2 ==================================
3 User-Visible Changes in Tahoe-LAFS
4 ==================================
6 Release 1.9.2 (2012-07-03)
7 ----------------------------
12 - Several regressions in support for reading (`#1636`_), writing/modifying
13 (`#1670`_, `#1749`_), verifying (`#1628`_) and repairing (`#1655`_, `#1669`_,
14 `#1676`_, `#1689`_) mutable files have been fixed.
15 - FTP can now list directories containing mutable files, although it
16 still does not support reading or writing mutable files. (`#680`_)
17 - The FTP frontend would previously show Jan 1 1970 for all timestamps;
18 now it shows the correct modification time of the directory entry.
20 - If a node is configured to report incidents to a log gatherer, but the
21 gatherer is offline when some incidents occur, it would previously not
22 "catch up" with those incidents as intended. (`#1725`_)
23 - OpenBSD 5 is now supported. (`#1584`_)
24 - The ``count-good-share-hosts`` field of file check results is now
25 computed correctly. (`#1115`_)
27 Configuration/Behavior Changes
28 ''''''''''''''''''''''''''''''
30 - The capability of the upload directory for the drop-upload frontend
31 is now specified in the file ``private/drop_upload_dircap`` under
32 the gateway's node directory, rather than in its ``tahoe.cfg``.
38 - Tahoe-LAFS can be built correctly from a git repository as well as
40 - Versions 2.0.1 and 2.4 of PyCrypto are excluded. (`#1631`_, `#1574`_)
42 .. _`#680`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/680
43 .. _`#1115`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1115
44 .. _`#1574`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1574
45 .. _`#1584`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1584
46 .. _`#1593`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1593
47 .. _`#1628`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1628
48 .. _`#1631`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1631
49 .. _`#1636`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1636
50 .. _`#1655`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1655
51 .. _`#1669`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1669
52 .. _`#1670`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1670
53 .. _`#1676`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1676
54 .. _`#1688`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1688
55 .. _`#1689`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1689
56 .. _`#1725`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1725
57 .. _`#1749`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1749
60 Release 1.9.1 (2012-01-12)
61 --------------------------
63 Security-related Bugfix
64 '''''''''''''''''''''''
66 - Fix flaw that would allow servers to cause undetected corruption when
67 retrieving the contents of mutable files (both SDMF and MDMF). (`#1654`_)
69 .. _`#1654`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1654
72 Release 1.9.0 (2011-10-30)
73 --------------------------
78 - The most significant new feature in this release is MDMF: "Medium-size
79 Distributed Mutable Files". Unlike standard SDMF files, these provide
80 efficient partial-access (reading and modifying small portions of the file
81 instead of the whole thing). MDMF is opt-in (it is not yet the default
82 format for mutable files), both to ensure compatibility with previous
83 versions, and because the algorithm does not yet meet memory-usage goals.
84 Enable it with ``--format=MDMF`` in the CLI (``tahoe put`` and ``tahoe
85 mkdir``), or the "format" radioboxes in the web interface. See
86 `<docs/specifications/mutable.rst>`__ for more details (`#393`_, `#1507`_)
87 - A "blacklist" feature allows blocking access to specific files through
88 a particular gateway. See the "Access Blacklist" section of
89 `<docs/configuration.rst>`__ for more details. (`#1425`_)
90 - A "drop-upload" feature has been added, which allows you to upload
91 files to a Tahoe-LAFS directory just by writing them to a local
92 directory. This feature is experimental and should not be relied on
93 to store the only copy of valuable data. It is currently available
94 only on Linux. See `<docs/frontends/drop-upload.rst>`__ for documentation.
96 - The timeline of immutable downloads can be viewed using a zoomable and
97 pannable JavaScript-based visualization. This is accessed using the
98 'timeline' link on the File Download Status page for the download, which
99 can be reached from the Recent Uploads and Downloads page.
101 Configuration/Behavior Changes
102 ''''''''''''''''''''''''''''''
104 - Prior to Tahoe-LAFS v1.3, the configuration of some node options could
105 be specified using individual config files rather than via ``tahoe.cfg``.
106 These files now cause an error if present. (`#1385`_)
107 - Storage servers now calculate their remaining space based on the filesystem
108 containing the ``storage/shares/`` directory. Previously they looked at the
109 filesystem containing the ``storage/`` directory. This allows
110 ``storage/shares/``, rather than ``storage/``, to be a mount point or a
111 symlink pointing to another filesystem. (`#1384`_)
112 - ``tahoe cp xyz MUTABLE`` will modify the existing mutable file instead of
113 creating a new one. (`#1304`_)
114 - The button for unlinking a file from its directory on a WUI directory
115 listing is now labelled "unlink" rather than "del". (`#1104`_)
120 - The security bugfix for the vulnerability allowing deletion of shares,
121 detailed in the news for v1.8.3 below, is also included in this
123 - Some cases of immutable upload, for example using the ``tahoe put`` and
124 ``tahoe cp`` commands or SFTP, did not appear in the history of Recent
125 Uploads and Downloads. (`#1079`_)
126 - The memory footprint of the verifier has been reduced by serializing
127 block fetches. (`#1395`_)
128 - Large immutable downloads are now a little faster than in v1.8.3 (about
129 5% on a fast network). (`#1268`_)
134 - The files related to Debian packaging have been removed from the Tahoe
135 source tree, since they are now maintained as part of the official
136 Debian packages. (`#1454`_)
137 - The unmaintained FUSE plugins were removed from the source tree. See
138 ``docs/frontends/FTP-and-SFTP.rst`` for how to mount a Tahoe filesystem on
139 Unix via sshfs. (`#1409`_)
140 - The Tahoe licenses now give explicit permission to combine Tahoe-LAFS
141 with code distributed under the following additional open-source licenses
142 (any version of each):
144 * Academic Free License
145 * Apple Public Source License
146 * BitTorrent Open Source License
147 * Lucent Public License
148 * Jabber Open Source License
149 * Common Development and Distribution License
150 * Microsoft Public License
151 * Microsoft Reciprocal License
152 * Sun Industry Standards Source License
153 * Open Software License
155 Compatibility and Dependencies
156 ''''''''''''''''''''''''''''''
158 - To resolve an incompatibility between Nevow and zope.interface (versions
159 3.6.3 and 3.6.4), Tahoe-LAFS now requires an earlier or later
160 version of zope.interface. (`#1435`_)
161 - The Twisted dependency has been raised to version 10.1 to ensure we no
162 longer require pywin32 on Windows, the new drop-upload feature has the
163 required support from Twisted on Linux, and that it is never necessary to
164 patch Twisted in order to use the FTP frontend. (`#1274`_, `#1429`_,
166 - An explicit dependency on pyOpenSSL has been added, replacing the indirect
167 dependency via the "secure_connections" option of foolscap. (`#1383`_)
172 - A ``man`` page has been added (`#1420`_). All other docs are in ReST
174 - The ``tahoe_files`` munin plugin reported an incorrect count of the number
175 of share files. (`#1391`_)
176 - Minor documentation updates: #627, #1104, #1225, #1297, #1342, #1404
177 - Other minor changes: #636, #1355, #1363, #1366, #1388, #1392, #1412, #1344,
178 #1347, #1359, #1389, #1441, #1442, #1446, #1474, #1503
180 .. _`#393`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/393
181 .. _`#1079`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1079
182 .. _`#1104`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1104
183 .. _`#1268`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1268
184 .. _`#1274`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1274
185 .. _`#1304`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1304
186 .. _`#1383`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1383
187 .. _`#1384`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1384
188 .. _`#1385`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1385
189 .. _`#1391`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1391
190 .. _`#1395`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1395
191 .. _`#1409`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1409
192 .. _`#1420`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1420
193 .. _`#1425`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1425
194 .. _`#1429`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1429
195 .. _`#1435`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1435
196 .. _`#1438`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1438
197 .. _`#1454`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1454
198 .. _`#1507`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1507
201 Release 1.8.3 (2011-09-13)
202 --------------------------
204 Security-related Bugfix
205 '''''''''''''''''''''''
207 - Fix flaw that would allow a person who knows a storage index of a file to
208 delete shares of that file. (`#1528`_)
209 - Remove corner cases in mutable file bounds management which could expose
210 extra lease info or old share data (from prior versions of the mutable
211 file) if someone with write authority to that mutable file exercised these
212 corner cases in a way that no actual Tahoe-LAFS client does. (Probably not
213 exploitable.) (`#1528`_)
215 .. _`#1528`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1528
218 Release 1.8.2 (2011-01-30)
219 --------------------------
221 Compatibility and Dependencies
222 ''''''''''''''''''''''''''''''
224 - Tahoe is now compatible with Twisted-10.2 (released last month), as
225 well as with earlier versions. The previous Tahoe-1.8.1 release
226 failed to run against Twisted-10.2, raising an AttributeError on
227 StreamServerEndpointService (`#1286`_)
228 - Tahoe now depends upon the "mock" testing library, and the foolscap
229 dependency was raised to 0.6.1 . It no longer requires pywin32
230 (which was used only on windows). Future developers should note that
231 reactor.spawnProcess and derivatives may no longer be used inside
237 - the default reserved_space value for new storage nodes is 1 GB
239 - documentation is now in reStructuredText (.rst) format
240 - "tahoe cp" should now handle non-ASCII filenames
241 - the unmaintained Mac/Windows GUI applications have been removed
243 - tahoe processes should appear in top and ps as "tahoe", not
244 "python", on some unix platforms. (`#174`_)
245 - "tahoe debug trial" can be used to run the test suite (`#1296`_)
246 - the SFTP frontend now reports unknown sizes as "0" instead of "?",
247 to improve compatibility with clients like FileZilla (`#1337`_)
248 - "tahoe --version" should now report correct values in situations
249 where 1.8.1 might have been wrong (`#1287`_)
251 .. _`#1208`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1208
252 .. _`#1282`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1282
253 .. _`#1286`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1286
254 .. _`#1287`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1287
255 .. _`#1296`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1296
256 .. _`#1337`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1337
259 Release 1.8.1 (2010-10-28)
260 --------------------------
262 Bugfixes and Improvements
263 '''''''''''''''''''''''''
265 - Allow the repairer to improve the health of a file by uploading some
266 shares, even if it cannot achieve the configured happiness
267 threshold. This fixes a regression introduced between v1.7.1 and
269 - Fix a memory leak in the ResponseCache which is used during mutable
270 file/directory operations. (`#1045`_)
271 - Fix a regression and add a performance improvement in the
272 downloader. This issue caused repair to fail in some special
274 - Fix a bug that caused 'tahoe cp' to fail for a grid-to-grid copy
275 involving a non-ASCII filename. (`#1224`_)
276 - Fix a rarely-encountered bug involving printing large strings to the
277 console on Windows. (`#1232`_)
278 - Perform ~ expansion in the --exclude-from filename argument to
279 'tahoe backup'. (`#1241`_)
280 - The CLI's 'tahoe mv' and 'tahoe ln' commands previously would try to
281 use an HTTP proxy if the HTTP_PROXY environment variable was set.
