Changeset 2cad199 in trunk

Timestamp:

2017-06-06T17:01:52Z (8 years ago)

Author:

Brian Warner <warner@…>

Branches:

master

Children:

0977e52, b8010ad

Parents:

958f79d4 (diff), 705dc85 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge PR380: LAFS = "Least-Authority File Store"

Closes tahoe-lafs/tahoe-lafs#380
refs ticket:2345

Files:

• docs/about.rst (modified) (2 diffs)
• docs/architecture.rst (modified) (9 diffs)
• docs/configuration.rst (modified) (2 diffs)
• docs/frontends/CLI.rst (modified) (7 diffs)
• docs/frontends/FTP-and-SFTP.rst (modified) (1 diff)
• docs/frontends/webapi.rst (modified) (18 diffs)
• docs/garbage-collection.rst (modified) (1 diff)
• docs/man/man1/tahoe.1 (modified) (2 diffs)
• docs/proposed/README.lossmodel (modified) (1 diff)
• docs/running.rst (modified) (1 diff)
• docs/specifications/dirnodes.rst (modified) (7 diffs)
• docs/specifications/uri.rst (modified) (4 diffs)
• docs/write_coordination.rst (modified) (1 diff)
• src/allmydata/scripts/cli.py (modified) (18 diffs)
• src/allmydata/scripts/runner.py (modified) (1 diff)

docs/about.rst ¶

@@ -68 +68 @@
 has direct attached storage (typically one or more hard disks).  A "gateway"
 communicates with storage nodes, and uses them to provide access to the
-file store over protocols such as HTTP(S), SFTP or FTP.
+grid over protocols such as HTTP(S), SFTP or FTP.
 
 Note that you can find "client" used to refer to gateway nodes (which act as
@@ -95 +95 @@
 the gateway can view and modify the user's data (the user *relies on* the
 gateway for confidentiality and integrity), but the advantage is that the
-user can access the file store with a client that doesn't have the gateway
-software installed, such as an Internet kiosk or cell phone.
+user can access the Tahoe-LAFS grid with a client that doesn't have the
+gateway software installed, such as an Internet kiosk or cell phone.
 
 Access Control

docs/architecture.rst ¶

@@ -11 +11 @@
 5.  `Server Selection`_
 6.  `Swarming Download, Trickling Upload`_
-7.  `The Filesystem Layer`_
+7.  `The File Store Layer`_
 8.  `Leases, Refreshing, Garbage Collection`_
 9.  `File Repairer`_
@@ -23 +23 @@
 (See the `docs/specifications directory`_ for more details.)
 
-There are three layers: the key-value store, the filesystem, and the
+There are three layers: the key-value store, the file store, and the
 application.
 
@@ -34 +34 @@
 a few bytes and as large as tens of gigabytes are in common use.
 
-The middle layer is the decentralized filesystem: a directed graph in which
+The middle layer is the decentralized file store: a directed graph in which
 the intermediate nodes are directories and the leaf nodes are files. The leaf
 nodes contain only the data -- they contain no metadata other than the length
@@ -41 +41 @@
 different metadata if it is referred to through different edges.
 
-The top layer consists of the applications using the filesystem.
+The top layer consists of the applications using the file store.
 Allmydata.com used it for a backup service: the application periodically
-copies files from the local disk onto the decentralized filesystem. We later
+copies files from the local disk onto the decentralized file store. We later
 provide read-only access to those files, allowing users to recover them.
 There are several other applications built on top of the Tahoe-LAFS
-filesystem (see the RelatedProjects_ page of the wiki for a list).
+file store (see the RelatedProjects_ page of the wiki for a list).
 
 .. _docs/specifications directory: https://github.com/tahoe-lafs/tahoe-lafs/tree/master/docs/specifications
@@ -158 +158 @@
 self-authenticating, meaning that nobody can trick you into accepting a file
 that doesn't match the capability you used to refer to that file. The
-filesystem layer (described below) adds human-meaningful names atop the
+file store layer (described below) adds human-meaningful names atop the
 key-value layer.
 
@@ -320 +320 @@
 
 
-The Filesystem Layer
+The File Store Layer
 ====================
 
-The "filesystem" layer is responsible for mapping human-meaningful pathnames
+The "file store" layer is responsible for mapping human-meaningful pathnames
 (directories and filenames) to pieces of data. The actual bytes inside these
-files are referenced by capability, but the filesystem layer is where the
+files are referenced by capability, but the file store layer is where the
 directory names, file names, and metadata are kept.
 
