File: file.go

package info (click to toggle)
containerd 2.1.4~ds2-8
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 21,936 kB
  • sloc: sh: 1,883; makefile: 591
file content (148 lines) | stat: -rw-r--r-- 4,848 bytes parent folder | download | duplicates (8) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
 
/*
   Copyright The containerd Authors.

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
*/

/*
Package atomicfile provides a mechanism (on Unix-like platforms) to present a consistent view of a file to separate
processes even while the file is being written.  This is accomplished by writing a temporary file, syncing to disk, and
renaming over the destination file name.

Partial/inconsistent reads can occur due to:
 1. A process attempting to read the file while it is being written to (both in the case of a new file with a
    short/incomplete write or in the case of an existing, updated file where new bytes may be written at the beginning
    but old bytes may still be present after).
 2. Concurrent goroutines leading to multiple active writers of the same file.

The above mechanism explicitly protects against (1) as all writes are to a file with a temporary name.

There is no explicit protection against multiple, concurrent goroutines attempting to write the same file. However,
atomically writing the file should mean only one writer will "win" and a consistent file will be visible.

Note: atomicfile is partially implemented for Windows. The Windows codepath performs the same operations, however
Windows does not guarantee that a rename operation is atomic; a crash in the middle may leave the destination file
truncated rather than with the expected content.
*/
package atomicfile

import (
	"errors"
	"fmt"
	"io"
	"os"
	"path/filepath"
	"sync"
)

// File is an io.ReadWriteCloser that can also be Canceled if a change needs to be abandoned.
type File interface {
	io.ReadWriteCloser
	// Cancel abandons a change to a file. This can be called if a write fails or another error occurs.
	Cancel() error
}

// ErrClosed is returned if Read or Write are called on a closed File.
var ErrClosed = errors.New("file is closed")

// New returns a new atomic file.  On Unix-like platforms, the writer (an io.ReadWriteCloser) is backed by a temporary
// file placed into the same directory as the destination file (using filepath.Dir to split the directory from the
// name).  On a call to Close the temporary file is synced to disk and renamed to its final name, hiding any previous
// file by the same name.
//
// Note: Take care to call Close and handle any errors that are returned.  Errors returned from Close may indicate that
// the file was not written with its final name.
func New(name string, mode os.FileMode) (File, error) {
	return newFile(name, mode)
}

type atomicFile struct {
	name     string
	f        *os.File
	closed   bool
	closedMu sync.RWMutex
}

func newFile(name string, mode os.FileMode) (File, error) {
	dir := filepath.Dir(name)
	f, err := os.CreateTemp(dir, "")
	if err != nil {
		return nil, fmt.Errorf("failed to create temp file: %w", err)
	}
	if err := f.Chmod(mode); err != nil {
		return nil, fmt.Errorf("failed to change temp file permissions: %w", err)
	}
	return &atomicFile{name: name, f: f}, nil
}

func (a *atomicFile) Close() (err error) {
	a.closedMu.Lock()
	defer a.closedMu.Unlock()

	if a.closed {
		return nil
	}
	a.closed = true

	defer func() {
		if err != nil {
			_ = os.Remove(a.f.Name()) // ignore errors
		}
	}()
	// The order of operations here is:
	// 1. sync
	// 2. close
	// 3. rename
	// While the ordering of 2 and 3 is not important on Unix-like operating systems, Windows cannot rename an open
	// file. By closing first, we allow the rename operation to succeed.
	if err = a.f.Sync(); err != nil {
		return fmt.Errorf("failed to sync temp file %q: %w", a.f.Name(), err)
	}
	if err = a.f.Close(); err != nil {
		return fmt.Errorf("failed to close temp file %q: %w", a.f.Name(), err)
	}
	if err = os.Rename(a.f.Name(), a.name); err != nil {
		return fmt.Errorf("failed to rename %q to %q: %w", a.f.Name(), a.name, err)
	}
	return nil
}

func (a *atomicFile) Cancel() error {
	a.closedMu.Lock()
	defer a.closedMu.Unlock()

	if a.closed {
		return nil
	}
	a.closed = true
	_ = a.f.Close() // ignore error
	return os.Remove(a.f.Name())
}

func (a *atomicFile) Read(p []byte) (n int, err error) {
	a.closedMu.RLock()
	defer a.closedMu.RUnlock()
	if a.closed {
		return 0, ErrClosed
	}
	return a.f.Read(p)
}

func (a *atomicFile) Write(p []byte) (n int, err error) {
	a.closedMu.RLock()
	defer a.closedMu.RUnlock()
	if a.closed {
		return 0, ErrClosed
	}
	return a.f.Write(p)
}