LCOV - code coverage report
Current view: top level - src/bin/pg_verifybackup - pg_verifybackup.c (source / functions) Hit Total Coverage
Test: PostgreSQL 17beta1 Lines: 325 359 90.5 %
Date: 2024-06-17 22:11:45 Functions: 19 19 100.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*-------------------------------------------------------------------------
       2             :  *
       3             :  * pg_verifybackup.c
       4             :  *    Verify a backup against a backup manifest.
       5             :  *
       6             :  * Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
       7             :  * Portions Copyright (c) 1994, Regents of the University of California
       8             :  *
       9             :  * src/bin/pg_verifybackup/pg_verifybackup.c
      10             :  *
      11             :  *-------------------------------------------------------------------------
      12             :  */
      13             : 
      14             : #include "postgres_fe.h"
      15             : 
      16             : #include <dirent.h>
      17             : #include <fcntl.h>
      18             : #include <sys/stat.h>
      19             : #include <time.h>
      20             : 
      21             : #include "common/controldata_utils.h"
      22             : #include "common/hashfn_unstable.h"
      23             : #include "common/logging.h"
      24             : #include "common/parse_manifest.h"
      25             : #include "fe_utils/simple_list.h"
      26             : #include "getopt_long.h"
      27             : #include "pgtime.h"
      28             : 
      29             : /*
      30             :  * For efficiency, we'd like our hash table containing information about the
      31             :  * manifest to start out with approximately the correct number of entries.
      32             :  * There's no way to know the exact number of entries without reading the whole
      33             :  * file, but we can get an estimate by dividing the file size by the estimated
      34             :  * number of bytes per line.
      35             :  *
      36             :  * This could be off by about a factor of two in either direction, because the
      37             :  * checksum algorithm has a big impact on the line lengths; e.g. a SHA512
      38             :  * checksum is 128 hex bytes, whereas a CRC-32C value is only 8, and there
      39             :  * might be no checksum at all.
      40             :  */
      41             : #define ESTIMATED_BYTES_PER_MANIFEST_LINE   100
      42             : 
      43             : /*
      44             :  * How many bytes should we try to read from a file at once?
      45             :  */
      46             : #define READ_CHUNK_SIZE             (128 * 1024)
      47             : 
      48             : /*
      49             :  * Each file described by the manifest file is parsed to produce an object
      50             :  * like this.
      51             :  */
      52             : typedef struct manifest_file
      53             : {
      54             :     uint32      status;         /* hash status */
      55             :     char       *pathname;
      56             :     size_t      size;
      57             :     pg_checksum_type checksum_type;
      58             :     int         checksum_length;
      59             :     uint8      *checksum_payload;
      60             :     bool        matched;
      61             :     bool        bad;
      62             : } manifest_file;
      63             : 
      64             : #define should_verify_checksum(m) \
      65             :     (((m)->matched) && !((m)->bad) && (((m)->checksum_type) != CHECKSUM_TYPE_NONE))
      66             : 
      67             : /*
      68             :  * Define a hash table which we can use to store information about the files
      69             :  * mentioned in the backup manifest.
      70             :  */
      71             : #define SH_PREFIX       manifest_files
      72             : #define SH_ELEMENT_TYPE manifest_file
      73             : #define SH_KEY_TYPE     char *
      74             : #define SH_KEY          pathname
      75             : #define SH_HASH_KEY(tb, key)    hash_string(key)
      76             : #define SH_EQUAL(tb, a, b)      (strcmp(a, b) == 0)
      77             : #define SH_SCOPE        static inline
      78             : #define SH_RAW_ALLOCATOR    pg_malloc0
      79             : #define SH_DECLARE
      80             : #define SH_DEFINE
      81             : #include "lib/simplehash.h"
      82             : 
      83             : /*
      84             :  * Each WAL range described by the manifest file is parsed to produce an
      85             :  * object like this.
      86             :  */
      87             : typedef struct manifest_wal_range
      88             : {
      89             :     TimeLineID  tli;
      90             :     XLogRecPtr  start_lsn;
      91             :     XLogRecPtr  end_lsn;
      92             :     struct manifest_wal_range *next;
      93             :     struct manifest_wal_range *prev;
      94             : } manifest_wal_range;
      95             : 
      96             : /*
      97             :  * All the data parsed from a backup_manifest file.
      98             :  */
      99             : typedef struct manifest_data
     100             : {
     101             :     int         version;
     102             :     uint64      system_identifier;
     103             :     manifest_files_hash *files;
     104             :     manifest_wal_range *first_wal_range;
     105             :     manifest_wal_range *last_wal_range;
     106             : } manifest_data;
     107             : 
     108             : /*
     109             :  * All of the context information we need while checking a backup manifest.
     110             :  */
     111             : typedef struct verifier_context
     112             : {
     113             :     manifest_data *manifest;
     114             :     char       *backup_directory;
     115             :     SimpleStringList ignore_list;
     116             :     bool        exit_on_error;
     117             :     bool        saw_any_error;
     118             : } verifier_context;
     119             : 
     120             : static manifest_data *parse_manifest_file(char *manifest_path);
     121             : static void verifybackup_version_cb(JsonManifestParseContext *context,
     122             :                                     int manifest_version);
     123             : static void verifybackup_system_identifier(JsonManifestParseContext *context,
     124             :                                            uint64 manifest_system_identifier);
     125             : static void verifybackup_per_file_cb(JsonManifestParseContext *context,
     126             :                                      char *pathname, size_t size,
     127             :                                      pg_checksum_type checksum_type,
     128             :                                      int checksum_length,
     129             :                                      uint8 *checksum_payload);
     130             : static void verifybackup_per_wal_range_cb(JsonManifestParseContext *context,
     131             :                                           TimeLineID tli,
     132             :                                           XLogRecPtr start_lsn,
     133             :                                           XLogRecPtr end_lsn);
     134             : static void report_manifest_error(JsonManifestParseContext *context,
     135             :                                   const char *fmt,...)
