diff options
author | bertagaz <bertagaz@ptitcanardnoir.org> | 2012-06-12 00:37:08 +0200 |
---|---|---|
committer | bertagaz <bertagaz@ptitcanardnoir.org> | 2012-06-12 00:37:08 +0200 |
commit | 70b0e555ef5f880c08f09331946c83744ca310a5 (patch) | |
tree | e673bf4dae733ca8f2faa5a030e22f9015070dce /NEWS.rst | |
parent | e28117a205c07306a8ba8f502441a7b304669c41 (diff) |
Imported Upstream version 1.9.1
Diffstat (limited to 'NEWS.rst')
-rw-r--r-- | NEWS.rst | 1741 |
1 files changed, 1741 insertions, 0 deletions
diff --git a/NEWS.rst b/NEWS.rst new file mode 100644 index 0000000..c5e9f1f --- /dev/null +++ b/NEWS.rst @@ -0,0 +1,1741 @@ + +================================== +User-Visible Changes in Tahoe-LAFS +================================== + +Release 1.9.1 (2012-01-12) +-------------------------- + +Security-related Bugfix +''''''''''''''''''''''' + +- Fix flaw that would allow servers to cause undetected corruption when + retrieving the contents of mutable files (both SDMF and MDMF). (`#1654`_) + +.. _`#1654`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1654 + + +Release 1.9.0 (2011-10-30) +-------------------------- + +New Features +'''''''''''' + +- The most significant new feature in this release is MDMF: "Medium-size + Distributed Mutable Files". Unlike standard SDMF files, these provide + efficient partial-access (reading and modifying small portions of the file + instead of the whole thing). MDMF is opt-in (it is not yet the default + format for mutable files), both to ensure compatibility with previous + versions, and because the algorithm does not yet meet memory-usage goals. + Enable it with ``--format=MDMF`` in the CLI (``tahoe put`` and ``tahoe + mkdir``), or the "format" radioboxes in the web interface. See + `<docs/specifications/mutable.rst>`_ for more details (`#393`_, `#1507`_) +- A "blacklist" feature allows blocking access to specific files through + a particular gateway. See the "Access Blacklist" section of + `<docs/configuration.rst>`_ for more details. (`#1425`_) +- A "drop-upload" feature has been added, which allows you to upload + files to a Tahoe-LAFS directory just by writing them to a local + directory. This feature is experimental and should not be relied on + to store the only copy of valuable data. It is currently available + only on Linux. See `<docs/frontends/drop-upload.rst>`_ for documentation. + (`#1429`_) +- The timeline of immutable downloads can be viewed using a zoomable and + pannable JavaScript-based visualization. This is accessed using the + 'timeline' link on the File Download Status page for the download, which + can be reached from the Recent Uploads and Downloads page. + +Configuration/Behavior Changes +'''''''''''''''''''''''''''''' + +- Prior to Tahoe-LAFS v1.3, the configuration of some node options could + be specified using individual config files rather than via ``tahoe.cfg``. + These files now cause an error if present. (`#1385`_) +- Storage servers now calculate their remaining space based on the filesystem + containing the ``storage/shares/`` directory. Previously they looked at the + filesystem containing the ``storage/`` directory. This allows + ``storage/shares/``, rather than ``storage/``, to be a mount point or a + symlink pointing to another filesystem. (`#1384`_) +- ``tahoe cp xyz MUTABLE`` will modify the existing mutable file instead of + creating a new one. (`#1304`_) +- The button for unlinking a file from its directory on a WUI directory + listing is now labelled "unlink" rather than "del". (`#1104`_) + +Notable Bugfixes +'''''''''''''''' + +- The security bugfix for the vulnerability allowing deletion of shares, + detailed in the news for v1.8.3 below, is also included in this + release. (`#1528`_) +- Some cases of immutable upload, for example using the ``tahoe put`` and + ``tahoe cp`` commands or SFTP, did not appear in the history of Recent + Uploads and Downloads. (`#1079`_) +- The memory footprint of the verifier has been reduced by serializing + block fetches. (`#1395`_) +- Large immutable downloads are now a little faster than in v1.8.3 (about + 5% on a fast network). (`#1268`_) + +Packaging Changes +''''''''''''''''' + +- The files related to Debian packaging have been removed from the Tahoe + source tree, since they are now maintained as part of the official + Debian packages. (`#1454`_) +- The unmaintained FUSE plugins were removed from the source tree. See + ``docs/frontends/FTP-and-SFTP.rst`` for how to mount a Tahoe filesystem on + Unix via sshfs. (`#1409`_) +- The Tahoe licenses now give explicit permission to combine Tahoe-LAFS + with code distributed under the following additional open-source licenses + (any version of each): + + * Academic Free License + * Apple Public Source License + * BitTorrent Open Source License + * Lucent Public License + * Jabber Open Source License + * Common Development and Distribution License + * Microsoft Public License + * Microsoft Reciprocal License + * Sun Industry Standards Source License + * Open Software License + +Compatibility and Dependencies +'''''''''''''''''''''''''''''' + +- To resolve an incompatibility between Nevow and zope.interface (versions + 3.6.3 and 3.6.4), Tahoe-LAFS now requires an earlier or later + version of zope.interface. (`#1435`_) +- The Twisted dependency has been raised to version 10.1 to ensure we no + longer require pywin32 on Windows, the new drop-upload feature has the + required support from Twisted on Linux, and that it is never necessary to + patch Twisted in order to use the FTP frontend. (`#1274`_, `#1429`_, + `#1438`_) +- An explicit dependency on pyOpenSSL has been added, replacing the indirect + dependency via the "secure_connections" option of foolscap. (`#1383`_) + +Minor Changes +''''''''''''' + +- A ``man`` page has been added (`#1420`_). All other docs are in ReST + format. +- The ``tahoe_files`` munin plugin reported an incorrect count of the number + of share files. (`#1391`_) +- Minor documentation updates: #627, #1104, #1225, #1297, #1342, #1404 +- Other minor changes: #636, #1355, #1363, #1366, #1388, #1392, #1412, #1344, + #1347, #1359, #1389, #1441, #1442, #1446, #1474, #1503 + +.. _`#393`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/393 +.. _`#1079`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1079 +.. _`#1104`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1104 +.. _`#1268`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1268 +.. _`#1274`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1274 +.. _`#1304`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1304 +.. _`#1355`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1355 +.. _`#1383`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1383 +.. _`#1384`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1384 +.. _`#1385`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1385 +.. _`#1388`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1388 +.. _`#1391`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1391 +.. _`#1392`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1392 +.. _`#1395`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1395 +.. _`#1409`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1409 +.. _`#1420`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1420 +.. _`#1425`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1425 +.. _`#1429`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1429 +.. _`#1435`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1435 +.. _`#1438`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1438 +.. _`#1454`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1454 +.. _`#1507`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1507 + + +Release 1.8.3 (2011-09-13) +-------------------------- + +Security-related Bugfix +''''''''''''''''''''''' + +- Fix flaw that would allow a person who knows a storage index of a file to + delete shares of that file. (`#1528`_) +- Remove corner cases in mutable file bounds management which could expose + extra lease info or old share data (from prior versions of the mutable + file) if someone with write authority to that mutable file exercised these + corner cases in a way that no actual Tahoe-LAFS client does. (Probably not + exploitable.) (`#1528`_) + +.. _`#1528`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1528 + + +Release 1.8.2 (2011-01-30) +-------------------------- + +Compatibility and Dependencies +'''''''''''''''''''''''''''''' + +- Tahoe is now compatible with Twisted-10.2 (released last month), as + well as with earlier versions. The previous Tahoe-1.8.1 release + failed to run against Twisted-10.2, raising an AttributeError on + StreamServerEndpointService (`#1286`_) +- Tahoe now depends upon the "mock" testing library, and the foolscap + dependency was raised to 0.6.1 . It no longer requires pywin32 + (which was used only on windows). Future developers should note that + reactor.spawnProcess and derivatives may no longer be used inside + Tahoe code. + +Other Changes +''''''''''''' + +- the default reserved_space value for new storage nodes is 1 GB + (`#1208`_) +- documentation is now in reStructuredText (.rst) format +- "tahoe cp" should now handle non-ASCII filenames +- the unmaintained Mac/Windows GUI applications have been removed + (`#1282`_) +- tahoe processes should appear in top and ps as "tahoe", not + "python", on some unix platforms. (`#174`_) +- "tahoe debug trial" can be used to run the test suite (`#1296`_) +- the SFTP frontend now reports unknown sizes as "0" instead of "?", + to improve compatibility with clients like FileZilla (`#1337`_) +- "tahoe --version" should now report correct values in situations + where 1.8.1 might have been wrong (`#1287`_) + +.. _`#174`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/174 +.. _`#1208`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1208 +.. _`#1282`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1282 +.. _`#1286`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1286 +.. _`#1287`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1287 +.. _`#1296`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1296 +.. _`#1337`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1337 + + +Release 1.8.1 (2010-10-28) +-------------------------- + +Bugfixes and Improvements +''''''''''''''''''''''''' + +- Allow the repairer to improve the health of a file by uploading some + shares, even if it cannot achieve the configured