LCOV - code coverage report
Current view: top level - src/bin/pg_verifybackup - pg_verifybackup.c (source / functions) Hit Total Coverage
Test: PostgreSQL 18devel Lines: 422 475 88.8 %
Date: 2025-04-24 13:15:39 Functions: 23 23 100.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*-------------------------------------------------------------------------
       2             :  *
       3             :  * pg_verifybackup.c
       4             :  *    Verify a backup against a backup manifest.
       5             :  *
       6             :  * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
       7             :  * Portions Copyright (c) 1994, Regents of the University of California
       8             :  *
       9             :  * src/bin/pg_verifybackup/pg_verifybackup.c
      10             :  *
      11             :  *-------------------------------------------------------------------------
      12             :  */
      13             : 
      14             : #include "postgres_fe.h"
      15             : 
      16             : #include <dirent.h>
      17             : #include <fcntl.h>
      18             : #include <sys/stat.h>
      19             : #include <time.h>
      20             : 
      21             : #include "access/xlog_internal.h"
      22             : #include "common/logging.h"
      23             : #include "common/parse_manifest.h"
      24             : #include "fe_utils/simple_list.h"
      25             : #include "getopt_long.h"
      26             : #include "limits.h"
      27             : #include "pg_verifybackup.h"
      28             : #include "pgtime.h"
      29             : 
      30             : /*
      31             :  * For efficiency, we'd like our hash table containing information about the
      32             :  * manifest to start out with approximately the correct number of entries.
      33             :  * There's no way to know the exact number of entries without reading the whole
      34             :  * file, but we can get an estimate by dividing the file size by the estimated
      35             :  * number of bytes per line.
      36             :  *
      37             :  * This could be off by about a factor of two in either direction, because the
      38             :  * checksum algorithm has a big impact on the line lengths; e.g. a SHA512
      39             :  * checksum is 128 hex bytes, whereas a CRC-32C value is only 8, and there
      40             :  * might be no checksum at all.
      41             :  */
      42             : #define ESTIMATED_BYTES_PER_MANIFEST_LINE   100
      43             : 
      44             : /*
      45             :  * How many bytes should we try to read from a file at once?
      46             :  */
      47             : #define READ_CHUNK_SIZE             (128 * 1024)
      48             : 
      49             : /*
      50             :  * Tar file information needed for content verification.
      51             :  */
      52             : typedef struct tar_file
      53             : {
      54             :     char       *relpath;
      55             :     Oid         tblspc_oid;
      56             :     pg_compress_algorithm compress_algorithm;
      57             : } tar_file;
      58             : 
      59             : static manifest_data *parse_manifest_file(char *manifest_path);
      60             : static void verifybackup_version_cb(JsonManifestParseContext *context,
      61             :                                     int manifest_version);
      62             : static void verifybackup_system_identifier(JsonManifestParseContext *context,
      63             :                                            uint64 manifest_system_identifier);
      64             : static void verifybackup_per_file_cb(JsonManifestParseContext *context,
      65             :                                      const char *pathname, uint64 size,
      66             :                                      pg_checksum_type checksum_type,
      67             :                                      int checksum_length,
      68             :                                      uint8 *checksum_payload);
      69             : static void verifybackup_per_wal_range_cb(JsonManifestParseContext *context,
      70             :                                           TimeLineID tli,
      71             :                                           XLogRecPtr start_lsn,
      72             :                                           XLogRecPtr end_lsn);
      73             : pg_noreturn static void report_manifest_error(JsonManifestParseContext *context,
      74             :                                               const char *fmt,...)
      75             :             pg_attribute_printf(2, 3);
      76             : 
      77             : static void verify_tar_backup(verifier_context *context, DIR *dir);
      78             : static void verify_plain_backup_directory(verifier_context *context,
      79             :                                           char *relpath, char *fullpath,
      80             :                                           DIR *dir);
      81             : static void verify_plain_backup_file(verifier_context *context, char *relpath,
      82             :                                      char *fullpath);
      83             : static void verify_control_file(const char *controlpath,
      84             :                                 uint64 manifest_system_identifier);
      85             : static void precheck_tar_backup_file(verifier_context *context, char *relpath,
      86             :                                      char *fullpath, SimplePtrList *tarfiles);
      87             : static void verify_tar_file(verifier_context *context, char *relpath,
      88             :                             char *fullpath, astreamer *streamer);
      89             : static void report_extra_backup_files(verifier_context *context);
      90             : static void verify_backup_checksums(verifier_context *context);
      91             : static void verify_file_checksum(verifier_context *context,
      92             :                                  manifest_file *m, char *fullpath,
      93             :                                  uint8 *buffer);
      94             : static void parse_required_wal(verifier_context *context,
      95             :                                char *pg_waldump_path,
      96             :                                char *wal_directory);
      97             : static astreamer *create_archive_verifier(verifier_context *context,
      98             :                                           char *archive_name,
      99             :                                           Oid tblspc_oid,
     100             :                                           pg_compress_algorithm compress_algo);
     101             : 
     102             : static void progress_report(bool finished);
     103             : static void usage(void);
     104             : 
     105             : static const char *progname;
     106             : 
     107             : /* is progress reporting enabled? */
     108             : static bool show_progress = false;
     109             : 
     110             : /* Progress indicators */
     111             : static uint64 total_size = 0;
     112             : static uint64 done_size = 0;
     113             : 
     114             : /*
     115             :  * Main entry point.
     116             :  */
     117             : int
     118         238 : main(int argc, char **argv)
     119             : {
     120             :     static struct option long_options[] = {
     121             :         {"exit-on-error", no_argument, NULL, 'e'},
     122             :         {"ignore", required_argument, NULL, 'i'},
     123             :         {"manifest-path", required_argument, NULL, 'm'},
     124             :         {"format", required_argument, NULL, 'F'},
     125             :         {"no-parse-wal", no_argument, NULL, 'n'},
     126             :         {"progress", no_argument, NULL, 'P'},
     127             :         {"quiet", no_argument, NULL, 'q'},
     128             :         {"skip-checksums", no_argument, NULL, 's'},
     129             :         {"wal-directory", required_argument, NULL, 'w'},
     130             :         {NULL, 0, NULL, 0}
     131             :     };
     132             : 
     133             :     int         c;
     134             :     verifier_context context;
     135         238 :     char       *manifest_path = NULL;
     136         238 :     bool        no_parse_wal = false;
     137         238 :     bool        quiet = false;
     138         238 :     char       *wal_directory = NULL;
     139         238 :     char       *pg_waldump_path = NULL;
     140             :     DIR        *dir;
     141             : 
     142         238 :     pg_logging_init(argv[0]);
     143         238 :     set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pg_verifybackup"));
     144         238 :     progname = get_progname(argv[0]);
     145             : 
     146         238 :     memset(&context, 0, sizeof(context));
     147             : 
     148         238 :     if (argc > 1)
     149             :     {
     150         236 :         if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
     151             :         {
     152           2 :             usage();
     153           2 :             exit(0);
     154             :         }
     155         234 :         if (strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)
     156             :         {
     157           2 :             puts("pg_verifybackup (PostgreSQL) " PG_VERSION);
     158           2 :             exit(0);
     159             :         }
     160             :     }
     161             : 
     162             :     /*
     163             :      * Skip certain files in the toplevel directory.
     164             :      *
     165             :      * Ignore the backup_manifest file, because it's not included in the
     166             :      * backup manifest.
     167             :      *
     168             :      * Ignore the pg_wal directory, because those files are not included in
     169             :      * the backup manifest either, since they are fetched separately from the
     170             :      * backup itself, and verified via a separate mechanism.
