Brian Warner [Mon, 14 May 2012 20:32:03 +0000 (13:32 -0700)]
write node.url and portnum files atomically, to fix race in test_runner
Previously, test_runner sometimes fails because the _node_has_started()
poller fires after the portnum file has been opened, but before it has
actually been filled, allowing the test process to observe an empty file,
which flunks the test.
This adds a new fileutil.write_atomically() function (using the usual
write-to-.tmp-then-rename approach), and uses it for both node.url and
client.port . These files are written a bit before the node is really up and
running, but they're late enough for test_runner's purposes, which is to know
when it's safe to read client.port and use 'tahoe restart' (and therefore
SIGINT) to restart the node.
The current node/client code doesn't offer any better "are you really done
with startup" indicator.. the ideal approach would be to either watch the
logfile, or connect to its flogport, but both are a hassle. Changing the node
to write out a new "all done" file would be intrusive for regular
operations.
Brian Warner [Sun, 13 May 2012 07:41:53 +0000 (00:41 -0700)]
webapi: don't allow ETags in t=info or t=rename-form, both are variable
t=info contains randomly-generated ophandles, and t=rename-form contains the
name of the child being renamed, so neither is eligible for a
short-circuiting ETag. Enhanced test_web to exercise this. Had to improve
FakeCHKFileNode slightly to let it participate. Refs #443.
When client does a conditional GET/HEAD with If-none-match:, if the condition
fails (ie, the client's ETag matches the file's) then we can short-circuit
the whole process and immediately return an empty body.
Like immutable files, the ETag is based on the storage index. However, since
a directory is a special interpretation of a file, it is distinguished from
the file by prepending "DIR:" onto the start of the ETag, and adding
-representation on the end (where -representation is the ?t= argument, json,
info, etc).
It also checks the return of setETag and avoids generating a representation
if the client already has it.
It turns out that TarFile.addfile() doesn't provide a reasonable default
timestamp, resulting in files dated to 1970 (they're probably wearing
bell-bottoms and listening to disco too). Then, when the bdist_egg command
tries to create a *zip*file with those files, it explodes because zipfiles
cannot handle timestamps before 1980 (it prefers boomboxes and jackets with
straps on the shoulders, thank you very much).
This puts a modern time.time() on the members of the tarfile, allowing future
cryptocoderarchaeologists the opportunity to make fun of fashion trends from
the user's chosen era, rather than an artificially older one.
david-sarah [Sat, 31 Mar 2012 22:41:22 +0000 (22:41 +0000)]
Add 'tahoe debug flogtool' command, test for --help, and docs. This version gets the help synopses more correct, and changes the doc to say that this command is added in 1.10.0 rather than 1.9.2. fixes #1693
Zooko [Sun, 13 May 2012 02:59:59 +0000 (19:59 -0700)]
rename build_helpers files
This is from the darcs patch for #1342, which failed to apply on my darcs
tree, so I'm landing it from git. I'm landing the rename-files part
separately from the modify-those-files part to avoid VC complications.
Brian Warner [Wed, 9 May 2012 21:18:27 +0000 (14:18 -0700)]
webapi 'move'-button cleanups
test_web.py: use shouldFail2(), safer than old shouldFail()
directory.py: forbid slashes in from_name=, return BAD_REQUEST instead of
GONE when trying to move into a non-directory
Marcus Wanner [Sat, 19 Nov 2011 01:42:10 +0000 (20:42 -0500)]
Change the arbitrary URI support from implied to explicit
The move webapi function now takes a target_type argument which lets it
know whether the target is a subdirectory name or URI. This is an
improvement over the old system in which the move handler tried to guess
whether the target was a name or a URI. Also fixed a little docs
copypaste problem and tweaked some line wrapping.
Marcus Wanner [Thu, 10 Nov 2011 08:00:11 +0000 (03:00 -0500)]
Adding 'move' button to web UI, closes #1579
This adds "move file" capability to the web UI's directory display. The
support and test framework is heavily based on the similar "rename file"
feature. Unit tests and documentation are included. Multiple in-progress
versions of this patch may be found in ticket 1579. This version
includes arbitrary URI target support and is compatible with the change
from tahoe_css to tahoe.css.
