[Commits] [wesnoth/wesnoth] 28c517: campaignd: Add wrapper for atomic commits of cruci...

GitHub noreply at github.com
Thu Sep 14 23:14:30 UTC 2017 

  Branch: refs/heads/master
  Home:   https://github.com/wesnoth/wesnoth
  Commit: 28c51796362e83dcb6232713c1f7ba6c3f3a3f53
      https://github.com/wesnoth/wesnoth/commit/28c51796362e83dcb6232713c1f7ba6c3f3a3f53
  Author: Ignacio R. Morelle <shadowm at wesnoth.org>
  Date:   2017-09-14 (Thu, 14 Sep 2017)

  Changed paths:
    M source_lists/campaignd
    M src/campaign_server/campaign_server.cpp
    A src/campaign_server/fs_commit.cpp
    A src/campaign_server/fs_commit.hpp

  Log Message:
  -----------
  campaignd: Add wrapper for atomic commits of crucial files

As the 2016-10-07~09 downtime incident shows, it is paramount to take
further steps in guaranteeing that the server can't corrupt its own data
files (especially the add-ons database) when receiving
inappropriately-timed signals.

This commit adds and deploys an ostream wrapper that requires callers to
explicitly commit the results to disk when finished writing to the
stream, so that only then the real destination file is overwritten with
the working copy (a temporary in the same dir). This way, there should
never be a situation in which the destination is left in an inconsistent
state due to a signal or exception.

The temporary receives a predictable name right now in the interest of
simplicity, since we are more or less in control of the target directory
anyway. We definitely don't want it to be an unlinked file since that
would make it impossible for admins to inspect and compare the temporary
against the original afterwards.

The code makes some assumptions about the nature of the return value of
filesystem::ostream_file() which will never be broken in this stable
branch, which is why one helper function is in campaignd land rather
than in the global filesystem API for now. This should probably be
rectified when forward-porting to master. Maybe.

Nothing of this will work reliably on Windows but we don't care. There's
only one machine in the world where we support running campaignd at this
time and it runs Linux.


  Commit: a380128ade758dc2b359d44e24b218e60d11e98b
      https://github.com/wesnoth/wesnoth/commit/a380128ade758dc2b359d44e24b218e60d11e98b
  Author: Ignacio R. Morelle <shadowm at wesnoth.org>
  Date:   2017-09-14 (Thu, 14 Sep 2017)

  Changed paths:
    M src/campaign_server/campaign_server.cpp

  Log Message:
  -----------
  campaignd: Increase verbosity of filesystem::io_exception exceptions


Compare: https://github.com/wesnoth/wesnoth/compare/b6847141f282...a380128ade75

More information about the Commits mailing list