From 1eed8afec5e19572d853642c2b37fbc4698e7607 Mon Sep 17 00:00:00 2001
From: Daira Hopwood <>
Date: Mon, 28 Dec 2015 20:22:36 +0000
Subject: [PATCH] Add fileutil.replace_file and rename_no_overwrite.

Signed-off-by: Daira Hopwood <>
 src/allmydata/test/ | 68 ++++++++++++++++++++++++++++
 src/allmydata/util/  | 80 +++++++++++++++++++++++++++++++--
 2 files changed, 144 insertions(+), 4 deletions(-)

diff --git a/src/allmydata/test/ b/src/allmydata/test/
index 345b87cc..ad97e6c0 100644
--- a/src/allmydata/test/
+++ b/src/allmydata/test/
@@ -441,6 +441,74 @@ class FileUtil(ReallyEqualMixin, unittest.TestCase):
+    def test_rename_no_overwrite(self):
+        workdir = fileutil.abspath_expanduser_unicode(u"test_rename_no_overwrite")
+        fileutil.make_dirs(workdir)
+        source_path = os.path.join(workdir, "source")
+        dest_path   = os.path.join(workdir, "dest")
+        # when neither file exists
+        self.failUnlessRaises(OSError, fileutil.rename_no_overwrite, source_path, dest_path)
+        # when only dest exists
+        fileutil.write(dest_path,   "dest")
+        self.failUnlessRaises(OSError, fileutil.rename_no_overwrite, source_path, dest_path)
+        self.failUnlessEqual(,   "dest")
+        # when both exist
+        fileutil.write(source_path, "source")
+        self.failUnlessRaises(OSError, fileutil.rename_no_overwrite, source_path, dest_path)
+        self.failUnlessEqual(, "source")
+        self.failUnlessEqual(,   "dest")
+        # when only source exists
+        os.remove(dest_path)
+        fileutil.rename_no_overwrite(source_path, dest_path)
+        self.failUnlessEqual(, "source")
+        self.failIf(os.path.exists(source_path))
+    def test_replace_file(self):
+        workdir = fileutil.abspath_expanduser_unicode(u"test_replace_file")
+        fileutil.make_dirs(workdir)
+        backup_path      = os.path.join(workdir, "backup")
+        replaced_path    = os.path.join(workdir, "replaced")
+        replacement_path = os.path.join(workdir, "replacement")
+        # when none of the files exist
+        self.failUnlessRaises(fileutil.ConflictError, fileutil.replace_file, replaced_path, replacement_path, backup_path)
+        # when only replaced exists
+        fileutil.write(replaced_path,    "foo")
+        self.failUnlessRaises(fileutil.ConflictError, fileutil.replace_file, replaced_path, replacement_path, backup_path)
+        self.failUnlessEqual(, "foo")
+        # when both replaced and replacement exist, but not backup
+        fileutil.write(replacement_path, "bar")
+        fileutil.replace_file(replaced_path, replacement_path, backup_path)
+        self.failUnlessEqual(,   "foo")
+        self.failUnlessEqual(, "bar")
+        self.failIf(os.path.exists(replacement_path))
+        # when only replacement exists
+        os.remove(backup_path)
+        os.remove(replaced_path)
+        fileutil.write(replacement_path, "bar")
+        fileutil.replace_file(replaced_path, replacement_path, backup_path)
+        self.failUnlessEqual(, "bar")
+        self.failIf(os.path.exists(replacement_path))
+        self.failIf(os.path.exists(backup_path))
+        # when replaced, replacement and backup all exist
+        fileutil.write(replaced_path,    "foo")
+        fileutil.write(replacement_path, "bar")
+        fileutil.write(backup_path,      "bak")
+        fileutil.replace_file(replaced_path, replacement_path, backup_path)
+        self.failUnlessEqual(,   "foo")
+        self.failUnlessEqual(, "bar")
+        self.failIf(os.path.exists(replacement_path))
