Commit Graph

145 Commits

Author SHA1 Message Date
Brian Warner
7b21054c33 UNDO: upload: stop putting plaintext and ciphertext hashes in shares.
This removes the guess-partial-information attack vector, and reduces
the amount of overhead that we consume with each file. It also introduces
a forwards-compability break: older versions of the code (before the
previous download-time "make hashes optional" patch) will be unable
to read files uploaded by this version, as they will complain about the
missing hashes. This patch is experimental, and is being pushed into
trunk to obtain test coverage. We may undo it before releasing 1.0.
2008-03-23 15:35:54 -07:00
Zooko O'Whielacronx
fc3bd0c987 use added secret to protect convergent encryption
Now upload or encode methods take a required argument named "convergence" which can be either None, indicating no convergent encryption at all, or a string, which is the "added secret" to be mixed in to the content hash key.  If you want traditional convergent encryption behavior, set the added secret to be the empty string.

This patch also renames "content hash key" to "convergent encryption" in a argument names and variable names.  (A different and larger renaming is needed in order to clarify that Tahoe supports immutable files which are not encrypted content-hash-key a.k.a. convergent encryption.)

This patch also changes a few unit tests to use non-convergent encryption, because it doesn't matter for what they are testing and non-convergent encryption is slightly faster.
2008-03-24 09:46:06 -07:00
Brian Warner
7996131a0a upload: stop putting plaintext and ciphertext hashes in shares.
This removes the guess-partial-information attack vector, and reduces
the amount of overhead that we consume with each file. It also introduces
a forwards-compability break: older versions of the code (before the
previous download-time "make hashes optional" patch) will be unable
to read files uploaded by this version, as they will complain about the
missing hashes. This patch is experimental, and is being pushed into
trunk to obtain test coverage. We may undo it before releasing 1.0.
2008-03-23 15:35:54 -07:00
Brian Warner
2ef70ab814 mutable.py: split replace() into update() and overwrite(). Addresses #328. 2008-03-12 18:00:43 -07:00
Brian Warner
89be2e1bea introweb: combine announcement and subscriber information to show version+nickname for each client 2008-03-11 19:21:29 -07:00
Brian Warner
810ba68343 add a webserver for the Introducer, showing service announcements and subscriber lists 2008-03-11 17:36:25 -07:00
Brian Warner
f6ca62df31 test_system: improve test coverage of publish/retrieve status 2008-03-04 01:24:35 -07:00
Brian Warner
7e159feb27 stats: make StatsGatherer happy about sharing a process with other services, add one during system test to get some test coverage 2008-03-03 23:55:58 -07:00
Brian Warner
3ecb483e35 test_system: add test coverage for download-status and upload-status 2008-03-03 21:37:17 -07:00
Brian Warner
1a7651ce82 retain 10 most recent upload/download status objects, show them in /status . Prep for showing individual status objects 2008-02-29 22:19:03 -07:00
Brian Warner
c3a1491cf4 test_system.py: improve coverage of webish.py 2008-02-15 04:02:50 -07:00
Brian Warner
7927495cbe unicode handling: declare dirnodes to contain unicode child names, update webish to match 2008-02-14 15:45:56 -07:00
Brian Warner
a050204833 add test coverage for the /stats web page 2008-02-13 13:57:39 -07:00
Zooko O'Whielacronx
3f8df27063 use base62 encoding for storage indexes, on disk and in verifier caps, and in logging and diagnostic tools
base62 encoding fits more information into alphanumeric chars while avoiding the troublesome non-alphanumeric chars of base64 encoding.  In particular, this allows us to work around the ext3 "32,000 entries in a directory" limit while retaining the convenient property that the intermediate directory names are leading prefixes of the storage index file names.
2008-02-12 20:48:37 -07:00
Brian Warner
ca27b8e5ad add 'tahoe catalog-shares' tool, to make a one-line summary of each share file. This can help do cross-server correlation of sharefiles, looking for anomalies 2008-02-11 18:17:01 -07:00
Brian Warner
7123c9d875 test_system.py: refactor bounce_client, probably make it stop failing on cygwin 2008-02-11 15:26:58 -07:00
Brian Warner
873dee53e9 test_system: remove the hackish debug_interrupt= attribute magic used to exercise interrupted-upload resumption, instead just make the Uploadable bounce the helper halfway through the upload 2008-02-07 20:15:37 -07:00
Brian Warner
3bd79917b2 test_system.py: remove that ugly debug_stash_RemoteencryptedUploadable hack, now that UploadResults give us a better approach 2008-02-07 17:27:30 -07:00
Brian Warner
4d4073fb16 test_system: deferred-handling logic in test_upload_and_download was broken 2008-02-06 14:05:11 -07:00
Brian Warner
2dcac796e9 add 'tahoe find-shares' command, to locate share files on a local node's disk 2008-02-06 13:19:51 -07:00
Brian Warner
e92a2b5ab2 dump-cap: include UEB_hash in output 2008-02-06 12:48:19 -07:00
Brian Warner
66f33ee504 upload: return an UploadResults instance (with .uri) instead of just a URI 2008-02-05 21:01:38 -07:00
Brian Warner
5103bf8148 storage: change service name from 'storageserver' to 'storage' 2008-02-05 20:28:59 -07:00
Brian Warner
d146ef7e09 webish: add extra introducer data (version, timestamps) to Welcome page 2008-02-05 17:32:27 -07:00
Brian Warner
daecca6589 big introducer refactoring: separate publish+subscribe. Addresses #271. 2008-02-05 13:05:13 -07:00
Zooko O'Whielacronx
79c439d026 storage: make two levels of share directories so as not to exceed certain filesystems's limitations on directory size
The filesystem which gets my vote for most undeservedly popular is ext3, and it has a hard limit of 32,000 entries in a directory.  Many other filesystems (even ones that I like more than I like ext3) have either hard limits or bad performance consequences or weird edge cases when you get too many entries in a single directory.

