Source code for ZODB.FileStorage.FileStorage

##############################################################################
#
# Copyright (c) 2001, 2002 Zope Foundation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""Storage implementation using a log written to a single file.
"""

import binascii
import contextlib
import errno
import logging
import os
import time
from base64 import decodebytes
from base64 import encodebytes
from struct import pack
from struct import unpack

from persistent.TimeStamp import TimeStamp
from zc.lockfile import LockFile
from zope.interface import alsoProvides
from zope.interface import implementer

from ZODB._compat import FILESTORAGE_MAGIC
from ZODB._compat import Pickler
from ZODB._compat import _protocol
from ZODB._compat import loads
from ZODB.BaseStorage import BaseStorage
from ZODB.BaseStorage import DataRecord as _DataRecord
from ZODB.BaseStorage import TransactionRecord as _TransactionRecord
from ZODB.blob import BlobStorageMixin
from ZODB.blob import link_or_copy
from ZODB.blob import remove_committed
from ZODB.blob import remove_committed_dir
from ZODB.ConflictResolution import ConflictResolvingStorage
from ZODB.FileStorage.format import DATA_HDR
from ZODB.FileStorage.format import DATA_HDR_LEN
from ZODB.FileStorage.format import TRANS_HDR
from ZODB.FileStorage.format import TRANS_HDR_LEN
from ZODB.FileStorage.format import CorruptedDataError
from ZODB.FileStorage.format import CorruptedError
from ZODB.FileStorage.format import DataHeader
from ZODB.FileStorage.format import FileStorageFormatter
from ZODB.FileStorage.format import TxnHeader
from ZODB.FileStorage.fspack import FileStoragePacker
from ZODB.fsIndex import fsIndex
from ZODB.interfaces import IBlobStorageRestoreable
from ZODB.interfaces import IExternalGC
from ZODB.interfaces import IStorage
from ZODB.interfaces import IStorageCurrentRecordIteration
from ZODB.interfaces import IStorageIteration
from ZODB.interfaces import IStorageRestoreable
from ZODB.interfaces import IStorageUndoable
from ZODB.POSException import ConflictError
from ZODB.POSException import MultipleUndoErrors
from ZODB.POSException import POSKeyError
from ZODB.POSException import ReadOnlyError
from ZODB.POSException import StorageError
from ZODB.POSException import StorageSystemError
from ZODB.POSException import StorageTransactionError
from ZODB.POSException import UndoError
from ZODB.utils import as_bytes
from ZODB.utils import as_text
from ZODB.utils import cp
from ZODB.utils import load_current
from ZODB.utils import mktemp
from ZODB.utils import p64
from ZODB.utils import u64
from ZODB.utils import z64

from .. import utils


# Not all platforms have fsync
fsync = getattr(os, "fsync", None)

packed_version = FILESTORAGE_MAGIC

logger = logging.getLogger('ZODB.FileStorage')


def panic(message, *data):
    logger.critical(message, *data)
    raise CorruptedTransactionError(message % data)


class FileStorageError(StorageError):
    pass


class PackError(FileStorageError):
    pass


class FileStorageFormatError(FileStorageError):
    """Invalid file format

    The format of the given file is not valid.
    """


class CorruptedFileStorageError(FileStorageError,
                                StorageSystemError):
    """Corrupted file storage."""


class CorruptedTransactionError(CorruptedFileStorageError):
    pass


class FileStorageQuotaError(FileStorageError,
                            StorageSystemError):
    """File storage quota exceeded."""

# Intended to be raised only in fspack.py, and ignored here.


class RedundantPackWarning(FileStorageError):
    pass


class TempFormatter(FileStorageFormatter):
    """Helper class used to read formatted FileStorage data."""

    def __init__(self, afile):
        self._file = afile


[docs]@implementer( IStorageRestoreable, IStorageIteration, IStorageUndoable, IStorageCurrentRecordIteration, IExternalGC, IStorage, ) class FileStorage( FileStorageFormatter, BlobStorageMixin, ConflictResolvingStorage, BaseStorage, ): """Storage that saves data in a file """ # Set True while a pack is in progress; undo is blocked for the duration. _pack_is_in_progress = False
[docs] def __init__(self, file_name, create=False, read_only=False, stop=None, quota=None, pack_gc=True, pack_keep_old=True, packer=None, blob_dir=None): """Create a file storage :param str file_name: Path to store data file :param bool create: Flag indicating whether a file should be created even if it already exists. :param bool read_only: Flag indicating whether the file is read only. Only one process is able to open the file non-read-only. :param bytes stop: Time-travel transaction id When the file is opened, data will be read up to the given transaction id. Transaction ids correspond to times and you can compute transaction ids for a given time using :class:`~ZODB.TimeStamp.TimeStamp`. :param int quota: File-size quota :param bool pack_gc: Flag indicating whether garbage collection should be performed when packing. :param bool pack_keep_old: flag indicating whether old data files should be retained after packing as a ``.old`` file. :param callable packer: An alternative :interface:`packer <ZODB.FileStorage.interfaces.IFileStoragePacker>`. :param str blob_dir: A blob-directory path name. Blobs will be supported if this option is provided. A file storage stores data in a single file that behaves like a traditional transaction log. New data records are appended to the end of the file. Periodically, the file is packed to free up space. When this is done, current records as of the pack time or later are copied to a new file, which replaces the old file. FileStorages keep in-memory indexes mapping object oids to the location of their current records in the file. Back pointers to previous records allow access to non-current records from the current records. In addition to the data file, some ancillary files are created. These can be lost without affecting data integrity, however losing the index file may cause extremely slow startup. Each has a name that's a concatenation of the original file and a suffix. The files are listed below by suffix: .index Snapshot of the in-memory index. This are created on shutdown, packing, and after rebuilding an index when one was not found. For large databases, creating a file-storage object without an index file can take very long because it's necessary to scan the data file to build the index. .lock A lock file preventing multiple processes from opening a file storage on non-read-only mode. .tmp A file used to store data being committed in the first phase of 2-phase commit .index_tmp A temporary file used when saving the in-memory index to avoid overwriting an existing index until a new index has been fully saved. .pack A temporary file written while packing containing current records as of and after the pack time. .old The previous database file after a pack. When the database is packed, current records as of the pack time and later are written to the ``.pack`` file. At the end of packing, the ``.old`` file is removed, if it exists, and the data file is renamed to the ``.old`` file and finally the ``.pack`` file is rewritten to the data file. """ # noqa: E501 line too long if read_only: self._is_read_only = True if create: raise ValueError("can't create a read-only file") elif stop is not None: raise ValueError("time-travel only supported in read-only mode") if stop is None: stop = b'\377'*8 # Lock the database and set up the temp file. if not read_only: # Create the lock file self._lock_file = LockFile(file_name + '.lock') self._tfile = open(file_name + '.tmp', 'w+b') self._tfmt = TempFormatter(self._tfile) else: self._tfile = None self._file_name = os.path.abspath(file_name) self._pack_gc = pack_gc self.pack_keep_old = pack_keep_old if packer is not None: self.packer = packer BaseStorage.__init__(self, file_name) index, tindex = self._newIndexes() self._initIndex(index, tindex) # Now open the file self._file = None if not create: try: self._file = open(file_name, read_only and 'rb' or 'r+b') except OSError as exc: if exc.errno == errno.EFBIG: # The file is too big to open. Fail visibly. raise if read_only: # When open request is read-only we do not want to create # the file raise if exc.errno == errno.ENOENT: # The file doesn't exist. Create it. create = 1 # If something else went wrong, it's hard to guess # what the problem was. If the file does not exist, # create it. Otherwise, fail. if os.path.exists(file_name): raise else: create = 1 if self._file is None and create: if os.path.exists(file_name): os.remove(file_name) self._file = open(file_name, 'w+b') self._file.write(packed_version) self._files = FilePool(self._file_name) r = self._restore_index() if r is not None: self._used_index = 1 # Marker for testing index, start, ltid = r self._initIndex(index, tindex) self._pos, self._oid, tid = read_index( self._file, file_name, index, tindex, stop, ltid=ltid, start=start, read_only=read_only, ) else: self._used_index = 0 # Marker for testing self._pos, self._oid, tid = read_index( self._file, file_name, index, tindex, stop, read_only=read_only, ) self._save_index() self._ltid = tid # self._pos should always point just past the last # transaction. During 2PC, data is written after _pos. # invariant is restored at tpc_abort() or tpc_finish(). self._ts = tid = TimeStamp(tid) t = time.time() t = TimeStamp(*time.gmtime(t)[:5] + (t % 60,)) if tid > t: seconds = tid.timeTime() - t.timeTime() complainer = logger.warning if seconds > 30 * 60: # 30 minutes -- way screwed up complainer = logger.critical complainer("%s Database records %d seconds in the future", file_name, seconds) self._quota = quota if blob_dir: self.blob_dir = os.path.abspath(blob_dir) if create and os.path.exists(self.blob_dir): remove_committed_dir(self.blob_dir) self._blob_init(blob_dir) alsoProvides(self, IBlobStorageRestoreable) else: self.blob_dir = None self._blob_init_no_blobs()
def copyTransactionsFrom(self, other): if self.blob_dir: return BlobStorageMixin.copyTransactionsFrom(self, other) else: return BaseStorage.copyTransactionsFrom(self, other) def _initIndex(self, index, tindex): self._index = index self._tindex = tindex self._index_get = index.get def __len__(self): return len(self._index) def _newIndexes(self): # hook to use something other than builtin dict return fsIndex(), {} _saved = 0 def _save_index(self): """Write the database index to a file to support quick startup.""" if self._is_read_only: return index_name = self.__name__ + '.index' tmp_name = index_name + '.index_tmp' self._index.save(self._pos, tmp_name) try: try: os.remove(index_name) except OSError: pass os.rename(tmp_name, index_name) except: # noqa: E722 do not use bare 'except' pass self._saved += 1 def _clear_index(self): index_name = self.