A reasonable detection in configure stage is definitively to prefer.
Not necessarily. It would work, obviously, but would bloat the build.
Compile-time generated headers are kinda painful to manage, and I'd like
to keep their number in check. Also, using configure detection would
make
Hi Shengjing,
With using `CPPFLAGS += -D_GNU_SOURCE -DPATH_MAX=4096`,
skalibs builds on Hurd, execline works fine. (Though I failed to run s6.)
What problems did you get with s6? It should be able to run without
trouble. To me that's a more important issue than the ones you listed
below.
AFAIU skarnet software released under ISC License should include a
license file in it's release tar files as ISC License expects to have
a year and an owner mentioned in the license, isn't it?
There is one. It's conventionally called COPYING.
--
Laurent
Not familiar with autoconf, but I found the following snippet in autoconf code.
https://git.savannah.gnu.org/cgit/autoconf.git/tree/lib/autoconf/c.m4?h=v2.69#n179
```
#if defined __stub_$1 || defined __stub___$1
choke me
#endif
```
I checked on GNU Hurd, __stub_getrandom is defined.
Good
/usr/bin/ld: src/librandom/random_string.lo: in function `random_string':
./src/librandom/random_string.c:26: warning: getrandom is not
implemented and will always fail
And this, ladies and gentlemen, is why 'choose clr' is more reliable
than 'choose cl'.
Unfortunately, the former isn't
src/libunixonacid/textclient_server_init_fromsocket.c:56:3: warning:
dereferencing type-punned pointer will break strict-aliasing rules
[-Wstrict-aliasing]
*(int *)CMSG_DATA(c) = fd[1] ;
^
Yeah, some compilers actually print that warning.
It's annoying, because this is the official
Alternatively, one could use the catch-all logger variant that echoes
logged messages to /dev/console (created by s6-linux-init-maker's '-1'
option), or perform redirections directly in rc.shutdown and
rc.shutdown.final. The first alternative, however, affects logging for
all processes. If the
Hello,
New versions of all the skarnet.org packages are available.
(This only concerns software that already has a numbered release.
Packages that are git-only because they are not complete enough
to warrant an initial release yet, such as bcnm, have been updated
in git, but are not mentioned
I'm using execline on alpine edge (synced today), i noticed that
`unexport` and `importas -u` don't remove the variable from the
environment.
Thanks for the report! I confirm that it's a bug - not in execline,
but in skalibs. It is now fixed in the skalibs git head. A new release
should happen
Thanks to Ilaia's email, I looked into using s6-tlsd, but I'm a bit
confused about what libraries are needed, and hopefully not libressl?
s6-networking can be built against either bearssl or libressl; it's a
choice you make at configure time.
LibreSSL was chosen, you guessed it, because of
s6-tcpserver4d: info: end pid 29407 ip [redacted] signal 11
"signal 11" is a segfault, so you may have found a bug in s6-tlsd, but
I haven't managed to reproduce it.
Did you build s6-networking against bearssl or libressl, and which
version are you using?
Can you please do a "strace -vf -s
I am unable to reproduce the problem on x86_64 with LibreSSL 3.0.2 and
the latest git heads of the skarnet.org software stack. I haven't tried
with the latest stable releases (the next ones are due soon).
Could you please try with the latest gits and see if you still
experience the crash?
Hello,
New versions of all the skarnet.org packages are available.
This is mostly a bugfix release (there was an installation bug in
some circumstances with shared libraries) but some packages, notably
execline and s6, have new, useful features.
The new versions are the following:
Hello,
A small update on my current projects.
- Most important skarnet.org packages are due a new release. If only
to fix a bug that prevents them from properly installing shared
libraries
in some cases.
- The release hasn't been cut yet because things are still evolving and
I don't
Do you mean they don't like editing files and creating symlinks? Do
they want a GUI interface to the service directory tree and the symlink
tree?
No, it's about service startup with s6-rc. They don't want to dive into
the unpalatable blobs that are the set of systemd unit files or the set
of
These are good questions, and I haven't thought about all of them
thoroughly enough.