282 These now always connect directly to the WAPI, thus avoiding giving
283 caps to the HTTP proxy (and also avoiding failures in the case that
284 the proxy is failing or requires authentication). (`#1253`_)
285 - The CLI now correctly reports failure in the case that 'tahoe mv'
286 fails to unlink the file from its old location. (`#1255`_)
287 - 'tahoe start' now gives a more positive indication that the node has
289 - The arguments seen by 'ps' or other tools for node processes are now
290 more useful (in particular, they include the path of the 'tahoe'
291 script, rather than an obscure tool named 'twistd'). (`#174`_)
296 - The tahoe start/stop/restart and node creation commands no longer
297 accept the -m or --multiple option, for consistency between
298 platforms. (`#1262`_)
303 - We now host binary packages so that users on certain operating
304 systems can install without having a compiler.
305 <https://tahoe-lafs.org/source/tahoe-lafs/deps/tahoe-lafs-dep-eggs/README.html>
306 - Use a newer version of a dependency if needed, even if an older
307 version is installed. This would previously cause a VersionConflict
309 - Use a precompiled binary of a dependency if one with a sufficiently
310 high version number is available, instead of attempting to compile
311 the dependency from source, even if the source version has a higher
312 version number. (`#1233`_)
317 - All current documentation in .txt format has been converted to .rst
319 - Added docs/backdoors.rst declaring that we won't add backdoors to
320 Tahoe-LAFS, or add anything to facilitate government access to data.
323 .. _`#71`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/71
324 .. _`#174`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/174
325 .. _`#1212`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1212
326 .. _`#1045`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1045
327 .. _`#1190`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1190
328 .. _`#1216`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1216
329 .. _`#1223`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1223
330 .. _`#1224`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1224
331 .. _`#1225`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1225
332 .. _`#1232`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1232
333 .. _`#1233`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1233
334 .. _`#1241`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1241
335 .. _`#1253`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1253
336 .. _`#1255`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1255
337 .. _`#1262`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1262
340 Release 1.8.0 (2010-09-23)
341 --------------------------
346 - A completely new downloader which improves performance and
347 robustness of immutable-file downloads. It uses the fastest K
348 servers to download the data in K-way parallel. It automatically
349 fails over to alternate servers if servers fail in mid-download. It
350 allows seeking to arbitrary locations in the file (the previous
351 downloader which would only read the entire file sequentially from
352 beginning to end). It minimizes unnecessary round trips and
353 unnecessary bytes transferred to improve performance. It sends
354 requests to fewer servers to reduce the load on servers (the
355 previous one would send a small request to every server for every
356 download) (`#287`_, `#288`_, `#448`_, `#798`_, `#800`_, `#990`_,
358 - Non-ASCII command-line arguments and non-ASCII outputs now work on
359 Windows. In addition, the command-line tool now works on 64-bit
362 Bugfixes and Improvements
363 '''''''''''''''''''''''''
365 - Document and clean up the command-line options for specifying the
366 node's base directory. (`#188`_, `#706`_, `#715`_, `#772`_,
368 - The default node directory for Windows is ".tahoe" in the user's
369 home directory, the same as on other platforms. (`#890`_)
370 - Fix a case in which full cap URIs could be logged. (`#685`_,
372 - Fix bug in WUI in Python 2.5 when the system clock is set back to
373 1969. Now you can use Tahoe-LAFS with Python 2.5 and set your system
374 clock to 1969 and still use the WUI. (`#1055`_)
375 - Many improvements in code organization, tests, logging,
376 documentation, and packaging. (`#983`_, `#1074`_, `#1108`_,
377 `#1127`_, `#1129`_, `#1131`_, `#1166`_, `#1175`_)
382 - on x86 and x86-64 platforms, pycryptopp >= 0.5.20
383 - pycrypto 2.2 is excluded due to a bug
385 .. _`#188`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/188
386 .. _`#288`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/288
387 .. _`#448`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/448
388 .. _`#685`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/685
389 .. _`#706`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/706
390 .. _`#715`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/715
391 .. _`#772`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/772
392 .. _`#798`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/798
393 .. _`#800`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/800
394 .. _`#890`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/890
395 .. _`#983`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/983
396 .. _`#990`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/990
397 .. _`#1055`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1055
398 .. _`#1074`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1074
399 .. _`#1108`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1108
400 .. _`#1155`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1155
401 .. _`#1170`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1170
402 .. _`#1191`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1191
403 .. _`#1127`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1127
404 .. _`#1129`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1129
405 .. _`#1131`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1131
406 .. _`#1166`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1166
407 .. _`#1175`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1175
409 Release 1.7.1 (2010-07-18)
410 --------------------------
412 Bugfixes and Improvements
413 '''''''''''''''''''''''''
415 - Fix bug in which uploader could fail with AssertionFailure or report
416 that it had achieved servers-of-happiness when it hadn't. (`#1118`_)
417 - Fix bug in which servers could get into a state where they would
418 refuse to accept shares of a certain file (`#1117`_)
419 - Add init scripts for managing the gateway server on Debian/Ubuntu
421 - Fix bug where server version number was always 0 on the welcome page
423 - Add new command-line command "tahoe unlink" as a synonym for "tahoe
425 - The FTP frontend now encrypts its temporary files, protecting their
426 contents from an attacker who is able to read the disk. (`#1083`_)
427 - Fix IP address detection on FreeBSD 7, 8, and 9 (`#1098`_)
428 - Fix minor layout issue in the Web User Interface with Internet
430 - Fix rarely-encountered incompatibility between Twisted logging
431 utility and the new unicode support added in v1.7.0 (`#1099`_)
432 - Forward-compatibility improvements for non-ASCII caps (`#1051`_)
437 - Simplify and tidy-up directories, unicode support, test code
438 (`#923`_, `#967`_, `#1072`_)
440 .. _`#776`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/776
441 .. _`#923`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/923
442 .. _`#961`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/961
443 .. _`#967`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/967
444 .. _`#1051`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1051
445 .. _`#1067`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1067
446 .. _`#1072`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1072
447 .. _`#1083`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1083
448 .. _`#1097`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1097
449 .. _`#1098`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1098
450 .. _`#1099`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1099
451 .. _`#1117`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1117
452 .. _`#1118`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1118
455 Release 1.7.0 (2010-06-18)
456 --------------------------
461 - SFTP support (`#1037`_)
462 Your Tahoe-LAFS gateway now acts like a full-fledged SFTP server. It
463 has been tested with sshfs to provide a virtual filesystem in Linux.
464 Many users have asked for this feature. We hope that it serves them
465 well! See the `FTP-and-SFTP.rst`_ document to get
467 - support for non-ASCII character encodings (`#534`_)
468 Tahoe-LAFS now correctly handles filenames containing non-ASCII
469 characters on all supported platforms:
471 - when reading files in from the local filesystem (such as when you
472 run "tahoe backup" to back up your local files to a Tahoe-LAFS
474 - when writing files out to the local filesystem (such as when you
475 run "tahoe cp -r" to recursively copy files out of a Tahoe-LAFS
477 - when displaying filenames to the terminal (such as when you run
478 "tahoe ls"), subject to limitations of the terminal and locale;
479 - when parsing command-line arguments, except on Windows.
