feat: data_destroy

The previous implementation only considered version upgrades and did not take into account the installation of missing patches.

See zammad#21487
Introduced by 85ec261

.eslintrc.js

@@ -65,10 +65,11 @@ module.exports = {
           typescript: true,
           'eslint-import-resolver-custom-alias': {
             alias: {
+              '@core': '../web-core/lib',
               '@': './src',
             },
             extensions: ['.ts'],
-            packages: ['@xen-orchestra/lite'],
+            packages: ['@xen-orchestra/lite', '@xen-orchestra/web'],
           },
         },
       },
@@ -79,6 +80,25 @@ module.exports = {
         'vue/require-default-prop': 'off', // https://github.com/vuejs/eslint-plugin-vue/issues/2051
       },
     },
+    {
+      files: ['@xen-orchestra/{web-core,lite,web}/src/pages/**/*.vue'],
+      parserOptions: {
+        sourceType: 'module',
+      },
+      rules: {
+        'vue/multi-word-component-names': 'off',
+      },
+    },
+    {
+      files: ['@xen-orchestra/{web-core,lite,web}/typed-router.d.ts'],
+      parserOptions: {
+        sourceType: 'module',
+      },
+      rules: {
+        'eslint-comments/disable-enable-pair': 'off',
+        'eslint-comments/no-unlimited-disable': 'off',
+      },
+    },
   ],
 
   parserOptions: {

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -64,7 +64,7 @@ body:
     id: error-message
     attributes:
       label: Error message
-      render: Markdown
+      render: Text
     validations:
       required: false
   - type: textarea

.github/workflows/ci.yml

@@ -24,8 +24,12 @@ jobs:
           cache: 'yarn'
       - name: Install project dependencies
         run: yarn
+      - name: Ensure yarn.lock is up-to-date
+        run: git diff --exit-code yarn.lock
       - name: Build the project
         run: yarn build
+      - name: Unit tests
+        run: yarn test-unit
       - name: Lint tests
         run: yarn test-lint
       - name: Integration tests

@vates/async-each/package.json

@@ -34,7 +34,6 @@
   },
   "devDependencies": {
     "sinon": "^17.0.1",
-    "tap": "^16.3.0",
     "test": "^3.2.1"
   }
 }

@vates/decorate-with/package.json

@@ -20,7 +20,7 @@
     "url": "https://vates.fr"
   },
   "license": "ISC",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "engines": {
     "node": ">=8.10"
   },

@vates/event-listeners-manager/index.spec.js

@@ -20,6 +20,9 @@ function assertListeners(t, event, listeners) {
 }
 
 t.beforeEach(function (t) {
+  // work around https://github.com/tapjs/tapjs/issues/998
+  t.context = {}
+
   t.context.ee = new EventEmitter()
   t.context.em = new EventListenersManager(t.context.ee)
 })

@vates/event-listeners-manager/package.json

@@ -38,9 +38,9 @@
   "version": "1.0.1",
   "scripts": {
     "postversion": "npm publish --access public",
-    "test": "tap --branches=72"
+    "test": "tap --allow-incomplete-coverage"
   },
   "devDependencies": {
-    "tap": "^16.2.0"
+    "tap": "^18.7.0"
   }
 }

@vates/fuse-vhd/.USAGE.md

@@ -0,0 +1,28 @@
+Mount a vhd generated by xen-orchestra to filesystem
+
+### Library
+
+```js
+import { mount } from 'fuse-vhd'
+
+// return a disposable, see promise-toolbox/Disposable
+// unmount automatically when disposable is disposed
+// in case of differencing VHD, it mounts the full chain
+await mount(handler, diskId, mountPoint)
+```
+
+### cli
+
+From the install folder :
+
+```
+cli.mjs <remoteUrl> <vhdPathInRemote> <mountPoint>
+```
+
+After installing the package
+
+```
+xo-fuse-vhd <remoteUrl> <vhdPathInRemote> <mountPoint>
+```
+
+remoteUrl can be found by using cli in `@xen-orchestra/fs` , for example a local remote will have a url like `file:///path/to/remote/root`

@vates/fuse-vhd/README.md

@@ -0,0 +1,59 @@
+<!-- DO NOT EDIT MANUALLY, THIS FILE HAS BEEN GENERATED -->
+
+# @vates/fuse-vhd
+
+[![Package Version](https://badgen.net/npm/v/@vates/fuse-vhd)](https://npmjs.org/package/@vates/fuse-vhd) ![License](https://badgen.net/npm/license/@vates/fuse-vhd) [![PackagePhobia](https://badgen.net/bundlephobia/minzip/@vates/fuse-vhd)](https://bundlephobia.com/result?p=@vates/fuse-vhd) [![Node compatibility](https://badgen.net/npm/node/@vates/fuse-vhd)](https://npmjs.org/package/@vates/fuse-vhd)
+
+## Install
+
+Installation of the [npm package](https://npmjs.org/package/@vates/fuse-vhd):
+
+```sh
+npm install --save @vates/fuse-vhd
+```
+
+## Usage
+
+Mount a vhd generated by xen-orchestra to filesystem
+
+### Library
+
+```js
+import { mount } from 'fuse-vhd'
+
+// return a disposable, see promise-toolbox/Disposable
+// unmount automatically when disposable is disposed
+// in case of differencing VHD, it mounts the full chain
+await mount(handler, diskId, mountPoint)
+```
+
+### cli
+
+From the install folder :
+
+```
+cli.mjs <remoteUrl> <vhdPathInRemote> <mountPoint>
+```
+
+After installing the package
+
+```
+xo-fuse-vhd <remoteUrl> <vhdPathInRemote> <mountPoint>
+```
+
+remoteUrl can be found by using cli in `@xen-orchestra/fs` , for example a local remote will have a url like `file:///path/to/remote/root`
+
+## Contributions
+
+Contributions are _very_ welcomed, either on the documentation or on
+the code.
+
+You may:
+
+- report any [issue](https://github.com/vatesfr/xen-orchestra/issues)
+  you've encountered;
+- fork and create a pull request.
+
+## License
+
+[ISC](https://spdx.org/licenses/ISC) © [Vates SAS](https://vates.fr)

@vates/fuse-vhd/cli.mjs

@@ -0,0 +1,26 @@
+#!/usr/bin/env node
+
+import Disposable from 'promise-toolbox/Disposable'
+import { getSyncedHandler } from '@xen-orchestra/fs'
+
+import { mount } from './index.mjs'
+
+async function* main([remoteUrl, vhdPathInRemote, mountPoint]) {
+  if (mountPoint === undefined) {
+    throw new TypeError('missing arg: cli <remoteUrl> <vhdPathInRemote> <mountPoint>')
+  }
+  const handler = yield getSyncedHandler({ url: remoteUrl })
+  const mounted = await mount(handler, vhdPathInRemote, mountPoint)
+
+  let disposePromise
+  process.on('SIGINT', async () => {
+    // ensure single dispose
+    if (!disposePromise) {
+      disposePromise = mounted.dispose()
+    }
+    await disposePromise
+    process.exit()
+  })
+}
+
+Disposable.wrap(main)(process.argv.slice(2))

@vates/fuse-vhd/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vates/fuse-vhd",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "license": "ISC",
   "private": false,
   "homepage": "https://github.com/vatesfr/xen-orchestra/tree/master/@vates/fuse-vhd",
@@ -19,11 +19,15 @@
   },
   "main": "./index.mjs",
   "dependencies": {
+    "@xen-orchestra/fs": "^4.1.4",
     "fuse-native": "^2.2.6",
     "lru-cache": "^7.14.0",
     "promise-toolbox": "^0.21.0",
     "vhd-lib": "^4.9.0"
   },
+  "bin": {
+    "xo-fuse-vhd": "./cli.mjs"
+  },
   "scripts": {
     "postversion": "npm publish --access public"
   }

@vates/nbd-client/multi.mjs

@@ -61,22 +61,23 @@ export default class MultiNbdClient {
   async *readBlocks(indexGenerator) {
     // default : read all blocks
     const readAhead = []
-    const makeReadBlockPromise = (index, size) => {
-      const promise = this.readBlock(index, size)
+    const makeReadBlockPromise = (index, buffer, size) => {
+      // pass through any pre loaded buffer
+      const promise = buffer ? Promise.resolve(buffer) : this.readBlock(index, size)
       // error is handled during unshift
       promise.catch(() => {})
       return promise
     }
 
     // read all blocks, but try to keep readAheadMaxLength promise waiting ahead
-    for (const { index, size } of indexGenerator()) {
+    for (const { index, buffer, size } of indexGenerator()) {
       // stack readAheadMaxLength promises before starting to handle the results
       if (readAhead.length === this.#readAhead) {
         // any error will stop reading blocks
         yield readAhead.shift()
       }
 
-      readAhead.push(makeReadBlockPromise(index, size))
+      readAhead.push(makeReadBlockPromise(index, buffer, size))
     }
     while (readAhead.length > 0) {
       yield readAhead.shift()

@vates/nbd-client/package.json

@@ -24,14 +24,14 @@
     "@xen-orchestra/async-map": "^0.1.2",
     "@xen-orchestra/log": "^0.6.0",
     "promise-toolbox": "^0.21.0",
-    "xen-api": "^2.0.0"
+    "xen-api": "^2.0.1"
   },
   "devDependencies": {
-    "tap": "^16.3.0",
+    "tap": "^18.7.0",
     "tmp": "^0.2.1"
   },
   "scripts": {
     "postversion": "npm publish --access public",
-    "test-integration": "tap --lines 97 --functions 95 --branches 74 --statements 97 tests/*.integ.mjs"
+    "test-integration": "tap --allow-incomplete-coverage"
   }
 }

@vates/otp/index.test.mjs

@@ -1,5 +1,5 @@
 import { strict as assert } from 'node:assert'
-import { describe, it } from 'tap/mocha'
+import test from 'test'
 
 import {
   generateHotp,
@@ -11,6 +11,8 @@ import {
   verifyTotp,
 } from './index.mjs'
 
+const { describe, it } = test
+
 describe('generateSecret', function () {
   it('generates a string of 32 chars', async function () {
     const secret = generateSecret()

@vates/otp/package.json

@@ -31,9 +31,9 @@
   },
   "scripts": {
     "postversion": "npm publish --access public",
-    "test": "tap"
+    "test": "node--test"
   },
   "devDependencies": {
-    "tap": "^16.3.0"
+    "test": "^3.3.0"
   }
 }

@vates/predicates/index.test.js

@@ -1,7 +1,7 @@
 'use strict'
 
 const assert = require('assert/strict')
-const { describe, it } = require('tap').mocha
+const { describe, it } = require('test')
 
 const { every, not, some } = require('./')
 

@vates/predicates/package.json

@@ -32,9 +32,9 @@
   },
   "scripts": {
     "postversion": "npm publish --access public",
-    "test": "tap"
+    "test": "node--test"
   },
   "devDependencies": {
-    "tap": "^16.0.1"
+    "test": "^3.3.0"
   }
 }

@xen-orchestra/audit-core/index.test.js

@@ -1,7 +1,7 @@
 'use strict'
 
 const assert = require('assert/strict')
-const { afterEach, describe, it } = require('tap').mocha
+const { afterEach, describe, it } = require('test')
 
 const { AlteredRecordError, AuditCore, MissingRecordError, NULL_ID, Storage } = require('.')
 

@xen-orchestra/audit-core/package.json

@@ -13,10 +13,10 @@
   },
   "scripts": {
     "postversion": "npm publish --access public",
-    "test": "tap --lines 67 --functions 92 --branches 52 --statements 67"
+    "test": "node--test"
   },
   "dependencies": {
-    "@vates/decorate-with": "^2.0.0",
+    "@vates/decorate-with": "^2.1.0",
     "@xen-orchestra/log": "^0.6.0",
     "golike-defer": "^0.5.1",
     "object-hash": "^2.0.1"
@@ -28,6 +28,6 @@
     "url": "https://vates.fr"
   },
   "devDependencies": {
-    "tap": "^16.0.1"
+    "test": "^3.3.0"
   }
 }

@xen-orchestra/backups-cli/package.json

@@ -7,8 +7,8 @@
   "bugs": "https://github.com/vatesfr/xen-orchestra/issues",
   "dependencies": {
     "@xen-orchestra/async-map": "^0.1.2",
-    "@xen-orchestra/backups": "^0.44.3",
-    "@xen-orchestra/fs": "^4.1.3",
+    "@xen-orchestra/backups": "^0.44.6",
+    "@xen-orchestra/fs": "^4.1.4",
     "filenamify": "^6.0.0",
     "getopts": "^2.2.5",
     "lodash": "^4.17.15",

@xen-orchestra/backups/ImportVmBackup.mjs

@@ -160,10 +160,10 @@ export class ImportVmBackup {
           // update the stream with the negative vhd stream
           stream = await negativeVhd.stream()
           vdis[vdiRef].baseVdi = snapshotCandidate
-        } catch (err) {
+        } catch (error) {
           // can be a broken VHD chain, a vhd chain with a key backup, ....
           // not an irrecuperable error, don't dispose parentVhd, and fallback to full restore
-          warn(`can't use differential restore`, err)
+          warn(`can't use differential restore`, { error })
           disposableDescendants?.dispose()
         }
       }

@xen-orchestra/backups/RemoteAdapter.mjs

@@ -35,6 +35,8 @@ export const DIR_XO_CONFIG_BACKUPS = 'xo-config-backups'
 
 export const DIR_XO_POOL_METADATA_BACKUPS = 'xo-pool-metadata-backups'
 
+const IMMUTABILTY_METADATA_FILENAME = '/immutability.json'
+
 const { debug, warn } = createLogger('xo:backups:RemoteAdapter')
 
 const compareTimestamp = (a, b) => a.timestamp - b.timestamp
@@ -189,13 +191,14 @@ export class RemoteAdapter {
   // check if we will be allowed to merge a a vhd created in this adapter
   // with the vhd at path `path`
   async isMergeableParent(packedParentUid, path) {
-    return await Disposable.use(openVhd(this.handler, path), vhd => {
+    return await Disposable.use(VhdSynthetic.fromVhdChain(this.handler, path), vhd => {
       // this baseUuid is not linked with this vhd
       if (!vhd.footer.uuid.equals(packedParentUid)) {
         return false
       }
 
-      const isVhdDirectory = vhd instanceof VhdDirectory
+      // check if all the chain is composed of vhd directory
+      const isVhdDirectory = vhd.checkVhdsClass(VhdDirectory)
       return isVhdDirectory
         ? this.useVhdDirectory() && this.#getCompressionType() === vhd.compressionType
         : !this.useVhdDirectory()
@@ -749,10 +752,37 @@ export class RemoteAdapter {
   }
 
   async readVmBackupMetadata(path) {
+    let json
+    let isImmutable = false
+    let remoteIsImmutable = false
+    // if the remote is immutable, check if this metadatas are also immutables
+    try {
+      // this file is not encrypted
+      await this._handler._readFile(IMMUTABILTY_METADATA_FILENAME)
+      remoteIsImmutable = true
+    } catch (error) {
+      if (error.code !== 'ENOENT') {
+        throw error
+      }
+    }
+
+    try {
+      // this will trigger an EPERM error if the file is immutable
+      json = await this.handler.readFile(path, { flag: 'r+' })
+      // s3 handler don't respect flags
+    } catch (err) {
+      // retry without triggerring immutbaility check ,only on immutable remote
+      if (err.code === 'EPERM' && remoteIsImmutable) {
+        isImmutable = true
+        json = await this._handler.readFile(path, { flag: 'r' })
+      } else {
+        throw err
+      }
+    }
     // _filename is a private field used to compute the backup id
     //
     // it's enumerable to make it cacheable
-    const metadata = { ...JSON.parse(await this._handler.readFile(path)), _filename: path }
+    const metadata = { ...JSON.parse(json), _filename: path, isImmutable }
 
