diff --git a/backup/Dockerfile b/backup/Dockerfile index be01d76..1f52de9 100644 --- a/backup/Dockerfile +++ b/backup/Dockerfile @@ -1,14 +1,17 @@ FROM alpine:3.21 -# Install PostgreSQL client and dcron (lightweight cron daemon) -RUN apk add --no-cache postgresql-client dcron +# Install PostgreSQL client (busybox crond is included with Alpine) +RUN apk add --no-cache postgresql-client COPY backup.sh /usr/local/bin/backup.sh RUN chmod +x /usr/local/bin/backup.sh # Crontab: run backup daily at 03:00 UTC -RUN echo "0 3 * * * /usr/local/bin/backup.sh >> /var/log/backup.log 2>&1" \ - > /etc/crontabs/root +# busybox crond reads from /var/spool/cron/crontabs/ +RUN mkdir -p /var/spool/cron/crontabs \ + && echo "0 3 * * * /usr/local/bin/backup.sh >> /var/log/backup.log 2>&1" \ + > /var/spool/cron/crontabs/root \ + && chmod 600 /var/spool/cron/crontabs/root -# crond -f: run in foreground; -l 2: log level notice -CMD ["crond", "-f", "-l", "2"] +# busybox crond: -f = foreground, -d 8 = log level debug +CMD ["crond", "-f", "-d", "8"] diff --git a/backup/backup.sh b/backup/backup.sh index 9993cbf..4d16959 100644 --- a/backup/backup.sh +++ b/backup/backup.sh @@ -20,8 +20,10 @@ TEMP_DUMP=$(mktemp) export PGPASSWORD="${POSTGRES_PASSWORD:-}" pg_dump -h "$DB_HOST" -U "$DB_USER" "$DB_NAME" > "$TEMP_DUMP" -# Compute MD5 of dump content to detect changes -CURRENT_CHECKSUM=$(md5sum "$TEMP_DUMP" | cut -d' ' -f1) +# Compute MD5 of dump content, excluding lines that change every run: +# - pg_dump comment lines (timestamps, version info) +# - PostgreSQL 17 security tokens (\restrict / \unrestrict with random token) +CURRENT_CHECKSUM=$(grep -Ev '^(--|\\restrict|\\unrestrict)' "$TEMP_DUMP" | md5sum | cut -d' ' -f1) LAST_CHECKSUM="" if [ -f "$CHECKSUM_FILE" ]; then LAST_CHECKSUM=$(cat "$CHECKSUM_FILE")