happiness + threshold. This fixes a regression introduced between v1.7.1 and + v1.8.0. (`#1212`_) +- Fix a memory leak in the ResponseCache which is used during mutable + file/directory operations. (`#1045`_) +- Fix a regression and add a performance improvement in the + downloader. This issue caused repair to fail in some special + cases. (`#1223`_) +- Fix a bug that caused 'tahoe cp' to fail for a grid-to-grid copy + involving a non-ASCII filename. (`#1224`_) +- Fix a rarely-encountered bug involving printing large strings to the + console on Windows. (`#1232`_) +- Perform ~ expansion in the --exclude-from filename argument to + 'tahoe backup'. (`#1241`_) +- The CLI's 'tahoe mv' and 'tahoe ln' commands previously would try to + use an HTTP proxy if the HTTP_PROXY environment variable was set. + These now always connect directly to the WAPI, thus avoiding giving + caps to the HTTP proxy (and also avoiding failures in the case that + the proxy is failing or requires authentication). (`#1253`_) +- The CLI now correctly reports failure in the case that 'tahoe mv' + fails to unlink the file from its old location. (`#1255`_) +- 'tahoe start' now gives a more positive indication that the node has + started. (`#71`_) +- The arguments seen by 'ps' or other tools for node processes are now + more useful (in particular, they include the path of the 'tahoe' + script, rather than an obscure tool named 'twistd'). (`#174`_) + +Removed Features +'''''''''''''''' + +- The tahoe start/stop/restart and node creation commands no longer + accept the -m or --multiple option, for consistency between + platforms. (`#1262`_) + +Packaging +''''''''' + +- We now host binary packages so that users on certain operating + systems can install without having a compiler. + <https://tahoe-lafs.org/source/tahoe-lafs/deps/tahoe-lafs-dep-eggs/README.html> +- Use a newer version of a dependency if needed, even if an older + version is installed. This would previously cause a VersionConflict + error. (`#1190`_) +- Use a precompiled binary of a dependency if one with a sufficiently + high version number is available, instead of attempting to compile + the dependency from source, even if the source version has a higher + version number. (`#1233`_) + +Documentation +''''''''''''' + +- All current documentation in .txt format has been converted to .rst + format. (`#1225`_) +- Added docs/backdoors.rst declaring that we won't add backdoors to + Tahoe-LAFS, or add anything to facilitate government access to data. + (`#1216`_) + +.. _`#71`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/71 +.. _`#174`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/174 +.. _`#1212`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1212 +.. _`#1045`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1045 +.. _`#1190`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1190 +.. _`#1216`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1216 +.. _`#1223`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1223 +.. _`#1224`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1224 +.. _`#1225`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1225 +.. _`#1232`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1232 +.. _`#1233`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1233 +.. _`#1241`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1241 +.. _`#1253`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1253 +.. _`#1255`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1255 +.. _`#1262`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1262 + + +Release 1.8.0 (2010-09-23) +-------------------------- + +New Features +'''''''''''' + +- A completely new downloader which improves performance and + robustness of immutable-file downloads. It uses the fastest K + servers to download the data in K-way parallel. It automatically + fails over to alternate servers if servers fail in mid-download. It + allows seeking to arbitrary locations in the file (the previous + downloader which would only read the entire file sequentially from + beginning to end). It minimizes unnecessary round trips and + unnecessary bytes transferred to improve performance. It sends + requests to fewer servers to reduce the load on servers (the + previous one would send a small request to every server for every + download) (`#287`_, `#288`_, `#448`_, `#798`_, `#800`_, `#990`_, + `#1170`_, `#1191`_) +- Non-ASCII command-line arguments and non-ASCII outputs now work on + Windows. In addition, the command-line tool now works on 64-bit + Windows. (`#1074`_) + +Bugfixes and Improvements +''''''''''''''''''''''''' + +- Document and clean up the command-line options for specifying the + node's base directory. (`#188`_, `#706`_, `#715`_, `#772`_, + `#1108`_) +- The default node directory for Windows is ".tahoe" in the user's + home directory, the same as on other platforms. (`#890`_) +- Fix a case in which full cap URIs could be logged. (`#685`_, + `#1155`_) +- Fix bug in WUI in Python 2.5 when the system clock is set back to + 1969. Now you can use Tahoe-LAFS with Python 2.5 and set your system + clock to 1969 and still use the WUI. (`#1055`_) +- Many improvements in code organization, tests, logging, + documentation, and packaging. (`#983`_, `#1074`_, `#1108`_, + `#1127`_, `#1129`_, `#1131`_, `#1166`_, `#1175`_) + +Dependency Updates +'''''''''''''''''' + +- on x86 and x86-64 platforms, pycryptopp >= 0.5.20 +- pycrypto 2.2 is excluded due to a bug + +.. _`#188`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/188 +.. _`#287`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/287 +.. _`#288`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/288 +.. _`#448`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/448 +.. _`#685`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/685 +.. _`#706`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/706 +.. _`#715`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/715 +.. _`#772`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/772 +.. _`#798`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/798 +.. _`#800`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/800 +.. _`#890`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/890 +.. _`#983`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/983 +.. _`#990`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/990 +.. _`#1055`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1055 +.. _`#1074`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1074 +.. _`#1108`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1108 +.. _`#1155`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1155 +.. _`#1170`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1170 +.. _`#1191`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1191 +.. _`#1127`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1127 +.. _`#1129`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1129 +.. _`#1131`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1131 +.. _`#1166`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1166 +.. _`#1175`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1175 + +Release 1.7.1 (2010-07-18) +-------------------------- + +Bugfixes and Improvements +''''''''''''''''''''''''' + +- Fix bug in which uploader could fail with AssertionFailure or report + that it had achieved servers-of-happiness when it hadn't. (`#1118`_) +- Fix bug in which servers could get into a state where they would + refuse to accept shares of a certain file (`#1117`_) +- Add init scripts for managing the gateway server on Debian/Ubuntu + (`#961`_) +- Fix bug where server version number was always 0 on the welcome page + (`#1067`_) +- Add new command-line command "tahoe unlink" as a synonym for "tahoe + rm" (`#776`_) +- The FTP frontend now encrypts its temporary files, protecting their + contents from an attacker who is able to read the disk. (`#1083`_) +- Fix IP address detection on FreeBSD 7, 8, and 9 (`#1098`_) +- Fix minor layout issue in the Web User Interface with Internet + Explorer (`#1097`_) +- Fix rarely-encountered incompatibility between Twisted logging + utility and the new unicode support added in v1.7.0 (`#1099`_) +- Forward-compatibility improvements for non-ASCII caps (`#1051`_) + +Code improvements +''''''''''''''''' + +- Simplify and tidy-up directories, unicode support, test code + (`#923`_, `#967`_, `#1072`_) + +.. _`#776`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/776 +.. _`#923`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/923 +.. _`#961`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/961 +.. _`#967`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/967 +.. _`#1051`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1051 +.. _`#1067`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1067 +.. _`#1072`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1072 +.. _`#1083`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1083 +.. _`#1097`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1097 +.. _`#1098`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1098 +.. _`#1099`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1099 +.. _`#1117`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1117 +.. _`#1118`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1118 + + +Release 1.7.0 (2010-06-18) +-------------------------- + +New Features +'''''''''''' + +- SFTP support (`#1037`_) + Your Tahoe-LAFS gateway now acts like a full-fledged SFTP server. It + has been tested with sshfs to provide a virtual filesystem in Linux. + Many users have asked for this feature. We hope that it serves them + well! See the `FTP-and-SFTP.rst`_ document to get + started. +- support for non-ASCII character encodings (`#534`_) + Tahoe-LAFS now correctly handles filenames containing non-ASCII + characters on all supported platforms: + + - when reading files in from the local filesystem (such as when you + run "tahoe backup" to back up your local files to a Tahoe-LAFS + grid); + - when writing files out to the local filesystem (such as when you + run "tahoe cp -r" to recursively copy files out of a Tahoe-LAFS + grid); + - when displaying filenames to the terminal (such as when you run + "tahoe ls"), subject to limitations of the terminal and locale; + - when parsing command-line arguments, except on Windows. + +- Servers of Happiness (`#778`_) + Tahoe-LAFS now measures during immutable file upload to see how well + distributed