Commit Graph

1944 Commits

Author SHA1 Message Date
Zooko O'Whielacronx
81add135dc trivial: whitespace and docstring tidyups 2009-01-06 21:41:04 -07:00
Brian Warner
ebe767bccf storage.py: explain what this large and hard-to-recognize 4294967295 number is 2009-01-06 13:57:21 -07:00
Zooko O'Whielacronx
5e6f90a015 rename "checker results" to "check results", because it is more parallel to "check-and-repair results" 2009-01-06 13:37:03 -07:00
Zooko O'Whielacronx
4ada923e2b immutable: tests: verifier doesn't always catch corrupted share hashes
Maybe it already got one of the corrupted hashes from a different server and it doesn't double-check that the hash from every server is correct.  Or another problem.  But in any case I'm marking this as TODO because an even better (more picky) verifier is less urgent than repairer.
2009-01-06 13:04:49 -07:00
Zooko O'Whielacronx
3bc4b015c8 immutable: fix the writing of share data size into share file in case the share file is used by a < v1.3.0 storage server
Brian noticed that the constant was wrong, and in fixing that I noticed that we should be saturating instead of modding.
This code would never matter unless a server downgraded or a share migrated from Tahoe >= v1.3.0 to Tahoe < v1.3.0.  Even in that case, this bug would never matter unless the share size were exactly 4,294,967,296 bytes long.
Brian, for good reason, wanted this to be spelled "2**32" instead of "4294967296", but I couldn't stand to see a couple of more Python bytecodes interpreted in the middle of a core, frequent operation on the server like immutable share creation.
2009-01-06 12:24:04 -07:00
Zooko O'Whielacronx
8e92dd1231 trivial: whitespace cleanup 2009-01-06 11:20:58 -07:00
Zooko O'Whielacronx
d4a5f9131b util: base32: require str-not-unicode inputs -- effectively rolls back [3306] and [3307] 2009-01-06 10:41:22 -07:00
Zooko O'Whielacronx
c35a6ee3a2 trivial: fix a bunch of pyflakes complaints 2009-01-06 08:00:54 -07:00
Zooko O'Whielacronx
821e64203c cli: make startstop_node wait 40 seconds instead of 20 for a process to go away after we signalled it to go away, before emitting a warning
Because the unit tests on the VirtualZooko? buildslave failed when it took 31 seconds for a process to go away.
Perhaps getting warning message after only 5 seconds instead of 40 seconds is desirable, and we should change the unit tests and set this back to 5, but I don't know exactly how to change the unit tests. Perhaps match this particular warning message about the shutdown taking a while and allow the code under test to pass if the only stderr that it emits is this warning.
2009-01-06 07:51:06 -07:00
Zooko O'Whielacronx
6a12f316a4 immutable: new checker and verifier
New checker and verifier use the new download class.  They are robust against various sorts of failures or corruption.  They return detailed results explaining what they learned about your immutable files.  Some grotesque sorts of corruption are not properly handled yet, and those ones are marked as TODO or commented-out in the unit tests.
There is also a repairer module in this patch with the beginnings of a repairer in it.  That repairer is mostly just the interface to the outside world -- the core operation of actually reconstructing the missing data blocks and uploading them is not in there yet.
This patch also refactors the unit tests in test_immutable so that the handling of each kind of corruption is reported as passing or failing separately, can be separately TODO'ified, etc.  The unit tests are also improved in various ways to require more of the code under test or to stop requiring unreasonable things of it.  :-)
2009-01-05 18:28:18 -07:00
Zooko O'Whielacronx
4921a9f243 trivial: fix inline comment in test code 2009-01-05 17:53:42 -07:00
Zooko O'Whielacronx
206ab2b44d immutable: handle another form of share corruption with LayoutInvalid exception instead of AssertionError 2009-01-05 17:46:45 -07:00
Zooko O'Whielacronx
c84bb795f3 trivial: remove unused import (pyflakes) 2009-01-05 17:31:20 -07:00
Zooko O'Whielacronx
67d72aadd3 immutable: skip the test of large files, because that is too hard on the host if it doesn't efficiently handle sparse files 2009-01-05 17:07:27 -07:00
Zooko O'Whielacronx
f4fab23bf6 immutable: raise a LayoutInvalid exception instead of an AssertionError if the share is corrupted so that the sharehashtree is the wrong size 2009-01-05 14:01:14 -07:00
Zooko O'Whielacronx
98b28c1d5e immutable: stop reading past the end of the sharefile in the process of optimizing download -- Tahoe storage servers < 1.3.0 return an error if you read past the end of the share file 2009-01-05 13:40:57 -07:00
Zooko O'Whielacronx
8a840469c3 immutable: tidy up the notification of waiters for ReadBucketProxy 2009-01-05 13:35:22 -07:00
Zooko O'Whielacronx
778167c2b1 immutable: refactor downloader to be more reusable for checker/verifier/repairer (and better)
The code for validating the share hash tree and the block hash tree has been rewritten to make sure it handles all cases, to share metadata about the file (such as the share hash tree, block hash trees, and UEB) among different share downloads, and not to require hashes to be stored on the server unnecessarily, such as the roots of the block hash trees (not needed since they are also the leaves of the share hash tree), and the root of the share hash tree (not needed since it is also included in the UEB).  It also passes the latest tests including handling corrupted shares well.
  
