+ byte *buf; /* Shakedown buffer and its size */
+ int buflen = ALIGN(obuck_shake_buflen, OBUCK_ALIGN);
+ byte *msg; /* Error message we will print */
+ sh_off_t rstart, wstart; /* Original and new position of buffer start */
+ sh_off_t r_bucket_start, w_bucket_start; /* Original and new position of the current bucket */
+ int roff, woff; /* Orig/new position of the current bucket relative to buffer start */
+ int rsize; /* Number of original bytes in the buffer */
+ int l; /* Raw size of the current bucket */
+ int changed = 0; /* "Something has been altered" flag */
+ int wrote_anything = 0; /* We already did a write to the bucket file */
+ struct obuck_header *rhdr, *whdr; /* Original and new address of header of the current bucket */
+ sh_off_t r_file_size; /* Original size of the bucket file */
+ int more; /* How much does the last bucket overlap the buffer */
+
+ buf = xmalloc(buflen);
+ rstart = wstart = 0;
+ roff = woff = rsize = 0;
+
+ /* We need to be the only accessor, all the object ID's are becoming invalid */
+ obuck_lock_write();
+ r_file_size = sh_seek(obuck_fd, 0, SEEK_END);
+ ASSERT(!(r_file_size & (OBUCK_ALIGN - 1)));
+ if (r_file_size >= (0x100000000 << OBUCK_SHIFT) - buflen)
+ die("Bucket file is too large for safe shakedown. Shaking down with Bucket.ShakeSecurity=0 will still work.");
+
+ DBG("Starting shakedown. Buffer size is %d, original length %Lx", buflen, (long long) r_file_size);
+
+ for(;;)
+ {
+ r_bucket_start = rstart + roff;
+ w_bucket_start = wstart + woff;
+ rhdr = (struct obuck_header *)(buf + roff);
+ whdr = (struct obuck_header *)(buf + woff);
+ if (roff == rsize)
+ {
+ more = 0;
+ goto next;
+ }
+ if (rhdr->magic != OBUCK_MAGIC ||
+ rhdr->oid != OBUCK_OID_DELETED && rhdr->oid != (oid_t)(r_bucket_start >> OBUCK_SHIFT))
+ {
+ msg = "header mismatch";
+ goto broken;
+ }
+ l = obuck_bucket_size(rhdr->length);
+ if (l > buflen)
+ {
+ if (rhdr->oid != OBUCK_OID_DELETED)
+ {
+ msg = "bucket longer than ShakeBufSize";
+ goto broken;
+ }
+ /* Empty buckets are allowed to be large, but we need to handle them extra */
+ DBG("Tricking around an extra-large empty bucket at %Lx + %x", (long long)r_bucket_start, l);
+ rsize = roff + l;
+ }
+ else
+ {
+ if (rsize - roff < l)
+ {
+ more = l - (rsize - roff);
+ goto next;
+ }
+ if (GET_U32((byte *)rhdr + l - 4) != OBUCK_TRAILER)
+ {
+ msg = "missing trailer";
+ goto broken;
+ }
+ }
+ if (rhdr->oid != OBUCK_OID_DELETED)
+ {
+ int status = kibitz(rhdr, w_bucket_start >> OBUCK_SHIFT, (byte *)(rhdr+1));
+ if (status)
+ {
+ int lnew = l;
+ if (status > 1)
+ {
+ /* Changed! Reconstruct the trailer. */
+ lnew = obuck_bucket_size(rhdr->length);
+ ASSERT(lnew <= l);
+ PUT_U32((byte *)rhdr + lnew - 4, OBUCK_TRAILER);
+ changed = 1;
+ }
+ whdr = (struct obuck_header *)(buf+woff);
+ if (rhdr != whdr)
+ memmove(whdr, rhdr, lnew);
+ whdr->oid = w_bucket_start >> OBUCK_SHIFT;
+ woff += lnew;
+ }
+ else
+ changed = 1;
+ }
+ else
+ {
+ kibitz(rhdr, OBUCK_OID_DELETED, NULL);
+ changed = 1;
+ }
+ roff += l;
+ continue;
+
+ next:
+ if (changed)
+ {
+ /* Write the new contents of the bucket file */
+ if (!wrote_anything)
+ {
+ if (obuck_shake_security)
+ {
+ /* But first write a backup at the end of the file to ensure nothing can be lost. */
+ shake_write_backup(r_file_size, buf, woff, buf+roff, rsize-roff, rstart+roff, more);
+ shake_sync();
+ }
+ wrote_anything = 1;
+ }
+ if (woff)
+ {
+ DBG("Write %Lx %x", wstart, woff);
+ shake_write(buf, woff, wstart);
+ shake_sync();
+ }
+ }
+ else
+ ASSERT(wstart == rstart);
+
+ /* In any case, update the write position */
+ wstart += woff;
+ woff = 0;
+
+ /* Skip what's been read and if there is any fragment at the end of the buffer, move it to the start */
+ rstart += roff;
+ if (more)
+ {
+ memmove(buf, buf+roff, rsize-roff);
+ rsize = rsize-roff;
+ }
+ else
+ rsize = 0;
+
+ /* And refill the buffer */
+ r_bucket_start = rstart+rsize; /* Also needed for error messages */
+ l = sh_pread(obuck_fd, buf+rsize, MIN(buflen-rsize, r_file_size - r_bucket_start), r_bucket_start);
+ DBG("Read %Lx %x (%x inherited)", (long long)r_bucket_start, l, rsize);
+ if (l < 0)
+ die("obuck_shakedown read error: %m");
+ if (!l)
+ {
+ if (!more)
+ break;
+ msg = "unexpected EOF";
+ goto broken;
+ }
+ if (l & (OBUCK_ALIGN-1))
+ {
+ msg = "garbage at the end of file";
+ goto broken;
+ }
+ rsize += l;
+ roff = 0;
+ }
+
+ DBG("Finished at position %Lx", (long long) wstart);
+ sh_ftruncate(obuck_fd, wstart);
+ shake_sync();
+