| 1 | -*- indented-text -*- |
| 2 | |
| 3 | URGENT --------------------------------------------------------------- |
| 4 | |
| 5 | |
| 6 | IMPORTANT ------------------------------------------------------------ |
| 7 | |
| 8 | |
| 9 | use chroot |
| 10 | |
| 11 | If the platform doesn't support it, then don't even try. |
| 12 | |
| 13 | If running as non-root, then don't fail, just give a warning. |
| 14 | (There was a thread about this a while ago?) |
| 15 | |
| 16 | http://lists.samba.org/pipermail/rsync/2001-August/thread.html |
| 17 | http://lists.samba.org/pipermail/rsync/2001-September/thread.html |
| 18 | |
| 19 | --files-from |
| 20 | |
| 21 | Avoids traversal. Better option than a pile of --include statements |
| 22 | for people who want to generate the file list using a find(1) |
| 23 | command or a script. |
| 24 | |
| 25 | File list structure in memory |
| 26 | |
| 27 | Rather than one big array, perhaps have a tree in memory mirroring |
| 28 | the directory tree. |
| 29 | |
| 30 | This might make sorting much faster! (I'm not sure it's a big CPU |
| 31 | problem, mind you.) |
| 32 | |
| 33 | It might also reduce memory use in storing repeated directory names |
| 34 | -- again I'm not sure this is a problem. |
| 35 | |
| 36 | Performance |
| 37 | |
| 38 | Traverse just one directory at a time. Tridge says it's possible. |
| 39 | |
| 40 | At the moment rsync reads the whole file list into memory at the |
| 41 | start, which makes us use a lot of memory and also not pipeline |
| 42 | network access as much as we could. |
| 43 | |
| 44 | |
| 45 | Handling duplicate names |
| 46 | |
| 47 | We need to be careful of duplicate names getting into the file list. |
| 48 | See clean_flist(). This could happen if multiple arguments include |
| 49 | the same file. Bad. |
| 50 | |
| 51 | I think duplicates are only a problem if they're both flowing |
| 52 | through the pipeline at the same time. For example we might have |
| 53 | updated the first occurrence after reading the checksums for the |
| 54 | second. So possibly we just need to make sure that we don't have |
| 55 | both in the pipeline at the same time. |
| 56 | |
| 57 | Possibly if we did one directory at a time that would be sufficient. |
| 58 | |
| 59 | Alternatively we could pre-process the arguments to make sure no |
| 60 | duplicates will ever be inserted. There could be some bad cases |
| 61 | when we're collapsing symlinks. |
| 62 | |
| 63 | We could have a hash table. |
| 64 | |
| 65 | The root of the problem is that we do not want more than one file |
| 66 | list entry referring to the same file. At first glance there are |
| 67 | several ways this could happen: symlinks, hardlinks, and repeated |
| 68 | names on the command line. |
| 69 | |
| 70 | If names are repeated on the command line, they may be present in |
| 71 | different forms, perhaps by traversing directory paths in different |
| 72 | ways, traversing paths including symlinks. Also we need to allow |
| 73 | for expansion of globs by rsync. |
| 74 | |
| 75 | At the moment, clean_flist() requires having the entire file list in |
| 76 | memory. Duplicate names are detected just by a string comparison. |
| 77 | |
| 78 | We don't need to worry about hard links causing duplicates because |
| 79 | files are never updated in place. Similarly for symlinks. |
| 80 | |
| 81 | I think even if we're using a different symlink mode we don't need |
| 82 | to worry. |
| 83 | |
| 84 | Unless we're really clever this will introduce a protocol |
| 85 | incompatibility, so we need to be able to accept the old format as |
| 86 | well. |
| 87 | |
| 88 | |
| 89 | Memory accounting |
| 90 | |
| 91 | At exit, show how much memory was used for the file list, etc. |
| 92 | |
| 93 | Also we do a wierd exponential-growth allocation in flist.c. I'm |
| 94 | not sure this makes sense with modern mallocs. At any rate it will |
| 95 | make us allocate a huge amount of memory for large file lists. |
| 96 | |
| 97 | |
| 98 | Hard-link handling |
| 99 | |
| 100 | At the moment hardlink handling is very expensive, so it's off by |
| 101 | default. It does not need to be so. |
| 102 | |
| 103 | Since most of the solutions are rather intertwined with the file |
| 104 | list it is probably better to fix that first, although fixing |
| 105 | hardlinks is possibly simpler. |
| 106 | |
| 107 | We can rule out hardlinked directories since they will probably |
| 108 | screw us up in all kinds of ways. They simply should not be used. |
| 109 | |
| 110 | At the moment rsync only cares about hardlinks to regular files. I |
