3 BUGS ---------------------------------------------------------------
5 rsync-url barfs on upload
7 rsync foo rsync://localhost/transfer/
12 There seems to be a bug with hardlinks
14 mbp/2 build$ ls -l /tmp/a /tmp/b -i
17 2568307 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a1
18 2568307 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a2
19 2568307 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a3
20 2568310 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 a4
21 2568310 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 a5
22 2568310 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b1
23 2568310 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b2
24 2568310 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b3
28 2568309 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a1
29 2568309 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a2
30 2568309 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a3
31 2568311 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 a4
32 2568311 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 a5
33 2568311 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b1
34 2568311 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b2
35 2568311 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b3
36 mbp/2 build$ rm -r /tmp/b && ./rsync -avH /tmp/a/ /tmp/b
37 building file list ... done
38 created directory /tmp/b
44 wrote 350 bytes read 52 bytes 804.00 bytes/sec
45 total size is 232 speedup is 0.58
46 mbp/2 build$ rm -r /tmp/b
47 mbp/2 build$ ls -l /tmp/b
48 ls: /tmp/b: No such file or directory
49 mbp/2 build$ rm -r /tmp/b && ./rsync -avH /tmp/a/ /tmp/b
50 rm: cannot remove `/tmp/b': No such file or directory
51 mbp/2 build$ rm -f -r /tmp/b && ./rsync -avH /tmp/a/ /tmp/b
52 building file list ... done
53 created directory /tmp/b
59 wrote 350 bytes read 52 bytes 804.00 bytes/sec
60 total size is 232 speedup is 0.58
61 mbp/2 build$ ls -l /tmp/b
63 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a1
64 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a2
65 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a3
66 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 a4
67 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 a5
68 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b1
69 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b2
70 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b3
71 mbp/2 build$ ls -l /tmp/a
73 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a1
74 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a2
75 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a3
76 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 a4
77 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 a5
78 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b1
79 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b2
80 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b3
83 Progress indicator can produce corrupt output when transferring directories:
86 main/binary-arm/admin/
88 main/binary-arm/comm/8.56kB/s 0:00:52
89 main/binary-arm/devel/
91 main/binary-arm/editors/
92 main/binary-arm/electronics/s 0:00:53
93 main/binary-arm/games/
94 main/binary-arm/graphics/
95 main/binary-arm/hamradio/
96 main/binary-arm/interpreters/
97 main/binary-arm/libs/6.61kB/s 0:00:54
100 main/binary-arm/misc/
104 I don't think we handle this properly on systems that don't have the
105 call. Are there any such?
109 Part of the regression suite should be making sure that we don't
110 break backwards compatibility: old clients vs new servers and so
111 on. Ideally we would test the cross product of versions.
113 It might be sufficient to test downloads from well-known public
114 rsync servers running different versions of rsync. This will give
115 some testing and also be the most common case for having different
116 versions and not being able to upgrade.
118 --no-blocking-io might be broken
120 in the same way as --no-whole-file; somebody needs to check.
122 Do not rely on having a group called "nobody"
124 http://www.linuxbase.org/spec/refspecs/LSB_1.1.0/gLSB/usernames.html
126 On Debian it's "nogroup"
128 Temporary file names can exceed max name length
130 Rsync creates temporary file names that are 10 characters longer
131 than the length of the file being transferred. This creates
132 problems for operating systems have fairly short maximum lengths
133 (e.g., 32 characters for Stratus VOS). Even on operating systems
134 with long max lengths it can still be a problem as it is perfectly
135 reasonable to be using files with long names.
138 DAEMON --------------------------------------------------------------
140 server-imposed bandwidth limits
144 There are already some patches to do this.
146 BitKeeper uses a server whose login shell is set to bkd. That's
147 probably a reasonable approach.
150 FEATURES ------------------------------------------------------------
155 Mark Santcroos points out that -n fails to list files which have
156 only metadata changes, though it probably should.
158 There may be a Debian bug about this as well.
163 If the platform doesn't support it, then don't even try.
165 If running as non-root, then don't fail, just give a warning.
166 (There was a thread about this a while ago?)