     171             :      *
     172             :      * Ignore postgresql.auto.conf, recovery.signal, and standby.signal,
     173             :      * because we expect that those files may sometimes be created or changed
     174             :      * as part of the backup process. For example, pg_basebackup -R will
     175             :      * modify postgresql.auto.conf and create standby.signal.
     176             :      */
     177         234 :     simple_string_list_append(&context.ignore_list, "backup_manifest");
     178         234 :     simple_string_list_append(&context.ignore_list, "pg_wal");
     179         234 :     simple_string_list_append(&context.ignore_list, "postgresql.auto.conf");
     180         234 :     simple_string_list_append(&context.ignore_list, "recovery.signal");
     181         234 :     simple_string_list_append(&context.ignore_list, "standby.signal");
     182             : 
     183         368 :     while ((c = getopt_long(argc, argv, "eF:i:m:nPqsw:", long_options, NULL)) != -1)
     184             :     {
     185         138 :         switch (c)
     186             :         {
     187          48 :             case 'e':
     188          48 :                 context.exit_on_error = true;
     189          48 :                 break;
     190           8 :             case 'i':
     191             :                 {
     192           8 :                     char       *arg = pstrdup(optarg);
     193             : 
     194           8 :                     canonicalize_path(arg);
     195           8 :                     simple_string_list_append(&context.ignore_list, arg);
     196           8 :                     break;
     197             :                 }
     198           8 :             case 'm':
     199           8 :                 manifest_path = pstrdup(optarg);
     200           8 :                 canonicalize_path(manifest_path);
     201           8 :                 break;
     202           6 :             case 'F':
     203           6 :                 if (strcmp(optarg, "p") == 0 || strcmp(optarg, "plain") == 0)
     204           2 :                     context.format = 'p';
     205           4 :                 else if (strcmp(optarg, "t") == 0 || strcmp(optarg, "tar") == 0)
     206           2 :                     context.format = 't';
     207             :                 else
     208           2 :                     pg_fatal("invalid backup format \"%s\", must be \"plain\" or \"tar\"",
     209             :                              optarg);
     210           4 :                 break;
     211          50 :             case 'n':
     212          50 :                 no_parse_wal = true;
     213          50 :                 break;
     214           4 :             case 'P':
     215           4 :                 show_progress = true;
     216           4 :                 break;
     217           6 :             case 'q':
     218           6 :                 quiet = true;
     219           6 :                 break;
     220           4 :             case 's':
     221           4 :                 context.skip_checksums = true;
     222           4 :                 break;
     223           2 :             case 'w':
     224           2 :                 wal_directory = pstrdup(optarg);
     225           2 :                 canonicalize_path(wal_directory);
     226           2 :                 break;
     227           2 :             default:
     228             :                 /* getopt_long already emitted a complaint */
     229           2 :                 pg_log_error_hint("Try \"%s --help\" for more information.", progname);
     230           2 :                 exit(1);
     231             :         }
     232             :     }
     233             : 
     234             :     /* Get backup directory name */
     235         230 :     if (optind >= argc)
     236             :     {
     237           2 :         pg_log_error("no backup directory specified");
     238           2 :         pg_log_error_hint("Try \"%s --help\" for more information.", progname);
     239           2 :         exit(1);
     240             :     }
     241         228 :     context.backup_directory = pstrdup(argv[optind++]);
     242         228 :     canonicalize_path(context.backup_directory);
     243             : 
     244             :     /* Complain if any arguments remain */
     245         228 :     if (optind < argc)
     246             :     {
     247           2 :         pg_log_error("too many command-line arguments (first is \"%s\")",
     248             :                      argv[optind]);
     249           2 :         pg_log_error_hint("Try \"%s --help\" for more information.", progname);
     250           2 :         exit(1);
     251             :     }
     252             : 
     253             :     /* Complain if the specified arguments conflict */
     254         226 :     if (show_progress && quiet)
     255           2 :         pg_fatal("cannot specify both %s and %s",
     256             :                  "-P/--progress", "-q/--quiet");
     257             : 
     258             :     /* Unless --no-parse-wal was specified, we will need pg_waldump. */
     259         224 :     if (!no_parse_wal)
     260             :     {
     261             :         int         ret;
     262             : 
     263         174 :         pg_waldump_path = pg_malloc(MAXPGPATH);
     264         174 :         ret = find_other_exec(argv[0], "pg_waldump",
     265             :                               "pg_waldump (PostgreSQL) " PG_VERSION "\n",
     266             :                               pg_waldump_path);
     267         174 :         if (ret < 0)
     268             :         {
     269             :             char        full_path[MAXPGPATH];
     270             : 
     271           0 :             if (find_my_exec(argv[0], full_path) < 0)
     272           0 :                 strlcpy(full_path, progname, sizeof(full_path));
     273             : 
     274           0 :             if (ret == -1)
     275           0 :                 pg_fatal("program \"%s\" is needed by %s but was not found in the same directory as \"%s\"",
     276             :                          "pg_waldump", "pg_verifybackup", full_path);
     277             :             else
     278           0 :                 pg_fatal("program \"%s\" was found by \"%s\" but was not the same version as %s",
     279             :                          "pg_waldump", full_path, "pg_verifybackup");
     280             :         }
     281             :     }
     282             : 
     283             :     /* By default, look for the manifest in the backup directory. */
     284         224 :     if (manifest_path == NULL)
     285         216 :         manifest_path = psprintf("%s/backup_manifest",
     286             :                                  context.backup_directory);
     287             : 
     288             :     /* By default, look for the WAL in the backup directory, too. */
     289         224 :     if (wal_directory == NULL)
     290         222 :         wal_directory = psprintf("%s/pg_wal", context.backup_directory);
     291             : 
     292             :     /*
     293             :      * Try to read the manifest. We treat any errors encountered while parsing
     294             :      * the manifest as fatal; there doesn't seem to be much point in trying to
     295             :      * verify the backup directory against a corrupted manifest.
     296             :      */
     297         224 :     context.manifest = parse_manifest_file(manifest_path);
     298             : 
     299             :     /*
     300             :      * If the backup directory cannot be found, treat this as a fatal error.
     301             :      */
     302         154 :     dir = opendir(context.backup_directory);
     303         154 :     if (dir == NULL)
     304           2 :         report_fatal_error("could not open directory \"%s\": %m",
     305             :                            context.backup_directory);
     306             : 
     307             :     /*
     308             :      * At this point, we know that the backup directory exists, so it's now
     309             :      * reasonable to check for files immediately inside it. Thus, before going
     310             :      * further, if the user did not specify the backup format, check for
     311             :      * PG_VERSION to distinguish between tar and plain format.
     312             :      */
     313         152 :     if (context.format == '\0')
     314             :     {
     315             :         struct stat sb;
     316             :         char       *path;
     317             : 
     318         148 :         path = psprintf("%s/%s", context.backup_directory, "PG_VERSION");
     319         148 :         if (stat(path, &sb) == 0)
     320         108 :             context.format = 'p';
     321          40 :         else if (errno != ENOENT)
     322             :         {
     323           0 :             pg_log_error("could not stat file \"%s\": %m", path);
     324           0 :             exit(1);
     325             :         }
     326             :         else
     327             :         {
     328             :             /* No PG_VERSION, so assume tar format. */
     329          40 :             context.format = 't';
     330             :         }
     331         148 :         pfree(path);
     332             :     }
     333             : 
     334             :     /*
     335             :      * XXX: In the future, we should consider enhancing pg_waldump to read WAL
     336             :      * files from an archive.