it is across multiple servers. It aborts the upload if + the pieces of the file are not sufficiently well-distributed. + This behavior is controlled by a configuration parameter called + "servers of happiness". With the default settings for its erasure + coding, Tahoe-LAFS generates 10 shares for each file, such that any + 3 of those shares are sufficient to recover the file. The default + value of "servers of happiness" is 7, which means that Tahoe-LAFS + will guarantee that there are at least 7 servers holding some of the + shares, such that any 3 of those servers can completely recover your + file. The new upload code also distributes the shares better than the + previous version in some cases and takes better advantage of + pre-existing shares (when a file has already been previously + uploaded). See the `architecture.rst`_ document [3] for details. + +Bugfixes and Improvements +''''''''''''''''''''''''' + +- Premature abort of upload if some shares were already present and + some servers fail. (`#608`_) +- python ./setup.py install -- can't create or remove files in install + directory. (`#803`_) +- Network failure => internal TypeError. (`#902`_) +- Install of Tahoe on CentOS 5.4. (`#933`_) +- CLI option --node-url now supports https url. (`#1028`_) +- HTML/CSS template files were not correctly installed under + Windows. (`#1033`_) +- MetadataSetter does not enforce restriction on setting "tahoe" + subkeys. (`#1034`_) +- ImportError: No module named + setuptools_darcs.setuptools_darcs. (`#1054`_) +- Renamed Title in xhtml files. (`#1062`_) +- Increase Python version dependency to 2.4.4, to avoid a critical + CPython security bug. (`#1066`_) +- Typo correction for the munin plugin tahoe_storagespace. (`#968`_) +- Fix warnings found by pylint. (`#973`_) +- Changing format of some documentation files. (`#1027`_) +- the misc/ directory was tied up. (`#1068`_) +- The 'ctime' and 'mtime' metadata fields are no longer written except + by "tahoe backup". (`#924`_) +- Unicode filenames in Tahoe-LAFS directories are normalized so that + names that differ only in how accents are encoded are treated as the + same. (`#1076`_) +- Various small improvements to documentation. (`#937`_, `#911`_, + `#1024`_, `#1082`_) + +Removals +'''''''' + +- The 'tahoe debug consolidate' subcommand (for converting old + allmydata Windows client backups to a newer format) has been + removed. + +Dependency Updates +'''''''''''''''''' + +- the Python version dependency is raised to 2.4.4 in some cases + (2.4.3 for Redhat-based Linux distributions, 2.4.2 for UCS-2 builds) + (`#1066`_) +- pycrypto >= 2.0.1 +- pyasn1 >= 0.0.8a +- mock (only required by unit tests) + +.. _`#534`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/534 +.. _`#608`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/608 +.. _`#778`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/778 +.. _`#803`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/803 +.. _`#902`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/902 +.. _`#911`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/911 +.. _`#924`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/924 +.. _`#937`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/937 +.. _`#933`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/933 +.. _`#968`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/968 +.. _`#973`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/973 +.. _`#1024`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1024 +.. _`#1027`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1027 +.. _`#1028`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1028 +.. _`#1033`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1033 +.. _`#1034`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1034 +.. _`#1037`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1037 +.. _`#1054`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1054 +.. _`#1062`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1062 +.. _`#1066`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1066 +.. _`#1068`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1068 +.. _`#1076`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1076 +.. _`#1082`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1082 +.. _architecture.rst: docs/architecture.rst +.. _FTP-and-SFTP.rst: docs/frontends/FTP-and-SFTP.rst + +Release 1.6.1 (2010-02-27) +-------------------------- + +Bugfixes +'''''''' + +- Correct handling of Small Immutable Directories + + Immutable directories can now be deep-checked and listed in the web + UI in all cases. (In v1.6.0, some operations, such as deep-check, on + a directory graph that included very small immutable directories, + would result in an exception causing the whole operation to abort.) + (`#948`_) + +Usability Improvements +'''''''''''''''''''''' + +- Improved user interface messages and error reporting. (`#681`_, + `#837`_, `#939`_) +- The timeouts for operation handles have been greatly increased, so + that you can view the results of an operation up to 4 days after it + has completed. After viewing them for the first time, the results + are retained for a further day. (`#577`_) + +Release 1.6.0 (2010-02-01) +-------------------------- + +New Features +'''''''''''' + +- Immutable Directories + + Tahoe-LAFS can now create and handle immutable + directories. (`#607`_, `#833`_, `#931`_) These are read just like + normal directories, but are "deep-immutable", meaning that all their + children (and everything reachable from those children) must be + immutable objects (i.e. immutable or literal files, and other + immutable directories). + + These directories must be created in a single webapi call that + provides all of the children at once. (Since they cannot be changed + after creation, the usual create/add/add sequence cannot be used.) + They have URIs that start with "URI:DIR2-CHK:" or "URI:DIR2-LIT:", + and are described on the human-facing web interface (aka the "WUI") + with a "DIR-IMM" abbreviation (as opposed to "DIR" for the usual + read-write directories and "DIR-RO" for read-only directories). + + Tahoe-LAFS releases before 1.6.0 cannot read the contents of an + immutable directory. 1.5.0 will tolerate their presence in a + directory listing (and display it as "unknown"). 1.4.1 and earlier + cannot tolerate them: a DIR-IMM child in any directory will prevent + the listing of that directory. + + Immutable directories are repairable, just like normal immutable + files. + + The webapi "POST t=mkdir-immutable" call is used to create immutable + directories. See `webapi.rst`_ for details. + +- "tahoe backup" now creates immutable directories, backupdb has + dircache + + The "tahoe backup" command has been enhanced to create immutable + directories (in previous releases, it created read-only mutable + directories) (`#828`_). This is significantly faster, since it does + not need to create an RSA keypair for each new directory. Also + "DIR-IMM" immutable directories are repairable, unlike "DIR-RO" + read-only mutable directories at present. (A future Tahoe-LAFS + release should also be able to repair DIR-RO.) + + In addition, the backupdb (used by "tahoe backup" to remember what + it has already copied) has been enhanced to store information about + existing immutable directories. This allows it to re-use directories + that have moved but still contain identical contents, or that have + been deleted and later replaced. (The 1.5.0 "tahoe backup" command + could only re-use directories that were in the same place as they + were in the immediately previous backup.) With this change, the + backup process no longer needs to read the previous snapshot out of + the Tahoe-LAFS grid, reducing the network load + considerably. (`#606`_) + + A "null backup" (in which nothing has changed since the previous + backup) will require only two Tahoe-side operations: one to add an + Archives/$TIMESTAMP entry, and a second to update the Latest/ + link. On the local disk side, it will readdir() all your local + directories and stat() all your local files. + + If you've been using "tahoe backup" for a while, you will notice + that your first use of it after upgrading to 1.6.0 may take a long + time: it must create proper immutable versions of all the old + read-only mutable directories. This process won't take as long as + the initial backup (where all the file contents had to be uploaded + too): it will require time proportional to the number and size of + your directories. After this initial pass, all subsequent passes + should take a tiny fraction of the time. + + As noted above, Tahoe-LAFS versions earlier than 1.5.0 cannot list a + directory containing an immutable subdirectory. Tahoe-LAFS versions + earlier than 1.6.0 cannot read the contents of an immutable + directory. + + The "tahoe backup" command has been improved to skip over unreadable + objects (like device files, named pipes, and files with permissions + that prevent the command from reading their contents), instead of + throwing an exception and terminating the backup process. It also + skips over symlinks, because these cannot be represented faithfully + in the Tahoe-side filesystem. A warning message will be emitted each + time something is skipped. (`#729`_, `#850`_, `#641`_) + +- "create-node" command added, "create-client" now implies + --no-storage + + The basic idea behind Tahoe-LAFS's client+server and client-only + processes is that you are creating a general-purpose Tahoe-LAFS + "node" process, which has several components that can be + activated. Storage service is one of these optional components, as + is the Helper, FTP server, and SFTP server. Web gateway + functionality is nominally on this list, but it is always active; a + future release will make it optional. There are three special + purpose servers that can't currently be run as a component in a + node: introducer, key-generator, and stats-gatherer. + + So now "tahoe create-node" will create a Tahoe-LAFS node process, + and after creation you can edit its tahoe.cfg to enable or disable + the desired services. It is a more general-purpose replacement for + "tahoe create-client". The default configuration has storage + service enabled. For convenience, the "--no-storage" argument makes + a tahoe.cfg file that disables storage service. (`#760`_) + + "tahoe create-client" has been changed to create a Tahoe-LAFS node + without a