-The filesystem layer is a graph of directories. Each directory contains a
+The file store layer is a graph of directories. Each directory contains a
 table of named children. These children are either other directories or
 files. All children are referenced by their capability.
@@ -354 +354 @@
 ======================================
 
-When a file or directory in the virtual filesystem is no longer referenced,
-the space that its shares occupied on each storage server can be freed,
-making room for other shares. Tahoe-LAFS uses a garbage collection ("GC")
-mechanism to implement this space-reclamation process. Each share has one or
-more "leases", which are managed by clients who want the file/directory to be
+When a file or directory in the file store is no longer referenced, the space
+that its shares occupied on each storage server can be freed, making room for
+other shares. Tahoe-LAFS uses a garbage collection ("GC") mechanism to
+implement this space-reclamation process. Each share has one or more
+"leases", which are managed by clients who want the file/directory to be
 retained. The storage server accepts each share for a pre-defined period of
 time, and is allowed to delete the share if all of the leases are cancelled
@@ -379 +379 @@
 permanent data loss (affecting the preservation of the file). Hard drives
 crash, power supplies explode, coffee spills, and asteroids strike. The goal
-of a robust distributed filesystem is to survive these setbacks.
+of a robust distributed file store is to survive these setbacks.
 
 To work against this slow, continual loss of shares, a File Checker is used
@@ -487 +487 @@
 
 The application layer can provide whatever access model is desired, built on
-top of this capability access model. The first big user of this system so far
-is allmydata.com. The allmydata.com access model currently works like a
-normal web site, using username and password to give a user access to her
-"virtual drive". In addition, allmydata.com users can share individual files
-(using a file sharing interface built on top of the immutable file read
-capabilities).
+top of this capability access model.
 
 

docs/configuration.rst ¶

@@ -677 +677 @@
 ======================
 
-The Tahoe client process can run a variety of frontend file-access protocols.
-You will use these to create and retrieve files from the virtual filesystem.
-Configuration details for each are documented in the following
-protocol-specific guides:
+The Tahoe-LAFS client process can run a variety of frontend file access
+protocols. You will use these to create and retrieve files from the
+Tahoe-LAFS file store. Configuration details for each are documented in
+the following protocol-specific guides:
 
 HTTP
@@ -696 +696 @@
 
     The main ``tahoe`` executable includes subcommands for manipulating the
-    filesystem, uploading/downloading files, and creating/running Tahoe
+    file store, uploading/downloading files, and creating/running Tahoe
     nodes. See :doc:`frontends/CLI` for details.
 

docs/frontends/CLI.rst ¶

@@ -11 +11 @@
 
 3.  `Node Management`_
-4.  `Filesystem Manipulation`_
+4.  `File Store Manipulation`_
 
     1.  `Starting Directories`_
@@ -25 +25 @@
 
 Tahoe-LAFS provides a single executable named "``tahoe``", which can be used
-to create and manage client/server nodes, manipulate the filesystem, and
+to create and manage client/server nodes, manipulate the file store, and
 perform several debugging/maintenance tasks. This executable is installed
 into your virtualenv when you run ``pip install tahoe-lafs``.
@@ -36 +36 @@
 
 * node management: create a client/server node, start/stop/restart it
-* filesystem manipulation: list files, upload, download, unlink, rename
+* file store manipulation: list files, upload, download, unlink, rename
 * debugging: unpack cap-strings, examine share files
 
@@ -121 +121 @@
 
 
-Filesystem Manipulation
+File Store Manipulation
 =======================
 
-These commands let you exmaine a Tahoe-LAFS filesystem, providing basic
+These commands let you exmaine a Tahoe-LAFS file store, providing basic
 list/upload/download/unlink/rename/mkdir functionality. They can be used as
 primitives by other scripts. Most of these commands are fairly thin wrappers
 around web-API calls, which are described in :doc:`webapi`.
 
-By default, all filesystem-manipulation commands look in ``~/.tahoe/`` to
+By default, all file store manipulation commands look in ``~/.tahoe/`` to
 figure out which Tahoe-LAFS node they should use. When the CLI command makes
 web-API calls, it will use ``~/.tahoe/node.url`` for this purpose: a running
@@ -143 +143 @@
 --------------------
 
-As described in :doc:`../architecture`, the Tahoe-LAFS distributed filesystem
+As described in :doc:`../architecture`, the Tahoe-LAFS distributed file store
 consists of a collection of directories and files, each of which has a
 "read-cap" or a "write-cap" (also known as a URI). Each directory is simply a
@@ -180 +180 @@
 ``root_dir.cap`` file.
 