     337             :      */
     338         152 :     if (!no_parse_wal && context.format == 't')
     339             :     {
     340           0 :         pg_log_error("pg_waldump cannot read tar files");
     341           0 :         pg_log_error_hint("You must use -n or --no-parse-wal when verifying a tar-format backup.");
     342           0 :         exit(1);
     343             :     }
     344             : 
     345             :     /*
     346             :      * Perform the appropriate type of verification appropriate based on the
     347             :      * backup format. This will close 'dir'.
     348             :      */
     349         152 :     if (context.format == 'p')
     350         110 :         verify_plain_backup_directory(&context, NULL, context.backup_directory,
     351             :                                       dir);
     352             :     else
     353          42 :         verify_tar_backup(&context, dir);
     354             : 
     355             :     /*
     356             :      * The "matched" flag should now be set on every entry in the hash table.
     357             :      * Any entries for which the bit is not set are files mentioned in the
     358             :      * manifest that don't exist on disk (or in the relevant tar files).
     359             :      */
     360         148 :     report_extra_backup_files(&context);
     361             : 
     362             :     /*
     363             :      * If this is a tar-format backup, checksums were already verified above;
     364             :      * but if it's a plain-format backup, we postpone it until this point,
     365             :      * since the earlier checks can be performed just by knowing which files
     366             :      * are present, without needing to read all of them.
     367             :      */
     368         146 :     if (context.format == 'p' && !context.skip_checksums)
     369         102 :         verify_backup_checksums(&context);
     370             : 
     371             :     /*
     372             :      * Try to parse the required ranges of WAL records, unless we were told
     373             :      * not to do so.
     374             :      */
     375         146 :     if (!no_parse_wal)
     376         100 :         parse_required_wal(&context, pg_waldump_path, wal_directory);
     377             : 
     378             :     /*
     379             :      * If everything looks OK, tell the user this, unless we were asked to
     380             :      * work quietly.
     381             :      */
     382         146 :     if (!context.saw_any_error && !quiet)
     383          98 :         printf(_("backup successfully verified\n"));
     384             : 
     385         146 :     return context.saw_any_error ? 1 : 0;
     386             : }
     387             : 
     388             : /*
     389             :  * Parse a manifest file and return a data structure describing the contents.
     390             :  */
     391             : static manifest_data *
     392         224 : parse_manifest_file(char *manifest_path)
     393             : {
     394             :     int         fd;
     395             :     struct stat statbuf;
     396             :     off_t       estimate;
     397             :     uint32      initial_size;
     398             :     manifest_files_hash *ht;
     399             :     char       *buffer;
     400             :     int         rc;
     401             :     JsonManifestParseContext context;
     402             :     manifest_data *result;
     403             : 
     404         224 :     int         chunk_size = READ_CHUNK_SIZE;
     405             : 
     406             :     /* Open the manifest file. */
     407         224 :     if ((fd = open(manifest_path, O_RDONLY | PG_BINARY, 0)) < 0)
     408           6 :         report_fatal_error("could not open file \"%s\": %m", manifest_path);
     409             : 
     410             :     /* Figure out how big the manifest is. */
     411         218 :     if (fstat(fd, &statbuf) != 0)
     412           0 :         report_fatal_error("could not stat file \"%s\": %m", manifest_path);
     413             : 
     414             :     /* Guess how large to make the hash table based on the manifest size. */
     415         218 :     estimate = statbuf.st_size / ESTIMATED_BYTES_PER_MANIFEST_LINE;
     416         218 :     initial_size = Min(PG_UINT32_MAX, Max(estimate, 256));
     417             : 
     418             :     /* Create the hash table. */
     419         218 :     ht = manifest_files_create(initial_size, NULL);
     420             : 
     421         218 :     result = pg_malloc0(sizeof(manifest_data));
     422         218 :     result->files = ht;
     423         218 :     context.private_data = result;
     424         218 :     context.version_cb = verifybackup_version_cb;
     425         218 :     context.system_identifier_cb = verifybackup_system_identifier;
     426         218 :     context.per_file_cb = verifybackup_per_file_cb;
     427         218 :     context.per_wal_range_cb = verifybackup_per_wal_range_cb;
     428         218 :     context.error_cb = report_manifest_error;
     429             : 
     430             :     /*
     431             :      * Parse the file, in chunks if necessary.
     432             :      */
     433         218 :     if (statbuf.st_size <= chunk_size)
     434             :     {
     435          66 :         buffer = pg_malloc(statbuf.st_size);
     436          66 :         rc = read(fd, buffer, statbuf.st_size);
     437          66 :         if (rc != statbuf.st_size)
     438             :         {
     439           0 :             if (rc < 0)
     440           0 :                 pg_fatal("could not read file \"%s\": %m", manifest_path);
     441             :             else
     442           0 :                 pg_fatal("could not read file \"%s\": read %d of %lld",
     443             :                          manifest_path, rc, (long long int) statbuf.st_size);
     444             :         }
     445             : 
     446             :         /* Close the manifest file. */
     447          66 :         close(fd);
     448             : 
     449             :         /* Parse the manifest. */
     450          66 :         json_parse_manifest(&context, buffer, statbuf.st_size);
     451             :     }
     452             :     else
     453             :     {
     454         152 :         int         bytes_left = statbuf.st_size;
     455             :         JsonManifestParseIncrementalState *inc_state;
     456             : 
     457         152 :         inc_state = json_parse_manifest_incremental_init(&context);
     458             : 
     459         152 :         buffer = pg_malloc(chunk_size + 1);
     460             : 
     461         452 :         while (bytes_left > 0)
     462             :         {
     463         304 :             int         bytes_to_read = chunk_size;
     464             : 
     465             :             /*
     466             :              * Make sure that the last chunk is sufficiently large. (i.e. at
     467             :              * least half the chunk size) so that it will contain fully the
     468             :              * piece at the end with the checksum.
     469             :              */
     470         304 :             if (bytes_left < chunk_size)
     471         152 :                 bytes_to_read = bytes_left;
     472         152 :             else if (bytes_left < 2 * chunk_size)
     473         152 :                 bytes_to_read = bytes_left / 2;
     474         304 :             rc = read(fd, buffer, bytes_to_read);
     475         304 :             if (rc != bytes_to_read)
     476             :             {
     477           0 :                 if (rc < 0)
     478           0 :                     pg_fatal("could not read file \"%s\": %m", manifest_path);
     479             :                 else
     480           0 :                     pg_fatal("could not read file \"%s\": read %lld of %lld",
     481             :                              manifest_path,
     482             :                              (long long int) (statbuf.st_size + rc - bytes_left),
     483             :                              (long long int) statbuf.st_size);
     484             :             }
     485         304 :             bytes_left -= rc;
     486         304 :             json_parse_manifest_incremental_chunk(inc_state, buffer, rc,
     487             :                                                   bytes_left == 0);
     488             :         }
     489             : 
     490             :         /* Release the incremental state memory */
     491         148 :         json_parse_manifest_incremental_shutdown(inc_state);
     492             : 
     493         148 :         close(fd);
     494             :     }
     495             : 
     496             :     /* Done with the buffer. */
     497         154 :     pfree(buffer);
     498             : 
     499         154 :     return result;
     500             : }
     501             : 
     502             : /*
     503             :  * Report an error while parsing the manifest.
     504             :  *
     505             :  * We consider all such errors to be fatal errors. The manifest parser
     506             :  * expects this function not to return.
     507             :  */
     508             : static void
     509          62 : report_manifest_error(JsonManifestParseContext *context, const char *fmt,...)
