Brian Warner [Sat, 31 Mar 2012 06:56:41 +0000 (23:56 -0700)]
Mutable repair: use new MODE_REPAIR to query all servers *and* get privkey
This fixes bug #1689. Repair was using MODE_READ to build the servermap,
which doesn't try hard enough to grab the privkey, and also doesn't guarantee
sending queries to all servers. This patch adds a new MODE_REPAIR which does
both, and does a separate, distinct mapupdate to start wth repair cycle,
instead of relying upon the (MODE_CHECK) mapupdate leftover from the
filecheck that triggered the repair.
Brian Warner [Sat, 31 Mar 2012 00:29:06 +0000 (17:29 -0700)]
test_introducer.SystemTest: fix race condition
SystemTest has a couple of different phases, separated by a poller which
waits for everything to be idle (all messages delivered, none in flight). It
does this by watching some internal "_debug_outstanding" counters in the
server and in each client, and waiting for them to hit zero.
Just before the last phase, we replace the server with a new one (to make
sure clients re-send their messages properly). Unfortunately, the polling
function closed over the variable holding the original server, and didn't see
the replacement. It kept polling the old server, and failed to notice the
outstanding messages for the new server. The last phase of the test (check3)
was started too early, which failed (since some messages had not yet been
delivered), and then exploded in a flurry of dirty-reactor errors (because
some messages were delivered after test shutdown).
This replaces the closed-over-variable with a "self.the_introducer", which
seems to fix the race.
One additional place to look at in the future: the client
announcement-receive path (remote_announce) uses an eventually(). If the
message has been received and the eventual-send posted (but not yet executed)
when the poller sees it, the poller might erroneously conclude that the
client is idle and cause the same problem as above. To fix this, the poller
(probably all pollers) could be enhanced to do a flushEventualQueue before
querying the are-we-done-yet predicate function.
Brian Warner [Sat, 17 Mar 2012 23:52:32 +0000 (16:52 -0700)]
Fix mutable status (mapupdate/retrieve/publish) to use serverids, not tubids
This still leaves immutable-publish results incorrectly using tubids instead
of serverids. That will need some more work, since it might change the Helper
interface.
david-sarah [Wed, 14 Mar 2012 23:47:29 +0000 (23:47 +0000)]
Temporarily suppress the DeprecationWarning about IFinishableConsumer; it's irritating, but not in a way that is likely to make me fix the underlying issue (#1525) any sooner :-). refs #1295
Brian Warner [Sun, 20 Nov 2011 10:21:32 +0000 (02:21 -0800)]
new introducer: signed extensible dictionary-based messages! refs #466
This introduces new client and server halves to the Introducer (renaming the
old one with a _V1 suffix). Both have fallbacks to accomodate talking to a
different version: the publishing client switches on whether the server's
.get_version() advertises V2 support, the server switches on which
subscription method was invoked by the subscribing client.
The V2 protocol sends a three-tuple of (serialized announcement dictionary,
signature, pubkey) for each announcement. The V2 server dispatches messages
to subscribers according to the service-name, and throws errors for invalid
signatures, but does not otherwise examine the messages. The V2 receiver's
subscription callback will receive a (serverid, ann_dict) pair. The
'serverid' will be equal to the pubkey if all of the following are true:
the originating client is V2, and was told a privkey to use
the announcement went through a V2 server
the signature is valid
If not, 'serverid' will be equal to the tubid portion of the announced FURL,
as was the case for V1 receivers.
Servers will create a keypair if one does not exist yet, stored in
private/server.privkey .
The signed announcement dictionary puts the server FURL in a key named
"anonymous-storage-FURL", which anticipates upcoming Accounting-related
changes in the server advertisements. It also provides a key named
"permutation-seed-base32" to tell clients what permutation seed to use. This
is computed at startup, using tubid if there are existing shares, otherwise
the pubkey, to retain share-order compatibility for existing servers.
Brian Warner [Wed, 7 Mar 2012 02:22:41 +0000 (18:22 -0800)]
tahoe.css: fix #section typo, update welcome.xhtml to match
The "#section" declaration (which matches id="section") should have been
".section" (which matches class="section").
The welcome page has a feature that I actually liked: the little "This
Client" sidebar sits just to the right of the start of the Controls block.
Fixing .section broke that (the clear:both introduces a gap, forcing the
Controls block to start strictly below the bottom of the This Client block).
So I also removed class="section" from the Controls block to allow them to
share the horizontal space again.
Kevan [Fri, 13 Jan 2012 02:11:42 +0000 (18:11 -0800)]
Ensure that verification proceeds and stops when appropriate.
The removed assertions are appropriate for a download that seeks to
return plaintext to a caller; if we don't have at least k active remote
shares, then we can't hope to do that. They're not appropriate for a
verification operation; a user can try to verify a file that has fewer
than k shares available, so that shouldn't be treated as an error.
Instead, we proceed with fewer than k shares, and ensure that we
terminate the download if we have no shares at all and we're verifying.
Kevan [Fri, 13 Jan 2012 02:11:04 +0000 (18:11 -0800)]
Add test_verify_mdmf_all_bad_sharedata
test_verify_mdmf_all_bad_sharedata tests for the regression described
in ticket 1648. In particular, it will trigger the misplaced assertion
in the share activation code. It also tests to make sure that
verification continues with fewer than k shares.
docs: a comment to inform the (human) reader about encoding and to prevent someone from moving the title up to where it will interact with the utf-8 BOM and cause trac to mis-render the title
Brian Warner [Sun, 8 Jan 2012 18:16:54 +0000 (10:16 -0800)]
fix bundled data under git, remove setuptools_darcs
This uses explicitly enumerated packages= and package_data= arguments to
setup(), rather than relying upon the convenient (but darcs-specific)
functions which would determine these values by asking the revision-control
system.