     136             :             pg_attribute_printf(2, 3) pg_attribute_noreturn();
     137             : 
     138             : static void verify_backup_directory(verifier_context *context,
     139             :                                     char *relpath, char *fullpath);
     140             : static void verify_backup_file(verifier_context *context,
     141             :                                char *relpath, char *fullpath);
     142             : static void verify_control_file(const char *controlpath,
     143             :                                 uint64 manifest_system_identifier);
     144             : static void report_extra_backup_files(verifier_context *context);
     145             : static void verify_backup_checksums(verifier_context *context);
     146             : static void verify_file_checksum(verifier_context *context,
     147             :                                  manifest_file *m, char *fullpath,
     148             :                                  uint8 *buffer);
     149             : static void parse_required_wal(verifier_context *context,
     150             :                                char *pg_waldump_path,
     151             :                                char *wal_directory);
     152             : 
     153             : static void report_backup_error(verifier_context *context,
     154             :                                 const char *pg_restrict fmt,...)
     155             :             pg_attribute_printf(2, 3);
     156             : static void report_fatal_error(const char *pg_restrict fmt,...)
     157             :             pg_attribute_printf(1, 2) pg_attribute_noreturn();
     158             : static bool should_ignore_relpath(verifier_context *context, char *relpath);
     159             : 
     160             : static void progress_report(bool finished);
     161             : static void usage(void);
     162             : 
     163             : static const char *progname;
     164             : 
     165             : /* options */
     166             : static bool show_progress = false;
     167             : static bool skip_checksums = false;
     168             : 
     169             : /* Progress indicators */
     170             : static uint64 total_size = 0;
     171             : static uint64 done_size = 0;
     172             : 
     173             : /*
     174             :  * Main entry point.
     175             :  */
     176             : int
     177         198 : main(int argc, char **argv)
     178             : {
     179             :     static struct option long_options[] = {
     180             :         {"exit-on-error", no_argument, NULL, 'e'},
     181             :         {"ignore", required_argument, NULL, 'i'},
     182             :         {"manifest-path", required_argument, NULL, 'm'},
     183             :         {"no-parse-wal", no_argument, NULL, 'n'},
     184             :         {"progress", no_argument, NULL, 'P'},
     185             :         {"quiet", no_argument, NULL, 'q'},
     186             :         {"skip-checksums", no_argument, NULL, 's'},
     187             :         {"wal-directory", required_argument, NULL, 'w'},
     188             :         {NULL, 0, NULL, 0}
     189             :     };
     190             : 
     191             :     int         c;
     192             :     verifier_context context;
     193         198 :     char       *manifest_path = NULL;
     194         198 :     bool        no_parse_wal = false;
     195         198 :     bool        quiet = false;
     196         198 :     char       *wal_directory = NULL;
     197         198 :     char       *pg_waldump_path = NULL;
     198             : 
     199         198 :     pg_logging_init(argv[0]);
     200         198 :     set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pg_verifybackup"));
     201         198 :     progname = get_progname(argv[0]);
     202             : 
     203         198 :     memset(&context, 0, sizeof(context));
     204             : 
     205         198 :     if (argc > 1)
     206             :     {
     207         196 :         if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
     208             :         {
     209           2 :             usage();
     210           2 :             exit(0);
     211             :         }
     212         194 :         if (strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)
     213             :         {
     214           2 :             puts("pg_verifybackup (PostgreSQL) " PG_VERSION);
     215           2 :             exit(0);
     216             :         }
     217             :     }
     218             : 
     219             :     /*
     220             :      * Skip certain files in the toplevel directory.
     221             :      *
     222             :      * Ignore the backup_manifest file, because it's not included in the
     223             :      * backup manifest.
     224             :      *
     225             :      * Ignore the pg_wal directory, because those files are not included in
     226             :      * the backup manifest either, since they are fetched separately from the
     227             :      * backup itself, and verified via a separate mechanism.
     228             :      *
     229             :      * Ignore postgresql.auto.conf, recovery.signal, and standby.signal,
     230             :      * because we expect that those files may sometimes be created or changed
     231             :      * as part of the backup process. For example, pg_basebackup -R will
     232             :      * modify postgresql.auto.conf and create standby.signal.
     233             :      */
     234         194 :     simple_string_list_append(&context.ignore_list, "backup_manifest");
     235         194 :     simple_string_list_append(&context.ignore_list, "pg_wal");
     236         194 :     simple_string_list_append(&context.ignore_list, "postgresql.auto.conf");
     237         194 :     simple_string_list_append(&context.ignore_list, "recovery.signal");
     238         194 :     simple_string_list_append(&context.ignore_list, "standby.signal");
     239             : 
     240         280 :     while ((c = getopt_long(argc, argv, "ei:m:nPqsw:", long_options, NULL)) != -1)
     241             :     {
     242          88 :         switch (c)
     243             :         {
     244          32 :             case 'e':
     245          32 :                 context.exit_on_error = true;
     246          32 :                 break;
     247           8 :             case 'i':
     248             :                 {
     249           8 :                     char       *arg = pstrdup(optarg);
     250             : 
     251           8 :                     canonicalize_path(arg);
     252           8 :                     simple_string_list_append(&context.ignore_list, arg);
     253           8 :                     break;
     254             :                 }
     255          16 :             case 'm':
     256          16 :                 manifest_path = pstrdup(optarg);
     257          16 :                 canonicalize_path(manifest_path);
     258          16 :                 break;
     259          14 :             case 'n':