     510             : {
     511             :     va_list     ap;
     512             : 
     513          62 :     va_start(ap, fmt);
     514          62 :     pg_log_generic_v(PG_LOG_ERROR, PG_LOG_PRIMARY, gettext(fmt), ap);
     515          62 :     va_end(ap);
     516             : 
     517          62 :     exit(1);
     518             : }
     519             : 
     520             : /*
     521             :  * Record details extracted from the backup manifest.
     522             :  */
     523             : static void
     524         206 : verifybackup_version_cb(JsonManifestParseContext *context,
     525             :                         int manifest_version)
     526             : {
     527         206 :     manifest_data *manifest = context->private_data;
     528             : 
     529             :     /* Validation will be at the later stage */
     530         206 :     manifest->version = manifest_version;
     531         206 : }
     532             : 
     533             : /*
     534             :  * Record details extracted from the backup manifest.
     535             :  */
     536             : static void
     537         158 : verifybackup_system_identifier(JsonManifestParseContext *context,
     538             :                                uint64 manifest_system_identifier)
     539             : {
     540         158 :     manifest_data *manifest = context->private_data;
     541             : 
     542             :     /* Validation will be at the later stage */
     543         158 :     manifest->system_identifier = manifest_system_identifier;
     544         158 : }
     545             : 
     546             : /*
     547             :  * Record details extracted from the backup manifest for one file.
     548             :  */
     549             : static void
     550      153468 : verifybackup_per_file_cb(JsonManifestParseContext *context,
     551             :                          const char *pathname, uint64 size,
     552             :                          pg_checksum_type checksum_type,
     553             :                          int checksum_length, uint8 *checksum_payload)
     554             : {
     555      153468 :     manifest_data *manifest = context->private_data;
     556      153468 :     manifest_files_hash *ht = manifest->files;
     557             :     manifest_file *m;
     558             :     bool        found;
     559             : 
     560             :     /* Make a new entry in the hash table for this file. */
     561      153468 :     m = manifest_files_insert(ht, pathname, &found);
     562      153468 :     if (found)
     563           2 :         report_fatal_error("duplicate path name in backup manifest: \"%s\"",
     564             :                            pathname);
     565             : 
     566             :     /* Initialize the entry. */
     567      153466 :     m->size = size;
     568      153466 :     m->checksum_type = checksum_type;
     569      153466 :     m->checksum_length = checksum_length;
     570      153466 :     m->checksum_payload = checksum_payload;
     571      153466 :     m->matched = false;
     572      153466 :     m->bad = false;
     573      153466 : }
     574             : 
     575             : /*
     576             :  * Record details extracted from the backup manifest for one WAL range.
     577             :  */
     578             : static void
     579         160 : verifybackup_per_wal_range_cb(JsonManifestParseContext *context,
     580             :                               TimeLineID tli,
     581             :                               XLogRecPtr start_lsn, XLogRecPtr end_lsn)
     582             : {
     583         160 :     manifest_data *manifest = context->private_data;
     584             :     manifest_wal_range *range;
     585             : 
     586             :     /* Allocate and initialize a struct describing this WAL range. */
     587         160 :     range = palloc(sizeof(manifest_wal_range));
     588         160 :     range->tli = tli;
     589         160 :     range->start_lsn = start_lsn;
     590         160 :     range->end_lsn = end_lsn;
     591         160 :     range->prev = manifest->last_wal_range;
     592         160 :     range->next = NULL;
     593             : 
     594             :     /* Add it to the end of the list. */
     595         160 :     if (manifest->first_wal_range == NULL)
     596         160 :         manifest->first_wal_range = range;
     597             :     else
     598           0 :         manifest->last_wal_range->next = range;
     599         160 :     manifest->last_wal_range = range;
     600         160 : }
     601             : 
     602             : /*
     603             :  * Verify one directory of a plain-format backup.
     604             :  *
     605             :  * 'relpath' is NULL if we are to verify the top-level backup directory,
     606             :  * and otherwise the relative path to the directory that is to be verified.
     607             :  *
     608             :  * 'fullpath' is the backup directory with 'relpath' appended; i.e. the actual
     609             :  * filesystem path at which it can be found.
     610             :  *
     611             :  * 'dir' is an open directory handle, or NULL if the caller wants us to
     612             :  * open it. If the caller chooses to pass a handle, we'll close it when
     613             :  * we're done with it.
     614             :  */
     615             : static void
     616        2730 : verify_plain_backup_directory(verifier_context *context, char *relpath,
     617             :                               char *fullpath, DIR *dir)
     618             : {
     619             :     struct dirent *dirent;
     620             : 
     621             :     /* Open the directory unless the caller did it. */
     622        2730 :     if (dir == NULL && ((dir = opendir(fullpath)) == NULL))
     623             :     {
     624           2 :         report_backup_error(context,
     625             :                             "could not open directory \"%s\": %m", fullpath);
     626           2 :         simple_string_list_append(&context->ignore_list, relpath);
     627             : 
     628           2 :         return;
     629             :     }
     630             : 
     631      114142 :     while (errno = 0, (dirent = readdir(dir)) != NULL)
     632             :     {
     633      111418 :         char       *filename = dirent->d_name;
     634      111418 :         char       *newfullpath = psprintf("%s/%s", fullpath, filename);
     635             :         char       *newrelpath;
     636             : 
     637             :         /* Skip "." and ".." */
     638      111418 :         if (filename[0] == '.' && (filename[1] == '\0'
     639        2724 :                                    || strcmp(filename, "..") == 0))
     640        5450 :             continue;
     641             : 
     642      105968 :         if (relpath == NULL)
     643        2604 :             newrelpath = pstrdup(filename);
     644             :         else
     645      103364 :             newrelpath = psprintf("%s/%s", relpath, filename);
     646             : 
     647      105968 :         if (!should_ignore_relpath(context, newrelpath))
     648      105648 :             verify_plain_backup_file(context, newrelpath, newfullpath);
     649             : 
     650      105964 :         pfree(newfullpath);
     651      105964 :         pfree(newrelpath);
     652             :     }
     653             : 
     654        2724 :     if (closedir(dir))
     655             :     {
     656           0 :         report_backup_error(context,
     657             :                             "could not close directory \"%s\": %m", fullpath);
     658           0 :         return;
     659             :     }
     660             : }
     661             : 
     662             : /*
     663             :  * Verify one file (which might actually be a directory or a symlink).
     664             :  *
     665             :  * The arguments to this function have the same meaning as the similarly named
     666             :  * arguments to verify_plain_backup_directory.
     667             :  */
     668             : static void
     669      105648 : verify_plain_backup_file(verifier_context *context, char *relpath,
     670             :                          char *fullpath)
     671             : {
     672             :     struct stat sb;
     673             :     manifest_file *m;
     674             : 
     675      105648 :     if (stat(fullpath, &sb) != 0)
     676             :     {
     677           6 :         report_backup_error(context,
     678             :                             "could not stat file or directory \"%s\": %m",
     679             :                             relpath);
     680             : 
     681             :         /*
     682             :          * Suppress further errors related to this path name and, if it's a
     683             :          * directory, anything underneath it.
