Fix bug 1066.

If all authorities restart at once right before a consensus vote, nobody
will vote about "Running", and clients will get a consensus with no usable
relays. Instead, authorities refuse to build a consensus if this happens.

ChangeLog

@@ -28,6 +28,10 @@ Changes in version 0.2.2.6-alpha - 2009-10-??
       to establish a circuit with us using weak DH keys. It's a protocol
       violation, but that doesn't mean ordinary users need to hear about
       it. Fixes the bug part of bug 1114. Bugfix on 0.1.0.13.
+    - If all authorities restart at once right before a consensus vote,
+      nobody will vote about "Running", and clients will get a consensus
+      with no usable relays. Instead, authorities refuse to build a
+      consensus if this happens. Bugfix on 0.2.0.10-alpha; fixes bug 1066.
 
 
 Changes in version 0.2.2.5-alpha - 2009-10-11

src/or/dirvote.c

@@ -2304,7 +2304,7 @@ static int
 dirvote_compute_consensuses(void)
 {
   /* Have we got enough votes to try? */
-  int n_votes, n_voters;
+  int n_votes, n_voters, n_vote_running = 0;
   smartlist_t *votes = NULL, *votestrings = NULL;
   char *consensus_body = NULL, *signatures = NULL, *votefile;
   networkstatus_t *consensus = NULL;
@@ -2324,6 +2324,19 @@ dirvote_compute_consensuses(void)
              "%d of %d", n_votes, n_voters/2);
     goto err;
   }
+  tor_assert(pending_vote_list);
+  SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, v, {
+    if (smartlist_string_isin(v->vote->known_flags, "Running"))
+      n_vote_running++;
+  });
+  if (!n_vote_running) {
+    /* See task 1066. */
+    log_warn(LD_DIR, "Nobody has voted on the Running flag. Generating "
+                     "and publishing a consensus without Running nodes "
+                     "would make many clients stop working. Not "
+                     "generating a consensus!");
+    goto err;
+  }
 
   if (!(my_cert = get_my_v3_authority_cert())) {
     log_warn(LD_DIR, "Can't generate consensus without a certificate.");