Commit | Line | Data |
---|---|---|
46ef7d1d | 1 | -*- indented-text -*- |
a0365806 | 2 | |
46ef7d1d MP |
3 | URGENT --------------------------------------------------------------- |
4 | ||
33d213bb MP |
5 | |
6 | IMPORTANT ------------------------------------------------------------ | |
7 | ||
33d213bb | 8 | |
a2d2e5c0 MP |
9 | use chroot |
10 | ||
11 | If the platform doesn't support it, then don't even try. | |
12 | ||
13 | If running as non-root, then don't fail, just give a warning. | |
14 | (There was a thread about this a while ago?) | |
15 | ||
16 | http://lists.samba.org/pipermail/rsync/2001-August/thread.html | |
17 | http://lists.samba.org/pipermail/rsync/2001-September/thread.html | |
18 | ||
19 | --files-from | |
20 | ||
21 | Avoids traversal. Better option than a pile of --include statements | |
22 | for people who want to generate the file list using a find(1) | |
23 | command or a script. | |
24 | ||
8f4455f2 MP |
25 | File list structure in memory |
26 | ||
27 | Rather than one big array, perhaps have a tree in memory mirroring | |
28 | the directory tree. | |
29 | ||
30 | This might make sorting much faster! (I'm not sure it's a big CPU | |
31 | problem, mind you.) | |
32 | ||
33 | It might also reduce memory use in storing repeated directory names | |
34 | -- again I'm not sure this is a problem. | |
0e5a1f83 | 35 | |
a2d2e5c0 MP |
36 | Performance |
37 | ||
38 | Traverse just one directory at a time. Tridge says it's possible. | |
a6a3c3df MP |
39 | |
40 | At the moment rsync reads the whole file list into memory at the | |
41 | start, which makes us use a lot of memory and also not pipeline | |
42 | network access as much as we could. | |
43 | ||
0e5a1f83 MP |
44 | |
45 | Handling duplicate names | |
46 | ||
b3e6c815 | 47 | We need to be careful of duplicate names getting into the file list. |
d2e9d069 MP |
48 | See clean_flist(). This could happen if multiple arguments include |
49 | the same file. Bad. | |
b3e6c815 MP |
50 | |
51 | I think duplicates are only a problem if they're both flowing | |
52 | through the pipeline at the same time. For example we might have | |
53 | updated the first occurrence after reading the checksums for the | |
54 | second. So possibly we just need to make sure that we don't have | |
55 | both in the pipeline at the same time. | |
56 | ||
57 | Possibly if we did one directory at a time that would be sufficient. | |
58 | ||
59 | Alternatively we could pre-process the arguments to make sure no | |
58379559 MP |
60 | duplicates will ever be inserted. There could be some bad cases |
61 | when we're collapsing symlinks. | |
b3e6c815 MP |
62 | |
63 | We could have a hash table. | |
64 | ||
d2e9d069 MP |
65 | The root of the problem is that we do not want more than one file |
66 | list entry referring to the same file. At first glance there are | |
67 | several ways this could happen: symlinks, hardlinks, and repeated | |
68 | names on the command line. | |
69 | ||
70 | If names are repeated on the command line, they may be present in | |
71 | different forms, perhaps by traversing directory paths in different | |
72 | ways, traversing paths including symlinks. Also we need to allow | |
73 | for expansion of globs by rsync. | |
74 | ||
75 | At the moment, clean_flist() requires having the entire file list in | |
76 | memory. Duplicate names are detected just by a string comparison. | |
77 | ||
78 | We don't need to worry about hard links causing duplicates because | |
79 | files are never updated in place. Similarly for symlinks. | |
80 | ||
81 | I think even if we're using a different symlink mode we don't need | |
82 | to worry. | |
83 | ||
0e5a1f83 MP |
84 | Unless we're really clever this will introduce a protocol |
85 | incompatibility, so we need to be able to accept the old format as | |
86 | well. | |
87 | ||
88 | ||
a6a3c3df MP |
89 | Memory accounting |
90 | ||
91 | At exit, show how much memory was used for the file list, etc. | |
92 | ||
b3e6c815 MP |
93 | Also we do a wierd exponential-growth allocation in flist.c. I'm |
94 | not sure this makes sense with modern mallocs. At any rate it will | |