     684             :          */
     685           6 :         simple_string_list_append(&context->ignore_list, relpath);
     686             : 
     687        2628 :         return;
     688             :     }
     689             : 
     690             :     /* If it's a directory, just recurse. */
     691      105642 :     if (S_ISDIR(sb.st_mode))
     692             :     {
     693        2620 :         verify_plain_backup_directory(context, relpath, fullpath, NULL);
     694        2618 :         return;
     695             :     }
     696             : 
     697             :     /* If it's not a directory, it should be a plain file. */
     698      103022 :     if (!S_ISREG(sb.st_mode))
     699             :     {
     700           0 :         report_backup_error(context,
     701             :                             "\"%s\" is not a file or directory",
     702             :                             relpath);
     703           0 :         return;
     704             :     }
     705             : 
     706             :     /* Check whether there's an entry in the manifest hash. */
     707      103022 :     m = manifest_files_lookup(context->manifest->files, relpath);
     708      103022 :     if (m == NULL)
     709             :     {
     710           4 :         report_backup_error(context,
     711             :                             "\"%s\" is present on disk but not in the manifest",
     712             :                             relpath);
     713           4 :         return;
     714             :     }
     715             : 
     716             :     /* Flag this entry as having been encountered in the filesystem. */
     717      103018 :     m->matched = true;
     718             : 
     719             :     /* Check that the size matches. */
     720      103018 :     if (m->size != sb.st_size)
     721             :     {
     722           4 :         report_backup_error(context,
     723             :                             "\"%s\" has size %llu on disk but size %llu in the manifest",
     724           4 :                             relpath, (unsigned long long) sb.st_size,
     725           4 :                             (unsigned long long) m->size);
     726           4 :         m->bad = true;
     727             :     }
     728             : 
     729             :     /*
     730             :      * Validate the manifest system identifier, not available in manifest
     731             :      * version 1.
     732             :      */
     733      103018 :     if (context->manifest->version != 1 &&
     734      103018 :         strcmp(relpath, XLOG_CONTROL_FILE) == 0)
     735         110 :         verify_control_file(fullpath, context->manifest->system_identifier);
     736             : 
     737             :     /* Update statistics for progress report, if necessary */
     738      103016 :     if (show_progress && !context->skip_checksums &&
     739        1936 :         should_verify_checksum(m))
     740        1936 :         total_size += m->size;
     741             : 
     742             :     /*
     743             :      * We don't verify checksums at this stage. We first finish verifying that
     744             :      * we have the expected set of files with the expected sizes, and only
     745             :      * afterwards verify the checksums. That's because computing checksums may
     746             :      * take a while, and we'd like to report more obvious problems quickly.
     747             :      */
     748             : }
     749             : 
     750             : /*
     751             :  * Sanity check control file and validate system identifier against manifest
     752             :  * system identifier.
     753             :  */
     754             : static void
     755         110 : verify_control_file(const char *controlpath, uint64 manifest_system_identifier)
     756             : {
     757             :     ControlFileData *control_file;
     758             :     bool        crc_ok;
     759             : 
     760         110 :     pg_log_debug("reading \"%s\"", controlpath);
     761         110 :     control_file = get_controlfile_by_exact_path(controlpath, &crc_ok);
     762             : 
     763             :     /* Control file contents not meaningful if CRC is bad. */
     764         110 :     if (!crc_ok)
     765           0 :         report_fatal_error("%s: CRC is incorrect", controlpath);
     766             : 
     767             :     /* Can't interpret control file if not current version. */
     768         110 :     if (control_file->pg_control_version != PG_CONTROL_VERSION)
     769           0 :         report_fatal_error("%s: unexpected control file version",
     770             :                            controlpath);
     771             : 
     772             :     /* System identifiers should match. */
     773         110 :     if (manifest_system_identifier != control_file->system_identifier)
     774           2 :         report_fatal_error("%s: manifest system identifier is %" PRIu64 ", but control file has %" PRIu64,
     775             :                            controlpath,
     776             :                            manifest_system_identifier,
     777             :                            control_file->system_identifier);
     778             : 
     779             :     /* Release memory. */
     780         108 :     pfree(control_file);
     781         108 : }
     782             : 
     783             : /*
     784             :  * Verify tar backup.
     785             :  *
     786             :  * The caller should pass a handle to the target directory, which we will
     787             :  * close when we're done with it.
     788             :  */
     789             : static void
     790          42 : verify_tar_backup(verifier_context *context, DIR *dir)
     791             : {
     792             :     struct dirent *dirent;
     793          42 :     SimplePtrList tarfiles = {NULL, NULL};
     794             :     SimplePtrListCell *cell;
     795             : 
     796             :     Assert(context->format != 'p');
     797             : 
     798          42 :     progress_report(false);
     799             : 
     800             :     /* First pass: scan the directory for tar files. */
     801         302 :     while (errno = 0, (dirent = readdir(dir)) != NULL)
     802             :     {
     803         260 :         char       *filename = dirent->d_name;
     804             : 
     805             :         /* Skip "." and ".." */
     806         260 :         if (filename[0] == '.' && (filename[1] == '\0'
     807          42 :                                    || strcmp(filename, "..") == 0))
     808          84 :             continue;
     809             : 
     810             :         /*
     811             :          * Unless it's something we should ignore, perform prechecks and add
     812             :          * it to the list.
     813             :          */
     814         176 :         if (!should_ignore_relpath(context, filename))
     815             :         {
     816             :             char       *fullpath;
     817             : 
     818         130 :             fullpath = psprintf("%s/%s", context->backup_directory, filename);
     819         130 :             precheck_tar_backup_file(context, filename, fullpath, &tarfiles);
     820         130 :             pfree(fullpath);
     821             :         }
     822             :     }
     823             : 
     824          42 :     if (closedir(dir))
     825             :     {
     826           0 :         report_backup_error(context,
     827             :                             "could not close directory \"%s\": %m",
     828             :                             context->backup_directory);
     829           0 :         return;
     830             :     }
     831             : 
     832             :     /* Second pass: Perform the final verification of the tar contents. */
     833          98 :     for (cell = tarfiles.head; cell != NULL; cell = cell->next)
     834             :     {
     835          58 :         tar_file   *tar = (tar_file *) cell->ptr;
     836             :         astreamer  *streamer;
     837             :         char       *fullpath;
     838             : 
     839             :         /*
     840             :          * Prepares the archive streamer stack according to the tar
     841             :          * compression format.
     842             :          */
     843          58 :         streamer = create_archive_verifier(context,
     844             :                                            tar->relpath,
     845             :                                            tar->tblspc_oid,
     846             :                                            tar->compress_algorithm);
     847             : 
     848             :         /* Compute the full pathname to the target file. */
     849          58 :         fullpath = psprintf("%s/%s", context->backup_directory,
     850             :                             tar->relpath);
     851             : 
     852             :         /* Invoke the streamer for reading, decompressing, and verifying. */
     853          58 :         verify_tar_file(context, tar->relpath, fullpath, streamer);
     854             : 
     855             :         /* Cleanup. */
     856          56 :         pfree(tar->relpath);
     857          56 :         pfree(tar);
     858          56 :         pfree(fullpath);
     859             : 
     860          56 :         astreamer_finalize(streamer);
     861          56 :         astreamer_free(streamer);
     862             :     }
     863          40 :     simple_ptr_list_destroy(&tarfiles);
     864             : 
     865          40 :     progress_report(true);
     866             : }
     867             : 
     868             : /*
     869             :  * Preparatory steps for verifying files in tar format backups.
     870             :  *
     871             :  * Carries out basic validation of the tar format backup file, detects the
     872             :  * compression type, and appends that information to the tarfiles list. An
     873             :  * error will be reported if the tar file is inaccessible, or if the file type,
     874             :  * name, or compression type is not as expected.
     875             :  *
     876             :  * The arguments to this function are mostly the same as the
     877             :  * verify_plain_backup_file. The additional argument outputs a list of valid
     878             :  * tar files.