| 111 | guess you could also use them for sockets, devices and other beasts, |
| 112 | but I have not seen them. |
| 113 | |
| 114 | When trying to reproduce hard links, we only need to worry about |
| 115 | files that have more than one name (nlinks>1 && !S_ISDIR). |
| 116 | |
| 117 | The basic point of this is to discover alternate names that refer to |
| 118 | the same file. All operations, including creating the file and |
| 119 | writing modifications to it need only to be done for the first name. |
| 120 | For all later names, we just create the link and then leave it |
| 121 | alone. |
| 122 | |
| 123 | If hard links are to be preserved: |
| 124 | |
| 125 | Before the generator/receiver fork, the list of files is received |
| 126 | from the sender (recv_file_list), and a table for detecting hard |
| 127 | links is built. |
| 128 | |
| 129 | The generator looks for hard links within the file list and does |
| 130 | not send checksums for them, though it does send other metadata. |
| 131 | |
| 132 | The sender sends the device number and inode with file entries, so |
| 133 | that files are uniquely identified. |
| 134 | |
| 135 | The receiver goes through and creates hard links (do_hard_links) |
| 136 | after all data has been written, but before directory permissions |
| 137 | are set. |
| 138 | |
| 139 | At the moment device and inum are sent as 4-byte integers, which |
| 140 | will probably cause problems on large filesystems. On Linux the |
| 141 | kernel uses 64-bit ino_t's internally, and people will soon have |
| 142 | filesystems big enough to use them. We ought to follow NFS4 in |
| 143 | using 64-bit device and inode identification, perhaps with a |
| 144 | protocol version bump. |
| 145 | |
| 146 | Once we've seen all the names for a particular file, we no longer |
| 147 | need to think about it and we can deallocate the memory. |
| 148 | |
| 149 | We can also have the case where there are links to a file that are |
| 150 | not in the tree being transferred. There's nothing we can do about |
| 151 | that. Because we rename the destination into place after writing, |
| 152 | any hardlinks to the old file are always going to be orphaned. In |
| 153 | fact that is almost necessary because otherwise we'd get really |
| 154 | confused if we were generating checksums for one name of a file and |
| 155 | modifying another. |
| 156 | |
| 157 | At the moment the code seems to make a whole second copy of the file |
| 158 | list, which seems unnecessary. |
| 159 | |
| 160 | We should have a test case that exercises hard links. Since it |
| 161 | might be hard to compare ./tls output where the inodes change we |
| 162 | might need a little program to check whether several names refer to |
| 163 | the same file. |
| 164 | |
| 165 | IPv6 |
| 166 | |
| 167 | Implement suggestions from http://www.kame.net/newsletter/19980604/ |
| 168 | and ftp://ftp.iij.ad.jp/pub/RFC/rfc2553.txt |
| 169 | |
| 170 | If a host has multiple addresses, then listen try to connect to all |
| 171 | in order until we get through. (getaddrinfo may return multiple |
| 172 | addresses.) This is kind of implemented already. |
| 173 | |
| 174 | Possibly also when starting as a server we may need to listen on |
| 175 | multiple passive addresses. This might be a bit harder, because we |
| 176 | may need to select on all of them. Hm. |
| 177 | |
| 178 | Define a syntax for IPv6 literal addresses. Since they include |
| 179 | colons, they tend to break most naming systems, including ours. |
| 180 | Based on the HTTP IPv6 syntax, I think we should use |
| 181 | |
| 182 | rsync://[::1]/foo/bar |
| 183 | [::1]::bar |
| 184 | |
| 185 | which should just take a small change to the parser code. |
| 186 | |
| 187 | Errors |
| 188 | |
| 189 | If we hang or get SIGINT, then explain where we were up to. Perhaps |
| 190 | have a static buffer that contains the current function name, or |
| 191 | some kind of description of what we were trying to do. This is a |
| 192 | little easier on people than needing to run strace/truss. |
| 193 | |
| 194 | "The dungeon collapses! You are killed." Rather than "unexpected |
| 195 | eof" give a message that is more detailed if possible and also more |
| 196 | helpful. |
| 197 | |
| 198 | If we get an error writing to a socket, then we should perhaps |
| 199 | continue trying to read to see if an error message comes across |
| 200 | explaining why the socket is closed. I'm not sure if this would |
| 201 | work, but it would certainly make our messages more helpful. |
| 202 | |
| 203 | File attributes |
| 204 | |
| 205 | Device major/minor numbers should be at least 32 bits each. See |