     260          14 :                 no_parse_wal = true;
     261          14 :                 break;
     262           4 :             case 'P':
     263           4 :                 show_progress = true;
     264           4 :                 break;
     265           6 :             case 'q':
     266           6 :                 quiet = true;
     267           6 :                 break;
     268           4 :             case 's':
     269           4 :                 skip_checksums = true;
     270           4 :                 break;
     271           2 :             case 'w':
     272           2 :                 wal_directory = pstrdup(optarg);
     273           2 :                 canonicalize_path(wal_directory);
     274           2 :                 break;
     275           2 :             default:
     276             :                 /* getopt_long already emitted a complaint */
     277           2 :                 pg_log_error_hint("Try \"%s --help\" for more information.", progname);
     278           2 :                 exit(1);
     279             :         }
     280             :     }
     281             : 
     282             :     /* Get backup directory name */
     283         192 :     if (optind >= argc)
     284             :     {
     285           2 :         pg_log_error("no backup directory specified");
     286           2 :         pg_log_error_hint("Try \"%s --help\" for more information.", progname);
     287           2 :         exit(1);
     288             :     }
     289         190 :     context.backup_directory = pstrdup(argv[optind++]);
     290         190 :     canonicalize_path(context.backup_directory);
     291             : 
     292             :     /* Complain if any arguments remain */
     293         190 :     if (optind < argc)
     294             :     {
     295           2 :         pg_log_error("too many command-line arguments (first is \"%s\")",
     296             :                      argv[optind]);
     297           2 :         pg_log_error_hint("Try \"%s --help\" for more information.", progname);
     298           2 :         exit(1);
     299             :     }
     300             : 
     301             :     /* Complain if the specified arguments conflict */
     302         188 :     if (show_progress && quiet)
     303           2 :         pg_fatal("cannot specify both %s and %s",
     304             :                  "-P/--progress", "-q/--quiet");
     305             : 
     306             :     /* Unless --no-parse-wal was specified, we will need pg_waldump. */
     307         186 :     if (!no_parse_wal)
     308             :     {
     309             :         int         ret;
     310             : 
     311         172 :         pg_waldump_path = pg_malloc(MAXPGPATH);
     312         172 :         ret = find_other_exec(argv[0], "pg_waldump",
     313             :                               "pg_waldump (PostgreSQL) " PG_VERSION "\n",
     314             :                               pg_waldump_path);
     315         172 :         if (ret < 0)
     316             :         {
     317             :             char        full_path[MAXPGPATH];
     318             : 
     319           0 :             if (find_my_exec(argv[0], full_path) < 0)
     320           0 :                 strlcpy(full_path, progname, sizeof(full_path));
     321             : 
     322           0 :             if (ret == -1)
     323           0 :                 pg_fatal("program \"%s\" is needed by %s but was not found in the same directory as \"%s\"",
     324             :                          "pg_waldump", "pg_verifybackup", full_path);
     325             :             else
     326           0 :                 pg_fatal("program \"%s\" was found by \"%s\" but was not the same version as %s",
     327             :                          "pg_waldump", full_path, "pg_verifybackup");
     328             :         }
     329             :     }
     330             : 
     331             :     /* By default, look for the manifest in the backup directory. */
     332         186 :     if (manifest_path == NULL)
     333         170 :         manifest_path = psprintf("%s/backup_manifest",
     334             :                                  context.backup_directory);
     335             : 
     336             :     /* By default, look for the WAL in the backup directory, too. */
     337         186 :     if (wal_directory == NULL)
     338         184 :         wal_directory = psprintf("%s/pg_wal", context.backup_directory);
     339             : 
     340             :     /*
     341             :      * Try to read the manifest. We treat any errors encountered while parsing
     342             :      * the manifest as fatal; there doesn't seem to be much point in trying to
     343             :      * verify the backup directory against a corrupted manifest.
     344             :      */
     345         186 :     context.manifest = parse_manifest_file(manifest_path);
     346             : 
     347             :     /*
     348             :      * Now scan the files in the backup directory. At this stage, we verify
     349             :      * that every file on disk is present in the manifest and that the sizes
     350             :      * match. We also set the "matched" flag on every manifest entry that
     351             :      * corresponds to a file on disk.
     352             :      */
     353         118 :     verify_backup_directory(&context, NULL, context.backup_directory);
     354             : 
     355             :     /*
     356             :      * The "matched" flag should now be set on every entry in the hash table.
     357             :      * Any entries for which the bit is not set are files mentioned in the
     358             :      * manifest that don't exist on disk.
     359             :      */
     360         114 :     report_extra_backup_files(&context);
     361             : 
     362             :     /*
     363             :      * Now do the expensive work of verifying file checksums, unless we were
     364             :      * told to skip it.
     365             :      */
     366         112 :     if (!skip_checksums)
     367         108 :         verify_backup_checksums(&context);
     368             : 
     369             :     /*
     370             :      * Try to parse the required ranges of WAL records, unless we were told
     371             :      * not to do so.
     372             :      */
     373         112 :     if (!no_parse_wal)
     374          98 :         parse_required_wal(&context, pg_waldump_path, wal_directory);
     375             : 
     376             :     /*
     377             :      * If everything looks OK, tell the user this, unless we were asked to
     378             :      * work quietly.
     379             :      */
     380         112 :     if (!context.saw_any_error && !quiet)
     381          80 :         printf(_("backup successfully verified\n"));
     382             : 
     383         112 :     return context.saw_any_error ? 1 : 0;
     384             : }
     385             : 
     386             : /*
     387             :  * Parse a manifest file and return a data structure describing the contents.