This patch makes it so that there is a layer of intermediate directories between the "shares" directory and the actual storage-index directory (the one whose name contains the entire storage index (z-base-32 encoded) and which contains one or more share files named by their share number).

The intermediate directories are named by the first 14 bits of the storage index, which means there are at most 16384 of them.  (This also means that the intermediate directory names are not a leading prefix of the storage-index directory names -- to do that would have required us to have intermediate directories limited to either 1024 (2-char), which is too few, or 32768 (3-chars of a full 5 bits each), which would overrun ext3's funny hard limit of 32,000.))

This closes #150, and please see the "convertshares.py" script attached to #150 to convert your old tahoe-0.7.0 storage/shares directory into a new tahoe-0.8.0 storage/shares directory.
2008-01-31 16:26:28 -07:00
Brian Warner
81eeafc574 upload-helper: avoid duplicate uploads: check the grid to see if the file already exists 2008-01-30 18:49:02 -07:00
Zooko O'Whielacronx
ca971559e6 make content-hash-key encryption a parameter of uploading
fixes #293
2008-01-30 12:24:50 -07:00
robk-tahoe
7c34658438 offloaded: fix failure in unit test on windows
in trying to test my fix for the failure of the offloaded unit test on windows
(by closing the reader before unlinking the encoding file - which, perhaps
disturbingly doesn't actually make a difference in my windows environment)
I was unable too because the unit test failed every time with a connection lost
error.

after much more time than I'd like to admit it took, I eventually managed to
track that down to a part of the unit test which is supposed to be be dropping
a connection.   it looks like the exceptions that get thrown on unix, or at
least all the specific environments brian tested in, for that dropped 
connection are different from what is thrown on my box (which is running py2.4
and twisted 2.4.0, for reference)  adding ConnectionLost to the list of
expected exceptions makes the test pass.

though curiously still my test logs a NotEnoughWritersError error, and I'm not
currently able to fathom why that exception isn't leading to any overall 
failure of the unit test itself.