     // backups created on XenServer < 7.1 via JSON in XML-RPC transports have boolean values encoded as integers, which make them unusable with more recent XAPIs
     if (typeof metadata.vm.is_a_template === 'number') {

@xen-orchestra/backups/_incrementalVm.mjs

@@ -79,9 +79,16 @@ export async function exportIncrementalVm(
       $SR$uuid: vdi.$SR.uuid,
     }
 
+    let changedBlocks
+    console.log('CBT ? ', vdi.cbt_enabled,vdiRef,baseVdi?.$ref)
+    if (vdi.cbt_enabled && baseVdi?.$ref) {
+      // @todo  log errors and fallback to default mode
+      changedBlocks = await vdi.$listChangedBlock(baseVdi?.$ref)
+    }
     streams[`${vdiRef}.vhd`] = await vdi.$exportContent({
       baseRef: baseVdi?.$ref,
       cancelToken,
+      changedBlocks,
       format: 'vhd',
       nbdConcurrency,
       preferNbd,

@xen-orchestra/backups/_runners/_vmRunners/IncrementalRemote.mjs

@@ -2,6 +2,7 @@ import { asyncEach } from '@vates/async-each'
 import { decorateMethodsWith } from '@vates/decorate-with'
 import { defer } from 'golike-defer'
 import assert from 'node:assert'
+import * as UUID from 'uuid'
 import isVhdDifferencingDisk from 'vhd-lib/isVhdDifferencingDisk.js'
 import mapValues from 'lodash/mapValues.js'
 
@@ -9,11 +10,48 @@ import { AbstractRemote } from './_AbstractRemote.mjs'
 import { forkDeltaExport } from './_forkDeltaExport.mjs'
 import { IncrementalRemoteWriter } from '../_writers/IncrementalRemoteWriter.mjs'
 import { Task } from '../../Task.mjs'
+import { Disposable } from 'promise-toolbox'
+import { openVhd } from 'vhd-lib'
+import { getVmBackupDir } from '../../_getVmBackupDir.mjs'
 
 class IncrementalRemoteVmBackupRunner extends AbstractRemote {
   _getRemoteWriter() {
     return IncrementalRemoteWriter
   }
+  async _selectBaseVm(metadata) {
+    // for each disk , get the parent
+    const baseUuidToSrcVdi = new Map()
+
+    // no previous backup for a base( =key) backup
+    if (metadata.isBase) {
+      return
+    }
+    await asyncEach(Object.entries(metadata.vdis), async ([id, vdi]) => {
+      const isDifferencing = metadata.isVhdDifferencing[`${id}.vhd`]
+      if (isDifferencing) {
+        const vmDir = getVmBackupDir(metadata.vm.uuid)
+        const path = `${vmDir}/${metadata.vhds[id]}`
+        // don't catch error : we can't recover if the source vhd are missing
+        await Disposable.use(openVhd(this._sourceRemoteAdapter._handler, path), vhd => {
+          baseUuidToSrcVdi.set(UUID.stringify(vhd.header.parentUuid), vdi.$snapshot_of$uuid)
+        })
+      }
+    })
+
+    const presentBaseVdis = new Map(baseUuidToSrcVdi)
+    await this._callWriters(
+      writer => presentBaseVdis.size !== 0 && writer.checkBaseVdis(presentBaseVdis),
+      'writer.checkBaseVdis()',
+      false
+    )
+    // check if the parent vdi are present in all the remotes
+    baseUuidToSrcVdi.forEach((srcVdiUuid, baseUuid) => {
+      if (!presentBaseVdis.has(baseUuid)) {
+        throw new Error(`Missing vdi ${baseUuid} which is a base for a delta`)
+      }
+    })
+    // yeah , let's go
+  }
   async _run($defer) {
     const transferList = await this._computeTransferList(({ mode }) => mode === 'delta')
     await this._callWriters(async writer => {
@@ -26,7 +64,7 @@ class IncrementalRemoteVmBackupRunner extends AbstractRemote {
     if (transferList.length > 0) {
       for (const metadata of transferList) {
         assert.strictEqual(metadata.mode, 'delta')
-
+        await this._selectBaseVm(metadata)
         await this._callWriters(writer => writer.prepare({ isBase: metadata.isBase }), 'writer.prepare()')
         const incrementalExport = await this._sourceRemoteAdapter.readIncrementalVmBackup(metadata, undefined, {
           useChain: false,
@@ -50,6 +88,17 @@ class IncrementalRemoteVmBackupRunner extends AbstractRemote {
             }),
           'writer.transfer()'
         )
+        // this will update parent name with the needed alias
+        await this._callWriters(
+          writer =>
+            writer.updateUuidAndChain({
+              isVhdDifferencing,
+              timestamp: metadata.timestamp,
+              vdis: incrementalExport.vdis,
+            }),
+          'writer.updateUuidAndChain()'
+        )
+
         await this._callWriters(writer => writer.cleanup(), 'writer.cleanup()')
         // for healthcheck
         this._tags = metadata.vm.tags

@xen-orchestra/backups/_runners/_vmRunners/IncrementalXapi.mjs

@@ -78,6 +78,18 @@ export const IncrementalXapi = class IncrementalXapiVmBackupRunner extends Abstr
       'writer.transfer()'
     )
 
+    // we want to control the uuid of the vhd in the chain
+    // and ensure they are correctly chained
+    await this._callWriters(
+      writer =>
+        writer.updateUuidAndChain({
+          isVhdDifferencing,
+          timestamp,
+          vdis: deltaExport.vdis,
+        }),
+      'writer.updateUuidAndChain()'
+    )
+
     this._baseVm = exportedVm
 
     if (baseVm !== undefined) {
@@ -133,7 +145,7 @@ export const IncrementalXapi = class IncrementalXapiVmBackupRunner extends Abstr
       ])
       const srcVdi = srcVdis[snapshotOf]
       if (srcVdi !== undefined) {
-        baseUuidToSrcVdi.set(baseUuid, srcVdi)
+        baseUuidToSrcVdi.set(baseUuid, srcVdi.uuid)
       } else {
         debug('ignore snapshot VDI because no longer present on VM', {
           vdi: baseUuid,
@@ -154,18 +166,18 @@ export const IncrementalXapi = class IncrementalXapiVmBackupRunner extends Abstr
     }
 
     const fullVdisRequired = new Set()
-    baseUuidToSrcVdi.forEach((srcVdi, baseUuid) => {
+    baseUuidToSrcVdi.forEach((srcVdiUuid, baseUuid) => {
       if (presentBaseVdis.has(baseUuid)) {
         debug('found base VDI', {
           base: baseUuid,
-          vdi: srcVdi.uuid,
+          vdi: srcVdiUuid,
         })
       } else {
         debug('missing base VDI', {
           base: baseUuid,
-          vdi: srcVdi.uuid,
+          vdi: srcVdiUuid,
         })
-        fullVdisRequired.add(srcVdi.uuid)
+        fullVdisRequired.add(srcVdiUuid)
       }
     })
 

@xen-orchestra/backups/_runners/_vmRunners/_AbstractXapi.mjs

@@ -193,6 +193,17 @@ export const AbstractXapi = class AbstractXapiVmBackupRunner extends Abstract {
     const allSettings = this.job.settings
     const baseSettings = this._baseSettings
     const baseVmRef = this._baseVm?.$ref
+    if (this._settings.deltaComputeMode === 'CBT' && this._exportedVm?.$ref && this._exportedVm?.$ref != this._vm.$ref) {
+      console.log('WILL PURGE',this._exportedVm?.$ref)
+      const xapi = this._xapi 
+      const vdiRefs = await this._xapi.VM_getDisks(this._exportedVm?.$ref)
+      await xapi.call('VM.destroy',this._exportedVm.$ref)
+      // @todo: ensure it is really the snapshot
+      for (const vdiRef of vdiRefs) {
+        // @todo handle error
+        await xapi.VDI_dataDestroy(vdiRef) 
+      }
+    }
 
     const snapshotsPerSchedule = groupBy(this._jobSnapshots, _ => _.other_config['xo:backup:schedule'])
     const xapi = this._xapi
@@ -208,6 +219,8 @@ export const AbstractXapi = class AbstractXapiVmBackupRunner extends Abstract {
         }
       })
     })
+
+
   }
 
   async copy() {
@@ -226,6 +239,22 @@ export const AbstractXapi = class AbstractXapiVmBackupRunner extends Abstract {
     throw new Error('Not implemented')
   }
 
+  async enableCbt() {
+    // for each disk of the VM , enable CBT
+    if (this._settings.deltaComputeMode !== 'CBT') {
+      return
+    }
+    const vm = this._vm
+    const xapi = this._xapi
+    console.log(vm.VBDs)
+    const vdiRefs = await vm.$getDisks(vm.VBDs)
+    for (const vdiRef of vdiRefs) {
+      // @todo handle error
+      await xapi.VDI_enableChangeBlockTracking(vdiRef)
+    }
+    // @todo : when do we disable CBT ?
+  }
+
   async run($defer) {
     const settings = this._settings
     assert(
@@ -246,7 +275,7 @@ export const AbstractXapi = class AbstractXapiVmBackupRunner extends Abstract {
 
     await this._cleanMetadata()
     await this._removeUnusedSnapshots()
-
+    await this.enableCbt()
     const vm = this._vm
     const isRunning = vm.power_state === 'Running'
     const startAfter = isRunning && (settings.offlineBackup ? 'backup' : settings.offlineSnapshot && 'snapshot')
@@ -267,6 +296,7 @@ export const AbstractXapi = class AbstractXapiVmBackupRunner extends Abstract {
         await this._exportedVm.update_blocked_operations({ pool_migrate: reason, migrate_send: reason })
         try {
           await this._copy()
+          // @todo if CBT is enabled : should call vdi.datadestroy on snapshot here
         } finally {
           await this._exportedVm.update_blocked_operations({ pool_migrate, migrate_send })
         }

@xen-orchestra/backups/_runners/_writers/IncrementalRemoteWriter.mjs

@@ -1,17 +1,15 @@
 import assert from 'node:assert'
 import mapValues from 'lodash/mapValues.js'
-import ignoreErrors from 'promise-toolbox/ignoreErrors'
 import { asyncEach } from '@vates/async-each'
 import { asyncMap } from '@xen-orchestra/async-map'
-import { chainVhd, checkVhdChain, openVhd, VhdAbstract } from 'vhd-lib'
+import { chainVhd, openVhd } from 'vhd-lib'
 import { createLogger } from '@xen-orchestra/log'
 import { decorateClass } from '@vates/decorate-with'
 import { defer } from 'golike-defer'
-import { dirname } from 'node:path'
+import { dirname, basename } from 'node:path'
 
 import { formatFilenameDate } from '../../_filenameDate.mjs'
 import { getOldEntries } from '../../_getOldEntries.mjs'
-import { TAG_BASE_DELTA } from '../../_incrementalVm.mjs'
 import { Task } from '../../Task.mjs'
 
 import { MixinRemoteWriter } from './_MixinRemoteWriter.mjs'
@@ -23,42 +21,45 @@ import { Disposable } from 'promise-toolbox'
 const { warn } = createLogger('xo:backups:DeltaBackupWriter')
 
 export class IncrementalRemoteWriter extends MixinRemoteWriter(AbstractIncrementalWriter) {
+  #parentVdiPaths
+  #vhds
   async checkBaseVdis(baseUuidToSrcVdi) {
+    this.#parentVdiPaths = {}
     const { handler } = this._adapter
     const adapter = this._adapter
 
     const vdisDir = `${this._vmBackupDir}/vdis/${this._job.id}`
 
-    await asyncMap(baseUuidToSrcVdi, async ([baseUuid, srcVdi]) => {
-      let found = false
+    await asyncMap(baseUuidToSrcVdi, async ([baseUuid, srcVdiUuid]) => {
+      let parentDestPath
+      const vhdDir = `${vdisDir}/${srcVdiUuid}`
       try {
-        const vhds = await handler.list(`${vdisDir}/${srcVdi.uuid}`, {
+        const vhds = await handler.list(vhdDir, {
           filter: _ => _[0] !== '.' && _.endsWith('.vhd'),
           ignoreMissing: true,
           prependDir: true,
         })
         const packedBaseUuid = packUuid(baseUuid)
-        await asyncMap(vhds, async path => {
-          try {
-            await checkVhdChain(handler, path)
-            // Warning, this should not be written as found = found || await adapter.isMergeableParent(packedBaseUuid, path)
-            //
-            // since all the checks of a path are done in parallel, found would be containing
-            // only the last answer of isMergeableParent which is probably not the right one
-            // this led to the support tickets  https://help.vates.fr/#ticket/zoom/4751 , 4729, 4665 and 4300
+        // the last one is probably the right one
 
-            const isMergeable = await adapter.isMergeableParent(packedBaseUuid, path)
-            found = found || isMergeable
+        for (let i = vhds.length - 1; i >= 0 && parentDestPath === undefined; i--) {
+          const path = vhds[i]
+          try {
+            if (await adapter.isMergeableParent(packedBaseUuid, path)) {
+              parentDestPath = path
+            }
           } catch (error) {
             warn('checkBaseVdis', { error })
-            await ignoreErrors.call(VhdAbstract.unlink(handler, path))
           }
-        })
+        }
       } catch (error) {
         warn('checkBaseVdis', { error })
       }
-      if (!found) {
+      // no usable parent => the runner will have to decide to fall back to a full or stop backup
+      if (parentDestPath === undefined) {
         baseUuidToSrcVdi.delete(baseUuid)
+      } else {
+        this.#parentVdiPaths[vhdDir] = parentDestPath
       }
     })
   }
@@ -123,6 +124,44 @@ export class IncrementalRemoteWriter extends MixinRemoteWriter(AbstractIncrement
     }
   }
 
+  async updateUuidAndChain({ isVhdDifferencing, vdis }) {
+    assert.notStrictEqual(
+      this.#vhds,
+      undefined,
+      '_transfer must be called before updateUuidAndChain for incremental backups'
+    )
+
+    const parentVdiPaths = this.#parentVdiPaths
+    const { handler } = this._adapter
+    const vhds = this.#vhds
+    await asyncEach(Object.entries(vdis), async ([id, vdi]) => {
+      const isDifferencing = isVhdDifferencing[`${id}.vhd`]
+      const path = `${this._vmBackupDir}/${vhds[id]}`
+      if (isDifferencing) {
+        assert.notStrictEqual(
+          parentVdiPaths,
+          'checkbasevdi must be called before updateUuidAndChain for incremental backups'
+        )
+        const parentPath = parentVdiPaths[dirname(path)]
+        // we are in a incremental backup
+        // we already computed the chain in checkBaseVdis
+        assert.notStrictEqual(parentPath, undefined, 'A differential VHD must have a parent')
+        // forbid any kind of loop
+        assert.ok(basename(parentPath) < basename(path), `vhd must be sorted to be chained`)
+        await chainVhd(handler, parentPath, handler, path)
+      }
+
+      // set the correct UUID in the VHD if needed
+      await Disposable.use(openVhd(handler, path), async vhd => {
+        if (!vhd.footer.uuid.equals(packUuid(vdi.uuid))) {
+          vhd.footer.uuid = packUuid(vdi.uuid)
+          await vhd.readBlockAllocationTable() // required by writeFooter()
+          await vhd.writeFooter()
+        }
+      })
+    })
+  }
+
   async _deleteOldEntries() {
     const adapter = this._adapter
     const oldEntries = this._oldEntries
@@ -141,14 +180,10 @@ export class IncrementalRemoteWriter extends MixinRemoteWriter(AbstractIncrement
     const jobId = job.id
     const handler = adapter.handler
 
