3 BUGS ---------------------------------------------------------------
5 rsync-url barfs on upload
7 rsync foo rsync://localhost/transfer/
12 There seems to be a bug with hardlinks
14 mbp/2 build$ ls -l /tmp/a /tmp/b -i
17 2568307 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a1
18 2568307 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a2
19 2568307 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a3
20 2568310 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 a4
21 2568310 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 a5
22 2568310 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b1
23 2568310 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b2
24 2568310 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b3
28 2568309 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a1
29 2568309 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a2
30 2568309 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a3
31 2568311 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 a4
32 2568311 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 a5
33 2568311 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b1
34 2568311 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b2
35 2568311 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b3
36 mbp/2 build$ rm -r /tmp/b && ./rsync -avH /tmp/a/ /tmp/b
37 building file list ... done
38 created directory /tmp/b
44 wrote 350 bytes read 52 bytes 804.00 bytes/sec
45 total size is 232 speedup is 0.58
46 mbp/2 build$ rm -r /tmp/b
47 mbp/2 build$ ls -l /tmp/b
48 ls: /tmp/b: No such file or directory
49 mbp/2 build$ rm -r /tmp/b && ./rsync -avH /tmp/a/ /tmp/b
50 rm: cannot remove `/tmp/b': No such file or directory
51 mbp/2 build$ rm -f -r /tmp/b && ./rsync -avH /tmp/a/ /tmp/b
52 building file list ... done
53 created directory /tmp/b
59 wrote 350 bytes read 52 bytes 804.00 bytes/sec
60 total size is 232 speedup is 0.58
61 mbp/2 build$ ls -l /tmp/b
63 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a1
64 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a2
65 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a3
66 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 a4
67 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 a5
68 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b1
69 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b2
70 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b3
71 mbp/2 build$ ls -l /tmp/a
73 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a1
74 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a2
75 -rw-rw-r-- 3 mbp mbp 29 Mar 25 17:30 a3
76 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 a4
77 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 a5
78 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b1
79 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b2
80 -rw-rw-r-- 5 mbp mbp 29 Mar 25 17:30 b3
83 Progress indicator can produce corrupt output when transferring directories:
86 main/binary-arm/admin/
88 main/binary-arm/comm/8.56kB/s 0:00:52
89 main/binary-arm/devel/
91 main/binary-arm/editors/
92 main/binary-arm/electronics/s 0:00:53
93 main/binary-arm/games/
94 main/binary-arm/graphics/
95 main/binary-arm/hamradio/
96 main/binary-arm/interpreters/
97 main/binary-arm/libs/6.61kB/s 0:00:54
100 main/binary-arm/misc/
104 I don't think we handle this properly on systems that don't have the
105 call. Are there any such?
109 Part of the regression suite should be making sure that we don't
110 break backwards compatibility: old clients vs new servers and so
111 on. Ideally we would test the cross product of versions.
113 It might be sufficient to test downloads from well-known public
114 rsync servers running different versions of rsync. This will give
115 some testing and also be the most common case for having different
116 versions and not being able to upgrade.
118 --no-blocking-io might be broken
120 in the same way as --no-whole-file; somebody needs to check.
122 Do not rely on having a group called "nobody"
124 http://www.linuxbase.org/spec/refspecs/LSB_1.1.0/gLSB/usernames.html
126 On Debian it's "nogroup"
128 DAEMON --------------------------------------------------------------
130 server-imposed bandwidth limits
134 There are already some patches to do this.
136 BitKeeper uses a server whose login shell is set to bkd. That's
137 probably a reasonable approach.
140 FEATURES ------------------------------------------------------------
145 Mark Santcroos points out that -n fails to list files which have
146 only metadata changes, though it probably should.
148 There may be a Debian bug about this as well.
153 If the platform doesn't support it, then don't even try.
155 If running as non-root, then don't fail, just give a warning.
156 (There was a thread about this a while ago?)