storage service. It is equivalent to "tahoe create-node + --no-storage". This helps to reduce the confusion surrounding the + use of a command with "client" in its name to create a storage + *server*. Use "tahoe create-client" to create a purely client-side + node. If you want to offer storage to the grid, use "tahoe + create-node" instead. + + In the future, other services will be added to the node, and they + will be controlled through options in tahoe.cfg . The most important + of these services may get additional --enable-XYZ or --disable-XYZ + arguments to "tahoe create-node". + +- Performance Improvements + + Download of immutable files begins as soon as the downloader has + located the K necessary shares (`#928`_, `#287`_). In both the + previous and current releases, a downloader will first issue queries + to all storage servers on the grid to locate shares before it begins + downloading the shares. In previous releases of Tahoe-LAFS, download + would not begin until all storage servers on the grid had replied to + the query, at which point K shares would be chosen for download from + among the shares that were located. In this release, download begins + as soon as any K shares are located. This means that downloads start + sooner, which is particularly important if there is a server on the + grid that is extremely slow or even hung in such a way that it will + never respond. In previous releases such a server would have a + negative impact on all downloads from that grid. In this release, + such a server will have no impact on downloads, as long as K shares + can be found on other, quicker, servers. This also means that + downloads now use the "best-alacrity" servers that they talk to, as + measured by how quickly the servers reply to the initial query. This + might cause downloads to go faster, especially on grids with + heterogeneous servers or geographical dispersion. + +Minor Changes +''''''''''''' + +- The webapi acquired a new "t=mkdir-with-children" command, to create + and populate a directory in a single call. This is significantly + faster than using separate "t=mkdir" and "t=set-children" operations + (it uses one gateway-to-grid roundtrip, instead of three or + four). (`#533`_) + +- The t=set-children (note the hyphen) operation is now documented in + webapi.rst, and is the new preferred spelling of the + old t=set_children (with an underscore). The underscore version + remains for backwards compatibility. (`#381`_, `#927`_) + +- The tracebacks produced by errors in CLI tools should now be in + plain text, instead of HTML (which is unreadable outside of a + browser). (`#646`_) + +- The [storage]reserved_space configuration knob (which causes the + storage server to refuse shares when available disk space drops + below a threshold) should work on Windows now, not just + UNIX. (`#637`_) + +- "tahoe cp" should now exit with status "1" if it cannot figure out a + suitable target filename, such as when you copy from a bare + filecap. (`#761`_) + +- "tahoe get" no longer creates a zero-length file upon + error. (`#121`_) + +- "tahoe ls" can now list single files. (`#457`_) + +- "tahoe deep-check --repair" should tolerate repair failures now, + instead of halting traversal. (`#874`_, `#786`_) + +- "tahoe create-alias" no longer corrupts the aliases file if it had + previously been edited to have no trailing newline. (`#741`_) + +- Many small packaging improvements were made to facilitate the + "tahoe-lafs" package being included in Ubuntu. Several mac/win32 + binary libraries were removed, some figleaf code-coverage files were + removed, a bundled copy of darcsver-1.2.1 was removed, and + additional licensing text was added. + +- Several DeprecationWarnings for python2.6 were silenced. (`#859`_) + +- The checker --add-lease option would sometimes fail for shares + stored on old (Tahoe v1.2.0) servers. (`#875`_) + +- The documentation for installing on Windows (docs/quickstart.rst) + has been improved. (`#773`_) + +For other changes not mentioned here, see +<https://tahoe-lafs.org/trac/tahoe-lafs/query?milestone=1.6.0&keywords=!~news-done>. +To include the tickets mentioned above, go to +<https://tahoe-lafs.org/trac/tahoe-lafs/query?milestone=1.6.0>. + +.. _`#121`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/121 +.. _`#287`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/287 +.. _`#381`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/381 +.. _`#457`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/457 +.. _`#533`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/533 +.. _`#577`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/577 +.. _`#606`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/606 +.. _`#607`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/607 +.. _`#637`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/637 +.. _`#641`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/641 +.. _`#646`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/646 +.. _`#681`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/681 +.. _`#729`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/729 +.. _`#741`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/741 +.. _`#760`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/760 +.. _`#761`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/761 +.. _`#768`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/768 +.. _`#773`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/773 +.. _`#786`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/786 +.. _`#828`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/828 +.. _`#833`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/833 +.. _`#859`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/859 +.. _`#874`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/874 +.. _`#875`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/875 +.. _`#931`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/931 +.. _`#837`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/837 +.. _`#850`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/850 +.. _`#927`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/927 +.. _`#928`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/928 +.. _`#939`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/939 +.. _`#948`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/948 +.. _webapi.rst: docs/frontends/webapi.rst + +Release 1.5.0 (2009-08-01) +-------------------------- + +Improvements +'''''''''''' + +- Uploads of immutable files now use pipelined writes, improving + upload speed slightly (10%) over high-latency connections. (`#392`_) + +- Processing large directories has been sped up, by removing a O(N^2) + algorithm from the dirnode decoding path and retaining unmodified + encrypted entries. (`#750`_, `#752`_) + +- The human-facing web interface (aka the "WUI") received a + significant CSS makeover by Kevin Reid, making it much prettier and + easier to read. The WUI "check" and "deep-check" forms now include a + "Renew Lease" checkbox, mirroring the CLI --add-lease option, so + leases can be added or renewed from the web interface. + +- The CLI "tahoe mv" command now refuses to overwrite + directories. (`#705`_) + +- The CLI "tahoe webopen" command, when run without arguments, will + now bring up the "Welcome Page" (node status and mkdir/upload + forms). + +- The 3.5MB limit on mutable files was removed, so it should be + possible to upload arbitrarily-sized mutable files. Note, however, + that the data format and algorithm remains the same, so using + mutable files still requires bandwidth, computation, and RAM in + proportion to the size of the mutable file. (`#694`_) + +- This version of Tahoe-LAFS will tolerate directory entries that + contain filecap formats which it does not recognize: files and + directories from the future. This should improve the user + experience (for 1.5.0 users) when we add new cap formats in the + future. Previous versions would fail badly, preventing the user from + seeing or editing anything else in those directories. These + unrecognized objects can be renamed and deleted, but obviously not + read or written. Also they cannot generally be copied. (`#683`_) + +Bugfixes +'''''''' + +- deep-check-and-repair now tolerates read-only directories, such as + the ones produced by the "tahoe backup" CLI command. Read-only + directories and mutable files are checked, but not + repaired. Previous versions threw an exception when attempting the + repair and failed to process the remaining contents. We cannot yet + repair these read-only objects, but at least this version allows the + rest of the check+repair to proceed. (`#625`_) + +- A bug in 1.4.1 which caused a server to be listed multiple times + (and frequently broke all connections to that server) was + fixed. (`#653`_) + +- The plaintext-hashing code was removed from the Helper interface, + removing the Helper's ability to mount a + partial-information-guessing attack. (`#722`_) + +Platform/packaging changes +'''''''''''''''''''''''''' + +- Tahoe-LAFS now runs on NetBSD, OpenBSD, ArchLinux, and NixOS, and on + an embedded system based on an ARM CPU running at 266 MHz. + +- Unit test timeouts have been raised to allow the tests to complete + on extremely slow platforms like embedded ARM-based NAS boxes, which + may take several hours to run the test suite. An ARM-specific + data-corrupting bug in an older version of Crypto++ (5.5.2) was + identified: ARM-users are encouraged to use recent + Crypto++/pycryptopp which avoids this problem. + +- Tahoe-LAFS now requires a SQLite library, either the sqlite3 that + comes built-in with python2.5/2.6, or the add-on pysqlite2 if you're + using python2.4. In the previous release, this was only needed for + the "tahoe backup" command: now it is mandatory. + +- Several minor documentation updates were made. + +- To help get Tahoe-LAFS into Linux distributions like Fedora and + Debian, packaging improvements are being made in both Tahoe-LAFS and + related libraries like pycryptopp and zfec. + +- The Crypto++ library included in the pycryptopp package has been + upgraded to version 5.6.0 of Crypto++, which includes a more + efficient implementation of SHA-256 in assembly for x86 or amd64 + architectures. + +dependency updates +'''''''''''''''''' + +- foolscap-0.4.1 +- no python-2.4.0 or 2.4.1 (2.4.2 is good) (they contained a bug in base64.b32decode) +- avoid