-    let metadataContent = await this._isAlreadyTransferred(timestamp)
-    if (metadataContent !== undefined) {
-      // @todo : should skip backup while being vigilant to not stuck the forked stream
-      Task.info('This backup has already been transfered')
-    }
-
     const basename = formatFilenameDate(timestamp)
-    const vhds = mapValues(
+    // update this.#vhds before eventually skipping transfer, so that
+    // updateUuidAndChain has all the mandatory data
+    const vhds = (this.#vhds = mapValues(
       deltaExport.vdis,
       vdi =>
         `vdis/${jobId}/${
@@ -158,7 +193,15 @@ export class IncrementalRemoteWriter extends MixinRemoteWriter(AbstractIncrement
               vdi.uuid
             : vdi.$snapshot_of$uuid
         }/${adapter.getVhdFileName(basename)}`
-    )
+    ))
+
+    let metadataContent = await this._isAlreadyTransferred(timestamp)
+    if (metadataContent !== undefined) {
+      // skip backup while being vigilant to not stuck the forked stream
+      Task.info('This backup has already been transfered')
+      Object.values(deltaExport.streams).forEach(stream => stream.destroy())
+      return { size: 0 }
+    }
 
     metadataContent = {
       isVhdDifferencing,
@@ -174,38 +217,13 @@ export class IncrementalRemoteWriter extends MixinRemoteWriter(AbstractIncrement
       vm,
       vmSnapshot,
     }
+
     const { size } = await Task.run({ name: 'transfer' }, async () => {
       let transferSize = 0
       await asyncEach(
-        Object.entries(deltaExport.vdis),
-        async ([id, vdi]) => {
+        Object.keys(deltaExport.vdis),
+        async id => {
           const path = `${this._vmBackupDir}/${vhds[id]}`
-
-          const isDifferencing = isVhdDifferencing[`${id}.vhd`]
-          let parentPath
-          if (isDifferencing) {
-            const vdiDir = dirname(path)
-            parentPath = (
-              await handler.list(vdiDir, {
-                filter: filename => filename[0] !== '.' && filename.endsWith('.vhd'),
-                prependDir: true,
-              })
-            )
-              .sort()
-              .pop()
-
-            assert.notStrictEqual(
-              parentPath,
-              undefined,
-              `missing parent of ${id} in ${dirname(path)}, looking for ${vdi.other_config[TAG_BASE_DELTA]}`
-            )
-
-            parentPath = parentPath.slice(1) // remove leading slash
-
-            // TODO remove when this has been done before the export
-            await checkVhd(handler, parentPath)
-          }
-
           // don't write it as transferSize += await async function
           // since i += await asyncFun lead to race condition
           // as explained : https://eslint.org/docs/latest/rules/require-atomic-updates
@@ -217,17 +235,6 @@ export class IncrementalRemoteWriter extends MixinRemoteWriter(AbstractIncrement
             writeBlockConcurrency: this._config.writeBlockConcurrency,
           })
           transferSize += transferSizeOneDisk
-
-          if (isDifferencing) {
-            await chainVhd(handler, parentPath, handler, path)
-          }
-
-          // set the correct UUID in the VHD
-          await Disposable.use(openVhd(handler, path), async vhd => {
-            vhd.footer.uuid = packUuid(vdi.uuid)
-            await vhd.readBlockAllocationTable() // required by writeFooter()
-            await vhd.writeFooter()
-          })
         },
         {
           concurrency: settings.diskPerVmConcurrency,

@xen-orchestra/backups/_runners/_writers/IncrementalXapiWriter.mjs

@@ -1,3 +1,4 @@
+import assert from 'node:assert'
 import { asyncMap, asyncMapSettled } from '@xen-orchestra/async-map'
 import ignoreErrors from 'promise-toolbox/ignoreErrors'
 import { formatDateTime } from '@xen-orchestra/xapi'
@@ -14,6 +15,7 @@ import find from 'lodash/find.js'
 
 export class IncrementalXapiWriter extends MixinXapiWriter(AbstractIncrementalWriter) {
   async checkBaseVdis(baseUuidToSrcVdi, baseVm) {
+    assert.notStrictEqual(baseVm, undefined)
     const sr = this._sr
     const replicatedVm = listReplicatedVms(sr.$xapi, this._job.id, sr.uuid, this._vmUuid).find(
       vm => vm.other_config[TAG_COPY_SRC] === baseVm.uuid
@@ -36,7 +38,9 @@ export class IncrementalXapiWriter extends MixinXapiWriter(AbstractIncrementalWr
       }
     }
   }
-
+  updateUuidAndChain() {
+    // nothing to do, the chaining is not modified in this case
+  }
   prepare({ isFull }) {
     // create the task related to this export and ensure all methods are called in this context
     const task = new Task({

@xen-orchestra/backups/_runners/_writers/_AbstractIncrementalWriter.mjs

@@ -5,6 +5,10 @@ export class AbstractIncrementalWriter extends AbstractWriter {
     throw new Error('Not implemented')
   }
 
+  updateUuidAndChain() {
+    throw new Error('Not implemented')
+  }
+
   cleanup() {
     throw new Error('Not implemented')
   }

@xen-orchestra/backups/_runners/_writers/_MixinRemoteWriter.mjs

@@ -113,13 +113,13 @@ export const MixinRemoteWriter = (BaseClass = Object) =>
       )
     }
 
-    _isAlreadyTransferred(timestamp) {
+    async _isAlreadyTransferred(timestamp) {
       const vmUuid = this._vmUuid
       const adapter = this._adapter
       const backupDir = getVmBackupDir(vmUuid)
       try {
         const actualMetadata = JSON.parse(
-          adapter._handler.readFile(`${backupDir}/${formatFilenameDate(timestamp)}.json`)
+          await adapter._handler.readFile(`${backupDir}/${formatFilenameDate(timestamp)}.json`)
         )
         return actualMetadata
       } catch (error) {}

@xen-orchestra/backups/docs/VM backups/README.md

@@ -230,6 +230,7 @@ Settings are described in [`@xen-orchestra/backups/\_runners/VmsXapi.mjs``](http
     - `checkBaseVdis(baseUuidToSrcVdi, baseVm)`
     - `prepare({ isFull })`
     - `transfer({ timestamp, deltaExport, sizeContainers })`
+    - `updateUuidAndChain({ isVhdDifferencing, vdis })`
     - `cleanup()`
     - `healthCheck()` // is not executed if no health check sr or tag doesn't match
   - **Full**

@xen-orchestra/backups/formatVmBackups.mjs

@@ -6,7 +6,8 @@ function formatVmBackup(backup) {
 
   let differencingVhds
   let dynamicVhds
-  const withMemory = vmSnapshot.suspend_VDI !== 'OpaqueRef:NULL'
+  // some backups don't use snapshots, therefore cannot be with memory
+  const withMemory = vmSnapshot !== undefined && vmSnapshot.suspend_VDI !== 'OpaqueRef:NULL'
   // isVhdDifferencing is either undefined or an object
   if (isVhdDifferencing !== undefined) {
     differencingVhds = Object.values(isVhdDifferencing).filter(t => t).length
@@ -30,6 +31,7 @@ function formatVmBackup(backup) {
           }),
 
     id: backup.id,
+    isImmutable: backup.isImmutable,
     jobId: backup.jobId,
     mode: backup.mode,
     scheduleId: backup.scheduleId,

@xen-orchestra/backups/package.json

@@ -8,7 +8,7 @@
     "type": "git",
     "url": "https://github.com/vatesfr/xen-orchestra.git"
   },
-  "version": "0.44.3",
+  "version": "0.44.6",
   "engines": {
     "node": ">=14.18"
   },
@@ -22,13 +22,13 @@
     "@vates/async-each": "^1.0.0",
     "@vates/cached-dns.lookup": "^1.0.0",
     "@vates/compose": "^2.1.0",
-    "@vates/decorate-with": "^2.0.0",
+    "@vates/decorate-with": "^2.1.0",
     "@vates/disposable": "^0.1.5",
-    "@vates/fuse-vhd": "^2.0.0",
+    "@vates/fuse-vhd": "^2.1.0",
     "@vates/nbd-client": "^3.0.0",
     "@vates/parse-duration": "^0.1.1",
     "@xen-orchestra/async-map": "^0.1.2",
-    "@xen-orchestra/fs": "^4.1.3",
+    "@xen-orchestra/fs": "^4.1.4",
     "@xen-orchestra/log": "^0.6.0",
     "@xen-orchestra/template": "^0.1.0",
     "app-conf": "^2.3.0",
@@ -45,7 +45,7 @@
     "tar": "^6.1.15",
     "uuid": "^9.0.0",
     "vhd-lib": "^4.9.0",
-    "xen-api": "^2.0.0",
+    "xen-api": "^2.0.1",
     "yazl": "^2.5.1"
   },
   "devDependencies": {
@@ -56,7 +56,7 @@
     "tmp": "^0.2.1"
   },
   "peerDependencies": {
-    "@xen-orchestra/xapi": "^4.1.0"
+    "@xen-orchestra/xapi": "^4.2.0"
   },
   "license": "AGPL-3.0-or-later",
   "author": {

@xen-orchestra/cr-seed-cli/package.json

@@ -18,7 +18,7 @@
   "preferGlobal": true,
   "dependencies": {
     "golike-defer": "^0.5.1",
-    "xen-api": "^2.0.0"
+    "xen-api": "^2.0.1"
   },
   "scripts": {
     "postversion": "npm publish"

@xen-orchestra/fs/package.json

@@ -1,7 +1,7 @@
 {
   "private": false,
   "name": "@xen-orchestra/fs",
-  "version": "4.1.3",
+  "version": "4.1.4",
   "license": "AGPL-3.0-or-later",
   "description": "The File System for Xen Orchestra backups.",
   "homepage": "https://github.com/vatesfr/xen-orchestra/tree/master/@xen-orchestra/fs",
@@ -28,7 +28,7 @@
     "@sindresorhus/df": "^3.1.1",
     "@vates/async-each": "^1.0.0",
     "@vates/coalesce-calls": "^0.1.0",
-    "@vates/decorate-with": "^2.0.0",
+    "@vates/decorate-with": "^2.1.0",
     "@vates/read-chunk": "^1.2.0",
     "@xen-orchestra/log": "^0.6.0",
     "bind-property-descriptor": "^2.0.0",

@xen-orchestra/fs/src/abstract.js

@@ -364,7 +364,7 @@ export default class RemoteHandlerAbstract {
     let data
     try {
       // this file is not encrypted
-      data = await this._readFile(normalizePath(ENCRYPTION_DESC_FILENAME), 'utf-8')
+      data = await this._readFile(normalizePath(ENCRYPTION_DESC_FILENAME))
       const json = JSON.parse(data)
       encryptionAlgorithm = json.algorithm
     } catch (error) {
@@ -377,7 +377,7 @@ export default class RemoteHandlerAbstract {
     try {
       this.#rawEncryptor = _getEncryptor(encryptionAlgorithm, this._remote.encryptionKey)
       // this file is encrypted
-      const data = await this.__readFile(ENCRYPTION_METADATA_FILENAME, 'utf-8')
+      const data = await this.__readFile(ENCRYPTION_METADATA_FILENAME)
       JSON.parse(data)
     } catch (error) {
       // can be enoent, bad algorithm, or broeken json ( bad key or algorithm)

@xen-orchestra/fs/src/local.js

@@ -171,7 +171,12 @@ export default class LocalHandler extends RemoteHandlerAbstract {
     }
   }
 
-  async _readFile(file, options) {
+  async _readFile(file, { flags, ...options } = {}) {
+    // contrary to createReadStream, readFile expect singular `flag`
+    if (flags !== undefined) {
+      options.flag = flags
+    }
+
     const filePath = this.getFilePath(file)
     return await this.#addSyncStackTrace(retry, () => fs.readFile(filePath, options), this.#retriesOnEagain)
   }

@xen-orchestra/fs/src/path.js

@@ -20,5 +20,7 @@ export function split(path) {
   return parts
 }
 
-export const relativeFromFile = (file, path) => relative(dirname(file), path)
+// paths are made absolute otherwise fs.relative() would resolve them against working directory
+export const relativeFromFile = (file, path) => relative(dirname(normalize(file)), normalize(path))
+
 export const resolveFromFile = (file, path) => resolve('/', dirname(file), path).slice(1)

@xen-orchestra/fs/src/path.test.js

@@ -0,0 +1,17 @@
+import { describe, it } from 'test'
+import { strict as assert } from 'assert'
+
+import { relativeFromFile } from './path.js'
+
+describe('relativeFromFile()', function () {
+  for (const [title, args] of Object.entries({
+    'file absolute and path absolute': ['/foo/bar/file.vhd', '/foo/baz/path.vhd'],
+    'file relative and path absolute': ['foo/bar/file.vhd', '/foo/baz/path.vhd'],
+    'file absolute and path relative': ['/foo/bar/file.vhd', 'foo/baz/path.vhd'],
+    'file relative and path relative': ['foo/bar/file.vhd', 'foo/baz/path.vhd'],
+  })) {
+    it('works with ' + title, function () {
+      assert.equal(relativeFromFile(...args), '../baz/path.vhd')
+    })
+  }
+})

@xen-orchestra/immutable-backups/.USAGE.md

@@ -0,0 +1,10 @@
+### make a remote immutable
+
+launch the `xo-immutable-remote` command. The configuration is stored in the config file.
+This script must be kept running to make file immutable reliably.
+
+### make file mutable
+
+launch the `xo-lift-remote-immutability` cli. The configuration is stored in the config file .
+
+If the config file have a `liftEvery`, this script will contiue to run and check regularly if there are files to update.

