src/backup/manifest.rs: add verify_file
This commit is contained in:
parent
511a47bd73
commit
f06b820ac0
|
@ -28,6 +28,31 @@ impl BackupManifest {
|
||||||
self.files.push(FileInfo { filename, size, csum });
|
self.files.push(FileInfo { filename, size, csum });
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn lookup_file_info(&self, name: &str) -> Result<&FileInfo, Error> {
|
||||||
|
|
||||||
|
let info = self.files.iter().find(|item| item.filename == name);
|
||||||
|
|
||||||
|
match info {
|
||||||
|
None => bail!("manifest does not contain file '{}'", name),
|
||||||
|
Some(info) => Ok(info),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn verify_file(&self, name: &str, csum: &[u8; 32], size: u64) -> Result<(), Error> {
|
||||||
|
|
||||||
|
let info = self.lookup_file_info(name)?;
|
||||||
|
|
||||||
|
if size != info.size {
|
||||||
|
bail!("wrong size for file '{}' ({} != {}", name, info.size, size);
|
||||||
|
}
|
||||||
|
|
||||||
|
if csum != &info.csum {
|
||||||
|
bail!("wrong checksum for file '{}'", name);
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
pub fn into_json(self) -> Value {
|
pub fn into_json(self) -> Value {
|
||||||
json!({
|
json!({
|
||||||
"backup-type": self.snapshot.group().backup_type(),
|
"backup-type": self.snapshot.group().backup_type(),
|
||||||
|
@ -54,6 +79,7 @@ impl TryFrom<Value> for BackupManifest {
|
||||||
|
|
||||||
use crate::tools::{required_string_property, required_integer_property, required_array_property};
|
use crate::tools::{required_string_property, required_integer_property, required_array_property};
|
||||||
|
|
||||||
|
proxmox::tools::try_block!({
|
||||||
let backup_type = required_string_property(&data, "backup_type")?;
|
let backup_type = required_string_property(&data, "backup_type")?;
|
||||||
let backup_id = required_string_property(&data, "backup_id")?;
|
let backup_id = required_string_property(&data, "backup_id")?;
|
||||||
let backup_time = required_integer_property(&data, "backup_time")?;
|
let backup_time = required_integer_property(&data, "backup_time")?;
|
||||||
|
@ -68,7 +94,8 @@ impl TryFrom<Value> for BackupManifest {
|
||||||
let size = required_integer_property(item, "size")? as u64;
|
let size = required_integer_property(item, "size")? as u64;
|
||||||
files.push(FileInfo { filename, size, csum });
|
files.push(FileInfo { filename, size, csum });
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(Self { files, snapshot })
|
Ok(Self { files, snapshot })
|
||||||
|
}).map_err(|err: Error| format_err!("unable to parse backup manifest - {}", err))
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -489,7 +489,7 @@ fn dump_catalog(
|
||||||
true,
|
true,
|
||||||
).await?;
|
).await?;
|
||||||
|
|
||||||
let backup_index = client.download_manifest().await?;
|
let manifest = client.download_manifest().await?;
|
||||||
|
|
||||||
let blob_file = std::fs::OpenOptions::new()
|
let blob_file = std::fs::OpenOptions::new()
|
||||||
.read(true)
|
.read(true)
|
||||||
|
@ -500,7 +500,7 @@ fn dump_catalog(
|
||||||
let mut blob_file = client.download(CATALOG_BLOB_NAME, blob_file).await?;
|
let mut blob_file = client.download(CATALOG_BLOB_NAME, blob_file).await?;
|
||||||
|
|
||||||
let (csum, size) = compute_file_csum(&mut blob_file)?;
|
let (csum, size) = compute_file_csum(&mut blob_file)?;
|
||||||
verify_index_file(&backup_index, CATALOG_BLOB_NAME, &csum, size)?;
|
manifest.verify_file(CATALOG_BLOB_NAME, &csum, size)?;
|
||||||
|
|
||||||
blob_file.seek(SeekFrom::Start(0))?;
|
blob_file.seek(SeekFrom::Start(0))?;
|
||||||
|
|
||||||
|