Brian Warner [Tue, 24 Apr 2012 05:37:28 +0000 (01:37 -0400)]
introweb announcements: show serverid, not tubid
'serverid' is the pubkey (for V2 clients), falling back to the tubid (for V1
clients). This also required cleaning up the way the index is created for the
old V1 introducer.
Brian Warner [Mon, 23 Apr 2012 22:02:22 +0000 (18:02 -0400)]
Fix introweb display for mixed V1/V2 clients. Closes #1721.
This significantly cleans up the IntroducerServer web-status renderers.
Instead of poking around in the introducer's internals, now the web-status
renderers get clean AnnouncementDescriptor and SubscriberDescriptor
objects. They are still somewhat foolscap-centric, but will provide a clean
abstraction boundary for future improvements.
The specific #1721 bug was that old (V1) subscribers were handled by
wrapping their RemoteReference in a special WrapV1SubscriberInV2Interface
object, but the web-status display was trying to peek inside the object to
learn what host+port it was associated with, and the wrapper did not proxy
those extra attributes.
A test was added to test_introducer to make sure the introweb page renders
properly and at least contains the nicknames of both the V1 and V2 clients.
Change capitalization of WUI and introducer welcome page headings; add test for introducer welcome page. Also fix a typo in a CSS class name. fixes #1708
Brian Warner [Wed, 4 Apr 2012 19:11:03 +0000 (12:11 -0700)]
test/common.py: remove ununsed 'is_bad' mechanism
This was a premature feature addition to the mock filenode, and gets in the
way of the IServer refactoring I'm trying to do. Best to remove it now and
re-introduce it in a better form later when it's actually needed.
Brian Warner [Tue, 3 Apr 2012 03:02:59 +0000 (20:02 -0700)]
Rename web CheckResults to -Renderer, to avoid confusion. Closes #1705.
This avoids the name collision between the actual results
objects (defined in allmydata.check_results) and the code that renders
these objects into HTML (defined in allmydata.web.check_results). Only
the web-side objects were renamed.
Add an explicit recommendation of SFTP over FTP. Separate the known issues of
FTP from SFTP. List "SFTP" first in all lists of the two. Use unicode bullet
points and prepend a utf-8 BOM. Use out-of-line rst hyperlinks.
• use out-of-line links to avoid a warning from rst2html --verbose (fixes #1704)
• reflow to 77 fill-column and prepend utf-8 BOM (fixes #1703)
• recommend Python 2.7 (fixes #1702)
• remove link to wiki:AdvancedInstall (fixes #1701)
Brian Warner [Sat, 31 Mar 2012 06:56:41 +0000 (23:56 -0700)]
Mutable repair: use new MODE_REPAIR to query all servers *and* get privkey
This fixes bug #1689. Repair was using MODE_READ to build the servermap,
which doesn't try hard enough to grab the privkey, and also doesn't guarantee
sending queries to all servers. This patch adds a new MODE_REPAIR which does
both, and does a separate, distinct mapupdate to start wth repair cycle,
instead of relying upon the (MODE_CHECK) mapupdate leftover from the
filecheck that triggered the repair.
Brian Warner [Sat, 31 Mar 2012 00:29:06 +0000 (17:29 -0700)]
test_introducer.SystemTest: fix race condition
SystemTest has a couple of different phases, separated by a poller which
waits for everything to be idle (all messages delivered, none in flight). It
does this by watching some internal "_debug_outstanding" counters in the
server and in each client, and waiting for them to hit zero.
Just before the last phase, we replace the server with a new one (to make
sure clients re-send their messages properly). Unfortunately, the polling
function closed over the variable holding the original server, and didn't see
the replacement. It kept polling the old server, and failed to notice the
outstanding messages for the new server. The last phase of the test (check3)
was started too early, which failed (since some messages had not yet been
delivered), and then exploded in a flurry of dirty-reactor errors (because
some messages were delivered after test shutdown).