481 - Servers of Happiness (`#778`_)
482 Tahoe-LAFS now measures during immutable file upload to see how well
483 distributed it is across multiple servers. It aborts the upload if
484 the pieces of the file are not sufficiently well-distributed.
485 This behavior is controlled by a configuration parameter called
486 "servers of happiness". With the default settings for its erasure
487 coding, Tahoe-LAFS generates 10 shares for each file, such that any
488 3 of those shares are sufficient to recover the file. The default
489 value of "servers of happiness" is 7, which means that Tahoe-LAFS
490 will guarantee that there are at least 7 servers holding some of the
491 shares, such that any 3 of those servers can completely recover your
492 file. The new upload code also distributes the shares better than the
493 previous version in some cases and takes better advantage of
494 pre-existing shares (when a file has already been previously
495 uploaded). See the `architecture.rst`_ document [3] for details.
497 Bugfixes and Improvements
498 '''''''''''''''''''''''''
500 - Premature abort of upload if some shares were already present and
501 some servers fail. (`#608`_)
502 - python ./setup.py install -- can't create or remove files in install
504 - Network failure => internal TypeError. (`#902`_)
505 - Install of Tahoe on CentOS 5.4. (`#933`_)
506 - CLI option --node-url now supports https url. (`#1028`_)
507 - HTML/CSS template files were not correctly installed under
509 - MetadataSetter does not enforce restriction on setting "tahoe"
511 - ImportError: No module named
512 setuptools_darcs.setuptools_darcs. (`#1054`_)
513 - Renamed Title in xhtml files. (`#1062`_)
514 - Increase Python version dependency to 2.4.4, to avoid a critical
515 CPython security bug. (`#1066`_)
516 - Typo correction for the munin plugin tahoe_storagespace. (`#968`_)
517 - Fix warnings found by pylint. (`#973`_)
518 - Changing format of some documentation files. (`#1027`_)
519 - the misc/ directory was tied up. (`#1068`_)
520 - The 'ctime' and 'mtime' metadata fields are no longer written except
521 by "tahoe backup". (`#924`_)
522 - Unicode filenames in Tahoe-LAFS directories are normalized so that
523 names that differ only in how accents are encoded are treated as the
525 - Various small improvements to documentation. (`#937`_, `#911`_,
531 - The 'tahoe debug consolidate' subcommand (for converting old
532 allmydata Windows client backups to a newer format) has been
538 - the Python version dependency is raised to 2.4.4 in some cases
539 (2.4.3 for Redhat-based Linux distributions, 2.4.2 for UCS-2 builds)
543 - mock (only required by unit tests)
545 .. _`#534`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/534
546 .. _`#608`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/608
547 .. _`#778`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/778
548 .. _`#803`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/803
549 .. _`#902`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/902
550 .. _`#911`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/911
551 .. _`#924`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/924
552 .. _`#937`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/937
553 .. _`#933`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/933
554 .. _`#968`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/968
555 .. _`#973`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/973
556 .. _`#1024`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1024
557 .. _`#1027`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1027
558 .. _`#1028`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1028
559 .. _`#1033`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1033
560 .. _`#1034`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1034
561 .. _`#1037`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1037
562 .. _`#1054`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1054
563 .. _`#1062`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1062
564 .. _`#1066`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1066
565 .. _`#1068`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1068
566 .. _`#1076`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1076
567 .. _`#1082`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1082
568 .. _architecture.rst: docs/architecture.rst
569 .. _FTP-and-SFTP.rst: docs/frontends/FTP-and-SFTP.rst
571 Release 1.6.1 (2010-02-27)
572 --------------------------
577 - Correct handling of Small Immutable Directories
579 Immutable directories can now be deep-checked and listed in the web
580 UI in all cases. (In v1.6.0, some operations, such as deep-check, on
581 a directory graph that included very small immutable directories,
582 would result in an exception causing the whole operation to abort.)
585 Usability Improvements
586 ''''''''''''''''''''''
588 - Improved user interface messages and error reporting. (`#681`_,
590 - The timeouts for operation handles have been greatly increased, so
591 that you can view the results of an operation up to 4 days after it
592 has completed. After viewing them for the first time, the results
593 are retained for a further day. (`#577`_)
595 Release 1.6.0 (2010-02-01)
596 --------------------------
601 - Immutable Directories
603 Tahoe-LAFS can now create and handle immutable
604 directories. (`#607`_, `#833`_, `#931`_) These are read just like
605 normal directories, but are "deep-immutable", meaning that all their
606 children (and everything reachable from those children) must be
607 immutable objects (i.e. immutable or literal files, and other
608 immutable directories).
610 These directories must be created in a single webapi call that
611 provides all of the children at once. (Since they cannot be changed
612 after creation, the usual create/add/add sequence cannot be used.)
613 They have URIs that start with "URI:DIR2-CHK:" or "URI:DIR2-LIT:",
614 and are described on the human-facing web interface (aka the "WUI")
615 with a "DIR-IMM" abbreviation (as opposed to "DIR" for the usual
616 read-write directories and "DIR-RO" for read-only directories).
618 Tahoe-LAFS releases before 1.6.0 cannot read the contents of an
619 immutable directory. 1.5.0 will tolerate their presence in a
620 directory listing (and display it as "unknown"). 1.4.1 and earlier
621 cannot tolerate them: a DIR-IMM child in any directory will prevent
622 the listing of that directory.
624 Immutable directories are repairable, just like normal immutable
627 The webapi "POST t=mkdir-immutable" call is used to create immutable
628 directories. See `webapi.rst`_ for details.
630 - "tahoe backup" now creates immutable directories, backupdb has
633 The "tahoe backup" command has been enhanced to create immutable
634 directories (in previous releases, it created read-only mutable
635 directories) (`#828`_). This is significantly faster, since it does
636 not need to create an RSA keypair for each new directory. Also
637 "DIR-IMM" immutable directories are repairable, unlike "DIR-RO"
638 read-only mutable directories at present. (A future Tahoe-LAFS
639 release should also be able to repair DIR-RO.)
641 In addition, the backupdb (used by "tahoe backup" to remember what
642 it has already copied) has been enhanced to store information about
643 existing immutable directories. This allows it to re-use directories
644 that have moved but still contain identical contents, or that have
645 been deleted and later replaced. (The 1.5.0 "tahoe backup" command
646 could only re-use directories that were in the same place as they
647 were in the immediately previous backup.) With this change, the
648 backup process no longer needs to read the previous snapshot out of
649 the Tahoe-LAFS grid, reducing the network load
650 considerably. (`#606`_)
652 A "null backup" (in which nothing has changed since the previous
653 backup) will require only two Tahoe-side operations: one to add an
654 Archives/$TIMESTAMP entry, and a second to update the Latest/
655 link. On the local disk side, it will readdir() all your local
656 directories and stat() all your local files.
658 If you've been using "tahoe backup" for a while, you will notice
659 that your first use of it after upgrading to 1.6.0 may take a long
660 time: it must create proper immutable versions of all the old
661 read-only mutable directories. This process won't take as long as
662 the initial backup (where all the file contents had to be uploaded
663 too): it will require time proportional to the number and size of
664 your directories. After this initial pass, all subsequent passes
665 should take a tiny fraction of the time.
667 As noted above, Tahoe-LAFS versions earlier than 1.5.0 cannot list a
668 directory containing an immutable subdirectory. Tahoe-LAFS versions
669 earlier than 1.6.0 cannot read the contents of an immutable
672 The "tahoe backup" command has been improved to skip over unreadable
673 objects (like device files, named pipes, and files with permissions
674 that prevent the command from reading their contents), instead of
675 throwing an exception and terminating the backup process. It also
676 skips over symlinks, because these cannot be represented faithfully
677 in the Tahoe-side filesystem. A warning message will be emitted each
678 time something is skipped. (`#729`_, `#850`_, `#641`_)
680 - "create-node" command added, "create-client" now implies
683 The basic idea behind Tahoe-LAFS's client+server and client-only
684 processes is that you are creating a general-purpose Tahoe-LAFS
685 "node" process, which has several components that can be
686 activated. Storage service is one of these optional components, as
687 is the Helper, FTP server, and SFTP server. Web gateway
688 functionality is nominally on this list, but it is always active; a
689 future release will make it optional. There are three special
690 purpose servers that can't currently be run as a component in a
691 node: introducer, key-generator, and stats-gatherer.
693 So now "tahoe create-node" will create a Tahoe-LAFS node process,
694 and after creation you can edit its tahoe.cfg to enable or disable
695 the desired services. It is a more general-purpose replacement for
696 "tahoe create-client". The default configuration has storage
697 service enabled. For convenience, the "--no-storage" argument makes
698 a tahoe.cfg file that disables storage service. (`#760`_)
700 "tahoe create-client" has been changed to create a Tahoe-LAFS node
701 without a storage service. It is equivalent to "tahoe create-node
702 --no-storage". This helps to reduce the confusion surrounding the
703 use of a command with "client" in its name to create a storage
704 *server*. Use "tahoe create-client" to create a purely client-side
705 node. If you want to offer storage to the grid, use "tahoe
706 create-node" instead.