     def test_du(self):
         basedir = "util/FileUtil/test_du"
diff --git a/src/allmydata/util/ b/src/allmydata/util/
index ac82fee9..d77c4067 100644
--- a/src/allmydata/util/
+++ b/src/allmydata/util/
@@ -6,6 +6,11 @@ import sys, exceptions, os, stat, tempfile, time, binascii
 from collections import namedtuple
 from errno import ENOENT
+if sys.platform == "win32":
+    from ctypes import WINFUNCTYPE, WinError, windll, POINTER, byref, c_ulonglong, \
+        create_unicode_buffer, get_last_error
+    from ctypes.wintypes import BOOL, HANDLE, DWORD, LPCWSTR, LPWSTR, LPVOID
 from twisted.python import log
 from pycryptopp.cipher.aes import AES
@@ -338,10 +343,6 @@ def to_windows_long_path(path):
 have_GetDiskFreeSpaceExW = False
 if sys.platform == "win32":
-    from ctypes import WINFUNCTYPE, windll, POINTER, byref, c_ulonglong, create_unicode_buffer, \
-        get_last_error
-    from ctypes.wintypes import BOOL, DWORD, LPCWSTR, LPWSTR
     # <>
     GetEnvironmentVariableW = WINFUNCTYPE(
@@ -518,6 +519,77 @@ def get_available_space(whichdir, reserved_space):
         return 0
+class ConflictError(Exception):
+    pass
+class UnableToUnlinkReplacementError(Exception):
+    pass
+def reraise(wrapper):
+    _, exc, tb = sys.exc_info()
+    wrapper_exc = wrapper("%s: %s" % (exc.__class__.__name__, exc))
+    raise wrapper_exc.__class__, wrapper_exc, tb
+if sys.platform == "win32":
+    # <>
+    ReplaceFileW = WINFUNCTYPE(
+        use_last_error=True
+    )(("ReplaceFileW", windll.kernel32))
+    # <>
+    def rename_no_overwrite(source_path, dest_path):
+        os.rename(source_path, dest_path)
+    def replace_file(replaced_path, replacement_path, backup_path):
+        precondition_abspath(replaced_path)
+        precondition_abspath(replacement_path)
+        precondition_abspath(backup_path)
+        r = ReplaceFileW(replaced_path, replacement_path, backup_path,
+                         REPLACEFILE_IGNORE_MERGE_ERRORS, None, None)
+        if r == 0:
+            # The UnableToUnlinkReplacementError case does not happen on Windows;
+            # all errors should be treated as signalling a conflict.
+            err = get_last_error()
+            if err != ERROR_FILE_NOT_FOUND:
+                raise ConflictError("WinError: %s" % (WinError(err),))
+            try:
+                rename_no_overwrite(replacement_path, replaced_path)
+            except EnvironmentError:
+                reraise(ConflictError)
+    def rename_no_overwrite(source_path, dest_path):
+        # link will fail with EEXIST if there is already something at dest_path.
+, dest_path)
+        try:
+            os.unlink(source_path)
+        except EnvironmentError:
+            reraise(UnableToUnlinkReplacementError)
+    def replace_file(replaced_path, replacement_path, backup_path):
+        precondition_abspath(replaced_path)
+        precondition_abspath(replacement_path)
+        precondition_abspath(backup_path)
+        if not os.path.exists(replacement_path):
+            raise ConflictError("Replacement file not found: %r" % (replacement_path,))
+        try:
+            os.rename(replaced_path, backup_path)
+        except OSError as e:
+            if e.errno != ENOENT:
+                raise
+        try:
+            rename_no_overwrite(replacement_path, replaced_path)
+        except EnvironmentError:
+            reraise(ConflictError)
 PathInfo = namedtuple('PathInfo', 'isdir isfile islink exists size mtime ctime')
 def get_pathinfo(path_u, now=None):