We shouldn't assume two files are different just
because one was touched recently. This is an issue
when we think systemplate is out of date when it isn't.
Since we only do this file comparison on (very) small
/etc files, it's simply safer to compare the files
when their sizes are the same, instead of assuming
that timestamps are indicative of being outdated.
Ironically, by comparing the contents we spawn
jails faster when there is nothing to update
and we can safely use bind-mount.
Change-Id: Idb2088fcb52b493c91bef92890750f1dfcfbcc25
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Also, makes the logging of units much less error prone.
The overloaded streaming operators are temporary as
they are provided in C++20. The ones here (though
incomplete) are fashioned after the C++20 specs.
Change-Id: Ieb499282ccb6e63fa939ba07bed3e5a4fbef1bd0
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
chrono::system_clock can go back in time.
For time interval measurements, where we don't
care about the local time, a monotonic clock
should be used.
This avoids the server uptime jumping around
with daylight saving (or indeed by regular
synchronization with an atomic clock), among
other cases.
Change-Id: I09f9b24c82d19439348a2e66cad9e9de7d755208
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
The fuzzer ran out of memory, 955443527 bytes (79%) of the used memory
was this map.
Change-Id: I2dd84a094d3dd3d98618667e3c78591e2193bce2
Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Should no longer be needed since the unipoll transition.
Change-Id: Ie534cad7da0cfa54099175a86bc28dd16c738890
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
The temporary directories created for convert-to
and insertfile are used only once and should be
cleaned up to avoid clutter.
We also de-poco the temp directory creation as
it doesn't add value and do a bit of cleanup.
Change-Id: Ie1fd5b4749788ff4407f2cc886d405258f65f97a
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
These helpers are for testing only. They should
ideally be moved to the test helpers, but because
of dependency on the FileDeleter in FileUtil they
remain in FileUtil.
Change-Id: I93c7e08823edec8f6a53419f0a6596f3255f23f9
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
On non-Linux systems we should default to std:🧵:id
which needs to be serialized using ostream interface.
While Util::getThreadId does specialize for Linux, the
code using it doesn't always handle the different return
types.
While std:🧵:id is the standard interface to the
thread ID, using such abstraction has proven to be costly
when converting the thread ID on each and every log via
ostringstream (due to the cost of memory allocation).
In practice Linux is the primary and so far only platform,
so the getThreadId is optimized for it. Other systems
can either use the default std:🧵:id, or can also
specialize as necessary.
Change-Id: I91cf279a8fdff12636a534957db5069dee51bd65
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
This is not allowed by the standard and libc++ is more stricter than libstdc++ on that matter.
Luckily, the conversion is used to turn it into a string, so just use stringstream to convert the thread::id directly.
Signed-off-by: Gleb Popov <6yearold@gmail.com>
Change-Id: Iea1a844a086b7fe7ed4703fd06e1d538d5d0bc43
size_t in C and in C++ are not necessarily the same
type. The C++ size_t is in the std namespace. Since
we do include many C headers, and indeed some C++
runtime headers do define size_t for backwards
compatibility, it's easy to mix and match the two
types.
Also, 'using std::size_t;' isn't a great practice,
so removed.
This is not exhaustive, just some low-hanging cases.
Change-Id: I85a36b6fd1acd204274b1869de9bcb94c8b3cf13
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
This replaces Util::getFileTimestamp with
FileUtil::Stat::modifiedTimepoint() and fixes a potential bug:
getFileTimestamp had only 1 second precision (it simply dropped
sub-second data). This could mean that any modifications to a file
within a second could not be detected.
Minor simplifications done where possible and overly long lines
have been reformatted.
This is a non-functional change (except that file modified-time
now supports microsecond precision).
Change-Id: I3606638a86fc3e00c0ad5cb602bdbb2b4651867b
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Confusion arose due to separate creation of session, and watermark
property fetch from CheckFileInfo which happens in DocumentBroker::load
which doesn't do a load. This happens in a subsequent 'load url='
message cf. global.js which can then race vs. the session creation.
This causes mis-ordering of another unhelpfully shared Session,
letting the view canonicalization list to get out of sync between
the two processes.
So instead - tell the view it's canonical id. An example of the
problems of trying to share some unclear subset of the Session
class between kit and wsd perhaps.
