Loading debian/changelog +9 −0 Original line number Diff line number Diff line authdb (20260419+5) unstable; urgency=high * Prevent stale manifest overwrite: pushManifestSync now compares local revision against cluster revision before pushing. A node with an older revision (e.g. after restart before sync) can no longer overwrite a freshly imported or updated domain manifest in the cluster. -- Jan Koester <jan.koester@tuxist.de> Sat, 19 Apr 2026 00:00:00 +0200 authdb (20260418+4) unstable; urgency=medium * Cluster: defer recovery_epoch bump until after scrub completes, Loading src/backends/cluster.cpp +21 −0 Original line number Diff line number Diff line Loading @@ -222,6 +222,27 @@ namespace authdb { if (_Buffer.size() >= sizeof(AuthHeader)) std::memcpy(&head, _Buffer.data(), sizeof(AuthHeader)); // Safety: never overwrite a cluster manifest that has a higher revision. // This prevents a node with stale/empty data from wiping out freshly // imported or updated domain data on other nodes. try { auto &read_cli = g_Cluster->getReadClient(); if (read_cli) { auto cluster_manifest = read_cli->retrieve(domainGroupId()); if (cluster_manifest.size() >= sizeof(AuthHeader)) { size_t cluster_rev = bufferRevision(cluster_manifest); if (head.Revesion < cluster_rev) { std::cerr << "[CLUSTER-BE] pushManifestSync domain=" << _Domain << " skipped: local rev=" << head.Revesion << " < cluster rev=" << cluster_rev << "\n"; return; } } } } catch (...) { // Fetch failed — proceed with push (cluster may be empty) } uint32_t magic = MANIFEST_MAGIC; uint32_t count = static_cast<uint32_t>(keys.size()); Loading Loading
debian/changelog +9 −0 Original line number Diff line number Diff line authdb (20260419+5) unstable; urgency=high * Prevent stale manifest overwrite: pushManifestSync now compares local revision against cluster revision before pushing. A node with an older revision (e.g. after restart before sync) can no longer overwrite a freshly imported or updated domain manifest in the cluster. -- Jan Koester <jan.koester@tuxist.de> Sat, 19 Apr 2026 00:00:00 +0200 authdb (20260418+4) unstable; urgency=medium * Cluster: defer recovery_epoch bump until after scrub completes, Loading
src/backends/cluster.cpp +21 −0 Original line number Diff line number Diff line Loading @@ -222,6 +222,27 @@ namespace authdb { if (_Buffer.size() >= sizeof(AuthHeader)) std::memcpy(&head, _Buffer.data(), sizeof(AuthHeader)); // Safety: never overwrite a cluster manifest that has a higher revision. // This prevents a node with stale/empty data from wiping out freshly // imported or updated domain data on other nodes. try { auto &read_cli = g_Cluster->getReadClient(); if (read_cli) { auto cluster_manifest = read_cli->retrieve(domainGroupId()); if (cluster_manifest.size() >= sizeof(AuthHeader)) { size_t cluster_rev = bufferRevision(cluster_manifest); if (head.Revesion < cluster_rev) { std::cerr << "[CLUSTER-BE] pushManifestSync domain=" << _Domain << " skipped: local rev=" << head.Revesion << " < cluster rev=" << cluster_rev << "\n"; return; } } } } catch (...) { // Fetch failed — proceed with push (cluster may be empty) } uint32_t magic = MANIFEST_MAGIC; uint32_t count = static_cast<uint32_t>(keys.size()); Loading
