Client never gives up on files the Server cannot serve

[cfm]

Description

When the Server has a submission or reply on record that it cannot serve (e.g., because it has been deleted from disk), the Client will keep trying to download it forever.

Steps to Reproduce

1. Register as a source and submit something.
2. Delete that source's directory from /var/lib/securedrop/store.
3. Log into the Client.

Expected Behavior

Sync eventually completes, modulo Tor weather.

Actual Behavior

Since the deleted source's disconnected submission can never be downloaded, sync never completes.

Comments

There's an obvious tension here between "fail when the Server cannot serve" and "keep trying when Tor weather is bad".

We should start by redesigning the overall Client—Server synchronization model. Consider this one problem that redesign will need to solve.

[cfm]

(In fairness to the Client, the challenge here is for it to reach some form of consistency with, or at least a consistent representation of, a datastore that is inconsistent with itself....)