Change-Id: I63dc30f9a047e3f889fd339b6aaf392b9fef37b9
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
We should have no symlinks in the jail whatsoever, except
those we create to files known to exist in the jail.
Unfortunately, some systems have some of the /etc files
as symlinks. When we create hard-links to these files,
they can't be accessed from the jail, since the path
they point to isn't replicated in systemplate and jails.
First change here is to always link to the source file or,
when copying, to copy the source rather than a symlink.
Next, to detect modifications, we compare not just the
size and timestamp, but also the contents. This way we
can be certain that any modification will be detected.
Finally, when we copy at least one file in the
systemplate/etc directory, we flag it by creating the
'copied' file. This way we have a reliable indicator
and don't need to second guess if the files are
hard-linked or copied.
We also avoid some noisy errors when we fail to update
systemplate when it's read-only by first checking
if systemplate is writable or not and insue a friendly
log instead.
Change-Id: Ie8c3e70ea4ec19ee098309f8666c00639fa7319b
In the old code, if the evaluation first allocates the memory for the
raw pointer, then calls firstLine() and an exception is thrown before
the std::unique_ptr construction, then the memory is leaked. Using
make_unique() has the benefit of avoiding this problem.
Convert only a single usage, so the remaining places can be done as easy
hacks.
Change-Id: Iaf3d8051a8a0627a57fdf1196bde7d5f8612fcff
URIs may or may not have authorization data specified
via access_header or access_token query parameters.
In the event that the host doesn't have such needs
(for example authrorization could be performed by
some other means), we should accept the request
and still go ahead and make the WOPI request
all the same.
This patch effectively reverts the changes from
a019c93d90 which threw
an exception when the authorization method was
undefined. Since there was an assertion to warn
programmers that something is amis, now we simply
log the fact in trace mode and move on.
A new unit-test is added and another one that
expected the now-removed exception has been modified.
Change-Id: I26cc2514d7465b344037a6e32b777c0fe0ba9a2c
This fixes the following issue in Online:
When a save is performed while a cell is still edited the save icon
does not reflect the correct state of the document: it shows that
the document is dirty although it is not.
This works only in conjunction with the following commit from core:
-lok: remove .uno:ModifiedStatus message from deduplication mechanism-
Change-Id: Ie671097ef2b206c8801a5bdfc2b908ee260951fb
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/103084
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
The use of a common threadname suffix in the WSD and Kit
processes is intentional. It is designed to help filter
for a single document's logs across both processes.
The thread name has nothing to do with the classes in
the code, nor is it intended to imply any relationship
except with the process and the document in question.
As the comment in this patch explains, the choice of
the suffix is arbitrary and while it may be changed,
it has to be sensible and common between the two threads
to allow for easy grepping.
Historically, there were in fact dedicated threads
within the respective "broker" classes, but this
fact should be safely ignored, since at the log level
we care less about which part of the code generates a
log entry (that info, if needed, is at the end of each
log entry, in the form of filename and line number),
rather we care more about which document it relates to,
which is crucial in investigating production issues.
Logs and code structure are only incidentally related.
Logs are (or at least should be) designed around
the execution structure, not code architecture.
(This reverts 2a16f34812)
Change-Id: Ic6fe2f9425998824774d2644fe4362e75dea6b88
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/101261
Tested-by: Jenkins
Tested-by: Tor Lillqvist <tml@collabora.com>
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Tor Lillqvist <tml@collabora.com>
We now gracefully fallback to copying when/if systemplate
is readonly.
The bulk of the change is to support proper cleanup in
both cases.
First, we had to move as much of the jail bootstrapping
into the loolwsd-systemplate-setup script, so systemplate
will be as complete as possible before it is locked down.
Next, we needed to update the jail with graceful fallback
to linking/copying upon failure. For that, the jail setup
logic in Kit.cpp has been reworked to support not just
update failures, but also more comprehensive mounting
failures as well.
Finally, jail cleanup now is seamless. To support proper
cleanup when we had mounting enabled but had to fallback,
we mark jails that aren't mounted so we can 'rm -rf' the
contents safely and without fear or causing undue damage
(as unlikely as that is, technically we wouldn't want to
rm systemplate files, if mounting read-only had failed).
There are a few minor refactorings of JailUtil to make
it cleaner and more robust.
Change-Id: Iac34869cb84f45acf64fbbc46d46898367b496d2
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/101260
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>