ValidatedReadBucketProxy takes a share_hash_tree argument to its constructor, which is a reference to a share hash tree shared by all ValidatedReadBucketProxies for that immutable file download.
  
ValidatedReadBucketProxy requires the block_size and share_size to be provided in its constructor, and it then uses those to compute the offsets and lengths of blocks when it needs them, instead of reading those values out of the share.  The user of ValidatedReadBucketProxy therefore has to have first used a ValidatedExtendedURIProxy to compute those two values from the validated contents of the URI.  This is pleasingly simplifies safety analysis: the client knows which span of bytes corresponds to a given block from the validated URI data, rather than from the unvalidated data stored on the storage server.  It also simplifies unit testing of verifier/repairer, because now it doesn't care about the contents of the "share size" and "block size" fields in the share.  It does not relieve the need for share data v2 layout, because we still need to store and retrieve the offsets of the fields which come after the share data, therefore we still need to use share data v2 with its 8-byte fields if we want to store share data larger than about 2^32.
  
Specify which subset of the block hashes and share hashes you need while downloading a particular share.  In the future this will hopefully be used to fetch only a subset, for network efficiency, but currently all of them are fetched, regardless of which subset you specify.
  
ReadBucketProxy hides the question of whether it has "started" or not (sent a request to the server to get metadata) from its user.

Download is optimized to do as few roundtrips and as few requests as possible, hopefully speeding up download a bit.
2009-01-05 09:51:45 -07:00
Zooko O'Whielacronx
5d5e89d96d util: add gatherResults which is a deferred-list-like thing that doesn't wrap failures in a FirstError 2009-01-04 10:52:02 -07:00
Zooko O'Whielacronx
38f293a913 immutable: fix think-o in previous patch which caused all reads to return "", and also optimize by not opening the file when the answer is going to be "" 2009-01-03 14:02:45 -07:00
Zooko O'Whielacronx
53b28c1650 immutable: when storage server reads from immutable share, don't try to read past the end of the file (Python allocates space according to the amount of data requested, so if there is corruption and that number is huge it will do a huge memory allocation) 2009-01-03 13:22:22 -07:00
Zooko O'Whielacronx
de4269a643 immutable: mark a failing download test as "todo", because I think it is revealing a limitation of the current downloader's handling of corrupted shares 2009-01-03 13:00:03 -07:00
Zooko O'Whielacronx
8f5cc24948 trivial: remove unused import (pyflakes) 2009-01-03 12:22:15 -07:00
Zooko O'Whielacronx
5954ab456d immutable: fix test for truncated reads of URI extension block size 2009-01-03 11:44:27 -07:00
Zooko O'Whielacronx
7adf905b9f immutable: further loosen the performance-regression test to allow up to 45 reads
This does raise the question of if there is any point to this test, since I apparently don't know what the answer *should* be, and whenever one of the buildbots fails then I redefine success.

But, I'm about to commit a bunch of patches to implement checker, verifier, and repairer as well as to refactor downloader, and I would really like to know if these patches *increase* the number of reads required even higher than it currently is.
2009-01-03 11:41:09 -07:00
Zooko O'Whielacronx
2788c80496 trivial: another place where I accidentally committed a note-to-self about the lease fields in the server-side share file 2009-01-03 11:29:41 -07:00
Zooko O'Whielacronx
54787771c3 immutable: fix detection of truncated shares to take into account the fieldsize -- either 4 or 8 2009-01-02 18:57:45 -07:00
Zooko O'Whielacronx
21e0ff97f2 immutable: raise LayoutInvalid instead of struct.error when a share is truncated
To fix this error from the Windows buildslave:

[ERROR]: allmydata.test.test_immutable.Test.test_download_from_only_3_remaining_shares