     879             :  */
     880             : static void
     881         130 : precheck_tar_backup_file(verifier_context *context, char *relpath,
     882             :                          char *fullpath, SimplePtrList *tarfiles)
     883             : {
     884             :     struct stat sb;
     885         130 :     Oid         tblspc_oid = InvalidOid;
     886             :     pg_compress_algorithm compress_algorithm;
     887             :     tar_file   *tar;
     888         130 :     char       *suffix = NULL;
     889             : 
     890             :     /* Should be tar format backup */
     891             :     Assert(context->format == 't');
     892             : 
     893             :     /* Get file information */
     894         130 :     if (stat(fullpath, &sb) != 0)
     895             :     {
     896           0 :         report_backup_error(context,
     897             :                             "could not stat file or directory \"%s\": %m",
     898             :                             relpath);
     899          70 :         return;
     900             :     }
     901             : 
     902             :     /* In a tar format backup, we expect only plain files. */
     903         130 :     if (!S_ISREG(sb.st_mode))
     904             :     {
     905          32 :         report_backup_error(context,
     906             :                             "\"%s\" is not a plain file",
     907             :                             relpath);
     908          32 :         return;
     909             :     }
     910             : 
     911             :     /*
     912             :      * We expect tar files for backing up the main directory, tablespace, and
     913             :      * pg_wal directory.
     914             :      *
     915             :      * pg_basebackup writes the main data directory to an archive file named
     916             :      * base.tar, the pg_wal directory to pg_wal.tar, and the tablespace
     917             :      * directory to <tablespaceoid>.tar, each followed by a compression type
     918             :      * extension such as .gz, .lz4, or .zst.
     919             :      */
     920          98 :     if (strncmp("base", relpath, 4) == 0)
     921          40 :         suffix = relpath + 4;
     922          58 :     else if (strncmp("pg_wal", relpath, 6) == 0)
     923          28 :         suffix = relpath + 6;
     924             :     else
     925             :     {
     926             :         /* Expected a <tablespaceoid>.tar file here. */
     927          30 :         uint64      num = strtoul(relpath, &suffix, 10);
     928             : 
     929             :         /*
     930             :          * Report an error if we didn't consume at least one character, if the
     931             :          * result is 0, or if the value is too large to be a valid OID.
     932             :          */
     933          30 :         if (suffix == NULL || num <= 0 || num > OID_MAX)
     934             :         {
     935          10 :             report_backup_error(context,
     936             :                                 "file \"%s\" is not expected in a tar format backup",
     937             :                                 relpath);
     938          10 :             return;
     939             :         }
     940          20 :         tblspc_oid = (Oid) num;
     941             :     }
     942             : 
     943             :     /* Now, check the compression type of the tar */
     944          88 :     if (strcmp(suffix, ".tar") == 0)
     945          76 :         compress_algorithm = PG_COMPRESSION_NONE;
     946          12 :     else if (strcmp(suffix, ".tgz") == 0)
     947           0 :         compress_algorithm = PG_COMPRESSION_GZIP;
     948          12 :     else if (strcmp(suffix, ".tar.gz") == 0)
     949           6 :         compress_algorithm = PG_COMPRESSION_GZIP;
     950           6 :     else if (strcmp(suffix, ".tar.lz4") == 0)
     951           6 :         compress_algorithm = PG_COMPRESSION_LZ4;
     952           0 :     else if (strcmp(suffix, ".tar.zst") == 0)
     953           0 :         compress_algorithm = PG_COMPRESSION_ZSTD;
     954             :     else
     955             :     {
     956           0 :         report_backup_error(context,
     957             :                             "file \"%s\" is not expected in a tar format backup",
     958             :                             relpath);
     959           0 :         return;
     960             :     }
     961             : 
     962             :     /*
     963             :      * Ignore WALs, as reading and verification will be handled through
     964             :      * pg_waldump.
     965             :      */
     966          88 :     if (strncmp("pg_wal", relpath, 6) == 0)
     967          28 :         return;
     968             : 
     969             :     /*
     970             :      * Append the information to the list for complete verification at a later
     971             :      * stage.
     972             :      */
     973          60 :     tar = pg_malloc(sizeof(tar_file));
     974          60 :     tar->relpath = pstrdup(relpath);
     975          60 :     tar->tblspc_oid = tblspc_oid;
     976          60 :     tar->compress_algorithm = compress_algorithm;
     977             : 
     978          60 :     simple_ptr_list_append(tarfiles, tar);
     979             : 
     980             :     /* Update statistics for progress report, if necessary */
     981          60 :     if (show_progress)
     982           0 :         total_size += sb.st_size;
     983             : }
     984             : 
     985             : /*
     986             :  * Verification of a single tar file content.
     987             :  *
     988             :  * It reads a given tar archive in predefined chunks and passes it to the
     989             :  * streamer, which initiates routines for decompression (if necessary) and then
     990             :  * verifies each member within the tar file.
     991             :  */
     992             : static void
     993          58 : verify_tar_file(verifier_context *context, char *relpath, char *fullpath,
     994             :                 astreamer *streamer)
     995             : {
     996             :     int         fd;
     997             :     int         rc;
     998             :     char       *buffer;
     999             : 
    1000          58 :     pg_log_debug("reading \"%s\"", fullpath);
    1001             : 
    1002             :     /* Open the target file. */
    1003          58 :     if ((fd = open(fullpath, O_RDONLY | PG_BINARY, 0)) < 0)
    1004             :     {
    1005           0 :         report_backup_error(context, "could not open file \"%s\": %m",
    1006             :                             relpath);
    1007           0 :         return;
    1008             :     }
    1009             : 
    1010          58 :     buffer = pg_malloc(READ_CHUNK_SIZE * sizeof(uint8));
    1011             : 
    1012             :     /* Perform the reads */
    1013        6370 :     while ((rc = read(fd, buffer, READ_CHUNK_SIZE)) > 0)
    1014             :     {
    1015        6314 :         astreamer_content(streamer, NULL, buffer, rc, ASTREAMER_UNKNOWN);
    1016             : 
    1017             :         /* Report progress */
    1018        6312 :         done_size += rc;
    1019        6312 :         progress_report(false);
    1020             :     }
    1021             : 
    1022          56 :     pg_free(buffer);
    1023             : 
    1024          56 :     if (rc < 0)
    1025           0 :         report_backup_error(context, "could not read file \"%s\": %m",
    1026             :                             relpath);
    1027             : 
    1028             :     /* Close the file. */
    1029          56 :     if (close(fd) != 0)
    1030           0 :         report_backup_error(context, "could not close file \"%s\": %m",
    1031             :                             relpath);
    1032             : }
    1033             : 
    1034             : /*
    1035             :  * Scan the hash table for entries where the 'matched' flag is not set; report
    1036             :  * that such files are present in the manifest but not on disk.
    1037             :  */
    1038             : static void
    1039         148 : report_extra_backup_files(verifier_context *context)
    1040             : {
    1041         148 :     manifest_data *manifest = context->manifest;
    1042             :     manifest_files_iterator it;
    1043             :     manifest_file *m;
    1044             : 
    1045         148 :     manifest_files_start_iterate(manifest->files, &it);
    1046      142712 :     while ((m = manifest_files_iterate(manifest->files, &it)) != NULL)
    1047      142566 :         if (!m->matched && !should_ignore_relpath(context, m->pathname))
    1048        1952 :             report_backup_error(context,
    1049             :                                 "\"%s\" is present in the manifest but not on disk",
    1050             :                                 m->pathname);
    1051         146 : }
    1052             : 
    1053             : /*
    1054             :  * Verify checksums for hash table entries that are otherwise unproblematic.
    1055             :  * If we've already reported some problem related to a hash table entry, or
    1056             :  * if it has no checksum, just skip it.