708 In the future, other services will be added to the node, and they
709 will be controlled through options in tahoe.cfg . The most important
710 of these services may get additional --enable-XYZ or --disable-XYZ
711 arguments to "tahoe create-node".
713 - Performance Improvements
715 Download of immutable files begins as soon as the downloader has
716 located the K necessary shares (`#928`_, `#287`_). In both the
717 previous and current releases, a downloader will first issue queries
718 to all storage servers on the grid to locate shares before it begins
719 downloading the shares. In previous releases of Tahoe-LAFS, download
720 would not begin until all storage servers on the grid had replied to
721 the query, at which point K shares would be chosen for download from
722 among the shares that were located. In this release, download begins
723 as soon as any K shares are located. This means that downloads start
724 sooner, which is particularly important if there is a server on the
725 grid that is extremely slow or even hung in such a way that it will
726 never respond. In previous releases such a server would have a
727 negative impact on all downloads from that grid. In this release,
728 such a server will have no impact on downloads, as long as K shares
729 can be found on other, quicker, servers. This also means that
730 downloads now use the "best-alacrity" servers that they talk to, as
731 measured by how quickly the servers reply to the initial query. This
732 might cause downloads to go faster, especially on grids with
733 heterogeneous servers or geographical dispersion.
738 - The webapi acquired a new "t=mkdir-with-children" command, to create
739 and populate a directory in a single call. This is significantly
740 faster than using separate "t=mkdir" and "t=set-children" operations
741 (it uses one gateway-to-grid roundtrip, instead of three or
744 - The t=set-children (note the hyphen) operation is now documented in
745 webapi.rst, and is the new preferred spelling of the
746 old t=set_children (with an underscore). The underscore version
747 remains for backwards compatibility. (`#381`_, `#927`_)
749 - The tracebacks produced by errors in CLI tools should now be in
750 plain text, instead of HTML (which is unreadable outside of a
753 - The [storage]reserved_space configuration knob (which causes the
754 storage server to refuse shares when available disk space drops
755 below a threshold) should work on Windows now, not just
758 - "tahoe cp" should now exit with status "1" if it cannot figure out a
759 suitable target filename, such as when you copy from a bare
762 - "tahoe get" no longer creates a zero-length file upon
765 - "tahoe ls" can now list single files. (`#457`_)
767 - "tahoe deep-check --repair" should tolerate repair failures now,
768 instead of halting traversal. (`#874`_, `#786`_)
770 - "tahoe create-alias" no longer corrupts the aliases file if it had
771 previously been edited to have no trailing newline. (`#741`_)
773 - Many small packaging improvements were made to facilitate the
774 "tahoe-lafs" package being included in Ubuntu. Several mac/win32
775 binary libraries were removed, some figleaf code-coverage files were
776 removed, a bundled copy of darcsver-1.2.1 was removed, and
777 additional licensing text was added.
779 - Several DeprecationWarnings for python2.6 were silenced. (`#859`_)
781 - The checker --add-lease option would sometimes fail for shares
782 stored on old (Tahoe v1.2.0) servers. (`#875`_)
784 - The documentation for installing on Windows (docs/quickstart.rst)
785 has been improved. (`#773`_)
787 For other changes not mentioned here, see
788 <https://tahoe-lafs.org/trac/tahoe-lafs/query?milestone=1.6.0&keywords=!~news-done>.
789 To include the tickets mentioned above, go to
790 <https://tahoe-lafs.org/trac/tahoe-lafs/query?milestone=1.6.0>.
792 .. _`#121`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/121
793 .. _`#287`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/287
794 .. _`#381`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/381
795 .. _`#457`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/457
796 .. _`#533`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/533
797 .. _`#577`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/577
798 .. _`#606`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/606
799 .. _`#607`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/607
800 .. _`#637`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/637
801 .. _`#641`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/641
802 .. _`#646`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/646
803 .. _`#681`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/681
804 .. _`#729`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/729
805 .. _`#741`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/741
806 .. _`#760`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/760
807 .. _`#761`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/761
808 .. _`#773`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/773
809 .. _`#786`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/786
810 .. _`#828`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/828
811 .. _`#833`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/833
812 .. _`#859`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/859
813 .. _`#874`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/874
814 .. _`#875`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/875
815 .. _`#931`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/931
816 .. _`#837`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/837
817 .. _`#850`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/850
818 .. _`#927`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/927
819 .. _`#928`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/928
820 .. _`#939`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/939
821 .. _`#948`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/948
822 .. _webapi.rst: docs/frontends/webapi.rst
824 Release 1.5.0 (2009-08-01)
825 --------------------------
830 - Uploads of immutable files now use pipelined writes, improving
831 upload speed slightly (10%) over high-latency connections. (`#392`_)
833 - Processing large directories has been sped up, by removing a O(N^2)
834 algorithm from the dirnode decoding path and retaining unmodified
835 encrypted entries. (`#750`_, `#752`_)
837 - The human-facing web interface (aka the "WUI") received a
838 significant CSS makeover by Kevin Reid, making it much prettier and
839 easier to read. The WUI "check" and "deep-check" forms now include a
840 "Renew Lease" checkbox, mirroring the CLI --add-lease option, so
841 leases can be added or renewed from the web interface.
843 - The CLI "tahoe mv" command now refuses to overwrite
844 directories. (`#705`_)
846 - The CLI "tahoe webopen" command, when run without arguments, will
847 now bring up the "Welcome Page" (node status and mkdir/upload
850 - The 3.5MB limit on mutable files was removed, so it should be
851 possible to upload arbitrarily-sized mutable files. Note, however,
852 that the data format and algorithm remains the same, so using
853 mutable files still requires bandwidth, computation, and RAM in
854 proportion to the size of the mutable file. (`#694`_)
856 - This version of Tahoe-LAFS will tolerate directory entries that
857 contain filecap formats which it does not recognize: files and
858 directories from the future. This should improve the user
859 experience (for 1.5.0 users) when we add new cap formats in the
860 future. Previous versions would fail badly, preventing the user from
861 seeing or editing anything else in those directories. These
862 unrecognized objects can be renamed and deleted, but obviously not
863 read or written. Also they cannot generally be copied. (`#683`_)
868 - deep-check-and-repair now tolerates read-only directories, such as
869 the ones produced by the "tahoe backup" CLI command. Read-only
870 directories and mutable files are checked, but not
871 repaired. Previous versions threw an exception when attempting the
872 repair and failed to process the remaining contents. We cannot yet
873 repair these read-only objects, but at least this version allows the
874 rest of the check+repair to proceed. (`#625`_)
876 - A bug in 1.4.1 which caused a server to be listed multiple times
877 (and frequently broke all connections to that server) was
880 - The plaintext-hashing code was removed from the Helper interface,
881 removing the Helper's ability to mount a
882 partial-information-guessing attack. (`#722`_)
884 Platform/packaging changes
885 ''''''''''''''''''''''''''
887 - Tahoe-LAFS now runs on NetBSD, OpenBSD, ArchLinux, and NixOS, and on
888 an embedded system based on an ARM CPU running at 266 MHz.
890 - Unit test timeouts have been raised to allow the tests to complete
891 on extremely slow platforms like embedded ARM-based NAS boxes, which
892 may take several hours to run the test suite. An ARM-specific
893 data-corrupting bug in an older version of Crypto++ (5.5.2) was
894 identified: ARM-users are encouraged to use recent
895 Crypto++/pycryptopp which avoids this problem.
897 - Tahoe-LAFS now requires a SQLite library, either the sqlite3 that
898 comes built-in with python2.5/2.6, or the add-on pysqlite2 if you're
899 using python2.4. In the previous release, this was only needed for
900 the "tahoe backup" command: now it is mandatory.
902 - Several minor documentation updates were made.
904 - To help get Tahoe-LAFS into Linux distributions like Fedora and
905 Debian, packaging improvements are being made in both Tahoe-LAFS and
906 related libraries like pycryptopp and zfec.
908 - The Crypto++ library included in the pycryptopp package has been
909 upgraded to version 5.6.0 of Crypto++, which includes a more
910 efficient implementation of SHA-256 in assembly for x86 or amd64
917 - no python-2.4.0 or 2.4.1 (2.4.2 is good) (they contained a bug in base64.b32decode)
918 - avoid python-2.6 on windows with mingw: compiler issues
919 - python2.4 requires pysqlite2 (2.5,2.6 does not)
923 .. _#392: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/392
924 .. _#625: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/625
925 .. _#653: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/653
926 .. _#683: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/683
927 .. _#694: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/694
928 .. _#705: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/705
929 .. _#722: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/722
930 .. _#750: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/750
931 .. _#752: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/752
933 Release 1.4.1 (2009-04-13)
934 --------------------------
939 - The big feature for this release is the implementation of garbage
940 collection, allowing Tahoe storage servers to delete shares for old
941 deleted files. When enabled, this uses a "mark and sweep" process:
942 clients are responsible for updating the leases on their shares
943 (generally by running "tahoe deep-check --add-lease"), and servers
944 are allowed to delete any share which does not have an up-to-date
945 lease. The process is described in detail in
946 `garbage-collection.rst`_.