Traceback (most recent call last):
  File "C:\Documents and Settings\buildslave\windows-native-tahoe\windows\build\src\allmydata\immutable\download.py", line 135, in _bad
    raise NotEnoughSharesError("ran out of peers, last error was %s" % (f,))
allmydata.interfaces.NotEnoughSharesError: ran out of peers, last error was [Failure instance: Traceback: <class 'struct.error'>: unpack requires a string argument of length 4
c:\documents and settings\buildslave\windows-native-tahoe\windows\build\support\lib\site-packages\foolscap-0.3.2-py2.5.egg\foolscap\call.py:667:_done
c:\documents and settings\buildslave\windows-native-tahoe\windows\build\support\lib\site-packages\foolscap-0.3.2-py2.5.egg\foolscap\call.py:53:complete
c:\Python25\lib\site-packages\twisted\internet\defer.py:239:callback
c:\Python25\lib\site-packages\twisted\internet\defer.py:304:_startRunCallbacks
--- <exception caught here> ---
c:\Python25\lib\site-packages\twisted\internet\defer.py:317:_runCallbacks
C:\Documents and Settings\buildslave\windows-native-tahoe\windows\build\src\allmydata\immutable\layout.py:374:_got_length
C:\Python25\lib\struct.py:87:unpack
]
===============================================================================
2009-01-02 18:48:06 -07:00
Zooko O'Whielacronx
5a21638853 immutable: whoops, it actually takes up to 39 reads sometimes to download a corrupted file 2009-01-02 17:43:02 -07:00
Zooko O'Whielacronx
e26cec2502 immutable: add more detailed tests of download, including testing the count of how many reads different sorts of downloads take 2009-01-02 16:54:59 -07:00
Zooko O'Whielacronx
cc70c163ba trivial: a few improvements to in-line doc and code, and renaming of test/test_immutable_checker.py to test/test_immutable.py
That file currently tests checker and verifier and repairer, and will soon also test downloader.
2009-01-02 16:49:41 -07:00
Zooko O'Whielacronx
a52b5542e9 immutable: fix name change from BadOrMissingShareHash to BadOrMissingHash
One of the instances of the name accidentally didn't get changed, and pyflakes noticed.  The new downloader/checker/verifier/repairer unit tests would also have noticed, but those tests haven't been rolled into a patch and applied to this repo yet...
2009-01-02 13:27:09 -07:00
Zooko O'Whielacronx
c72be1c553 trivial: remove unused import -- thanks, pyflakes 2009-01-02 13:21:28 -07:00
Zooko O'Whielacronx
d8c9c3dc99 immutable: download.py: Raise the appropriate type of exception to indicate the cause of failure, e.g. BadOrMissingHash, ServerFailure, IntegrityCheckReject (which is a supertype of BadOrMissingHash). This helps users (such as verifier/repairer) catch certain classes of reasons for "why did this download not work". The tests of verifier/repairer test this code and rely on this code. 2009-01-02 12:58:58 -07:00
Zooko O'Whielacronx
fa5c1d8326 immutable: ReadBucketProxy defines classes of exception: LayoutInvalid and its two subtypes RidiculouslyLargeURIExtensionBlock and ShareVersionIncompatible. This helps users (such as verifier/repairer) catch certain classes of reasons for "why did this download not work". This code gets exercised by the verifier/repairer unit tests, which corrupt the shares on disk in order to trigger problems like these. 2009-01-02 12:15:54 -07:00
Zooko O'Whielacronx
0ee027c180 immutable: ValidatedExtendedURIProxy computes and stores block_size and share_size for the convenience of its users 2009-01-02 11:43:17 -07:00
Zooko O'Whielacronx
fe707630af doc: remove notes to self that I accidentally included in a recent patch 2009-01-01 22:14:57 -07:00
Zooko O'Whielacronx
63efa1665b immutable: make the test of large files more likely to work by requesting to allocate space for only one huge share, not three 2008-12-31 15:59:42 -07:00
Zooko O'Whielacronx
b0b9e8c1da trivial: "M-x whitespace-cleanup", and also remove an unused variable 2008-12-31 15:42:33 -07:00
Zooko O'Whielacronx
6c4019ec33 immutable: storage servers accept any size shares now
Nathan Wilcox observed that the storage server can rely on the size of the share file combined with the count of leases to unambiguously identify the location of the leases.  This means that it can hold any size share data, even though the field nominally used to hold the size of the share data is only 32 bits wide.

With this patch, the storage server still writes the "size of the share data" field (just in case the server gets downgraded to an earlier version which requires that field, or the share file gets moved to another server which is of an earlier vintage), but it doesn't use it.  Also, with this patch, the server no longer rejects requests to write shares which are >= 2^32 bytes in size, and it no longer rejects attempts to read such shares.

This fixes http://allmydata.org/trac/tahoe/ticket/346 (increase share-size field to 8 bytes, remove 12GiB filesize limit), although there remains open a question of how clients know that a given server can handle large shares (by using the new versioning scheme, probably).

Note that share size is also limited by another factor -- how big of a file we can store on the local filesystem on the server.  Currently allmydata.com typically uses ext3 and I think we typically have block size = 4 KiB, which means that the largest file is about 2 TiB.  Also, the hard drives themselves are only 1 TB, so the largest share is definitely slightly less than 1 TB, which means (when K == 3), the largest file is less than 3 TB.