@ -877,46 +877,6 @@ fn restore(
|
||||||
async_main(restore_do(param))
|
async_main(restore_do(param))
|
||||||
}
|
}
|
||||||
|
|
||||||
fn verify_index_file(backup_index: &Value, name: &str, csum: &[u8; 32], size: u64) -> Result<(), Error> {
|
|
||||||
|
|
||||||
let files = backup_index["files"]
|
|
||||||
.as_array()
|
|
||||||
.ok_or_else(|| format_err!("mailformed index - missing 'files' property"))?;
|
|
||||||
|
|
||||||
let info = files.iter().find(|v| {
|
|
||||||
match v["filename"].as_str() {
|
|
||||||
Some(filename) => filename == name,
|
|
||||||
None => false,
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
let info = match info {
|
|
||||||
None => bail!("index does not contain file '{}'", name),
|
|
||||||
Some(info) => info,
|
|
||||||
};
|
|
||||||
|
|
||||||
match info["size"].as_u64() {
|
|
||||||
None => bail!("index does not contain property 'size' for file '{}'", name),
|
|
||||||
Some(expected_size) => {
|
|
||||||
if expected_size != size {
|
|
||||||
bail!("verify index failed - wrong size for file '{}' ({} != {}", name, expected_size, size);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
match info["csum"].as_str() {
|
|
||||||
None => bail!("index does not contain property 'csum' for file '{}'", name),
|
|
||||||
Some(expected_csum) => {
|
|
||||||
let expected_csum = &proxmox::tools::hex_to_digest(expected_csum)?;
|
|
||||||
if expected_csum != csum {
|
|
||||||
bail!("verify index failed - wrong checksum for file '{}'", name);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
fn dump_image<W: Write>(
|
fn dump_image<W: Write>(
|
||||||
client: Arc<BackupReader>,
|
client: Arc<BackupReader>,
|
||||||
crypt_config: Option<Arc<CryptConfig>>,
|
crypt_config: Option<Arc<CryptConfig>>,
|
||||||
|
@ -1036,10 +996,10 @@ async fn restore_do(param: Value) -> Result<Value, Error> {
|
||||||
.custom_flags(libc::O_TMPFILE)
|
.custom_flags(libc::O_TMPFILE)
|
||||||
.open("/tmp")?;
|
.open("/tmp")?;
|
||||||
|
|
||||||
let backup_index = client.download_manifest().await?;
|
let manifest = client.download_manifest().await?;
|
||||||
|
|
||||||
if server_archive_name == MANIFEST_BLOB_NAME {
|
if server_archive_name == MANIFEST_BLOB_NAME {
|
||||||
let backup_index_data = backup_index.to_string();
|
let backup_index_data = manifest.into_json().to_string();
|
||||||
if let Some(target) = target {
|
if let Some(target) = target {
|
||||||
file_set_contents(target, backup_index_data.as_bytes(), None)?;
|
file_set_contents(target, backup_index_data.as_bytes(), None)?;
|
||||||
} else {
|
} else {
|
||||||
|
@ -1053,7 +1013,7 @@ async fn restore_do(param: Value) -> Result<Value, Error> {
|
||||||
let mut tmpfile = client.download(&server_archive_name, tmpfile).await?;
|
let mut tmpfile = client.download(&server_archive_name, tmpfile).await?;
|
||||||
|
|
||||||
let (csum, size) = compute_file_csum(&mut tmpfile)?;
|
let (csum, size) = compute_file_csum(&mut tmpfile)?;
|
||||||
verify_index_file(&backup_index, &server_archive_name, &csum, size)?;
|
manifest.verify_file(&server_archive_name, &csum, size)?;
|
||||||
|
|
||||||
tmpfile.seek(SeekFrom::Start(0))?;
|
tmpfile.seek(SeekFrom::Start(0))?;
|
||||||
let mut reader = DataBlobReader::new(tmpfile, crypt_config)?;
|
let mut reader = DataBlobReader::new(tmpfile, crypt_config)?;
|
||||||
|
@ -1081,8 +1041,7 @@ async fn restore_do(param: Value) -> Result<Value, Error> {
|
||||||
|
|
||||||
// Note: do not use values stored in index (not trusted) - instead, computed them again
|
// Note: do not use values stored in index (not trusted) - instead, computed them again
|