-The Tahoe-LAFS CLI commands use the same path syntax as ``scp`` and
+The Tahoe-LAFS CLI commands use a similar path syntax to ``scp`` and
 ``rsync`` -- an optional ``ALIAS:`` prefix, followed by the pathname or
 filename. Some commands (like "``tahoe cp``") use the lack of an alias to
 mean that you want to refer to a local file, instead of something from the
-Tahoe-LAFS filesystem. Another way to indicate this is to start the
-pathname with "./", "~/", "~username/", or "/".
+Tahoe-LAFS file store. Another way to indicate this is to start the
+pathname with "./", "~/", "~username/", or "/". On Windows, aliases
+cannot be a single character, so that it is possible to distinguish a
+path relative to an alias from a path starting with a local drive specifier.
 
 When you're dealing a single starting directory, the ``tahoe:`` alias is
@@ -334 +336 @@
 ``tahoe ls subdir``
 
- This lists a subdirectory of your filesystem.
+ This lists a subdirectory of your file store.
 
 ``tahoe webopen``

docs/frontends/FTP-and-SFTP.rst ¶

@@ -43 +43 @@
 All Tahoe-LAFS client nodes can run a frontend SFTP server, allowing regular
 SFTP clients (like ``/usr/bin/sftp``, the ``sshfs`` FUSE plugin, and many
-others) to access the virtual filesystem. They can also run an FTP server,
-so FTP clients (like ``/usr/bin/ftp``, ``ncftp``, and others) can too. These
+others) to access the file store. They can also run an FTP server, so FTP
+clients (like ``/usr/bin/ftp``, ``ncftp``, and others) can too. These
 frontends sit at the same level as the web-API interface.
 

docs/frontends/webapi.rst ¶

@@ -72 +72 @@
 ======================================
 
-As described in :doc:`../architecture`, each file and directory in a Tahoe
-virtual filesystem is referenced by an identifier that combines the
+As described in :doc:`../architecture`, each file and directory in a
+Tahoe-LAFS file store is referenced by an identifier that combines the
 designation of the object with the authority to do something with it (such as
 read or modify the contents). This identifier is called a "read-cap" or
@@ -94 +94 @@
 operations are required to have no side-effects.
 
-PUT is used to upload new objects into the filesystem, or to replace an
+PUT is used to upload new objects into the file store, or to replace an
 existing link or the contents of a mutable file. DELETE is used to unlink
 objects from directories. Both PUT and DELETE are required to be idempotent:
@@ -108 +108 @@
 also be done with a POST.
 
-Tahoe's web API is designed for two different kinds of consumer. The first is
-a program that needs to manipulate the virtual file system. Such programs are
+Tahoe-LAFS' web API is designed for two different kinds of consumer. The
+first is a program that needs to manipulate the file store. Such programs are
 expected to use the RESTful interface described above. The second is a human
-using a standard web browser to work with the filesystem. This user is given
-a series of HTML pages with links to download files, and forms that use POST
-actions to upload, rename, and unlink files.
+using a standard web browser to work with the file store. This user is
+presented with a series of HTML pages with links to download files, and forms
+that use POST actions to upload, rename, and unlink files.
 
 When an error occurs, the HTTP response code will be set to an appropriate
@@ -333 +333 @@
 
 Now that we know how to build URLs that refer to files and directories in a
-Tahoe virtual filesystem, what sorts of operations can we do with those URLs?
+Tahoe-LAFS file store, what sorts of operations can we do with those URLs?
 This section contains a catalog of GET, PUT, DELETE, and POST operations that
 can be performed on these URLs. This set of operations are aimed at programs
@@ -420 +420 @@
 
  This uploads a file, and produces a file-cap for the contents, but does not
- attach the file into the filesystem. No directories will be modified by
+ attach the file into the file store. No directories will be modified by
  this operation. The file-cap is returned as the body of the HTTP response.
 
@@ -436 +436 @@
  Create a new empty directory and return its write-cap as the HTTP response
  body. This does not make the newly created directory visible from the
- filesystem. The "PUT" operation is provided for backwards compatibility:
+ file store. The "PUT" operation is provided for backwards compatibility:
  new code should use POST.
 
@@ -808 +808 @@
 under that name.
 