95 | make us allocate a huge amount of memory for large file lists. | |
96 | ||
0e5a1f83 | 97 | |
a6a3c3df MP |
98 | Hard-link handling |
99 | ||
100 | At the moment hardlink handling is very expensive, so it's off by | |
101 | default. It does not need to be so. | |
102 | ||
0e5a1f83 MP |
103 | Since most of the solutions are rather intertwined with the file |
104 | list it is probably better to fix that first, although fixing | |
105 | hardlinks is possibly simpler. | |
106 | ||
a6a3c3df MP |
107 | We can rule out hardlinked directories since they will probably |
108 | screw us up in all kinds of ways. They simply should not be used. | |
109 | ||
110 | At the moment rsync only cares about hardlinks to regular files. I | |
111 | guess you could also use them for sockets, devices and other beasts, | |
112 | but I have not seen them. | |
113 | ||
114 | When trying to reproduce hard links, we only need to worry about | |
115 | files that have more than one name (nlinks>1 && !S_ISDIR). | |
116 | ||
117 | The basic point of this is to discover alternate names that refer to | |
118 | the same file. All operations, including creating the file and | |
119 | writing modifications to it need only to be done for the first name. | |
120 | For all later names, we just create the link and then leave it | |
121 | alone. | |
122 | ||
123 | If hard links are to be preserved: | |
124 | ||
125 | Before the generator/receiver fork, the list of files is received | |
126 | from the sender (recv_file_list), and a table for detecting hard | |
127 | links is built. | |
128 | ||
129 | The generator looks for hard links within the file list and does | |
130 | not send checksums for them, though it does send other metadata. | |
131 | ||
132 | The sender sends the device number and inode with file entries, so | |
133 | that files are uniquely identified. | |
134 | ||
135 | The receiver goes through and creates hard links (do_hard_links) | |
136 | after all data has been written, but before directory permissions | |
137 | are set. | |
138 | ||
139 | At the moment device and inum are sent as 4-byte integers, which | |
140 | will probably cause problems on large filesystems. On Linux the | |
141 | kernel uses 64-bit ino_t's internally, and people will soon have | |
142 | filesystems big enough to use them. We ought to follow NFS4 in | |
143 | using 64-bit device and inode identification, perhaps with a | |
144 | protocol version bump. | |
145 | ||
146 | Once we've seen all the names for a particular file, we no longer | |
147 | need to think about it and we can deallocate the memory. | |
148 | ||
149 | We can also have the case where there are links to a file that are | |
150 | not in the tree being transferred. There's nothing we can do about | |
151 | that. Because we rename the destination into place after writing, | |
152 | any hardlinks to the old file are always going to be orphaned. In | |
153 | fact that is almost necessary because otherwise we'd get really | |
154 | confused if we were generating checksums for one name of a file and | |
155 | modifying another. | |
156 | ||
157 | At the moment the code seems to make a whole second copy of the file | |
158 | list, which seems unnecessary. | |
159 | ||
160 | We should have a test case that exercises hard links. Since it | |
161 | might be hard to compare ./tls output where the inodes change we | |
162 | might need a little program to check whether several names refer to | |
163 | the same file. | |
a2d2e5c0 MP |
164 | |
165 | IPv6 | |
166 | ||
c33e3e39 MP |
167 | Implement suggestions from http://www.kame.net/newsletter/19980604/ |
168 | and ftp://ftp.iij.ad.jp/pub/RFC/rfc2553.txt | |
169 | ||
170 | If a host has multiple addresses, then listen try to connect to all | |
171 | in order until we get through. (getaddrinfo may return multiple | |
c10b0bdd | 172 | addresses.) This is kind of implemented already. |
c33e3e39 MP |
173 | |
174 | Possibly also when starting as a server we may need to listen on | |
175 | multiple passive addresses. This might be a bit harder, because we | |
