feat: use one checksum for all chunks in a backup

When making a backup, use the same checksum for any chunks it re-uses or creates. This is for performance: if we allowed two checksums to be used, we would have to compute the checksum for a chunk twice, and potentially look up both on the server. This is just a lot of work. Instead, we use only one. The trade-off here is that when (not if) the user wants to switch to a new checksum type, they'll have to do a full backup, uploading all their data to the server, even when it's already there, just with a different checksum. Hopefully this will be rare. Full backups always use the built-in, hardcoded default checksum, and incremental backups use whatever the previous backup used. The default is still SHA256, but this commit add code to support BLAKE2 if we decide to switch that as a default. It's also easy to add support for others, now. BLAKE2 was added to verify that Obnam can actually handle the checksum changing (manual test: not in the test suite). I don't think users need to be offered even the option of choosing a checksum algorithm to use. When one cares about both security and performance, choosing a checksum requires specialist, expert knowledge. Obnam developers should choose the default. Giving users a knob they can twiddle just makes it that much harder to configure and use Obnam. If the choice Obnam developers have made is shown to be sub-optimal, it seems better to change the default for everyone, rather than hope that every user changes their configuration to gain the benefit. Experience has shown that people mostly don't change the default configuration, and that they are especially bad at choosing well when security is a concern. (Obnam is free software. Expert users can choose their checksum by changing the source code. I'm not fundamentally limiting anyone's freedom or choice here.) Users can switch to a new default algorithm by triggering a full backup with the new "obnam backup --full". Sponsored-by: author
author: Lars Wirzenius <liw@liw.fi> 2022-04-09 12:00:29 +0300
committer: Lars Wirzenius <liw@liw.fi> 2022-04-16 09:06:59 +0300
commit: 18c0f4afab29e17c050208234becbfb5e2973746 (patch)
tree: 62bb67504c47747f8ce202f4eb4121bb3d051223 /src/cmd/backup.rs
parent: 82ff782fe85c84c10f1f18c9bd5c2b017bc2f240 (diff)
download: obnam2-18c0f4afab29e17c050208234becbfb5e2973746.tar.gz
1 files changed, 31 insertions, 21 deletions
diff --git a/src/cmd/backup.rs b/src/cmd/backup.rs
index 8a85703..60045cc 100644
--- a/src/cmd/backup.rs
+++ b/src/cmd/backup.rs
@@ -19,7 +19,11 @@ use tokio::runtime::Runtime;
 /// Make a backup.
 #[derive(Debug, StructOpt)]
 pub struct Backup {
-    /// Backup schema major version.
+    /// Force a full backup, instead of an incremental one.
+    #[structopt(long)]
+    full: bool,
+
+    /// Backup schema major version to use.
     #[structopt(long)]
     backup_version: Option<VersionComponent>,
 }
@@ -53,29 +57,35 @@ impl Backup {
         let oldtemp = temp.path().join("old.db");
         let newtemp = temp.path().join("new.db");
 
-        let (is_incremental, outcome) = match genlist.resolve("latest") {
-            Err(_) => {
-                info!("fresh backup without a previous generation");
-                let mut run = BackupRun::initial(config, &client)?;
-                let old = run.start(None, &oldtemp, perf).await?;
-                (
-                    false,
-                    run.backup_roots(config, &old, &newtemp, schema, perf)
-                        .await?,
-                )
-            }
-            Ok(old_id) => {
-                info!("incremental backup based on {}", old_id);
-                let mut run = BackupRun::incremental(config, &client)?;
-                let old = run.start(Some(&old_id), &oldtemp, perf).await?;
-                (
-                    true,
-                    run.backup_roots(config, &old, &newtemp, schema, perf)
-                        .await?,
-                )
+        let old_id = if self.full {
+            None
+        } else {
+            match genlist.resolve("latest") {
+                Err(_) => None,
+                Ok(old_id) => Some(old_id),
             }
         };
 
+        let (is_incremental, outcome) = if let Some(old_id) = old_id {
+            info!("incremental backup based on {}", old_id);
+            let mut run = BackupRun::incremental(config, &client)?;
+            let old = run.start(Some(&old_id), &oldtemp, perf).await?;
+            (
+                true,
+                run.backup_roots(config, &old, &newtemp, schema, perf)
+                    .await?,
+            )
+        } else {
+            info!("fresh backup without a previous generation");
+            let mut run = BackupRun::initial(config, &client)?;
+            let old = run.start(None, &oldtemp, perf).await?;
+            (
+                false,
+                run.backup_roots(config, &old, &newtemp, schema, perf)
+                    .await?,
+            )
+        };
+
         perf.start(Clock::GenerationUpload);
         let mut trust = trust;
         trust.append_backup(outcome.gen_id.as_chunk_id());
author	Lars Wirzenius <liw@liw.fi>	2022-04-09 12:00:29 +0300
committer	Lars Wirzenius <liw@liw.fi>	2022-04-16 09:06:59 +0300
commit	18c0f4afab29e17c050208234becbfb5e2973746 (patch)
tree	62bb67504c47747f8ce202f4eb4121bb3d051223 /src/cmd/backup.rs
parent	82ff782fe85c84c10f1f18c9bd5c2b017bc2f240 (diff)
download	obnam2-18c0f4afab29e17c050208234becbfb5e2973746.tar.gz