| 206 | http://lists.samba.org/pipermail/rsync/2001-November/005357.html |
| 207 | |
| 208 | Transfer ACLs. Need to think of a standard representation. |
| 209 | Probably better not to even try to convert between NT and POSIX. |
| 210 | Possibly can share some code with Samba. |
| 211 | |
| 212 | Empty directories |
| 213 | |
| 214 | With the current common --include '*/' --exclude '*' pattern, people |
| 215 | can end up with many empty directories. We might avoid this by |
| 216 | lazily creating such directories. |
| 217 | |
| 218 | |
| 219 | zlib |
| 220 | |
| 221 | Perhaps don't use our own zlib. |
| 222 | |
| 223 | Advantages: |
| 224 | |
| 225 | - will automatically be up to date with bugfixes in zlib |
| 226 | |
| 227 | - can leave it out for small rsync on e.g. recovery disks |
| 228 | |
| 229 | - can use a shared library |
| 230 | |
| 231 | - avoids people breaking rsync by trying to do this themselves and |
| 232 | messing up |
| 233 | |
| 234 | Should we ship zlib for systems that don't have it, or require |
| 235 | people to install it separately? |
| 236 | |
| 237 | Apparently this will make us incompatible with versions of rsync |
| 238 | that use the patched version of rsync. Probably the simplest way to |
| 239 | do this is to just disable gzip (with a warning) when talking to old |
| 240 | versions. |
| 241 | |
| 242 | |
| 243 | logging |
| 244 | |
| 245 | Perhaps flush stdout after each filename, so that people trying to |
| 246 | monitor progress in a log file can do so more easily. See |
| 247 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=48108 |
| 248 | |
| 249 | At the connections that just get a list of modules are not logged, |
| 250 | but they should be. |
| 251 | |
| 252 | If a child of the rsync daemon dies with a signal, we should notice |
| 253 | that when we reap it and log a message. |
| 254 | |
| 255 | |
| 256 | rsyncd over ssh |
| 257 | |
| 258 | There are already some patches to do this. |
| 259 | |
| 260 | proxy authentication |
| 261 | |
| 262 | Allow RSYNC_PROXY to be http://user:pass@proxy.foo:3128/, and do |
| 263 | HTTP Basic Proxy-Authentication. |
| 264 | |
| 265 | Multiple schemes are possible, up to and including the insanity that |
| 266 | is NTLM, but Basic probably covers most cases. |
| 267 | |
| 268 | SOCKS |
| 269 | |
| 270 | Add --with-socks, and then perhaps a command-line option to put them |
| 271 | on or off. This might be more reliable than LD_PRELOAD hacks. |
| 272 | |
| 273 | Better statistics: |
| 274 | |
| 275 | <Rasmus> mbp: hey, how about an rsync option that just gives you the |
| 276 | summary without the list of files? And perhaps gives more |
| 277 | information like the number of new files, number of changed, |
| 278 | deleted, etc. ? |
| 279 | <mbp> Rasmus: nice idea |
| 280 | <mbp> there is --stats |
| 281 | <mbp> but at the moment it's very tridge-oriented |
| 282 | <mbp> rather than user-friendly |
| 283 | <mbp> it would be nice to improve it |
| 284 | <mbp> that would also work well with --dryrun |
| 285 | |
| 286 | TDB: |
| 287 | |
| 288 | Rather than storing the file list in memory, store it in a TDB. |
| 289 | |
| 290 | This *might* make memory usage lower while building the file list. |
| 291 | |
| 292 | Hashtable lookup will mean files are not transmitted in order, |
| 293 | though... hm. |
| 294 | |
| 295 | This would neatly eliminate one of the major post-fork shared data |
| 296 | structures. |
| 297 | |
| 298 | |
| 299 | chmod: |
| 300 | |
| 301 | On 12 Mar 2002, Dave Dykstra <dwd@bell-labs.com> wrote: |
| 302 | > If we would add an option to do that functionality, I would vote for one |
| 303 | > that was more general which could mask off any set of permission bits and |
| 304 | > possibly add any set of bits. Perhaps a chmod-like syntax if it could be |
| 305 | > implemented simply. |
| 306 | |
| 307 | I think that would be good too. For example, people uploading files |
| 308 | to a web server might like to say |
| 309 | |
| 310 | rsync -avzP --chmod a+rX ./ sourcefrog.net:/home/www/sourcefrog/ |
| 311 | |
| 312 | Ideally the patch would implement as many of the gnu chmod semantics |
| 313 | as possible. I think the mode parser should be a separate function |
| 314 | that passes back something like (mask,set) description to the rest of |
| 315 | the program. For bonus points there would be a test case for the |
| 316 | parser. |
| 317 | |
| 318 | |
| 319 | --diff |
| 320 | |
| 321 | Allow people to specify the diff command. (Might want to use wdiff, |
| 322 | gnudiff, etc.) |
| 323 | |