     388             :  */
     389             : static manifest_data *
     390         186 : parse_manifest_file(char *manifest_path)
     391             : {
     392             :     int         fd;
     393             :     struct stat statbuf;
     394             :     off_t       estimate;
     395             :     uint32      initial_size;
     396             :     manifest_files_hash *ht;
     397             :     char       *buffer;
     398             :     int         rc;
     399             :     JsonManifestParseContext context;
     400             :     manifest_data *result;
     401             : 
     402         186 :     int         chunk_size = READ_CHUNK_SIZE;
     403             : 
     404             :     /* Open the manifest file. */
     405         186 :     if ((fd = open(manifest_path, O_RDONLY | PG_BINARY, 0)) < 0)
     406           6 :         report_fatal_error("could not open file \"%s\": %m", manifest_path);
     407             : 
     408             :     /* Figure out how big the manifest is. */
     409         180 :     if (fstat(fd, &statbuf) != 0)
     410           0 :         report_fatal_error("could not stat file \"%s\": %m", manifest_path);
     411             : 
     412             :     /* Guess how large to make the hash table based on the manifest size. */
     413         180 :     estimate = statbuf.st_size / ESTIMATED_BYTES_PER_MANIFEST_LINE;
     414         180 :     initial_size = Min(PG_UINT32_MAX, Max(estimate, 256));
     415             : 
     416             :     /* Create the hash table. */
     417         180 :     ht = manifest_files_create(initial_size, NULL);
     418             : 
     419         180 :     result = pg_malloc0(sizeof(manifest_data));
     420         180 :     result->files = ht;
     421         180 :     context.private_data = result;
     422         180 :     context.version_cb = verifybackup_version_cb;
     423         180 :     context.system_identifier_cb = verifybackup_system_identifier;
     424         180 :     context.per_file_cb = verifybackup_per_file_cb;
     425         180 :     context.per_wal_range_cb = verifybackup_per_wal_range_cb;
     426         180 :     context.error_cb = report_manifest_error;
     427             : 
     428             :     /*
     429             :      * Parse the file, in chunks if necessary.
     430             :      */
     431         180 :     if (statbuf.st_size <= chunk_size)
     432             :     {
     433          64 :         buffer = pg_malloc(statbuf.st_size);
     434          64 :         rc = read(fd, buffer, statbuf.st_size);
     435          64 :         if (rc != statbuf.st_size)
     436             :         {
     437           0 :             if (rc < 0)
     438           0 :                 pg_fatal("could not read file \"%s\": %m", manifest_path);
     439             :             else
     440           0 :                 pg_fatal("could not read file \"%s\": read %d of %lld",
     441             :                          manifest_path, rc, (long long int) statbuf.st_size);
     442             :         }
     443             : 
     444             :         /* Close the manifest file. */
     445          64 :         close(fd);
     446             : 
     447             :         /* Parse the manifest. */
     448          64 :         json_parse_manifest(&context, buffer, statbuf.st_size);
     449             :     }
     450             :     else
     451             :     {
     452         116 :         int         bytes_left = statbuf.st_size;
     453             :         JsonManifestParseIncrementalState *inc_state;
     454             : 
     455         116 :         inc_state = json_parse_manifest_incremental_init(&context);
     456             : 
     457         116 :         buffer = pg_malloc(chunk_size + 1);
     458             : 
     459         346 :         while (bytes_left > 0)
     460             :         {
     461         232 :             int         bytes_to_read = chunk_size;
     462             : 
     463             :             /*
     464             :              * Make sure that the last chunk is sufficiently large. (i.e. at
     465             :              * least half the chunk size) so that it will contain fully the
     466             :              * piece at the end with the checksum.
     467             :              */
     468         232 :             if (bytes_left < chunk_size)
     469         116 :                 bytes_to_read = bytes_left;
     470         116 :             else if (bytes_left < 2 * chunk_size)
     471         116 :                 bytes_to_read = bytes_left / 2;
     472         232 :             rc = read(fd, buffer, bytes_to_read);
     473         232 :             if (rc != bytes_to_read)
     474             :             {
     475           0 :                 if (rc < 0)
     476           0 :                     pg_fatal("could not read file \"%s\": %m", manifest_path);
     477             :                 else
     478           0 :                     pg_fatal("could not read file \"%s\": read %lld of %lld",
     479             :                              manifest_path,
     480             :                              (long long int) (statbuf.st_size + rc - bytes_left),
     481             :                              (long long int) statbuf.st_size);
     482             :             }
     483         232 :             bytes_left -= rc;
     484         232 :             json_parse_manifest_incremental_chunk(inc_state, buffer, rc,
     485             :                                                   bytes_left == 0);
     486             :         }
     487             : 
     488             :         /* Release the incremental state memory */
     489         114 :         json_parse_manifest_incremental_shutdown(inc_state);
     490             : 
     491         114 :         close(fd);
     492             :     }
     493             : 
     494             :     /* Done with the buffer. */
     495         118 :     pfree(buffer);
     496             : 
     497         118 :     return result;
     498             : }
     499             : 
     500             : /*
     501             :  * Report an error while parsing the manifest.
     502             :  *
     503             :  * We consider all such errors to be fatal errors. The manifest parser
     504             :  * expects this function not to return.
     505             :  */
     506             : static void
     507          60 : report_manifest_error(JsonManifestParseContext *context, const char *fmt,...)
     508             : {
     509             :     va_list     ap;
     510             : 
     511          60 :     va_start(ap, fmt);
     512          60 :     pg_log_generic_v(PG_LOG_ERROR, PG_LOG_PRIMARY, gettext(fmt), ap);
     513          60 :     va_end(ap);
     514             : 
     515          60 :     exit(1);
     516             : }
     517             : 
     518             : /*
     519             :  * Record details extracted from the backup manifest.
     520             :  */
     521             : static void
     522         168 : verifybackup_version_cb(JsonManifestParseContext *context,
     523             :                         int manifest_version)
     524             : {
     525         168 :     manifest_data *manifest = context->private_data;
     526             : 
     527             :     /* Validation will be at the later stage */
     528         168 :     manifest->version = manifest_version;
     529         168 : }
     530             : 
     531             : /*
     532             :  * Record details extracted from the backup manifest.
     533             :  */
     534             : static void
     535         120 : verifybackup_system_identifier(JsonManifestParseContext *context,
     536             :                                uint64 manifest_system_identifier)
     537             : {
     538         120 :     manifest_data *manifest = context->private_data;
     539             : 
     540             :     /* Validation will be at the later stage */
     541         120 :     manifest->system_identifier = manifest_system_identifier;
     542         120 : }
     543             : 
     544             : /*
     545             :  * Record details extracted from the backup manifest for one file.