@xen-orchestra/immutable-backups/.npmignore

@@ -0,0 +1 @@
+../../scripts/npmignore

@xen-orchestra/immutable-backups/README.md

@@ -0,0 +1,41 @@
+<!-- DO NOT EDIT MANUALLY, THIS FILE HAS BEEN GENERATED -->
+
+# @xen-orchestra/immutable-backups
+
+[![Package Version](https://badgen.net/npm/v/@xen-orchestra/immutable-backups)](https://npmjs.org/package/@xen-orchestra/immutable-backups) ![License](https://badgen.net/npm/license/@xen-orchestra/immutable-backups) [![PackagePhobia](https://badgen.net/bundlephobia/minzip/@xen-orchestra/immutable-backups)](https://bundlephobia.com/result?p=@xen-orchestra/immutable-backups) [![Node compatibility](https://badgen.net/npm/node/@xen-orchestra/immutable-backups)](https://npmjs.org/package/@xen-orchestra/immutable-backups)
+
+## Install
+
+Installation of the [npm package](https://npmjs.org/package/@xen-orchestra/immutable-backups):
+
+```sh
+npm install --save @xen-orchestra/immutable-backups
+```
+
+## Usage
+
+### make a remote immutable
+
+launch the `xo-immutable-remote` command. The configuration is stored in the config file.
+This script must be kept running to make file immutable reliably.
+
+### make file mutable
+
+launch the `xo-lift-remote-immutability` cli. The configuration is stored in the config file .
+
+If the config file have a `liftEvery`, this script will contiue to run and check regularly if there are files to update.
+
+## Contributions
+
+Contributions are _very_ welcomed, either on the documentation or on
+the code.
+
+You may:
+
+- report any [issue](https://github.com/vatesfr/xen-orchestra/issues)
+  you've encountered;
+- fork and create a pull request.
+
+## License
+
+[AGPL-3.0-or-later](https://spdx.org/licenses/AGPL-3.0-or-later) © [Vates SAS](https://vates.fr)

@xen-orchestra/immutable-backups/_cleanXoCache.mjs

@@ -0,0 +1,10 @@
+import fs from 'node:fs/promises'
+import { dirname, join } from 'node:path'
+import isBackupMetadata from './isBackupMetadata.mjs'
+
+export default async path => {
+  if (isBackupMetadata(path)) {
+    // snipe vm metadata cache to force XO to update it
+    await fs.unlink(join(dirname(path), 'cache.json.gz'))
+  }
+}

@xen-orchestra/immutable-backups/_isInVhdDirectory.mjs

@@ -0,0 +1,4 @@
+import { dirname } from 'node:path'
+
+// check if we are handling file directly under a vhd directory ( bat, headr, footer,..)
+export default path => dirname(path).endsWith('.vhd')

@xen-orchestra/immutable-backups/_loadConfig.mjs

@@ -0,0 +1,46 @@
+import { load } from 'app-conf'
+import { homedir } from 'os'
+import { join } from 'node:path'
+import ms from 'ms'
+
+const APP_NAME = 'xo-immutable-backups'
+const APP_DIR = new URL('.', import.meta.url).pathname
+
+export default async function loadConfig() {
+  const config = await load(APP_NAME, {
+    appDir: APP_DIR,
+    ignoreUnknownFormats: true,
+  })
+  if (config.remotes === undefined || config.remotes?.length < 1) {
+    throw new Error(
+      'No remotes are configured in the config file, please add at least one [remotes.<remoteid>]  with a root property pointing to the absolute path of the remote to watch'
+    )
+  }
+  if (config.liftEvery) {
+    config.liftEvery = ms(config.liftEvery)
+  }
+  for (const [remoteId, { indexPath, immutabilityDuration, root }] of Object.entries(config.remotes)) {
+    if (!root) {
+      throw new Error(
+        `Remote ${remoteId} don't have a root property,containing the absolute path to the root of a backup repository `
+      )
+    }
+    if (!immutabilityDuration) {
+      throw new Error(
+        `Remote ${remoteId} don't have a immutabilityDuration property to indicate the minimal duration the backups should be  protected by immutability `
+      )
+    }
+    if (ms(immutabilityDuration) < ms('1d')) {
+      throw new Error(
+        `Remote ${remoteId} immutability duration is smaller than the minimum allowed (1d), current : ${immutabilityDuration}`
+      )
+    }
+    if (!indexPath) {
+      const basePath = indexPath ?? process.env.XDG_DATA_HOME ?? join(homedir(), '.local', 'share')
+      const immutabilityIndexPath = join(basePath, APP_NAME, remoteId)
+      config.remotes[remoteId].indexPath = immutabilityIndexPath
+    }
+    config.remotes[remoteId].immutabilityDuration = ms(immutabilityDuration)
+  }
+  return config
+}

@xen-orchestra/immutable-backups/config.toml

@@ -0,0 +1,14 @@
+
+# how often does the lift immutability script will run to check if 
+# some files need to be made mutable 
+liftEvery =  1h
+
+# you can add as many remote as you want, if you change the id ( here : remote1)
+#[remotes.remote1]
+#root = "/mnt/ssd/vhdblock/" # the absolute path of the root of the backup repository
+#immutabilityDuration = 7d # mandatory
+# optional, default value is false will scan and update the index on start, can be expensive
+#rebuildIndexOnStart = true 
+
+# the index path is optional, default in XDG_DATA_HOME, or if this is not set, in ~/.local/share
+#indexPath = "/var/lib/" # will add automatically the application name immutable-backup 

@xen-orchestra/immutable-backups/directory.integ.mjs

@@ -0,0 +1,33 @@
+import { describe, it } from 'node:test'
+import assert from 'node:assert/strict'
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import { tmpdir } from 'node:os'
+import * as Directory from './directory.mjs'
+import { rimraf } from 'rimraf'
+
+describe('immutable-backups/file', async () => {
+  it('really lock a directory', async () => {
+    const dir = await fs.mkdtemp(path.join(tmpdir(), 'immutable-backups-tests'))
+    const dataDir = path.join(dir, 'data')
+    await fs.mkdir(dataDir)
+    const immutDir = path.join(dir, '.immutable')
+    const filePath = path.join(dataDir, 'test')
+    await fs.writeFile(filePath, 'data')
+    await Directory.makeImmutable(dataDir, immutDir)
+    assert.strictEqual(await Directory.isImmutable(dataDir), true)
+    await assert.rejects(() => fs.writeFile(filePath, 'data'))
+    await assert.rejects(() => fs.appendFile(filePath, 'data'))
+    await assert.rejects(() => fs.unlink(filePath))
+    await assert.rejects(() => fs.rename(filePath, filePath + 'copy'))
+    await assert.rejects(() => fs.writeFile(path.join(dataDir, 'test2'), 'data'))
+    await assert.rejects(() => fs.rename(dataDir, dataDir + 'copy'))
+    await Directory.liftImmutability(dataDir, immutDir)
+    assert.strictEqual(await Directory.isImmutable(dataDir), false)
+    await fs.writeFile(filePath, 'data')
+    await fs.appendFile(filePath, 'data')
+    await fs.unlink(filePath)
+    await fs.rename(dataDir, dataDir + 'copy')
+    await rimraf(dir)
+  })
+})

@xen-orchestra/immutable-backups/directory.mjs

@@ -0,0 +1,21 @@
+import execa from 'execa'
+import { unindexFile, indexFile } from './fileIndex.mjs'
+
+export async function makeImmutable(dirPath, immutabilityCachePath) {
+  if (immutabilityCachePath) {
+    await indexFile(dirPath, immutabilityCachePath)
+  }
+  await execa('chattr', ['+i', '-R', dirPath])
+}
+
+export async function liftImmutability(dirPath, immutabilityCachePath) {
+  if (immutabilityCachePath) {
+    await unindexFile(dirPath, immutabilityCachePath)
+  }
+  await execa('chattr', ['-i', '-R', dirPath])
+}
+
+export async function isImmutable(path) {
+  const { stdout } = await execa('lsattr', ['-d', path])
+  return stdout[4] === 'i'
+}

@xen-orchestra/immutable-backups/doc.md

@@ -0,0 +1,114 @@
+# Imutability
+
+the goal is to make a remote that XO can write, but not modify during the immutability duration set on the remote. That way, it's not possible for XO to delete or encrypt any backup during this period. It protects your backup agains ransomware, at least as long as the attacker does not have a root access to the remote server.
+
+We target `governance` type of immutability, **the local root account of the remote server will be able to lift immutability**.
+
+We use the file system capabilities, they are tested on the protection process start.
+
+It is compatible with encryption at rest made by XO.
+
+## Prerequisites
+
+The commands must be run as root on the remote, or by a user with the `CAP_LINUX_IMMUTABLE` capability . On start, the protect process writes into the remote `imutability.json` file its status and the immutability duration.
+
+the `chattr` and `lsattr` should be installed on the system
+
+## Configuring
+
+this package uses app-conf to store its config. The application name is `xo-immutable-backup`. A sample config file is provided in this package.
+
+## Making a file immutable
+
+when marking a file or a folder immutable, it create an alias file in the `<indexPath>/<DayOfFileCreation>/<sha256(fullpath)>`.
+
+`indexPath` can be defined in the config file, otherwise `XDG_HOME` is used. If not available it goes to `~/.local/share`
+
+This index is used when lifting the immutability of the remote, it will only look at the old enough `<indexPath>/<DayOfFileCreation>/` folders.
+
+## Real time protecting
+
+On start, the watcher will create the index if it does not exists.
+It will also do a checkup to ensure immutability could work on this remote and handle the easiest issues.
+
+The watching process depends on the backup type, since we don't want to make temporary files and cache immutable.
+
+It won't protect files during upload, only when the files have been completly written on disk. Real time, in this case, means "protecting critical files as soon as possible after they are uploaded"
+
+This can be alleviated by :
+
+- Coupling immutability with encryption to ensure the file is not modified
+- Making health check to ensure the data are exactly as the snapshot data
+
+List of protected files :
+
+```js
+const PATHS = [
+  // xo configuration backupq
+  'xo-config-backups/*/*/data',
+  'xo-config-backups/*/*/data.json',
+  'xo-config-backups/*/*/metadata.json',
+  // pool backupq
+  'xo-pool-metadata-backups/*/metadata.json',
+  'xo-pool-metadata-backups/*/data',
+  // vm backups , xo-vm-backups/<vmuuid>/
+  'xo-vm-backups/*/*.json',
+  'xo-vm-backups/*/*.xva',
+  'xo-vm-backups/*/*.xva.checksum',
+  // xo-vm-backups/<vmuuid>/vdis/<jobid>/<vdiUuid>
+  'xo-vm-backups/*/vdis/*/*/*.vhd', // can be an alias or a vhd file
+  // for vhd directory :
+  'xo-vm-backups/*/vdis/*/*/data/*.vhd/bat',
+  'xo-vm-backups/*/vdis/*/*/data/*.vhd/header',
+  'xo-vm-backups/*/vdis/*/*/data/*.vhd/footer',
+]
+```
+
+## Releasing protection on old enough files on a remote
+
+the watcher will periodically check if some file must by unlocked
+
+## Troubleshooting
+
+### some files are still locked
+
+add the `rebuildIndexOnStart` option to the config file
+
+### make remote fully mutable again
+
+- Update the immutability setting with a 0 duration
+- launch the `liftProtection` cli.
+- remove the `protectRemotes` service
+
+### increasing the immutability duration
+
+this will prolong immutable file, but won't protect files that are already out of immutability
+
+### reducing the immutability duration
+
+change the setting, and launch the `liftProtection` cli , or wait for next planed execution
+
+### why are my incremental backups not marked as protected in XO ?
+
+are not marked as protected in XO ?
+
+For incremental backups to be marked as protected in XO, the entire chain must be under protection. To ensure at least 7 days of backups are protected, you need to set the immutability duration and retention at 14 days, the full backup interval at 7 days
+
+That means that if the last backup chain is complete ( 7 backup ) it is completely under protection, and if not, the precedent chain is also under protection. K are key backups, and are delta
+
+```
+Kd Kdddddd Kdddddd K #  8 backups protected, 2 chains
+K Kdddddd Kdddddd Kd #  9 backups protected, 2 chains
+ Kdddddd Kdddddd Kdd # 10 backups protected, 2 chains
+ Kddddd Kdddddd Kddd # 11 backups protected, 2 chains
+ Kdddd Kdddddd Kdddd # 12 backups protected, 2 chains
+ Kddd Kdddddd Kddddd # 13 backups protected, 2 chains
+ Kdd Kdddddd Kdddddd #  7 backups protected, 1 chain since precedent full is now mutable
+Kd Kdddddd Kdddddd K #  8 backups protected, 2 chains
+```
+
+### Why doesn't the protect process start ?
+
+- it should be run as root or by a user with the `CAP_LINUX_IMMUTABLE` capability
+- the underlying file system should support immutability, especially the `chattr` and `lsattr` command
+- logs are in journalctl

@xen-orchestra/immutable-backups/file.integ.mjs

@@ -0,0 +1,29 @@
+import { describe, it } from 'node:test'
+import assert from 'node:assert/strict'
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import * as File from './file.mjs'
+import { tmpdir } from 'node:os'
+import { rimraf } from 'rimraf'
+
+describe('immutable-backups/file', async () => {
+  it('really lock a file', async () => {
+    const dir = await fs.mkdtemp(path.join(tmpdir(), 'immutable-backups-tests'))
+    const immutDir = path.join(dir, '.immutable')
+    const filePath = path.join(dir, 'test.ext')
+    await fs.writeFile(filePath, 'data')
+    assert.strictEqual(await File.isImmutable(filePath), false)
+    await File.makeImmutable(filePath, immutDir)
+    assert.strictEqual(await File.isImmutable(filePath), true)
+    await assert.rejects(() => fs.writeFile(filePath, 'data'))
+    await assert.rejects(() => fs.appendFile(filePath, 'data'))
+    await assert.rejects(() => fs.unlink(filePath))
+    await assert.rejects(() => fs.rename(filePath, filePath + 'copy'))
+    await File.liftImmutability(filePath, immutDir)
+    assert.strictEqual(await File.isImmutable(filePath), false)
+    await fs.writeFile(filePath, 'data')
+    await fs.appendFile(filePath, 'data')
+    await fs.unlink(filePath)
+    await rimraf(dir)
+  })
+})

@xen-orchestra/immutable-backups/file.mjs

@@ -0,0 +1,24 @@
+import execa from 'execa'
+import { unindexFile, indexFile } from './fileIndex.mjs'
+
+// this work only on linux like systems
+// this could work on windows : https://4sysops.com/archives/set-and-remove-the-read-only-file-attribute-with-powershell/
+
+export async function makeImmutable(path, immutabilityCachePath) {
+  if (immutabilityCachePath) {
+    await indexFile(path, immutabilityCachePath)
+  }
+  await execa('chattr', ['+i', path])
+}
+
+export async function liftImmutability(filePath, immutabilityCachePath) {
+  if (immutabilityCachePath) {
+    await unindexFile(filePath, immutabilityCachePath)
+  }
+  await execa('chattr', ['-i', filePath])
+}
+
+export async function isImmutable(path) {
+  const { stdout } = await execa('lsattr', ['-d', path])
+  return stdout[4] === 'i'
+}