This patch also refactors the creation of new sharefiles so that only a single fopen() is used.

This patch also helps with the unit-testing of repairer, since formerly it was unclear what repairer should expect to find if the "share data size" field was corrupted (some corruptions would have no effect, others would cause failure to download).  Now it is clear that repairer is not required to notice if this field is corrupted since it has no effect on download.  :-)
2008-12-31 15:42:26 -07:00
Zooko O'Whielacronx
0687f692b0 trivial: "M-x whitespace-cleanup" on immutable/layout.py 2008-12-31 15:07:02 -07:00
Zooko O'Whielacronx
b8904e023c trivial: remove unused import -- thanks, pyflakes 2008-12-31 15:25:56 -07:00
Zooko O'Whielacronx
c00d20361f rrefutil: generically wrap any errback from callRemote() in a ServerFailure instance
This facilitates client code to easily catch ServerFailures without also catching exceptions arising from client-side code.
See also:
http://foolscap.lothar.com/trac/ticket/105 # make it easy to distinguish server-side failures/exceptions from client-side
2008-12-31 14:28:30 -07:00
Zooko O'Whielacronx
3a47031a51 immutable: more detailed tests for checker/verifier/repairer
There are a lot of different ways that a share could be corrupted, or that attempting to download it might fail.  These tests attempt to exercise many of those ways and require the checker/verifier/repairer to handle each kind of failure well.
2008-12-31 14:18:38 -07:00
Zooko O'Whielacronx
8d83699783 cli: make startstop_node wait 20 seconds instead of 5 for a process to go away after we signalled it to go away
Because the unit tests on the VirtualZooko buildslave failed when it took 16 seconds for a process to go away.
Perhaps getting notification after only 5 seconds instead of 20 seconds is desirable, and we should change the unit tests and set this back to 5, but I don't know exactly how to change the unit tests.  Perhaps match this particular warning message about the shutdown taking a while and allow the code under test to pass if the only stderr that it emits is this warning.
2008-12-30 01:20:22 -07:00
Zooko O'Whielacronx
872e4fc84d doc: sundry amendments to docs and in-line code comments 2008-12-28 16:59:54 -07:00
Zooko O'Whielacronx
9f117dbe8f cli: mark unicode filenames as unsupported -- see #534 for details 2008-12-24 13:28:02 -07:00
Zooko O'Whielacronx
883e51b02d cli: undo the effects of [http://allmydata.org/trac/tahoe/changeset/20081222235453-92b7f-f841e18afb94e1fd95e6dafb799a3d876dd85c69]
We're just going to mark unicode in the cli as unsupported for tahoe-lafs-1.3.0.  Unicode filenames on the command-line do actually work for some platforms and probably only if the platform encoding is utf-8, but I'm not sure, and in any case for it to be marked as "supported" it would have to work on all platforms, be thoroughly tested, and also we would have to understand why it worked.  :-)
2008-12-24 09:53:17 -07:00
Zooko O'Whielacronx
25d962c67d test: extend timeout on the hotline file that prevents the client from stopping itself
The 20-second timeout was apparently tripped on my Powerbook G4 "draco".
2008-12-21 21:06:29 -07:00
Zooko O'Whielacronx
36df38e58b cli: decode all cli arguments, assuming that they are utf-8 encoded
Also encode all args to urllib as utf-8 because urllib doesn't handle unicode objects.
I'm not sure if it is appropriate to *assume* utf-8 encoding of cli args.  Perhaps the Right thing to do is to detect the platform encoding.  Any ideas?
This patch is mostly due to François Deppierraz.
2008-12-22 17:54:53 -07:00
Zooko O'Whielacronx
ce5effbedf util/base32: the identity trans table needn't have any contents -- we are using string.translate solely to delete known chars 2008-12-22 17:48:08 -07:00
Zooko O'Whielacronx
3a26a4bd58 util/base32: allow unicode inputs to a2b() or could_be_base32_encoded(), and encode them with utf-8 before processing them 2008-12-22 17:47:13 -07:00
Zooko O'Whielacronx
dde2376c4e util/base32: loosen the precondition forbidding unicode and requiring str -- now it requires either unicode or str
Hopefully this will make it so that tests pass with François Deppierraz's patch to fix the tahoe cli's handling of unicode argument.
2008-12-22 16:22:37 -07:00
Zooko O'Whielacronx
c54783f5e1 immutable: don't catch all exception when downloading, catch only DeadReferenceError and IntegrityCheckReject 2008-12-21 17:41:35 -07:00
Zooko O'Whielacronx
ad58f8b693 immutable: invent download.BadOrMissingHashError which is raised if either hashtree.BadHashError, hashtree.NotEnoughHashesError, and which is a subclass of IntegrityCheckReject 2008-12-21 17:41:30 -07:00
Zooko O'Whielacronx
f1fbd4feae dirnode: don't check MAC on entries in dirnodes
In an ancient version of directories, we needed a MAC on each entry.  In modern times, the entire dirnode comes with a digital signature, so the MAC on each entry is redundant.
With this patch, we no longer check those MACs when reading directories, but we still produce them so that older readers will accept directories that we write.
2008-12-21 17:35:18 -07:00
Zooko O'Whielacronx
8b7ce325d7 immutable, checker, and tests: improve docstrings, assertions, tests
No functional changes, but remove unused code, improve or fix docstrings, etc.
2008-12-21 15:07:52 -07:00
Zooko O'Whielacronx
c79230c854 cli: if response code from wapi server is not 200 then stop instead of proceeding
Also, include the data that failed to json parse in an exception raised by the json parser.
2008-12-20 07:49:18 -07:00
Zooko O'Whielacronx
ec86563326 immutable: when downloading an immutable file, use primary shares if they are available
Primary shares require no erasure decoding so the more primary shares you have, the less CPU is used.
2008-12-20 07:14:56 -07:00
Zooko O'Whielacronx
a71a68b31e trivial: remove unused import (thanks, pyflakes) 2008-12-19 13:46:29 -07:00
Zooko O'Whielacronx
471e1f1b9b try to tidy up uri-as-string vs. uri-as-object
I get confused about whether a given argument or return value is a uri-as-string or uri-as-object.  This patch adds a lot of assertions that it is one or the other, and also changes CheckerResults to take objects not strings.
In the future, I hope that we generally use Python objects except when importing into or exporting from the Python interpreter e.g. over the wire, the UI, or a stored file.
2008-12-19 08:39:24 -07:00
Zooko O'Whielacronx
7b285ebcb1 immutable: remove the last bits of code (only test code or unused code) which did something with plaintext hashes or plaintext hash trees 2008-12-19 08:18:07 -07:00
Zooko O'Whielacronx
d67a3fe4b1 immutable: use new logging mixins to simplify logging 2008-12-16 18:04:50 -07:00
Zooko O'Whielacronx
d511941136 immutable: refactor ReadBucketProxy a little 2008-12-16 17:53:25 -07:00
Zooko O'Whielacronx
82ee44ed5b debug: pass empty optional arguments to ReadBucketProxy
because those arguments are about to become non-optional (for other code than test/debug code)
2008-12-16 17:51:45 -07:00
Zooko O'Whielacronx
8e48a0eeef uri: generalize regexp that recognizes tahoe URLs to work for any host and port 2008-12-16 17:49:30 -07:00
Zooko O'Whielacronx
2b2c2a566b util: logging: refactor some common logging behavior into mixins 2008-12-16 17:38:07 -07:00
Zooko O'Whielacronx
5fb44a3e79 pyutil: assertutil: copy in simplified assertutil from pyutil 2008-12-16 17:37:45 -07:00
Zooko O'Whielacronx
e29e4c04d9 pyutil: assertutil: simplify handling of exception during formatting of precondition message, and reduce dependency to just the Python Standard Library's logging module 2008-12-10 07:10:57 -07:00
Zooko O'Whielacronx
1d84606d52 client: add get_servers() 2008-12-08 17:04:00 -07:00
Brian Warner
278c47b9bd mutable publish: if we are surprised by shares that match what we would have written anyways, don't be surprised. This should fix one of the two #546 problems, in which we re-use a server and forget that we already sent them a share. 2008-12-09 22:44:49 -07:00
Zooko O'Whielacronx
db566db31a immutable: remove unused code to produce plaintext hashes 2008-12-09 16:45:46 -07:00
Zooko O'Whielacronx
c3edae5158 finish renaming 'subshare' to 'block' in immutable/encode.py and in docs/ 2008-12-09 16:33:18 -07:00
Zooko O'Whielacronx
09b7151b6f introducer: fix bug in recent simplification caught by Brian's sharp code-reviewing eye 2008-12-08 17:16:34 -07:00
Zooko O'Whielacronx
a84581fcff introducer: simplify get_permuted_peers() implementation and add get_peers() 2008-12-08 16:57:25 -07:00
Zooko O'Whielacronx
c456ff8591 rename "get_verifier()" to "get_verify_cap()" 2008-12-08 12:44:11 -07:00
Zooko O'Whielacronx
16b20794dd mutable: merge renaming with test patches 2008-12-07 08:45:19 -07:00
Zooko O'Whielacronx
b58875fe43 mutable: rename mutable/node.py to mutable/filenode.py and mutable/repair.py to mutable/repairer.py
To be more consistent with the immutable layout that I am working on.
2008-12-07 08:20:08 -07:00
Brian Warner
735b3493f1 web/directory.py: really really fix #553. Unfortunately it's tricky to simulate the behavior of a brower's relative-url handling in a unit test. 2008-12-05 23:14:12 -07:00
francois
db7ad6da12 filenode.py: Fix partial HTTP Range header handling according to RFC2616
Tahoe webapi was failing on HTTP request containing a partial Range header.
This change allows movies players like mplayer to seek in movie files stored in
tahoe.

