Commit Graph

194 Commits

Author SHA1 Message Date
Zooko O'Whielacronx
fc3bd0c987 use added secret to protect convergent encryption
Now upload or encode methods take a required argument named "convergence" which can be either None, indicating no convergent encryption at all, or a string, which is the "added secret" to be mixed in to the content hash key.  If you want traditional convergent encryption behavior, set the added secret to be the empty string.

This patch also renames "content hash key" to "convergent encryption" in a argument names and variable names.  (A different and larger renaming is needed in order to clarify that Tahoe supports immutable files which are not encrypted content-hash-key a.k.a. convergent encryption.)

This patch also changes a few unit tests to use non-convergent encryption, because it doesn't matter for what they are testing and non-convergent encryption is slightly faster.
2008-03-24 09:46:06 -07:00
Brian Warner
7996131a0a upload: stop putting plaintext and ciphertext hashes in shares.
This removes the guess-partial-information attack vector, and reduces
the amount of overhead that we consume with each file. It also introduces
a forwards-compability break: older versions of the code (before the
previous download-time "make hashes optional" patch) will be unable
to read files uploaded by this version, as they will complain about the
missing hashes. This patch is experimental, and is being pushed into
trunk to obtain test coverage. We may undo it before releasing 1.0.
2008-03-23 15:35:54 -07:00
Brian Warner
2ef70ab814 mutable.py: split replace() into update() and overwrite(). Addresses #328. 2008-03-12 18:00:43 -07:00
Brian Warner
89be2e1bea introweb: combine announcement and subscriber information to show version+nickname for each client 2008-03-11 19:21:29 -07:00
Brian Warner
810ba68343 add a webserver for the Introducer, showing service announcements and subscriber lists 2008-03-11 17:36:25 -07:00
Brian Warner
f6ca62df31 test_system: improve test coverage of publish/retrieve status 2008-03-04 01:24:35 -07:00
Brian Warner
7e159feb27 stats: make StatsGatherer happy about sharing a process with other services, add one during system test to get some test coverage 2008-03-03 23:55:58 -07:00
Brian Warner
3ecb483e35 test_system: add test coverage for download-status and upload-status 2008-03-03 21:37:17 -07:00
Brian Warner
1a7651ce82 retain 10 most recent upload/download status objects, show them in /status . Prep for showing individual status objects 2008-02-29 22:19:03 -07:00
Brian Warner
c3a1491cf4 test_system.py: improve coverage of webish.py 2008-02-15 04:02:50 -07:00
Brian Warner
7927495cbe unicode handling: declare dirnodes to contain unicode child names, update webish to match 2008-02-14 15:45:56 -07:00
Brian Warner
a050204833 add test coverage for the /stats web page 2008-02-13 13:57:39 -07:00
Zooko O'Whielacronx
3f8df27063 use base62 encoding for storage indexes, on disk and in verifier caps, and in logging and diagnostic tools
base62 encoding fits more information into alphanumeric chars while avoiding the troublesome non-alphanumeric chars of base64 encoding.  In particular, this allows us to work around the ext3 "32,000 entries in a directory" limit while retaining the convenient property that the intermediate directory names are leading prefixes of the storage index file names.
2008-02-12 20:48:37 -07:00
Brian Warner
ca27b8e5ad add 'tahoe catalog-shares' tool, to make a one-line summary of each share file. This can help do cross-server correlation of sharefiles, looking for anomalies 2008-02-11 18:17:01 -07:00
Brian Warner
7123c9d875 test_system.py: refactor bounce_client, probably make it stop failing on cygwin 2008-02-11 15:26:58 -07:00
Brian Warner
873dee53e9 test_system: remove the hackish debug_interrupt= attribute magic used to exercise interrupted-upload resumption, instead just make the Uploadable bounce the helper halfway through the upload 2008-02-07 20:15:37 -07:00
Brian Warner
3bd79917b2 test_system.py: remove that ugly debug_stash_RemoteencryptedUploadable hack, now that UploadResults give us a better approach 2008-02-07 17:27:30 -07:00
Brian Warner
4d4073fb16 test_system: deferred-handling logic in test_upload_and_download was broken 2008-02-06 14:05:11 -07:00
Brian Warner
2dcac796e9 add 'tahoe find-shares' command, to locate share files on a local node's disk 2008-02-06 13:19:51 -07:00
Brian Warner
e92a2b5ab2 dump-cap: include UEB_hash in output 2008-02-06 12:48:19 -07:00
Brian Warner
66f33ee504 upload: return an UploadResults instance (with .uri) instead of just a URI 2008-02-05 21:01:38 -07:00
Brian Warner
5103bf8148 storage: change service name from 'storageserver' to 'storage' 2008-02-05 20:28:59 -07:00
Brian Warner
d146ef7e09 webish: add extra introducer data (version, timestamps) to Welcome page 2008-02-05 17:32:27 -07:00
Brian Warner
daecca6589 big introducer refactoring: separate publish+subscribe. Addresses #271. 2008-02-05 13:05:13 -07:00
Zooko O'Whielacronx
79c439d026 storage: make two levels of share directories so as not to exceed certain filesystems's limitations on directory size
The filesystem which gets my vote for most undeservedly popular is ext3, and it has a hard limit of 32,000 entries in a directory.  Many other filesystems (even ones that I like more than I like ext3) have either hard limits or bad performance consequences or weird edge cases when you get too many entries in a single directory.