176 | may need to select on all of them. Hm. | |
177 | ||
a2d2e5c0 MP |
178 | Define a syntax for IPv6 literal addresses. Since they include |
179 | colons, they tend to break most naming systems, including ours. | |
180 | Based on the HTTP IPv6 syntax, I think we should use | |
181 | ||
182 | rsync://[::1]/foo/bar | |
183 | [::1]::bar | |
184 | ||
185 | which should just take a small change to the parser code. | |
186 | ||
b17dd0c4 | 187 | |
5aafd07b MP |
188 | Errors |
189 | ||
190 | If we hang or get SIGINT, then explain where we were up to. Perhaps | |
191 | have a static buffer that contains the current function name, or | |
192 | some kind of description of what we were trying to do. This is a | |
193 | little easier on people than needing to run strace/truss. | |
194 | ||
195 | "The dungeon collapses! You are killed." Rather than "unexpected | |
196 | eof" give a message that is more detailed if possible and also more | |
197 | helpful. | |
198 | ||
89b0a3d9 MP |
199 | If we get an error writing to a socket, then we should perhaps |
200 | continue trying to read to see if an error message comes across | |
201 | explaining why the socket is closed. I'm not sure if this would | |
202 | work, but it would certainly make our messages more helpful. | |
203 | ||
b17dd0c4 MP |
204 | What happens if a directory is missing -x attributes. Do we lose |
205 | our load? (Debian #28416) Probably fixed now, but a test case | |
206 | would be good. | |
207 | ||
208 | ||
5575de14 MP |
209 | File attributes |
210 | ||
211 | Device major/minor numbers should be at least 32 bits each. See | |
212 | http://lists.samba.org/pipermail/rsync/2001-November/005357.html | |
213 | ||
214 | Transfer ACLs. Need to think of a standard representation. | |
215 | Probably better not to even try to convert between NT and POSIX. | |
216 | Possibly can share some code with Samba. | |
5aafd07b | 217 | |
28a69e25 MP |
218 | Empty directories |
219 | ||
220 | With the current common --include '*/' --exclude '*' pattern, people | |
221 | can end up with many empty directories. We might avoid this by | |
222 | lazily creating such directories. | |
223 | ||
c6e27b60 | 224 | |
28a69e25 MP |
225 | zlib |
226 | ||
c6e27b60 MP |
227 | Perhaps don't use our own zlib. |
228 | ||
229 | Advantages: | |
230 | ||
231 | - will automatically be up to date with bugfixes in zlib | |
232 | ||
233 | - can leave it out for small rsync on e.g. recovery disks | |
234 | ||
235 | - can use a shared library | |
236 | ||
237 | - avoids people breaking rsync by trying to do this themselves and | |
238 | messing up | |
239 | ||
240 | Should we ship zlib for systems that don't have it, or require | |
241 | people to install it separately? | |
242 | ||
243 | Apparently this will make us incompatible with versions of rsync | |
244 | that use the patched version of rsync. Probably the simplest way to | |
245 | do this is to just disable gzip (with a warning) when talking to old | |
246 | versions. | |
247 | ||
28a69e25 MP |
248 | |
249 | logging | |
250 | ||
251 | Perhaps flush stdout after each filename, so that people trying to | |
252 | monitor progress in a log file can do so more easily. See | |
253 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=48108 | |
254 | ||
430d841a MP |
255 | At the connections that just get a list of modules are not logged, |
256 | but they should be. | |
257 | ||
db1babe6 MP |
258 | If a child of the rsync daemon dies with a signal, we should notice |
259 | that when we reap it and log a message. | |
260 | ||
a5c48193 MP |
261 | Keep stderr and stdout properly separated (Debian #23626) |
262 | ||
6479c2ed MP |
263 | Use a separate function for reporting errors; prefix it with |
264 | "rsync:" or "rsync(remote)", or perhaps even "rsync(local | |
265 | generator): ". | |
266 | ||
db1babe6 | 267 | |
7c583c73 MP |
268 | rsyncd over ssh |
269 | ||
270 | There are already some patches to do this. | |
271 | ||
92325ada MP |
272 | proxy authentication |
273 | ||
274 | Allow RSYNC_PROXY to be http://user:pass@proxy.foo:3128/, and do | |