python-2.6 on windows with mingw: compiler issues +- python2.4 requires pysqlite2 (2.5,2.6 does not) +- no python-3.x +- pycryptopp-0.5.15 + +.. _#392: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/392 +.. _#625: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/625 +.. _#653: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/653 +.. _#683: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/683 +.. _#694: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/694 +.. _#705: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/705 +.. _#722: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/722 +.. _#750: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/750 +.. _#752: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/752 + +Release 1.4.1 (2009-04-13) +-------------------------- + +Garbage Collection +'''''''''''''''''' + +- The big feature for this release is the implementation of garbage + collection, allowing Tahoe storage servers to delete shares for old + deleted files. When enabled, this uses a "mark and sweep" process: + clients are responsible for updating the leases on their shares + (generally by running "tahoe deep-check --add-lease"), and servers + are allowed to delete any share which does not have an up-to-date + lease. The process is described in detail in + `garbage-collection.rst`_. + + The server must be configured to enable garbage-collection, by + adding directives to the [storage] section that define an age limit + for shares. The default configuration will not delete any shares. + + Both servers and clients should be upgraded to this release to make + the garbage-collection as pleasant as possible. 1.2.0 servers have + code to perform the update-lease operation but it suffers from a + fatal bug, while 1.3.0 servers have update-lease but will return an + exception for unknown storage indices, causing clients to emit an + Incident for each exception, slowing the add-lease process down to a + crawl. 1.1.0 servers did not have the add-lease operation at all. + +Security/Usability Problems Fixed +''''''''''''''''''''''''''''''''' + +- A super-linear algorithm in the Merkle Tree code was fixed, which + previously caused e.g. download of a 10GB file to take several hours + before the first byte of plaintext could be produced. The new + "alacrity" is about 2 minutes. A future release should reduce this + to a few seconds by fixing ticket `#442`_. + +- The previous version permitted a small timing attack (due to our use + of strcmp) against the write-enabler and lease-renewal/cancel + secrets. An attacker who could measure response-time variations of + approximatly 3ns against a very noisy background time of about 15ms + might be able to guess these secrets. We do not believe this attack + was actually feasible. This release closes the attack by first + hashing the two strings to be compared with a random secret. + +webapi changes +'''''''''''''' + +- In most cases, HTML tracebacks will only be sent if an "Accept: + text/html" header was provided with the HTTP request. This will + generally cause browsers to get an HTMLized traceback but send + regular text/plain tracebacks to non-browsers (like the CLI + clients). More errors have been mapped to useful HTTP error codes. + +- The streaming webapi operations (deep-check and manifest) now have a + way to indicate errors (an output line that starts with "ERROR" + instead of being legal JSON). See `webapi.rst`_ for + details. + +- The storage server now has its own status page (at /storage), linked + from the Welcome page. This page shows progress and results of the + two new share-crawlers: one which merely counts shares (to give an + estimate of how many files/directories are being stored in the + grid), the other examines leases and reports how much space would be + freed if GC were enabled. The page also shows how much disk space is + present, used, reserved, and available for the Tahoe server, and + whether the server is currently running in "read-write" mode or + "read-only" mode. + +- When a directory node cannot be read (perhaps because of insufficent + shares), a minimal webapi page is created so that the "more-info" + links (including a Check/Repair operation) will still be accessible. + +- A new "reliability" page was added, with the beginnings of work on a + statistical loss model. You can tell this page how many servers you + are using and their independent failure probabilities, and it will + tell you the likelihood that an arbitrary file will survive each + repair period. The "numpy" package must be installed to access this + page. A partial paper, written by Shawn Willden, has been added to + docs/proposed/lossmodel.lyx . + +CLI changes +''''''''''' + +- "tahoe check" and "tahoe deep-check" now accept an "--add-lease" + argument, to update a lease on all shares. This is the "mark" side + of garbage collection. + +- In many cases, CLI error messages have been improved: the ugly + HTMLized traceback has been replaced by a normal python traceback. + +- "tahoe deep-check" and "tahoe manifest" now have better error + reporting. "tahoe cp" is now non-verbose by default. + +- "tahoe backup" now accepts several "--exclude" arguments, to ignore + certain files (like editor temporary files and version-control + metadata) during backup. + +- On windows, the CLI now accepts local paths like "c:\dir\file.txt", + which previously was interpreted as a Tahoe path using a "c:" alias. + +- The "tahoe restart" command now uses "--force" by default (meaning + it will start a node even if it didn't look like there was one + already running). + +- The "tahoe debug consolidate" command was added. This takes a series + of independent timestamped snapshot directories (such as those + created by the allmydata.com windows backup program, or a series of + "tahoe cp -r" commands) and creates new snapshots that used shared + read-only directories whenever possible (like the output of "tahoe + backup"). In the most common case (when the snapshots are fairly + similar), the result will use significantly fewer directories than + the original, allowing "deep-check" and similar tools to run much + faster. In some cases, the speedup can be an order of magnitude or + more. This tool is still somewhat experimental, and only needs to + be run on large backups produced by something other than "tahoe + backup", so it was placed under the "debug" category. + +- "tahoe cp -r --caps-only tahoe:dir localdir" is a diagnostic tool + which, instead of copying the full contents of files into the local + directory, merely copies their filecaps. This can be used to verify + the results of a "consolidation" operation. + +other fixes +''''''''''' + +- The codebase no longer rauses RuntimeError as a kind of + assert(). Specific exception classes were created for each previous + instance of RuntimeError. + + -Many unit tests were changed to use a non-network test harness, + speeding them up considerably. + +- Deep-traversal operations (manifest and deep-check) now walk + individual directories in alphabetical order. Occasional turn breaks + are inserted to prevent a stack overflow when traversing directories + with hundreds of entries. + +- The experimental SFTP server had its path-handling logic changed + slightly, to accomodate more SFTP clients, although there are still + issues (`#645`_). + +.. _#442: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/442 +.. _#645: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/645 +.. _garbage-collection.rst: docs/garbage-collection.rst + +Release 1.3.0 (2009-02-13) +-------------------------- + +Checker/Verifier/Repairer +''''''''''''''''''''''''' + +- The primary focus of this release has been writing a checker / + verifier / repairer for files and directories. "Checking" is the + act of asking storage servers whether they have a share for the + given file or directory: if there are not enough shares available, + the file or directory will be unrecoverable. "Verifying" is the act + of downloading and cryptographically asserting that the server's + share is undamaged: it requires more work (bandwidth and CPU) than + checking, but can catch problems that simple checking + cannot. "Repair" is the act of replacing missing or damaged shares + with new ones. + +- This release includes a full checker, a partial verifier, and a + partial repairer. The repairer is able to handle missing shares: new + shares are generated and uploaded to make up for the missing + ones. This is currently the best application of the repairer: to + replace shares that were lost because of server departure or + permanent drive failure. + +- The repairer in this release is somewhat able to handle corrupted + shares. The limitations are: + + - Immutable verifier is incomplete: not all shares are used, and not + all fields of those shares are verified. Therefore the immutable + verifier has only a moderate chance of detecting corrupted shares. + - The mutable verifier is mostly complete: all shares are examined, + and most fields of the shares are validated. + - The storage server protocol offers no way for the repairer to + replace or delete immutable shares. If corruption is detected, the + repairer will upload replacement shares to other servers, but the + corrupted shares will be left in place. + - read-only directories and read-only mutable files must be repaired + by someone who holds the write-cap: the read-cap is + insufficient. Moreover, the deep-check-and-repair operation will + halt with an error if it attempts to repair one of these read-only + objects. + - Some forms of corruption can cause both download and repair + operations to fail. A future release will fix this, since download + should be tolerant of any corruption as long as there are at least + 'k' valid shares, and repair should be able to fix any file that is + downloadable. + +- If the downloader, verifier, or repairer detects share corruption, + the servers which provided the bad shares will be notified (via a + file placed in the BASEDIR/storage/corruption-advisories directory) + so their operators can manually delete the corrupted shares and + investigate the problem. In addition, the "incident gatherer" + mechanism will automatically report share corruption to an incident + gatherer service, if one is configured. Note that corrupted shares + indicate hardware failures, serious software bugs, or malice on the + part of the storage server