948 The server must be configured to enable garbage-collection, by
949 adding directives to the [storage] section that define an age limit
950 for shares. The default configuration will not delete any shares.
952 Both servers and clients should be upgraded to this release to make
953 the garbage-collection as pleasant as possible. 1.2.0 servers have
954 code to perform the update-lease operation but it suffers from a
955 fatal bug, while 1.3.0 servers have update-lease but will return an
956 exception for unknown storage indices, causing clients to emit an
957 Incident for each exception, slowing the add-lease process down to a
958 crawl. 1.1.0 servers did not have the add-lease operation at all.
960 Security/Usability Problems Fixed
961 '''''''''''''''''''''''''''''''''
963 - A super-linear algorithm in the Merkle Tree code was fixed, which
964 previously caused e.g. download of a 10GB file to take several hours
965 before the first byte of plaintext could be produced. The new
966 "alacrity" is about 2 minutes. A future release should reduce this
967 to a few seconds by fixing ticket `#442`_.
969 - The previous version permitted a small timing attack (due to our use
970 of strcmp) against the write-enabler and lease-renewal/cancel
971 secrets. An attacker who could measure response-time variations of
972 approximatly 3ns against a very noisy background time of about 15ms
973 might be able to guess these secrets. We do not believe this attack
974 was actually feasible. This release closes the attack by first
975 hashing the two strings to be compared with a random secret.
980 - In most cases, HTML tracebacks will only be sent if an "Accept:
981 text/html" header was provided with the HTTP request. This will
982 generally cause browsers to get an HTMLized traceback but send
983 regular text/plain tracebacks to non-browsers (like the CLI
984 clients). More errors have been mapped to useful HTTP error codes.
986 - The streaming webapi operations (deep-check and manifest) now have a
987 way to indicate errors (an output line that starts with "ERROR"
988 instead of being legal JSON). See `webapi.rst`_ for
991 - The storage server now has its own status page (at /storage), linked
992 from the Welcome page. This page shows progress and results of the
993 two new share-crawlers: one which merely counts shares (to give an
994 estimate of how many files/directories are being stored in the
995 grid), the other examines leases and reports how much space would be
996 freed if GC were enabled. The page also shows how much disk space is
997 present, used, reserved, and available for the Tahoe server, and
998 whether the server is currently running in "read-write" mode or
1001 - When a directory node cannot be read (perhaps because of insufficent
1002 shares), a minimal webapi page is created so that the "more-info"
1003 links (including a Check/Repair operation) will still be accessible.
1005 - A new "reliability" page was added, with the beginnings of work on a
1006 statistical loss model. You can tell this page how many servers you
1007 are using and their independent failure probabilities, and it will
1008 tell you the likelihood that an arbitrary file will survive each
1009 repair period. The "numpy" package must be installed to access this
1010 page. A partial paper, written by Shawn Willden, has been added to
1011 docs/proposed/lossmodel.lyx .
1016 - "tahoe check" and "tahoe deep-check" now accept an "--add-lease"
1017 argument, to update a lease on all shares. This is the "mark" side
1018 of garbage collection.
1020 - In many cases, CLI error messages have been improved: the ugly
1021 HTMLized traceback has been replaced by a normal python traceback.
1023 - "tahoe deep-check" and "tahoe manifest" now have better error
1024 reporting. "tahoe cp" is now non-verbose by default.
1026 - "tahoe backup" now accepts several "--exclude" arguments, to ignore
1027 certain files (like editor temporary files and version-control
1028 metadata) during backup.
1030 - On windows, the CLI now accepts local paths like "c:\dir\file.txt",
1031 which previously was interpreted as a Tahoe path using a "c:" alias.
1033 - The "tahoe restart" command now uses "--force" by default (meaning
1034 it will start a node even if it didn't look like there was one
1037 - The "tahoe debug consolidate" command was added. This takes a series
1038 of independent timestamped snapshot directories (such as those
1039 created by the allmydata.com windows backup program, or a series of
1040 "tahoe cp -r" commands) and creates new snapshots that used shared
1041 read-only directories whenever possible (like the output of "tahoe
1042 backup"). In the most common case (when the snapshots are fairly
1043 similar), the result will use significantly fewer directories than
1044 the original, allowing "deep-check" and similar tools to run much
1045 faster. In some cases, the speedup can be an order of magnitude or
1046 more. This tool is still somewhat experimental, and only needs to
1047 be run on large backups produced by something other than "tahoe
1048 backup", so it was placed under the "debug" category.
1050 - "tahoe cp -r --caps-only tahoe:dir localdir" is a diagnostic tool
1051 which, instead of copying the full contents of files into the local
1052 directory, merely copies their filecaps. This can be used to verify
1053 the results of a "consolidation" operation.
1058 - The codebase no longer rauses RuntimeError as a kind of
1059 assert(). Specific exception classes were created for each previous
1060 instance of RuntimeError.
1062 -Many unit tests were changed to use a non-network test harness,
1063 speeding them up considerably.
1065 - Deep-traversal operations (manifest and deep-check) now walk
1066 individual directories in alphabetical order. Occasional turn breaks
1067 are inserted to prevent a stack overflow when traversing directories
1068 with hundreds of entries.
1070 - The experimental SFTP server had its path-handling logic changed
1071 slightly, to accomodate more SFTP clients, although there are still
1074 .. _#442: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/442
1075 .. _#645: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/645
1076 .. _garbage-collection.rst: docs/garbage-collection.rst
1078 Release 1.3.0 (2009-02-13)
1079 --------------------------
1081 Checker/Verifier/Repairer
1082 '''''''''''''''''''''''''
1084 - The primary focus of this release has been writing a checker /
1085 verifier / repairer for files and directories. "Checking" is the
1086 act of asking storage servers whether they have a share for the
1087 given file or directory: if there are not enough shares available,
1088 the file or directory will be unrecoverable. "Verifying" is the act
1089 of downloading and cryptographically asserting that the server's
1090 share is undamaged: it requires more work (bandwidth and CPU) than
1091 checking, but can catch problems that simple checking
1092 cannot. "Repair" is the act of replacing missing or damaged shares
1095 - This release includes a full checker, a partial verifier, and a
1096 partial repairer. The repairer is able to handle missing shares: new
1097 shares are generated and uploaded to make up for the missing
1098 ones. This is currently the best application of the repairer: to
1099 replace shares that were lost because of server departure or
1100 permanent drive failure.
1102 - The repairer in this release is somewhat able to handle corrupted
1103 shares. The limitations are:
1105 - Immutable verifier is incomplete: not all shares are used, and not
1106 all fields of those shares are verified. Therefore the immutable
1107 verifier has only a moderate chance of detecting corrupted shares.
1108 - The mutable verifier is mostly complete: all shares are examined,
1109 and most fields of the shares are validated.
1110 - The storage server protocol offers no way for the repairer to
1111 replace or delete immutable shares. If corruption is detected, the
1112 repairer will upload replacement shares to other servers, but the
1113 corrupted shares will be left in place.
1114 - read-only directories and read-only mutable files must be repaired
1115 by someone who holds the write-cap: the read-cap is
1116 insufficient. Moreover, the deep-check-and-repair operation will
1117 halt with an error if it attempts to repair one of these read-only
1119 - Some forms of corruption can cause both download and repair
1120 operations to fail. A future release will fix this, since download
1121 should be tolerant of any corruption as long as there are at least
1122 'k' valid shares, and repair should be able to fix any file that is
1125 - If the downloader, verifier, or repairer detects share corruption,
1126 the servers which provided the bad shares will be notified (via a
1127 file placed in the BASEDIR/storage/corruption-advisories directory)
1128 so their operators can manually delete the corrupted shares and
1129 investigate the problem. In addition, the "incident gatherer"
1130 mechanism will automatically report share corruption to an incident
1131 gatherer service, if one is configured. Note that corrupted shares
1132 indicate hardware failures, serious software bugs, or malice on the
1133 part of the storage server operator, so a corrupted share should be
1134 considered highly unusual.
1136 - By periodically checking/repairing all files and directories,
1137 objects in the Tahoe filesystem remain resistant to recoverability
1138 failures due to missing and/or broken servers.
1140 - This release includes a wapi mechanism to initiate checks on
1141 individual files and directories (with or without verification, and
1142 with or without automatic repair). A related mechanism is used to
1143 initiate a "deep-check" on a directory: recursively traversing the
1144 directory and its children, checking (and/or verifying/repairing)
1145 everything underneath. Both mechanisms can be run with an
1146 "output=JSON" argument, to obtain machine-readable check/repair
1147 status results. These results include a copy of the filesystem
1148 statistics from the "deep-stats" operation (including total number
1149 of files, size histogram, etc). If repair is possible, a "Repair"
1150 button will appear on the results page.