-Note however, that if the edge in the Tahoe filesystem points to a mutable
-file and the contents of that mutable file is changed, then the
+Note however, that if the edge in the Tahoe-LAFS file store points to a
+mutable file and the contents of that mutable file is changed, then the
 'tahoe':'linkmotime' value on that edge will *not* be updated, since the
 edge itself wasn't updated -- only the mutable file was.
@@ -836 +836 @@
 "tahoe backup" command (in Tahoe v1.3.0 and later) to set the 'mtime' and
 'ctime' values when backing up files from a local filesystem into the
-Tahoe filesystem. As of Tahoe v1.4.0, the set_children API cannot be used
-to set anything under the 'tahoe' key of the metadata dict -- if you
+Tahoe-LAFS file store. As of Tahoe v1.4.0, the set_children API cannot be
+used to set anything under the 'tahoe' key of the metadata dict -- if you
 include 'tahoe' keys in your 'metadata' arguments then it will silently
 ignore those keys.
@@ -865 +865 @@
 
 1. You might be confused about whether it reflects the time of the creation
-   of a link in the Tahoe filesystem (by a version of Tahoe < v1.7.0) or a
-   timestamp copied in by "tahoe backup" from a local filesystem.
+   of a link in the Tahoe-LAFS file store (by a version of Tahoe < v1.7.0)
+   or a timestamp copied in by "tahoe backup" from a local filesystem.
 
 2. You might be confused about whether it is a copy of the file creation
@@ -896 +896 @@
 
  This attaches a child object (either a file or directory) to a specified
- location in the virtual filesystem. The child object is referenced by its
+ location in the Tahoe-LAFS file store. The child object is referenced by its
  read- or write- cap, as provided in the HTTP request body. This will create
  intermediate directories as necessary.
@@ -1009 +1009 @@
 This section describes the HTTP operations that provide support for humans
 running a web browser. Most of these operations use HTML forms that use POST
-to drive the Tahoe node. This section is intended for HTML authors who want
-to write web pages that contain forms and buttons which manipulate the Tahoe
-filesystem.
+to drive the Tahoe-LAFS node. This section is intended for HTML authors who
+want to write web pages containing user interfaces for manipulating the
+Tahoe-LAFS file store.
 
 Note that for all POST operations, the arguments listed can be provided
@@ -1108 +1108 @@
 ``POST /uri?t=mkdir``
 
- This creates a new empty directory, but does not attach it to the virtual
- filesystem.
+ This creates a new empty directory, but does not attach it to any other
+ directory in the Tahoe-LAFS file store.
 
  If a "redirect_to_result=true" argument is provided, then the HTTP response
@@ -1151 +1151 @@
 
  This uploads a file, and produces a file-cap for the contents, but does not
- attach the file into the filesystem. No directories will be modified by
- this operation.
+ attach the file to any directory in the Tahoe-LAFS file store. That is, no
+ directories will be modified by this operation.
 
  The file must be provided as the "file" field of an HTML encoded form body,
@@ -1700 +1700 @@
  reachable from the starting directory. The path will be slash-joined, and
  the filecap/dircap will contain a link to the object in question. This page
- gives immediate access to every object in the virtual filesystem subtree.
+ gives immediate access to every object in the file store subtree.
 
  This operation uses the same ophandle= mechanism as deep-check. The
@@ -1834 +1834 @@
 
 The portion of the web namespace that begins with "/uri" (and "/named") is
-dedicated to giving users (both humans and programs) access to the Tahoe
-virtual filesystem. The rest of the namespace provides status information
-about the state of the Tahoe node.
+dedicated to giving users (both humans and programs) access to the Tahoe-LAFS
+file store. The rest of the namespace provides status information about the
+state of the Tahoe-LAFS node.
 
 ``GET /``   (the root page)
@@ -1844 +1844 @@
  Node information: library versions, local nodeid, services being provided.
 
- Filesystem Access Forms: create a new directory, view a file/directory by
+ File store access forms: create a new directory, view a file/directory by
                           URI, upload a file (unlinked), download a file by
                           URI.
 
- Grid Status: introducer information, helper information, connected storage
+ Grid status: introducer information, helper information, connected storage
               servers.
 
@@ -1995 +1995 @@
 
 Summary: use explicit file- and dir- caps whenever possible, to reduce the
-potential for surprises when the filesystem structure is changed.
-
-Tahoe provides a mutable filesystem, but the ways that the filesystem can
-change are limited. The only thing that can change is that the mapping from
-child names to child objects that each directory contains can be changed by
-adding a new child name pointing to an object, removing an existing child name,
-or changing an existing child name to point to a different object.
-
-Obviously if you query Tahoe for information about the filesystem and then act
-to change the filesystem (such as by getting a listing of the contents of a
-directory and then adding a file to the directory), then the filesystem might
-have been changed after you queried it and before you acted upon it.  However,
-if you use the URI instead of the pathname of an object when you act upon the
-object, then the only change that can happen is if the object is a directory
-then the set of child names it has might be different. If, on the other hand,
-you act upon the object using its pathname, then a different object might be in
-that place, which can result in more kinds of surprises.
+potential for surprises when the file store structure is changed.
+
+Tahoe-LAFS provides a mutable file store, but the ways that the store can
+change are limited. The only things that can change are:
+ * the mapping from child names to child objects inside mutable directories
+   (by adding a new child, removing an existing child, or changing an
+   existing child to point to a different object)
+ * the contents of mutable files
+
+Obviously if you query for information about the file store and then act
+to change it (such as by getting a listing of the contents of a mutable
+directory and then adding a file to the directory), then the store might
+have been changed after you queried it and before you acted upon it.
+However, if you use the URI instead of the pathname of an object when you
+act upon the object, then it will be the same object; only its contents
+can change (if it is mutable). If, on the other hand, you act upon the
+object using its pathname, then a different object might be in that place,
+which can result in more kinds of surprises.
 
 For example, suppose you are writing code which recursively downloads the
@@ -2019 +2020 @@
 then it recurses into that directory. Now, if the download and the recurse
 actions are performed using the child's name, then the results might be
-wrong, because for example a child name that pointed to a sub-directory when
+wrong, because for example a child name that pointed to a subdirectory when
 you listed the directory might have been changed to point to a file (in which
-case your attempt to recurse into it would result in an error and the file
-would be skipped), or a child name that pointed to a file when you listed the
-directory might now point to a sub-directory (in which case your attempt to
-download the child would result in a file containing HTML text describing the
-sub-directory!).
-
-If your recursive algorithm uses the uri of the child instead of the name of
+case your attempt to recurse into it would result in an error), or a child
+name that pointed to a file when you listed the directory might now point to
+a subdirectory (in which case your attempt to download the child would result
+in a file containing HTML text describing the subdirectory!).
+
+If your recursive algorithm uses the URI of the child instead of the name of
 the child, then those kinds of mistakes just can't happen. Note that both the
 child's name and the child's URI are included in the results of listing the

docs/garbage-collection.rst ¶

@@ -14 +14 @@
 ========
 
-When a file or directory in the virtual filesystem is no longer referenced,
+When a file or directory in a Tahoe-LAFS file store is no longer referenced,
 the space that its shares occupied on each storage server can be freed,
 making room for other shares. Tahoe currently uses a garbage collection

docs/man/man1/tahoe.1 ¶

@@ -2 +2 @@
 .SH NAME
 .PP
-tahoe - Secure distributed filesystem.
+tahoe - Secure distributed file store.
 .SH SYNOPSIS
 .PP
@@ -131 +131 @@
 .RS
 .RE
-.SS USING THE FILESYSTEM
+.SS USING THE FILE STORE
 .TP
 .B \f[B]mkdir\f[]

docs/proposed/README.lossmodel ¶

@@ -1 +1 @@
 The lossmodel.lyx file is the source document for an in-progress paper
-that analyzes the probability of losing files stored in a Tahoe
-Least-acces File System under various scenarios.  It describes:
+that analyzes the probability of losing files stored in a Tahoe-LAFS
+file store under various scenarios.  It describes:
 
 1.  How to estimate peer reliabilities, based on peer MTBF failure

docs/running.rst ¶

@@ -117 +117 @@
 Prefer the command-line? Run “``tahoe --help``” (the same command-line
 tool that is used to start and stop nodes serves to navigate and use the
-decentralized filesystem). To get started, create a new directory and
+decentralized file store). To get started, create a new directory and
 mark it as the 'tahoe:' alias by running “``tahoe create-alias tahoe``”.
 Once you've done that, you can do “``tahoe ls tahoe:``” and “``tahoe cp
-LOCALFILE tahoe:foo.txt``” to work with your filesystem. The Tahoe-LAFS
+LOCALFILE tahoe:foo.txt``” to work with your file store. The Tahoe-LAFS
 CLI uses similar syntax to the well-known scp and rsync tools. See
 :doc:`frontends/CLI` for more details.