operator, so a corrupted share should be + considered highly unusual. + +- By periodically checking/repairing all files and directories, + objects in the Tahoe filesystem remain resistant to recoverability + failures due to missing and/or broken servers. + +- This release includes a wapi mechanism to initiate checks on + individual files and directories (with or without verification, and + with or without automatic repair). A related mechanism is used to + initiate a "deep-check" on a directory: recursively traversing the + directory and its children, checking (and/or verifying/repairing) + everything underneath. Both mechanisms can be run with an + "output=JSON" argument, to obtain machine-readable check/repair + status results. These results include a copy of the filesystem + statistics from the "deep-stats" operation (including total number + of files, size histogram, etc). If repair is possible, a "Repair" + button will appear on the results page. + +- The client web interface now features some extra buttons to initiate + check and deep-check operations. When these operations finish, they + display a results page that summarizes any problems that were + encountered. All long-running deep-traversal operations, including + deep-check, use a start-and-poll mechanism, to avoid depending upon + a single long-lived HTTP connection. `webapi.rst`_ has + details. + +Efficient Backup +'''''''''''''''' + +- The "tahoe backup" command is new in this release, which creates + efficient versioned backups of a local directory. Given a local + pathname and a target Tahoe directory, this will create a read-only + snapshot of the local directory in $target/Archives/$timestamp. It + will also create $target/Latest, which is a reference to the latest + such snapshot. Each time you run "tahoe backup" with the same source + and target, a new $timestamp snapshot will be added. These snapshots + will share directories that have not changed since the last backup, + to speed up the process and minimize storage requirements. In + addition, a small database is used to keep track of which local + files have been uploaded already, to avoid uploading them a second + time. This drastically reduces the work needed to do a "null backup" + (when nothing has changed locally), making "tahoe backup' suitable + to run from a daily cronjob. + + Note that the "tahoe backup" CLI command must be used in conjunction + with a 1.3.0-or-newer Tahoe client node; there was a bug in the + 1.2.0 webapi implementation that would prevent the last step (create + $target/Latest) from working. + +Large Files +''''''''''' + +- The 12GiB (approximate) immutable-file-size limitation is + lifted. This release knows how to handle so-called "v2 immutable + shares", which permit immutable files of up to about 18 EiB (about + 3*10^14). These v2 shares are created if the file to be uploaded is + too large to fit into v1 shares. v1 shares are created if the file + is small enough to fit into them, so that files created with + tahoe-1.3.0 can still be read by earlier versions if they are not + too large. Note that storage servers also had to be changed to + support larger files, and this release is the first release in which + they are able to do that. Clients will detect which servers are + capable of supporting large files on upload and will not attempt to + upload shares of a large file to a server which doesn't support it. + +FTP/SFTP Server +''''''''''''''' + +- Tahoe now includes experimental FTP and SFTP servers. When + configured with a suitable method to translate username+password + into a root directory cap, it provides simple access to the virtual + filesystem. Remember that FTP is completely unencrypted: passwords, + filenames, and file contents are all sent over the wire in + cleartext, so FTP should only be used on a local (127.0.0.1) + connection. This feature is still in development: there are no unit + tests yet, and behavior with respect to Unicode filenames is + uncertain. Please see `FTP-and-SFTP.rst`_ for + configuration details. (`#512`_, `#531`_) + +CLI Changes +''''''''''' + +- This release adds the 'tahoe create-alias' command, which is a + combination of 'tahoe mkdir' and 'tahoe add-alias'. This also allows + you to start using a new tahoe directory without exposing its URI in + the argv list, which is publicly visible (through the process table) + on most unix systems. Thanks to Kevin Reid for bringing this issue + to our attention. + +- The single-argument form of "tahoe put" was changed to create an + unlinked file. I.e. "tahoe put bar.txt" will take the contents of a + local "bar.txt" file, upload them to the grid, and print the + resulting read-cap; the file will not be attached to any + directories. This seemed a bit more useful than the previous + behavior (copy stdin, upload to the grid, attach the resulting file + into your default tahoe: alias in a child named 'bar.txt'). + +- "tahoe put" was also fixed to handle mutable files correctly: "tahoe + put bar.txt URI:SSK:..." will read the contents of the local bar.txt + and use them to replace the contents of the given mutable file. + +- The "tahoe webopen" command was modified to accept aliases. This + means "tahoe webopen tahoe:" will cause your web browser to open to + a "wui" page that gives access to the directory associated with the + default "tahoe:" alias. It should also accept leading slashes, like + "tahoe webopen tahoe:/stuff". + +- Many esoteric debugging commands were moved down into a "debug" + subcommand: + + - tahoe debug dump-cap + - tahoe debug dump-share + - tahoe debug find-shares + - tahoe debug catalog-shares + - tahoe debug corrupt-share + + The last command ("tahoe debug corrupt-share") flips a random bit + of the given local sharefile. This is used to test the file + verifying/repairing code, and obviously should not be used on user + data. + +The cli might not correctly handle arguments which contain non-ascii +characters in Tahoe v1.3 (although depending on your platform it +might, especially if your platform can be configured to pass such +characters on the command-line in utf-8 encoding). See +https://tahoe-lafs.org/trac/tahoe-lafs/ticket/565 for details. + +Web changes +''''''''''' + +- The "default webapi port", used when creating a new client node (and + in the getting-started documentation), was changed from 8123 to + 3456, to reduce confusion when Tahoe accessed through a Firefox + browser on which the "Torbutton" extension has been installed. Port + 8123 is occasionally used as a Tor control port, so Torbutton adds + 8123 to Firefox's list of "banned ports" to avoid CSRF attacks + against Tor. Once 8123 is banned, it is difficult to diagnose why + you can no longer reach a Tahoe node, so the Tahoe default was + changed. Note that 3456 is reserved by IANA for the "vat" protocol, + but there are argueably more Torbutton+Tahoe users than vat users + these days. Note that this will only affect newly-created client + nodes. Pre-existing client nodes, created by earlier versions of + tahoe, may still be listening on 8123. + +- All deep-traversal operations (start-manifest, start-deep-size, + start-deep-stats, start-deep-check) now use a start-and-poll + approach, instead of using a single (fragile) long-running + synchronous HTTP connection. All these "start-" operations use POST + instead of GET. The old "GET manifest", "GET deep-size", and "POST + deep-check" operations have been removed. + +- The new "POST start-manifest" operation, when it finally completes, + results in a table of (path,cap), instead of the list of verifycaps + produced by the old "GET manifest". The table is available in + several formats: use output=html, output=text, or output=json to + choose one. The JSON output also includes stats, and a list of + verifycaps and storage-index strings. The "return_to=" and + "when_done=" arguments have been removed from the t=check and + deep-check operations. + +- The top-level status page (/status) now has a machine-readable form, + via "/status/?t=json". This includes information about the + currently-active uploads and downloads, which may be useful for + frontends that wish to display progress information. There is no + easy way to correlate the activities displayed here with recent wapi + requests, however. + +- Any files in BASEDIR/public_html/ (configurable) will be served in + response to requests in the /static/ portion of the URL space. This + will simplify the deployment of javascript-based frontends that can + still access wapi calls by conforming to the (regrettable) + "same-origin policy". + +- The welcome page now has a "Report Incident" button, which is tied + into the "Incident Gatherer" machinery. If the node is attached to + an incident gatherer (via log_gatherer.furl), then pushing this + button will cause an Incident to be signalled: this means recent log + events are aggregated and sent in a bundle to the gatherer. The user + can push this button after something strange takes place (and they + can provide a short message to go along with it), and the relevant + data will be delivered to a centralized incident-gatherer for later + processing by operations staff. + +- The "HEAD" method should now work correctly, in addition to the + usual "GET", "PUT", and "POST" methods. "HEAD" is supposed to return + exactly the same headers as "GET" would, but without any of the + actual response body data. For mutable files, this now does a brief + mapupdate (to figure out the size of the file that would be + returned), without actually retrieving the file's contents. + +- The "GET" operation on files can now support the HTTP "Range:" + header, allowing requests for partial content. This allows certain + media players to correctly stream audio and movies out of a Tahoe + grid. The current implementation uses a disk-based cache in + BASEDIR/private/cache/download , which holds the plaintext of the + files being downloaded. Future implementations might not use this + cache. GET for immutable files now returns an ETag header. + +- Each file and directory now has a "Show More Info" web page, which + contains much of the information that was crammed into the directory + page before. This includes readonly URIs, storage index strings, + object type, buttons to control checking/verifying/repairing, and + deep-check/deep-stats buttons (for directories). For mutable files, + the "replace contents" upload form has