1152 - The client web interface now features some extra buttons to initiate
1153 check and deep-check operations. When these operations finish, they
1154 display a results page that summarizes any problems that were
1155 encountered. All long-running deep-traversal operations, including
1156 deep-check, use a start-and-poll mechanism, to avoid depending upon
1157 a single long-lived HTTP connection. `webapi.rst`_ has
1163 - The "tahoe backup" command is new in this release, which creates
1164 efficient versioned backups of a local directory. Given a local
1165 pathname and a target Tahoe directory, this will create a read-only
1166 snapshot of the local directory in $target/Archives/$timestamp. It
1167 will also create $target/Latest, which is a reference to the latest
1168 such snapshot. Each time you run "tahoe backup" with the same source
1169 and target, a new $timestamp snapshot will be added. These snapshots
1170 will share directories that have not changed since the last backup,
1171 to speed up the process and minimize storage requirements. In
1172 addition, a small database is used to keep track of which local
1173 files have been uploaded already, to avoid uploading them a second
1174 time. This drastically reduces the work needed to do a "null backup"
1175 (when nothing has changed locally), making "tahoe backup' suitable
1176 to run from a daily cronjob.
1178 Note that the "tahoe backup" CLI command must be used in conjunction
1179 with a 1.3.0-or-newer Tahoe client node; there was a bug in the
1180 1.2.0 webapi implementation that would prevent the last step (create
1181 $target/Latest) from working.
1186 - The 12GiB (approximate) immutable-file-size limitation is
1187 lifted. This release knows how to handle so-called "v2 immutable
1188 shares", which permit immutable files of up to about 18 EiB (about
1189 3*10^14). These v2 shares are created if the file to be uploaded is
1190 too large to fit into v1 shares. v1 shares are created if the file
1191 is small enough to fit into them, so that files created with
1192 tahoe-1.3.0 can still be read by earlier versions if they are not
1193 too large. Note that storage servers also had to be changed to
1194 support larger files, and this release is the first release in which
1195 they are able to do that. Clients will detect which servers are
1196 capable of supporting large files on upload and will not attempt to
1197 upload shares of a large file to a server which doesn't support it.
1202 - Tahoe now includes experimental FTP and SFTP servers. When
1203 configured with a suitable method to translate username+password
1204 into a root directory cap, it provides simple access to the virtual
1205 filesystem. Remember that FTP is completely unencrypted: passwords,
1206 filenames, and file contents are all sent over the wire in
1207 cleartext, so FTP should only be used on a local (127.0.0.1)
1208 connection. This feature is still in development: there are no unit
1209 tests yet, and behavior with respect to Unicode filenames is
1210 uncertain. Please see `FTP-and-SFTP.rst`_ for
1211 configuration details. (`#512`_, `#531`_)
1216 - This release adds the 'tahoe create-alias' command, which is a
1217 combination of 'tahoe mkdir' and 'tahoe add-alias'. This also allows
1218 you to start using a new tahoe directory without exposing its URI in
1219 the argv list, which is publicly visible (through the process table)
1220 on most unix systems. Thanks to Kevin Reid for bringing this issue
1223 - The single-argument form of "tahoe put" was changed to create an
1224 unlinked file. I.e. "tahoe put bar.txt" will take the contents of a
1225 local "bar.txt" file, upload them to the grid, and print the
1226 resulting read-cap; the file will not be attached to any
1227 directories. This seemed a bit more useful than the previous
1228 behavior (copy stdin, upload to the grid, attach the resulting file
1229 into your default tahoe: alias in a child named 'bar.txt').
1231 - "tahoe put" was also fixed to handle mutable files correctly: "tahoe
1232 put bar.txt URI:SSK:..." will read the contents of the local bar.txt
1233 and use them to replace the contents of the given mutable file.
1235 - The "tahoe webopen" command was modified to accept aliases. This
1236 means "tahoe webopen tahoe:" will cause your web browser to open to
1237 a "wui" page that gives access to the directory associated with the
1238 default "tahoe:" alias. It should also accept leading slashes, like
1239 "tahoe webopen tahoe:/stuff".
1241 - Many esoteric debugging commands were moved down into a "debug"
1244 - tahoe debug dump-cap
1245 - tahoe debug dump-share
1246 - tahoe debug find-shares
1247 - tahoe debug catalog-shares
1248 - tahoe debug corrupt-share
1250 The last command ("tahoe debug corrupt-share") flips a random bit
1251 of the given local sharefile. This is used to test the file
1252 verifying/repairing code, and obviously should not be used on user
1255 The cli might not correctly handle arguments which contain non-ascii
1256 characters in Tahoe v1.3 (although depending on your platform it
1257 might, especially if your platform can be configured to pass such
1258 characters on the command-line in utf-8 encoding). See
1259 https://tahoe-lafs.org/trac/tahoe-lafs/ticket/565 for details.
1264 - The "default webapi port", used when creating a new client node (and
1265 in the getting-started documentation), was changed from 8123 to
1266 3456, to reduce confusion when Tahoe accessed through a Firefox
1267 browser on which the "Torbutton" extension has been installed. Port
1268 8123 is occasionally used as a Tor control port, so Torbutton adds
1269 8123 to Firefox's list of "banned ports" to avoid CSRF attacks
1270 against Tor. Once 8123 is banned, it is difficult to diagnose why
1271 you can no longer reach a Tahoe node, so the Tahoe default was
1272 changed. Note that 3456 is reserved by IANA for the "vat" protocol,
1273 but there are argueably more Torbutton+Tahoe users than vat users
1274 these days. Note that this will only affect newly-created client
1275 nodes. Pre-existing client nodes, created by earlier versions of
1276 tahoe, may still be listening on 8123.
1278 - All deep-traversal operations (start-manifest, start-deep-size,
1279 start-deep-stats, start-deep-check) now use a start-and-poll
1280 approach, instead of using a single (fragile) long-running
1281 synchronous HTTP connection. All these "start-" operations use POST
1282 instead of GET. The old "GET manifest", "GET deep-size", and "POST
1283 deep-check" operations have been removed.
1285 - The new "POST start-manifest" operation, when it finally completes,
1286 results in a table of (path,cap), instead of the list of verifycaps
1287 produced by the old "GET manifest". The table is available in
1288 several formats: use output=html, output=text, or output=json to
1289 choose one. The JSON output also includes stats, and a list of
1290 verifycaps and storage-index strings. The "return_to=" and
1291 "when_done=" arguments have been removed from the t=check and
1292 deep-check operations.
1294 - The top-level status page (/status) now has a machine-readable form,
1295 via "/status/?t=json". This includes information about the
1296 currently-active uploads and downloads, which may be useful for
1297 frontends that wish to display progress information. There is no
1298 easy way to correlate the activities displayed here with recent wapi
1301 - Any files in BASEDIR/public_html/ (configurable) will be served in
1302 response to requests in the /static/ portion of the URL space. This
1303 will simplify the deployment of javascript-based frontends that can
1304 still access wapi calls by conforming to the (regrettable)
1305 "same-origin policy".
1307 - The welcome page now has a "Report Incident" button, which is tied
1308 into the "Incident Gatherer" machinery. If the node is attached to
1309 an incident gatherer (via log_gatherer.furl), then pushing this
1310 button will cause an Incident to be signalled: this means recent log
1311 events are aggregated and sent in a bundle to the gatherer. The user
1312 can push this button after something strange takes place (and they
1313 can provide a short message to go along with it), and the relevant
1314 data will be delivered to a centralized incident-gatherer for later
1315 processing by operations staff.
1317 - The "HEAD" method should now work correctly, in addition to the
1318 usual "GET", "PUT", and "POST" methods. "HEAD" is supposed to return
1319 exactly the same headers as "GET" would, but without any of the
1320 actual response body data. For mutable files, this now does a brief
1321 mapupdate (to figure out the size of the file that would be
1322 returned), without actually retrieving the file's contents.
1324 - The "GET" operation on files can now support the HTTP "Range:"
1325 header, allowing requests for partial content. This allows certain
1326 media players to correctly stream audio and movies out of a Tahoe
1327 grid. The current implementation uses a disk-based cache in
1328 BASEDIR/private/cache/download , which holds the plaintext of the
1329 files being downloaded. Future implementations might not use this
1330 cache. GET for immutable files now returns an ETag header.
1332 - Each file and directory now has a "Show More Info" web page, which
1333 contains much of the information that was crammed into the directory
1334 page before. This includes readonly URIs, storage index strings,
1335 object type, buttons to control checking/verifying/repairing, and
1336 deep-check/deep-stats buttons (for directories). For mutable files,
1337 the "replace contents" upload form has been moved here too. As a
1338 result, the directory page is now much simpler and cleaner, and
1339 several potentially-misleading links (like t=uri) are now gone.
1341 - Slashes are discouraged in Tahoe file/directory names, since they
1342 cause problems when accessing the filesystem through the
1343 wapi. However, there are a couple of accidental ways to generate
1344 such names. This release tries to make it easier to correct such
1345 mistakes by escaping slashes in several places, allowing slashes in
1346 the t=info and t=delete commands, and in the source (but not the
1347 target) of a t=rename command.