Associated tests for GET and HEAD methods are also included
2008-11-18 07:41:35 -07:00
Brian Warner
ffb5985146 mutable.modify(): after UCWE, publish even if the second invocation of the modifier didn't modify anything. For #551. 2008-12-05 22:49:23 -07:00
Brian Warner
7a0afb59a4 dirnode.py: dirnode.delete which hits UCWE should not fail with NoSuchChildError. Fixes #550. 2008-12-05 22:08:37 -07:00
Brian Warner
fb9af2c7a0 MutableFileNode.modify: pass first_time= and servermap= to the modifier callback 2008-12-05 22:07:10 -07:00
Zooko O'Whielacronx
21d88a0cba web: fix more info links again
Really, *really* closes #553.
2008-12-05 15:39:39 -07:00
Zooko O'Whielacronx
dd834cf7e9 web: fix moreinfo link 2008-12-05 15:29:39 -07:00
Zooko O'Whielacronx
93cd0f58a9 web: "More Info" link describes the same file that the "file" link points to, rather than to the file under the same name in this directory
It's a subtle but real difference.
Fixes #553 -- "More Info" link should point to a file/dir, not a dir+childname .
2008-12-05 15:05:02 -07:00
Zooko O'Whielacronx
60bbc46a53 minor: fix unused imports -- thanks, pyflakes 2008-12-05 13:07:23 -07:00
Zooko O'Whielacronx
b315619d6b download: refactor handling of URI Extension Block and crypttext hash tree, simplify things
Refactor into a class the logic of asking each server in turn until one of them gives an answer 
that validates.  It is called ValidatedThingObtainer.

Refactor the downloading and verification of the URI Extension Block into a class named 
ValidatedExtendedURIProxy.

The new logic of validating UEBs is minimalist: it doesn't require the UEB to contain any 
unncessary information, but of course it still accepts such information for backwards 
compatibility (so that this new download code is able to download files uploaded with old, and 
for that matter with current, upload code).

The new logic of validating UEBs follows the practice of doing all validation up front.  This 
practice advises one to isolate the validation of incoming data into one place, so that all of 
the rest of the code can assume only valid data.

If any redundant information is present in the UEB+URI, the new code cross-checks and asserts 
that it is all fully consistent.  This closes some issues where the uploader could have 
uploaded inconsistent redundant data, which would probably have caused the old downloader to 
simply reject that download after getting a Python exception, but perhaps could have caused 
greater harm to the old downloader.

I removed the notion of selecting an erasure codec from codec.py based on the string that was 
passed in the UEB.  Currently "crs" is the only such string that works, so 
"_assert(codec_name == 'crs')" is simpler and more explicit.  This is also in keeping with the 
"validate up front" strategy -- now if someone sets a different string than "crs" in their UEB, 
the downloader will reject the download in the "validate this UEB" function instead of in a 
separate "select the codec instance" function.

I removed the code to check plaintext hashes and plaintext Merkle Trees.  Uploaders do not 
produce this information any more (since it potentially exposes confidential information about 
the file), and the unit tests for it were disabled.  The downloader before this patch would 
check that plaintext hash or plaintext merkle tree if they were present, but not complain if 
they were absent.  The new downloader in this patch complains if they are present and doesn't 
check them.  (We might in the future re-introduce such hashes over the plaintext, but encrypt 
the hashes which are stored in the UEB to preserve confidentiality.  This would be a double-
check on the correctness of our own source code -- the current Merkle Tree over the ciphertext 
is already sufficient to guarantee the integrity of the download unless there is a bug in our 
Merkle Tree or AES implementation.) 