168 http://lists.samba.org/pipermail/rsync/2001-August/thread.html
169 http://lists.samba.org/pipermail/rsync/2001-September/thread.html
174 Avoids traversal. Better option than a pile of --include statements
175 for people who want to generate the file list using a find(1)
181 Perhaps allow supplementary groups to be specified in rsyncd.conf;
182 then make the first one the primary gid and all the rest be
186 File list structure in memory
188 Rather than one big array, perhaps have a tree in memory mirroring
191 This might make sorting much faster! (I'm not sure it's a big CPU
194 It might also reduce memory use in storing repeated directory names
195 -- again I'm not sure this is a problem.
199 Traverse just one directory at a time. Tridge says it's possible.
201 At the moment rsync reads the whole file list into memory at the
202 start, which makes us use a lot of memory and also not pipeline
203 network access as much as we could.
206 Handling duplicate names
208 We need to be careful of duplicate names getting into the file list.
209 See clean_flist(). This could happen if multiple arguments include
212 I think duplicates are only a problem if they're both flowing
213 through the pipeline at the same time. For example we might have
214 updated the first occurrence after reading the checksums for the
215 second. So possibly we just need to make sure that we don't have
216 both in the pipeline at the same time.
218 Possibly if we did one directory at a time that would be sufficient.
220 Alternatively we could pre-process the arguments to make sure no
221 duplicates will ever be inserted. There could be some bad cases
222 when we're collapsing symlinks.
224 We could have a hash table.
226 The root of the problem is that we do not want more than one file
227 list entry referring to the same file. At first glance there are
228 several ways this could happen: symlinks, hardlinks, and repeated
229 names on the command line.
231 If names are repeated on the command line, they may be present in
232 different forms, perhaps by traversing directory paths in different
233 ways, traversing paths including symlinks. Also we need to allow
234 for expansion of globs by rsync.
236 At the moment, clean_flist() requires having the entire file list in
237 memory. Duplicate names are detected just by a string comparison.
239 We don't need to worry about hard links causing duplicates because
240 files are never updated in place. Similarly for symlinks.
242 I think even if we're using a different symlink mode we don't need
245 Unless we're really clever this will introduce a protocol
246 incompatibility, so we need to be able to accept the old format as
252 At exit, show how much memory was used for the file list, etc.
254 Also we do a wierd exponential-growth allocation in flist.c. I'm
255 not sure this makes sense with modern mallocs. At any rate it will
256 make us allocate a huge amount of memory for large file lists.
261 At the moment hardlink handling is very expensive, so it's off by
262 default. It does not need to be so.
264 Since most of the solutions are rather intertwined with the file
265 list it is probably better to fix that first, although fixing
266 hardlinks is possibly simpler.
268 We can rule out hardlinked directories since they will probably
269 screw us up in all kinds of ways. They simply should not be used.
271 At the moment rsync only cares about hardlinks to regular files. I
272 guess you could also use them for sockets, devices and other beasts,
273 but I have not seen them.
275 When trying to reproduce hard links, we only need to worry about
276 files that have more than one name (nlinks>1 && !S_ISDIR).
278 The basic point of this is to discover alternate names that refer to
279 the same file. All operations, including creating the file and
280 writing modifications to it need only to be done for the first name.
281 For all later names, we just create the link and then leave it
284 If hard links are to be preserved:
286 Before the generator/receiver fork, the list of files is received
287 from the sender (recv_file_list), and a table for detecting hard
290 The generator looks for hard links within the file list and does
291 not send checksums for them, though it does send other metadata.
293 The sender sends the device number and inode with file entries, so
294 that files are uniquely identified.
296 The receiver goes through and creates hard links (do_hard_links)
297 after all data has been written, but before directory permissions
300 At the moment device and inum are sent as 4-byte integers, which
301 will probably cause problems on large filesystems. On Linux the
302 kernel uses 64-bit ino_t's internally, and people will soon have
303 filesystems big enough to use them. We ought to follow NFS4 in
304 using 64-bit device and inode identification, perhaps with a
305 protocol version bump.
307 Once we've seen all the names for a particular file, we no longer
308 need to think about it and we can deallocate the memory.