1352 - Tahoe's dependencies have been extended to require the
1353 "[secure_connections]" feature from Foolscap, which will cause
1354 pyOpenSSL to be required and/or installed. If OpenSSL and its
1355 development headers are already installed on your system, this can
1356 occur automatically. Tahoe now uses pollreactor (instead of the
1357 default selectreactor) to work around a bug between pyOpenSSL and
1358 the most recent release of Twisted (8.1.0). This bug only affects
1359 unit tests (hang during shutdown), and should not impact regular
1362 - The Tahoe source code tarballs now come in two different forms:
1363 regular and "sumo". The regular tarball contains just Tahoe, nothing
1364 else. When building from the regular tarball, the build process will
1365 download any unmet dependencies from the internet (starting with the
1366 index at PyPI) so it can build and install them. The "sumo" tarball
1367 contains copies of all the libraries that Tahoe requires (foolscap,
1368 twisted, zfec, etc), so using the "sumo" tarball should not require
1369 any internet access during the build process. This can be useful if
1370 you want to build Tahoe while on an airplane, a desert island, or
1371 other bandwidth-limited environments.
1373 - Similarly, tahoe-lafs.org now hosts a "tahoe-deps" tarball which
1374 contains the latest versions of all these dependencies. This
1376 https://tahoe-lafs.org/source/tahoe/deps/tahoe-deps.tar.gz, can be
1377 unpacked in the tahoe source tree (or in its parent directory), and
1378 the build process should satisfy its downloading needs from it
1379 instead of reaching out to PyPI. This can be useful if you want to
1380 build Tahoe from a darcs checkout while on that airplane or desert
1383 - Because of the previous two changes ("sumo" tarballs and the
1384 "tahoe-deps" bundle), most of the files have been removed from
1385 misc/dependencies/ . This brings the regular Tahoe tarball down to
1386 2MB (compressed), and the darcs checkout (without history) to about
1387 7.6MB. A full darcs checkout will still be fairly large (because of
1388 the historical patches which included the dependent libraries), but
1389 a 'lazy' one should now be small.
1391 - The default "make" target is now an alias for "setup.py build",
1392 which itself is an alias for "setup.py develop --prefix support",
1393 with some extra work before and after (see setup.cfg). Most of the
1394 complicated platform-dependent code in the Makefile was rewritten in
1395 Python and moved into setup.py, simplifying things considerably.
1397 - Likewise, the "make test" target now delegates most of its work to
1398 "setup.py test", which takes care of getting PYTHONPATH configured
1399 to access the tahoe code (and dependencies) that gets put in
1400 support/lib/ by the build_tahoe step. This should allow unit tests
1401 to be run even when trial (which is part of Twisted) wasn't already
1402 installed (in this case, trial gets installed to support/bin because
1403 Twisted is a dependency of Tahoe).
1405 - Tahoe is now compatible with the recently-released Python 2.6 ,
1406 although it is recommended to use Tahoe on Python 2.5, on which it
1407 has received more thorough testing and deployment.
1409 - Tahoe is now compatible with simplejson-2.0.x . The previous release
1410 assumed that simplejson.loads always returned unicode strings, which
1411 is no longer the case in 2.0.x .
1413 Grid Management Tools
1414 '''''''''''''''''''''
1416 - Several tools have been added or updated in the misc/ directory,
1417 mostly munin plugins that can be used to monitor a storage grid.
1419 - The misc/spacetime/ directory contains a "disk watcher" daemon
1420 (startable with 'tahoe start'), which can be configured with a set
1421 of HTTP URLs (pointing at the wapi '/statistics' page of a bunch of
1422 storage servers), and will periodically fetch
1423 disk-used/disk-available information from all the servers. It keeps
1424 this information in an Axiom database (a sqlite-based library
1425 available from divmod.org). The daemon computes time-averaged rates
1426 of disk usage, as well as a prediction of how much time is left
1427 before the grid is completely full.
1429 - The misc/munin/ directory contains a new set of munin plugins
1430 (tahoe_diskleft, tahoe_diskusage, tahoe_doomsday) which talk to the
1431 disk-watcher and provide graphs of its calculations.
1433 - To support the disk-watcher, the Tahoe statistics component
1434 (visible through the wapi at the /statistics/ URL) now includes
1435 disk-used and disk-available information. Both are derived through
1436 an equivalent of the unix 'df' command (i.e. they ask the kernel
1437 for the number of free blocks on the partition that encloses the
1438 BASEDIR/storage directory). In the future, the disk-available
1439 number will be further influenced by the local storage policy: if
1440 that policy says that the server should refuse new shares when less
1441 than 5GB is left on the partition, then "disk-available" will
1442 report zero even though the kernel sees 5GB remaining.
1444 - The 'tahoe_overhead' munin plugin interacts with an
1445 allmydata.com-specific server which reports the total of the
1446 'deep-size' reports for all active user accounts, compares this
1447 with the disk-watcher data, to report on overhead percentages. This
1448 provides information on how much space could be recovered once
1449 Tahoe implements some form of garbage collection.
1451 Configuration Changes: single INI-format tahoe.cfg file
1452 '''''''''''''''''''''''''''''''''''''''''''''''''''''''
1454 - The Tahoe node is now configured with a single INI-format file,
1455 named "tahoe.cfg", in the node's base directory. Most of the
1456 previous multiple-separate-files are still read for backwards
1457 compatibility (the embedded SSH debug server and the
1458 advertised_ip_addresses files are the exceptions), but new
1459 directives will only be added to tahoe.cfg . The "tahoe
1460 create-client" command will create a tahoe.cfg for you, with sample
1461 values commented out. (ticket `#518`_)
1463 - tahoe.cfg now has controls for the foolscap "keepalive" and
1464 "disconnect" timeouts (`#521`_).
1466 - tahoe.cfg now has controls for the encoding parameters:
1467 "shares.needed" and "shares.total" in the "[client]" section. The
1468 default parameters are still 3-of-10.
1470 - The inefficient storage 'sizelimit' control (which established an
1471 upper bound on the amount of space that a storage server is allowed
1472 to consume) has been replaced by a lightweight 'reserved_space'
1473 control (which establishes a lower bound on the amount of remaining
1474 space). The storage server will reject all writes that would cause
1475 the remaining disk space (as measured by a '/bin/df' equivalent) to
1476 drop below this value. The "[storage]reserved_space=" tahoe.cfg
1477 parameter controls this setting. (note that this only affects
1478 immutable shares: it is an outstanding bug that reserved_space does
1479 not prevent the allocation of new mutable shares, nor does it
1480 prevent the growth of existing mutable shares).
1485 - Clients now declare which versions of the protocols they
1486 support. This is part of a new backwards-compatibility system:
1487 https://tahoe-lafs.org/trac/tahoe-lafs/wiki/Versioning .
1489 - The version strings for human inspection (as displayed on the
1490 Welcome web page, and included in logs) now includes a platform
1491 identifer (frequently including a linux distribution name, processor
1494 - Several bugs have been fixed, including one that would cause an
1495 exception (in the logs) if a wapi download operation was cancelled
1496 (by closing the TCP connection, or pushing the "stop" button in a
1499 - Tahoe now uses Foolscap "Incidents", writing an "incident report"
1500 file to logs/incidents/ each time something weird occurs. These
1501 reports are available to an "incident gatherer" through the flogtool
1502 command. For more details, please see the Foolscap logging
1503 documentation. An incident-classifying plugin function is provided
1504 in misc/incident-gatherer/classify_tahoe.py .
1506 - If clients detect corruption in shares, they now automatically
1507 report it to the server holding that share, if it is new enough to
1508 accept the report. These reports are written to files in
1509 BASEDIR/storage/corruption-advisories .
1511 - The 'nickname' setting is now defined to be a UTF-8 -encoded string,
1512 allowing non-ascii nicknames.
1514 - The 'tahoe start' command will now accept a --syslog argument and
1515 pass it through to twistd, making it easier to launch non-Tahoe
1516 nodes (like the cpu-watcher) and have them log to syslogd instead of
1517 a local file. This is useful when running a Tahoe node out of a USB
1520 - The Mac GUI in src/allmydata/gui/ has been improved.
1522 .. _#512: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/512
1523 .. _#518: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/518
1524 .. _#521: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/521
1525 .. _#531: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/531
1527 Release 1.2.0 (2008-07-21)
1528 --------------------------
1533 - This release makes the immutable-file "ciphertext hash tree"
1534 mandatory. Previous releases allowed the uploader to decide whether
1535 their file would have an integrity check on the ciphertext or not. A
1536 malicious uploader could use this to create a readcap that would
1537 download as one file or a different one, depending upon which shares
1538 the client fetched first, with no errors raised. There are other
1539 integrity checks on the shares themselves, preventing a storage
1540 server or other party from violating the integrity properties of the
1541 read-cap: this failure was only exploitable by the uploader who
1542 gives you a carefully constructed read-cap. If you download the file
1543 with Tahoe 1.2.0 or later, you will not be vulnerable to this
1546 This change does not introduce a compatibility issue, because all
1547 existing versions of Tahoe will emit the ciphertext hash tree in
1553 - Tahoe now requires Foolscap-0.2.9 . It also requires pycryptopp 0.5
1554 or newer, since earlier versions had a bug that interacted with
1555 specific compiler versions that could sometimes result in incorrect
1556 encryption behavior. Both packages are included in the Tahoe source
1557 tarball in misc/dependencies/ , and should be built automatically
1563 - Web API directory pages should now contain properly-slash-terminated
1564 links to other directories. They have also stopped using absolute
1565 links in forms and pages (which interfered with the use of a
1566 front-end load-balancing proxy).