This patch increases the lines-of-code count by 8 (from 17,770 to 17,778), and reduces the 
uncovered-by-tests lines-of-code count by 24 (from 1408 to 1384).  Those numbers would be more 
meaningful if we omitted src/allmydata/util/ from the test-coverage statistics.
2008-12-05 08:17:54 -07:00
Brian Warner
a0b5b5ab2b test_web: add get_permuted_peers, to unbreak recent checker_results change 2008-12-05 02:12:10 -07:00
Brian Warner
42f8aece05 web checker_results: include a table of servers in permuted order, so you can see the places where new servers have been inserted 2008-12-05 02:03:09 -07:00
Brian Warner
e942ab141b test_system.py: assert less about the stats we get, since shares (and thus allocate() calls) are distributed randomly 2008-12-04 17:27:04 -07:00
Brian Warner
7c4edac582 stats: don't return booleans: it violates the schema. Add a test. 2008-12-04 15:01:24 -07:00
Brian Warner
7cfc74bcc9 test_system.py: don't ask the stats-gatherer to poll: it tolerates failures, so it isn't really giving us enough test coverage. Removing the call will make it more clear that we need to improve the tests later 2008-12-04 15:00:53 -07:00
Peter Secor
a8e515a8bb confwiz.py - removing hardcoded version number 2008-12-02 20:38:31 -07:00
Brian Warner
a2ce315074 CLI: check for pre-existing aliases in 'tahoe create-alias' and 'tahoe add-alias' 2008-12-02 20:20:22 -07:00
Brian Warner
cdbb72d5ff test_cli: pass rc out of do_cli() too 2008-12-02 20:08:28 -07:00
Brian Warner
6958b7fa90 test_storage.py: more windows-vs-readonly-storage fixes 2008-12-02 19:41:02 -07:00
Brian Warner
fe9c3e9529 storage.py: oops, fix windows again, readonly_storage wasn't getting picked up properly 2008-12-02 19:03:17 -07:00
Brian Warner
d3783475b4 test_download.py: remove extra base32 import 2008-12-02 18:31:26 -07:00
Brian Warner
b997e6ca7c test_download: test both mutable and immutable pre-generated shares 2008-12-02 18:30:07 -07:00
Brian Warner
2d70f7fc0b test_download.py: added 'known-answer-tests', to make sure current code can download a file that was created by earlier code 2008-12-02 18:22:08 -07:00
Brian Warner
d295a7afb9 storage.py: unbreak readonly_storage=True on windows 2008-12-01 19:49:46 -07:00
Brian Warner
71c62f8fcb #542 'tahoe create-key-generator': fix the .tac file this creates to be compatible with modern code, add a test 2008-12-01 17:47:21 -07:00
Brian Warner
c5222558f4 storage.py: fix minor typo in comment 2008-12-01 17:25:40 -07:00
Brian Warner
cfba882b30 storage: replace sizelimit with reserved_space, make the stats 'disk_avail' number incorporate this reservation 2008-12-01 17:24:21 -07:00
Brian Warner
39a41f1d85 util/abbreviate: add abbreviated-size parser 2008-12-01 17:24:12 -07:00
Zooko O'Whielacronx
fe6abac87b wui/wapi: change the default port number from 8123 to 3456 to avoid conflict with TorButton
See ticket #536 for details.
2008-11-25 17:57:37 -07:00
Brian Warner
7ea0a1316a mutable publish: reinstate the foolscap-reference-token-bug workaround, both for the original reasons and because of an apparent new foolscap bug that's triggered by reference tokens. See #541 for details. 2008-11-25 14:27:35 -07:00
Zooko O'Whielacronx
51c7580fc8 setup: fix missing import -- thanks, pyflakes 2008-11-25 09:55:28 -07:00
Zooko O'Whielacronx
de9edde8f5 setup: correctly detect Arch Linux in platform description 2008-11-25 09:51:18 -07:00
Brian Warner
bc53c24003 dirnode manifest: add verifycaps, both to internal API and to webapi. This will give the manual-GC tools more to work with, so they can estimate how much space will be freed. 2008-11-24 14:40:46 -07:00
Brian Warner
2308440fb6 control.py: use get_buckets() instead of get_version() to measure ping time, because the latter changed recently 2008-11-22 23:13:23 -07:00
Brian Warner
3e25efc010 upload: when using a Helper, insist that it provide protocols/helper/v1 . Related to #538. 2008-11-21 20:29:32 -07:00
Brian Warner
0fab511be5 upload: don't use servers which can't support the share size we need. This ought to avoid #439 problems. Some day we'll have a storage server which advertises support for a larger share size. No tests yet. 2008-11-21 20:28:12 -07:00
Brian Warner
bf06492a90 #538: fetch version and attach to the rref. Make IntroducerClient demand v1 support. 2008-11-21 20:07:27 -07:00
Brian Warner
0eb6b324a4 #538: add remote_get_version() to four main Referenceable objects: Introducer Service, Storage Server, Helper, CHK Upload Helper. Remove unused storage-server get_versions(). 2008-11-21 17:43:52 -07:00
Brian Warner
