fix(engine): cross-backend integrity guard with retry-then-damaged
A truncated debrid download (in-memory byte counter hit 100% while the
NFS write-back silently dropped most of the bytes) was marked completed.
The 1.1.6 fsync fix closed the debrid-specific hole; this generalizes the
guarantee so "completed" never means a corrupt file on ANY backend.
- IntegrityError + bounded retry: on a corrupt/short result the manager
re-downloads the same source up to 3x (clean start), then surfaces the
task as damaged ("corrupt download:" prefix) instead of completing it.
- verify (size mismatch / empty), debrid (incomplete / post-write / flush),
torrent (BytesMissing), usenet (par2 unrepairable / repair-failed) all
classify integrity failures so they route through the retry/damaged path.
- scanner: a file ffprobe can't read is emitted as a damaged library_item
(reason "unreadable") instead of being silently dropped from the sync.
- tests: manager retry-then-success + retry-exhausted-then-damaged,
verifying->resolving transition, damaged sync item.
This commit is contained in:
Deivid Soto
parent
271413e0f9
commit
a5f3f0914a
13 changed files with 400 additions and 91 deletions
|
|
@ -23,6 +23,12 @@ type Result struct {
|
|||
// the file is unverified rather than silently assuming it's good. Empty means
|
||||
// either "verified OK" or "no parity shipped" — both are non-degraded.
|
||||
VerifyNote string
|
||||
// Corrupt is true when par2 DEFINITIVELY confirmed the data is damaged and it
|
||||
// could not be repaired (repair failed, or corruption detected with no par2
|
||||
// binary to fix it). The engine treats this as an integrity failure and
|
||||
// re-downloads — distinct from VerifyNote's softer "unverified but delivered"
|
||||
// (e.g. no parity shipped, or a transient probe error).
|
||||
Corrupt bool
|
||||
}
|
||||
|
||||
// Options configures post-processing behavior.
|
||||
|
|
@ -58,14 +64,28 @@ func Process(dir string, downloadedFiles map[string]string, opts Options) (*Resu
|
|||
result.Repaired = true
|
||||
log.Printf("[usenet] par2: repair successful")
|
||||
case errors.Is(repairErr, ErrPar2NotInstalled):
|
||||
result.VerifyNote = "par2 corruption detected but `par2` is not installed — cannot repair, delivered POSSIBLY CORRUPT"
|
||||
// Damage confirmed by parity, but no binary to repair it — the
|
||||
// delivered file IS corrupt. Mark it so the engine re-downloads.
|
||||
result.Corrupt = true
|
||||
result.VerifyNote = "par2 corruption detected but `par2` is not installed — cannot repair, file is CORRUPT"
|
||||
log.Printf("[usenet] WARNING: %s", result.VerifyNote)
|
||||
default:
|
||||
result.VerifyNote = fmt.Sprintf("par2 repair failed — file may be corrupt: %v", repairErr)
|
||||
// Repair attempted and failed — the data is damaged beyond recovery.
|
||||
result.Corrupt = true
|
||||
result.VerifyNote = fmt.Sprintf("par2 repair failed — file is corrupt: %v", repairErr)
|
||||
log.Printf("[usenet] WARNING: %s", result.VerifyNote)
|
||||
}
|
||||
case errors.Is(err, ErrPar2Unrepairable):
|
||||
// Parity confirmed the data is damaged and unrepairable — definitively
|
||||
// corrupt (NOT a transient probe error). Engine re-downloads.
|
||||
result.Corrupt = true
|
||||
result.VerifyNote = fmt.Sprintf("par2: file is corrupt and cannot be repaired: %v", err)
|
||||
log.Printf("[usenet] WARNING: %s", result.VerifyNote)
|
||||
default:
|
||||
result.VerifyNote = fmt.Sprintf("par2 verification error — file may be corrupt: %v", err)
|
||||
// A transient par2 probe/exec error (binary crash, I/O hiccup) — can't
|
||||
// confirm corruption, so deliver UNVERIFIED with a loud note rather than
|
||||
// nuking a possibly-good file.
|
||||
result.VerifyNote = fmt.Sprintf("par2 verification error — file unverified: %v", err)
|
||||
log.Printf("[usenet] WARNING: %s", result.VerifyNote)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue