git-annex/doc/todo/lockContent_for_special_remotes.mdwn

77 lines
3.4 KiB
Text
Raw Normal View History

Support lockContent in more special remotes. This allows dropping
content from a special remote when the only copies are in other special
remotes, without needing to set mincopies to 0 and risk losing content.
(All the easy ones, eg read-only special remotes, are implemented already.)
2020-06-11 18:05:01 +00:00
* It might be possible for an external remote to lock content, but it would
be a tricky extension to the protocol, since lockContent needs to keep it
locked while running another action. There would need to be separate
actions for locking and unlocking.
If this were implemented in git-annex, and some special remote program
didn't used to support it, and implemented REMOVE w/o checking a lock,
then making that program support lockContent would run the risk
of a mixture of the old and new version being in use for the same remote,
which could result in data loss.
To avoid that, the author of the special remote would need to either
a) always do lock checking from the beginning or
b) wait long enough or document well enough to be sure that situation
never happens.
2020-06-26 17:54:23 +00:00
2021-04-12 16:54:46 +00:00
> Maybe this second part is not a problem actually? Analysis follows:
>
> There are 2 git-annex
> instances A and B, and 2 special remotes X and Y. A is using the old
> program that does not support locking, B uses the new program that does.
> Both X and Y have a copy of an object.
>
> If A is dropping from X, it will not trust Y to satisfy mincopies,
> since A cannot lockContent Y. So it will not drop from X.
>
> If B is dropping from Y, it can lockContent X, and so the drop
> succeeds.
>
> It seems it's ok for B to trust lockContent X, even though A does
> not check if X is locked when dropping from it. Because A will not
> drop from X unless it's able to satisfy mincopies by locking the
> content somewhere else. --[[Joey]]
2020-06-26 17:54:23 +00:00
* directory could use fcntl locking
This would need a transition, because dropping from directory first needs
to support checking for locks. Only after we're sure that any git-annex
binaries that might be in use on a machine do that is it safe for
lockContent to take the lock. So git-annex would need to be released with
the first change, then wait several months or years before making the
second change.
2021-04-12 16:54:46 +00:00
> Update: See analysis above, should also apply here.
2020-06-26 17:54:23 +00:00
Also, the directory might be on a filesystem that does not support
locking, with various failure modes. And unlike a git-annex repo,
there's nowhere in a directory special remote to record information about
locking problems with it. Getting this right seems hard..
2021-04-12 18:13:44 +00:00
> If lockContent throws an exception, that remote is treated the same
> as if it did not support lockContent, so if these problems can be
> differentiated from a failure to lock at all, can just throw an
> exception. But need to avoid lockContent succeeding in any case
> where removeKey will not be prevented from removing the content.
* S3 has an object lock feature, I don't know if it would be usable for
this.
It would need a transition, with dropKey first failing when the object
lock was in place, and then once that git-annex was in use everywhere,
lockContent setting the object lock.
2021-04-12 17:00:24 +00:00
> Update: See analysis above, should also apply here.
(S3 with versioning=yes already supports lockContent.)
* adb could use some shell trick perhaps.. But it would depend on doing
locking in /sdcard, which seems likely to be a massive ball of POSIX
incompliance and pain.