275 | HTTP Basic Proxy-Authentication. | |
276 | ||
277 | Multiple schemes are possible, up to and including the insanity that | |
278 | is NTLM, but Basic probably covers most cases. | |
279 | ||
280 | SOCKS | |
281 | ||
282 | Add --with-socks, and then perhaps a command-line option to put them | |
283 | on or off. This might be more reliable than LD_PRELOAD hacks. | |
284 | ||
27741d9f MP |
285 | Better statistics: |
286 | ||
287 | <Rasmus> mbp: hey, how about an rsync option that just gives you the | |
288 | summary without the list of files? And perhaps gives more | |
289 | information like the number of new files, number of changed, | |
290 | deleted, etc. ? | |
291 | <mbp> Rasmus: nice idea | |
292 | <mbp> there is --stats | |
293 | <mbp> but at the moment it's very tridge-oriented | |
294 | <mbp> rather than user-friendly | |
295 | <mbp> it would be nice to improve it | |
296 | <mbp> that would also work well with --dryrun | |
297 | ||
e53fe9a2 MP |
298 | TDB: |
299 | ||
300 | Rather than storing the file list in memory, store it in a TDB. | |
301 | ||
302 | This *might* make memory usage lower while building the file list. | |
303 | ||
304 | Hashtable lookup will mean files are not transmitted in order, | |
305 | though... hm. | |
306 | ||
307 | This would neatly eliminate one of the major post-fork shared data | |
308 | structures. | |
309 | ||
310 | ||
97e1254a MP |
311 | chmod: |
312 | ||
313 | On 12 Mar 2002, Dave Dykstra <dwd@bell-labs.com> wrote: | |
314 | > If we would add an option to do that functionality, I would vote for one | |
315 | > that was more general which could mask off any set of permission bits and | |
316 | > possibly add any set of bits. Perhaps a chmod-like syntax if it could be | |
317 | > implemented simply. | |
318 | ||
319 | I think that would be good too. For example, people uploading files | |
320 | to a web server might like to say | |
321 | ||
322 | rsync -avzP --chmod a+rX ./ sourcefrog.net:/home/www/sourcefrog/ | |
323 | ||
324 | Ideally the patch would implement as many of the gnu chmod semantics | |
325 | as possible. I think the mode parser should be a separate function | |
326 | that passes back something like (mask,set) description to the rest of | |
327 | the program. For bonus points there would be a test case for the | |
328 | parser. | |
329 | ||
36692011 MP |
330 | (Debian #23628) |
331 | ||
97e1254a | 332 | |
3c1edccb MP |
333 | --diff |
334 | ||
335 | Allow people to specify the diff command. (Might want to use wdiff, | |
336 | gnudiff, etc.) | |
337 | ||
338 | Just diff the temporary file with the destination file, and delete | |
339 | the tmp file rather than moving it into place. | |
340 | ||
341 | Interaction with --partial. | |
342 | ||
343 | Security interactions with daemon mode? | |
344 | ||
345 | (Suggestion from david.e.sewell) | |
346 | ||
347 | ||
a628b069 MP |
348 | Incorrect timestamps (Debian #100295) |
349 | ||
350 | A bit hard to believe, but apparently it happens. | |
6d19c674 MP |
351 | |
352 | ||
353 | Check "refuse options works" | |
354 | ||
355 | We need a test case for this... | |
356 | ||
357 | Was this broken when we changed to popt? | |
6479c2ed MP |
358 | |
359 | ||
360 | String area code | |
361 | ||
362 | Test whether this is actually faster than just using malloc(). If | |
363 | it's not (anymore), throw it out. | |
a628b069 MP |
364 | |
365 | ||
366 | ||
a2d2e5c0 MP |
367 | PLATFORMS ------------------------------------------------------------ |
368 | ||
369 | Win32 | |
370 | ||
371 | Don't detach, because this messes up --srvany. | |
372 | ||
373 | http://sources.redhat.com/ml/cygwin/2001-08/msg00234.html | |
374 | ||
375 | According to "Effective TCP/IP Programming" (??) close() on a socket | |
376 | has incorrect behaviour on Windows -- it sends a RST packet to the | |
377 | other side, which gives a "connection reset by peer" error. On that | |
378 | platform we should probably do shutdown() instead. However, on Unix | |
379 | we are correct to call close(), because shutdown() discards | |
380 | untransmitted data. | |
381 | ||
0e23e41d MP |