been moved here too. As a + result, the directory page is now much simpler and cleaner, and + several potentially-misleading links (like t=uri) are now gone. + +- Slashes are discouraged in Tahoe file/directory names, since they + cause problems when accessing the filesystem through the + wapi. However, there are a couple of accidental ways to generate + such names. This release tries to make it easier to correct such + mistakes by escaping slashes in several places, allowing slashes in + the t=info and t=delete commands, and in the source (but not the + target) of a t=rename command. + +Packaging +''''''''' + +- Tahoe's dependencies have been extended to require the + "[secure_connections]" feature from Foolscap, which will cause + pyOpenSSL to be required and/or installed. If OpenSSL and its + development headers are already installed on your system, this can + occur automatically. Tahoe now uses pollreactor (instead of the + default selectreactor) to work around a bug between pyOpenSSL and + the most recent release of Twisted (8.1.0). This bug only affects + unit tests (hang during shutdown), and should not impact regular + use. + +- The Tahoe source code tarballs now come in two different forms: + regular and "sumo". The regular tarball contains just Tahoe, nothing + else. When building from the regular tarball, the build process will + download any unmet dependencies from the internet (starting with the + index at PyPI) so it can build and install them. The "sumo" tarball + contains copies of all the libraries that Tahoe requires (foolscap, + twisted, zfec, etc), so using the "sumo" tarball should not require + any internet access during the build process. This can be useful if + you want to build Tahoe while on an airplane, a desert island, or + other bandwidth-limited environments. + +- Similarly, tahoe-lafs.org now hosts a "tahoe-deps" tarball which + contains the latest versions of all these dependencies. This + tarball, located at + https://tahoe-lafs.org/source/tahoe/deps/tahoe-deps.tar.gz, can be + unpacked in the tahoe source tree (or in its parent directory), and + the build process should satisfy its downloading needs from it + instead of reaching out to PyPI. This can be useful if you want to + build Tahoe from a darcs checkout while on that airplane or desert + island. + +- Because of the previous two changes ("sumo" tarballs and the + "tahoe-deps" bundle), most of the files have been removed from + misc/dependencies/ . This brings the regular Tahoe tarball down to + 2MB (compressed), and the darcs checkout (without history) to about + 7.6MB. A full darcs checkout will still be fairly large (because of + the historical patches which included the dependent libraries), but + a 'lazy' one should now be small. + +- The default "make" target is now an alias for "setup.py build", + which itself is an alias for "setup.py develop --prefix support", + with some extra work before and after (see setup.cfg). Most of the + complicated platform-dependent code in the Makefile was rewritten in + Python and moved into setup.py, simplifying things considerably. + +- Likewise, the "make test" target now delegates most of its work to + "setup.py test", which takes care of getting PYTHONPATH configured + to access the tahoe code (and dependencies) that gets put in + support/lib/ by the build_tahoe step. This should allow unit tests + to be run even when trial (which is part of Twisted) wasn't already + installed (in this case, trial gets installed to support/bin because + Twisted is a dependency of Tahoe). + +- Tahoe is now compatible with the recently-released Python 2.6 , + although it is recommended to use Tahoe on Python 2.5, on which it + has received more thorough testing and deployment. + +- Tahoe is now compatible with simplejson-2.0.x . The previous release + assumed that simplejson.loads always returned unicode strings, which + is no longer the case in 2.0.x . + +Grid Management Tools +''''''''''''''''''''' + +- Several tools have been added or updated in the misc/ directory, + mostly munin plugins that can be used to monitor a storage grid. + + - The misc/spacetime/ directory contains a "disk watcher" daemon + (startable with 'tahoe start'), which can be configured with a set + of HTTP URLs (pointing at the wapi '/statistics' page of a bunch of + storage servers), and will periodically fetch + disk-used/disk-available information from all the servers. It keeps + this information in an Axiom database (a sqlite-based library + available from divmod.org). The daemon computes time-averaged rates + of disk usage, as well as a prediction of how much time is left + before the grid is completely full. + + - The misc/munin/ directory contains a new set of munin plugins + (tahoe_diskleft, tahoe_diskusage, tahoe_doomsday) which talk to the + disk-watcher and provide graphs of its calculations. + + - To support the disk-watcher, the Tahoe statistics component + (visible through the wapi at the /statistics/ URL) now includes + disk-used and disk-available information. Both are derived through + an equivalent of the unix 'df' command (i.e. they ask the kernel + for the number of free blocks on the partition that encloses the + BASEDIR/storage directory). In the future, the disk-available + number will be further influenced by the local storage policy: if + that policy says that the server should refuse new shares when less + than 5GB is left on the partition, then "disk-available" will + report zero even though the kernel sees 5GB remaining. + + - The 'tahoe_overhead' munin plugin interacts with an + allmydata.com-specific server which reports the total of the + 'deep-size' reports for all active user accounts, compares this + with the disk-watcher data, to report on overhead percentages. This + provides information on how much space could be recovered once + Tahoe implements some form of garbage collection. + +Configuration Changes: single INI-format tahoe.cfg file +''''''''''''''''''''''''''''''''''''''''''''''''''''''' + +- The Tahoe node is now configured with a single INI-format file, + named "tahoe.cfg", in the node's base directory. Most of the + previous multiple-separate-files are still read for backwards + compatibility (the embedded SSH debug server and the + advertised_ip_addresses files are the exceptions), but new + directives will only be added to tahoe.cfg . The "tahoe + create-client" command will create a tahoe.cfg for you, with sample + values commented out. (ticket `#518`_) + +- tahoe.cfg now has controls for the foolscap "keepalive" and + "disconnect" timeouts (`#521`_). + +- tahoe.cfg now has controls for the encoding parameters: + "shares.needed" and "shares.total" in the "[client]" section. The + default parameters are still 3-of-10. + +- The inefficient storage 'sizelimit' control (which established an + upper bound on the amount of space that a storage server is allowed + to consume) has been replaced by a lightweight 'reserved_space' + control (which establishes a lower bound on the amount of remaining + space). The storage server will reject all writes that would cause + the remaining disk space (as measured by a '/bin/df' equivalent) to + drop below this value. The "[storage]reserved_space=" tahoe.cfg + parameter controls this setting. (note that this only affects + immutable shares: it is an outstanding bug that reserved_space does + not prevent the allocation of new mutable shares, nor does it + prevent the growth of existing mutable shares). + +Other Changes +''''''''''''' + +- Clients now declare which versions of the protocols they + support. This is part of a new backwards-compatibility system: + https://tahoe-lafs.org/trac/tahoe-lafs/wiki/Versioning . + +- The version strings for human inspection (as displayed on the + Welcome web page, and included in logs) now includes a platform + identifer (frequently including a linux distribution name, processor + architecture, etc). + +- Several bugs have been fixed, including one that would cause an + exception (in the logs) if a wapi download operation was cancelled + (by closing the TCP connection, or pushing the "stop" button in a + web browser). + +- Tahoe now uses Foolscap "Incidents", writing an "incident report" + file to logs/incidents/ each time something weird occurs. These + reports are available to an "incident gatherer" through the flogtool + command. For more details, please see the Foolscap logging + documentation. An incident-classifying plugin function is provided + in misc/incident-gatherer/classify_tahoe.py . + +- If clients detect corruption in shares, they now automatically + report it to the server holding that share, if it is new enough to + accept the report. These reports are written to files in + BASEDIR/storage/corruption-advisories . + +- The 'nickname' setting is now defined to be a UTF-8 -encoded string, + allowing non-ascii nicknames. + +- The 'tahoe start' command will now accept a --syslog argument and + pass it through to twistd, making it easier to launch non-Tahoe + nodes (like the cpu-watcher) and have them log to syslogd instead of + a local file. This is useful when running a Tahoe node out of a USB + flash drive. + +- The Mac GUI in src/allmydata/gui/ has been improved. + +.. _#512: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/512 +.. _#518: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/518 +.. _#521: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/521 +.. _#531: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/531 + +Release 1.2.0 (2008-07-21) +-------------------------- + +Security +'''''''' + +- This release makes the immutable-file "ciphertext hash tree" + mandatory. Previous releases allowed the uploader to decide whether + their file would have an integrity check on the ciphertext or not. A + malicious uploader could use this to create a readcap that would + download as one file or a different one, depending upon which shares + the client fetched first, with no errors raised. There are other + integrity checks on the shares themselves, preventing a storage + server or other party from violating the integrity properties of the + read-cap: this failure was only exploitable by the uploader who + gives you a carefully constructed read-cap. If you download the file + with Tahoe 1.2.0 or later, you will not be vulnerable to this + problem. `#491`_ + + This change does not introduce a compatibility issue, because all + existing versions