fred icon indicating copy to clipboard operation
fred copied to clipboard

Published 20 hours ago verified publisher icon freenet

Fix recovery condition

Open toad opened this issue 10 years ago • 7 comments

Should improve recovery behaviour: We were recovering old requests from the .crypt file when it exists, but not using the .bak.crypt when we needed it.

Not tested, will look into this myself when I get around to it.

toad avatar Apr 25 '15 16:04 toad

We should load the encrypted version if it exists whether or not we have errors.

Meaning a non-backup encrypted version? When would there be both encrypted and non-encrypted versions?

Thynix avatar Apr 25 '15 20:04 Thynix

Something can go wrong when changing from encrypted to non-encrypted and vice versa. We want to be able to recover from this case. Hence we need to try both. Also more generally our encryption setting doesn't necessarily match what's on disk, so we have to try both. In general both shouldn't exist at the same time but it can happen.

toad avatar Apr 26 '15 08:04 toad

Also more generally our encryption setting doesn't necessarily match what's on disk, so we have to try both.

We expect that our encryption setting matches what's on disk. Trying both is a recovery mechanism, just like the .bak files. My objection is that we now always try to load the non-matching file (if it exists), even if the matching file would load just fine. Instead, we should first try the matching file, and only proceed loading backups and alternatives (i.e. non-matching and its backup) if that fails.

(I do agree that this should not normally happen, and that existence of both matching and non-matching files can be considered an error.)

bertm avatar Apr 26 '15 12:04 bertm

Okay so:

  • If we are expecting it to be encrypted we should try the encrypted file first. (BUG, we always try the unencrypted one first at present)
  • We should try the backup if the main file (for the base crypto setting) doesn't exist or is corrupted.

One difficulty: Should we try the backup or the opposite-encryption-setting file first? If an opposite-encryption-setting file exists, it means one of:

  1. The settings were changed after shutdown, or
  2. We were interrupted before we deleted the old file, or
  3. Something wierd happened (e.g. permissions)

So do we want (proceeding only if needsMore() i.e. partial corruption or no file): tryload(crypto,main) tryload(!crypto,main) tryload(crypto,backup) tryload(!crypto,backup) ? The second point would seem to suggest this?

toad avatar Apr 26 '15 12:04 toad

The loading sequence you suggest looks like the right approach to me.

bertm avatar Apr 26 '15 20:04 bertm

Anyone care to implement it?

Thynix avatar Oct 11 '15 20:10 Thynix

Any word on this?

Thynix avatar Dec 19 '15 22:12 Thynix