Qubesdb with commit

[hannesm]

Hello,

we extended the Qubes.DB module to provide two new functions:

• got_new_commit : t -> string -> map Lwt.t
• values : t -> string -> map Lwt.t

The first resolves once the provided key is written to with an empty string (this is used in Qubes to signal a commit). It provides a partial map, where only keys with key as prefix are contained. The function values does the latter.

The reason for these functions is to properly react to QubesDB updates (in our case, firewall updates), and not using a QubesDB where firewall rules are only partially written. This cannot be implemented with just the provided after.

[hannesm]

Hi @talex5, thanks for your review.

In 02da172 we addressed the race conditions (see comments at the end of dB.ml). Do you think this covers all cases of the racy behaviour.

[hannesm]

@talex5 we pushed an updated, (hopefully) race-free version for got_new_commit (a bit complicated since multiple "transactions" may be in progress, thus a "commit" (empty write) only updates the key it commited). Its implementation was guided after the usages of the qubes-firewall and the firewall rules.