for general interest, a large part of the time spent trying to track this down
was lost to the state of logging.  I added a whole bunch of logging to try
and track down where the tests were failing, but then spent a bunch of time
searching in vain for that log output.  as far as I can tell at this point
the unit tests are themselves logging to foolscap's log module, but that isn't
being directed anywhere, so all the test's logging is being black holed.
2008-01-17 20:57:29 -07:00
Brian Warner
fd0dc3013c offloaded: update unit tests: assert that interrupt/resume works, and that the helper deletes tempfiles 2008-01-17 01:18:10 -07:00
Brian Warner
51321944f0 megapatch: overhaul encoding_parameters handling: now it comes from the Uploadable, or the Client. Removed options= too. Also move helper towards resumability. 2008-01-16 03:03:35 -07:00
Brian Warner
9f0ee4b758 test_system: fix pyflakes warnings 2008-01-14 21:26:28 -07:00
Brian Warner
168a8c3b73 offloaded: improve logging, pass through options, get ready for testing interrupted uploads. test_system: add (disabled) interrupted-upload test 2008-01-14 21:24:26 -07:00
Brian Warner
7ac2b94aba remove wait_for_numpeers and the when_enough_peers call in mutable.Publish 2008-01-14 14:55:59 -07:00
Brian Warner
964edadf44 offloaded: add a system test, make it pass. files are now being uploaded through the helper. 2008-01-11 05:42:55 -07:00
Brian Warner
0e2ddb00be test_system: slight refactoring to eventually make it easier to configure some nodes with the output of others 2008-01-09 20:23:54 -07:00
Brian Warner
464637605e test_system: assert that BASEDIR/node.url is created properly 2008-01-07 17:46:22 -07:00
Zooko O'Whielacronx
4223f7216d rename "dir-uri" to "dir-cap" 2008-01-08 10:41:27 -07:00
Zooko O'Whielacronx
23961448da a few formatting tidy-ups 2008-01-03 17:14:19 -07:00
Zooko O'Whielacronx
5995d11a3c remove automatic private dir
* rename my_private_dir.cap to root_dir.cap
 * move it into the private subdir
 * change the cmdline argument "--root-uri=[private]" to "--dir-uri=[root]"
2008-01-03 17:02:05 -07:00
Zooko O'Whielacronx
a0d73f8afb remove some no-longer needed replacements of "/" with "!" in uris 2007-12-19 17:54:40 -07:00
Brian Warner
b8d77fbb46 move my_private_dir.cap into private/ 2007-12-17 20:57:40 -07:00
Zooko O'Whielacronx
a983f6d60c rename "my_private_dir.uri" to "my_private_dir.cap" 2007-12-17 18:35:25 -07:00
Zooko O'Whielacronx
8c65bdcf9d put all private state in $BASEDIR/private
fixes #219

The only part of #219 that this doesn't include is the part about 
logpublisher, which has been moved out of tahoe into foolscap.
2007-12-17 16:39:54 -07:00
Brian Warner
cd59cded91 test_system.py: oops, match change in RIControl 2007-12-14 03:08:16 -07:00
Zooko O'Whielacronx
38d1af7ede fix unit test to pass forward-slashes to the CLI since it demands that the CLI emit forward-slashes 2007-12-11 20:03:44 -07:00
Brian Warner
b085097adc test_system: write test data in 'b' verbatim mode, since on windows the default text-mode is different. Addresses one of the failures in #223 2007-12-11 19:16:33 -07:00
Brian Warner
4b8c2e93b3 checker: improve test coverage a little bit 2007-12-04 18:00:12 -07:00
Brian Warner
1a5257c388 improve test coverage on FileNode.check 2007-12-04 15:55:27 -07:00
Brian Warner
87e6ccbd4a remove leftover defer.setDebugging(), to speed up tests from 200s to 83s 2007-12-03 17:10:02 -07:00