@xen-orchestra/immutable-backups/fileIndex.integ.mjs

@@ -0,0 +1,81 @@
+import { describe, it } from 'node:test'
+import assert from 'node:assert/strict'
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import * as FileIndex from './fileIndex.mjs'
+import * as Directory from './directory.mjs'
+import { tmpdir } from 'node:os'
+import { rimraf } from 'rimraf'
+
+describe('immutable-backups/fileIndex', async () => {
+  it('index File changes', async () => {
+    const dir = await fs.mkdtemp(path.join(tmpdir(), 'immutable-backups-tests'))
+    const immutDir = path.join(dir, '.immutable')
+    const filePath = path.join(dir, 'test.ext')
+
+    await fs.writeFile(filePath, 'data')
+    await FileIndex.indexFile(filePath, immutDir)
+    await fs.mkdir(path.join(immutDir, 'NOTADATE'))
+    await fs.writeFile(path.join(immutDir, 'NOTADATE.file'), 'content')
+    let nb = 0
+    let index, target
+    for await ({ index, target } of FileIndex.listOlderTargets(immutDir, 0)) {
+      assert.strictEqual(true, false, 'Nothing should be eligible for deletion')
+    }
+    nb = 0
+    for await ({ index, target } of FileIndex.listOlderTargets(immutDir, -24 * 60 * 60 * 1000)) {
+      assert.strictEqual(target, filePath)
+      await fs.unlink(index)
+      nb++
+    }
+    assert.strictEqual(nb, 1)
+    await fs.rmdir(path.join(immutDir, 'NOTADATE'))
+    await fs.rm(path.join(immutDir, 'NOTADATE.file'))
+    for await ({ index, target } of FileIndex.listOlderTargets(immutDir, -24 * 60 * 60 * 1000)) {
+      // should remove the empty dir
+      assert.strictEqual(true, false, 'Nothing should have stayed here')
+    }
+    assert.strictEqual((await fs.readdir(immutDir)).length, 0)
+    await rimraf(dir)
+  })
+
+  it('fails correctly', async () => {
+    const dir = await fs.mkdtemp(path.join(tmpdir(), 'immutable-backups-tests'))
+    const immutDir = path.join(dir, '.immutable')
+    await fs.mkdir(immutDir)
+    const placeholderFile = path.join(dir, 'test.ext')
+    await fs.writeFile(placeholderFile, 'data')
+    await FileIndex.indexFile(placeholderFile, immutDir)
+
+    const filePath = path.join(dir, 'test2.ext')
+    await fs.writeFile(filePath, 'data')
+    await FileIndex.indexFile(filePath, immutDir)
+    await assert.rejects(() => FileIndex.indexFile(filePath, immutDir), { code: 'EEXIST' })
+
+    await Directory.makeImmutable(immutDir)
+    await assert.rejects(() => FileIndex.unindexFile(filePath, immutDir), { code: 'EPERM' })
+    await Directory.liftImmutability(immutDir)
+    await rimraf(dir)
+  })
+
+  it('handles bomb index files', async () => {
+    const dir = await fs.mkdtemp(path.join(tmpdir(), 'immutable-backups-tests'))
+    const immutDir = path.join(dir, '.immutable')
+    await fs.mkdir(immutDir)
+    const placeholderFile = path.join(dir, 'test.ext')
+    await fs.writeFile(placeholderFile, 'data')
+    await FileIndex.indexFile(placeholderFile, immutDir)
+
+    const indexDayDir = path.join(immutDir, '1980,11-28')
+    await fs.mkdir(indexDayDir)
+    await fs.writeFile(path.join(indexDayDir, 'big'), Buffer.alloc(2 * 1024 * 1024))
+    assert.rejects(async () => {
+      let index, target
+      for await ({ index, target } of FileIndex.listOlderTargets(immutDir, 0)) {
+        // should remove the empty dir
+        assert.strictEqual(true, false, `Nothing should have stayed here, got ${index} ${target}`)
+      }
+    })
+    await rimraf(dir)
+  })
+})

@xen-orchestra/immutable-backups/fileIndex.mjs

@@ -0,0 +1,88 @@
+import { join } from 'node:path'
+import { createHash } from 'node:crypto'
+import fs from 'node:fs/promises'
+import { dirname } from 'path'
+const MAX_INDEX_FILE_SIZE = 1024 * 1024
+function sha256(content) {
+  return createHash('sha256').update(content).digest('hex')
+}
+
+function formatDate(date) {
+  return date.toISOString().split('T')[0]
+}
+
+async function computeIndexFilePath(path, immutabilityIndexPath) {
+  const stat = await fs.stat(path)
+  const date = new Date(stat.birthtimeMs)
+  const day = formatDate(date)
+  const hash = sha256(path)
+  return join(immutabilityIndexPath, day, hash)
+}
+
+export async function indexFile(path, immutabilityIndexPath) {
+  const indexFilePath = await computeIndexFilePath(path, immutabilityIndexPath)
+  try {
+    await fs.writeFile(indexFilePath, path, { flag: 'wx' })
+  } catch (err) {
+    // missing dir: make it
+    if (err.code === 'ENOENT') {
+      await fs.mkdir(dirname(indexFilePath), { recursive: true })
+      await fs.writeFile(indexFilePath, path)
+    } else {
+      throw err
+    }
+  }
+  return indexFilePath
+}
+
+export async function unindexFile(path, immutabilityIndexPath) {
+  try {
+    const cacheFileName = await computeIndexFilePath(path, immutabilityIndexPath)
+    await fs.unlink(cacheFileName)
+  } catch (err) {
+    if (err.code !== 'ENOENT') {
+      throw err
+    }
+  }
+}
+
+export async function* listOlderTargets(immutabilityCachePath, immutabilityDuration) {
+  // walk all dir by day until  the limit day
+  const limitDate = new Date(Date.now() - immutabilityDuration)
+
+  const limitDay = formatDate(limitDate)
+  const dir = await fs.opendir(immutabilityCachePath)
+  for await (const dirent of dir) {
+    if (dirent.isFile()) {
+      continue
+    }
+    // ensure we have a valid date
+    if (isNaN(new Date(dirent.name))) {
+      continue
+    }
+    // recent enough to be kept
+    if (dirent.name >= limitDay) {
+      continue
+    }
+    const subDirPath = join(immutabilityCachePath, dirent.name)
+    const subdir = await fs.opendir(subDirPath)
+    let nb = 0
+    for await (const hashFileEntry of subdir) {
+      const entryFullPath = join(subDirPath, hashFileEntry.name)
+      const { size } = await fs.stat(entryFullPath)
+      if (size > MAX_INDEX_FILE_SIZE) {
+        throw new Error(`Index file at ${entryFullPath} is too big, ${size} bytes `)
+      }
+      const targetPath = await fs.readFile(entryFullPath, { encoding: 'utf8' })
+      yield {
+        index: entryFullPath,
+        target: targetPath,
+      }
+      nb++
+    }
+    // cleanup older folder
+    if (nb === 0) {
+      await fs.rmdir(subDirPath)
+    }
+  }
+}

@xen-orchestra/immutable-backups/isBackupMetadata.mjs

@@ -0,0 +1 @@
+export default path => path.match(/xo-vm-backups\/[^/]+\/[^/]+\.json$/)

@xen-orchestra/immutable-backups/liftProtection.mjs

@@ -0,0 +1,37 @@
+#!/usr/bin/env node
+
+import fs from 'node:fs/promises'
+import * as Directory from './directory.mjs'
+import { createLogger } from '@xen-orchestra/log'
+import { listOlderTargets } from './fileIndex.mjs'
+import cleanXoCache from './_cleanXoCache.mjs'
+import loadConfig from './_loadConfig.mjs'
+
+const { info, warn } = createLogger('xen-orchestra:immutable-backups:liftProtection')
+
+async function liftRemoteImmutability(immutabilityCachePath, immutabilityDuration) {
+  for await (const { index, target } of listOlderTargets(immutabilityCachePath, immutabilityDuration)) {
+    await Directory.liftImmutability(target, immutabilityCachePath)
+    await fs.unlink(index)
+    await cleanXoCache(target)
+  }
+}
+
+async function liftImmutability(remotes) {
+  for (const [remoteId, { indexPath, immutabilityDuration }] of Object.entries(remotes)) {
+    liftRemoteImmutability(indexPath, immutabilityDuration).catch(err =>
+      warn('error during watchRemote', { err, remoteId, indexPath, immutabilityDuration })
+    )
+  }
+}
+
+const { liftEvery, remotes } = await loadConfig()
+
+if (liftEvery > 0) {
+  info('setup watcher for immutability lifting')
+  setInterval(async () => {
+    liftImmutability(remotes)
+  }, liftEvery)
+} else {
+  liftImmutability(remotes)
+}

@xen-orchestra/immutable-backups/package.json

@@ -0,0 +1,42 @@
+{
+  "private": false,
+  "name": "@xen-orchestra/immutable-backups",
+  "homepage": "https://github.com/vatesfr/xen-orchestra/tree/master/@xen-orchestra/immutable-backups",
+  "bugs": "https://github.com/vatesfr/xen-orchestra/issues",
+  "repository": {
+    "directory": "@xen-orchestra/immutable-backups",
+    "type": "git",
+    "url": "https://github.com/vatesfr/xen-orchestra.git"
+  },
+  "author": {
+    "name": "Vates SAS",
+    "url": "https://vates.fr"
+  },
+  "bin": {
+    "xo-immutable-remote": "./protectRemotes.mjs",
+    "xo-lift-remote-immutability": "./liftProtection.mjs"
+  },
+  "license": "AGPL-3.0-or-later",
+  "version": "1.0.1",
+  "engines": {
+    "node": ">=14.0.0"
+  },
+  "dependencies": {
+    "@vates/async-each": "^1.0.0",
+    "@xen-orchestra/backups": "^0.44.6",
+    "@xen-orchestra/log": "^0.6.0",
+    "app-conf": "^2.3.0",
+    "chokidar": "^3.5.3",
+    "execa": "^5.0.0",
+    "ms": "^2.1.3",
+    "vhd-lib": "^4.7.0"
+  },
+  "devDependencies": {
+    "rimraf": "^5.0.5",
+    "tap": "^18.6.1"
+  },
+  "scripts": {
+    "postversion": "npm publish --access public",
+    "test-integration": "tap  *.integ.mjs"
+  }
+}

@xen-orchestra/immutable-backups/protectRemotes.mjs

@@ -0,0 +1,191 @@
+#!/usr/bin/env node
+
+import fs from 'node:fs/promises'
+import * as File from './file.mjs'
+import * as Directory from './directory.mjs'
+import assert from 'node:assert'
+import { dirname, join, sep } from 'node:path'
+import { createLogger } from '@xen-orchestra/log'
+import chokidar from 'chokidar'
+import { indexFile } from './fileIndex.mjs'
+import cleanXoCache from './_cleanXoCache.mjs'
+import loadConfig from './_loadConfig.mjs'
+import isInVhdDirectory from './_isInVhdDirectory.mjs'
+const { debug, info, warn } = createLogger('xen-orchestra:immutable-backups:remote')
+
+async function test(remotePath, indexPath) {
+  await fs.readdir(remotePath)
+
+  const testPath = join(remotePath, '.test-immut')
+  // cleanup
+  try {
+    await File.liftImmutability(testPath, indexPath)
+    await fs.unlink(testPath)
+  } catch (err) {}
+  // can create , modify and delete a file
+  await fs.writeFile(testPath, `test immut ${new Date()}`)
+  await fs.writeFile(testPath, `test immut change 1 ${new Date()}`)
+  await fs.unlink(testPath)
+
+  // cannot modify or delete an immutable file
+  await fs.writeFile(testPath, `test immut ${new Date()}`)
+  await File.makeImmutable(testPath, indexPath)
+  await assert.rejects(fs.writeFile(testPath, `test immut change 2  ${new Date()}`), { code: 'EPERM' })
+  await assert.rejects(fs.unlink(testPath), { code: 'EPERM' })
+  // can modify and delete a file after lifting immutability
+  await File.liftImmutability(testPath, indexPath)
+
+  await fs.writeFile(testPath, `test immut change 3 ${new Date()}`)
+  await fs.unlink(testPath)
+}
+async function handleExistingFile(root, indexPath, path) {
+  try {
+    // a vhd block directory is completly immutable
+    if (isInVhdDirectory(path)) {
+      // this will trigger 3 times per vhd blocks
+      const dir = join(root, dirname(path))
+      if (Directory.isImmutable(dir)) {
+        await indexFile(dir, indexPath)
+      }
+    } else {
+      // other files are immutable a file basis
+      const fullPath = join(root, path)
+      if (File.isImmutable(fullPath)) {
+        await indexFile(fullPath, indexPath)
+      }
+    }
+  } catch (error) {
+    if (error.code !== 'EEXIST') {
+      // there can be a symbolic link in the tree
+      warn('handleExistingFile', { error })
+    }
+  }
+}
+
+async function handleNewFile(root, indexPath, pendingVhds, path) {
+  // with awaitWriteFinish we have complete files here
+  // we can make them immutable
+
+  if (isInVhdDirectory(path)) {
+    // watching a vhd block
+    // wait for header/footer and BAT before making this immutable recursively
+    const splitted = path.split(sep)
+    const vmUuid = splitted[1]
+    const vdiUuid = splitted[4]
+    const uniqPath = `${vmUuid}/${vdiUuid}`
+    const { existing } = pendingVhds.get(uniqPath) ?? {}
+    if (existing === undefined) {
+      pendingVhds.set(uniqPath, { existing: 1, lastModified: Date.now() })
+    } else {
+      // already two of the key files,and we got the last one
+      if (existing === 2) {
+        await Directory.makeImmutable(join(root, dirname(path)), indexPath)
+        pendingVhds.delete(uniqPath)
+      } else {
+        // wait for the other
+        pendingVhds.set(uniqPath, { existing: existing + 1, lastModified: Date.now() })
+      }
+    }
+  } else {
+    const fullFilePath = join(root, path)
+    await File.makeImmutable(fullFilePath, indexPath)
+    await cleanXoCache(fullFilePath)
+  }
+}
+export async function watchRemote(remoteId, { root, immutabilityDuration, rebuildIndexOnStart = false, indexPath }) {
+  // create index directory
+  await fs.mkdir(indexPath, { recursive: true })
+
+  // test if fs and index directories are well configured
+  await test(root, indexPath)
+
+  // add duration and watch status in the metadata.json of the remote
+  const settingPath = join(root, 'immutability.json')
+  try {
+    // this file won't be made mutable by liftimmutability
+    await File.liftImmutability(settingPath)
+  } catch (error) {
+    // file may not exists, and it's not really a problem
+    info('lifting immutability on current settings', { error })
+  }
+  await fs.writeFile(
+    settingPath,
+    JSON.stringify({
+      since: Date.now(),
+      immutable: true,
+      duration: immutabilityDuration,
+    })
+  )
+  // no index path in makeImmutable(): the immutability won't be lifted
+  File.makeImmutable(settingPath)
+
+  // we wait for footer/header AND BAT to be written before locking a vhd directory
+  // this map allow us to track the vhd with partial metadata
+  const pendingVhds = new Map()
+  // cleanup pending vhd map periodically
+  setInterval(
+    () => {
+      pendingVhds.forEach(({ lastModified, existing }, path) => {
+        if (Date.now() - lastModified > 60 * 60 * 1000) {
+          pendingVhds.delete(path)
+          warn(`vhd at ${path} is incomplete since ${lastModified}`, { existing, lastModified, path })
+        }
+      })
+    },
+    60 * 60 * 1000
+  )
+
+  // watch the remote for any new VM metadata json file
+  const PATHS = [
+    'xo-config-backups/*/*/data',
+    'xo-config-backups/*/*/data.json',
+    'xo-config-backups/*/*/metadata.json',
+    'xo-pool-metadata-backups/*/metadata.json',
+    'xo-pool-metadata-backups/*/data',
+    // xo-vm-backups/<vmuuid>/
+    'xo-vm-backups/*/*.json',
+    'xo-vm-backups/*/*.xva',
+    'xo-vm-backups/*/*.xva.checksum',
+    // xo-vm-backups/<vmuuid>/vdis/<jobid>/<vdiUuid>
+    'xo-vm-backups/*/vdis/*/*/*.vhd', // can be an alias or a vhd file
+    // for vhd directory :
+    'xo-vm-backups/*/vdis/*/*/data/*.vhd/bat',
+    'xo-vm-backups/*/vdis/*/*/data/*.vhd/header',
+    'xo-vm-backups/*/vdis/*/*/data/*.vhd/footer',
+  ]
+
+  let ready = false
+  const watcher = chokidar.watch(PATHS, {
+    ignored: [
+      /(^|[/\\])\../, // ignore dotfiles
+      /\.lock$/,
+    ],
+    cwd: root,
+    recursive: false, // vhd directory can generate a lot of folder, don't let chokidar choke on this
+    ignoreInitial: !rebuildIndexOnStart,
+    depth: 7,
+    awaitWriteFinish: true,
+  })
+
+  // Add event listeners.
+  watcher
+    .on('add', async path => {
+      debug(`File ${path} has been added ${path.split('/').length}`)
+      if (ready) {
+        await handleNewFile(root, indexPath, pendingVhds, path)
+      } else {
+        await handleExistingFile(root, indexPath, path)
+      }
+    })
+    .on('error', error => warn(`Watcher error: ${error}`))
+    .on('ready', () => {
+      ready = true
+      info('Ready for changes')
+    })
+}
+
+const { remotes } = await loadConfig()
+
+for (const [remoteId, remote] of Object.entries(remotes)) {
+  watchRemote(remoteId, remote).catch(err => warn('error during watchRemote', { err, remoteId, remote }))
+}