1568 - The behavior of the "Check This File" button changed, in conjunction
1569 with larger internal changes to file checking/verification. The
1570 button triggers an immediate check as before, but the outcome is
1571 shown on its own page, and does not get stored anywhere. As a
1572 result, the web directory page no longer shows historical checker
1575 - A new "Deep-Check" button has been added, which allows a user to
1576 initiate a recursive check of the given directory and all files and
1577 directories reachable from it. This can cause quite a bit of work,
1578 and has no intermediate progress information or feedback about the
1579 process. In addition, the results of the deep-check are extremely
1580 limited. A later release will improve this behavior.
1582 - The web server's behavior with respect to non-ASCII (unicode)
1583 filenames in the "GET save=true" operation has been improved. To
1584 achieve maximum compatibility with variously buggy web browsers, the
1585 server does not try to figure out the character set of the inbound
1586 filename. It just echoes the same bytes back to the browser in the
1587 Content-Disposition header. This seems to make both IE7 and Firefox
1590 Checker/Verifier/Repairer
1591 '''''''''''''''''''''''''
1593 - Tahoe is slowly acquiring convenient tools to check up on file
1594 health, examine existing shares for errors, and repair files that
1595 are not fully healthy. This release adds a mutable
1596 checker/verifier/repairer, although testing is very limited, and
1597 there are no web interfaces to trigger repair yet. The "Check"
1598 button next to each file or directory on the wapi page will perform
1599 a file check, and the "deep check" button on each directory will
1600 recursively check all files and directories reachable from there
1601 (which may take a very long time).
1603 Future releases will improve access to this functionality.
1605 Operations/Packaging
1606 ''''''''''''''''''''
1608 - A "check-grid" script has been added, along with a Makefile
1609 target. This is intended (with the help of a pre-configured node
1610 directory) to check upon the health of a Tahoe grid, uploading and
1611 downloading a few files. This can be used as a monitoring tool for a
1612 deployed grid, to be run periodically and to signal an error if it
1613 ever fails. It also helps with compatibility testing, to verify that
1614 the latest Tahoe code is still able to handle files created by an
1617 - The munin plugins from misc/munin/ are now copied into any generated
1618 debian packages, and are made executable (and uncompressed) so they
1619 can be symlinked directly from /etc/munin/plugins/ .
1621 - Ubuntu "Hardy" was added as a supported debian platform, with a
1622 Makefile target to produce hardy .deb packages. Some notes have been
1623 added to `debian.rst`_ about building Tahoe on a debian/ubuntu
1626 - Storage servers now measure operation rates and
1627 latency-per-operation, and provides results through the /statistics
1628 web page as well as the stats gatherer. Munin plugins have been
1634 - Tahoe nodes now use Foolscap "incident logging" to record unusual
1635 events to their NODEDIR/logs/incidents/ directory. These incident
1636 files can be examined by Foolscap logging tools, or delivered to an
1637 external log-gatherer for further analysis. Note that Tahoe now
1638 requires Foolscap-0.2.9, since 0.2.8 had a bug that complained about
1639 "OSError: File exists" when trying to create the incidents/
1640 directory for a second time.
1642 - If no servers are available when retrieving a mutable file (like a
1643 directory), the node now reports an error instead of hanging
1644 forever. Earlier releases would not only hang (causing the wapi
1645 directory listing to get stuck half-way through), but the internal
1646 dirnode serialization would cause all subsequent attempts to
1647 retrieve or modify the same directory to hang as well. `#463`_
1649 - A minor internal exception (reported in logs/twistd.log, in the
1650 "stopProducing" method) was fixed, which complained about
1651 "self._paused_at not defined" whenever a file download was stopped
1652 from the web browser end.
1654 .. _#463: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/463
1655 .. _#491: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/491
1656 .. _debian.rst: docs/debian.rst
1658 Release 1.1.0 (2008-06-11)
1659 --------------------------
1661 CLI: new "alias" model
1662 ''''''''''''''''''''''
1664 - The new CLI code uses an scp/rsync -like interface, in which
1665 directories in the Tahoe storage grid are referenced by a
1666 colon-suffixed alias. The new commands look like:
1668 - tahoe cp local.txt tahoe:virtual.txt
1669 - tahoe ls work:subdir
1671 - More functionality is available through the CLI: creating unlinked
1672 files and directories, recursive copy in or out of the storage grid,
1673 hardlinks, and retrieving the raw read- or write- caps through the
1674 'ls' command. Please read `CLI.rst`_ for complete details.
1676 wapi: new pages, new commands
1677 '''''''''''''''''''''''''''''
1679 - Several new pages were added to the web API:
1681 - /helper_status : to describe what a Helper is doing
1682 - /statistics : reports node uptime, CPU usage, other stats
1683 - /file : for easy file-download URLs, see `#221`_
1684 - /cap == /uri : future compatibility
1686 - The localdir=/localfile= and t=download operations were
1687 removed. These required special configuration to enable anyways, but
1688 this feature was a security problem, and was mostly obviated by the
1689 new "cp -r" command.
1691 - Several new options to the GET command were added:
1693 - t=deep-size : add up the size of all immutable files reachable from the directory
1694 - t=deep-stats : return a JSON-encoded description of number of files, size distribution, total size, etc
1696 - POST is now preferred over PUT for most operations which cause
1699 - Most wapi calls now accept overwrite=, and default to overwrite=true
1701 - "POST /uri/DIRCAP/parent/child?t=mkdir" is now the preferred API to
1702 create multiple directories at once, rather than ...?t=mkdir-p .
1704 - PUT to a mutable file ("PUT /uri/MUTABLEFILECAP", "PUT
1705 /uri/DIRCAP/child") will modify the file in-place.
1707 - more munin graphs in misc/munin/
1710 - tahoe-rootdir-space
1711 - tahoe_estimate_files
1712 - mutable files published/retrieved
1721 - setuptools (now required at runtime)
1723 New Mutable-File Code
1724 '''''''''''''''''''''
1726 - The mutable-file handling code (mostly used for directories) has
1727 been completely rewritten. The new scheme has a better API (with a
1728 modify() method) and is less likely to lose data when several
1729 uncoordinated writers change a file at the same time.
1731 - In addition, a single Tahoe process will coordinate its own
1732 writes. If you make two concurrent directory-modifying wapi calls to
1733 a single tahoe node, it will internally make one of them wait for
1734 the other to complete. This prevents auto-collision (`#391`_).
1736 - The new mutable-file code also detects errors during publish
1737 better. Earlier releases might believe that a mutable file was
1738 published when in fact it failed.
1743 - The node now monitors its own CPU usage, as a percentage, measured
1744 every 60 seconds. 1/5/15 minute moving averages are available on the
1745 /statistics web page and via the stats-gathering interface.
1747 - Clients now accelerate reconnection to all servers after being
1748 offline (`#374`_). When a client is offline for a long time, it
1749 scales back reconnection attempts to approximately once per hour, so
1750 it may take a while to make the first attempt, but once any attempt
1751 succeeds, the other server connections will be retried immediately.
1753 - A new "offloaded KeyGenerator" facility can be configured, to move
1754 RSA key generation out from, say, a wapi node, into a separate
1755 process. RSA keys can take several seconds to create, and so a wapi
1756 node which is being used for directory creation will be unavailable
1757 for anything else during this time. The Key Generator process will
1758 pre-compute a small pool of keys, to speed things up further. This
1759 also takes better advantage of multi-core CPUs, or SMP hosts.
1761 - The node will only use a potentially-slow "du -s" command at startup
1762 (to measure how much space has been used) if the "sizelimit"
1763 parameter has been configured (to limit how much space is
1764 used). Large storage servers should turn off sizelimit until a later
1765 release improves the space-management code, since "du -s" on a
1766 terabyte filesystem can take hours.
1768 - The Introducer now allows new announcements to replace old ones, to
1769 avoid buildups of obsolete announcements.
1771 - Immutable files are limited to about 12GiB (when using the default
1772 3-of-10 encoding), because larger files would be corrupted by the
1773 four-byte share-size field on the storage servers (`#439`_). A later
1774 release will remove this limit. Earlier releases would allow >12GiB
1775 uploads, but the resulting file would be unretrievable.
1777 - The docs/ directory has been rearranged, with old docs put in
1778 docs/historical/ and not-yet-implemented ones in docs/proposed/ .
1780 - The Mac OS-X FUSE plugin has a significant bug fix: earlier versions
1781 would corrupt writes that used seek() instead of writing the file in
1782 linear order. The rsync tool is known to perform writes in this
1783 order. This has been fixed.
1785 .. _#221: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/221
1786 .. _#374: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/374
1787 .. _#391: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/391
1788 .. _#439: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/439
1789 .. _CLI.rst: docs/CLI.rst