I have officially Done The Needful. AdjRefCount() is now a synchronous
operation.
If there happens to be a refcount_adjustments.dat lying around from a previous
version, it is ingested at startup and then deleted. I *may* come back later
and have zero-refcount messages deleted by TDAP instead of by AdjRefCount()
itself, but for now it seems to perform well enough as is. Deleting a room
is a deferred operation (from the user's perspective) anyway, so that's not
something they'll have to sit around and wait for. I haven't yet tried a
bulk deletion in IMAP, so when that's tested it might tell me that I have
to do the deferred delete sooner than later.
Internal server version is now 922.
That's the last of the server state that was directly in the filesystem,
that has now been moved into the database. A packager can now build Citadel
and only needs to resolve the paths to
the following three directories:
data/
files/
keys/
We can have a discussion about whether SSL keys and certificates should be
in-db or remain in the filesystem. I'm not thrilled about the way we handle
key and certificate management. Right now it has to be handled manually because
the client (i.e. WebCit) is not trusted. Because of this, there is no way
to set up SSL from the client side, even if you are an administrator. From
a security perspective, this separation of trust is outstandingly good.
However,
I've got Let's Encrypt in my sights, and there's no way that Citadel Server
will ever be able to speak ACME protocol without exposing a web service.
This means WebCit has to be trusted, even when there is not an administator
logged in.
