UUXO/dbbackup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 31 Wiki Activity
281 Commits 1 Branch 56 Tags
682510d1bc5651de3db5b1238a9d7c4a0c922fb7
Commit Graph

4 Commits

Author SHA1 Message Date
Alexander Renz
9c65821250 v3.42.9: Fix all timeout bugs and deadlocks
All checks were successful
CI/CD / Test (push) Successful in 1m14s
Details
CI/CD / Lint (push) Successful in 1m21s
Details
CI/CD / Build & Release (push) Successful in 3m12s
Details 
CRITICAL FIXES:
- Encryption detection false positive (IsBackupEncrypted returned true for ALL files)
- 12 cmd.Wait() deadlocks fixed with channel-based context handling
- TUI timeout bugs: 60s->10min for safety checks, 15s->60s for DB listing
- diagnose.go timeouts: 60s->5min for tar/pg_restore operations
- Panic recovery added to parallel backup/restore goroutines
- Variable shadowing fix in restore/engine.go

These bugs caused pg_dump backups to fail through TUI for months.
 2026-01-08 05:56:31 +01:00
A. Renz
914307ac8f ci: add golangci-lint config and fix formatting 
- Add .golangci.yml with minimal linters (govet, ineffassign)
- Run gofmt -s and goimports on all files to fix formatting
- Disable fieldalignment and copylocks checks in govet
 2025-12-11 17:53:28 +01:00
Renz
82dcafbad1 fix: Improve encryption detection for cluster backups 
- Check cluster metadata first before single DB metadata
- For cluster backups, mark as encrypted only if ANY database is encrypted
- Remove double confirmation requirement for --workdir in dry-run mode
- Fixes false positive 'encrypted backup detected' for unencrypted cluster backups

This allows --clean-cluster and --workdir flags to work correctly with unencrypted backups.
 2025-11-28 16:10:01 +00:00
Renz
c620860de3 feat: Phase 4 Tasks 3-4 - CLI encryption integration 
Integrated encryption into backup workflow:

cmd/encryption.go:
- loadEncryptionKey() - loads from file or env var
- Supports base64-encoded keys (32 bytes)
- Supports raw 32-byte keys
- Supports passphrases (PBKDF2 derivation)
- Priority: --encryption-key-file > DBBACKUP_ENCRYPTION_KEY

cmd/backup_impl.go:
- encryptLatestBackup() - finds and encrypts single backups
- encryptLatestClusterBackup() - encrypts cluster backups
- findLatestBackup() - locates most recent backup file
- findLatestClusterBackup() - locates cluster backup
- Encryption applied after successful backup
- Integrated into all backup modes (cluster, single, sample)

internal/backup/encryption.go:
- EncryptBackupFile() - encrypts backup in-place
- DecryptBackupFile() - decrypts to new file
- IsBackupEncrypted() - checks metadata/file format
- Updates .meta.json with encryption info
- Replaces original with encrypted version

internal/metadata/metadata.go:
- Added Encrypted bool field
- Added EncryptionAlgorithm string field
- Tracks encryption status in backup metadata

internal/metadata/save.go:
- Helper to save BackupMetadata to .meta.json

tests/encryption_smoke_test.sh:
- Basic smoke test for encryption/decryption
- Verifies data integrity
- Tests with env var key source

CLI Flags (already existed):
--encrypt                      Enable encryption
--encryption-key-file PATH     Key file path
--encryption-key-env VAR       Env var name (default: DBBACKUP_ENCRYPTION_KEY)

Usage Examples:
  # Encrypt with key file
  ./dbbackup backup single mydb --encrypt --encryption-key-file /path/to/key

  # Encrypt with env var
  export DBBACKUP_ENCRYPTION_KEY="base64_encoded_key"
  ./dbbackup backup single mydb --encrypt

  # Cluster backup with encryption
  ./dbbackup backup cluster --encrypt --encryption-key-file key.txt

Features:
 Post-backup encryption (doesn't slow down backup itself)
 In-place encryption (overwrites original)
 Metadata tracking (encrypted flag)
 Multiple key sources (file/env/passphrase)
 Base64 and raw key support
 PBKDF2 for passphrases
 Automatic latest backup detection
 Works with all backup modes

Status: ENCRYPTION FULLY INTEGRATED 
Next: Task 5 - Restore decryption integration
 2025-11-26 07:54:25 +00:00