158 http://lists.samba.org/pipermail/rsync/2001-August/thread.html
159 http://lists.samba.org/pipermail/rsync/2001-September/thread.html
164 Avoids traversal. Better option than a pile of --include statements
165 for people who want to generate the file list using a find(1)
171 Perhaps allow supplementary groups to be specified in rsyncd.conf;
172 then make the first one the primary gid and all the rest be
176 File list structure in memory
178 Rather than one big array, perhaps have a tree in memory mirroring
181 This might make sorting much faster! (I'm not sure it's a big CPU
184 It might also reduce memory use in storing repeated directory names
185 -- again I'm not sure this is a problem.
189 Traverse just one directory at a time. Tridge says it's possible.
191 At the moment rsync reads the whole file list into memory at the
192 start, which makes us use a lot of memory and also not pipeline
193 network access as much as we could.
196 Handling duplicate names
198 We need to be careful of duplicate names getting into the file list.
199 See clean_flist(). This could happen if multiple arguments include
202 I think duplicates are only a problem if they're both flowing
203 through the pipeline at the same time. For example we might have
204 updated the first occurrence after reading the checksums for the
205 second. So possibly we just need to make sure that we don't have
206 both in the pipeline at the same time.
208 Possibly if we did one directory at a time that would be sufficient.
210 Alternatively we could pre-process the arguments to make sure no
211 duplicates will ever be inserted. There could be some bad cases
212 when we're collapsing symlinks.
214 We could have a hash table.
216 The root of the problem is that we do not want more than one file
217 list entry referring to the same file. At first glance there are
218 several ways this could happen: symlinks, hardlinks, and repeated
219 names on the command line.
221 If names are repeated on the command line, they may be present in
222 different forms, perhaps by traversing directory paths in different
223 ways, traversing paths including symlinks. Also we need to allow
224 for expansion of globs by rsync.
226 At the moment, clean_flist() requires having the entire file list in
227 memory. Duplicate names are detected just by a string comparison.
229 We don't need to worry about hard links causing duplicates because
230 files are never updated in place. Similarly for symlinks.
232 I think even if we're using a different symlink mode we don't need
235 Unless we're really clever this will introduce a protocol
236 incompatibility, so we need to be able to accept the old format as
242 At exit, show how much memory was used for the file list, etc.
244 Also we do a wierd exponential-growth allocation in flist.c. I'm
245 not sure this makes sense with modern mallocs. At any rate it will
246 make us allocate a huge amount of memory for large file lists.
251 At the moment hardlink handling is very expensive, so it's off by
252 default. It does not need to be so.
254 Since most of the solutions are rather intertwined with the file
255 list it is probably better to fix that first, although fixing
256 hardlinks is possibly simpler.
258 We can rule out hardlinked directories since they will probably
259 screw us up in all kinds of ways. They simply should not be used.
261 At the moment rsync only cares about hardlinks to regular files. I
262 guess you could also use them for sockets, devices and other beasts,
263 but I have not seen them.
265 When trying to reproduce hard links, we only need to worry about
266 files that have more than one name (nlinks>1 && !S_ISDIR).
268 The basic point of this is to discover alternate names that refer to
269 the same file. All operations, including creating the file and
270 writing modifications to it need only to be done for the first name.
271 For all later names, we just create the link and then leave it
274 If hard links are to be preserved:
276 Before the generator/receiver fork, the list of files is received
277 from the sender (recv_file_list), and a table for detecting hard
280 The generator looks for hard links within the file list and does
281 not send checksums for them, though it does send other metadata.
283 The sender sends the device number and inode with file entries, so
284 that files are uniquely identified.
286 The receiver goes through and creates hard links (do_hard_links)
287 after all data has been written, but before directory permissions
290 At the moment device and inum are sent as 4-byte integers, which
291 will probably cause problems on large filesystems. On Linux the
292 kernel uses 64-bit ino_t's internally, and people will soon have
293 filesystems big enough to use them. We ought to follow NFS4 in
294 using 64-bit device and inode identification, perhaps with a
295 protocol version bump.
297 Once we've seen all the names for a particular file, we no longer
298 need to think about it and we can deallocate the memory.
300 We can also have the case where there are links to a file that are
301 not in the tree being transferred. There's nothing we can do about
302 that. Because we rename the destination into place after writing,
303 any hardlinks to the old file are always going to be orphaned. In
304 fact that is almost necessary because otherwise we'd get really
305 confused if we were generating checksums for one name of a file and
308 At the moment the code seems to make a whole second copy of the file
309 list, which seems unnecessary.