This patch makes it so that there is a layer of intermediate directories between the "shares" directory and the actual storage-index directory (the one whose name contains the entire storage index (z-base-32 encoded) and which contains one or more share files named by their share number).

The intermediate directories are named by the first 14 bits of the storage index, which means there are at most 16384 of them.  (This also means that the intermediate directory names are not a leading prefix of the storage-index directory names -- to do that would have required us to have intermediate directories limited to either 1024 (2-char), which is too few, or 32768 (3-chars of a full 5 bits each), which would overrun ext3's funny hard limit of 32,000.))

This closes #150, and please see the "convertshares.py" script attached to #150 to convert your old tahoe-0.7.0 storage/shares directory into a new tahoe-0.8.0 storage/shares directory.
2008-01-31 16:26:28 -07:00
Brian Warner
81eeafc574 upload-helper: avoid duplicate uploads: check the grid to see if the file already exists 2008-01-30 18:49:02 -07:00
Zooko O'Whielacronx
ca971559e6 make content-hash-key encryption a parameter of uploading
fixes #293
2008-01-30 12:24:50 -07:00
robk-tahoe
7c34658438 offloaded: fix failure in unit test on windows
in trying to test my fix for the failure of the offloaded unit test on windows
(by closing the reader before unlinking the encoding file - which, perhaps
disturbingly doesn't actually make a difference in my windows environment)
I was unable too because the unit test failed every time with a connection lost
error.

after much more time than I'd like to admit it took, I eventually managed to
track that down to a part of the unit test which is supposed to be be dropping
a connection.   it looks like the exceptions that get thrown on unix, or at
least all the specific environments brian tested in, for that dropped 
connection are different from what is thrown on my box (which is running py2.4
and twisted 2.4.0, for reference)  adding ConnectionLost to the list of
expected exceptions makes the test pass.

though curiously still my test logs a NotEnoughWritersError error, and I'm not
currently able to fathom why that exception isn't leading to any overall 
failure of the unit test itself.