Note that darcsver is still used, when building from a darcs tree.
Brian Warner [Sun, 8 Jan 2012 02:12:51 +0000 (18:12 -0800)]
mutable/retrieve.py: clean up control flow to avoid dropping errors
* replace DeferredList with gatherResults, simplify result handling
* use BadShareError to signal recoverable problems in either fetch or
validate, catch after _validate_block
* _validate_block is thus not responsible for noticing fetch problems
* rename _validation_or_decoding_failed() to _handle_bad_share()
* _get_needed_hashes() returns two Deferreds, instead of a hard-to-unpack
DeferredList
david-sarah [Sun, 20 Nov 2011 23:24:26 +0000 (23:24 +0000)]
Use a private/drop_upload_dircap file instead of the [drop_upload]upload.dircap option in tahoe.cfg. Fail if the upload.dircap option is used, or options are missing. Also updates tests and docs. fixes #1593
Kevan Carstensen [Wed, 28 Dec 2011 05:33:58 +0000 (21:33 -0800)]
mutable publish: track multiple servers-per-share. Fixes some of #1628.
The remaining work is to write additional tests.
src/allmydata/test/no_network.py:
This supports tests in which servers leave the grid only to return with
their shares intact at a later time.
src/allmydata/test/test_mutable.py:
The UCWEs in the incident reports associated with #1628 all seem to be
associated with shares that the servermap knows about, but which aren't
accounted for during the publish process for whatever reason. Specifically,
it looks like the publisher is only capable of keeping track of a single
storage server for a given share. This makes the repair process worse than
it was pre-MDMF at updating all of the shares of a particular file to the
newest version, and can also cause spurious UCWEs. This test simulates such
a layout and fails if an UCWE is thrown. We need to write another test to
ensure that all copies of a share are updated to the latest version (or
alter this test to do that), so that the test suite doesn't pass unless both
regressions are fixed.
We want the publisher to follow the existing share placement when uploading
a new version of a mutable file, and we don't want this test to pass unless
it does.
src/allmydata/mutable/publish.py:
Before this commit, the publisher only kept track of a single writer for
each share. This is insufficient to handle updates in which a single share
may live on multiple servers. In the best case, an update will only update
one of the existing shares instead of all of them. In some cases, the update
will encounter the existing shares when publishing some other share,
interpret it as a sign of an uncoordinated update, and fail. Keeping track
of all of the writers helps ensure that all existing shares are updated, and
helps avoid spurious uncoordinated write errors.
doc: about.rst: use unicode emdash, use non-embedded URIs, add clarificaiton of when a file gets its mutable-or-immutable nature
embedded URIs, although documented here:
http://docutils.sourceforge.net/docs/ref/rst/restructuredtext.html#embedded-uris
generate messages like this from rst2html --verbose:
quickstart.rst:3: (INFO/1) Duplicate explicit target name: "the tahoe-dev mailing list".
Also this patch prepends a "utf-8 BOM" to the beginning of the file.
Brian Warner [Mon, 5 Dec 2011 05:49:16 +0000 (21:49 -0800)]
setup.py: stop putting pyutil.version_class/etc in _version.py
allmydata.__version__ can just be a string, it doesn't need to be an instance
of some fancy NormalizedVersion class. Everything inside Tahoe uses
str(__version__) anyways.
Brian Warner [Mon, 5 Dec 2011 04:40:01 +0000 (20:40 -0800)]
setup.py: get version from git or darcs
This replaces the setup.cfg aliases that run "darcsver" before each major
command with the new "update_version". update_version is defined in setup.py,
and tries to get a version string from either darcs or git (or leaves the
existing _version.py alone if neither VC metadata is available).
Also clean up a tiny typo in verlib.py that messed up syntax hilighting.
Brian Warner [Thu, 17 Nov 2011 22:54:23 +0000 (14:54 -0800)]
remove remaining uses of nevow's "formless" module
We're slowly moving away from Nevow, and marcusw's previous patch removed
uses of the formless CSS file, so now we can stop testing that nevow can find
that file, and remove the lingering unused "import formless" call.
Brian Warner [Wed, 16 Nov 2011 22:42:25 +0000 (14:42 -0800)]
Remove duplicate tahoe_css links from manifest.xhtml and rename-form.xhtml
They were probably meant to be links to webform_css, but we aren't really
using Nevow's form-generation code anyways, so they can just be removed.
Thanks to 'marcusw' for the catch.
Brian Warner [Wed, 9 Nov 2011 18:36:32 +0000 (10:36 -0800)]
setup.py: umask=022 for 'sdist', to avoid depending on environment
The new tarball-building buildslave had a bogus umask set, causing the 1.9.0
tarballs to be non-other-user-readable (go-rwx), which is a hassle for
packaging. (The umask was correct on the old buildslave, but it was moved to
a new host shortly before the release). This should make sure tarballs are
correct despite the host's setting.
Note to others: processes run under twistd get umask=077 unless you arrange
otherwise.
david-sarah [Sun, 9 Oct 2011 05:03:01 +0000 (05:03 +0000)]
check-miscaptures.py: report the number of files that were not analysed due to syntax errors (and don't count them in the number of suspicious captures). refs #1555
david-sarah [Sun, 9 Oct 2011 04:50:23 +0000 (04:50 +0000)]
check-miscaptures.py: handle corner cases around default arguments correctly. Also make a minor optimization when there are no assigned variables to consider. refs #1555