state: store config in separate gob stream

This enables early serialisation of config.

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/state/multi.go

@@ -1,9 +1,11 @@
 package state
 
 import (
+	"encoding/binary"
 	"encoding/gob"
 	"errors"
 	"fmt"
+	"io"
 	"io/fs"
 	"os"
 	"path"
@@ -208,12 +210,11 @@ func (b *multiBackend) load(decode bool) (Entries, error) {
 				s := new(State)
 				r[*id] = s
 
-				// append regardless, but only parse if required, used to implement Len
+				// append regardless, but only parse if required, implements Len
 				if decode {
-					if err = gob.NewDecoder(f).Decode(s); err != nil {
+					if err = b.decodeState(f, s); err != nil {
 						return err
 					}
-
 					if s.ID != *id {
 						return fmt.Errorf("state entry %s has unexpected id %s", id, &s.ID)
 					}
@@ -229,18 +230,65 @@ func (b *multiBackend) load(decode bool) (Entries, error) {
 	return r, nil
 }
 
+// state file consists of an eight byte header, followed by concatenated gobs
+// of [fst.Config] and [State], if [State.Config] is not nil or offset < 0,
+// the first gob is skipped
+func (b *multiBackend) decodeState(r io.ReadSeeker, state *State) error {
+	offset := make([]byte, 8)
+	if l, err := r.Read(offset); err != nil {
+		if errors.Is(err, io.EOF) {
+			return fmt.Errorf("state file too short: %d bytes", l)
+		}
+		return err
+	}
+
+	// decode volatile state first
+	var skipConfig bool
+	{
+		o := int64(binary.LittleEndian.Uint64(offset))
+		skipConfig = o < 0
+
+		if !skipConfig {
+			if l, err := r.Seek(o, io.SeekCurrent); err != nil {
+				return err
+			} else if l != 8+o {
+				return fmt.Errorf("invalid seek offset %d", l)
+			}
+		}
+	}
+	if err := gob.NewDecoder(r).Decode(state); err != nil {
+		return err
+	}
+
+	// decode sealed config
+	if state.Config == nil {
+		// config must be provided either as part of volatile state,
+		// or in the config segment
+		if skipConfig {
+			return ErrNoConfig
+		}
+
+		state.Config = new(fst.Config)
+		if _, err := r.Seek(8, io.SeekStart); err != nil {
+			return err
+		}
+		return gob.NewDecoder(r).Decode(state.Config)
+	} else {
+		return nil
+	}
+}
+
 // Save writes process state to filesystem
-func (b *multiBackend) Save(state *State) error {
+func (b *multiBackend) Save(state *State, configWriter io.WriterTo) error {
 	b.lock.Lock()
 	defer b.lock.Unlock()
 
-	if state.Config == nil {
-		return errors.New("state does not contain config")
+	if configWriter == nil && state.Config == nil {
+		return ErrNoConfig
 	}
 
 	statePath := b.filename(&state.ID)
 
-	// create and open state data file
 	if f, err := os.OpenFile(statePath, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0600); err != nil {
 		return err
 	} else {
@@ -250,11 +298,43 @@ func (b *multiBackend) Save(state *State) error {
 				panic("state file closed prematurely")
 			}
 		}()
-		// encode into state file
-		return gob.NewEncoder(f).Encode(state)
+		return b.encodeState(f, state, configWriter)
 	}
 }
 
+func (b *multiBackend) encodeState(w io.WriteSeeker, state *State, configWriter io.WriterTo) error {
+	offset := make([]byte, 8)
+
+	// skip header bytes
+	if _, err := w.Seek(8, io.SeekStart); err != nil {
+		return err
+	}
+
+	if configWriter != nil {
+		// write config gob and encode header
+		if l, err := configWriter.WriteTo(w); err != nil {
+			return err
+		} else {
+			binary.LittleEndian.PutUint64(offset, uint64(l))
+		}
+	} else {
+		// offset == -1 indicates absence of config gob
+		binary.LittleEndian.PutUint64(offset, 0xffffffffffffffff)
+	}
+
+	// encode volatile state
+	if err := gob.NewEncoder(w).Encode(state); err != nil {
+		return err
+	}
+
+	// write header
+	if _, err := w.Seek(0, io.SeekStart); err != nil {
+		return err
+	}
+	_, err := w.Write(offset)
+	return err
+}
+
 func (b *multiBackend) Destroy(id fst.ID) error {
 	b.lock.Lock()
 	defer b.lock.Unlock()

internal/state/state.go

@@ -1,11 +1,15 @@
 package state
 
 import (
+	"errors"
+	"io"
 	"time"
 
