feat: reth backup scripts

[randygrok]

Description

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Performance improvement
• Refactoring

Related Issues

Fixes #(issue)

Checklist

• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published

Testing

Additional Notes

[claude]

Claude finished @randygrok's task —— View job

---

PR Review: Reth Backup Scripts

I've completed a comprehensive review of the reth backup scripts. Here's my detailed feedback:

Todo List:

• Read and analyze all 4 new files
• Review shell script security and best practices
• Analyze Docker configuration
• Check documentation quality
• Evaluate error handling and logging
• Assess backup strategy and reliability
• Provide comprehensive feedback

---

🔍 Overall Assessment

This is a well-structured backup solution with good separation of concerns and comprehensive documentation. The scripts demonstrate solid bash practices and thoughtful architecture.

✅ Strengths

1. Architecture & Design

   • Excellent separation between backend abstraction (backup-lib.sh) and main logic (backup.sh)
   • Clean interface that allows easy extension to other backends (SSH, K8s, etc.)
   • Function pointer pattern for backend switching is elegant

2. Documentation Quality

   • Comprehensive README with clear usage examples
   • End-to-end workflow documentation is particularly valuable
   • Known limitations section shows good operational awareness

3. Error Handling

   • Good use of set -euo pipefail for strict error handling
   • Proper validation of required commands and container availability
   • Graceful handling of missing static_files directory

4. Security Practices

   • Proper argument validation and input sanitization
   • No direct user input interpolation without validation
   • Container isolation for Docker mode

⚠️ Security Concerns

1. Command Injection Risk (backup-lib.sh:48)

   docker exec "$container" bash -lc "$1"

   The command is passed directly to bash without proper escaping. Consider using:

   docker exec "$container" bash -lc "${1//\"/\\\"}"

2. Path Traversal (backup.sh:175)

   $exec_remote "rm -rf '$REMOTE_TMP' && mkdir -p '$REMOTE_TMP/db' '$REMOTE_TMP/static_files'"

   If REMOTE_TMP contains shell metacharacters, this could be exploited. Consider validation:

   # Validate REMOTE_TMP contains only safe characters
   if [[ ! "$REMOTE_TMP" =~ ^[a-zA-Z0-9/_-]+$ ]]; then
     echo "error: invalid temporary path" >&2
     exit 1
   fi

🐛 Potential Bugs

1. Directory Creation Race Condition (backup.sh:168)

   HOST_DEST="$(mkdir -p "$DEST" && cd "$DEST" && pwd)/${BACKUP_TAG}"

   If BACKUP_TAG contains ../, this could create directories outside intended location.

2. JSON Parsing Fragility (backup.sh:191)

   HEIGHT=$(echo "$STAGE_JSON" | jq -r '.[] | select(.[0]=="Finish") | .[1].block_number' | tr -d '\r\n')

   This assumes specific JSON structure. Add error handling:

   if ! HEIGHT=$(echo "$STAGE_JSON" | jq -r '.[] | select(.[0]=="Finish") | .[1].block_number' 2>/dev/null); then
     echo "error: failed to parse stage checkpoints" >&2
     exit 1
   fi

3. Copy Operation Silent Failures (backup.sh:204)

   $copy_from_remote "${REMOTE_TMP}/static_files/." "$HOST_DEST/static_files/" || true

   The || true suppresses all errors, including permission issues. Consider logging failures.

🚀 Performance Considerations

1. Large Database Handling

   • mdbx_copy is efficient for MDBX databases
   • Consider adding progress indicators for large backups
   • No compression option available - could be beneficial for storage

2. Docker Operations

   • Multiple docker exec calls could be optimized with single commands
   • File transfers via docker cp are reasonably efficient

🧪 Test Coverage

Missing Test Coverage:

• No unit tests for shell functions
• No integration tests for backup/restore workflow
• No validation of backup integrity
• No tests for error conditions

Recommendations:

• Add bats (Bash Automated Testing System) tests
• Test backup integrity by comparing checksums
• Mock tests for different failure scenarios
• End-to-end tests with actual containers

🔧 Code Quality Improvements

1. Function Extraction (backup.sh)

   • Main script is quite long (220 lines) - consider breaking into functions
   • Extract validation logic into separate functions

2. Configuration Validation

   • Add validation for DATADIR path format
   • Validate BACKUP_TAG characters to prevent path injection

3. Logging Consistency

   • Mix of echo and error messages to stderr
   • Consider structured logging with consistent format

🛠️ Docker Configuration Review

The Dockerfile is clean and follows best practices:

• Multi-stage approach would reduce final image size
• Consider pinning libmdbx to specific commit for reproducibility
• Good cleanup of build dependencies

Suggestion:

# Pin to specific commit for reproducibility
ARG LIBMDBX_REF=v0.12.7

📋 Additional Recommendations

1. Add Backup Verification

   # After backup, verify MDBX file integrity
   "$MDBX_COPY" -c "$HOST_DEST/db/mdbx.dat" /dev/null

2. Improve Error Messages

   • Add context to error messages (which step failed)
   • Include troubleshooting hints

3. Add Metrics/Monitoring

   • Export backup duration and size metrics
   • Add health check endpoint for monitoring systems

4. Consider Retention Policy

   • Add option to automatically clean old backups
   • Implement backup rotation

🎯 Priority Fixes

1. High Priority: Fix command injection in docker_exec_remote
2. Medium Priority: Add path validation for REMOTE_TMP and BACKUP_TAG
3. Low Priority: Improve error handling in JSON parsing and copy operations

---

This is a solid foundation for a backup system. The main concerns are around input validation and command injection. Once those security issues are addressed, this would be production-ready with appropriate testing.