    1057             :  */
    1058             : static void
    1059         102 : verify_backup_checksums(verifier_context *context)
    1060             : {
    1061         102 :     manifest_data *manifest = context->manifest;
    1062             :     manifest_files_iterator it;
    1063             :     manifest_file *m;
    1064             :     uint8      *buffer;
    1065             : 
    1066         102 :     progress_report(false);
    1067             : 
    1068         102 :     buffer = pg_malloc(READ_CHUNK_SIZE * sizeof(uint8));
    1069             : 
    1070         102 :     manifest_files_start_iterate(manifest->files, &it);
    1071       99168 :     while ((m = manifest_files_iterate(manifest->files, &it)) != NULL)
    1072             :     {
    1073       99066 :         if (should_verify_checksum(m) &&
    1074       93252 :             !should_ignore_relpath(context, m->pathname))
    1075             :         {
    1076             :             char       *fullpath;
    1077             : 
    1078             :             /* Compute the full pathname to the target file. */
    1079       93252 :             fullpath = psprintf("%s/%s", context->backup_directory,
    1080             :                                 m->pathname);
    1081             : 
    1082             :             /* Do the actual checksum verification. */
    1083       93252 :             verify_file_checksum(context, m, fullpath, buffer);
    1084             : 
    1085             :             /* Avoid leaking memory. */
    1086       93252 :             pfree(fullpath);
    1087             :         }
    1088             :     }
    1089             : 
    1090         102 :     pfree(buffer);
    1091             : 
    1092         102 :     progress_report(true);
    1093         102 : }
    1094             : 
    1095             : /*
    1096             :  * Verify the checksum of a single file.
    1097             :  */
    1098             : static void
    1099       93252 : verify_file_checksum(verifier_context *context, manifest_file *m,
    1100             :                      char *fullpath, uint8 *buffer)
    1101             : {
    1102             :     pg_checksum_context checksum_ctx;
    1103       93252 :     const char *relpath = m->pathname;
    1104             :     int         fd;
    1105             :     int         rc;
    1106       93252 :     uint64      bytes_read = 0;
    1107             :     uint8       checksumbuf[PG_CHECKSUM_MAX_LENGTH];
    1108             :     int         checksumlen;
    1109             : 
    1110             :     /* Open the target file. */
    1111       93252 :     if ((fd = open(fullpath, O_RDONLY | PG_BINARY, 0)) < 0)
    1112             :     {
    1113           2 :         report_backup_error(context, "could not open file \"%s\": %m",
    1114             :                             relpath);
    1115           2 :         return;
    1116             :     }
    1117             : 
    1118             :     /* Initialize checksum context. */
    1119       93250 :     if (pg_checksum_init(&checksum_ctx, m->checksum_type) < 0)
    1120             :     {
    1121           0 :         report_backup_error(context, "could not initialize checksum of file \"%s\"",
    1122             :                             relpath);
    1123           0 :         close(fd);
    1124           0 :         return;
    1125             :     }
    1126             : 
    1127             :     /* Read the file chunk by chunk, updating the checksum as we go. */
    1128      175070 :     while ((rc = read(fd, buffer, READ_CHUNK_SIZE)) > 0)
    1129             :     {
    1130       81820 :         bytes_read += rc;
    1131       81820 :         if (pg_checksum_update(&checksum_ctx, buffer, rc) < 0)
    1132             :         {
    1133           0 :             report_backup_error(context, "could not update checksum of file \"%s\"",
    1134             :                                 relpath);
    1135           0 :             close(fd);
    1136           0 :             return;
    1137             :         }
    1138             : 
    1139             :         /* Report progress */
    1140       81820 :         done_size += rc;
    1141       81820 :         progress_report(false);
    1142             :     }
    1143       93250 :     if (rc < 0)
    1144           0 :         report_backup_error(context, "could not read file \"%s\": %m",
    1145             :                             relpath);
    1146             : 
    1147             :     /* Close the file. */
    1148       93250 :     if (close(fd) != 0)
    1149             :     {
    1150           0 :         report_backup_error(context, "could not close file \"%s\": %m",
    1151             :                             relpath);
    1152           0 :         return;
    1153             :     }
    1154             : 
    1155             :     /* If we didn't manage to read the whole file, bail out now. */
    1156       93250 :     if (rc < 0)
    1157           0 :         return;
    1158             : 
    1159             :     /*
    1160             :      * Double-check that we read the expected number of bytes from the file.
    1161             :      * Normally, mismatches would be caught in verify_plain_backup_file and
    1162             :      * this check would never be reached, but this provides additional safety
    1163             :      * and clarity in the event of concurrent modifications or filesystem
    1164             :      * misbehavior.
    1165             :      */
    1166       93250 :     if (bytes_read != m->size)
    1167             :     {
    1168           0 :         report_backup_error(context,
    1169             :                             "file \"%s\" should contain %" PRIu64 " bytes, but read %" PRIu64,
    1170             :                             relpath, m->size, bytes_read);
    1171           0 :         return;
    1172             :     }
    1173             : 
    1174             :     /* Get the final checksum. */
    1175       93250 :     checksumlen = pg_checksum_final(&checksum_ctx, checksumbuf);
    1176       93250 :     if (checksumlen < 0)
    1177             :     {
    1178           0 :         report_backup_error(context,
    1179             :                             "could not finalize checksum of file \"%s\"",
    1180             :                             relpath);
    1181           0 :         return;
    1182             :     }
    1183             : 
    1184             :     /* And check it against the manifest. */
    1185       93250 :     if (checksumlen != m->checksum_length)
    1186           0 :         report_backup_error(context,
    1187             :                             "file \"%s\" has checksum of length %d, but expected %d",
    1188             :                             relpath, m->checksum_length, checksumlen);
    1189       93250 :     else if (memcmp(checksumbuf, m->checksum_payload, checksumlen) != 0)
    1190           6 :         report_backup_error(context,
    1191             :                             "checksum mismatch for file \"%s\"",
    1192             :                             relpath);
    1193             : }
    1194             : 
    1195             : /*
    1196             :  * Attempt to parse the WAL files required to restore from backup using
    1197             :  * pg_waldump.
    1198             :  */
    1199             : static void
    1200         100 : parse_required_wal(verifier_context *context, char *pg_waldump_path,
    1201             :                    char *wal_directory)
    1202             : {
    1203         100 :     manifest_data *manifest = context->manifest;
    1204         100 :     manifest_wal_range *this_wal_range = manifest->first_wal_range;
    1205             : 
    1206         200 :     while (this_wal_range != NULL)
    1207             :     {
    1208             :         char       *pg_waldump_cmd;
    1209             : 
    1210         100 :         pg_waldump_cmd = psprintf("\"%s\" --quiet --path=\"%s\" --timeline=%u --start=%X/%X --end=%X/%X\n",
    1211             :                                   pg_waldump_path, wal_directory, this_wal_range->tli,
    1212         100 :                                   LSN_FORMAT_ARGS(this_wal_range->start_lsn),
    1213         100 :                                   LSN_FORMAT_ARGS(this_wal_range->end_lsn));
    1214         100 :         fflush(NULL);
    1215         100 :         if (system(pg_waldump_cmd) != 0)
    1216           4 :             report_backup_error(context,
    1217             :                                 "WAL parsing failed for timeline %u",
    1218             :                                 this_wal_range->tli);
    1219             : 
    1220         100 :         this_wal_range = this_wal_range->next;
    1221             :     }
    1222         100 : }
    1223             : 
    1224             : /*
    1225             :  * Report a problem with the backup.
    1226             :  *
    1227             :  * Update the context to indicate that we saw an error, and exit if the
    1228             :  * context says we should.
