
     802             :     {
     803           0 :         report_backup_error(context,
     804             :                             "file \"%s\" should contain %zu bytes, but read %zu bytes",
     805             :                             relpath, m->size, bytes_read);
     806           0 :         return;
     807             :     }
     808             : 
     809             :     /* Get the final checksum. */
     810       87064 :     checksumlen = pg_checksum_final(&checksum_ctx, checksumbuf);
     811       87064 :     if (checksumlen < 0)
     812             :     {
     813           0 :         report_backup_error(context,
     814             :                             "could not finalize checksum of file \"%s\"",
     815             :                             relpath);
     816           0 :         return;
     817             :     }
     818             : 
     819             :     /* And check it against the manifest. */
     820       87064 :     if (checksumlen != m->checksum_length)
     821           0 :         report_backup_error(context,
     822             :                             "file \"%s\" has checksum of length %d, but expected %d",
     823             :                             relpath, m->checksum_length, checksumlen);
     824       87064 :     else if (memcmp(checksumbuf, m->checksum_payload, checksumlen) != 0)
     825           6 :         report_backup_error(context,
     826             :                             "checksum mismatch for file \"%s\"",
     827             :                             relpath);
     828             : }
     829             : 
     830             : /*
     831             :  * Attempt to parse the WAL files required to restore from backup using
     832             :  * pg_waldump.
     833             :  */
     834             : static void
     835          84 : parse_required_wal(verifier_context *context, char *pg_waldump_path,
     836             :                    char *wal_directory, manifest_wal_range *first_wal_range)
     837             : {
     838          84 :     manifest_wal_range *this_wal_range = first_wal_range;
     839             : 
     840         168 :     while (this_wal_range != NULL)
     841             :     {
     842             :         char       *pg_waldump_cmd;
     843             : 
     844          84 :         pg_waldump_cmd = psprintf("\"%s\" --quiet --path=\"%s\" --timeline=%u --start=%X/%X --end=%X/%X\n",
     845             :                                   pg_waldump_path, wal_directory, this_wal_range->tli,
     846          84 :                                   LSN_FORMAT_ARGS(this_wal_range->start_lsn),
     847          84 :                                   LSN_FORMAT_ARGS(this_wal_range->end_lsn));
     848          84 :         fflush(NULL);
     849          84 :         if (system(pg_waldump_cmd) != 0)
     850           4 :             report_backup_error(context,
     851             :                                 "WAL parsing failed for timeline %u",
     852             :                                 this_wal_range->tli);
     853             : 
     854          84 :         this_wal_range = this_wal_range->next;
     855             :     }
     856          84 : }
     857             : 
     858             : /*
     859             :  * Report a problem with the backup.
     860             :  *
     861             :  * Update the context to indicate that we saw an error, and exit if the
     862             :  * context says we should.
     863             :  */
     864             : static void
     865          38 : report_backup_error(verifier_context *context, const char *pg_restrict fmt,...)
     866             : {
     867             :     va_list     ap;
     868             : 
     869          38 :     va_start(ap, fmt);
     870          38 :     pg_log_generic_v(PG_LOG_ERROR, PG_LOG_PRIMARY, gettext(fmt), ap);
     871          38 :     va_end(ap);
     872             : 
     873          38 :     context->saw_any_error = true;
     874          38 :     if (context->exit_on_error)
     875           2 :         exit(1);
     876          36 : }
     877             : 
     878             : /*
     879             :  * Report a fatal error and exit
     880             :  */
     881             : static void
     882           8 : report_fatal_error(const char *pg_restrict fmt,...)
     883             : {
     884             :     va_list     ap;
     885             : 
     886           8 :     va_start(ap, fmt);
     887           8 :     pg_log_generic_v(PG_LOG_ERROR, PG_LOG_PRIMARY, gettext(fmt), ap);
     888           8 :     va_end(ap);
     889             : 
     890           8 :     exit(1);
     891             : }
     892             : 
     893             : /*
     894             :  * Is the specified relative path, or some prefix of it, listed in the set
     895             :  * of paths to ignore?
     896             :  *
     897             :  * Note that by "prefix" we mean a parent directory; for this purpose,
     898             :  * "aa/bb" is not a prefix of "aa/bbb", but it is a prefix of "aa/bb/cc".