This replaces the closed-over-variable with a "self.the_introducer", which
seems to fix the race.
One additional place to look at in the future: the client
announcement-receive path (remote_announce) uses an eventually(). If the
message has been received and the eventual-send posted (but not yet executed)
when the poller sees it, the poller might erroneously conclude that the
client is idle and cause the same problem as above. To fix this, the poller
(probably all pollers) could be enhanced to do a flushEventualQueue before
querying the are-we-done-yet predicate function.
Brian Warner [Sat, 17 Mar 2012 23:52:32 +0000 (16:52 -0700)]
Fix mutable status (mapupdate/retrieve/publish) to use serverids, not tubids
This still leaves immutable-publish results incorrectly using tubids instead
of serverids. That will need some more work, since it might change the Helper
interface.
david-sarah [Wed, 14 Mar 2012 23:47:29 +0000 (23:47 +0000)]
Temporarily suppress the DeprecationWarning about IFinishableConsumer; it's irritating, but not in a way that is likely to make me fix the underlying issue (#1525) any sooner :-). refs #1295
Brian Warner [Sun, 20 Nov 2011 10:21:32 +0000 (02:21 -0800)]
new introducer: signed extensible dictionary-based messages! refs #466
This introduces new client and server halves to the Introducer (renaming the
old one with a _V1 suffix). Both have fallbacks to accomodate talking to a
different version: the publishing client switches on whether the server's
.get_version() advertises V2 support, the server switches on which
subscription method was invoked by the subscribing client.
The V2 protocol sends a three-tuple of (serialized announcement dictionary,
signature, pubkey) for each announcement. The V2 server dispatches messages
to subscribers according to the service-name, and throws errors for invalid
signatures, but does not otherwise examine the messages. The V2 receiver's
subscription callback will receive a (serverid, ann_dict) pair. The
'serverid' will be equal to the pubkey if all of the following are true:
the originating client is V2, and was told a privkey to use
the announcement went through a V2 server
the signature is valid
If not, 'serverid' will be equal to the tubid portion of the announced FURL,
as was the case for V1 receivers.
Servers will create a keypair if one does not exist yet, stored in
private/server.privkey .
The signed announcement dictionary puts the server FURL in a key named
"anonymous-storage-FURL", which anticipates upcoming Accounting-related
changes in the server advertisements. It also provides a key named
"permutation-seed-base32" to tell clients what permutation seed to use. This
is computed at startup, using tubid if there are existing shares, otherwise
the pubkey, to retain share-order compatibility for existing servers.
Brian Warner [Wed, 7 Mar 2012 02:22:41 +0000 (18:22 -0800)]
tahoe.css: fix #section typo, update welcome.xhtml to match
The "#section" declaration (which matches id="section") should have been
".section" (which matches class="section").
The welcome page has a feature that I actually liked: the little "This
Client" sidebar sits just to the right of the start of the Controls block.
Fixing .section broke that (the clear:both introduces a gap, forcing the
Controls block to start strictly below the bottom of the This Client block).
So I also removed class="section" from the Controls block to allow them to
share the horizontal space again.
Kevan [Fri, 13 Jan 2012 02:11:42 +0000 (18:11 -0800)]
Ensure that verification proceeds and stops when appropriate.
The removed assertions are appropriate for a download that seeks to
return plaintext to a caller; if we don't have at least k active remote
shares, then we can't hope to do that. They're not appropriate for a
verification operation; a user can try to verify a file that has fewer
than k shares available, so that shouldn't be treated as an error.
Instead, we proceed with fewer than k shares, and ensure that we
terminate the download if we have no shares at all and we're verifying.
Kevan [Fri, 13 Jan 2012 02:11:04 +0000 (18:11 -0800)]
Add test_verify_mdmf_all_bad_sharedata
test_verify_mdmf_all_bad_sharedata tests for the regression described
in ticket 1648. In particular, it will trigger the misplaced assertion
in the share activation code. It also tests to make sure that
verification continues with fewer than k shares.