Skip to content

backup: verify blobs before upload#4681

Merged
MichaelEischer merged 13 commits intorestic:masterfrom
MichaelEischer:verify-integrity-on-upload
Feb 4, 2024
Merged

backup: verify blobs before upload#4681
MichaelEischer merged 13 commits intorestic:masterfrom
MichaelEischer:verify-integrity-on-upload

Conversation

@MichaelEischer
Copy link
Copy Markdown
Member

@MichaelEischer MichaelEischer commented Feb 3, 2024
edited
Loading

What does this PR change? What problem does it solve?

The repository struct now verifies blobs before uploading them. This systematically prevents corrupted blobs like in #4677 from being stored in the repository. Thereby, backups gain protection from random bitflips that causes data corruption or bugs in the encryption/compression libraries.

The verification now covers blobs, the pack header as well as unpacked files.

Was the change previously discussed in an issue or on the forum?

Fixes #4529 .

Checklist

  • I have read the contribution guidelines.
  • I have enabled maintainer edits.
  • I have added tests for all code changes.
  • I have added documentation for relevant changes (in the manual).
  • There's a new file in changelog/unreleased/ that describes the changes for our users (see template).
  • I have run gofmt on the code in all commits.
  • All commit messages are formatted in the same style as the other commits in the repo.
  • I'm done! This pull request is ready for review.

@MichaelEischer MichaelEischer mentioned this pull request Feb 3, 2024
Closed
8 tasks
@MichaelEischer
repository: fix repack test
bb92b48
@MichaelEischer
repository: make repo.Options configurable for test repos
16e3f79
@MichaelEischer
backup: verify blobs before upload
c01a0c6 
This only covers the blobs themselves, the pack header is not verified
so far. Unpacked files are also not covered by the integrity check.
@MichaelEischer
backup: verify unpacked files before upload
30a84e9
@MichaelEischer
repository: Allow skipping verification for tests
2dbb181 
Some tests have to explicitly create pack files with blobs that don't
match their ID. For those blobs the builtin verification of the
repository must be disabled.
@MichaelEischer MichaelEischer force-pushed the verify-integrity-on-upload branch 2 times, most recently from 098562c to 29c2575 Compare February 3, 2024 17:45
@MichaelEischer MichaelEischer force-pushed the verify-integrity-on-upload branch from 29c2575 to c32e5e2 Compare February 4, 2024 14:31
@MichaelEischer MichaelEischer marked this pull request as ready for review February 4, 2024 14:48
@MichaelEischer MichaelEischer force-pushed the verify-integrity-on-upload branch from 72b23f8 to 86b38a0 Compare February 4, 2024 16:01
rawtaz
rawtaz requested changes Feb 4, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@rawtaz rawtaz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made some textual edits.

rawtaz
rawtaz requested changes Feb 4, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@rawtaz rawtaz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One last change :>

@MichaelEischer MichaelEischer force-pushed the verify-integrity-on-upload branch from d5f7d4a to 5957417 Compare February 4, 2024 17:55
rawtaz
rawtaz approved these changes Feb 4, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@rawtaz rawtaz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

MichaelEischer
MichaelEischer commented Feb 4, 2024
View reviewed changes
Copy link
Copy Markdown
Member Author

@MichaelEischer MichaelEischer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@MichaelEischer MichaelEischer added this pull request to the merge queue Feb 4, 2024
Merged via the queue into restic:master with commit d5e6623 Feb 4, 2024
@MichaelEischer MichaelEischer deleted the verify-integrity-on-upload branch February 4, 2024 18:10
This was referenced Feb 4, 2024
Closed
Closed
@duracell duracell mentioned this pull request Feb 4, 2024
Closed
@MichaelEischer MichaelEischer mentioned this pull request Feb 5, 2024
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rawtaz rawtaz rawtaz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Verify pack files before upload

2 participants

@MichaelEischer @rawtaz