prune: Abort if any used blobs are missing

The previous check only approximately verified whether all required
blobs were found. However, after forgetting a few snapshots the
repository contains lots of unused blobs whose number can be sufficient
to make up for missing packs.

When coupled with a malfunctioning backend that temporarily returns broken
data this could cause restic to regard the corresponding packs as
invalid and thereby delete data that's still in use. This change lets
restic play it safe and refuse to delete anything if data is missing.
This commit is contained in:
Michael Eischer 2020-03-31 14:33:32 +02:00
parent 0fed6a8dfc
commit 3ba19869be

View file

@ -191,11 +191,13 @@ func pruneRepository(gopts GlobalOptions, repo restic.Repository) error {
return err return err
} }
if len(usedBlobs) > stats.blobs { for h := range usedBlobs {
return errors.Fatalf("number of used blobs is larger than number of available blobs!\n" + if _, ok := blobCount[h]; !ok {
return errors.Fatalf("At least one data blob seems to be missing, aborting prune to prevent further data loss!\n" +
"Please report this error (along with the output of the 'prune' run) at\n" + "Please report this error (along with the output of the 'prune' run) at\n" +
"https://github.com/restic/restic/issues/new") "https://github.com/restic/restic/issues/new")
} }
}
Verbosef("found %d of %d data blobs still in use, removing %d blobs\n", Verbosef("found %d of %d data blobs still in use, removing %d blobs\n",
len(usedBlobs), stats.blobs, stats.blobs-len(usedBlobs)) len(usedBlobs), stats.blobs, stats.blobs-len(usedBlobs))