[Commits] [wesnoth/wesnoth] ea4f9a: campaignd: Add wrapper for atomic commits of cruci...

GitHub noreply at github.com
Thu Sep 14 22:26:46 UTC 2017 

  Branch: refs/heads/1.12
  Home:   https://github.com/wesnoth/wesnoth
  Commit: ea4f9a4ba2e6d49d67097368fc8b083d3402c629
      https://github.com/wesnoth/wesnoth/commit/ea4f9a4ba2e6d49d67097368fc8b083d3402c629
  Author: Ignacio R. Morelle <shadowm at wesnoth.org>
  Date:   2017-09-14 (Thu, 14 Sep 2017)

  Changed paths:
    M src/CMakeLists.txt
    M src/SConscript
    M src/campaign_server/campaign_server.cpp
    A src/campaign_server/fs_commit.cpp
    A src/campaign_server/fs_commit.hpp

  Log Message:
  -----------
  campaignd: Add wrapper for atomic commits of crucial files

As the 2016-10-07~09 downtime incident shows, it is paramount to take
further steps in guaranteeing that the server can't corrupt its own data
files (especially the add-ons database) when receiving
inappropriately-timed signals.

This commit adds and deploys an ostream wrapper that requires callers to
explicitly commit the results to disk when finished writing to the
stream, so that only then the real destination file is overwritten with
the working copy (a temporary in the same dir). This way, there should
never be a situation in which the destination is left in an inconsistent
state due to a signal or exception.

The temporary receives a predictable name right now in the interest of
simplicity, since we are more or less in control of the target directory
anyway. We definitely don't want it to be an unlinked file since that
would make it impossible for admins to inspect and compare the temporary
against the original afterwards.

The code makes some assumptions about the nature of the return value of
filesystem::ostream_file() which will never be broken in this stable
branch, which is why one helper function is in campaignd land rather
than in the global filesystem API for now. This should probably be
rectified when forward-porting to master. Maybe.

Nothing of this will work reliably on Windows but we don't care. There's
only one machine in the world where we support running campaignd at this
time and it runs Linux.


  Commit: 17197cff8162842f4887e009976a990b4179521d
      https://github.com/wesnoth/wesnoth/commit/17197cff8162842f4887e009976a990b4179521d
  Author: Ignacio R. Morelle <shadowm at wesnoth.org>
  Date:   2017-09-14 (Thu, 14 Sep 2017)

  Changed paths:
    M src/campaign_server/campaign_server.cpp

  Log Message:
  -----------
  campaignd: Increase verbosity of filesystem::io_exception exceptions


Compare: https://github.com/wesnoth/wesnoth/compare/fc7552c40bf1...17197cff8162

More information about the Commits mailing list