@xen-orchestra/lite/package.json

@@ -26,8 +26,8 @@
     "@types/d3-time-format": "^4.0.3",
     "@types/file-saver": "^2.0.7",
     "@types/lodash-es": "^4.17.12",
-    "@types/node": "^18.19.5",
-    "@vitejs/plugin-vue": "^5.0.2",
+    "@types/node": "^18.19.7",
+    "@vitejs/plugin-vue": "^5.0.3",
     "@vue/tsconfig": "^0.5.1",
     "@vueuse/core": "^10.7.1",
     "@vueuse/math": "^10.7.1",
@@ -55,13 +55,13 @@
     "postcss-color-function": "^4.1.0",
     "postcss-custom-media": "^10.0.2",
     "postcss-nested": "^6.0.1",
-    "typescript": "^5.3.3",
+    "typescript": "~5.3.3",
     "vite": "^5.0.11",
-    "vue": "^3.4.7",
+    "vue": "^3.4.13",
     "vue-echarts": "^6.6.8",
     "vue-i18n": "^9.9.0",
     "vue-router": "^4.2.5",
-    "vue-tsc": "^1.8.22",
+    "vue-tsc": "^1.8.27",
     "zx": "^7.2.3"
   },
   "private": true,

@xen-orchestra/lite/src/libs/xapi-stats.ts

@@ -50,7 +50,17 @@ const RRD_POINTS_PER_STEP: { [key in RRD_STEP]: number } = {
 // Utils
 // -------------------------------------------------------------------
 
-function convertNanToNull(value: number) {
+function parseNumber(value: number | string) {
+  // Starting from XAPI 23.31, numbers in the JSON payload are encoded as
+  // strings to support NaN, Infinity and -Infinity
+  if (typeof value === 'string') {
+    const asNumber = +value
+    if (isNaN(asNumber) && value !== 'NaN') {
+      throw new Error('cannot parse number: ' + value)
+    }
+    value = asNumber
+  }
+
   return isNaN(value) ? null : value
 }
 
@@ -59,7 +69,7 @@ function convertNanToNull(value: number) {
 // -------------------------------------------------------------------
 
 const computeValues = (dataRow: any, legendIndex: number, transformValue = identity) =>
-  map(dataRow, ({ values }) => transformValue(convertNanToNull(values[legendIndex])))
+  map(dataRow, ({ values }) => transformValue(parseNumber(values[legendIndex])))
 
 const createGetProperty = (obj: object, property: string, defaultValue: unknown) =>
   defaults(obj, { [property]: defaultValue })[property] as any
@@ -319,8 +329,14 @@ export default class XapiStats {
       },
       abortSignal,
     })
-    // eslint-disable-next-line import/no-named-as-default-member -- https://github.com/json5/json5/issues/287
-    return JSON5.parse(await resp.text())
+    const text = await resp.text()
+    try {
+      // starting from XAPI 23.31, the response is valid JSON
+      return JSON.parse(text)
+    } catch (error) {
+      // eslint-disable-next-line import/no-named-as-default-member -- https://github.com/json5/json5/issues/287
+      return JSON5.parse(text)
+    }
   }
 
   // To avoid multiple requests, we keep a cache for the stats and
@@ -383,7 +399,10 @@ export default class XapiStats {
         abortSignal,
       })
 
-      const actualStep = json.meta.step as number
+      const actualStep = parseNumber(json.meta.step)
+      if (actualStep !== step) {
+        throw new FaultyGranularity(`Unable to get the true granularity: ${actualStep}`)
+      }
 
       if (json.data.length > 0) {
         // fetched data is organized from the newest to the oldest
@@ -407,14 +426,15 @@ export default class XapiStats {
 
           let stepStats = xoObjectStats[actualStep]
           let cacheStepStats = cacheXoObjectStats[actualStep]
-          if (stepStats === undefined || stepStats.endTimestamp !== json.meta.end) {
+          const endTimestamp = parseNumber(json.meta.end)
+          if (stepStats === undefined || stepStats.endTimestamp !== endTimestamp) {
             stepStats = xoObjectStats[actualStep] = {
-              endTimestamp: json.meta.end,
+              endTimestamp,
               interval: actualStep,
               canBeExpired: false,
             }
             cacheStepStats = cacheXoObjectStats[actualStep] = {
-              endTimestamp: json.meta.end,
+              endTimestamp,
               interval: actualStep,
               canBeExpired: true,
             }
@@ -438,10 +458,6 @@ export default class XapiStats {
           })
         })
       }
-
-      if (actualStep !== step) {
-        throw new FaultyGranularity(`Unable to get the true granularity: ${actualStep}`)
-      }
     } catch (error) {
       if (error instanceof Error && error.name === 'AbortError') {
         return

@xen-orchestra/lite/tsconfig.app.json

@@ -1,13 +1,15 @@
 {
   "extends": "@vue/tsconfig/tsconfig.dom.json",
-  "include": ["env.d.ts", "src/**/*", "src/**/*.vue"],
+  "include": ["env.d.ts", "src/**/*", "src/**/*.vue", "../web-core/lib/**/*", "../web-core/lib/**/*.vue"],
   "exclude": ["src/**/__tests__/*"],
   "compilerOptions": {
     "composite": true,
     "noEmit": true,
     "baseUrl": ".",
+    "rootDir": "..",
     "paths": {
-      "@/*": ["./src/*"]
+      "@/*": ["./src/*"],
+      "@core/*": ["../web-core/lib/*"]
     }
   }
 }

@xen-orchestra/lite/tsconfig.json

@@ -2,10 +2,10 @@
   "files": [],
   "references": [
     {
-      "path": "./tsconfig.node.json"
+      "path": "./tsconfig.node.json",
     },
     {
-      "path": "./tsconfig.app.json"
-    }
-  ]
+      "path": "./tsconfig.app.json",
+    },
+  ],
 }

@xen-orchestra/lite/vite.config.ts

@@ -23,6 +23,7 @@ export default defineConfig({
   resolve: {
     alias: {
       '@': fileURLToPath(new URL('./src', import.meta.url)),
+      '@core': fileURLToPath(new URL('../web-core/lib', import.meta.url)),
     },
   },
 

@xen-orchestra/log/.USAGE.md

@@ -27,6 +27,16 @@ log.error('could not join server', {
 })
 ```
 
+A logging method has the following signature:
+
+```ts
+interface LoggingMethod {
+  (error): void
+
+  (message: string, data?: { error?: Error; [property: string]: any }): void
+}
+```
+
 ### Consumer
 
 Then, at application level, configure the logs are handled:

@xen-orchestra/log/README.md

@@ -45,6 +45,16 @@ log.error('could not join server', {
 })
 ```
 
+A logging method has the following signature:
+
+```ts
+interface LoggingMethod {
+  (error): void
+
+  (message: string, data?: { error?: Error; [property: string]: any }): void
+}
+```
+
 ### Consumer
 
 Then, at application level, configure the logs are handled:

@xen-orchestra/proxy/package.json

@@ -1,7 +1,7 @@
 {
   "private": true,
   "name": "@xen-orchestra/proxy",
-  "version": "0.26.42",
+  "version": "0.26.45",
   "license": "AGPL-3.0-or-later",
   "description": "XO Proxy used to remotely execute backup jobs",
   "keywords": [
@@ -29,16 +29,16 @@
     "@koa/router": "^12.0.0",
     "@vates/cached-dns.lookup": "^1.0.0",
     "@vates/compose": "^2.1.0",
-    "@vates/decorate-with": "^2.0.0",
+    "@vates/decorate-with": "^2.1.0",
     "@vates/disposable": "^0.1.5",
     "@xen-orchestra/async-map": "^0.1.2",
-    "@xen-orchestra/backups": "^0.44.3",
-    "@xen-orchestra/fs": "^4.1.3",
+    "@xen-orchestra/backups": "^0.44.6",
+    "@xen-orchestra/fs": "^4.1.4",
     "@xen-orchestra/log": "^0.6.0",
     "@xen-orchestra/mixin": "^0.1.0",
     "@xen-orchestra/mixins": "^0.14.0",
-    "@xen-orchestra/self-signed": "^0.1.3",
-    "@xen-orchestra/xapi": "^4.1.0",
+    "@xen-orchestra/self-signed": "^0.2.0",
+    "@xen-orchestra/xapi": "^4.2.0",
     "ajv": "^8.0.3",
     "app-conf": "^2.3.0",
     "async-iterator-to-stream": "^1.1.0",
@@ -60,7 +60,7 @@
     "source-map-support": "^0.5.16",
     "stoppable": "^1.0.6",
     "xdg-basedir": "^5.1.0",
-    "xen-api": "^2.0.0",
+    "xen-api": "^2.0.1",
     "xo-common": "^0.8.0"
   },
   "devDependencies": {

@xen-orchestra/self-signed/package.json

@@ -9,7 +9,7 @@
     "type": "git",
     "url": "https://github.com/vatesfr/xen-orchestra.git"
   },
-  "version": "0.1.3",
+  "version": "0.2.0",
   "engines": {
     "node": ">=15.6"
   },

@xen-orchestra/vmware-explorer/VhdEsxiSeSparse.mjs

@@ -1,3 +1,4 @@
+import { readChunkStrict, skipStrict } from '@vates/read-chunk'
 import _computeGeometryForSize from 'vhd-lib/_computeGeometryForSize.js'
 import { createFooter, createHeader } from 'vhd-lib/_createFooterHeader.js'
 import { DISK_TYPES, FOOTER_SIZE } from 'vhd-lib/_constants.js'
@@ -68,6 +69,10 @@ export default class VhdEsxiSeSparse extends VhdAbstract {
   #grainTableOffsetBytes
   #grainOffsetBytes
 
+  #reading = false
+  #stream
+  #streamOffset = 0
+
   static async open(esxi, datastore, path, parentVhd, opts) {
     const vhd = new VhdEsxiSeSparse(esxi, datastore, path, parentVhd, opts)
     await vhd.readHeaderAndFooter()
@@ -102,12 +107,58 @@ export default class VhdEsxiSeSparse extends VhdAbstract {
     )
   }
 
+  // since most of the data are writtent sequentially we always open a stream from start to the end of the file
+  // If we have to rewind it, we destroy the stream and recreate with the right "start"
+  // We also recreate the stream if there is too much distance between current position and the wanted position
+
   async #read(start, length) {
-    const buffer = await (
-      await this.#esxi.download(this.#datastore, this.#path, `${start}-${start + length - 1}`)
-    ).buffer()
-    strictEqual(buffer.length, length)
-    return buffer
+    if (!this.#footer) {
+      // we need to be able before the footer is loaded, to read the header and footer
+      return (await this.#esxi.download(this.#datastore, this.#path, `${start}-${start + length - 1}`)).buffer()
+    }
+    if (this.#reading) {
+      throw new Error('reading must be done sequentially')
+    }
+    try {
+      const MAX_SKIPPABLE_LENGTH = 2 * 1024 * 1024
+      this.#reading = true
+      if (this.#stream !== undefined) {
+        // stream is already ahead or to far behind
+        if (this.#streamOffset > start || this.#streamOffset + MAX_SKIPPABLE_LENGTH < start) {
+          this.#stream.destroy()
+          this.#stream = undefined
+          this.#streamOffset = 0
+        }
+      }
+      // no stream
+      if (this.#stream === undefined) {
+        const end = this.footer.currentSize - 1
+        const res = await this.#esxi.download(this.#datastore, this.#path, `${start}-${end}`)
+        this.#stream = res.body
+        this.#streamOffset = start
+      }
+
+      // stream a little behind
+      if (this.#streamOffset < start) {
+        await skipStrict(this.#stream, start - this.#streamOffset)
+        this.#streamOffset = start
+      }
+
+      // really read data
+      this.#streamOffset += length
+      const data = await readChunkStrict(this.#stream, length)
+      return data
+    } catch (error) {
+      error.start = start
+      error.length = length
+      error.streamLength = this.footer.currentSize
+      this.#stream?.destroy()
+      this.#stream = undefined
+      this.#streamOffset = 0
+      throw error
+    } finally {
+      this.#reading = false
+    }
   }
 
   async readHeaderAndFooter() {
@@ -199,15 +250,28 @@ export default class VhdEsxiSeSparse extends VhdAbstract {
 
   async readBlock(blockId) {
     let changed = false
-    const parentBlock = await this.#parentVhd.readBlock(blockId)
-    const parentBuffer = parentBlock.buffer
     const grainOffsets = this.#grainIndex.get(blockId) // may be undefined if the child contains block and lookMissingBlockInParent=true
+
+    // negative value indicate that it's not an offset
+    // SE_SPARSE_GRAIN_NON_ALLOCATED means we have to look into the parent data
+    const isLocallyFull = !grainOffsets.some(value => value === -SE_SPARSE_GRAIN_NON_ALLOCATED)
+
+    let parentBuffer, parentBlock
+    // don't read from parent is current block is already completly described
+    if (isLocallyFull) {
+      parentBuffer = Buffer.alloc(512 /* bitmap */ + 2 * 1024 * 1024 /* data */, 0)
+      parentBuffer.fill(255, 0, 512) // bitmap is full  of bit 1
+    } else {
+      parentBlock = await this.#parentVhd.readBlock(blockId)
+      parentBuffer = parentBlock.buffer
+    }
     const EMPTY_GRAIN = Buffer.alloc(GRAIN_SIZE_BYTES, 0)
     for (const index in grainOffsets) {
       const value = grainOffsets[index]
       let data
       if (value > 0) {
         // it's the offset in byte of a grain type SE_SPARSE_GRAIN_ALLOCATED
+        // @todo this part can be quite slow when grain are not sorted
         data = await this.#read(value, GRAIN_SIZE_BYTES)
       } else {
         // back to the real grain type
@@ -230,7 +294,7 @@ export default class VhdEsxiSeSparse extends VhdAbstract {
       }
     }
     // no need to copy if data all come from parent
-    return changed
+    return changed || !parentBlock
       ? {
           id: blockId,
           bitmap: parentBuffer.slice(0, 512),

@xen-orchestra/vmware-explorer/package.json

@@ -1,7 +1,7 @@
 {
   "license": "ISC",
   "private": false,
-  "version": "0.3.1",
+  "version": "0.4.0",
   "name": "@xen-orchestra/vmware-explorer",
   "dependencies": {
     "@vates/node-vsphere-soap": "^2.0.0",

@xen-orchestra/web-core/package.json

@@ -10,7 +10,8 @@
     }
   },
   "devDependencies": {
-    "vue": "^3.4.7"
+    "vue": "^3.4.13",
+    "@vue/tsconfig": "^0.5.1"
   },
   "homepage": "https://github.com/vatesfr/xen-orchestra/tree/master/@xen-orchestra/web-core",
   "bugs": "https://github.com/vatesfr/xen-orchestra/issues",
@@ -25,6 +26,6 @@
   },
   "license": "AGPL-3.0-or-later",
   "engines": {
-    "node": ">=8.10"
+    "node": ">=18"
   }
 }

@xen-orchestra/web-core/tsconfig.json

@@ -0,0 +1,12 @@
+{
+  "extends": "@vue/tsconfig/tsconfig.dom.json",
+  "include": ["env.d.ts", "lib/**/*", "lib/**/*.vue"],
+  "exclude": ["lib/**/__tests__/*"],
+  "compilerOptions": {
+    "noEmit": true,
+    "baseUrl": ".",
+    "paths": {
+      "@core/*": ["./lib/*"]
+    }
+  }
+}