docs/specifications/dirnodes.rst ¶

@@ -9 +9 @@
 provides operations that accept files and upload them to the grid, creating
 a URI in the process which securely references the file's contents.
-The middle layer is the filesystem, creating a structure of directories and
-filenames resembling the traditional unix/windows filesystems. The top layer
-is the application layer, which uses the lower layers to provide useful
+The middle layer is the file store, creating a structure of directories and
+filenames resembling the traditional Unix or Windows filesystems. The top
+layer is the application layer, which uses the lower layers to provide useful
 services to users, like a backup application, or a way to share files with
 friends.
 
-This document examines the middle layer, the "filesystem".
+This document examines the middle layer, the "file store".
 
 1.  `Key-value Store Primitives`_
-2.  `Filesystem goals`_
-3.  `Dirnode goals`_
+2.  `File Store Goals`_
+3.  `Dirnode Goals`_
 4.  `Dirnode secret values`_
 5.  `Dirnode storage format`_
@@ -54 +54 @@
  data = get(mutable_uri)
 
-Filesystem Goals
+File Store Goals
 ================
 
-The main goal for the middle (filesystem) layer is to give users a way to
+The main goal for the middle (file store) layer is to give users a way to
 organize the data that they have uploaded into the grid. The traditional way
 to do this in computer filesystems is to put this data into files, give those
@@ -114 +114 @@
 (and *not* read-write access) to its children.
 
-Relative to the previous "vdrive-server" based scheme, the current
+Relative to the previous "vdrive server"-based scheme, the current
 distributed dirnode approach gives better availability, but cannot guarantee
 updateness quite as well, and requires far more network traffic for each
@@ -290 +290 @@
 guess the length of the child names (or at least their sum). From this, the
 attacker may be able to build up a graph with the same shape as the plaintext
-filesystem, but with unlabeled edges and unknown file contents.
+file store, but with unlabeled edges and unknown file contents.
 
 
@@ -340 +340 @@
 
 When a backup program is run for the first time, it needs to copy a large
-amount of data from a pre-existing filesystem into reliable storage. This
-means that a large and complex directory structure needs to be duplicated in
-the dirnode layer. With the one-object-per-dirnode approach described here,
-this requires as many operations as there are edges in the imported
-filesystem graph.
+amount of data from a pre-existing local filesystem into reliable storage.
+This means that a large and complex directory structure needs to be
+duplicated in the dirnode layer. With the one-object-per-dirnode approach
+described here, this requires as many operations as there are edges in the
+imported filesystem graph.
 
 Another approach would be to aggregate multiple directories into a single
@@ -405 +405 @@
 keep alive.
 
-After each change to the user's vdrive, the client creates a manifest and
+After each change to the user's file store, the client creates a manifest and
 looks for differences from their previous version. Anything which was removed
 prompts the client to send out lease-cancellation messages, allowing the data
@@ -423 +423 @@
 
 The biggest benefit of this dirnode approach is that sharing individual
-directories is almost trivial. Alice creates a subdirectory that she wants to
-use to share files with Bob. This subdirectory is attached to Alice's
-filesystem at "~alice/share-with-bob". She asks her filesystem for the
-read-write directory URI for that new directory, and emails it to Bob. When
-Bob receives the URI, he asks his own local vdrive to attach the given URI,
-perhaps at a place named "~bob/shared-with-alice". Every time either party
-writes a file into this directory, the other will be able to read it. If
-Alice prefers, she can give a read-only URI to Bob instead, and then Bob will
-be able to read files but not change the contents of the directory. Neither
-Alice nor Bob will get access to any files above the mounted directory: there
-are no 'parent directory' pointers. If Alice creates a nested set of
-directories, "~alice/share-with-bob/subdir2", and gives a read-only URI to
-share-with-bob to Bob, then Bob will be unable to write to either
-share-with-bob/ or subdir2/.
+directories is almost trivial. Alice creates a subdirectory that she wants
+to use to share files with Bob. This subdirectory is attached to Alice's
+file store at "alice:shared-with-bob". She asks her file store for the
+read-only directory URI for that new directory, and emails it to Bob. When
+Bob receives the URI, he attaches the given URI into one of his own
+directories, perhaps at a place named "bob:shared-with-alice". Every time
+Alice writes a file into this directory, Bob will be able to read it.
+(It is also possible to share read-write URIs between users, but that makes
+it difficult to follow the `Prime Coordination Directive`_ .) Neither
+Alice nor Bob will get access to any files above the mounted directory:
+there are no 'parent directory' pointers. If Alice creates a nested set of
+directories, "alice:shared-with-bob/subdir2", and gives a read-only URI to
+shared-with-bob to Bob, then Bob will be unable to write to either
+shared-with-bob/ or subdir2/.
+
+.. _`Prime Coordination Directive`: ../write_coordination.rst
 