 	"git.gensokyo.uk/security/fortify/fst"
 )
 
+var ErrNoConfig = errors.New("state does not contain config")
+
 type Entries map[fst.ID]*State
 
 type Store interface {
@@ -24,13 +28,13 @@ type Store interface {
 
 // Cursor provides access to the store
 type Cursor interface {
-	Save(state *State) error
+	Save(state *State, configWriter io.WriterTo) error
 	Destroy(id fst.ID) error
 	Load() (Entries, error)
 	Len() (int, error)
 }
 
-// State is the on-disk format for a fortified process's state information
+// State is a fortify process's state
 type State struct {
 	// fortify instance id
 	ID fst.ID `json:"instance"`
@@ -40,5 +44,5 @@ type State struct {
 	Config *fst.Config `json:"config"`
 
 	// process start time
-	Time time.Time
+	Time time.Time `json:"time"`
 }

internal/state/state_test.go

@@ -1,6 +1,9 @@
 package state_test
 
 import (
+	"bytes"
+	"encoding/gob"
+	"io"
 	"math/rand/v2"
 	"reflect"
 	"slices"
@@ -28,9 +31,12 @@ func testStore(t *testing.T, s state.Store) {
 		tl
 	)
 
-	var tc [tl]state.State
+	var tc [tl]struct {
+		state state.State
+		ct    bytes.Buffer
+	}
 	for i := 0; i < tl; i++ {
-		makeState(t, &tc[i])
+		makeState(t, &tc[i].state, &tc[i].ct)
 	}
 
 	do := func(aid int, f func(c state.Cursor)) {
@@ -41,7 +47,7 @@ func testStore(t *testing.T, s state.Store) {
 
 	insert := func(i, aid int) {
 		do(aid, func(c state.Cursor) {
-			if err := c.Save(&tc[i]); err != nil {
+			if err := c.Save(&tc[i].state, &tc[i].ct); err != nil {
 				t.Fatalf("Save(&tc[%v]): error = %v", i, err)
 			}
 		})
@@ -51,15 +57,17 @@ func testStore(t *testing.T, s state.Store) {
 		do(aid, func(c state.Cursor) {
 			if entries, err := c.Load(); err != nil {
 				t.Fatalf("Load: error = %v", err)
-			} else if got, ok := entries[tc[i].ID]; !ok {
+			} else if got, ok := entries[tc[i].state.ID]; !ok {
 				t.Fatalf("Load: entry %s missing",
-					&tc[i].ID)
+					&tc[i].state.ID)
 			} else {
-				got.Time = tc[i].Time
-				if !reflect.DeepEqual(got, &tc[i]) {
+				got.Time = tc[i].state.Time
+				tc[i].state.Config = fst.Template()
+				if !reflect.DeepEqual(got, &tc[i].state) {
 					t.Fatalf("Load: entry %s got %#v, want %#v",
-						&tc[i].ID, got, &tc[i])
+						&tc[i].state.ID, got, &tc[i].state)
 				}
+				tc[i].state.Config = nil
 			}
 		})
 	}
@@ -104,7 +112,7 @@ func testStore(t *testing.T, s state.Store) {
 
 	t.Run("clear aid 1", func(t *testing.T) {
 		do(1, func(c state.Cursor) {
-			if err := c.Destroy(tc[insertEntryOtherApp].ID); err != nil {
+			if err := c.Destroy(tc[insertEntryOtherApp].state.ID); err != nil {
 				t.Fatalf("Destroy: error = %v", err)
 			}
 		})
@@ -124,11 +132,13 @@ func testStore(t *testing.T, s state.Store) {
 	})
 }
 
-func makeState(t *testing.T, s *state.State) {
+func makeState(t *testing.T, s *state.State, ct io.Writer) {
 	if err := fst.NewAppID(&s.ID); err != nil {
 		t.Fatalf("cannot create dummy state: %v", err)
 	}
-	s.Config = fst.Template()
+	if err := gob.NewEncoder(ct).Encode(fst.Template()); err != nil {
+		t.Fatalf("cannot encode dummy config: %v", err)
+	}
 	s.PID = rand.Int()
 	s.Time = time.Now()
 }