311 We should have a test case that exercises hard links. Since it
312 might be hard to compare ./tls output where the inodes change we
313 might need a little program to check whether several names refer to
318 Perhaps put back the old socket code; if on a machine that does not
319 properly support the getaddrinfo API, then use it. This is probably
320 much simpler than reimplementing it.
322 Alternatively, have two different files implementing the same
323 interface, and choose either the new or the old API. This is
324 probably necessary for systems that e.g. have IPv6, but
325 gethostbyaddr() can't handle it. The Linux manpage claims this is
328 This might get us working again on RedHat 5 and similar systems.
329 Although the Kame patch seems like a good idea, in fact it is a much
330 broader interface than the relatively narrow "open by name", "accept
331 and log" interface that rsync uses internally, and it has the
332 disadvantage of clashing with half-arsed implementations of the API.
334 Implement suggestions from http://www.kame.net/newsletter/19980604/
335 and ftp://ftp.iij.ad.jp/pub/RFC/rfc2553.txt
337 If a host has multiple addresses, then listen try to connect to all
338 in order until we get through. (getaddrinfo may return multiple
339 addresses.) This is kind of implemented already.
341 Possibly also when starting as a server we may need to listen on
342 multiple passive addresses. This might be a bit harder, because we
343 may need to select on all of them. Hm.
345 Define a syntax for IPv6 literal addresses. Since they include
346 colons, they tend to break most naming systems, including ours.
347 Based on the HTTP IPv6 syntax, I think we should use
349 rsync://[::1]/foo/bar
352 which should just take a small change to the parser code.
357 If we hang or get SIGINT, then explain where we were up to. Perhaps
358 have a static buffer that contains the current function name, or
359 some kind of description of what we were trying to do. This is a
360 little easier on people than needing to run strace/truss.
362 "The dungeon collapses! You are killed." Rather than "unexpected
363 eof" give a message that is more detailed if possible and also more
366 If we get an error writing to a socket, then we should perhaps
367 continue trying to read to see if an error message comes across
368 explaining why the socket is closed. I'm not sure if this would
369 work, but it would certainly make our messages more helpful.
371 What happens if a directory is missing -x attributes. Do we lose
372 our load? (Debian #28416) Probably fixed now, but a test case
378 Device major/minor numbers should be at least 32 bits each. See
379 http://lists.samba.org/pipermail/rsync/2001-November/005357.html
381 Transfer ACLs. Need to think of a standard representation.
382 Probably better not to even try to convert between NT and POSIX.
383 Possibly can share some code with Samba.
387 With the current common --include '*/' --exclude '*' pattern, people
388 can end up with many empty directories. We might avoid this by
389 lazily creating such directories.
394 Perhaps don't use our own zlib.
398 - will automatically be up to date with bugfixes in zlib
400 - can leave it out for small rsync on e.g. recovery disks
402 - can use a shared library
404 - avoids people breaking rsync by trying to do this themselves and
407 Should we ship zlib for systems that don't have it, or require
408 people to install it separately?
410 Apparently this will make us incompatible with versions of rsync
411 that use the patched version of rsync. Probably the simplest way to
412 do this is to just disable gzip (with a warning) when talking to old
418 Perhaps flush stdout after each filename, so that people trying to
419 monitor progress in a log file can do so more easily. See
420 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=48108
422 At the connections that just get a list of modules are not logged,
425 If a child of the rsync daemon dies with a signal, we should notice
426 that when we reap it and log a message.
428 Keep stderr and stdout properly separated (Debian #23626)
430 After we get the @RSYNCD greeting from the server, we know it's
431 version but we have not yet sent the command line, so we could just
432 remove the -z option if the server is too old.
434 For ssh invocation it's not so simple, because we actually use the
435 command line to start the remote process. However, we only actually
436 do compression in token.c, and we could therefore once we discover
437 the remote version emit an error if it's too old. I'm not sure if
438 that's a good tradeoff or not.