382 | DEVELOPMENT ---------------------------------------------------------- |
383 | ||
384 | Splint | |
385 | ||
386 | Build rsync with SPLINT to try to find security holes. Add | |
387 | annotations as necessary. Keep track of the number of warnings | |
388 | found initially, and see how many of them are real bugs, or real | |
389 | security bugs. Knowing the percentage of likely hits would be | |
390 | really interesting for other projects. | |
391 | ||
f5a95bb5 MP |
392 | Torture test |
393 | ||
394 | Something that just keeps running rsync continuously over a data set | |
395 | likely to generate problems. | |
396 | ||
397 | Cross-testing | |
398 | ||
399 | Run current rsync versions against significant past releases. | |
400 | ||
43a4dc10 MP |
401 | Memory debugger |
402 | ||
3a79260d | 403 | jra recommends Valgrind: |
43a4dc10 MP |
404 | |
405 | http://devel-home.kde.org/~sewardj/ | |
406 | ||
e9c4c301 MP |
407 | TESTING -------------------------------------------------------------- |
408 | ||
409 | Cross-test versions | |
410 | ||
411 | Part of the regression suite should be making sure that we don't | |
412 | break backwards compatibility: old clients vs new servers and so | |
413 | on. Ideally we would test the cross product of versions. | |
414 | ||
415 | It might be sufficient to test downloads from well-known public | |
416 | rsync servers running different versions of rsync. This will give | |
417 | some testing and also be the most common case for having different | |
418 | versions and not being able to upgrade. | |
419 | ||
420 | Test large files | |
421 | ||
422 | Sparse and non-sparse | |
423 | ||
424 | Mutator program | |
425 | ||
426 | Insert bytes, delete bytes, swap blocks, ... | |
427 | ||
428 | configure option to enable dangerous tests | |
429 | ||
430 | If tests are skipped, say why. | |
431 | ||
b73b51a9 MP |
432 | Test daemon feature to disallow particular options. |
433 | ||
599dc93c MP |
434 | Pipe program that makes slow/jerky connections. |
435 | ||
76533c52 MP |
436 | Versions of read() and write() that corrupt the stream, or abruptly fail |
437 | ||
6479c2ed MP |
438 | Separate makefile target to run rough tests -- or perhaps just run |
439 | them every time? | |
440 | ||
e9c4c301 | 441 | |
7c583c73 MP |
442 | DOCUMENTATION -------------------------------------------------------- |
443 | ||
444 | Update README | |
445 | ||
b73b51a9 MP |
446 | Keep list of open issues and todos on the web site |
447 | ||
448 | Update web site from CVS | |
449 | ||
a2d2e5c0 MP |
450 | BUILD FARM ----------------------------------------------------------- |
451 | ||
452 | Add machines | |
453 | ||
454 | AMDAHL UTS (Dave Dykstra) | |
455 | ||
456 | Cygwin (on different versions of Win32?) | |
457 | ||
458 | HP-UX variants (via HP?) | |
33d213bb | 459 | |
5aafd07b MP |
460 | SCO |
461 | ||
46ef7d1d MP |
462 | NICE ----------------------------------------------------------------- |
463 | ||
a2d2e5c0 MP |
464 | --no-detach and --no-fork options |
465 | ||
466 | Very useful for debugging. Also good when running under a | |
467 | daemon-monitoring process that tries to restart the service when the | |
468 | parent exits. | |
469 | ||
470 | hang/timeout friendliness | |
471 | ||
50f2f002 MP |
472 | verbose output |
473 | ||
474 | Indicate whether files are new, updated, or deleted | |
475 | ||
d834adc1 MP |
476 | At end of transfer, show how many files were or were not transferred |
477 | correctly. | |
478 | ||
a2d2e5c0 MP |
479 | internationalization |
480 | ||
481 | Change to using gettext(). Probably need to ship this for platforms | |
482 | that don't have it. | |
483 | ||
484 | Solicit translations. | |
485 | ||
486 | Does anyone care? | |
487 | ||
46ef7d1d MP |
488 | rsyncsh |
489 | ||
490 | Write a small emulation of interactive ftp as a Pythonn program | |
491 | that calls rsync. Commands such as "cd", "ls", "ls *.c" etc map | |
492 | fairly directly into rsync commands: it just needs to remember the | |
493 | current host, directory and so on. We can probably even do | |
494 | completion of remote filenames. |