310 We can also have the case where there are links to a file that are
311 not in the tree being transferred. There's nothing we can do about
312 that. Because we rename the destination into place after writing,
313 any hardlinks to the old file are always going to be orphaned. In
314 fact that is almost necessary because otherwise we'd get really
315 confused if we were generating checksums for one name of a file and
318 At the moment the code seems to make a whole second copy of the file
319 list, which seems unnecessary.
321 We should have a test case that exercises hard links. Since it
322 might be hard to compare ./tls output where the inodes change we
323 might need a little program to check whether several names refer to
328 Handling IPv6 on old machines
330 The KAME IPv6 patch is nice in theory but has proved a bit of a
331 nightmare in practice. The basic idea of their patch is that rsync
332 is rewritten to use the new getaddrinfo()/getnameinfo() interface,
333 rather than gethostbyname()/gethostbyaddr() as in rsync 2.4.6.
334 Systems that don't have the new interface are handled by providing
335 our own implementation in lib/, which is selectively linked in.
337 The problem with this is that it is really hard to get right on
338 platforms that have a half-working implementation, so redefining
339 these functions clashes with system headers, and leaving them out
340 breaks. This affects at least OSF/1, RedHat 5, and Cobalt, which
341 are moderately improtant.
343 Perhaps the simplest solution would be to have two different files
344 implementing the same interface, and choose either the new or the
345 old API. This is probably necessary for systems that e.g. have
346 IPv6, but gethostbyaddr() can't handle it. The Linux manpage claims
347 this is currently the case.
349 In fact, our internal sockets interface (things like
350 open_socket_out(), etc) is much narrower than the getaddrinfo()
351 interface, and so probably simpler to get right. In addition, the
352 old code is known to work well on old machines.
354 We could drop the rather large lib/getaddrinfo files.
359 Implement suggestions from http://www.kame.net/newsletter/19980604/
360 and ftp://ftp.iij.ad.jp/pub/RFC/rfc2553.txt
362 If a host has multiple addresses, then listen try to connect to all
363 in order until we get through. (getaddrinfo may return multiple
364 addresses.) This is kind of implemented already.
366 Possibly also when starting as a server we may need to listen on
367 multiple passive addresses. This might be a bit harder, because we
368 may need to select on all of them. Hm.
370 Define a syntax for IPv6 literal addresses. Since they include
371 colons, they tend to break most naming systems, including ours.
372 Based on the HTTP IPv6 syntax, I think we should use
374 rsync://[::1]/foo/bar [::1]::bar
376 which should just take a small change to the parser code.
381 If we hang or get SIGINT, then explain where we were up to. Perhaps
382 have a static buffer that contains the current function name, or
383 some kind of description of what we were trying to do. This is a
384 little easier on people than needing to run strace/truss.
386 "The dungeon collapses! You are killed." Rather than "unexpected
387 eof" give a message that is more detailed if possible and also more
390 If we get an error writing to a socket, then we should perhaps
391 continue trying to read to see if an error message comes across
392 explaining why the socket is closed. I'm not sure if this would
393 work, but it would certainly make our messages more helpful.
395 What happens if a directory is missing -x attributes. Do we lose
396 our load? (Debian #28416) Probably fixed now, but a test case would
402 Device major/minor numbers should be at least 32 bits each. See
403 http://lists.samba.org/pipermail/rsync/2001-November/005357.html
405 Transfer ACLs. Need to think of a standard representation.
406 Probably better not to even try to convert between NT and POSIX.
407 Possibly can share some code with Samba.
411 With the current common --include '*/' --exclude '*' pattern, people
412 can end up with many empty directories. We might avoid this by
413 lazily creating such directories.
418 Perhaps don't use our own zlib.
422 - will automatically be up to date with bugfixes in zlib
424 - can leave it out for small rsync on e.g. recovery disks
426 - can use a shared library
428 - avoids people breaking rsync by trying to do this themselves and
431 Should we ship zlib for systems that don't have it, or require
432 people to install it separately?
434 Apparently this will make us incompatible with versions of rsync
435 that use the patched version of rsync. Probably the simplest way to
436 do this is to just disable gzip (with a warning) when talking to old
442 Perhaps flush stdout after each filename, so that people trying to
443 monitor progress in a log file can do so more easily. See
444 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=48108
446 At the connections that just get a list of modules are not logged,
449 If a child of the rsync daemon dies with a signal, we should notice
450 that when we reap it and log a message.
