Re: [rdiff-backup-users] Re: rdiff-backup --verify 1.2.8 running around in circles

[Dominic Raferd]

On 21/02/11 00:22, Robert Nichols wrote:
> On 02/20/2011 02:51 PM, Marc Haber wrote:
> > On Sun, Feb 20, 2011 at 06:11:19PM +0000, Dominic Raferd wrote:
> >
> > > Secondly, rdiff-backup --verify switch gives only a partial 
> > > verification
> > > of the repository. Daniel Miller wrote a patch, available for
> > > rdiff-backup 1.2.8, which adds --verify-full and --verify-full-at-time
> > > switches which can perform a full verification of a repository.
> >
> > Debian's version does not seem to be patched. What does --verify omit?

--verify only checks the latest version of data in the repository, and 
because rdiff-backup works with reverse diffs this is far from 
confirming that the entire repository is okay. --verify-at-time allows 
you to check earlier date, but even checking a very early date (e.g. 
before the first backup) does not guarantee integrity of subsequent 
backups e.g. for files that did not exist at the earlier time. Without 
the patch, the only safe way is to run --verify-at-time for every time a 
backup set has been updated in the repository, but this is often 
impractical.

> If you read the last message from Dan Miller in that "New feature:
> --verify-full" thread you see why versions including that patch have not
> been distributed.
>
> http://lists.nongnu.org/archive/html/rdiff-backup-users/2010-02/msg00054.html

Yes. This version cannot for instance create new repositories. Daniel 
had backported it from his original patch (for rdiff-backup in CSV), and 
there are some glitches. So I only use it for the --verify-full and 
--verify-full-at-time options - I build but don't install it. For all 
other purposes I use standard rdiff-backup 1.2.8.

> And, it wouldn't help for your case anyway.  The patch file contains the
> following:
>
>   +WARNING this will not detect if your repository has already been 
> corrupted.
>   +It will create integrity signatures with the files as they exist 
> when you
>   +run the script. Any corruption that happened before that point can 
> only
>   +be detected with --verify-at-time. However, after you run this 
> script you
>   +can use --verify-full to verify that nothing has changed since you 
> ran this
>   +script.

I think this warning refers to the integrify.py module not to the patch 
as a whole. The comment for the whole patch is:

+Added --verify-full, which verifies the integrity of an entire repository
+including all increments and metadata. This should be much faster than
+--verify-at-time=<date in the past>, and is more comprehensive in terms of
+what is verified.

> The "--verify" and "--verify-at-time now" options are OK for checking the
> current mirror (aside from problems with files having multiple hard 
> links,
> which rdiff-backup stumbles with in other places too).  The big 
> problem is
> not having a way to verify the entire archive.  The suggestion on the 
> wiki
> site to pick a date that is at least as old as the oldest rdiff 
> session is
> very wrong.  Only the content that existed on that oldest date will be
> checked.  Many forms of corruption for subsequent dates will go 
> unnoticed.