__name__ + '.index' if os.path.exists(index_name): try: os.remove(index_name) except OSError: pass def _sane(self, index, pos): """Sanity check saved index data by reading the last undone trans Basically, we read the last not undone transaction and check to see that the included records are consistent with the index. Any invalid record records or inconsistent object positions cause zero to be returned. """ r = self._check_sanity(index, pos) if not r: logger.warning("Ignoring index for %s", self._file_name) return r def _check_sanity(self, index, pos): if pos < 100: return 0 # insane self._file.seek(0, 2) if self._file.tell() < pos: return 0 # insane ltid = None max_checked = 5 checked = 0 while checked < max_checked: self._file.seek(pos - 8) rstl = self._file.read(8) tl = u64(rstl) pos = pos - tl - 8 if pos < 4: return 0 # insane h = self._read_txn_header(pos) if not ltid: ltid = h.tid if h.tlen != tl: return 0 # inconsistent lengths if h.status == 'u': continue # undone trans, search back if h.status not in ' p': return 0 # insane if tl < h.headerlen(): return 0 # insane tend = pos + tl opos = pos + h.headerlen() if opos == tend: continue # empty trans while opos < tend and checked < max_checked: # Read the data records for this transaction h = self._read_data_header(opos) if opos + h.recordlen() > tend or h.tloc != pos: return 0 if index.get(h.oid, 0) != opos: return 0 # insane checked += 1 opos = opos + h.recordlen() return ltid def _restore_index(self): """Load database index to support quick startup.""" # Returns (index, pos, tid), or None in case of error. # The index returned is always an instance of fsIndex. If the # index cached in the file is a Python dict, it's converted to # fsIndex here, and, if we're not in read-only mode, the .index # file is rewritten with the converted fsIndex so we don't need to # convert it again the next time. file_name = self.__name__ index_name = file_name+'.index' if os.path.exists(index_name): try: info = fsIndex.load(index_name) except: # noqa: E722 do not use bare 'except' logger.exception('loading index') return None else: return None index = info.get('index') pos = info.get('pos') if index is None or pos is None: return None pos = int(pos) if (isinstance(index, dict) or (isinstance(index, fsIndex) and isinstance(index._data, dict))): # Convert dictionary indexes to fsIndexes *or* convert fsIndexes # which have a dict `_data` attribute to a new fsIndex (newer # fsIndexes have an OOBTree as `_data`). newindex = fsIndex() newindex.update(index) index = newindex if not self._is_read_only: # Save the converted index. f = open(index_name, 'wb') p = Pickler(f, _protocol) info['index'] = index p.dump(info) f.close() # Now call this method again to get the new data. return self._restore_index() tid = self._sane(index, pos) if not tid: return None return index, pos, tid def close(self): self._file.close() self._files.close() if hasattr(self, '_lock_file'): self._lock_file.close() if self._tfile: self._tfile.close() try: self._save_index() except: # noqa: E722 do not use bare 'except' # Log the error and continue logger.exception("Error saving index on close()") def getSize(self): return self._pos def _lookup_pos(self, oid): try: return self._index[oid] except KeyError: raise POSKeyError(oid) except TypeError: raise TypeError("invalid oid {!r}".format(oid)) def load(self, oid, version=''): """Return pickle data and serial number.""" assert not version with self._files.get() as _file: pos = self._lookup_pos(oid) h = self._read_data_header(pos, oid, _file) if h.plen: data = _file.read(h.plen) return data, h.tid elif h.back: # Get the data from the backpointer, but tid from # current txn. data = self._loadBack_impl(oid, h.back, _file=_file)[0] return data, h.tid else: raise POSKeyError(oid) def loadSerial(self, oid, serial): with self._lock: pos = self._lookup_pos(oid) while 1: h = self._read_data_header(pos, oid) if h.tid == serial: break pos = h.prev if h.tid < serial or not pos: raise POSKeyError(oid) if h.plen: return self._file.read(h.plen) else: return self._loadBack_impl(oid, h.back)[0] def loadBefore(self, oid, tid): with self._files.get() as _file: pos = self._lookup_pos(oid) end_tid = None while True: h = self._read_data_header(pos, oid, _file) if h.tid < tid: break pos = h.prev end_tid = h.tid if not pos: return None if h.plen: return _file.read(h.plen), h.tid, end_tid elif h.back: data, _, _, _ = self._loadBack_impl(oid, h.back, _file=_file) return data, h.tid, end_tid else: raise POSKeyError(oid) def store(self, oid, oldserial, data, version, transaction): if self._is_read_only: raise ReadOnlyError() if transaction is not self._transaction: raise StorageTransactionError(self, transaction) assert not version with self._lock: if oid > self._oid: self.set_max_oid(oid) old = self._index_get(oid, 0) committed_tid = None if old: h = self._read_data_header(old, oid) committed_tid = h.tid if oldserial != committed_tid: data = self.tryToResolveConflict(oid, committed_tid, oldserial, data) self._resolved.append(oid) pos = self._pos here = pos + self._tfile.tell() + self._thl self._tindex[oid] = here new = DataHeader(oid, self._tid, old, pos, 0, len(data)) self._tfile.write(new.asString()) self._tfile.write(data) # Check quota if self._quota is not None and here > self._quota: raise FileStorageQuotaError( "The storage quota has been exceeded.") def deleteObject(self, oid, oldserial, transaction): if self._is_read_only: raise ReadOnlyError() if transaction is not self._transaction: raise StorageTransactionError(self, transaction) with self._lock: old = self._index_get(oid, 0) if not old: raise POSKeyError(oid) h = self._read_data_header(old, oid) committed_tid = h.tid if oldserial != committed_tid: raise ConflictError( oid=oid, serials=(committed_tid, oldserial)) pos = self._pos here = pos + self._tfile.tell() + self._thl self._tindex[oid] = here new = DataHeader(oid, self._tid, old, pos, 0, 0) self._tfile.write(new.asString()) self._tfile.write(z64) # Check quota if self._quota is not None and here > self._quota: raise FileStorageQuotaError( "The storage quota has been exceeded.") def _data_find(self, tpos, oid, data): # Return backpointer for oid. Must call with the lock held. # This is a file offset to oid's data record if found, else 0. # The data records in the transaction at tpos are searched for oid. # If a data record for oid isn't found, returns 0. # Else if oid's data record contains a backpointer, that # backpointer is returned. # Else oid's data record contains the data, and the file offset of # oid's data record is returned. This data record should contain # a pickle identical to the 'data' argument. # When looking for oid's data record we scan all data records in # the transaction till the end looking for the latest record with oid, # even if there are multiple such records. This matches load behaviour # which uses the data record created by last store. # Unclear: If the length of the stored data doesn't match len(data), # an exception is raised. If the lengths match but the data isn't # the same, 0 is returned. Why the discrepancy? self._file.seek(tpos) h = self._file.read(TRANS_HDR_LEN) tid, tl, status, ul, dl, el = unpack(TRANS_HDR, h) status = as_text(status) self._file.read(ul + dl + el) tend = tpos + tl pos = self._file.tell() data_hdr = None data_pos = 0 # scan all data records in this transaction looking for the latest # record with our oid while pos < tend: h = self._read_data_header(pos) if h.oid == oid: data_hdr = h data_pos = pos pos += h.recordlen() self._file.seek(pos) if data_hdr is None: return 0 # return position of found data record, but make sure this looks like # the right data record to return. if data_hdr.plen == 0: # This is also a backpointer, Gotta trust it. return data_pos else: if data_hdr.plen != len(data): # The expected data doesn't match what's in the # backpointer. Something is wrong. logger.error("Mismatch between data and" " backpointer at %d", pos) return 0 _data = self._file.read(data_hdr.plen) if data != _data: return 0 return data_pos def restore(self, oid, serial, data, version, prev_txn, transaction): # A lot like store() but without all the consistency checks. This # should only be used when we /know/ the data is good, hence the # method name. While the signature looks like store() there are some # differences: # # - serial is the serial number of /this/ revision, not of the # previous revision. It is used instead of self._tid, which is # ignored. # # - Nothing is returned # # - data can be None, which indicates a George Bailey object # (i.e. one who's creation has been transactionally undone). # # prev_txn is a backpointer. In the original database, it's possible # that the data was actually living in a previous transaction. This # can happen for transactional undo and other operations, and is used # as a space saving optimization. Under some circumstances the # prev_txn may not actually exist in the target database (i.e. self) # for example, if it's been packed away. In that case, the prev_txn # should be considered just a hint, and is ignored if the transaction # doesn't exist. if self._is_read_only: raise ReadOnlyError() if transaction is not self._transaction: raise StorageTransactionError(self, transaction) if version: raise TypeError("Versions are no-longer supported") with self._lock: if oid > self._oid: self.set_max_oid(oid) prev_pos = 0 if prev_txn is not None: prev_txn_pos = self._txn_find(prev_txn, 0) if prev_txn_pos: prev_pos = self._data_find(prev_txn_pos, oid, data) old = self._index_get(oid, 0) # Calculate the file position in the temporary file here = self._pos + self._tfile.tell() + self._thl # And update the temp file index self._tindex[oid] = here if prev_pos: # If there is a valid prev_pos, don't write data. data = None if data is None: dlen = 0 else: dlen = len(data) # Write the recovery data record new = DataHeader(oid, serial, old, self._pos, 0, dlen) self._tfile.write(new.asString()) # Finally, write the data or a backpointer. if data is None: if prev_pos: self._tfile.write(p64(prev_pos)) else: # Write a zero backpointer, which indicates an # un-creation transaction. self._tfile.write(z64) else: self._tfile.write(data) def supportsUndo(self): return 1 def _clear_temp(self): self._tindex.clear() if self._tfile is not None: self._tfile.seek(0) def _begin(self, tid, u, d, e): self._nextpos = 0 self._thl = TRANS_HDR_LEN + len(u) + len(d) + len(e) if self._thl > 65535: # one of u, d, or e may be > 65535 # We have to check lengths here because struct.pack # doesn't raise an exception on overflow! if len(u) > 65535: raise FileStorageError('user name too long') if len(d) > 65535: raise FileStorageError('description too long') if len(e) > 65535: raise FileStorageError('too much extension data') def tpc_vote(self, transaction): with self._lock: if transaction is not self._transaction: raise StorageTransactionError( "tpc_vote called with wrong transaction") dlen = self._tfile.tell() self._tfile.seek(0) user, descr, ext = self._ude self._file.seek(self._pos) tl = self._thl + dlen try: h = TxnHeader(self._tid, tl, "c", len(user), len(descr), len(ext)) h.user = user h.descr = descr h.ext = ext self._file.write(h.asString()) cp(self._tfile, self._file, dlen) self._file.write(p64(tl)) self._file.flush() except: # noqa: E722 do not use bare 'except' # Hm, an error occurred writing out the data. Maybe the # disk is full. We don't want any turd at the end. self._file.truncate(self._pos) self._files.flush() raise self._nextpos = self._pos + (tl + 8) return self._resolved def tpc_finish(self, transaction, f=None): with self._files.write_lock(): with self._lock: if transaction is not self._transaction: raise StorageTransactionError( "tpc_finish called with wrong transaction") try: tid = self._tid if f is not None: f(tid) self._finish(tid, *self._ude) self._clear_temp() finally: self._ude = None self._transaction = None self._commit_lock.release() return tid def _finish(self, tid, u, d, e): # Clear the checkpoint flag self._file.seek(self._pos+16) self._file.write(as_bytes(self._tstatus)) try: # At this point, we may have committed the data to disk. # If we fail from here, we're in bad shape. self._finish_finish(tid) except: # noqa: E722 do not use bare 'except' # Ouch. This is bad. Let's try to get back to where we were # and then roll over and die logger.critical("Failure in _finish. Closing.", exc_info=True) self.close() raise def _finish_finish(self, tid): # This is a separate method to allow tests to replace it with # something broken. :) self._file.flush() if fsync is not None: fsync(self._file.fileno()) self._pos = self._nextpos self._index.update(self._tindex) self._ltid = tid self._blob_tpc_finish() def _abort(self): if self._nextpos: self._file.truncate(self._pos) self._files.flush() self._nextpos = 0 self._blob_tpc_abort() def _undoDataInfo(self, oid, pos, tpos): """Return the tid, data pointer, and data for the oid record at pos """ if tpos: itpos = tpos - self._pos - self._thl pos = tpos tpos = self._tfile.tell() h = self._tfmt._read_data_header(itpos, oid) afile = self._tfile else: h = self._read_data_header(pos, oid) afile = self._file if h.oid != oid: raise UndoError("Invalid undo transaction id", oid) if h.plen: data = afile.read(h.plen) else: data = '' pos = h.back if tpos: self._tfile.seek(tpos) # Restore temp file to end return h.tid, pos, data def getTid(self, oid): with self._lock: pos = self._lookup_pos(oid) h = self._read_data_header(pos, oid) if h.plen == 0 and h.back == 0: # Undone creation raise POSKeyError(oid) return h.tid def _transactionalUndoRecord(self, oid, pos, tid, pre): """Get the undo information for a data record 'pos' points to the data header for 'oid' in the transaction being undone. 'tid' refers to the transaction being undone. 'pre' is the 'prev' field of the same data header. Return a 3-tuple consisting of a pickle, data pointer, and current position. If the pickle is true, then the data pointer must be 0, but the pickle can be empty *and* the pointer 0. """ copy = True # Can we just copy a data pointer # First check if it is possible to undo this record. tpos = self._tindex.get(oid, 0) ipos = self._index.get(oid, 0) tipos = tpos or ipos if tipos != pos: # The transaction being undone isn't current because: # a) A later transaction was committed ipos != pos, or # b) A change was made in the current transaction. This # could only be a previous undo in a multi-undo. # (We don't allow multiple data managers with the same # storage to participate in the same transaction.) assert tipos > pos # Get current data, as identified by tipos. We'll use # it to decide if and how we can undo in this case. ctid, cdataptr, current_data = self._undoDataInfo(oid, ipos, tpos) if cdataptr != pos: # if cdataptr was == pos, then we'd be cool, because # we're dealing with the same data. # Because they aren't equal, we have to dig deeper # Let's see if data to be undone and current data # are the same. If not, we'll have to decide whether # we should try conflict resolution. try: data_to_be_undone = self._loadBack_impl(oid, pos)[0] if not current_data: current_data = self._loadBack_impl(oid, cdataptr)[0] if data_to_be_undone != current_data: # OK, so the current data is different from # the data being undone. We can't just copy: copy = False if not pre: # The transaction we're undoing has no # previous state to merge with, so we # can't resolve a conflict. raise UndoError( "Can't undo an add transaction followed by" " conflicting