452 Keep stderr and stdout properly separated (Debian #23626)
454 After we get the @RSYNCD greeting from the server, we know it's
455 version but we have not yet sent the command line, so we could just
456 remove the -z option if the server is too old.
458 For ssh invocation it's not so simple, because we actually use the
459 command line to start the remote process. However, we only actually
460 do compression in token.c, and we could therefore once we discover
461 the remote version emit an error if it's too old. I'm not sure if
462 that's a good tradeoff or not.
467 Allow RSYNC_PROXY to be http://user:pass@proxy.foo:3128/, and do
468 HTTP Basic Proxy-Authentication.
470 Multiple schemes are possible, up to and including the insanity that
471 is NTLM, but Basic probably covers most cases.
475 Add --with-socks, and then perhaps a command-line option to put them
476 on or off. This might be more reliable than LD_PRELOAD hacks.
480 rsync to a FAT partition on a Unix machine doesn't work very well at
481 the moment. I think we get errors about invalid filenames and
482 perhaps also trying to do atomic renames.
484 I guess the code to do this is currently #ifdef'd on Windows;
485 perhaps we ought to intelligently fall back to it on Unix too.
490 <Rasmus> mbp: hey, how about an rsync option that just gives you the
491 summary without the list of files? And perhaps gives more
492 information like the number of new files, number of changed,
493 deleted, etc. ? <mbp> Rasmus: nice idea <mbp> there is --stats
494 <mbp> but at the moment it's very tridge-oriented <mbp> rather than
495 user-friendly <mbp> it would be nice to improve it <mbp> that would
496 also work well with --dryrun
500 Rather than storing the file list in memory, store it in a TDB.
502 This *might* make memory usage lower while building the file list.
504 Hashtable lookup will mean files are not transmitted in order,
507 This would neatly eliminate one of the major post-fork shared data
513 On 12 Mar 2002, Dave Dykstra <dwd@bell-labs.com> wrote: > If we
514 would add an option to do that functionality, I would vote for one >
515 that was more general which could mask off any set of permission bits
516 and > possibly add any set of bits. Perhaps a chmod-like syntax if it
517 could be > implemented simply.
519 I think that would be good too. For example, people uploading files
520 to a web server might like to say
522 rsync -avzP --chmod a+rX ./ sourcefrog.net:/home/www/sourcefrog/
524 Ideally the patch would implement as many of the gnu chmod semantics
525 as possible. I think the mode parser should be a separate function
526 that passes back something like (mask,set) description to the rest
527 of the program. For bonus points there would be a test case for the
530 Possibly also --chown
537 Allow people to specify the diff command. (Might want to use wdiff,
540 Just diff the temporary file with the destination file, and delete
541 the tmp file rather than moving it into place.
543 Interaction with --partial.
545 Security interactions with daemon mode?
547 (Suggestion from david.e.sewell)
550 Incorrect timestamps (Debian #100295)
552 A bit hard to believe, but apparently it happens.
555 Check "refuse options works"
557 We need a test case for this...
559 Was this broken when we changed to popt?
562 PERFORMANCE ----------------------------------------------------------
566 If we're doing a local transfer, or using -W, then perhaps don't
567 send the file checksum. If we're doing a local transfer, then
568 calculating MD4 checksums uses 90% of CPU and is unlikely to be
571 Indeed for transfers over zlib or ssh we can also rely on the
572 transport to have quite strong protection against corruption.
574 Perhaps we should have an option to disable this, analogous to
575 --whole-file, although it would default to disabled. The file
576 checksum takes up a definite space in the protocol -- we can either
577 set it to 0, or perhaps just leave it out.
581 Perhaps borrow an assembler MD4 from someone?
583 Make sure we call MD4 with properly-sized blocks whenever possible
584 to avoid copying into the residue region?
588 Test whether this is actually faster than just using malloc(). If
589 it's not (anymore), throw it out.
592 PLATFORMS ------------------------------------------------------------
596 Don't detach, because this messes up --srvany.
598 http://sources.redhat.com/ml/cygwin/2001-08/msg00234.html
601 DEVELOPMENT ----------------------------------------------------------
605 Build rsync with SPLINT to try to find security holes. Add
606 annotations as necessary. Keep track of the number of warnings
607 found initially, and see how many of them are real bugs, or real
608 security bugs. Knowing the percentage of likely hits would be
609 really interesting for other projects.
