lightningd: don't abort on incorrect versions, but try to re-exec.

You still shouldn't do this (you could get some transient failures), but at least you have a decent chance if you reinstall over a running daemon, instead of getting confusing internal errors if message formats have changed. Changelog-Added: lightningd: we now try to restart if subdaemons are upgraded underneath us. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Fixes: #4346
2026-02-23 06:54:30 +01:00 · 2021-04-16 14:01:24 +09:30
parent 8714bf903c
commit 32d650f9df
6 changed files with 87 additions and 4 deletions
--- a/lightningd/subd.c
+++ b/lightningd/subd.c
@@ -412,8 +412,12 @@ static bool handle_version(struct subd *sd, const u8 *msg)
 		return false;

 	if (!streq(ver, version())) {
-		fatal("subdaemon %s version '%s' not '%s'",
-		      sd->name, ver, version());
+		log_broken(sd->log, "version '%s' not '%s': restarting",
+			   ver, version());
+		sd->ld->try_reexec = true;
+		/* Return us to toplevel lightningd.c */
+		io_break(sd->ld);
+		return false;
 	}
 	return true;
 }
@@ -473,7 +477,7 @@ static struct io_plan *sd_msg_read(struct io_conn *conn, struct subd *sd)
 		goto next;
 	case WIRE_STATUS_VERSION:
 		if (!handle_version(sd, sd->msg_in))
-			goto malformed;
+			goto close;
 		goto next;
 	}