[Issue #65] Improvement of merge crash safety, previously FULL backup would gain OK status before changing of start_time. If crash happens here, then in rare case of FULL backup having multiple children it could lead to data corruption when restoring one of such children

gsmolk · gsmolk · commit b2fdd73999ae · 2019-05-28T17:59:17.000+03:00
diff --git a/src/merge.c b/src/merge.c
@@ -328,8 +328,9 @@ merge_backups(pgBackup *to_backup, pgBackup *from_backup)
 
 	/*
 	 * Update to_backup metadata.
+	 * We cannot set backup status to OK just yet,
+	 * because it still has old start_time.
 	 */
-	to_backup->status = BACKUP_STATUS_OK;
 	StrNCpy(to_backup->program_version, PROGRAM_VERSION,
 			sizeof(to_backup->program_version));
 	to_backup->parent_backup = INVALID_BACKUP_ID;
@@ -421,7 +422,12 @@ merge_backups(pgBackup *to_backup, pgBackup *from_backup)
 
 	/*
 	 * Merging finished, now we can safely update ID of the destination backup.
+	 * TODO: for this critical section we must save incremental backup start_tome
+	 * to FULL backup meta, so even if crash happens after incremental backup removal
+	 * but before full backup obtaining new start_time we could safely continue
+	 * this failed backup.
 	 */
+	to_backup->status = BACKUP_STATUS_OK;
 	to_backup->start_time = from_backup->start_time;
 	write_backup(to_backup);
 