for general interest, a large part of the time spent trying to track this down
was lost to the state of logging.  I added a whole bunch of logging to try
and track down where the tests were failing, but then spent a bunch of time
searching in vain for that log output.  as far as I can tell at this point
the unit tests are themselves logging to foolscap's log module, but that isn't
being directed anywhere, so all the test's logging is being black holed.
2008-01-17 20:57:29 -07:00
Brian Warner
fd0dc3013c offloaded: update unit tests: assert that interrupt/resume works, and that the helper deletes tempfiles 2008-01-17 01:18:10 -07:00
Brian Warner
51321944f0 megapatch: overhaul encoding_parameters handling: now it comes from the Uploadable, or the Client. Removed options= too. Also move helper towards resumability. 2008-01-16 03:03:35 -07:00
Brian Warner
9f0ee4b758 test_system: fix pyflakes warnings 2008-01-14 21:26:28 -07:00
Brian Warner
168a8c3b73 offloaded: improve logging, pass through options, get ready for testing interrupted uploads. test_system: add (disabled) interrupted-upload test 2008-01-14 21:24:26 -07:00
Brian Warner
7ac2b94aba remove wait_for_numpeers and the when_enough_peers call in mutable.Publish 2008-01-14 14:55:59 -07:00
Brian Warner
964edadf44 offloaded: add a system test, make it pass. files are now being uploaded through the helper. 2008-01-11 05:42:55 -07:00
Brian Warner
0e2ddb00be test_system: slight refactoring to eventually make it easier to configure some nodes with the output of others 2008-01-09 20:23:54 -07:00
Brian Warner
464637605e test_system: assert that BASEDIR/node.url is created properly 2008-01-07 17:46:22 -07:00
Zooko O'Whielacronx
4223f7216d rename "dir-uri" to "dir-cap" 2008-01-08 10:41:27 -07:00
Zooko O'Whielacronx
23961448da a few formatting tidy-ups 2008-01-03 17:14:19 -07:00
Zooko O'Whielacronx
5995d11a3c remove automatic private dir
* rename my_private_dir.cap to root_dir.cap
 * move it into the private subdir
 * change the cmdline argument "--root-uri=[private]" to "--dir-uri=[root]"
2008-01-03 17:02:05 -07:00
Zooko O'Whielacronx
a0d73f8afb remove some no-longer needed replacements of "/" with "!" in uris 2007-12-19 17:54:40 -07:00
Brian Warner
b8d77fbb46 move my_private_dir.cap into private/ 2007-12-17 20:57:40 -07:00
Zooko O'Whielacronx
a983f6d60c rename "my_private_dir.uri" to "my_private_dir.cap" 2007-12-17 18:35:25 -07:00
Zooko O'Whielacronx
8c65bdcf9d put all private state in $BASEDIR/private
fixes #219

The only part of #219 that this doesn't include is the part about 
logpublisher, which has been moved out of tahoe into foolscap.
2007-12-17 16:39:54 -07:00
Brian Warner
cd59cded91 test_system.py: oops, match change in RIControl 2007-12-14 03:08:16 -07:00
Zooko O'Whielacronx
38d1af7ede fix unit test to pass forward-slashes to the CLI since it demands that the CLI emit forward-slashes 2007-12-11 20:03:44 -07:00
Brian Warner
b085097adc test_system: write test data in 'b' verbatim mode, since on windows the default text-mode is different. Addresses one of the failures in #223 2007-12-11 19:16:33 -07:00
Brian Warner
4b8c2e93b3 checker: improve test coverage a little bit 2007-12-04 18:00:12 -07:00
Brian Warner
1a5257c388 improve test coverage on FileNode.check 2007-12-04 15:55:27 -07:00
Brian Warner
87e6ccbd4a remove leftover defer.setDebugging(), to speed up tests from 200s to 83s 2007-12-03 17:10:02 -07:00
Brian Warner
8a2736480a test_mutable: workaround: use more peers to avoid random test failures.
The underlying issue is recorded in #211: one corrupt share in a query
response will cause us to ignore the remaining shares in that response, even
if they are good. In our tests (with N=10 but only 5 peers), this can leave
us with too few shares to recover the file.

The temporary workaround is to use 10 peers, to make sure we never get
multiple shares per response. The real fix will be to fix the control flow.

This fixes #209.
2007-11-15 14:55:00 -07:00
Zooko O'Whielacronx
8fee58fcba merge patch to integrate decentralized directories with patch to handle bad hashes 2007-12-03 15:21:14 -07:00
Brian Warner
d6f2dbbac7 mutable: handle bad hashes, improve test coverage, rearrange slightly to facilitate these 2007-11-13 23:08:15 -07:00
Zooko O'Whielacronx
59d6c3c822 decentralized directories: integration and testing
* use new decentralized directories everywhere instead of old centralized directories
 * provide UI to them through the web server
 * provide UI to them through the CLI
 * update unit tests to simulate decentralized mutable directories in order to test other components that rely on them
 * remove the notion of a "vdrive server" and a client thereof
 * remove the notion of a "public vdrive", which was a directory that was centrally published/subscribed automatically by the tahoe node (you can accomplish this manually by making a directory and posting the URL to it on your web site, for example)
 * add a notion of "wait_for_numpeers" when you need to publish data to peers, which is how many peers should be attached before you start.  The default is 1.
 * add __repr__ for filesystem nodes (note: these reprs contain a few bits of the secret key!)
 * fix a few bugs where we used to equate "mutable" with "not read-only".  Nowadays all directories are mutable, but some might be read-only (to you).
 * fix a few bugs where code wasn't aware of the new general-purpose metadata dict the comes with each filesystem edge
 * sundry fixes to unit tests to adjust to the new directories, e.g. don't assume that every share on disk belongs to a chk file.
2007-12-03 14:52:42 -07:00
Zooko O'Whielacronx
7b24eebd0a unit tests: bump up a timeout which I encountered when running on a very slow machine 2007-11-29 14:47:35 -07:00
Brian Warner
63233ecf37 consolidate dirnode/filenode-creation code into Client 2007-11-09 02:54:51 -07:00
Brian Warner
a4606d6560 test_system: RSA keys are even more variable than I thought, 2044..2049 2007-11-08 05:04:11 -07:00
Brian Warner
2eaa4195cf mutable: add basic test coverage of new-dirnodes-using-mutable-files 2007-11-08 04:31:00 -07:00
Brian Warner
c538e2b020 mutable: fix multiple-versions-interfering-with-each-other bug. replace() tests now pass. 2007-11-08 04:07:33 -07:00
Brian Warner
0ad7ff48fa test_system: RSA keys vary in size, expand valid ranges in test 2007-11-08 03:01:13 -07:00
Brian Warner
09fd2dfb3a mutable: rearrange order of Publish to allow replace() to work. Doesn't work yet. Also test_mutable is disabled for a while. 2007-11-07 21:01:39 -07:00
Brian Warner
c783128012 mutable: wire in RSA for real, using pycryptopp 2007-11-07 17:51:35 -07:00
Brian Warner
be94960680 mutable: test roundtrip, make it work 2007-11-07 14:19:01 -07:00
Brian Warner
a46e64b0bb test_system.mutable: make sure we exercise FEC padding 2007-11-06 19:50:33 -07:00
Brian Warner
cc5d35cc07 dump-share: emit SDMF information too 2007-11-06 19:46:31 -07:00
Brian Warner
fdbe692810 add container_size to mutable dump-share output 2007-11-06 19:31:22 -07:00
Brian Warner
ddf4d23bef test_system.mutable: add test coverage for the 'dump-share' debug command 2007-11-06 19:10:49 -07:00
Brian Warner
bc8605ad39 test_system: add early test for mutable slots, currently publish-only 2007-11-06 18:57:11 -07:00
Brian Warner
57f994fb02 checker: remember checker results, but only in ram for now 2007-10-22 17:46:24 -07:00
Brian Warner
e992fed1f5 cli: improve test coverage 2007-10-21 12:33:17 -07:00
Brian Warner
aff059dd4b checker: return more information per CHK file, including the shareholder list 2007-10-17 02:25:50 -07:00
Brian Warner
d1f13fd117 add an equally-simple file-verifier 2007-10-16 12:25:09 -07:00
Brian Warner
9da1d70676 add a simple checker, for both files and directories 2007-10-15 16:16:39 -07:00
Brian Warner
4361b32f2d cli: implement 'mv'. Closes #162. 2007-10-11 20:31:48 -07:00
Brian Warner
8985b6565d cli: add test coverage 2007-10-11 19:20:41 -07:00
Brian Warner
c301b41f50 control: add measure_peer_response_time(), to estimate RTT for the mesh 2007-09-26 12:21:15 -07:00
Brian Warner
0596b9fe19 test_system.py minor typo 2007-09-26 12:07:37 -07:00
Brian Warner
0cfed96796 test_system.py: add coverage for allmydata.control 2007-09-26 12:06:55 -07:00
Brian Warner
9b09fd3bf1 test_system.py: do one upload, then test debug scripts, then do other uploads 2007-09-24 18:12:37 -07:00
Zooko O'Whielacronx
a18f7aa6d5 fix test_vdrive (fixes #144)
It turns out that we actually have *two* files in our storage servers at the 
time that test_vdrive asserts things about the shares.  I suppose that 
test_vdrive happens to pass on all other operating systems because the 
filesystem happens to return the right share as the first one in a 
"listdir()".  The fix in this patch is slightly kludgey -- allow either share 
to pass -- but good enough.
2007-09-22 15:26:27 -07:00
Brian Warner
d31d7ff941 test_system.py: do a large-file test (1.5MB) to trigger pauseProducing 2007-09-19 01:43:44 -07:00
Brian Warner
dbcabc1142 debug: 'dump-uri-extension' command becomes 'dump-share', add 'dump-share-leases'. Both display leases. 2007-09-02 14:48:20 -07:00
Brian Warner
2a63fe8b01 deletion phase3: add a sqlite database to track renew/cancel-lease secrets, implement renew/cancel_lease (but nobody calls them yet). Also, move the shares from BASEDIR/storage/* down to BASEDIR/storage/shares/* 2007-08-27 23:41:40 -07:00
Brian Warner
4de5767c98 web: remove /vdrive/private, replace with a start.html file that points at the /uri/PRIVATE_URI, to prevent XSRF attacks 2007-08-22 14:54:34 -07:00
Brian Warner
75056b6222 test_system: weaken the assertion about the 410 error message when downloading a bogus URI, since some systems emit error messages differently 2007-08-16 17:05:26 -07:00
Brian Warner
6b5e05cc67 test_system.py: verify that we can replace files in place 2007-08-16 17:03:50 -07:00
Brian Warner
be0ab3b1f1 test_system.py: many (failing) web tests were accidentally bypassed, fix those. Add some PUT tests. 2007-08-16 16:49:40 -07:00
Brian Warner
6c6c62037d fix pyflakes warnings from recent b32decode change 2007-08-12 16:33:51 -07:00
Brian Warner
0332e94656 test_system.py: add coverage for get_permuted_peers() 2007-08-12 16:29:34 -07:00
Zooko O'Whielacronx
42f8e57416 don't over-encode the nodeid many times with ascii-encoding 2007-08-12 10:29:38 -07:00
Brian Warner
81a9904455 CHK: remove the storage index from the URI, deriving it from the key instead 2007-07-21 18:23:15 -07:00
Brian Warner
1d9a58977f uri: implement URI-processing classes, IFileURI/IDirnodeURI, use internally 2007-07-21 15:40:36 -07:00
Brian Warner
4d868e6649 fix dump-uri-extension 2007-07-13 16:58:08 -07:00
Brian Warner
ba7e14a870 fix several methods to handle LIT URIs correctly, rather than assuming that all filenodes are CHK URIs 2007-07-12 16:17:49 -07:00
Brian Warner
5399395c27 allow the introducer to set default encoding parameters. Closes #84.
By writing something like "25 75 100" into a file named 'encoding_parameters'
in the central Introducer's base directory, all clients which use that
introducer will be advised to use 25-out-of-100 encoding for files (i.e.
100 shares will be produced, 25 are required to reconstruct, and the upload
process will be happy if it can find homes for at least 75 shares). The
default values are "3 7 10". For small meshes, the defaults are probably
good, but for larger ones it may be appropriate to increase the number of
shares.
2007-07-12 15:33:30 -07:00
Brian Warner
def63d193e implement URI:LIT, which stores small (<55B) files inside the URI itself. Fixes #81. 2007-07-12 13:22:36 -07:00
Brian Warner
f35c9c6540 test_system.py: change/remove the tests that currently fail due to web changes 2007-07-07 20:06:44 -07:00
Brian Warner
21e12f383d web: missed a IndexError-to-KeyError conversion 2007-07-06 19:43:03 -07:00
Brian Warner
622acc690a webish: improve reporting of web download errors that occur early enough
If the error occurs before any data has been sent, we can give a sensible
error message (code 500, stack trace, etc). This will cover most of the error
cases. The ones that aren't covered are when we run out of good peers after
successfully decoding the first segment, either because they go away or
because their shares are corrupt.
2007-07-03 13:47:37 -07:00
Brian Warner
f15bb302a1 webish.py: handle errors during download better. Addresses #65.
Previously, exceptions during a web download caused a hang rather than some
kind of exception or error message. This patch improves the situation by
terminating the HTTP download rather than letting it hang forever. The
behavior still isn't ideal, however, because the error can occur too late to
abort the HTTP request cleanly (i.e. with an error code). In fact, the
Content-Type header and response code have already been set by the time any
download errors have been detected, so the browser is committed to displaying
an image or whatever (thus any error message we put into the stream is
unlikely to be displayed in a meaningful way).
2007-07-03 13:18:14 -07:00
Brian Warner
9d47c2524e test_system: stall for a second while bouncing the client, it might help windows 2007-06-28 19:20:28 -07:00