App backup format v2 with compression and deduplication #750
Conversation
grote
force-pushed
the
app-backup-v2
branch
from
4dc63bf
to
c5870e0
Compare
grote
force-pushed
the
app-backup-v2
branch
from
5b33b2e
to
f9da316
Compare
|
v2 contains a scenario that should be addressed to avoid unexpected data loss, stemming from the fact that snapshots only reference user data emerging from that snapshot's backup run, not referencing any user data from prior runs:
How could this be resolved? I only have a couple of ideas for now, and neither is perfect.
|
Why would the user force stop that app, if it is so valuable?
have we seen this already in practice? So far I haven't seen confirmed reports of this happening.
If not repeated writing of
Any usage of the app, even just a recurring worker task or something like that would remove the app from its force stopped state. On your personal phone is there any force stopped app you care about? Then as soon as the app is being used again, it would enter into backups.
It doesn't fail, the app is just no longer considered eligible for backup by the system. We do however have a place where we record apps that don't get backed up. There we could look up the last snapshot at least and see if the app had data there. Still, I am not convinced that this is a good solution, because the scenario seems pretty artificial to me.
I don't think there's a way to do this without modifying the system itself. |
Maybe the last time you used it, it stopped responding, and you force-stopped it. Maybe when it runs, it's buggy and uses a lot of resources, so you only run it sometimes. Maybe you were trying to improve your battery life, so you force-stopped some things. I don't know, but I don't think we should be opinionated against the practice. Also, does the Foreground Services Task Manager (Active Apps) stop apps in a way that would affect this? I don't know.
Yes. Not many, but some. Here's a selection of my own apps which say "Not backed up as it wasn't used recently" and, for most of them, I have no idea why (or, I could rephrase as, I probably don't open them often, but I don't recall force-stopping them):
Those are just some apps where I think it would matter. There are others that I'm sure I've started before and don't recall force-stopping that are marked this way. It's a known issue on either or both the CalyxOS / Seedvault side. Why make it even worse? Another question would be, if the user restores from a backup, then takes another snapshots, will that snapshot not contain any apps they've yet to open? In my opinion, the user shouldn't need to think about these things at all. I know that AOSP makes that hard for us though. |
|
I'm with @t-m-w in that apps that are not running should not be excluded. (I get it that it's complicated and hard.) |
Just to make sure it's clear, it's not that apps which aren't running are excluded, but that apps which are actively stopped (by the system somehow or by the user) could age out of all snapshots if the user is not careful to make sure they occasionally launch every app that is important to them, and verify that these apps are properly restored from one or more snapshots with a restore. I just feel that's too much expectation to put on the user. |
grote
force-pushed
the
app-backup-v2
branch
2 times, most recently
from
88ec3c1
to
e1bd772
Compare
There was a problem hiding this comment.
Icon backgrounds are showing as solid colors since the switch to the new icon handling, e.g. black square background. To copy from the CalyxOS-side testing issue: "UI: Restore: Reinstalling apps: Transparency is not working properly for many app icons, until the app is restored. During restoration of an app, its icon has a solid color (typically black or white) on the edges/corners, where it should be transparent. It fades into the proper appearance just before restoration is complete. Examples of apps affected are Signal and OONI Probe, but there are many."
|
Can confirm icons are fixed! |
t-m-w
dismissed
their stale review
Icon changes are fixed but I didn't intend to approve the entire PR just yet
|
Through our troubleshooting earlier, we found that I had a corrupt snapshot that was causing app installs to hang due to crashing when attempting to restore their data and encountering that snapshot. That issue has now been fixed! But I kept the corrupt snapshot around to see if it caused other problems. Now, I see that if trying to manually initiate a Restore from the menu, this happens: "Choose a backup to restore" screen with a red error:
Screenshot
I understand that we may want the user to know that there is a corrupt snapshot, and that it could be indicative of other problems. In my opinion, this shouldn't hold them up and prevent them from restoring from others. So, here are a few mutually-exclusive ideas:
I'd be in favor of any option that allows the user to try to proceed with restoration without needing to find and delete any files in their .SeedVaultAndroidBackup folder. |
|
It looks like my above comment was resolved with option 1? I can now properly see other snapshots even with a corrupt one present. 🎉 |
Instead of showing 'Waiting to be backed up...'
otherwise all LoggingFactory ClassLoader lookups that cause disk reads are logged when koin initializes classes
Even though we use d2d, backup is only forced for user apps.
We need to account for IME insets when applying padding to the window.
Now, we don't do partial backups anymore. A snapshot is only done at the end and no information can make it to the backup before. Hence the old error notification with number of apps backed up didn't make sense anymore.
when user is asked to choose a backup to restore
When switching to new storage that doesn't yet have any snapshots, we would otherwise keep the old latest snapshot around.
* activity now can be launched from notification * better logging * app data restore continues even after activity died
The fake package manager package is essential for the backup, but when its data doesn't change and we request a normal incremental backup, it doesn't get included, because our transport doesn't even get called for it. Only the BackupMonitor gets a hint that it had no (new?) data via LOG_EVENT_ID_NO_DATA_TO_SEND. This behavior started with Android 15 that fixed a bug that caused @pm@ to always backup. However, other K/V apps were probably affected before.
The system doesn't allow us to backup forced stopped apps, but if we had data for them once, we can at least carry it along.
This caused black squares around icons.
a sha256sum mismatch for example can happen, so the exception should get caught e.g. in RestoreCoordinatorState and should not necessarily be fatal
before a corrupted snapshot would DoS pruning
this can happens when it tells us that restore has finished overall
There was a problem hiding this comment.
After having gone through a lot of testing on this, getting real-time feedback and bugfixes from @grote, at this point I'm confident that Seedvault will be more stable and reliable with v2 than without it. I haven't examined the code, but everything has tested very well for me.
|
Thanks for all your testing and for all the bugs you've found! ❤️ |
@gdt I also wanted to point out that this original concern has been addressed now! If an app cannot be backed up because it has become force-stopped, its most recent data from a previous snapshot will be retained, unless the app becomes uninstalled. As for backing up apps when they are force-stopped, that's a whole other issue and discussion that's been going on for a while. 🙃 We're still figuring that out, separately from this PR. |
App backup format v2 with compression and deduplication
Lot's of improvements in this new format which was inspired by restic and borg2. I expect overall more reliable and faster backups. See the added design document for more details.
Compatibility with old formats (v0 and v1) should be retained. So with this new version, you can restore those old backups, but you can't use an old version to restore a backup from this new version.
Fixes #267, #299, #476, #566, #559, #649, #701, #737, #745, #753, #754, #755, #759