of Tahoe will emit the ciphertext hash tree in + their shares. + +Dependencies +'''''''''''' + +- Tahoe now requires Foolscap-0.2.9 . It also requires pycryptopp 0.5 + or newer, since earlier versions had a bug that interacted with + specific compiler versions that could sometimes result in incorrect + encryption behavior. Both packages are included in the Tahoe source + tarball in misc/dependencies/ , and should be built automatically + when necessary. + +Web API +''''''' + +- Web API directory pages should now contain properly-slash-terminated + links to other directories. They have also stopped using absolute + links in forms and pages (which interfered with the use of a + front-end load-balancing proxy). + +- The behavior of the "Check This File" button changed, in conjunction + with larger internal changes to file checking/verification. The + button triggers an immediate check as before, but the outcome is + shown on its own page, and does not get stored anywhere. As a + result, the web directory page no longer shows historical checker + results. + +- A new "Deep-Check" button has been added, which allows a user to + initiate a recursive check of the given directory and all files and + directories reachable from it. This can cause quite a bit of work, + and has no intermediate progress information or feedback about the + process. In addition, the results of the deep-check are extremely + limited. A later release will improve this behavior. + +- The web server's behavior with respect to non-ASCII (unicode) + filenames in the "GET save=true" operation has been improved. To + achieve maximum compatibility with variously buggy web browsers, the + server does not try to figure out the character set of the inbound + filename. It just echoes the same bytes back to the browser in the + Content-Disposition header. This seems to make both IE7 and Firefox + work correctly. + +Checker/Verifier/Repairer +''''''''''''''''''''''''' + +- Tahoe is slowly acquiring convenient tools to check up on file + health, examine existing shares for errors, and repair files that + are not fully healthy. This release adds a mutable + checker/verifier/repairer, although testing is very limited, and + there are no web interfaces to trigger repair yet. The "Check" + button next to each file or directory on the wapi page will perform + a file check, and the "deep check" button on each directory will + recursively check all files and directories reachable from there + (which may take a very long time). + + Future releases will improve access to this functionality. + +Operations/Packaging +'''''''''''''''''''' + +- A "check-grid" script has been added, along with a Makefile + target. This is intended (with the help of a pre-configured node + directory) to check upon the health of a Tahoe grid, uploading and + downloading a few files. This can be used as a monitoring tool for a + deployed grid, to be run periodically and to signal an error if it + ever fails. It also helps with compatibility testing, to verify that + the latest Tahoe code is still able to handle files created by an + older version. + +- The munin plugins from misc/munin/ are now copied into any generated + debian packages, and are made executable (and uncompressed) so they + can be symlinked directly from /etc/munin/plugins/ . + +- Ubuntu "Hardy" was added as a supported debian platform, with a + Makefile target to produce hardy .deb packages. Some notes have been + added to `debian.rst`_ about building Tahoe on a debian/ubuntu + system. + +- Storage servers now measure operation rates and + latency-per-operation, and provides results through the /statistics + web page as well as the stats gatherer. Munin plugins have been + added to match. + +Other +''''' + +- Tahoe nodes now use Foolscap "incident logging" to record unusual + events to their NODEDIR/logs/incidents/ directory. These incident + files can be examined by Foolscap logging tools, or delivered to an + external log-gatherer for further analysis. Note that Tahoe now + requires Foolscap-0.2.9, since 0.2.8 had a bug that complained about + "OSError: File exists" when trying to create the incidents/ + directory for a second time. + +- If no servers are available when retrieving a mutable file (like a + directory), the node now reports an error instead of hanging + forever. Earlier releases would not only hang (causing the wapi + directory listing to get stuck half-way through), but the internal + dirnode serialization would cause all subsequent attempts to + retrieve or modify the same directory to hang as well. `#463`_ + +- A minor internal exception (reported in logs/twistd.log, in the + "stopProducing" method) was fixed, which complained about + "self._paused_at not defined" whenever a file download was stopped + from the web browser end. + +.. _#463: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/463 +.. _#491: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/491 +.. _debian.rst: docs/debian.rst + +Release 1.1.0 (2008-06-11) +-------------------------- + +CLI: new "alias" model +'''''''''''''''''''''' + +- The new CLI code uses an scp/rsync -like interface, in which + directories in the Tahoe storage grid are referenced by a + colon-suffixed alias. The new commands look like: + + - tahoe cp local.txt tahoe:virtual.txt + - tahoe ls work:subdir + +- More functionality is available through the CLI: creating unlinked + files and directories, recursive copy in or out of the storage grid, + hardlinks, and retrieving the raw read- or write- caps through the + 'ls' command. Please read `CLI.rst`_ for complete details. + +wapi: new pages, new commands +''''''''''''''''''''''''''''' + +- Several new pages were added to the web API: + + - /helper_status : to describe what a Helper is doing + - /statistics : reports node uptime, CPU usage, other stats + - /file : for easy file-download URLs, see `#221`_ + - /cap == /uri : future compatibility + +- The localdir=/localfile= and t=download operations were + removed. These required special configuration to enable anyways, but + this feature was a security problem, and was mostly obviated by the + new "cp -r" command. + +- Several new options to the GET command were added: + + - t=deep-size : add up the size of all immutable files reachable from the directory + - t=deep-stats : return a JSON-encoded description of number of files, size distribution, total size, etc + +- POST is now preferred over PUT for most operations which cause + side-effects. + +- Most wapi calls now accept overwrite=, and default to overwrite=true + +- "POST /uri/DIRCAP/parent/child?t=mkdir" is now the preferred API to + create multiple directories at once, rather than ...?t=mkdir-p . + +- PUT to a mutable file ("PUT /uri/MUTABLEFILECAP", "PUT + /uri/DIRCAP/child") will modify the file in-place. + +- more munin graphs in misc/munin/ + + - tahoe-introstats + - tahoe-rootdir-space + - tahoe_estimate_files + - mutable files published/retrieved + - tahoe_cpu_watcher + - tahoe_spacetime + +New Dependencies +'''''''''''''''' +- zfec 1.1.0 +- foolscap 0.2.8 +- pycryptopp 0.5 +- setuptools (now required at runtime) + +New Mutable-File Code +''''''''''''''''''''' + +- The mutable-file handling code (mostly used for directories) has + been completely rewritten. The new scheme has a better API (with a + modify() method) and is less likely to lose data when several + uncoordinated writers change a file at the same time. + +- In addition, a single Tahoe process will coordinate its own + writes. If you make two concurrent directory-modifying wapi calls to + a single tahoe node, it will internally make one of them wait for + the other to complete. This prevents auto-collision (`#391`_). + +- The new mutable-file code also detects errors during publish + better. Earlier releases might believe that a mutable file was + published when in fact it failed. + +other features +'''''''''''''' + +- The node now monitors its own CPU usage, as a percentage, measured + every 60 seconds. 1/5/15 minute moving averages are available on the + /statistics web page and via the stats-gathering interface. + +- Clients now accelerate reconnection to all servers after being + offline (`#374`_). When a client is offline for a long time, it + scales back reconnection attempts to approximately once per hour, so + it may take a while to make the first attempt, but once any attempt + succeeds, the other server connections will be retried immediately. + +- A new "offloaded KeyGenerator" facility can be configured, to move + RSA key generation out from, say, a wapi node, into a separate + process. RSA keys can take several seconds to create, and so a wapi + node which is being used for directory creation will be unavailable + for anything else during this time. The Key Generator process will + pre-compute a small pool of keys, to speed things up further. This + also takes better advantage of multi-core CPUs, or SMP hosts. + +- The node will only use a potentially-slow "du -s" command at startup + (to measure how much space has been used) if the "sizelimit" + parameter has been configured (to limit how much space is + used). Large storage servers should turn off sizelimit until a later + release improves the space-management code, since "du -s" on a + terabyte filesystem can take hours. + +- The Introducer now allows new announcements to replace old ones, to + avoid buildups of obsolete announcements. + +- Immutable files are limited to about 12GiB (when using the default + 3-of-10 encoding), because larger files would be corrupted by the + four-byte share-size field on the storage servers (`#439`_). A later + release will remove this limit. Earlier releases would allow >12GiB + uploads, but the resulting file would be unretrievable. + +- The docs/ directory has been rearranged, with old docs put in + docs/historical/ and not-yet-implemented ones in docs/proposed/ . + +- The Mac OS-X FUSE plugin has a significant bug fix: earlier versions + would corrupt writes that used seek() instead of writing the file in + linear order. The rsync tool is known to perform writes in this + order. This has been fixed. + +.. _#221: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/221 +.. _#374: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/374 +.. _#391: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/391 +.. _#439: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/439 +.. _CLI.rst: docs/CLI.rst |