4ada26101b test_dirnode: add an explainError call 2008-11-19 16:02:12 -07:00
Brian Warner
b84c2c6541 manifest: add storage-index strings to the json results 2008-11-19 16:00:27 -07:00
Brian Warner
815e0673e6 manifest: include stats in results. webapi is unchanged. 2008-11-19 15:03:47 -07:00
Brian Warner
6f6556da22 mutable: respect the new tahoe.cfg 'shares.needed' and 'shares.total' settings 2008-11-19 14:05:01 -07:00
Brian Warner
82fe7ba360 oops, update tests to match 'tahoe stats' change 2008-11-18 20:32:59 -07:00
Brian Warner
677928a1da cli: tahoe stats: abbreviate total sizes too 2008-11-18 20:28:16 -07:00
Brian Warner
9871f3f1b7 cli: 'tahoe stats': add abbreviated size to the histogram. Not sure this actually improves things. 2008-11-18 20:17:36 -07:00
Brian Warner
7391f63fc1 util/abbreviate: little utility to abbreviate seconds and bytes 2008-11-18 20:11:42 -07:00
Brian Warner
0cdf526b50 cli: add 'tahoe check' and 'tahoe deep-check' commands, with primitive reporting code 2008-11-18 19:12:10 -07:00
Brian Warner
9c866ada71 cli: factor out slow-http-operation to a separate module 2008-11-18 19:11:13 -07:00
Brian Warner
5c3e153d0e cli: tahoe stats/manifest: change --verbose to --raw, since I want -v for --verify for check/deep-check/repair 2008-11-18 18:36:08 -07:00
Brian Warner
d657d22c0c test_system: make 'where' strings more helpful, to track down test failures better 2008-11-18 18:29:50 -07:00
Brian Warner
7932fadb5e webapi: add 'summary' string to checker results JSON 2008-11-18 18:28:26 -07:00
Brian Warner
994d97c644 webapi: introducer stats: add 'announcement_distinct_hosts' to the t=json form, to show how many distinct hosts are providing e.g. storage services 2008-11-18 15:30:15 -07:00
Brian Warner
918970b63a 'tahoe create-key-generator': fix help text 2008-11-18 01:47:58 -07:00
Brian Warner
8473a96ada #330: convert stats-gatherer into a .tac file service, add 'tahoe create-stats-gatherer' 2008-11-18 01:46:20 -07:00
Brian Warner
cae54ab118 tahoe.cfg: add controls for k and N (and shares-of-happiness) 2008-11-18 00:29:44 -07:00
Brian Warner
ead0e4d6ca cli: add tests for 'tahoe stats --verbose' 2008-11-17 22:11:14 -07:00
Brian Warner
94de73ddc0 cli: add --verbose to 'tahoe manifest', to show the raw JSON data 2008-11-17 22:02:19 -07:00
Brian Warner
d6a67cd566 dirnode manifest/stats: process more than one LIT file per tree; we were accidentally ignoring all but the first 2008-11-14 22:50:49 -07:00
Brian Warner
fc7cd23bd1 limiter.py: fix stack blowout by inserting an eventual-send between _done and maybe_start_task. This was causing failures during a 'tahoe manifest' of a large set of directories 2008-11-14 21:11:44 -07:00
francois
1a3a464534 test_cli.py: Ensure that we can read our uploaded files back 2008-11-14 07:44:58 -07:00
francois
32b5bc6330 test_cli.py: use str objects instead of unicode ones
This will hopefully fix failing tests with LC_ALL=C
2008-11-14 07:41:37 -07:00
Brian Warner
5a60086dbc CLI: add 'tahoe stats', to run start-deep-stats and print the results 2008-11-13 19:43:50 -07:00
Brian Warner
9c9994300e test_system.py: fix new 'tahoe manifest' tests to not break on windows, by providing --node-directory instead of --node-url 2008-11-13 15:27:48 -07:00
francois
5c0c5bfc81 test for bug #534, unicode filenames
This test assure that uploading a file whose name contains unicode character
doesn't prevent further uploads in the same directory.
2008-11-13 05:19:51 -07:00
francois
c1f639d230 Fix an filename encoding issue with "tahoe cp" 2008-11-11 14:08:03 -07:00
Brian Warner
0d5cc38a35 web/info.py: use 128-bit ophandles instead of 64-bit 2008-11-12 20:18:42 -07:00
Brian Warner
0d93d6244e CLI: add 'tahoe manifest', which takes a directory and returns a list of things you can reach from it 2008-11-12 20:17:25 -07:00
Brian Warner
c9175de0f2 create_node.py: also remove now-unused import of pkg_resources 2008-11-12 18:47:16 -07:00
Brian Warner
9976bd439a tahoe.cfg: add tub.location, to override the location hints we include in our FURL. This replaces advertised_ip_addresses, which doesn't remain useful enough to retain it. Helps with #517 (Tor). 2008-11-12 18:44:58 -07:00
Zooko O'Whielacronx
74ce1cdc00 setup: remove pkg_resources.require() from create_node.py and add it to runner.py
Brian correctly points out that the latter is an entry point.
2008-11-12 15:25:03 -07:00
Zooko O'Whielacronx
14444dbcc0 tests: fix comment 1970-01-05 04:10:55 -07:00
Zooko O'Whielacronx
3a0dc8e4ec tests: add tahoe_cp to the list of scripts that we don't actually have tests for yet 1970-01-05 04:00:58 -07:00