     546             :  */
     547             : static void
     548      116070 : verifybackup_per_file_cb(JsonManifestParseContext *context,
     549             :                          char *pathname, size_t size,
     550             :                          pg_checksum_type checksum_type,
     551             :                          int checksum_length, uint8 *checksum_payload)
     552             : {
     553      116070 :     manifest_data *manifest = context->private_data;
     554      116070 :     manifest_files_hash *ht = manifest->files;
     555             :     manifest_file *m;
     556             :     bool        found;
     557             : 
     558             :     /* Make a new entry in the hash table for this file. */
     559      116070 :     m = manifest_files_insert(ht, pathname, &found);
     560      116070 :     if (found)
     561           2 :         report_fatal_error("duplicate path name in backup manifest: \"%s\"",
     562             :                            pathname);
     563             : 
     564             :     /* Initialize the entry. */
     565      116068 :     m->size = size;
     566      116068 :     m->checksum_type = checksum_type;
     567      116068 :     m->checksum_length = checksum_length;
     568      116068 :     m->checksum_payload = checksum_payload;
     569      116068 :     m->matched = false;
     570      116068 :     m->bad = false;
     571      116068 : }
     572             : 
     573             : /*
     574             :  * Record details extracted from the backup manifest for one WAL range.
     575             :  */
     576             : static void
     577         122 : verifybackup_per_wal_range_cb(JsonManifestParseContext *context,
     578             :                               TimeLineID tli,
     579             :                               XLogRecPtr start_lsn, XLogRecPtr end_lsn)
     580             : {
     581         122 :     manifest_data *manifest = context->private_data;
     582             :     manifest_wal_range *range;
     583             : 
     584             :     /* Allocate and initialize a struct describing this WAL range. */
     585         122 :     range = palloc(sizeof(manifest_wal_range));
     586         122 :     range->tli = tli;
     587         122 :     range->start_lsn = start_lsn;
     588         122 :     range->end_lsn = end_lsn;
     589         122 :     range->prev = manifest->last_wal_range;
     590         122 :     range->next = NULL;
     591             : 
     592             :     /* Add it to the end of the list. */
     593         122 :     if (manifest->first_wal_range == NULL)
     594         122 :         manifest->first_wal_range = range;
     595             :     else
     596           0 :         manifest->last_wal_range->next = range;
     597         122 :     manifest->last_wal_range = range;
     598         122 : }
     599             : 
     600             : /*
     601             :  * Verify one directory.
     602             :  *
     603             :  * 'relpath' is NULL if we are to verify the top-level backup directory,
     604             :  * and otherwise the relative path to the directory that is to be verified.
     605             :  *
     606             :  * 'fullpath' is the backup directory with 'relpath' appended; i.e. the actual
     607             :  * filesystem path at which it can be found.
     608             :  */
     609             : static void
     610        2876 : verify_backup_directory(verifier_context *context, char *relpath,
     611             :                         char *fullpath)
     612             : {
     613             :     DIR        *dir;
     614             :     struct dirent *dirent;
     615             : 
     616        2876 :     dir = opendir(fullpath);
     617        2876 :     if (dir == NULL)
     618             :     {
     619             :         /*
     620             :          * If even the toplevel backup directory cannot be found, treat this
     621             :          * as a fatal error.
     622             :          */
     623           4 :         if (relpath == NULL)
     624           2 :             report_fatal_error("could not open directory \"%s\": %m", fullpath);
     625             : 
     626             :         /*
     627             :          * Otherwise, treat this as a non-fatal error, but ignore any further
     628             :          * errors related to this path and anything beneath it.
     629             :          */
     630           2 :         report_backup_error(context,
     631             :                             "could not open directory \"%s\": %m", fullpath);
     632           2 :         simple_string_list_append(&context->ignore_list, relpath);
     633             : 
     634           2 :         return;
     635             :     }
     636             : 
     637      120102 :     while (errno = 0, (dirent = readdir(dir)) != NULL)
     638             :     {
     639      117234 :         char       *filename = dirent->d_name;
     640      117234 :         char       *newfullpath = psprintf("%s/%s", fullpath, filename);
     641             :         char       *newrelpath;
     642             : 
     643             :         /* Skip "." and ".." */
     644      117234 :         if (filename[0] == '.' && (filename[1] == '\0'
     645        2868 :                                    || strcmp(filename, "..") == 0))
     646        5738 :             continue;
     647             : 
     648      111496 :         if (relpath == NULL)
     649        2748 :             newrelpath = pstrdup(filename);
     650             :         else
     651      108748 :             newrelpath = psprintf("%s/%s", relpath, filename);
     652             : 
     653      111496 :         if (!should_ignore_relpath(context, newrelpath))
     654      111166 :             verify_backup_file(context, newrelpath, newfullpath);
     655             : 
     656      111492 :         pfree(newfullpath);
     657      111492 :         pfree(newrelpath);
     658             :     }
     659             : 
     660        2868 :     if (closedir(dir))
     661             :     {
     662           0 :         report_backup_error(context,
     663             :                             "could not close directory \"%s\": %m", fullpath);
     664           0 :         return;
     665             :     }
     666             : }
     667             : 
     668             : /*
     669             :  * Verify one file (which might actually be a directory or a symlink).
     670             :  *
     671             :  * The arguments to this function have the same meaning as the arguments to
     672             :  * verify_backup_directory.
     673             :  */
     674             : static void
     675      111166 : verify_backup_file(verifier_context *context, char *relpath, char *fullpath)
     676             : {
     677             :     struct stat sb;
     678             :     manifest_file *m;
     679             : 
     680      111166 :     if (stat(fullpath, &sb) != 0)
     681             :     {
     682           6 :         report_backup_error(context,
     683             :                             "could not stat file or directory \"%s\": %m",
     684             :                             relpath);
     685             : 
     686             :         /*
     687             :          * Suppress further errors related to this path name and, if it's a
     688             :          * directory, anything underneath it.