    1229             :  */
    1230             : void
    1231        2042 : report_backup_error(verifier_context *context, const char *pg_restrict fmt,...)
    1232             : {
    1233             :     va_list     ap;
    1234             : 
    1235        2042 :     va_start(ap, fmt);
    1236        2042 :     pg_log_generic_v(PG_LOG_ERROR, PG_LOG_PRIMARY, gettext(fmt), ap);
    1237        2042 :     va_end(ap);
    1238             : 
    1239        2042 :     context->saw_any_error = true;
    1240        2042 :     if (context->exit_on_error)
    1241           2 :         exit(1);
    1242        2040 : }
    1243             : 
    1244             : /*
    1245             :  * Report a fatal error and exit
    1246             :  */
    1247             : void
    1248          14 : report_fatal_error(const char *pg_restrict fmt,...)
    1249             : {
    1250             :     va_list     ap;
    1251             : 
    1252          14 :     va_start(ap, fmt);
    1253          14 :     pg_log_generic_v(PG_LOG_ERROR, PG_LOG_PRIMARY, gettext(fmt), ap);
    1254          14 :     va_end(ap);
    1255             : 
    1256          14 :     exit(1);
    1257             : }
    1258             : 
    1259             : /*
    1260             :  * Is the specified relative path, or some prefix of it, listed in the set
    1261             :  * of paths to ignore?
    1262             :  *
    1263             :  * Note that by "prefix" we mean a parent directory; for this purpose,
    1264             :  * "aa/bb" is not a prefix of "aa/bbb", but it is a prefix of "aa/bb/cc".
    1265             :  */
    1266             : bool
    1267      240346 : should_ignore_relpath(verifier_context *context, const char *relpath)
    1268             : {
    1269             :     SimpleStringListCell *cell;
    1270             : 
    1271     1461542 :     for (cell = context->ignore_list.head; cell != NULL; cell = cell->next)
    1272             :     {
    1273     1223606 :         const char *r = relpath;
    1274     1223606 :         char       *v = cell->val;
    1275             : 
    1276     1713408 :         while (*v != '\0' && *r == *v)
    1277      489802 :             ++r, ++v;
    1278             : 
    1279     1223606 :         if (*v == '\0' && (*r == '\0' || *r == '/'))
    1280        2410 :             return true;
    1281             :     }
    1282             : 
    1283      237936 :     return false;
    1284             : }
    1285             : 
    1286             : /*
    1287             :  * Create a chain of archive streamers appropriate for verifying a given
    1288             :  * archive.
    1289             :  */
    1290             : static astreamer *
    1291          58 : create_archive_verifier(verifier_context *context, char *archive_name,
    1292             :                         Oid tblspc_oid, pg_compress_algorithm compress_algo)
    1293             : {
    1294          58 :     astreamer  *streamer = NULL;
    1295             : 
    1296             :     /* Should be here only for tar backup */
    1297             :     Assert(context->format == 't');
    1298             : 
    1299             :     /* Last step is the actual verification. */
    1300          58 :     streamer = astreamer_verify_content_new(streamer, context, archive_name,
    1301             :                                             tblspc_oid);
    1302             : 
    1303             :     /* Before that we must parse the tar file. */
    1304          58 :     streamer = astreamer_tar_parser_new(streamer);
    1305             : 
    1306             :     /* Before that we must decompress, if archive is compressed. */
    1307          58 :     if (compress_algo == PG_COMPRESSION_GZIP)
    1308           6 :         streamer = astreamer_gzip_decompressor_new(streamer);
    1309          52 :     else if (compress_algo == PG_COMPRESSION_LZ4)
    1310           6 :         streamer = astreamer_lz4_decompressor_new(streamer);
    1311          46 :     else if (compress_algo == PG_COMPRESSION_ZSTD)
    1312           0 :         streamer = astreamer_zstd_decompressor_new(streamer);
    1313             : 
    1314          58 :     return streamer;
    1315             : }
    1316             : 
    1317             : /*
    1318             :  * Print a progress report based on the global variables.
    1319             :  *
    1320             :  * Progress report is written at maximum once per second, unless the finished
    1321             :  * parameter is set to true.
    1322             :  *
    1323             :  * If finished is set to true, this is the last progress report. The cursor
    1324             :  * is moved to the next line.
    1325             :  */
    1326             : static void
    1327       88418 : progress_report(bool finished)
    1328             : {
    1329             :     static pg_time_t last_progress_report = 0;
    1330             :     pg_time_t   now;
    1331       88418 :     int         percent_size = 0;
    1332             :     char        totalsize_str[32];
    1333             :     char        donesize_str[32];
    1334             : 
    1335       88418 :     if (!show_progress)
    1336       88414 :         return;
    1337             : 
    1338        1708 :     now = time(NULL);
    1339        1708 :     if (now == last_progress_report && !finished)
    1340        1704 :         return;                 /* Max once per second */
    1341             : 
    1342           4 :     last_progress_report = now;
    1343           4 :     percent_size = total_size ? (int) ((done_size * 100 / total_size)) : 0;
    1344             : 
    1345           4 :     snprintf(totalsize_str, sizeof(totalsize_str), UINT64_FORMAT,
    1346             :              total_size / 1024);
    1347           4 :     snprintf(donesize_str, sizeof(donesize_str), UINT64_FORMAT,
    1348             :              done_size / 1024);
    1349             : 
    1350           4 :     fprintf(stderr,
    1351           4 :             _("%*s/%s kB (%d%%) verified"),
    1352           4 :             (int) strlen(totalsize_str),
    1353             :             donesize_str, totalsize_str, percent_size);
    1354             : 
    1355             :     /*
    1356             :      * Stay on the same line if reporting to a terminal and we're not done
    1357             :      * yet.
    1358             :      */
    1359           4 :     fputc((!finished && isatty(fileno(stderr))) ? '\r' : '\n', stderr);
    1360             : }
    1361             : 
    1362             : /*
    1363             :  * Print out usage information and exit.
    1364             :  */
    1365             : static void
    1366           2 : usage(void)
    1367             : {
    1368           2 :     printf(_("%s verifies a backup against the backup manifest.\n\n"), progname);
    1369           2 :     printf(_("Usage:\n  %s [OPTION]... BACKUPDIR\n\n"), progname);
    1370           2 :     printf(_("Options:\n"));
    1371           2 :     printf(_("  -e, --exit-on-error         exit immediately on error\n"));
    1372           2 :     printf(_("  -F, --format=p|t            backup format (plain, tar)\n"));
    1373           2 :     printf(_("  -i, --ignore=RELATIVE_PATH  ignore indicated path\n"));
    1374           2 :     printf(_("  -m, --manifest-path=PATH    use specified path for manifest\n"));
    1375           2 :     printf(_("  -n, --no-parse-wal          do not try to parse WAL files\n"));
    1376           2 :     printf(_("  -P, --progress              show progress information\n"));
    1377           2 :     printf(_("  -q, --quiet                 do not print any output, except for errors\n"));
    1378           2 :     printf(_("  -s, --skip-checksums        skip checksum verification\n"));
    1379           2 :     printf(_("  -w, --wal-directory=PATH    use specified path for WAL files\n"));
    1380           2 :     printf(_("  -V, --version               output version information, then exit\n"));
    1381           2 :     printf(_("  -?, --help                  show this help, then exit\n"));
    1382           2 :     printf(_("\nReport bugs to <%s>.\n"), PACKAGE_BUGREPORT);
    1383           2 :     printf(_("%s home page: <%s>\n"), PACKAGE_NAME, PACKAGE_URL);
    1384           2 : }

Generated by: LCOV version 1.14