     899             :  */
     900             : static bool
     901      186482 : should_ignore_relpath(verifier_context *context, char *relpath)
     902             : {
     903             :     SimpleStringListCell *cell;
     904             : 
     905     1139020 :     for (cell = context->ignore_list.head; cell != NULL; cell = cell->next)
     906             :     {
     907      954740 :         char       *r = relpath;
     908      954740 :         char       *v = cell->val;
     909             : 
     910     1337900 :         while (*v != '\0' && *r == *v)
     911      383160 :             ++r, ++v;
     912             : 
     913      954740 :         if (*v == '\0' && (*r == '\0' || *r == '/'))
     914        2202 :             return true;
     915             :     }
     916             : 
     917      184280 :     return false;
     918             : }
     919             : 
     920             : /*
     921             :  * Helper function for manifest_files hash table.
     922             :  */
     923             : static uint32
     924      237154 : hash_string_pointer(char *s)
     925             : {
     926      237154 :     unsigned char *ss = (unsigned char *) s;
     927             : 
     928      237154 :     return hash_bytes(ss, strlen(s));
     929             : }
     930             : 
     931             : /*
     932             :  * Print a progress report based on the global variables.
     933             :  *
     934             :  * Progress report is written at maximum once per second, unless the finished
     935             :  * parameter is set to true.
     936             :  *
     937             :  * If finished is set to true, this is the last progress report. The cursor
     938             :  * is moved to the next line.
     939             :  */
     940             : static void
     941      510216 : progress_report(bool finished)
     942             : {
     943             :     static pg_time_t last_progress_report = 0;
     944             :     pg_time_t   now;
     945      510216 :     int         percent_size = 0;
     946             :     char        totalsize_str[32];
     947             :     char        donesize_str[32];
     948             : 
     949      510216 :     if (!show_progress)
     950      510212 :         return;
     951             : 
     952       11328 :     now = time(NULL);
     953       11328 :     if (now == last_progress_report && !finished)
     954       11324 :         return;                 /* Max once per second */
     955             : 
     956           4 :     last_progress_report = now;
     957           4 :     percent_size = total_size ? (int) ((done_size * 100 / total_size)) : 0;
     958             : 
     959           4 :     snprintf(totalsize_str, sizeof(totalsize_str), UINT64_FORMAT,
     960             :              total_size / 1024);
     961           4 :     snprintf(donesize_str, sizeof(donesize_str), UINT64_FORMAT,
     962             :              done_size / 1024);
     963             : 
     964           4 :     fprintf(stderr,
     965           4 :             _("%*s/%s kB (%d%%) verified"),
     966           4 :             (int) strlen(totalsize_str),
     967             :             donesize_str, totalsize_str, percent_size);
     968             : 
     969             :     /*
     970             :      * Stay on the same line if reporting to a terminal and we're not done
     971             :      * yet.
     972             :      */
     973           4 :     fputc((!finished && isatty(fileno(stderr))) ? '\r' : '\n', stderr);
     974             : }
     975             : 
     976             : /*
     977             :  * Print out usage information and exit.
     978             :  */
     979             : static void
     980           2 : usage(void)
     981             : {
     982           2 :     printf(_("%s verifies a backup against the backup manifest.\n\n"), progname);
     983           2 :     printf(_("Usage:\n  %s [OPTION]... BACKUPDIR\n\n"), progname);
     984           2 :     printf(_("Options:\n"));
     985           2 :     printf(_("  -e, --exit-on-error         exit immediately on error\n"));
     986           2 :     printf(_("  -i, --ignore=RELATIVE_PATH  ignore indicated path\n"));
     987           2 :     printf(_("  -m, --manifest-path=PATH    use specified path for manifest\n"));
     988           2 :     printf(_("  -n, --no-parse-wal          do not try to parse WAL files\n"));
     989           2 :     printf(_("  -P, --progress              show progress information\n"));
     990           2 :     printf(_("  -q, --quiet                 do not print any output, except for errors\n"));
     991           2 :     printf(_("  -s, --skip-checksums        skip checksum verification\n"));
     992           2 :     printf(_("  -w, --wal-directory=PATH    use specified path for WAL files\n"));
     993           2 :     printf(_("  -V, --version               output version information, then exit\n"));
     994           2 :     printf(_("  -?, --help                  show this help, then exit\n"));
     995           2 :     printf(_("\nReport bugs to <%s>.\n"), PACKAGE_BUGREPORT);
     996           2 :     printf(_("%s home page: <%s>\n"), PACKAGE_NAME, PACKAGE_URL);
     997           2 : }

Generated by: LCOV version 1.14