#!/bin/bash backupVerifySnapshot() { local idx="$1" local snapshot_id="$2" local app_name="$3" if [[ -z "$snapshot_id" ]]; then isNotice "No snapshot id provided — verification skipped" return 0 fi local scratch scratch=$(mktemp -d -t libreportal-verify-XXXXXX) sudo chown "$docker_install_user":"$docker_install_user" "$scratch" isNotice "Verifying ${snapshot_id:0:8} via scratch restore at $scratch" if ! engineRestoreSnapshot "$idx" "$snapshot_id" "$scratch" "$containers_dir$app_name"; then isError "Verify restore FAILED for $app_name on $(resticLocationName "$idx")" sudo rm -rf "$scratch" return 1 fi # The scratch restore above succeeding is the real proof the snapshot is # restorable (restic verifies each blob's hash as it restores). We can't # compare against the live app dir any more — the live path deliberately # differs from the snapshot (raw DB dirs and private file trees are excluded # and replaced by dumps/captures under .lp-backup) — so just sanity-check the # restore produced a non-empty tree. local restored_count restored_count=$(sudo find "$scratch$containers_dir$app_name" -type f 2>/dev/null | wc -l) sudo rm -rf "$scratch" if [[ "$restored_count" -lt 1 ]]; then isError "Verify FAILED for $app_name — restored snapshot is empty" return 1 fi isSuccessful "Snapshot ${snapshot_id:0:8} verified — restored $restored_count files" }