Skip to content
This repository was archived by the owner on Mar 5, 2025. It is now read-only.

Add a chunk reading API. #18

Merged
sosthene-nitrokey merged 6 commits into from
Apr 11, 2023
Merged

Add a chunk reading API. #18

sosthene-nitrokey merged 6 commits into from
Apr 11, 2023

Conversation

@sosthene-nitrokey
Copy link
Collaborator

@sosthene-nitrokey sosthene-nitrokey commented Mar 29, 2023

An upstream PR will be prepared once trussed-dev#96 and trussed-dev/littlefs2#34 are merged.

@sosthene-nitrokey sosthene-nitrokey force-pushed the chunk-api branch 3 times, most recently from 893da59 to 25ae084 Compare March 29, 2023 14:46
robin-nitrokey
robin-nitrokey reviewed Mar 29, 2023
View reviewed changes
Copy link
Member

@robin-nitrokey robin-nitrokey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, just two notes:

  • The commit contains some changes that look unrelated (WrapKeyData). Did you include them intentionally?
  • I think the request and reply types should be called ReadFileChunk and WriteFileChunk for consistency.

@sosthene-nitrokey
Copy link
Collaborator Author

sosthene-nitrokey commented Mar 30, 2023
edited
Loading

  • The commit contains some changes that look unrelated (WrapKeyData). Did you include them intentionally?

Yes. Initially I used the SeekFrom type from littlefs2, which does not implement the serde traits. So I removed the serde traits from the macros that generate the API types, but that was used in WrapKey, so I introduced the new WrapKeyData type to get around the removal of the serde traits.

But since I ended up adding an OpenSeekFrom type in trussed, we can actually implement the serde traits for it.

Edit: done it.

@sosthene-nitrokey sosthene-nitrokey force-pushed the chunk-api branch 2 times, most recently from 3bbae12 to b7933bf Compare March 30, 2023 07:40
@sosthene-nitrokey
Copy link
Collaborator Author

sosthene-nitrokey commented Apr 3, 2023

There's one remaining issue with this API:

If a client starts writing data to a file, it is immediately committed to the filesystem, even before all chunks have been written. This could lead to truncated data being stored.

@daringer
Copy link

daringer commented Apr 3, 2023

So should we maybe add some safe-guard mechanism ?
Something like an empty file with the same filename + .write_lock, this would only be removed if the write was finished ?
On the other side, I do not see how this would improve things, the outcome will always be: you need to write the file again....

@sosthene-nitrokey
Copy link
Collaborator Author

sosthene-nitrokey commented Apr 3, 2023
edited
Loading

So should we maybe add some safe-guard mechanism ? Something like an empty file with the same filename + .write_lock, this would only be removed if the write was finished ? On the other side, I do not see how this would improve things, the outcome will always be: you need to write the file again....

The issue is that its existence would need to be checked every time we read a file. So the solution would probably be to write the file to another directory /client_id/parts/... instead of /client_id/dat/..., and only once it has been flushed, move it to its "real" place?

@daringer
Copy link

daringer commented Apr 3, 2023

This sounds better. Do we have a proper move available for littlefs2 ? (otherwise this would just move the problem to a point later in time, right?) overall this feels a little like preliminary optimization.

Looking on it from another side: We should anyways be more defensive about contents which are read from the filesystem. Essentially plausibility checks or similar mechanisms after reading data might be something the application should be responsible for and this would also catch such issues right ?

@sosthene-nitrokey
Copy link
Collaborator Author

sosthene-nitrokey commented Apr 3, 2023

There's a rename that works as a move.

We should anyways be more defensive about contents which are read from the filesystem

I don't understand what you mean? Checksums?

@daringer
Copy link

daringer commented Apr 3, 2023

There's a rename that works as a move.

That's great, yeah then let's go for it, but I would suggest to not "waste" another directory for it but moreover just have something like <filename>.incomplete which will then be renamed ?

I don't understand what you mean? Checksums?

goood question :D checksums might be too heavy, maybe keeping filesizes ... haven't thought this through, but generally I would see the application being responsible to check if data read from the filesystem is not corrupt.

@sosthene-nitrokey
Copy link
Collaborator Author

sosthene-nitrokey commented Apr 3, 2023

The issue I have with filename.incomplete is that is would be readable from the standard read calls, and could also conflict with some clients in the future that probably wouldn't expect this to happen.

@robin-nitrokey
Copy link
Member

robin-nitrokey commented Apr 3, 2023

What do you think about first writing to volatile and then copying chunk by chunk to the target storage? This would at least mean that syscalls are atomic. We could still use some renaming mechanism (leading dot?) to avoid file corruption if the final syscall is aborted e. g. due to power loss.

@sosthene-nitrokey
Copy link
Collaborator Author

sosthene-nitrokey commented Apr 3, 2023

I don't see what it would bring to do so. We could easily have some garbage collection on startup if you're afraid of a missed call to abort.

@robin-nitrokey
Copy link
Member

robin-nitrokey commented Apr 3, 2023

It would slightly remove the required writes to the real FS and avoid the need for another directory.

@sosthene-nitrokey
Copy link
Collaborator Author

sosthene-nitrokey commented Apr 3, 2023

You would still need a directory in the volatile filesystem (one for each target filesystem). But indeed it would save the physical FS. I'll do that.

@daringer daringer linked an issue Apr 4, 2023 that may be closed by this pull request
streaming api for files > 1kB #17
Closed
daringer
daringer suggested changes Apr 4, 2023
View reviewed changes
@sosthene-nitrokey sosthene-nitrokey mentioned this pull request Apr 6, 2023
Closed
@sosthene-nitrokey sosthene-nitrokey merged commit cda69dc into Nitrokey:main Apr 11, 2023
@robin-nitrokey robin-nitrokey mentioned this pull request Apr 23, 2023
Open
robin-nitrokey added a commit that referenced this pull request Apr 27, 2023
@robin-nitrokey
Revert "Merge pull request #18 from sosthene-nitrokey/chunk-api"
4fe76a1 
This reverts commit cda69dc, reversing
changes made to c2cae35.
@robin-nitrokey robin-nitrokey mentioned this pull request Apr 27, 2023
Merged
robin-nitrokey added a commit that referenced this pull request Apr 27, 2023
@robin-nitrokey
Revert "Merge pull request #18 from sosthene-nitrokey/chunk-api"
d5f39b1 
This reverts commit cda69dc, reversing
changes made to c2cae35.
robin-nitrokey added a commit that referenced this pull request Apr 27, 2023
@robin-nitrokey
Merge pull request #24 from Nitrokey/revert
918e75f 
Revert #18 and #22
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@robin-nitrokey robin-nitrokey robin-nitrokey left review comments

@daringer daringer daringer approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

streaming api for files > 1kB

3 participants

@sosthene-nitrokey @daringer @robin-nitrokey