     689             :          */
     690           6 :         simple_string_list_append(&context->ignore_list, relpath);
     691             : 
     692        2766 :         return;
     693             :     }
     694             : 
     695             :     /* If it's a directory, just recurse. */
     696      111160 :     if (S_ISDIR(sb.st_mode))
     697             :     {
     698        2758 :         verify_backup_directory(context, relpath, fullpath);
     699        2756 :         return;
     700             :     }
     701             : 
     702             :     /* If it's not a directory, it should be a plain file. */
     703      108402 :     if (!S_ISREG(sb.st_mode))
     704             :     {
     705           0 :         report_backup_error(context,
     706             :                             "\"%s\" is not a file or directory",
     707             :                             relpath);
     708           0 :         return;
     709             :     }
     710             : 
     711             :     /* Check whether there's an entry in the manifest hash. */
     712      108402 :     m = manifest_files_lookup(context->manifest->files, relpath);
     713      108402 :     if (m == NULL)
     714             :     {
     715           4 :         report_backup_error(context,
     716             :                             "\"%s\" is present on disk but not in the manifest",
     717             :                             relpath);
     718           4 :         return;
     719             :     }
     720             : 
     721             :     /* Flag this entry as having been encountered in the filesystem. */
     722      108398 :     m->matched = true;
     723             : 
     724             :     /* Check that the size matches. */
     725      108398 :     if (m->size != sb.st_size)
     726             :     {
     727           4 :         report_backup_error(context,
     728             :                             "\"%s\" has size %lld on disk but size %zu in the manifest",
     729           4 :                             relpath, (long long int) sb.st_size, m->size);
     730           4 :         m->bad = true;
     731             :     }
     732             : 
     733             :     /*
     734             :      * Validate the manifest system identifier, not available in manifest
     735             :      * version 1.
     736             :      */
     737      108398 :     if (context->manifest->version != 1 &&
     738      108398 :         strcmp(relpath, "global/pg_control") == 0)
     739         116 :         verify_control_file(fullpath, context->manifest->system_identifier);
     740             : 
     741             :     /* Update statistics for progress report, if necessary */
     742      108396 :     if (show_progress && !skip_checksums && should_verify_checksum(m))
     743        1928 :         total_size += m->size;
     744             : 
     745             :     /*
     746             :      * We don't verify checksums at this stage. We first finish verifying that
     747             :      * we have the expected set of files with the expected sizes, and only
     748             :      * afterwards verify the checksums. That's because computing checksums may
     749             :      * take a while, and we'd like to report more obvious problems quickly.
     750             :      */
     751             : }
     752             : 
     753             : /*
     754             :  * Sanity check control file and validate system identifier against manifest
     755             :  * system identifier.
     756             :  */
     757             : static void
     758         116 : verify_control_file(const char *controlpath, uint64 manifest_system_identifier)
     759             : {
     760             :     ControlFileData *control_file;
     761             :     bool        crc_ok;
     762             : 
     763         116 :     pg_log_debug("reading \"%s\"", controlpath);
     764         116 :     control_file = get_controlfile_by_exact_path(controlpath, &crc_ok);
     765             : 
     766             :     /* Control file contents not meaningful if CRC is bad. */
     767         116 :     if (!crc_ok)
     768           0 :         report_fatal_error("%s: CRC is incorrect", controlpath);
     769             : 
     770             :     /* Can't interpret control file if not current version. */
     771         116 :     if (control_file->pg_control_version != PG_CONTROL_VERSION)
     772           0 :         report_fatal_error("%s: unexpected control file version",
     773             :                            controlpath);
     774             : 
     775             :     /* System identifiers should match. */
     776         116 :     if (manifest_system_identifier != control_file->system_identifier)
     777           2 :         report_fatal_error("%s: manifest system identifier is %llu, but control file has %llu",
     778             :                            controlpath,
     779             :                            (unsigned long long) manifest_system_identifier,
     780           2 :                            (unsigned long long) control_file->system_identifier);
     781             : 
     782             :     /* Release memory. */
     783         114 :     pfree(control_file);
     784         114 : }
     785             : 
     786             : /*
     787             :  * Scan the hash table for entries where the 'matched' flag is not set; report
     788             :  * that such files are present in the manifest but not on disk.
     789             :  */
     790             : static void
     791         114 : report_extra_backup_files(verifier_context *context)
     792             : {
     793         114 :     manifest_data *manifest = context->manifest;
     794             :     manifest_files_iterator it;
     795             :     manifest_file *m;
     796             : 
     797         114 :     manifest_files_start_iterate(manifest->files, &it);
     798      109200 :     while ((m = manifest_files_iterate(manifest->files, &it)) != NULL)
     799      109088 :         if (!m->matched && !should_ignore_relpath(context, m->pathname))
     800          10 :             report_backup_error(context,
     801             :                                 "\"%s\" is present in the manifest but not on disk",
     802             :                                 m->pathname);
     803         112 : }
     804             : 
     805             : /*
     806             :  * Verify checksums for hash table entries that are otherwise unproblematic.
     807             :  * If we've already reported some problem related to a hash table entry, or
     808             :  * if it has no checksum, just skip it.
     809             :  */
     810             : static void
     811         108 : verify_backup_checksums(verifier_context *context)
     812             : {
     813         108 :     manifest_data *manifest = context->manifest;
     814             :     manifest_files_iterator it;
     815             :     manifest_file *m;
     816             :     uint8      *buffer;
     817             : 
     818         108 :     progress_report(false);
     819             : 
     820         108 :     buffer = pg_malloc(READ_CHUNK_SIZE * sizeof(uint8));
     821             : 
     822         108 :     manifest_files_start_iterate(manifest->files, &it);
     823      104578 :     while ((m = manifest_files_iterate(manifest->files, &it)) != NULL)
     824             :     {
     825      104470 :         if (should_verify_checksum(m) &&
     826       98670 :             !should_ignore_relpath(context, m->pathname))
     827             :         {
     828             :             char       *fullpath;
     829             : 
     830             :             /* Compute the full pathname to the target file. */
     831       98670 :             fullpath = psprintf("%s/%s", context->backup_directory,
     832             :                                 m->pathname);
     833             : 
     834             :             /* Do the actual checksum verification. */
     835       98670 :             verify_file_checksum(context, m, fullpath, buffer);
     836             : 
     837             :             /* Avoid leaking memory. */
     838       98670 :             pfree(fullpath);
     839             :         }
     840             :     }
     841             : 
     842         108 :     pfree(buffer);
     843             : 
     844         108 :     progress_report(true);
     845         108 : }
     846             : 
     847             : /*
     848             :  * Verify the checksum of a single file.