transactions.", oid) except KeyError: # LoadBack gave us a key error. Bail. raise UndoError("_loadBack() failed", oid) # Return the data that should be written in the undo record. if not pre: # We're undoing object addition. We're doing this because # subsequent transactions has no net effect on the state # (possibly because some of them were undos). return "", 0, ipos if copy: # we can just copy our previous-record pointer forward return "", pre, ipos try: pre_data = self._loadBack_impl(oid, pre)[0] except KeyError: # couldn't find oid; what's the real explanation for this? raise UndoError("_loadBack() failed for %s", oid) try: data = self.tryToResolveConflict( oid, ctid, tid, pre_data, current_data) return data, 0, ipos except ConflictError: pass raise UndoError("Some data were modified by a later transaction", oid) # undoLog() returns a description dict that includes an id entry. # The id is opaque to the client, but contains the transaction id. # The transactionalUndo() implementation does a simple linear # search through the file (from the end) to find the transaction. def undoLog(self, first=0, last=-20, filter=None): if last < 0: # -last is supposed to be the max # of transactions. Convert to # a positive index. Should have x - first = -last, which # means x = first - last. This is spelled out here because # the normalization code was incorrect for years (used +1 # instead -- off by 1), until ZODB 3.4. last = first - last with self._lock: if self._pack_is_in_progress: raise UndoError( 'Undo is currently disabled for database maintenance.<p>') us = UndoSearch(self._file, self._pos, first, last, filter) while not us.finished(): # Hold lock for batches of 20 searches, so default search # parameters will finish without letting another thread run. for i in range(20): if us.finished(): break us.search() # Give another thread a chance, so that a long undoLog() # operation doesn't block all other activity. self._lock.release() self._lock.acquire() return us.results def undo(self, transaction_id, transaction): """Undo a transaction, given by transaction_id. Do so by writing new data that reverses the action taken by the transaction. Usually, we can get by with just copying a data pointer, by writing a file position rather than a pickle. Sometimes, we may do conflict resolution, in which case we actually copy new data that results from resolution. """ if self._is_read_only: raise ReadOnlyError() if transaction is not self._transaction: raise StorageTransactionError(self, transaction) with self._lock: # Find the right transaction to undo and call _txn_undo_write(). tid = decodebytes(transaction_id + b'\n') assert len(tid) == 8 tpos = self._txn_find(tid, 1) tindex = self._txn_undo_write(tpos) self._tindex.update(tindex) return self._tid, tindex.keys() def _txn_find(self, tid, stop_at_pack): pos = self._pos while pos > 39: self._file.seek(pos - 8) pos = pos - u64(self._file.read(8)) - 8 self._file.seek(pos) h = self._file.read(TRANS_HDR_LEN) _tid = h[:8] if _tid == tid: return pos if stop_at_pack: # check the status field of the transaction header if h[16] == b'p': break raise UndoError("Invalid transaction id") def _txn_undo_write(self, tpos): # a helper function to write the data records for transactional undo otloc = self._pos here = self._pos + self._tfile.tell() + self._thl base = here - self._tfile.tell() # Let's move the file pointer back to the start of the txn record. th = self._read_txn_header(tpos) if th.status != " ": raise UndoError('non-undoable transaction') tend = tpos + th.tlen pos = tpos + th.headerlen() tindex = {} # keep track of failures, cause we may succeed later failures = {} # Read the data records for this transaction while pos < tend: h = self._read_data_header(pos) if h.oid in failures: del failures[h.oid] # second chance! assert base + self._tfile.tell() == here, (here, base, self._tfile.tell()) try: p, prev, ipos = self._transactionalUndoRecord( h.oid, pos, h.tid, h.prev) except UndoError as v: # Don't fail right away. We may be redeemed later! failures[h.oid] = v else: if self.blob_dir and not p and prev: try: up, userial = self._loadBackTxn(h.oid, prev) except POSKeyError: pass # It was removed, so no need to copy data else: if self.is_blob_record(up): # We're undoing a blob modification operation. # We have to copy the blob data tmp = mktemp(dir=self.fshelper.temp_dir) with self.openCommittedBlobFile( h.oid, userial) as sfp: with open(tmp, 'wb') as dfp: cp(sfp, dfp) self._blob_storeblob(h.oid, self._tid, tmp) new = DataHeader(h.oid, self._tid, ipos, otloc, 0, len(p)) # TODO: This seek shouldn't be necessary, but some other # bit of code is messing with the file pointer. assert self._tfile.tell() == here - base, (here, base, self._tfile.tell()) self._tfile.write(new.asString()) if p: self._tfile.write(p) else: self._tfile.write(p64(prev)) tindex[h.oid] = here here += new.recordlen() pos += h.recordlen() if pos > tend: raise UndoError("non-undoable transaction") if failures: raise MultipleUndoErrors(list(failures.items())) return tindex def history(self, oid, size=1, filter=None): with self._lock: r = [] pos = self._lookup_pos(oid) while 1: if len(r) >= size: return r h = self._read_data_header(pos) th = self._read_txn_header(h.tloc) if th.ext: d = loads(th.ext) else: d = {} d.update({"time": TimeStamp(h.tid).timeTime(), "user_name": th.user, "description": th.descr, "tid": h.tid, "size": h.plen, }) if filter is None or filter(d): r.append(d) if h.prev: pos = h.prev else: return r def _redundant_pack(self, file, pos): assert pos > 8, pos file.seek(pos - 8) p = u64(file.read(8)) file.seek(pos - p + 8) return file.read(1) not in ' u' @staticmethod def packer(storage, referencesf, stop, gc): # Our default packer is built around the original packer. We # simply adapt the old interface to the new. We don't really # want to invest much in the old packer, at least for now. assert referencesf is not None p = FileStoragePacker(storage, referencesf, stop, gc) try: opos = p.pack() if opos is None: return None return opos, p.index finally: p.close() def pack(self, t, referencesf, gc=None): """Copy data from the current database file to a packed file Non-current records from transactions with time-stamp strings less than packtss are ommitted. As are all undone records. Also, data back pointers that point before packtss are resolved and the associated data are copied, since the old records are not copied. """ if self._is_read_only: raise ReadOnlyError() stop = TimeStamp(*time.gmtime(t)[:5]+(t % 60,)).raw() if stop == z64: raise FileStorageError('Invalid pack time') # If the storage is empty, there's nothing to do. if not self._index: return with self._lock: if self._pack_is_in_progress: raise FileStorageError('Already packing') self._pack_is_in_progress = True if gc is None: gc = self._pack_gc oldpath = self._file_name + ".old" if os.path.exists(oldpath): os.remove(oldpath) if self.blob_dir and os.path.exists(self.blob_dir + ".old"): remove_committed_dir(self.blob_dir + ".old") have_commit_lock = False try: pack_result = None try: pack_result = self.packer(self, referencesf, stop, gc) except RedundantPackWarning as detail: logger.info(str(detail)) if pack_result is None: return have_commit_lock = True opos, index = pack_result with self._files.write_lock(): with self._lock: self._files.empty() self._file.close() try: os.rename(self._file_name, oldpath) except Exception: self._file = open(self._file_name, 'r+b') raise # OK, we're beyond the point of no return os.rename(self._file_name + '.pack', self._file_name) self._file = open(self._file_name, 'r+b') self._initIndex(index, self._tindex) self._pos = opos # We're basically done. Now we need to deal with removed # blobs and removing the .old file (see further down). if self.blob_dir: self._commit_lock.release() have_commit_lock = False self._remove_blob_files_tagged_for_removal_during_pack() finally: if have_commit_lock: self._commit_lock.release() with self._lock: self._pack_is_in_progress = False if not self.pack_keep_old: os.remove(oldpath) with self._lock: self._save_index() def _remove_blob_files_tagged_for_removal_during_pack(self): lblob_dir = len(self.blob_dir) fshelper = self.fshelper old = self.blob_dir+'.old' # Helper to clean up dirs left empty after moving things to old def maybe_remove_empty_dir_containing(path, level=0): path = os.path.dirname(path) if len(path) <= lblob_dir or os.listdir(path): return # Path points to an empty dir. There may be a race. We # might have just removed the dir for an oid (or a parent # dir) and while we're cleaning up it's parent, another # thread is adding a new entry to it. # We don't have to worry about level 0, as this is just a # directory containing an object's revisions. If it is # enmpty, the object must have been garbage. # If the level is 1 or higher, we need to be more # careful. We'll get the storage lock and double check # that the dir is still empty before removing it. removed = False if level: self._lock.acquire() try: if not os.listdir(path): os.rmdir(path) removed = True finally: if level: self._lock.release() if removed: maybe_remove_empty_dir_containing(path, level+1) if self.pack_keep_old: # Helpers that move oid dir or revision file to the old dir. os.mkdir(old) link_or_copy(os.path.join(self.blob_dir, '.layout'), os.path.join(old, '.layout')) def handle_file(path): newpath = old+path[lblob_dir:] dest = os.path.dirname(newpath) if not os.path.exists(dest): os.makedirs(dest) os.rename(path, newpath) handle_dir = handle_file else: # Helpers that remove an oid dir or revision file. handle_file = remove_committed handle_dir = remove_committed_dir # Fist step: move or remove oids or revisions with open(os.path.join(self.blob_dir, '.removed'), 'rb') as fp: for line in fp: line = binascii.unhexlify(line.strip()) if len(line) == 8: # oid is garbage, re/move dir path = fshelper.getPathForOID(line) if not os.path.exists(path): # Hm, already gone. Odd. continue handle_dir(path) maybe_remove_empty_dir_containing(path, 1) continue if len(line) != 16: raise ValueError( "Bad record in ", self.blob_dir, '.removed') oid, tid = line[:8], line[8:] path = fshelper.getBlobFilename(oid, tid) if not os.path.exists(path): # Hm, already gone. Odd. continue handle_file(path) assert not os.path.exists(path) maybe_remove_empty_dir_containing(path) os.remove(os.path.join(self.blob_dir, '.removed')) if not self.pack_keep_old: return # Second step, copy remaining files. for path, dir_names, file_names in os.walk(self.blob_dir): for file_name in file_names: if not file_name.endswith('.blob'): continue file_path = os.path.join(path, file_name) dest = os.path.dirname(old+file_path[lblob_dir:]) if not os.path.exists(dest): os.makedirs(dest) link_or_copy(file_path, old+file_path[lblob_dir:]) def iterator(self, start=None, stop=None): return FileIterator(self._file_name, start, stop) def lastInvalidations(self, count): file = self._file seek = file.seek read = file.read with self._lock: pos = self._pos while count > 0 and pos > 4: count -= 1 seek(pos-8) pos = pos - 8 - u64(read(8)) seek(0) return [(trans.tid, [r.oid for r in trans]) for trans in FileIterator(self._file_name, pos=pos)] def lastTid(self, oid): """Return last serialno committed for object oid. If there is no serialno for this oid -- which can only occur if it is a new object -- return None. """ try: return self.getTid(oid) except KeyError: return None def cleanup(self): """Remove all files created by this storage.""" for ext in '', '.old', '.tmp', '.lock', '.index', '.pack': try: os.remove(self._file_name + ext) except OSError as e: if e.errno != errno.ENOENT: raise def record_iternext(self, next=None): index = self._index oid = index.minKey(next) oid_as_long, = unpack(">Q", oid) next_oid = pack(">Q", oid_as_long + 1) try: next_oid = index.minKey(next_oid) except ValueError: # "empty tree" error next_oid = None data, tid = load_current(self, oid) return oid, tid, data, next_oid ###################################################################### # The following 2 methods are for testing a ZEO extension mechanism def getExtensionMethods(self): return dict(answer_to_the_ultimate_question=None) def answer_to_the_ultimate_question(self): return 42
# ###################################################################### def shift_transactions_forward(index, tindex, file, pos, opos): """Copy transactions forward in the data file This might be done as part of a recovery effort """ # Cache a bunch of methods seek = file.seek read = file.read write = file.write index_get = index.get # Initialize, p1 = opos p2 = pos offset = p2-p1 # Copy the data in two stages. In the packing stage, # we skip records that are non-current or that are for # unreferenced objects. We also skip undone transactions. # # After the packing stage, we copy everything but undone # transactions, however, we have to update various back pointers. # We have to have the storage lock in the second phase to keep # data from being changed while we're copying. while 1: # Read the transaction record seek(pos) h = read(TRANS_HDR_LEN) if len(h) < TRANS_HDR_LEN: break tid, stl, status, ul, dl, el = unpack(TRANS_HDR, h) status = as_text(status) if status == 'c': break # Oops. we found a checkpoint flag. tl = u64(stl) tpos = pos tend = tpos+tl otpos = opos # start pos of output trans thl = ul+dl+el h2 = read(thl) if len(h2) != thl: raise PackError(opos) # write out the transaction record seek(opos) write(h) write(h2) thl = TRANS_HDR_LEN+thl pos = tpos+thl opos = otpos+thl while pos < tend: # Read the data records for this transaction seek(pos) h = read(DATA_HDR_LEN) oid, serial, sprev, stloc, vlen, splen = unpack(DATA_HDR, h) assert not vlen plen = u64(splen) dlen = DATA_HDR_LEN+(plen or 8) tindex[oid] = opos if plen: p = read(plen) else: p = read(8) p = u64(p) if p >= p2: p = p-offset elif p >= p1: # Ick, we're in trouble. Let's bail # to the index and hope for the best p = index_get(oid, 0) p = p64(p) # WRITE seek(opos) sprev = p64(index_get(oid, 0)) write(pack(DATA_HDR, oid, serial, sprev, p64(otpos), 0, splen)) write(p) opos = opos+dlen pos = pos+dlen # skip the (intentionally redundant) transaction length pos = pos+8 if status != 'u': index.update(tindex) # Record the position tindex.clear() write(stl) opos = opos+8 return opos def search_back(file, pos): seek = file.seek read = file.read seek(0, 2) s = p = file.tell() while p > pos: seek(p-8) l_ = u64(read(8)) if l_ <= 0: break p = p-l_-8 return p, s def recover(file_name): file = open(file_name, 'r+b') index = {} tindex = {} pos, oid, tid = read_index(file, file_name, index, tindex, recover=1) if oid is not None: print("Nothing to recover") return opos = pos pos, sz = search_back(file, pos) if pos < sz: npos = shift_transactions_forward(index, tindex, file, pos, opos) file.truncate(npos) print("Recovered file, lost {}, ended up with {} bytes".format( pos-opos, npos)) def read_index(file, name, index, tindex, stop=b'\377'*8, ltid=z64, start=4, maxoid=z64, recover=0, read_only=0): """Scan the file storage and update the index. Returns file