[gemini-code-assist]

Summary of Changes

Hello @randygrok, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request delivers a robust and flexible solution for backing up the ev-reth MDBX database. It allows for consistent snapshots to be taken without interrupting node operations, supporting both local and containerized deployments. The design emphasizes modularity for future extensibility and provides thorough documentation to guide users through the backup and restore processes, ensuring data integrity and facilitating point-in-time recovery.

Highlights

• New Reth Backup Scripts: Introduced a comprehensive set of scripts to create consistent backups of the ev-reth MDBX database while the node is running.
• Flexible Execution Modes: The backup solution supports both local machine and Docker container environments, offering versatility for different deployment setups.
• Modular Architecture: The backup logic is separated into an abstract execution layer (backup-lib.sh) and a main orchestrator script (backup.sh), allowing for easy extension to other environments like SSH or Kubernetes.
• Comprehensive Documentation: A detailed README.md is included, providing usage instructions, architectural overview, and an end-to-end workflow for backup and restore operations, including known limitations.
• MDBX Tooling Integration: A new Dockerfile is added to build the ev-reth image with necessary libmdbx tools like mdbx_copy, enabling consistent database snapshots.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a set of scripts for creating hot backups of a reth node's database, supporting both local and Docker-based environments. The scripts are well-structured and the documentation is comprehensive. My review focuses on improving the Dockerfile for better reproducibility and smaller image size, enhancing the robustness of the backup script by not silencing critical errors, and pointing out a security concern in the documentation's example commands.

[gemini-code-assist]

Using the :latest tag for a base image can lead to non-reproducible builds, as it can change unexpectedly. It's a best practice to pin to a specific version tag or a digest to ensure build consistency and avoid breaking changes.

[gemini-code-assist]

Using the master branch for dependencies can cause non-reproducible builds as the branch head moves. It's better to use a specific git tag or commit hash for LIBMDBX_REF to ensure that the same version of the dependency is always used.

[gemini-code-assist]

The current Dockerfile includes build-time dependencies like build-essential, cmake, and git in the final image, which significantly increases its size and potential attack surface. Using a multi-stage build would create a smaller, more secure final image. The first stage would build the libmdbx tools, and the final stage would copy only the necessary binaries from the builder stage.

Here is an example of how it could be structured:

# Builder stage
FROM ghcr.io/evstack/ev-reth:latest as builder

ARG LIBMDBX_REPO=https://github.com/erthink/libmdbx.git
ARG LIBMDBX_REF=master

RUN set -eux; \
    apt-get update; \
    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
        build-essential \
        ca-certificates \
        cmake \
        git \
    ; \
    rm -rf /var/lib/apt/lists/*

RUN set -eux; \
    git clone --depth 1 --branch "${LIBMDBX_REF}" "${LIBMDBX_REPO}" /tmp/libmdbx; \
    cmake -S /tmp/libmdbx -B /tmp/libmdbx/build -DCMAKE_BUILD_TYPE=Release; \
    cmake --build /tmp/libmdbx/build --target mdbx_copy mdbx_dump mdbx_chk;

# Final stage
FROM ghcr.io/evstack/ev-reth:latest

RUN set -eux; \
    apt-get update; \
    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
        jq \
    ; \
    rm -rf /var/lib/apt/lists/*

COPY --from=builder /tmp/libmdbx/build/mdbx_copy /usr/local/bin/mdbx_copy
COPY --from=builder /tmp/libmdbx/build/mdbx_dump /usr/local/bin/mdbx_dump
COPY --from=builder /tmp/libmdbx/build/mdbx_chk /usr/local/bin/mdbx_chk

[gemini-code-assist]

The docker run command in this example contains hardcoded sensitive values like EVM_JWT_SECRET and EVM_SIGNER_PASSPHRASE. While this is for documentation, it's a security risk if copied into production environments as it encourages bad practice. It would be better to demonstrate using environment variables from a file (e.g., --env-file .env) or another secret management practice.

[gemini-code-assist]

The command to copy static_files uses 2>/dev/null || true, which completely suppresses any errors during the copy process. If some files fail to copy (e.g., due to permissions), the backup might be incomplete without any warning. It would be safer to remove 2>/dev/null to allow errors to be visible, while || true can still prevent the script from exiting if a partial copy is acceptable.

Suggested change

	$exec_remote "if [ -d '${DATADIR}/static_files' ]; then cp -a '${DATADIR}/static_files/.' '$REMOTE_TMP/static_files/' 2>/dev/null || true; fi"
	$exec_remote "if [ -d '${DATADIR}/static_files' ]; then cp -a '${DATADIR}/static_files/.' '$REMOTE_TMP/static_files/' || true; fi"

[gemini-code-assist]

Using || true here suppresses the exit code from the $copy_from_remote command (which is docker cp in docker mode). If the copy from the container to the host fails, the script will continue as if successful, leading to an incomplete or empty backup. This is a critical step, and it's safer to let the script fail if this copy operation fails.

Suggested change

	$copy_from_remote "${REMOTE_TMP}/static_files/." "$HOST_DEST/static_files/" || true
	$copy_from_remote "${REMOTE_TMP}/static_files/." "$HOST_DEST/static_files/"