443 There are already some patches to do this.
447 Allow RSYNC_PROXY to be http://user:pass@proxy.foo:3128/, and do
448 HTTP Basic Proxy-Authentication.
450 Multiple schemes are possible, up to and including the insanity that
451 is NTLM, but Basic probably covers most cases.
455 Add --with-socks, and then perhaps a command-line option to put them
456 on or off. This might be more reliable than LD_PRELOAD hacks.
460 rsync to a FAT partition on a Unix machine doesn't work very well
461 at the moment. I think we get errors about invalid filenames and
462 perhaps also trying to do atomic renames.
464 I guess the code to do this is currently #ifdef'd on Windows; perhaps
465 we ought to intelligently fall back to it on Unix too.
470 <Rasmus> mbp: hey, how about an rsync option that just gives you the
471 summary without the list of files? And perhaps gives more
472 information like the number of new files, number of changed,
474 <mbp> Rasmus: nice idea
475 <mbp> there is --stats
476 <mbp> but at the moment it's very tridge-oriented
477 <mbp> rather than user-friendly
478 <mbp> it would be nice to improve it
479 <mbp> that would also work well with --dryrun
483 Rather than storing the file list in memory, store it in a TDB.
485 This *might* make memory usage lower while building the file list.
487 Hashtable lookup will mean files are not transmitted in order,
490 This would neatly eliminate one of the major post-fork shared data
496 On 12 Mar 2002, Dave Dykstra <dwd@bell-labs.com> wrote:
497 > If we would add an option to do that functionality, I would vote for one
498 > that was more general which could mask off any set of permission bits and
499 > possibly add any set of bits. Perhaps a chmod-like syntax if it could be
500 > implemented simply.
502 I think that would be good too. For example, people uploading files
503 to a web server might like to say
505 rsync -avzP --chmod a+rX ./ sourcefrog.net:/home/www/sourcefrog/
507 Ideally the patch would implement as many of the gnu chmod semantics
508 as possible. I think the mode parser should be a separate function
509 that passes back something like (mask,set) description to the rest of
510 the program. For bonus points there would be a test case for the
513 Possibly also --chown
520 Allow people to specify the diff command. (Might want to use wdiff,
523 Just diff the temporary file with the destination file, and delete
524 the tmp file rather than moving it into place.
526 Interaction with --partial.
528 Security interactions with daemon mode?
530 (Suggestion from david.e.sewell)
533 Incorrect timestamps (Debian #100295)
535 A bit hard to believe, but apparently it happens.
538 Check "refuse options works"
540 We need a test case for this...
542 Was this broken when we changed to popt?
545 PERFORMANCE ----------------------------------------------------------
549 If we're doing a local transfer, or using -W, then perhaps don't
550 send the file checksum. If we're doing a local transfer, then
551 calculating MD4 checksums uses 90% of CPU and is unlikely to be
554 Indeed for transfers over zlib or ssh we can also rely on the
555 transport to have quite strong protection against corruption.
557 Perhaps we should have an option to disable this, analogous to
558 --whole-file, although it would default to disabled. The file
559 checksum takes up a definite space in the protocol -- we can either
560 set it to 0, or perhaps just leave it out.
564 Perhaps borrow an assembler MD4 from someone?
566 Make sure we call MD4 with properly-sized blocks whenever possible
567 to avoid copying into the residue region?
571 Test whether this is actually faster than just using malloc(). If
572 it's not (anymore), throw it out.
575 PLATFORMS ------------------------------------------------------------
579 Don't detach, because this messes up --srvany.
581 http://sources.redhat.com/ml/cygwin/2001-08/msg00234.html
583 According to "Effective TCP/IP Programming" (??) close() on a socket
584 has incorrect behaviour on Windows -- it sends a RST packet to the
585 other side, which gives a "connection reset by peer" error. On that
586 platform we should probably do shutdown() instead. However, on Unix
587 we are correct to call close(), because shutdown() discards
591 DEVELOPMENT ----------------------------------------------------------
595 Build rsync with SPLINT to try to find security holes. Add
596 annotations as necessary. Keep track of the number of warnings
597 found initially, and see how many of them are real bugs, or real
598 security bugs. Knowing the percentage of likely hits would be
599 really interesting for other projects.
