Merged
Conversation
54ca880 to
b45fb53
Compare
rawtaz
reviewed
Mar 31, 2020
4a36770 to
b7c4a99
Compare
7 tasks
7 tasks
Contributor
|
@aawsome and @greatroar could you guys review this to make sure it looks sane and shouldn't carry any unexpected results? |
aawsome
reviewed
Jul 18, 2020
Contributor
There was a problem hiding this comment.
Most of the changes are due to using the restic.Repository interface in all places and added checks.
IMO this PR doesn't fully solve the index issue and #2839 should be considered instead - but merging this PR will improve the current situation.
Also this PR needs a rebase and modifications after #2773 has been merged (e.g. new SaveBlob syntax)
11 tasks
7 tasks
greatroar
reviewed
Jul 20, 2020
greatroar
reviewed
Jul 20, 2020
greatroar
reviewed
Jul 20, 2020
66a4bee to
4c534e8
Compare
fe01136 to
60248d4
Compare
60248d4 to
327b8b1
Compare
The previous check only approximately verified whether all required blobs were found. However, after forgetting a few snapshots the repository contains lots of unused blobs whose number can be sufficient to make up for missing packs. When coupled with a malfunctioning backend that temporarily returns broken data this could cause restic to regard the corresponding packs as invalid and thereby delete data that's still in use. This change lets restic play it safe and refuse to delete anything if data is missing.
The old behavior was problematic in the context of rebuild-index as it could leave old, possibly invalid index files behind without returning a fatal error. Prune calls rebuildIndex before removing any data from the repository. For this use case failing to delete an old index MUST be treated as a fatal error. Otherwise the index could still contain an old index file that refers to blobs/packs that were later on deleted by prune. Later backup runs will assume that the affected blobs already exist in the repository which results in a backup which misses data.
If a blob in a pack file can be decrypted successfully but contains data that results in a different hash than stated in the header pack, then abort repacking. As both the pack header and the blob are cryptographically verified this either means than a malicious entity tampered with the backup or indicates hardware problems on the client. prune should fail with an error in both cases.
The slicing operator `slice[low:high]` default to 0 for the lower bound and len(slice) for the upper bound when either or both are not specified. Fix the code to use `cap(slice)` to check for the slice capacity.
327b8b1 to
08d24ff
Compare
fd0
approved these changes
Aug 23, 2020
Member
fd0
left a comment
There was a problem hiding this comment.
Awesome PR, thanks for taking the time to split this into small chunks!
8 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What is the purpose of this change? What does it change?
This PR tightens the sanity checks made by prune in the following three regards:
Most of the code in this PR implements tests and adds support for the integration tests to wrap a repository to simplify testing repository damages.
Was the change discussed in an issue or in the forum before?
This PRs attempts to solve possible problems in the prune implementation in the hope of possibly fixing some of the reported repository damages. The changes themselves were not discussed before.
Checklist
[ ] I have added documentation for the changes (in the manual)changelog/unreleased/that describes the changes for our users (template here)gofmton the code in all commits