     849             :  */
     850             : static void
     851       98670 : verify_file_checksum(verifier_context *context, manifest_file *m,
     852             :                      char *fullpath, uint8 *buffer)
     853             : {
     854             :     pg_checksum_context checksum_ctx;
     855       98670 :     char       *relpath = m->pathname;
     856             :     int         fd;
     857             :     int         rc;
     858       98670 :     size_t      bytes_read = 0;
     859             :     uint8       checksumbuf[PG_CHECKSUM_MAX_LENGTH];
     860             :     int         checksumlen;
     861             : 
     862             :     /* Open the target file. */
     863       98670 :     if ((fd = open(fullpath, O_RDONLY | PG_BINARY, 0)) < 0)
     864             :     {
     865           2 :         report_backup_error(context, "could not open file \"%s\": %m",
     866             :                             relpath);
     867           2 :         return;
     868             :     }
     869             : 
     870             :     /* Initialize checksum context. */
     871       98668 :     if (pg_checksum_init(&checksum_ctx, m->checksum_type) < 0)
     872             :     {
     873           0 :         report_backup_error(context, "could not initialize checksum of file \"%s\"",
     874             :                             relpath);
     875           0 :         close(fd);
     876           0 :         return;
     877             :     }
     878             : 
     879             :     /* Read the file chunk by chunk, updating the checksum as we go. */
     880      185108 :     while ((rc = read(fd, buffer, READ_CHUNK_SIZE)) > 0)
     881             :     {
     882       86440 :         bytes_read += rc;
     883       86440 :         if (pg_checksum_update(&checksum_ctx, buffer, rc) < 0)
     884             :         {
     885           0 :             report_backup_error(context, "could not update checksum of file \"%s\"",
     886             :                                 relpath);
     887           0 :             close(fd);
     888           0 :             return;
     889             :         }
     890             : 
     891             :         /* Report progress */
     892       86440 :         done_size += rc;
     893       86440 :         progress_report(false);
     894             :     }
     895       98668 :     if (rc < 0)
     896           0 :         report_backup_error(context, "could not read file \"%s\": %m",
     897             :                             relpath);
     898             : 
     899             :     /* Close the file. */
     900       98668 :     if (close(fd) != 0)
     901             :     {
     902           0 :         report_backup_error(context, "could not close file \"%s\": %m",
     903             :                             relpath);
     904           0 :         return;
     905             :     }
     906             : 
     907             :     /* If we didn't manage to read the whole file, bail out now. */
     908       98668 :     if (rc < 0)
     909           0 :         return;
     910             : 
     911             :     /*
     912             :      * Double-check that we read the expected number of bytes from the file.
     913             :      * Normally, a file size mismatch would be caught in verify_backup_file
     914             :      * and this check would never be reached, but this provides additional
     915             :      * safety and clarity in the event of concurrent modifications or
     916             :      * filesystem misbehavior.
     917             :      */
     918       98668 :     if (bytes_read != m->size)
     919             :     {
     920           0 :         report_backup_error(context,
     921             :                             "file \"%s\" should contain %zu bytes, but read %zu bytes",
     922             :                             relpath, m->size, bytes_read);
     923           0 :         return;
     924             :     }
     925             : 
     926             :     /* Get the final checksum. */
     927       98668 :     checksumlen = pg_checksum_final(&checksum_ctx, checksumbuf);
     928       98668 :     if (checksumlen < 0)
     929             :     {
     930           0 :         report_backup_error(context,
     931             :                             "could not finalize checksum of file \"%s\"",
     932             :                             relpath);
     933           0 :         return;
     934             :     }
     935             : 
     936             :     /* And check it against the manifest. */
     937       98668 :     if (checksumlen != m->checksum_length)
     938           0 :         report_backup_error(context,
     939             :                             "file \"%s\" has checksum of length %d, but expected %d",
     940             :                             relpath, m->checksum_length, checksumlen);
     941       98668 :     else if (memcmp(checksumbuf, m->checksum_payload, checksumlen) != 0)
     942           6 :         report_backup_error(context,
     943             :                             "checksum mismatch for file \"%s\"",
     944             :                             relpath);
     945             : }
     946             : 
     947             : /*
     948             :  * Attempt to parse the WAL files required to restore from backup using
     949             :  * pg_waldump.
     950             :  */
     951             : static void
     952          98 : parse_required_wal(verifier_context *context, char *pg_waldump_path,
     953             :                    char *wal_directory)
     954             : {
     955          98 :     manifest_data *manifest = context->manifest;
     956          98 :     manifest_wal_range *this_wal_range = manifest->first_wal_range;
     957             : 
     958         196 :     while (this_wal_range != NULL)
     959             :     {
     960             :         char       *pg_waldump_cmd;
     961             : 
     962          98 :         pg_waldump_cmd = psprintf("\"%s\" --quiet --path=\"%s\" --timeline=%u --start=%X/%X --end=%X/%X\n",
     963             :                                   pg_waldump_path, wal_directory, this_wal_range->tli,
     964          98 :                                   LSN_FORMAT_ARGS(this_wal_range->start_lsn),
     965          98 :                                   LSN_FORMAT_ARGS(this_wal_range->end_lsn));
     966          98 :         fflush(NULL);
     967          98 :         if (system(pg_waldump_cmd) != 0)
     968           4 :             report_backup_error(context,
     969             :                                 "WAL parsing failed for timeline %u",
     970             :                                 this_wal_range->tli);
     971             : 
     972          98 :         this_wal_range = this_wal_range->next;
     973             :     }
     974          98 : }
     975             : 
     976             : /*
     977             :  * Report a problem with the backup.
     978             :  *
     979             :  * Update the context to indicate that we saw an error, and exit if the
     980             :  * context says we should.