603 Something that just keeps running rsync continuously over a data set
604 likely to generate problems.
608 Run current rsync versions against significant past releases.
612 jra recommends Valgrind:
614 http://devel-home.kde.org/~sewardj/
620 Build tar file; upload
622 Send announcement to mailing list and c.o.l.a.
624 Make freshmeat announcement
630 TESTING --------------------------------------------------------------
634 Part of the regression suite should be making sure that we don't
635 break backwards compatibility: old clients vs new servers and so
636 on. Ideally we would test both up and down from the current release
639 We might need to omit broken old versions, or versions in which
640 particular functionality is broken
642 It might be sufficient to test downloads from well-known public
643 rsync servers running different versions of rsync. This will give
644 some testing and also be the most common case for having different
645 versions and not being able to upgrade.
648 Test on kernel source
650 Download all versions of kernel; unpack, sync between them. Also
651 sync between uncompressed tarballs. Compare directories after
654 Use local mode; ssh; daemon; --whole-file and --no-whole-file.
656 Use awk to pull out the 'speedup' number for each transfer. Make
662 Sparse and non-sparse
666 Insert bytes, delete bytes, swap blocks, ...
668 configure option to enable dangerous tests
670 If tests are skipped, say why.
672 Test daemon feature to disallow particular options.
674 Pipe program that makes slow/jerky connections.
676 Versions of read() and write() that corrupt the stream, or abruptly fail
678 Separate makefile target to run rough tests -- or perhaps just run
681 Test "refuse options" works
683 What about for --recursive?
685 If you specify an unrecognized option here, you should get an error.
688 DOCUMENTATION --------------------------------------------------------
692 Keep list of open issues and todos on the web site
694 Update web site from CVS
697 Perhaps redo manual as SGML
699 The man page is getting rather large, and there is more information
700 that ought to be added.
702 TexInfo source is probably a dying format.
704 Linuxdoc looks like the most likely contender. I know DocBook is
705 favoured by some people, but it's so bloody verbose, even with emacs
709 BUILD FARM -----------------------------------------------------------
713 AMDAHL UTS (Dave Dykstra)
715 Cygwin (on different versions of Win32?)
717 HP-UX variants (via HP?)
722 LOGGING --------------------------------------------------------------
724 Perhaps flush stdout after each filename, so that people trying to
725 monitor progress in a log file can do so more easily. See
726 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=48108
728 At the connections that just get a list of modules are not logged,
731 If a child of the rsync daemon dies with a signal, we should notice
732 that when we reap it and log a message.
734 Keep stderr and stdout properly separated (Debian #23626)
736 Use a separate function for reporting errors; prefix it with
737 "rsync:" or "rsync(remote)", or perhaps even "rsync(local
742 Indicate whether files are new, updated, or deleted
744 At end of transfer, show how many files were or were not transferred
749 Explain *why* every file is transferred or not (e.g. "local mtime
750 123123 newer than 1283198")
755 Add an rsyncd.conf parameter to turn on debugging on the server.
759 NICE -----------------------------------------------------------------
761 --no-detach and --no-fork options
763 Very useful for debugging. Also good when running under a
764 daemon-monitoring process that tries to restart the service when the
767 hang/timeout friendliness
771 Change to using gettext(). Probably need to ship this for platforms
774 Solicit translations.
776 Does anyone care? Before we bother modifying the code, we ought to
777 get the manual translated first, because that's possibly more useful
778 and at any rate demonstrates desire.
782 Write a small emulation of interactive ftp as a Pythonn program
783 that calls rsync. Commands such as "cd", "ls", "ls *.c" etc map
784 fairly directly into rsync commands: it just needs to remember the
785 current host, directory and so on. We can probably even do
786 completion of remote filenames.
789 RELATED PROJECTS -----------------------------------------------------
791 http://rsync.samba.org/rsync-and-debian/
795 Exhaustive, tortuous testing
799 rsyncsplit as alternative to real integration with gzip?
801 reverse rsync over HTTP Range
803 Goswin Brederlow suggested this on Debian; I think tridge and I
804 talked about it previous in relation to rproxy.