||||||
let (csum, size) = index.compute_csum();
|
let (csum, size) = index.compute_csum();
|
||||||
|
manifest.verify_file(&server_archive_name, &csum, size)?;
|
||||||
verify_index_file(&backup_index, &server_archive_name, &csum, size)?;
|
|
||||||
|
|
||||||
let most_used = index.find_most_used_chunks(8);
|
let most_used = index.find_most_used_chunks(8);
|
||||||
|
|
||||||
|
@ -1119,8 +1078,7 @@ async fn restore_do(param: Value) -> Result<Value, Error> {
|
||||||
|
|
||||||
// Note: do not use values stored in index (not trusted) - instead, computed them again
|
// Note: do not use values stored in index (not trusted) - instead, computed them again
|
||||||
let (csum, size) = index.compute_csum();
|
let (csum, size) = index.compute_csum();
|
||||||
|
manifest.verify_file(&server_archive_name, &csum, size)?;
|
||||||
verify_index_file(&backup_index, &server_archive_name, &csum, size)?;
|
|
||||||
|
|
||||||
let mut writer = if let Some(target) = target {
|
let mut writer = if let Some(target) = target {
|
||||||
std::fs::OpenOptions::new()
|
std::fs::OpenOptions::new()
|
||||||
|
@ -1760,7 +1718,7 @@ async fn mount_do(param: Value, pipe: Option<RawFd>) -> Result<Value, Error> {
|
||||||
.custom_flags(libc::O_TMPFILE)
|
.custom_flags(libc::O_TMPFILE)
|
||||||
.open("/tmp")?;
|
.open("/tmp")?;
|
||||||
|
|
||||||
let backup_index = client.download_manifest().await?;
|
let manifest = client.download_manifest().await?;
|
||||||
|
|
||||||
if server_archive_name.ends_with(".didx") {
|
if server_archive_name.ends_with(".didx") {
|
||||||
let tmpfile = client.download(&server_archive_name, tmpfile).await?;
|
let tmpfile = client.download(&server_archive_name, tmpfile).await?;
|
||||||
|
@ -1769,7 +1727,7 @@ async fn mount_do(param: Value, pipe: Option<RawFd>) -> Result<Value, Error> {
|
||||||
|
|
||||||
// Note: do not use values stored in index (not trusted) - instead, computed them again
|
// Note: do not use values stored in index (not trusted) - instead, computed them again
|
||||||
let (csum, size) = index.compute_csum();
|
let (csum, size) = index.compute_csum();
|
||||||
verify_index_file(&backup_index, &server_archive_name, &csum, size)?;
|
manifest.verify_file(&server_archive_name, &csum, size)?;
|
||||||
|
|
||||||
let most_used = index.find_most_used_chunks(8);
|
let most_used = index.find_most_used_chunks(8);
|
||||||
let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
|
let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
|
||||||
|
|
|
@ -121,13 +121,16 @@ impl BackupReader {
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Download backup manifest (index.json)
|
/// Download backup manifest (index.json)
|
||||||
pub async fn download_manifest(&self) -> Result<Value, Error> {
|
pub async fn download_manifest(&self) -> Result<BackupManifest, Error> {
|
||||||
|
|
||||||
|
use std::convert::TryFrom;
|
||||||
|
|
||||||
let raw_data = self.download(MANIFEST_BLOB_NAME, Vec::with_capacity(64*1024)).await?;
|
let raw_data = self.download(MANIFEST_BLOB_NAME, Vec::with_capacity(64*1024)).await?;
|
||||||
let blob = DataBlob::from_raw(raw_data)?;
|
let blob = DataBlob::from_raw(raw_data)?;
|
||||||
blob.verify_crc()?;
|
blob.verify_crc()?;
|
||||||
let data = blob.decode(self.crypt_config.as_ref().map(Arc::as_ref))?;
|
let data = blob.decode(self.crypt_config.as_ref().map(Arc::as_ref))?;
|
||||||
let result: Value = serde_json::from_slice(&data[..])?;
|
let json: Value = serde_json::from_slice(&data[..])?;
|
||||||
Ok(result)
|
|
||||||
|
BackupManifest::try_from(json)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue