store ios: Exclude the database file from iOS backup

[rajveermalviya]

Fixes #2158.

Tested by generating iOS backups from Finder app on macOS, and then using iTunes-Backup-Explorer to read the backup files:

Before	After

[chrisbobbe]

Thanks! Comments below.

[chrisbobbe]

The substantive change here is just to add an empty exceptions entry, right? It looks like this section was added in 509d88f (Patrol setup); I suspect it's not related to the intended change for your commit.

Would you take a few minutes to try and reproduce this change on its own, and either discard it or make a separate commit for it depending on what you learn? (E.g. probably we want to keep this change if it happens naturally when you clear an Xcode cache and rebuild, because in that case it probably belonged in 509d88f and was just left out accidentally.)

[chrisbobbe]

If this throws it'll block loading the app (i.e. stop before creating the LiveGlobalStore) with no feedback to the user. Maybe instead run this unawaited() with a TODO(log) on error?

Also how about putting this call immediately after the await _dbFile() line? It sets an attribute on the file; the intervening database queries (await db.getGlobalSettings() etc.) seem unrelated and not prerequisites for this filesystem action.

That proximity should also help us remember to handle this detail carefully in the migration in your other PR #2156.

[rajveermalviya]

We can't put this after _dbFile(), because the database file may not exists yet. We can though put it after AppDatabase(NativeDatabase.createInBackground(file));, moved there.

[chrisbobbe]

Hmm but will the file exist right after the AppDatabase(NativeDatabase.createInBackground(file)) line? There's no await there, so maybe that line creates the file synchronously…which seems unusual? But then why is the method's name createInBackground?

I wonder if, in your previous revision, await db.getGlobalSettings() and friends were actually giving time for the file to finish being created asynchronously, before the setExcludedFromBackup call? Causing that call to succeed basically by accident.

[gnprice]

A call like await db.getGlobalSettings() will wait for the database to be opened, which I believe will involve creating the database file if it doesn't exist. (Ultimately it calls sqlite3_open_v2 with flags SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, via [Sqlite3Implementation.open].)

I just spent a few minutes looking around Drift's API, and I don't see a totally clean way to say "wait for the database to be opened, then do X" short of actually making a query. (The closest is await db.executor.ensureOpen(db); but the type of executor is documented to be internal to Drift and unstable.)

[rajveermalviya]

NativeDatabase.createInBackground(file) returns the QueryExecutor which is same as db.executor. So, AIUI it should be safe to use executor.ensureOpen via the returned QueryExecutor?

[rajveermalviya]

Alternatively, there's db.doWhenOpened but it also says:

Calling this method directly might circumvent the current transaction. For that reason, it should only be called inside drift.

[rajveermalviya]

Reverted to the previous revision for now, where the call is made at the end of the load method.

[chrisbobbe]

nit: how about moving this above the // Retrieve the remote notification payload comment, so it doesn't interrupt notification-related code

[chrisbobbe]

nit: can be more transparent about what this method does:

Suggested change

	/// Sets the flag to exclude from iOS backups for the given filepath.
	/// Sets UrlResourceValues.isExcludedFromBackup for the given file path.
	///
	/// See doc:
	/// https://developer.apple.com/documentation/foundation/urlresourcevalues/isexcludedfrombackup

[chrisbobbe]

Suggested change

	var url = URL(fileURLWithPath: path)
	var url = URL(fileURLWithPath: path, isDirectory: false)

I think? In case this affects app startup time; see doc:

https://developer.apple.com/documentation/foundation/improving-performance-and-stability-when-accessing-the-file-system#Provide-directory-hints-for-file-URLs-to-avoid-wasteful-IO

For earlier versions [than iOS 16], opt for the nonblocking variants of the methods in the following table.

[rajveermalviya]

Thanks for the review @chrisbobbe! Pushed an update, PTAL.

[chrisbobbe]

Thanks!! Comments below.

[chrisbobbe]

nit: indentation

[chrisbobbe]

Hmm but will the file exist right after the AppDatabase(NativeDatabase.createInBackground(file)) line? There's no await there, so maybe that line creates the file synchronously…which seems unusual? But then why is the method's name createInBackground?

I wonder if, in your previous revision, await db.getGlobalSettings() and friends were actually giving time for the file to finish being created asynchronously, before the setExcludedFromBackup call? Causing that call to succeed basically by accident.

[rajveermalviya]

Thanks for the review @chrisbobbe! Pushed an update, PTAL.

[chrisbobbe]

Thanks! Bump on something small below, and marking for Greg's review.

[chrisbobbe]

Suggested change

	// Disable OS backups for the database file, see:
	// https://github.com/zulip/zulip-flutter/issues/2158
	unawaited(_maybeDisableOsBackup(file));
	// Disable OS backups for the database file, see:
	// https://github.com/zulip/zulip-flutter/issues/2158
	unawaited(_maybeDisableOsBackup(file)); // TODO(log) on error

[gnprice]

Thanks @rajveermalviya for taking care of this, and @chrisbobbe for the detailed reviews!

Looks good; merging, with a few added comments including the one Chris suggested above:

diff --git lib/model/store.dart lib/model/store.dart
index 7c8fe3ecd..1084a2f01 100644
--- lib/model/store.dart
+++ lib/model/store.dart
@@ -1120,7 +1120,9 @@ class LiveGlobalStore extends GlobalStore {
 
     // Disable OS backups for the database file, see:
     //   https://github.com/zulip/zulip-flutter/issues/2158
-    unawaited(_maybeDisableOsBackup(file));
+    // This comes after the queries above, because it must come after
+    // the database file has been created on disk.
+    unawaited(_maybeDisableOsBackup(file)); // TODO(log) on error
 
     return LiveGlobalStore._(
       backend: LiveGlobalStoreBackend._(db: db),
diff --git pigeon/ios_native.dart pigeon/ios_native.dart
index f33261120..40bbebe8d 100644
--- pigeon/ios_native.dart
+++ pigeon/ios_native.dart
@@ -12,6 +12,9 @@ import 'package:pigeon/pigeon.dart';
 abstract class IosNativeHostApi {
   /// Sets UrlResourceValues.isExcludedFromBackup for the given file path.
   ///
+  /// The file at this path must already exist,
+  /// and be a regular file (not a directory).
+  ///
   /// See doc:
   ///   https://developer.apple.com/documentation/foundation/urlresourcevalues/isexcludedfrombackup
   ///   https://developer.apple.com/documentation/foundation/optimizing-your-app-s-data-for-icloud-backup

Those two points seemed like things that would otherwise be easy to miss when making future edits to this code.