613 Something that just keeps running rsync continuously over a data set
614 likely to generate problems.
618 Run current rsync versions against significant past releases.
622 jra recommends Valgrind:
624 http://devel-home.kde.org/~sewardj/
630 Build tar file; upload
632 Send announcement to mailing list and c.o.l.a.
634 Make freshmeat announcement
640 TESTING --------------------------------------------------------------
644 Part of the regression suite should be making sure that we don't
645 break backwards compatibility: old clients vs new servers and so on.
646 Ideally we would test both up and down from the current release to
649 We might need to omit broken old versions, or versions in which
650 particular functionality is broken
652 It might be sufficient to test downloads from well-known public
653 rsync servers running different versions of rsync. This will give
654 some testing and also be the most common case for having different
655 versions and not being able to upgrade.
658 Test on kernel source
660 Download all versions of kernel; unpack, sync between them. Also
661 sync between uncompressed tarballs. Compare directories after
664 Use local mode; ssh; daemon; --whole-file and --no-whole-file.
666 Use awk to pull out the 'speedup' number for each transfer. Make
672 Sparse and non-sparse
676 Insert bytes, delete bytes, swap blocks, ...
678 configure option to enable dangerous tests
680 If tests are skipped, say why.
682 Test daemon feature to disallow particular options.
684 Pipe program that makes slow/jerky connections.
686 Versions of read() and write() that corrupt the stream, or abruptly
689 Separate makefile target to run rough tests -- or perhaps just run
692 Test "refuse options" works
694 What about for --recursive?
696 If you specify an unrecognized option here, you should get an error.
699 DOCUMENTATION --------------------------------------------------------
703 Keep list of open issues and todos on the web site
705 Update web site from CVS
708 Perhaps redo manual as SGML
710 The man page is getting rather large, and there is more information
711 that ought to be added.
713 TexInfo source is probably a dying format.
715 Linuxdoc looks like the most likely contender. I know DocBook is
716 favoured by some people, but it's so bloody verbose, even with emacs
720 BUILD FARM -----------------------------------------------------------
724 Cygwin (on different versions of Win32?)
726 HP-UX variants (via HP?)
731 LOGGING --------------------------------------------------------------
733 Perhaps flush stdout after each filename, so that people trying to
734 monitor progress in a log file can do so more easily. See
735 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=48108
737 At the connections that just get a list of modules are not logged,
740 If a child of the rsync daemon dies with a signal, we should notice
741 that when we reap it and log a message.
743 Keep stderr and stdout properly separated (Debian #23626)
745 Use a separate function for reporting errors; prefix it with
746 "rsync:" or "rsync(remote)", or perhaps even "rsync(local
751 Indicate whether files are new, updated, or deleted
753 At end of transfer, show how many files were or were not transferred
758 Explain *why* every file is transferred or not (e.g. "local mtime
759 123123 newer than 1283198")
764 Add an rsyncd.conf parameter to turn on debugging on the server.
768 NICE -----------------------------------------------------------------
770 --no-detach and --no-fork options
772 Very useful for debugging. Also good when running under a
773 daemon-monitoring process that tries to restart the service when the
776 hang/timeout friendliness
780 Change to using gettext(). Probably need to ship this for platforms
783 Solicit translations.
785 Does anyone care? Before we bother modifying the code, we ought to
786 get the manual translated first, because that's possibly more useful
787 and at any rate demonstrates desire.
791 Write a small emulation of interactive ftp as a Pythonn program
792 that calls rsync. Commands such as "cd", "ls", "ls *.c" etc map
793 fairly directly into rsync commands: it just needs to remember the
794 current host, directory and so on. We can probably even do
795 completion of remote filenames.
798 RELATED PROJECTS -----------------------------------------------------
800 http://rsync.samba.org/rsync-and-debian/
804 Exhaustive, tortuous testing
808 rsyncsplit as alternative to real integration with gzip?
810 reverse rsync over HTTP Range
812 Goswin Brederlow suggested this on Debian; I think tridge and I
813 talked about it previous in relation to rproxy.