#!/bin/bash backupVerifySnapshot() { local idx="$1" local snapshot_id="$2" local app_name="$3" if [[ -z "$snapshot_id" ]]; then isNotice "No snapshot id provided — verification skipped" return 0 fi local scratch # Create the scratch dir AS the backup/install user so the engine (which runs # as that user) can restore into it and we can read it back — no root chown. scratch=$(runFileOp mktemp -d -t libreportal-verify-XXXXXX) isNotice "Verifying ${snapshot_id:0:8} via scratch restore at $scratch" if ! engineRestoreSnapshot "$idx" "$snapshot_id" "$scratch" "$containers_dir$app_name"; then isError "Verify restore FAILED for $app_name on $(resticLocationName "$idx")" runFileOp rm -rf "$scratch" return 1 fi # The scratch restore above succeeding is the real proof the snapshot is # restorable (restic verifies each blob's hash as it restores). We can't # compare against the live app dir any more — the live path deliberately # differs from the snapshot (raw DB dirs and private file trees are excluded # and replaced by dumps/captures under .lp-backup) — so just sanity-check the # restore produced a non-empty tree. local restored_count restored_count=$(runFileOp find "$scratch$containers_dir$app_name" -type f 2>/dev/null | wc -l) runFileOp rm -rf "$scratch" if [[ "$restored_count" -lt 1 ]]; then isError "Verify FAILED for $app_name — restored snapshot is empty" return 1 fi isSuccessful "Snapshot ${snapshot_id:0:8} verified — restored $restored_count files" }