 A suitable UI needs to be created to allow users to easily perform this
-sharing action: dragging a folder their vdrive to an IM or email user icon,
-for example. The UI will need to give the sending user an opportunity to
-indicate whether they want to grant read-write or read-only access to the
-recipient. The recipient then needs an interface to drag the new folder into
-their vdrive and give it a home.
+sharing action: dragging a folder from their file store to an IM or email
+user icon, for example. The UI will need to give the sending user an
+opportunity to indicate whether they want to grant read-write or read-only
+access to the recipient. The recipient then needs an interface to drag the
+new folder into their file store and give it a home.
 
 Revocation

docs/specifications/uri.rst ¶

@@ -14 +14 @@
 3.  `Internal Usage of URIs`_
 
-Each file and directory in a Tahoe filesystem is described by a "URI". There
-are different kinds of URIs for different kinds of objects, and there are
-different kinds of URIs to provide different kinds of access to those
+Each file and directory in a Tahoe-LAFS file store is described by a "URI".
+There are different kinds of URIs for different kinds of objects, and there
+are different kinds of URIs to provide different kinds of access to those
 objects. Each URI is a string representation of a "capability" or "cap", and
 there are read-caps, write-caps, verify-caps, and others.
@@ -42 +42 @@
 =========
 
-The lowest layer of the Tahoe architecture (the "grid") is reponsible for
-mapping URIs to data. This is basically a distributed hash table, in which
-the URI is the key, and some sequence of bytes is the value.
+The lowest layer of the Tahoe architecture (the "key-value store") is
+reponsible for mapping URIs to data. This is basically a distributed
+hash table, in which the URI is the key, and some sequence of bytes is
+the value.
 
 There are two kinds of entries in this table: immutable and mutable. For
@@ -54 +55 @@
 filled with different pieces of data at different times.
 
-It is important to note that the "files" described by these URIs are just a
-bunch of bytes, and that **no** filenames or other metadata is retained at
-this layer. The vdrive layer (which sits above the grid layer) is entirely
-responsible for directories and filenames and the like.
+It is important to note that the values referenced by these URIs are just
+sequences of bytes, and that **no** filenames or other metadata is retained at
+this layer. The file store layer (which sits above the key-value store layer)
+is entirely responsible for directories and filenames and the like.
 
 CHK URIs
@@ -165 +166 @@
 ==============
 
-The grid layer provides a mapping from URI to data. To turn this into a graph
-of directories and files, the "vdrive" layer (which sits on top of the grid
-layer) needs to keep track of "directory nodes", or "dirnodes" for short.
-:doc:`dirnodes` describes how these work.
+The key-value store layer provides a mapping from URI to data. To turn this
+into a graph of directories and files, the "file store" layer (which sits on
+top of the key-value store layer) needs to keep track of "directory nodes",
+or "dirnodes" for short. :doc:`dirnodes` describes how these work.
 
 Dirnodes are contained inside mutable files, and are thus simply a particular

docs/write_coordination.rst ¶

@@ -15 +15 @@
 write.
 
-If mutable parts of a filesystem are accessed via sshfs, only a single
+If mutable parts of a file store are accessed via sshfs, only a single
 sshfs mount should be used. There may be data loss if mutable files or
 directories are accessed via two sshfs mounts, or written both via sshfs

src/allmydata/scripts/cli.py ¶

@@ -10 +10 @@
 _default_nodedir = get_default_nodedir()
 
-class FilesystemOptions(BaseOptions):
+class FileStoreOptions(BaseOptions):
     optParameters = [
         ["node-url", "u", None,
@@ -47 +47 @@
 
 
-class MakeDirectoryOptions(FilesystemOptions):
+class MakeDirectoryOptions(FileStoreOptions):
     optParameters = [
         ("format", None, None, "Create a directory with the given format: SDMF or MDMF (case-insensitive)"),
@@ -62 +62 @@
     description = """Create a new directory, either unlinked or as a subdirectory."""
 
