forked from baron/baron-sso
62 lines
2.4 KiB
Bash
Executable File
62 lines
2.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
repo_root="$(cd "$script_dir/../.." && pwd)"
|
|
source "$repo_root/scripts/backup/lib/common.sh"
|
|
|
|
archive_dir="${1:-${WORKS_DOCKER_IMAGE_ARCHIVE_DIR:-}}"
|
|
verify_load="${WORKS_DOCKER_VERIFY_LOAD:-false}"
|
|
|
|
[[ -n "$archive_dir" ]] || backup_die "archive directory is required. Example: scripts/docker-image/verify_archive.sh /path/to/archive"
|
|
backup_require_path "$archive_dir"
|
|
|
|
backup_require_command jq
|
|
backup_require_command sha256sum
|
|
backup_require_command stat
|
|
backup_require_command zstd
|
|
|
|
manifest_file="$archive_dir/manifest.json"
|
|
backup_require_path "$manifest_file"
|
|
|
|
schema_version="$(jq -er '.schema_version' "$manifest_file")"
|
|
format="$(jq -er '.format' "$manifest_file")"
|
|
archive_name="$(jq -er '.archive.file_name' "$manifest_file")"
|
|
manifest_sha256="$(jq -er '.archive.sha256' "$manifest_file")"
|
|
manifest_size="$(jq -er '.archive.size_bytes' "$manifest_file")"
|
|
|
|
[[ "$schema_version" == "1" ]] || backup_die "unsupported archive schema_version: $schema_version"
|
|
[[ "$format" == "docker-save-zstd" ]] || backup_die "unsupported archive format: $format"
|
|
[[ "$archive_name" != */* && -n "$archive_name" ]] || backup_die "manifest archive.file_name must be a file name: $archive_name"
|
|
[[ "$manifest_sha256" =~ ^[0-9a-f]{64}$ ]] || backup_die "manifest archive.sha256 is invalid: $manifest_sha256"
|
|
[[ "$manifest_size" =~ ^[0-9]+$ ]] || backup_die "manifest archive.size_bytes is invalid: $manifest_size"
|
|
|
|
archive_file="$archive_dir/$archive_name"
|
|
checksum_file="$archive_dir/${archive_name}.sha256"
|
|
|
|
backup_require_path "$archive_file"
|
|
backup_require_path "$checksum_file"
|
|
|
|
backup_log "Checking archive checksum"
|
|
(
|
|
cd "$archive_dir"
|
|
sha256sum -c "$(basename "$checksum_file")" >/dev/null
|
|
)
|
|
|
|
actual_sha256="$(sha256sum "$archive_file" | awk '{print $1}')"
|
|
[[ "$actual_sha256" == "$manifest_sha256" ]] || backup_die "manifest sha256 mismatch: expected=$manifest_sha256 actual=$actual_sha256"
|
|
|
|
actual_size="$(stat -c '%s' "$archive_file")"
|
|
[[ "$actual_size" == "$manifest_size" ]] || backup_die "manifest size mismatch: expected=$manifest_size actual=$actual_size"
|
|
|
|
backup_log "Testing zstd archive integrity"
|
|
zstd -q -t "$archive_file"
|
|
|
|
if [[ "$verify_load" == "true" ]]; then
|
|
backup_require_command docker
|
|
backup_log "Loading Docker image from archive"
|
|
zstd -q -d -c "$archive_file" | docker load
|
|
fi
|
|
|
|
backup_log "Docker image archive verification passed: $archive_dir"
|