diff --git a/pkg/vere/disk.c b/pkg/vere/disk.c index 58cb2f822f..1a55abbef8 100644 --- a/pkg/vere/disk.c +++ b/pkg/vere/disk.c @@ -1123,18 +1123,39 @@ u3_disk_epoc_zero(u3_disk* log_u) } // create epoch version file, overwriting any existing file + c3_c epi_c[8193]; c3_c epv_c[8193]; + snprintf(epi_c, sizeof(epv_c), "%s/epoc.tmp", epo_c); snprintf(epv_c, sizeof(epv_c), "%s/epoc.txt", epo_c); - FILE* epv_f = fopen(epv_c, "w"); // XX errors - fprintf(epv_f, "%d", U3E_VERLAT); - fclose(epv_f); + FILE* epv_f = fopen(epi_c, "w"); // XX errors + + if ( !epv_f + || (0 > fprintf(epv_f, "%d", U3E_VERLAT)) + || fflush(epv_f) + || (-1 == c3_sync(fileno(epv_f))) + || fclose(epv_f) + || (-1 == rename(epi_c, epv_c)) ) + { + fprintf(stderr, "disk: write epoc.txt failed %s\r\n", strerror(errno)); + goto fail3; + } // create binary version file, overwriting any existing file + c3_c bii_c[8193]; c3_c biv_c[8193]; - snprintf(biv_c, sizeof(biv_c), "%s/vere.txt", epo_c); - FILE* biv_f = fopen(biv_c, "w"); // XX errors - fprintf(biv_f, URBIT_VERSION); // XX append a sentinel for auto-rollover? - fclose(biv_f); + snprintf(bii_c, sizeof(biv_c), "%s/vere.tmp", epo_c); + snprintf(biv_c, sizeof(epv_c), "%s/vere.txt", epo_c); + FILE* biv_f = fopen(bii_c, "w"); + if ( !biv_f + || (0 > fprintf(biv_f, URBIT_VERSION)) + || fflush(biv_f) + || (-1 == c3_sync(fileno(biv_f))) + || fclose(biv_f) + || (-1 == rename(bii_c, biv_c)) ) + { + fprintf(stderr, "disk: write vere.txt failed %s\r\n", strerror(errno)); + goto fail3; + } if ( -1 == c3_sync(epo_i) ) { // XX fdatasync on linux? fprintf(stderr, "disk: sync epoch dir 0i0 failed: %s\r\n", strerror(errno)); @@ -1205,18 +1226,44 @@ _disk_epoc_roll(u3_disk* log_u, c3_d epo_d) } // create epoch version file, overwriting any existing file + c3_c epi_c[8193]; c3_c epv_c[8193]; + snprintf(epi_c, sizeof(epv_c), "%s/epoc.tmp", epo_c); snprintf(epv_c, sizeof(epv_c), "%s/epoc.txt", epo_c); - FILE* epv_f = fopen(epv_c, "w"); // XX errors - fprintf(epv_f, "%d", U3E_VERLAT); - fclose(epv_f); + FILE* epv_f = fopen(epi_c, "w"); + + if ( !epv_f + || (0 > fprintf(epv_f, "%d", U3E_VERLAT)) + || fflush(epv_f) + || (-1 == c3_sync(fileno(epv_f))) + || fclose(epv_f) + || (-1 == rename(epi_c, epv_c)) ) + { + fprintf(stderr, "disk: write epoc.txt failed %s\r\n", strerror(errno)); + goto fail3; + } // create binary version file, overwriting any existing file + c3_c bii_c[8193]; c3_c biv_c[8193]; - snprintf(biv_c, sizeof(biv_c), "%s/vere.txt", epo_c); - FILE* biv_f = fopen(biv_c, "w"); // XX errors - fprintf(biv_f, URBIT_VERSION); - fclose(biv_f); + snprintf(bii_c, sizeof(biv_c), "%s/vere.tmp", epo_c); + snprintf(biv_c, sizeof(epv_c), "%s/vere.txt", epo_c); + FILE* biv_f = fopen(bii_c, "w"); + if ( !biv_f + || (0 > fprintf(biv_f, URBIT_VERSION)) + || fflush(biv_f) + || (-1 == c3_sync(fileno(biv_f))) + || fclose(biv_f) + || (-1 == rename(bii_c, biv_c)) ) + { + fprintf(stderr, "disk: write vere.txt failed %s\r\n", strerror(errno)); + goto fail3; + } + + if ( -1 == c3_sync(epo_i) ) { // XX fdatasync on linux? + fprintf(stderr, "disk: sync epoch dir 0i0 failed: %s\r\n", strerror(errno)); + goto fail3; + } // get metadata from old log c3_d who_d[2]; @@ -1707,9 +1754,9 @@ _disk_epoc_load(u3_disk* log_u, c3_d lat_d) return _epoc_gone; } - if ( (1 != sscanf(ver_c, "%" SCNu32 "%n", &ver_w, &car_i)) - && (0 < car_i) - && ('\0' == *(ver_c + car_i)) ) + if ( !( (1 == sscanf(ver_c, "%" SCNu32 "%n", &ver_w, &car_i)) + && (0 < car_i) + && ('\0' == *(ver_c + car_i)) ) ) { fprintf(stderr, "disk: failed to parse epoch version: '%s'\r\n", ver_c); return _epoc_fail;