-class AddAliasOptions(FilesystemOptions):
+class AddAliasOptions(FileStoreOptions):
     def parseArgs(self, alias, cap):
         self.alias = argv_to_unicode(alias)
@@ -72 +72 @@
     description = """Add a new alias for an existing directory."""
 
-class CreateAliasOptions(FilesystemOptions):
+class CreateAliasOptions(FileStoreOptions):
     def parseArgs(self, alias):
         self.alias = argv_to_unicode(alias)
@@ -81 +81 @@
     description = """Create a new directory and add an alias for it."""
 
-class ListAliasesOptions(FilesystemOptions):
+class ListAliasesOptions(FileStoreOptions):
     synopsis = "[options]"
     description = """Display a table of all configured aliases."""
@@ -88 +88 @@
     ]
 
-class ListOptions(FilesystemOptions):
+class ListOptions(FileStoreOptions):
     optFlags = [
         ("long", "l", "Use long format: show file sizes, and timestamps."),
@@ -125 +125 @@
     The size of mutable files or unknown objects is shown as '?'.
 
-    The date/time shows when this link in the Tahoe filesystem was
-    last modified.
+    The date/time shows when this link in the Tahoe grid was last
+    modified.
     """
 
-class GetOptions(FilesystemOptions):
+class GetOptions(FileStoreOptions):
     def parseArgs(self, arg1, arg2=None):
         # tahoe get FOO |less            # write to stdout
@@ -157 +157 @@
     """
 
-class PutOptions(FilesystemOptions):
+class PutOptions(FileStoreOptions):
     optFlags = [
         ("mutable", "m", "Create a mutable file instead of an immutable one (like --format=SDMF)"),
@@ -203 +203 @@
     """
 
-class CpOptions(FilesystemOptions):
+class CpOptions(FileStoreOptions):
     optFlags = [
         ("recursive", "r", "Copy source directory recursively."),
@@ -250 +250 @@
     """
 
-class UnlinkOptions(FilesystemOptions):
+class UnlinkOptions(FileStoreOptions):
     def parseArgs(self, where):
         self.where = argv_to_unicode(where)
@@ -261 +261 @@
     description = "Remove a named file from its parent directory."
 
-class MvOptions(FilesystemOptions):
+class MvOptions(FileStoreOptions):
     def parseArgs(self, frompath, topath):
         self.from_file = argv_to_unicode(frompath)
@@ -280 +280 @@
     """
 
-class LnOptions(FilesystemOptions):
+class LnOptions(FileStoreOptions):
     def parseArgs(self, frompath, topath):
         self.from_file = argv_to_unicode(frompath)
@@ -312 +312 @@
     pass
 
-class BackupOptions(FilesystemOptions):
+class BackupOptions(FileStoreOptions):
     optFlags = [
         ("verbose", "v", "Be noisy about what is happening."),
@@ -381 +381 @@
     TO/Archives/(new) TO/Latest'."""
 
-class WebopenOptions(FilesystemOptions):
+class WebopenOptions(FileStoreOptions):
     optFlags = [
         ("info", "i", "Open the t=info page for the file"),
@@ -395 +395 @@
     page."""
 
-class ManifestOptions(FilesystemOptions):
+class ManifestOptions(FileStoreOptions):
     optFlags = [
         ("storage-index", "s", "Only print storage index strings, not pathname+cap."),
@@ -410 +410 @@
     starting point."""
 
-class StatsOptions(FilesystemOptions):
+class StatsOptions(FileStoreOptions):
     optFlags = [
         ("raw", "r", "Display raw JSON data instead of parsed"),
@@ -422 +422 @@
     given starting point."""
 
-class CheckOptions(FilesystemOptions):
+class CheckOptions(FileStoreOptions):
     optFlags = [
         ("raw", None, "Display raw JSON data instead of parsed."),
@@ -438 +438 @@
     found."""
 
-class DeepCheckOptions(FilesystemOptions):
+class DeepCheckOptions(FileStoreOptions):
     optFlags = [
         ("raw", None, "Display raw JSON data instead of parsed."),

src/allmydata/scripts/runner.py ¶

@@ -45 +45 @@
                     + GROUP("Debugging")
                     +   debug.subCommands
-                    + GROUP("Using the filesystem")
+                    + GROUP("Using the file store")
                     +   cli.subCommands
                     +   magic_folder_cli.subCommands