Move to destination not atomic

[kennylevinsen]

When creating thumbnails, thumbnailer creates temporary files in what is returned by std::env::temp_dir() (this will generally be /tmp), and then runs the mv command to move them into place.

Move can only be atomic within the same filesystem, using the rename system call. As /tmp is commonly tmpfs, the move will commonly be crossing filesystem boundaries, this is not possible, and the mv command ends up doing a copy instead.

This renders the entire operation moot, as this copy is no better than just writing straight to the destination in the first place.

The way this is usually dealt with is to use the destination for the temp file using temporary name (e.g. <MD5_OF_URI>_tmp.png or <MD5_OF_URI>.png.tmp).