| 324 | Just diff the temporary file with the destination file, and delete |
| 325 | the tmp file rather than moving it into place. |
| 326 | |
| 327 | Interaction with --partial. |
| 328 | |
| 329 | Security interactions with daemon mode? |
| 330 | |
| 331 | (Suggestion from david.e.sewell) |
| 332 | |
| 333 | |
| 334 | PLATFORMS ------------------------------------------------------------ |
| 335 | |
| 336 | Win32 |
| 337 | |
| 338 | Don't detach, because this messes up --srvany. |
| 339 | |
| 340 | http://sources.redhat.com/ml/cygwin/2001-08/msg00234.html |
| 341 | |
| 342 | According to "Effective TCP/IP Programming" (??) close() on a socket |
| 343 | has incorrect behaviour on Windows -- it sends a RST packet to the |
| 344 | other side, which gives a "connection reset by peer" error. On that |
| 345 | platform we should probably do shutdown() instead. However, on Unix |
| 346 | we are correct to call close(), because shutdown() discards |
| 347 | untransmitted data. |
| 348 | |
| 349 | DEVELOPMENT ---------------------------------------------------------- |
| 350 | |
| 351 | Splint |
| 352 | |
| 353 | Build rsync with SPLINT to try to find security holes. Add |
| 354 | annotations as necessary. Keep track of the number of warnings |
| 355 | found initially, and see how many of them are real bugs, or real |
| 356 | security bugs. Knowing the percentage of likely hits would be |
| 357 | really interesting for other projects. |
| 358 | |
| 359 | Torture test |
| 360 | |
| 361 | Something that just keeps running rsync continuously over a data set |
| 362 | likely to generate problems. |
| 363 | |
| 364 | Cross-testing |
| 365 | |
| 366 | Run current rsync versions against significant past releases. |
| 367 | |
| 368 | Memory debugger |
| 369 | |
| 370 | jra recommends Valgrind: |
| 371 | |
| 372 | http://devel-home.kde.org/~sewardj/ |
| 373 | |
| 374 | TESTING -------------------------------------------------------------- |
| 375 | |
| 376 | Cross-test versions |
| 377 | |
| 378 | Part of the regression suite should be making sure that we don't |
| 379 | break backwards compatibility: old clients vs new servers and so |
| 380 | on. Ideally we would test the cross product of versions. |
| 381 | |
| 382 | It might be sufficient to test downloads from well-known public |
| 383 | rsync servers running different versions of rsync. This will give |
| 384 | some testing and also be the most common case for having different |
| 385 | versions and not being able to upgrade. |
| 386 | |
| 387 | Test large files |
| 388 | |
| 389 | Sparse and non-sparse |
| 390 | |
| 391 | Mutator program |
| 392 | |
| 393 | Insert bytes, delete bytes, swap blocks, ... |
| 394 | |
| 395 | configure option to enable dangerous tests |
| 396 | |
| 397 | If tests are skipped, say why. |
| 398 | |
| 399 | Test daemon feature to disallow particular options. |
| 400 | |
| 401 | |
| 402 | DOCUMENTATION -------------------------------------------------------- |
| 403 | |
| 404 | Update README |
| 405 | |
| 406 | Keep list of open issues and todos on the web site |
| 407 | |
| 408 | Update web site from CVS |
| 409 | |
| 410 | BUILD FARM ----------------------------------------------------------- |
| 411 | |
| 412 | Add machines |
| 413 | |
| 414 | AMDAHL UTS (Dave Dykstra) |
| 415 | |
| 416 | Cygwin (on different versions of Win32?) |
| 417 | |
| 418 | HP-UX variants (via HP?) |
| 419 | |
| 420 | SCO |
| 421 | |
| 422 | NICE ----------------------------------------------------------------- |
| 423 | |
| 424 | --no-detach and --no-fork options |
| 425 | |
| 426 | Very useful for debugging. Also good when running under a |
| 427 | daemon-monitoring process that tries to restart the service when the |
| 428 | parent exits. |
| 429 | |
| 430 | hang/timeout friendliness |
| 431 | |
| 432 | verbose output |
| 433 | |
| 434 | Indicate whether files are new, updated, or deleted |
| 435 | |
| 436 | At end of transfer, show how many files were or were not transferred |
| 437 | correctly. |
| 438 | |
| 439 | internationalization |
| 440 | |
| 441 | Change to using gettext(). Probably need to ship this for platforms |
| 442 | that don't have it. |
| 443 | |
| 444 | Solicit translations. |
| 445 | |
| 446 | Does anyone care? |
| 447 | |
| 448 | rsyncsh |
| 449 | |
| 450 | Write a small emulation of interactive ftp as a Pythonn program |
| 451 | that calls rsync. Commands such as "cd", "ls", "ls *.c" etc map |
| 452 | fairly directly into rsync commands: it just needs to remember the |
| 453 | current host, directory and so on. We can probably even do |
| 454 | completion of remote filenames. |