     981             :  */
     982             : static void
     983          38 : report_backup_error(verifier_context *context, const char *pg_restrict fmt,...)
     984             : {
     985             :     va_list     ap;
     986             : 
     987          38 :     va_start(ap, fmt);
     988          38 :     pg_log_generic_v(PG_LOG_ERROR, PG_LOG_PRIMARY, gettext(fmt), ap);
     989          38 :     va_end(ap);
     990             : 
     991          38 :     context->saw_any_error = true;
     992          38 :     if (context->exit_on_error)
     993           2 :         exit(1);
     994          36 : }
     995             : 
     996             : /*
     997             :  * Report a fatal error and exit
     998             :  */
     999             : static void
    1000          12 : report_fatal_error(const char *pg_restrict fmt,...)
    1001             : {
    1002             :     va_list     ap;
    1003             : 
    1004          12 :     va_start(ap, fmt);
    1005          12 :     pg_log_generic_v(PG_LOG_ERROR, PG_LOG_PRIMARY, gettext(fmt), ap);
    1006          12 :     va_end(ap);
    1007             : 
    1008          12 :     exit(1);
    1009             : }
    1010             : 
    1011             : /*
    1012             :  * Is the specified relative path, or some prefix of it, listed in the set
    1013             :  * of paths to ignore?
    1014             :  *
    1015             :  * Note that by "prefix" we mean a parent directory; for this purpose,
    1016             :  * "aa/bb" is not a prefix of "aa/bbb", but it is a prefix of "aa/bb/cc".
    1017             :  */
    1018             : static bool
    1019      212108 : should_ignore_relpath(verifier_context *context, char *relpath)
    1020             : {
    1021             :     SimpleStringListCell *cell;
    1022             : 
    1023     1292550 :     for (cell = context->ignore_list.head; cell != NULL; cell = cell->next)
    1024             :     {
    1025     1082704 :         char       *r = relpath;
    1026     1082704 :         char       *v = cell->val;
    1027             : 
    1028     1515794 :         while (*v != '\0' && *r == *v)
    1029      433090 :             ++r, ++v;
    1030             : 
    1031     1082704 :         if (*v == '\0' && (*r == '\0' || *r == '/'))
    1032        2262 :             return true;
    1033             :     }
    1034             : 
    1035      209846 :     return false;
    1036             : }
    1037             : 
    1038             : /*
    1039             :  * Print a progress report based on the global variables.
    1040             :  *
    1041             :  * Progress report is written at maximum once per second, unless the finished
    1042             :  * parameter is set to true.
    1043             :  *
    1044             :  * If finished is set to true, this is the last progress report. The cursor
    1045             :  * is moved to the next line.
    1046             :  */
    1047             : static void
    1048       86656 : progress_report(bool finished)
    1049             : {
    1050             :     static pg_time_t last_progress_report = 0;
    1051             :     pg_time_t   now;
    1052       86656 :     int         percent_size = 0;
    1053             :     char        totalsize_str[32];
    1054             :     char        donesize_str[32];
    1055             : 
    1056       86656 :     if (!show_progress)
    1057       86652 :         return;
    1058             : 
    1059        1698 :     now = time(NULL);
    1060        1698 :     if (now == last_progress_report && !finished)
    1061        1694 :         return;                 /* Max once per second */
    1062             : 
    1063           4 :     last_progress_report = now;
    1064           4 :     percent_size = total_size ? (int) ((done_size * 100 / total_size)) : 0;
    1065             : 
    1066           4 :     snprintf(totalsize_str, sizeof(totalsize_str), UINT64_FORMAT,
    1067             :              total_size / 1024);
    1068           4 :     snprintf(donesize_str, sizeof(donesize_str), UINT64_FORMAT,
    1069             :              done_size / 1024);
    1070             : 
    1071           4 :     fprintf(stderr,
    1072           4 :             _("%*s/%s kB (%d%%) verified"),
    1073           4 :             (int) strlen(totalsize_str),
    1074             :             donesize_str, totalsize_str, percent_size);
    1075             : 
    1076             :     /*
    1077             :      * Stay on the same line if reporting to a terminal and we're not done
    1078             :      * yet.
    1079             :      */
    1080           4 :     fputc((!finished && isatty(fileno(stderr))) ? '\r' : '\n', stderr);
    1081             : }
    1082             : 
    1083             : /*
    1084             :  * Print out usage information and exit.
    1085             :  */
    1086             : static void
    1087           2 : usage(void)
    1088             : {
    1089           2 :     printf(_("%s verifies a backup against the backup manifest.\n\n"), progname);
    1090           2 :     printf(_("Usage:\n  %s [OPTION]... BACKUPDIR\n\n"), progname);
    1091           2 :     printf(_("Options:\n"));
    1092           2 :     printf(_("  -e, --exit-on-error         exit immediately on error\n"));
    1093           2 :     printf(_("  -i, --ignore=RELATIVE_PATH  ignore indicated path\n"));
    1094           2 :     printf(_("  -m, --manifest-path=PATH    use specified path for manifest\n"));
    1095           2 :     printf(_("  -n, --no-parse-wal          do not try to parse WAL files\n"));
    1096           2 :     printf(_("  -P, --progress              show progress information\n"));
    1097           2 :     printf(_("  -q, --quiet                 do not print any output, except for errors\n"));
    1098           2 :     printf(_("  -s, --skip-checksums        skip checksum verification\n"));
    1099           2 :     printf(_("  -w, --wal-directory=PATH    use specified path for WAL files\n"));
    1100           2 :     printf(_("  -V, --version               output version information, then exit\n"));
    1101           2 :     printf(_("  -?, --help                  show this help, then exit\n"));
    1102           2 :     printf(_("\nReport bugs to <%s>.\n"), PACKAGE_BUGREPORT);
    1103           2 :     printf(_("%s home page: <%s>\n"), PACKAGE_NAME, PACKAGE_URL);
    1104           2 : }

Generated by: LCOV version 1.14