position, max oid, and last transaction id. It also stores index information in the three dictionary arguments. Arguments: file -- a file object (the Data.fs) name -- the name of the file (presumably file.name) index -- fsIndex, oid -> data record file offset tindex -- dictionary, oid -> data record offset tindex is cleared before return There are several default arguments that affect the scan or the return values. TODO: document them. start -- the file position at which to start scanning for oids added beyond the ones the passed-in indices know about. The .index file caches the highest ._pos FileStorage knew about when the the .index file was last saved, and that's the intended value to pass in for start; accept the default (and pass empty indices) to recreate the index from scratch maxoid -- ignored (it meant something prior to ZODB 3.2.6; the argument still exists just so the signature of read_index() stayed the same) The file position returned is the position just after the last valid transaction record. The oid returned is the maximum object id in `index`, or z64 if the index is empty. The transaction id is the tid of the last transaction, or ltid if the index is empty. """ read = file.read seek = file.seek seek(0, 2) file_size = file.tell() fmt = TempFormatter(file) if file_size: if file_size < start: raise FileStorageFormatError(file.name) seek(0) if read(4) != packed_version: raise FileStorageFormatError(name) else: if not read_only: file.write(packed_version) return 4, z64, ltid index_get = index.get pos = start seek(start) tid = b'\0' * 7 + b'\1' while 1: # Read the transaction record h = read(TRANS_HDR_LEN) if not h: break if len(h) != TRANS_HDR_LEN: if not read_only: logger.warning('%s truncated at %s', name, pos) seek(pos) file.truncate() break tid, tl, status, ul, dl, el = unpack(TRANS_HDR, h) status = as_text(status) if tid <= ltid: logger.warning("%s time-stamp reduction at %s", name, pos) ltid = tid if pos+(tl+8) > file_size or status == 'c': # Hm, the data were truncated or the checkpoint flag wasn't # cleared. They may also be corrupted, # in which case, we don't want to totally lose the data. if not read_only: logger.warning("%s truncated, possibly due to damaged" " records at %s", name, pos) _truncate(file, name, pos) break if status not in ' up': logger.warning('%s has invalid status, %s, at %s', name, status, pos) if tl < TRANS_HDR_LEN + ul + dl + el: # We're in trouble. Find out if this is bad data in the # middle of the file, or just a turd that Win 9x dropped # at the end when the system crashed. # Skip to the end and read what should be the transaction length # of the last transaction. seek(-8, 2) rtl = u64(read(8)) # Now check to see if the redundant transaction length is # reasonable: if file_size - rtl < pos or rtl < TRANS_HDR_LEN: logger.critical('%s has invalid transaction header at %s', name, pos) if not read_only: logger.warning( "It appears that there is invalid data at the end of " "the file, possibly due to a system crash. %s " "truncated to recover from bad data at end." % name) _truncate(file, name, pos) break else: if recover: return pos, None, None panic('%s has invalid transaction header at %s', name, pos) if tid >= stop: break tpos = pos tend = tpos + tl if status == 'u': # Undone transaction, skip it seek(tend) h = u64(read(8)) if h != tl: if recover: return tpos, None, None panic('%s has inconsistent transaction length at %s', name, pos) pos = tend + 8 continue pos = tpos + TRANS_HDR_LEN + ul + dl + el while pos < tend: # Read the data records for this transaction h = fmt._read_data_header(pos) dlen = h.recordlen() tindex[h.oid] = pos if pos + dlen > tend or h.tloc != tpos: if recover: return tpos, None, None panic("%s data record exceeds transaction record at %s", name, pos) if index_get(h.oid, 0) != h.prev: if h.prev: if recover: return tpos, None, None logger.error("%s incorrect previous pointer at %s", name, pos) else: logger.warning("%s incorrect previous pointer at %s", name, pos) pos += dlen if pos != tend: if recover: return tpos, None, None panic("%s data records don't add up at %s", name, tpos) # Read the (intentionally redundant) transaction length seek(pos) h = u64(read(8)) if h != tl: if recover: return tpos, None, None panic("%s redundant transaction length check failed at %s", name, pos) pos += 8 index.update(tindex) tindex.clear() # Caution: fsIndex doesn't have an efficient __nonzero__ or __len__. # That's why we do try/except instead. fsIndex.maxKey() is fast. try: maxoid = index.maxKey() except ValueError: # The index is empty. pass # maxoid is already equal to z64 return pos, maxoid, ltid def _truncate(file, name, pos): file.seek(0, 2) file_size = file.tell() try: i = 0 while 1: oname = '{}.tr{}'.format(name, i) if os.path.exists(oname): i += 1 else: logger.warning("Writing truncated data from %s to %s", name, oname) o = open(oname, 'wb') file.seek(pos) cp(file, o, file_size-pos) o.close() break except: # noqa: E722 do not use bare 'except' logger.exception("couldn\'t write truncated data for %s", name) raise StorageSystemError("Couldn't save truncated data") file.seek(pos) file.truncate() class FileIterator(FileStorageFormatter): """Iterate over the transactions in a FileStorage file. """ _ltid = z64 _file = None def __init__(self, filename, start=None, stop=None, pos=4): assert isinstance(filename, str) file = open(filename, 'rb') self._file = file self._file_name = filename if file.read(4) != packed_version: raise FileStorageFormatError(file.name) file.seek(0, 2) self._file_size = file.tell() if (pos < 4) or pos > self._file_size: raise ValueError("Given position is greater than the file size", pos, self._file_size) self._pos = pos assert start is None or isinstance(start, bytes) assert stop is None or isinstance(stop, bytes) self._start = start self._stop = stop if start: if self._file_size <= 4: return self._skip_to_start(start) def __len__(self): # Define a bogus __len__() to make the iterator work # with code like builtin list() and tuple(). # There's a lot of C code that expects a sequence to have # an __len__() but can cope with any sort of mistake in its # implementation. So just return 0. return 0 # This allows us to pass an iterator as the `other` argument to # copyTransactionsFrom() in BaseStorage. The advantage here is that we # can create the iterator manually, e.g. setting start and stop, and then # just let copyTransactionsFrom() do its thing. def iterator(self): return self def close(self): file = self._file if file is not None: self._file = None file.close() def _skip_to_start(self, start): file = self._file pos1 = self._pos file.seek(pos1) tid1 = file.read(8) # XXX bytes if len(tid1) < 8: raise CorruptedError("Couldn't read tid.") if start < tid1: pos2 = pos1 tid2 = tid1 file.seek(4) tid1 = file.read(8) if start <= tid1: self._pos = 4 return pos1 = 4 else: if start == tid1: return # Try to read the last transaction. We could be unlucky and # opened the file while committing a transaction. In that # case, we'll just scan from the beginning if the file is # small enough, otherwise we'll fail. file.seek(self._file_size-8) l_ = u64(file.read(8)) if not (l_ + 12 <= self._file_size and self._read_num(self._file_size-l_) == l_): if self._file_size < (1 << 20): return self._scan_foreward(start) raise ValueError("Can't find last transaction in large file") pos2 = self._file_size-l_-8 file.seek(pos2) tid2 = file.read(8) if tid2 < tid1: raise CorruptedError("Tids out of order.") if tid2 <= start: if tid2 == start: self._pos = pos2 else: self._pos = self._file_size return t1 = TimeStamp(tid1).timeTime() t2 = TimeStamp(tid2).timeTime() ts = TimeStamp(start).timeTime() if (ts - t1) < (t2 - ts): return self._scan_forward(pos1, start) else: return self._scan_backward(pos2, start) def _scan_forward(self, pos, start): logger.debug("Scan forward %s:%s looking for %r", self._file_name, pos, start) while 1: # Read the transaction record h = self._read_txn_header(pos) if h.tid >= start: self._pos = pos return pos += h.tlen + 8 def _scan_backward(self, pos, start): logger.debug("Scan backward %s:%s looking for %r", self._file_name, pos, start) file = self._file seek = file.seek read = file.read while 1: pos -= 8 seek(pos) tlen = u64(read(8)) pos -= tlen h = self._read_txn_header(pos) if h.tid <= start: if h.tid == start: self._pos = pos else: self._pos = pos + tlen + 8 return # Iterator protocol def __iter__(self): return self def __next__(self): if self._file is None: raise StopIteration() pos = self._pos while True: # Read the transaction record try: h = self._read_txn_header(pos) except CorruptedDataError as err: # If buf is empty, we've reached EOF. if not err.buf: break raise if h.tid <= self._ltid: logger.warning("%s time-stamp reduction at %s", self._file.name, pos) self._ltid = h.tid if self._stop is not None and h.tid > self._stop: break if h.status == "c": # Assume we've hit the last, in-progress transaction break if pos + h.tlen + 8 > self._file_size: # Hm, the data were truncated or the checkpoint flag wasn't # cleared. They may also be corrupted, # in which case, we don't want to totally lose the data. logger.warning("%s truncated, possibly due to" " damaged records at %s", self._file.name, pos) break if h.status not in " up": logger.warning('%s has invalid status,' ' %s, at %s', self._file.name, h.status, pos) if h.tlen < h.headerlen(): # We're in trouble. Find out if this is bad data in # the middle of the file, or just a turd that Win 9x # dropped at the end when the system crashed. Skip to # the end and read what should be the transaction # length of the last transaction. self._file.seek(-8, 2) rtl = u64(self._file.read(8)) # Now check to see if the redundant transaction length is # reasonable: if self._file_size - rtl < pos or rtl < TRANS_HDR_LEN: logger.critical("%s has invalid transaction header at %s", self._file.name, pos) logger.warning( "It appears that there is invalid data at the end of " "the file, possibly due to a system crash. %s " "truncated to recover from bad data at end." % self._file.name) break else: logger.warning("%s has invalid transaction header at %s", self._file.name, pos) break tpos = pos tend = tpos + h.tlen if h.status != "u": pos = tpos + h.headerlen() result = TransactionRecord(h.tid, h.status, h.user, h.descr, h.ext, pos, tend, self._file, tpos) # Read the (intentionally redundant) transaction length self._file.seek(tend) rtl = u64(self._file.read(8)) if rtl != h.tlen: logger.warning("%s redundant transaction length check" " failed at %s", self._file.name, tend) break self._pos = tend + 8 return result self.close() raise StopIteration() next = __next__ class TransactionRecord(_TransactionRecord): def __init__(self, tid, status, user, desc, ext, pos, tend, file, tpos): _TransactionRecord.__init__( self, tid, status, user, desc, ext) self._pos = pos self._tend = tend self._file = file self._tpos = tpos def __iter__(self): return TransactionRecordIterator(self) class TransactionRecordIterator(FileStorageFormatter): """Iterate over the transactions in a FileStorage file.""" def __init__(self, record): self._file = record._file self._pos = record._pos self._tpos = record._tpos self._tend = record._tend def __iter__(self): return self def __next__(self): pos = self._pos while pos < self._tend: # Read the data records for this transaction h = self._read_data_header(pos) dlen = h.recordlen() if pos + dlen > self._tend or h.tloc != self._tpos: logger.warning("%s data record exceeds transaction" " record at %s", self._file.name, pos) break self._pos = pos + dlen prev_txn = None if h.plen: data = self._file.read(h.plen) else: if h.back == 0: # If the backpointer is 0, then this transaction # undoes the object creation. It undid the # transaction that created it. Return None # instead of a pickle to indicate this. data = None else: data, tid = self._loadBackTxn(h.oid, h.back, False) # Caution: :ooks like this only goes one link back. # Should it go to the original data like BDBFullStorage? prev_txn = self.getTxnFromData(h.oid, h.back) return Record(h.oid, h.tid, data, prev_txn, pos) raise StopIteration() next = __next__ class Record(_DataRecord): def __init__(self, oid, tid, data, prev, pos): super().__init__(oid, tid, data, prev) self.pos = pos class UndoSearch: def __init__(self, file, pos, first, last, filter=None): self.file = file self.pos = pos self.first = first self.last = last self.filter = filter # self.i is the index of the transaction we're _going_ to find # next. When it reaches self.first, we should start appending # to self.results. When it reaches self.last, we're done # (although we may finish earlier). self.i = 0 self.results = [] self.stop = False def finished(self): """Return True if UndoSearch has found enough records.""" # BAW: Why 39 please? This makes no sense (see also below). return self.i >= self.last or self.pos < 39 or self.stop def search(self): """Search for another record.""" dict = self._readnext() if dict is not None and (self.filter is None or self.filter(dict)): if self.i >= self.first: self.results.append(dict) self.i += 1 def _readnext(self): """Read the next record from the storage.""" self.file.seek(self.pos - 8) self.pos -= u64(self.file.read(8)) + 8 self.file.seek(self.pos) h = self.file.read(TRANS_HDR_LEN) tid, tl, status, ul, dl, el = unpack(TRANS_HDR, h) status = as_text(status) if status == 'p': self.stop = 1 return None if status != ' ': return None d = u = b'' if ul: u = self.file.read(ul) if dl: d = self.file.read(dl) e = {} if el: try: e = loads(self.file.read(el)) except: # noqa: E722 do not use bare 'except' pass d = {'id': encodebytes(tid).rstrip(), 'time': TimeStamp(tid).timeTime(), 'user_name': u, 'size': tl, 'description': d} d.update(e) return d class FilePool: closed = False writing = False writers = 0 def __init__(self, file_name): self.name = file_name self._files = [] self._out = [] self._cond = utils.Condition() @contextlib.contextmanager def write_lock(self): with self._cond: self.writers += 1 while self.writing or self._out: self._cond.wait() if self.closed: raise ValueError('closed') self.writing = True try: yield None finally: with self._cond: self.writing = False if self.writers > 0: self.writers -= 1 self._cond.notify_all() @contextlib.contextmanager def get(self): with self._cond: while self.writers: self._cond.wait() assert not self.writing if self.closed: raise ValueError('closed') try: f = self._files.pop() except IndexError: f = open(self.name, 'rb') self._out.append(f) try: yield f finally: self._out.remove(f) self._files.append(f) if not self._out: with self._cond: if self.writers and not self._out: self._cond.notify_all() def empty(self): while self._files: self._files.pop().close() def flush(self): """Empty read buffers. This is required if they contain data of rolled back transactions. """ # Unfortunately, Python has no API to flush read buffers. with self.write_lock(): self.empty() def close(self): with self._cond: self.closed = True while self._out: self._out.pop().close() self.empty() self.writing = self.writers = 0