fix: GC has no grace period (TOCTOU with dedup uploads) #86
Reference in New Issue
Block a user
Delete Branch "benvin/gc-grace-period"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Fixes #71
Why
FindOrphanedBlobsreturned any blob not currently referenced. Because CAS dedups (the blob row can exist before its artifact/local_files row is written), a concurrent upload reusing an existing hash could have its S3 object deleted mid-flight by the GC.Changes
FindOrphanedBlobsnow takes aminAgeand only returns blobs withcreated_at < now()-minAge.blobGracePeriod.Validation
go test ./internal/gc/...andmake e2epass.8fc1635d11toc47daca1f1Rebased onto latest master (resolved a conflict in artifacts.go against the batched access-log writer). Note: master currently does not compile — see #96, which must merge first; this branch builds cleanly on top of it (verified: build + make e2e).