[OpenAFS] Mail delivery into OpenAFS

[Patrick J. LoPresti]

Russ Allbery <rra@stanford.edu> writes:

> > Maildir works for me because I patched qmail-local.c to rename if it
> > can't link. Perhaps I should check if the new filename exists, and if it
> > does temporarily defer delivery.
> 
> Oh, if you don't *really* care about safe mail delivery, locking isn't
> nearly as much of a problem.  :)

There is no problem with locking because no locking is required.

Maildirs work by using a guaranteed unique filename (time.pid.fqdn).
You do not need to check if the file name already exists because it
never will.

The new file is written to the "tmp" directory and then renamed into
the "cur" directory.  Delivery is considered successful only after
that rename has occurred without error.

qmail uses link() instead of rename() for guaranteed reliability
(consider what happens if the machine crashes at a bad time).  But
with a decent OS and a logging file system, rename() should work fine.
I assume AFS correctly implements rename() atomically if the OS
implements the system call atomically?

qmail checks the return values of write(), fsync(), and close(), and
link(), and only indicates success if all of these system calls
succeed.

So, assuming AFS rename() is propertly atomic, and that Nathan's patch
includes checking the return value from rename(), there is no reason
his approach should not be 100% reliable.

 - Pat