@xen-orchestra/web/.npmignore

@@ -0,0 +1 @@
+../../scripts/npmignore

@xen-orchestra/web/.vscode/extensions.json

@@ -0,0 +1,3 @@
+{
+  "recommendations": ["Vue.volar", "Vue.vscode-typescript-vue-plugin"]
+}

@xen-orchestra/web/README.md

@@ -0,0 +1 @@
+# Xen Orchestra 6

@xen-orchestra/web/env.d.ts

@@ -0,0 +1 @@
+/// <reference types="vite/client" />

@xen-orchestra/web/index.html

@@ -0,0 +1,13 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" href="./favicon.svg" type="image/svg+xml" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Xen Orchestra</title>
+  </head>
+  <body>
+    <div id="app"></div>
+    <script type="module" src="./src/main.ts"></script>
+  </body>
+</html>

@xen-orchestra/web/package.json

@@ -0,0 +1,42 @@
+{
+  "name": "@xen-orchestra/web",
+  "version": "0.0.1",
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "build": "run-p type-check \"build-only {@}\" --",
+    "preview": "vite preview",
+    "build-only": "vite build",
+    "type-check": "vue-tsc --build --force"
+  },
+  "devDependencies": {
+    "@tsconfig/node18": "^18.2.2",
+    "@types/node": "^18.19.7",
+    "@vitejs/plugin-vue": "^5.0.3",
+    "@vue/tsconfig": "^0.5.1",
+    "@xen-orchestra/web-core": "*",
+    "npm-run-all2": "^6.1.1",
+    "pinia": "^2.1.7",
+    "typescript": "~5.3.3",
+    "unplugin-vue-router": "^0.7.0",
+    "vite": "^5.0.11",
+    "vue": "^3.4.13",
+    "vue-tsc": "^1.8.27"
+  },
+  "private": true,
+  "homepage": "https://github.com/vatesfr/xen-orchestra/tree/master/@xen-orchestra/web",
+  "bugs": "https://github.com/vatesfr/xen-orchestra/issues",
+  "repository": {
+    "directory": "@xen-orchestra/web",
+    "type": "git",
+    "url": "https://github.com/vatesfr/xen-orchestra.git"
+  },
+  "author": {
+    "name": "Vates SAS",
+    "url": "https://vates.fr"
+  },
+  "license": "AGPL-3.0-or-later",
+  "engines": {
+    "node": ">=18"
+  }
+}

@xen-orchestra/web/src/App.vue

@@ -0,0 +1,3 @@
+<template>
+  <RouterView />
+</template>

@xen-orchestra/web/src/main.ts

@@ -0,0 +1,17 @@
+import { createApp } from 'vue'
+import { createPinia } from 'pinia'
+import App from './App.vue'
+// eslint-disable-next-line import/no-unresolved -- https://github.com/posva/unplugin-vue-router/issues/232
+import { createRouter, createWebHashHistory } from 'vue-router/auto'
+import '@xen-orchestra/web-core/assets/css/base.pcss'
+
+const app = createApp(App)
+
+const router = createRouter({
+  history: createWebHashHistory(),
+})
+
+app.use(createPinia())
+app.use(router)
+
+app.mount('#app')

@xen-orchestra/web/src/pages/index.vue

@@ -0,0 +1 @@
+<template>Welcome to Xen Orchestra 6</template>

@xen-orchestra/web/tsconfig.app.json

@@ -0,0 +1,22 @@
+{
+  "extends": "@vue/tsconfig/tsconfig.dom.json",
+  "include": [
+    "env.d.ts",
+    "typed-router.d.ts",
+    "src/**/*",
+    "src/**/*.vue",
+    "../web-core/lib/**/*",
+    "../web-core/lib/**/*.vue"
+  ],
+  "exclude": ["src/**/__tests__/*"],
+  "compilerOptions": {
+    "composite": true,
+    "noEmit": true,
+    "baseUrl": ".",
+    "rootDir": "..",
+    "paths": {
+      "@/*": ["./src/*"],
+      "@core/*": ["../web-core/lib/*"]
+    }
+  }
+}

@xen-orchestra/web/tsconfig.json

@@ -0,0 +1,11 @@
+{
+  "files": [],
+  "references": [
+    {
+      "path": "./tsconfig.node.json",
+    },
+    {
+      "path": "./tsconfig.app.json",
+    },
+  ],
+}

@xen-orchestra/web/tsconfig.node.json

@@ -0,0 +1,11 @@
+{
+  "extends": "@tsconfig/node18/tsconfig.json",
+  "include": ["vite.config.*", "vitest.config.*", "cypress.config.*", "nightwatch.conf.*", "playwright.config.*"],
+  "compilerOptions": {
+    "composite": true,
+    "noEmit": true,
+    "module": "ESNext",
+    "moduleResolution": "Bundler",
+    "types": ["node"]
+  }
+}

@xen-orchestra/web/typed-router.d.ts

@@ -0,0 +1,144 @@
+/* eslint-disable */
+/* prettier-ignore */
+// @ts-nocheck
+// Generated by unplugin-vue-router. ‼️ DO NOT MODIFY THIS FILE ‼️
+// It's recommended to commit this file.
+// Make sure to add this file to your tsconfig.json file as an "includes" or "files" entry.
+
+/// <reference types="unplugin-vue-router/client" />
+
+import type {
+  // type safe route locations
+  RouteLocationTypedList,
+  RouteLocationResolvedTypedList,
+  RouteLocationNormalizedTypedList,
+  RouteLocationNormalizedLoadedTypedList,
+  RouteLocationAsString,
+  RouteLocationAsRelativeTypedList,
+  RouteLocationAsPathTypedList,
+
+  // helper types
+  // route definitions
+  RouteRecordInfo,
+  ParamValue,
+  ParamValueOneOrMore,
+  ParamValueZeroOrMore,
+  ParamValueZeroOrOne,
+
+  // vue-router extensions
+  _RouterTyped,
+  RouterLinkTyped,
+  RouterLinkPropsTyped,
+  NavigationGuard,
+  UseLinkFnTyped,
+
+  // data fetching
+  _DataLoader,
+  _DefineLoaderOptions,
+} from 'unplugin-vue-router/types'
+
+declare module 'vue-router/auto/routes' {
+  export interface RouteNamedMap {
+    '/': RouteRecordInfo<'/', '/', Record<never, never>, Record<never, never>>
+  }
+}
+
+declare module 'vue-router/auto' {
+  import type { RouteNamedMap } from 'vue-router/auto/routes'
+
+  export type RouterTyped = _RouterTyped<RouteNamedMap>
+
+  /**
+   * Type safe version of `RouteLocationNormalized` (the type of `to` and `from` in navigation guards).
+   * Allows passing the name of the route to be passed as a generic.
+   */
+  export type RouteLocationNormalized<Name extends keyof RouteNamedMap = keyof RouteNamedMap> =
+    RouteLocationNormalizedTypedList<RouteNamedMap>[Name]
+
+  /**
+   * Type safe version of `RouteLocationNormalizedLoaded` (the return type of `useRoute()`).
+   * Allows passing the name of the route to be passed as a generic.
+   */
+  export type RouteLocationNormalizedLoaded<Name extends keyof RouteNamedMap = keyof RouteNamedMap> =
+    RouteLocationNormalizedLoadedTypedList<RouteNamedMap>[Name]
+
+  /**
+   * Type safe version of `RouteLocationResolved` (the returned route of `router.resolve()`).
+   * Allows passing the name of the route to be passed as a generic.
+   */
+  export type RouteLocationResolved<Name extends keyof RouteNamedMap = keyof RouteNamedMap> =
+    RouteLocationResolvedTypedList<RouteNamedMap>[Name]
+
+  /**
+   * Type safe version of `RouteLocation` . Allows passing the name of the route to be passed as a generic.
+   */
+  export type RouteLocation<Name extends keyof RouteNamedMap = keyof RouteNamedMap> =
+    RouteLocationTypedList<RouteNamedMap>[Name]
+
+  /**
+   * Type safe version of `RouteLocationRaw` . Allows passing the name of the route to be passed as a generic.
+   */
+  export type RouteLocationRaw<Name extends keyof RouteNamedMap = keyof RouteNamedMap> =
+    | RouteLocationAsString<RouteNamedMap>
+    | RouteLocationAsRelativeTypedList<RouteNamedMap>[Name]
+    | RouteLocationAsPathTypedList<RouteNamedMap>[Name]
+
+  /**
+   * Generate a type safe params for a route location. Requires the name of the route to be passed as a generic.
+   */
+  export type RouteParams<Name extends keyof RouteNamedMap> = RouteNamedMap[Name]['params']
+  /**
+   * Generate a type safe raw params for a route location. Requires the name of the route to be passed as a generic.
+   */
+  export type RouteParamsRaw<Name extends keyof RouteNamedMap> = RouteNamedMap[Name]['paramsRaw']
+
+  export function useRouter(): RouterTyped
+  export function useRoute<Name extends keyof RouteNamedMap = keyof RouteNamedMap>(
+    name?: Name
+  ): RouteLocationNormalizedLoadedTypedList<RouteNamedMap>[Name]
+
+  export const useLink: UseLinkFnTyped<RouteNamedMap>
+
+  export function onBeforeRouteLeave(guard: NavigationGuard<RouteNamedMap>): void
+  export function onBeforeRouteUpdate(guard: NavigationGuard<RouteNamedMap>): void
+
+  export const RouterLink: RouterLinkTyped<RouteNamedMap>
+  export const RouterLinkProps: RouterLinkPropsTyped<RouteNamedMap>
+
+  // Experimental Data Fetching
+
+  export function defineLoader<
+    P extends Promise<any>,
+    Name extends keyof RouteNamedMap = keyof RouteNamedMap,
+    isLazy extends boolean = false,
+  >(
+    name: Name,
+    loader: (route: RouteLocationNormalizedLoaded<Name>) => P,
+    options?: _DefineLoaderOptions<isLazy>
+  ): _DataLoader<Awaited<P>, isLazy>
+  export function defineLoader<P extends Promise<any>, isLazy extends boolean = false>(
+    loader: (route: RouteLocationNormalizedLoaded) => P,
+    options?: _DefineLoaderOptions<isLazy>
+  ): _DataLoader<Awaited<P>, isLazy>
+
+  export {
+    _definePage as definePage,
+    _HasDataLoaderMeta as HasDataLoaderMeta,
+    _setupDataFetchingGuard as setupDataFetchingGuard,
+    _stopDataFetchingScope as stopDataFetchingScope,
+  } from 'unplugin-vue-router/runtime'
+}
+
+declare module 'vue-router' {
+  import type { RouteNamedMap } from 'vue-router/auto/routes'
+
+  export interface TypesConfig {
+    beforeRouteUpdate: NavigationGuard<RouteNamedMap>
+    beforeRouteLeave: NavigationGuard<RouteNamedMap>
+
+    $route: RouteLocationNormalizedLoadedTypedList<RouteNamedMap>[keyof RouteNamedMap]
+    $router: _RouterTyped<RouteNamedMap>
+
+    RouterLink: RouterLinkTyped<RouteNamedMap>
+  }
+}

@xen-orchestra/web/vite.config.ts

@@ -0,0 +1,17 @@
+import { fileURLToPath, URL } from 'node:url'
+
+import { defineConfig } from 'vite'
+import vue from '@vitejs/plugin-vue'
+import vueRouter from 'unplugin-vue-router/vite'
+
+// https://vitejs.dev/config/
+export default defineConfig({
+  base: './',
+  plugins: [vueRouter(), vue()],
+  resolve: {
+    alias: {
+      '@': fileURLToPath(new URL('./src', import.meta.url)),
+      '@core': fileURLToPath(new URL('../web-core/lib', import.meta.url)),
+    },
+  },
+})

@xen-orchestra/xapi/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xen-orchestra/xapi",
-  "version": "4.1.0",
+  "version": "4.2.0",
   "homepage": "https://github.com/vatesfr/xen-orchestra/tree/master/@xen-orchestra/xapi",
   "bugs": "https://github.com/vatesfr/xen-orchestra/issues",
   "repository": {
@@ -16,7 +16,7 @@
   },
   "main": "./index.mjs",
   "peerDependencies": {
-    "xen-api": "^2.0.0"
+    "xen-api": "^2.0.1"
   },
   "scripts": {
     "postversion": "npm publish --access public",
@@ -24,7 +24,7 @@
   },
   "dependencies": {
     "@vates/async-each": "^1.0.0",
-    "@vates/decorate-with": "^2.0.0",
+    "@vates/decorate-with": "^2.1.0",
     "@vates/nbd-client": "^3.0.0",
     "@vates/task": "^0.2.0",
     "@xen-orchestra/async-map": "^0.1.2",

@xen-orchestra/xapi/vdi.mjs

@@ -83,9 +83,31 @@ class Vdi {
     }
   }
 
+  // return an buffer with 0/1 bit, showing if the 64KB block corresponding 
+  // in the raw vdi has changed
+  async listChangedBlock(ref, baseRef){
+    console.log('listchanged blocks', ref, baseRef)
+    const encoded =  await  this.call('VDI.list_changed_blocks', baseRef, ref)
+    console.log({encoded})
+    const buf = Buffer.from(encoded, 'base64')
+    console.log({buf})
+    return buf
+  }
+
+  async enableChangeBlockTracking(ref){
+    return this.call('VDI.enable_cbt', ref)
+  }
+  async disableChangeBlockTracking(ref){
+    return this.call('VDI.disable_cbt', ref)
+  }
+
+  async  dataDestroy(ref){
+    return this.call('VDI.data_destroy', ref)
+  }
+
   async exportContent(
     ref,
-    { baseRef, cancelToken = CancelToken.none, format, nbdConcurrency = 1, preferNbd = this._preferNbd }
+    { baseRef, cancelToken = CancelToken.none, changedBlocks, format, nbdConcurrency = 1, preferNbd = this._preferNbd }
   ) {
     const query = {
       format,
@@ -114,7 +136,7 @@ class Vdi {
         })
         if (nbdClient !== undefined && format === VDI_FORMAT_VHD) {
           const taskRef = await this.task_create(`Exporting content of VDI ${vdiName} using NBD`)
-          stream = await createNbdVhdStream(nbdClient, stream)
+          stream = await createNbdVhdStream(nbdClient, stream, {changedBlocks})
           stream.on('progress', progress => this.call('task.set_progress', taskRef, progress))
           finished(stream, () => this.task_destroy(taskRef))
         }

@xen-orchestra/xapi/vif.mjs

@@ -21,12 +21,23 @@ export default class Vif {
       MAC = '',
     } = {}
   ) {
+    if (device === undefined) {
+      const allowedDevices = await this.call('VM.get_allowed_VIF_devices', VM)
+      if (allowedDevices.length === 0) {
+        const error = new Error('could not find an allowed VIF device')
+        error.poolUuid = this.pool.uuid
+        error.vmRef = VM
+        throw error
+      }
+
+      device = allowedDevices[0]
+    }
+
     const [powerState, ...rest] = await Promise.all([
       this.getField('VM', VM, 'power_state'),
-      device ?? (await this.call('VM.get_allowed_VIF_devices', VM))[0],
-      MTU ?? (await this.getField('network', network, 'MTU')),
+      MTU ?? this.getField('network', network, 'MTU'),
     ])
-    ;[device, MTU] = rest
+    ;[MTU] = rest
 
     const vifRef = await this.call('VIF.create', {
       currently_attached: powerState === 'Suspended' ? currently_attached : undefined,

@xen-orchestra/xva/.npmignore

@@ -0,0 +1 @@
+../../scripts/npmignore

@xen-orchestra/xva/_formatBlockPath.mjs

@@ -0,0 +1,3 @@
+const formatCounter = counter => String(counter).padStart(8, '0')
+
+export const formatBlockPath = (basePath, counter) => `${basePath}/${formatCounter(counter)}`

@xen-orchestra/xva/_isNotEmptyRef.mjs

@@ -0,0 +1,5 @@
+export function isNotEmptyRef(val) {
+  const EMPTY = 'OpaqueRef:NULL'
+  const PREFIX = 'OpaqueRef:'
+  return val !== EMPTY && typeof val === 'string' && val.startsWith(PREFIX)
+}

@xen-orchestra/xva/_toOvaXml.mjs

@@ -0,0 +1,42 @@
+// from package xml-escape
+function escape(string) {
+  if (string === null || string === undefined) return
+  if (typeof string === 'number') {
+    return string
+  }
+  const map = {
+    '>': '>',
+    '<': '&lt;',
+    "'": '&apos;',
+    '"': '&quot;',
+    '&': '&amp;',
+  }
+
+  const pattern = '([&"<>\'])'
+  return string.replace(new RegExp(pattern, 'g'), function (str, item) {
+    return map[item]
+  })
+}
+
+function formatDate(d) {
+  return d.toISOString().replaceAll('-', '').replace('.000Z', 'Z')
+}
+
+export default function toOvaXml(obj) {
+  if (Array.isArray(obj)) {
+    return `<value><array><data>${obj.map(val => toOvaXml(val)).join('')}</data></array></value>`
+  }
+
+  if (typeof obj === 'object') {
+    if (obj instanceof Date) {
+      return `<value><dateTime.iso8601>${escape(formatDate(obj))}</dateTime.iso8601></value>`
+    }
+    return `<value><struct>${Object.entries(obj)
+      .map(([key, value]) => `<member><name>${escape(key)}</name>${toOvaXml(value)}</member>`)
+      .join('')}</struct></value>`
+  }
+  if (typeof obj === 'boolean') {
+    return `<value><boolean>${obj ? 1 : 0}</boolean></value>`
+  }
+  return `<value>${escape(obj)}</value>`
+}

@xen-orchestra/xva/_writeDisk.mjs

@@ -0,0 +1,57 @@
+import { formatBlockPath } from './_formatBlockPath.mjs'
+import { fromCallback } from 'promise-toolbox'
+import { readChunkStrict } from '@vates/read-chunk'
+import { xxhash64 } from 'hash-wasm'
+
+export const XVA_DISK_CHUNK_LENGTH = 1024 * 1024
+
+async function addEntry(pack, name, buffer) {
+  await fromCallback.call(pack, pack.entry, { name }, buffer)
+}
+
+async function writeBlock(pack, data, name) {
+  if (data.length < XVA_DISK_CHUNK_LENGTH) {
+    data = Buffer.concat([data, Buffer.alloc(XVA_DISK_CHUNK_LENGTH - data.length, 0)])
+  }
+  await addEntry(pack, name, data)
+  // weirdly, ocaml and xxhash return the bytes in reverse order to each other
+  const hash = (await xxhash64(data)).toString('hex').toUpperCase()
+  await addEntry(pack, `${name}.xxhash`, Buffer.from(hash, 'utf8'))
+}
+
+export default async function addDisk(pack, vhd, basePath) {
+  let counter = 0
+  let written
+  let lastBlockWrittenAt = Date.now()
+  const MAX_INTERVAL_BETWEEN_BLOCKS = 60 * 1000
+  const empty = Buffer.alloc(XVA_DISK_CHUNK_LENGTH, 0)
+  const stream = await vhd.rawContent()
+  let lastBlockLength
+  const diskSize = vhd.footer.currentSize
+  let remaining = diskSize
+  while (remaining > 0) {
+    lastBlockLength = Math.min(XVA_DISK_CHUNK_LENGTH, remaining)
+    const data = await readChunkStrict(stream, lastBlockLength)
+    remaining -= lastBlockLength
+    if (
+      // write first block
+      counter === 0 ||
+      // write all non empty blocks
+      !data.equals(empty) ||
+      // write one block from time to time to ensure there is no timeout
+      // occurring while passing empty blocks
+      Date.now() - lastBlockWrittenAt > MAX_INTERVAL_BETWEEN_BLOCKS
+    ) {
+      written = true
+      await writeBlock(pack, data, formatBlockPath(basePath, counter))
+      lastBlockWrittenAt = Date.now()
+    } else {
+      written = false
+    }
+    counter++
+  }
+  if (!written) {
+    // last block must be present
+    await writeBlock(pack, empty, formatBlockPath(basePath, counter - 1))
+  }
+}

@xen-orchestra/xva/_writeOvaXml.mjs

@@ -0,0 +1,156 @@
+import assert from 'node:assert'
+
+import { fromCallback } from 'promise-toolbox'
+import { v4 as uuid } from 'uuid'
+import defaultsDeep from 'lodash.defaultsdeep'
+
+import { DEFAULT_VBD } from './templates/vbd.mjs'
+import { DEFAULT_VDI } from './templates/vdi.mjs'
+import { DEFAULT_VIF } from './templates/vif.mjs'
+import { DEFAULT_VM } from './templates/vm.mjs'
+import toOvaXml from './_toOvaXml.mjs'
+import { XVA_DISK_CHUNK_LENGTH } from './_writeDisk.mjs'
+
+export default async function writeOvaXml(
+  pack,
+  { memory, networks, nCpus, firmware, vdis, vhds, ...vmSnapshot },
+  { sr, network }
+) {
+  let refId = 0
+  function nextRef() {
+    return 'Ref:' + String(refId++).padStart(3, '0')
+  }
+  const data = {
+    version: {
+      hostname: 'localhost',
+      date: '2022-01-01',
+      product_version: '8.2.1',
+      product_brand: 'XCP-ng',
+      build_number: 'release/yangtze/master/58',
+      xapi_major: 1,
+      xapi_minor: 20,
+      export_vsn: 2,
+    },
+    objects: [],
+  }
+  const vm = defaultsDeep(
+    {
+      id: nextRef(),
+      // you can pass a full snapshot and nothing more to do
+      snapshot: vmSnapshot,
+    },
+    {
+      // some data need a little more work to be usable
+      // if they are not already in vm
+      snapshot: {
+        HVM_boot_params: {
+          firmware,
+        },
+        memory_static_max: memory,
+        memory_static_min: memory,
+        memory_dynamic_max: memory,
+        memory_dynamic_min: memory,
+        other_config: {
+          mac_seed: uuid(),
+        },
+        uuid: uuid(),
+        VCPUs_at_startup: nCpus,
+        VCPUs_max: nCpus,
+      },
+    },
+    DEFAULT_VM
+  )
+
+  data.objects.push(vm)
+  const srObj = defaultsDeep(
+    {
+      class: 'SR',
+      id: nextRef(),
+      snapshot: sr,
+    },
+    {
+      snapshot: {
+        VDIs: [],
+      },
+    }
+  )
+
+  data.objects.push(srObj)
+  assert.strictEqual(vhds.length, vdis.length)
+  for (let index = 0; index < vhds.length; index++) {
+    const userdevice = index + 1
+    const vhd = vhds[index]
+    const alignedSize = Math.ceil(vdis[index].virtual_size / XVA_DISK_CHUNK_LENGTH) * XVA_DISK_CHUNK_LENGTH
+    const vdi = defaultsDeep(
+      {
+        id: nextRef(),
+        // overwrite SR from an opaque ref to a ref:
+        snapshot: { ...vdis[index], SR: srObj.id, virtual_size: alignedSize },
+      },
+      {
+        snapshot: {
+          uuid: uuid(),
+        },
+      },
+      DEFAULT_VDI
+    )
+
+    data.objects.push(vdi)
+    srObj.snapshot.VDIs.push(vdi.id)
+    vhd.ref = vdi.id
+
+    const vbd = defaultsDeep(
+      {
+        id: nextRef(),
+        snapshot: {
+          device: `xvd${String.fromCharCode('a'.charCodeAt(0) + index)}`,
+          uuid: uuid(),
+          userdevice,
+          VM: vm.id,
+          VDI: vdi.id,
+        },
+      },
+      DEFAULT_VBD
+    )
+    data.objects.push(vbd)
+    vdi.snapshot.vbds.push(vbd.id)
+    vm.snapshot.VBDs.push(vbd.id)
+  }
+
+  if (network && networks?.length) {
+    const networkObj = defaultsDeep(
+      {
+        class: 'network',
+        id: nextRef(),
+        snapshot: network,
+      },
+      {
+        snapshot: {
+          vifs: [],
+        },
+      }
+    )
+    data.objects.push(networkObj)
+    let vifIndex = 0
+    for (const sourceNetwork of networks) {
+      const vif = defaultsDeep(
+        {
+          id: nextRef(),
+          snapshot: {
+            device: ++vifIndex,
+            MAC: sourceNetwork.macAddress,
+            MAC_autogenerated: sourceNetwork.isGenerated,
+            uuid: uuid(),
+            VM: vm.id,
+            network: networkObj.id,
+          },
+        },
+        DEFAULT_VIF
+      )
+      data.objects.push(vif)
+      networkObj.snapshot.vifs.push(vif.id)
+    }
+  }
+  const xml = toOvaXml(data)
+  await fromCallback.call(pack, pack.entry, { name: `ova.xml` }, xml)
+}

@xen-orchestra/xva/importVdi.mjs

@@ -0,0 +1,32 @@
+import { isNotEmptyRef } from './_isNotEmptyRef.mjs'
+import { importVm } from './importVm.mjs'
+
+export async function importVdi(vdi, vhd, xapi, sr) {
+  // create a fake VM
+  const vmRef = await importVm(
+    {
+      name_label: `[xva-disp-import]${vdi.name_label}`,
+      memory: 1024 * 1024 * 32,
+      nCpus: 1,
+      firmware: 'bios',
+      vdis: [vdi],
+      vhds: [vhd],
+    },
+    xapi,
+    sr
+  )
+  // wait for the VM to be loaded if necessary
+  xapi.getObject(vmRef, undefined) ?? (await xapi.waitObject(vmRef))
+
+  const vbdRefs = await xapi.getField('VM', vmRef, 'VBDs')
+  // get the disk
+  const disks = { __proto__: null }
+  ;(await xapi.getRecords('VBD', vbdRefs)).forEach(vbd => {
+    if (vbd.type === 'Disk' && isNotEmptyRef(vbd.VDI)) {
+      disks[vbd.VDI] = true
+    }
+  })
+  // destroy the VM and VBD
+  await xapi.call('VM.destroy', vmRef)
+  return await xapi.getRecord('VDI', Object.keys(disks)[0])
+}

@xen-orchestra/xva/importVm.mjs

@@ -0,0 +1,32 @@
+import tar from 'tar-stream'
+
+import writeOvaXml from './_writeOvaXml.mjs'
+import writeDisk from './_writeDisk.mjs'
+
+export async function importVm(vm, xapi, sr, network) {
+  const pack = tar.pack()
+  const taskRef = await xapi.task_create('VM import')
+  const query = {
+    sr_id: sr.$ref,
+  }
+
+  const promise = xapi
+    .putResource(pack, '/import/', {
+      query,
+      task: taskRef,
+    })
+    .catch(err => console.error(err))
+
+  await writeOvaXml(pack, vm, { sr, network })
+  for (const vhd of vm.vhds) {
+    await writeDisk(pack, vhd, vhd.ref)
+  }
+  pack.finalize()
+  const str = await promise
+  const matches = /OpaqueRef:[0-9a-z-]+/.exec(str)
+  if (!matches) {
+    const error = new Error(`no opaque ref found in  ${str}`)
+    throw error
+  }
+  return matches[0]
+}

@xen-orchestra/xva/package.json

@@ -0,0 +1,29 @@
+{
+  "name": "@xen-orchestra/xva",
+  "version": "1.0.2",
+  "main": "index.js",
+  "author": "",
+  "license": "ISC",
+  "private": false,
+  "homepage": "https://github.com/vatesfr/xen-orchestra/tree/master/@xen-orchestra/xva",
+  "bugs": "https://github.com/vatesfr/xen-orchestra/issues",
+  "repository": {
+    "directory": "@xen-orchestra/xva",
+    "type": "git",
+    "url": "https://github.com/vatesfr/xen-orchestra.git"
+  },
+  "engines": {
+    "node": ">=14.0"
+  },
+  "dependencies": {
+    "@vates/read-chunk": "^1.2.0",
+    "hash-wasm": "^4.11.0",
+    "lodash.defaultsdeep": "^4.6.1",
+    "promise-toolbox": "^0.21.0",
+    "tar-stream": "^3.1.6",
+    "uuid": "^9.0.0"
+  },
+  "scripts": {
+    "postversion": "npm publish --access public"
+  }
+}

@xen-orchestra/xva/templates/vbd.mjs

@@ -0,0 +1,22 @@
+export const DEFAULT_VBD = {
+  class: 'VBD',
+  snapshot: {
+    allowed_operations: [],
+    bootable: true, // @todo : fix it
+    current_operations: {},
+    currently_attached: false,
+    empty: false,
+    metrics: 'OpaqueRef:NULL',
+    mode: 'RW',
+    other_config: {},
+    qos_algorithm_params: {},
+    qos_algorithm_type: '',
+    qos_supported_algorithms: [],
+    runtime_properties: {},
+    status_code: 0,
+    status_detail: '',
+    storage_lock: false,
+    type: 'Disk',
+    unpluggable: false,
+  },
+}

@xen-orchestra/xva/templates/vdi.mjs

@@ -0,0 +1,29 @@
+export const DEFAULT_VDI = {
+  class: 'VDI',
+  snapshot: {
+    allow_caching: false,
+    cbt_enabled: false,
+    descriptionLabel: 'description',
+    is_a_snapshot: false,
+    managed: true,
+    metrics: 'OpaqueRef:NULL',
+    missing: false,
+    name_label: 'name_label',
+    on_boot: 'persist',
+    other_config: {},
+    parent: 'OpaqueRef:NULL',
+    physical_utilisation: 1024 * 1024,
+    read_only: false,
+    sharable: false,
+    snapshot_of: 'OpaqueRef:NULL',
+    snapshots: [],
+    SR: 'OpaqueRef:NULL',
+    storage_lock: false,
+    tags: [],
+    type: 'user',
+    uuid: '',
+    vbds: [],
+    virtual_size: 0,
+    xenstore_data: {},
+  },
+}

@xen-orchestra/xva/templates/vif.mjs

@@ -0,0 +1,26 @@
+export const DEFAULT_VIF = {
+  class: 'VIF',
+  snapshot: {
+    allowed_operations: [],
+    currently_attached: false,
+    current_operations: {},
+    ipv4_addresses: [],
+    ipv4_allowed: [],
+    ipv4_configuration_mode: 'None',
+    ipv4_gateway: '',
+    ipv6_addresses: [],
+    ipv6_allowed: [],
+    ipv6_configuration_mode: 'None',
+    ipv6_gateway: '',
+    locking_mode: 'network_default',
+    MTU: 1500,
+    metrics: 'OpaqueRef:NULL',
+    other_config: {},
+    qos_algorithm_params: {},
+    qos_algorithm_type: '',
+    qos_supported_algorithms: [],
+    runtime_properties: {},
+    status_code: 0,
+    status_detail: '',
+  },
+}