* s6-rc-db: Changing the group of the 'lock' file in a compiled
dababase and making it group writable allows the group's members to
use the command. s6-rc-db cannot change the database or the service
Do you think that the handshake completes? I'm not sure that execution
is even reaching the stls_run() call; the segfault could have happened
during the tls_handshake() call in stls_s6tlsd() (i.e. while executing
LibreSSL code), and the tls_handshake() call in stls_s6tlsc() would
report a failed
So I guess that means there is either a bug in LibreSSL (oh no), or in
s6-networking's LibreSSL code?
Probably the latter; given your trace, it seems to be the tunnel code
not handling it correctly when it receives a EOF just after the
handshake.
I don't have time to debug it right now, but
Currently, the s6-linux-init-runleveld service is an s6-sudod process
invoked with options -0, -1 and -2. Therefore, if the scripts/runlevel
script prints messages to its standard output, they are lost, because
it is redirected to /dev/null. So it can't do that. And messages
printed to its
#!/usr/bin/execlineb -P
s6-setuidgid uros
emacs --fg-daemon --user uros
```
Though the server starts it cannot connect to the X display. I assume
there's an explicit way to handle this in s6.
Here emacs is launched by your supervision tree, not your user
environment, so it doesn't have access
Hello,
skalibs-2.9.2.1 is out.
I don't typically announce just-bugfix releases, but this one is
important. It fixes a potentially crash-inducing and show-stopping
bug on non-Linux.
(I would have caught it during build tests if I had seen the compiler
warnings, but trying to tailor
Hi Laurent. It's been a while.
:)
Long time no see. :) We'd love to have you on #s6, if you can!
I'm updating my packages to catch up with skalibs, gcc warnings, etc.,
and fd_close() returning void is one of the changes that hit me.
Looking over past discussions, I agree that POSIX is a
Ignoring errors on close isn't good enough for reliably composable programs.
close() generating errors isn't good enough for reliably composable
programs.
Yes, it's a problem. Fixing it isn't my job. It's the job of the
person who implements close().
I agreee that POSIX semantics for
I think that depends on the situation. In many cases, you're right,
there is nothing the program can do about the failure. But in a
program with user interaction, for example, it may make sense to
prompt the user to retry or ignore the failure.
Abort, Ignore, Retry?
Remember that dreaded
Hi. I ran into a problem while porting a service from William
Baxter's ucspi-ssl to s6-tlsserver: $TCPLOCALPORT wasn't being set. I
see that you've designed s6-tcpserver-access to handle setting that
variable, but it doesn't work when run under s6-tlsserver, where it
gets a pipe instead of the
Correction, s6-tlsserver *already* accepts s6-tlsserver options.
I remember keeping s6-tcpserver-access out of it at first, but
apparently
I realized the problem and added support early on.
However, s6-tcpserver-access only gets invoked if you use an option
that explicitly requires it; by
Under the hood, s6-svc -w? forks s6-svwait -?, which itself forks
s6-ftrigrd to monitor the event/ directory. As such, using s6-svc -w?
without a command is equivalent (though slightly slower) than using
s6-svwait directly.
Nitpick: (using s6-svc -uwU as an example; -u to tell s6-supervise to
For s6 latest release 2.9.1.0, I fail to build it on GNU/Hurd.
Hi Shengjing,
Thanks for the report!
It's a bug indeed - and a pretty tricky one. In order to work around
POSIX violations by some systems, skalibs provides certain headers that
need to be included *before* system headers, and
Good catch, thanks for the report.
Your fix isn't ideal though: the correct way is to replace
LIBEXECLINE with EXECLINE_LIB in configure and deps-exe/*, and run
gen-deps.sh again.
(LIBFOOBAR is for in-package libraries, and EXECLINE_LIB for
external ones; gen-deps.sh handles the difference
Done, please try with "s6-tlsserver -e" in the latest s6-networking git
head. If you need an official release, I'll plan one for this month.
--
Laurent
Does execline have introspection features? I would like to determine the
location of an execline script from within that script (like $0 in a
shell script).
Hi Ansgar,
No, it doesn't. The point was to launch the script as fast as possible,
with the shortest possible code path, so anything
Hello,
New versions of some of the skarnet.org packages are available.
This is mostly a bugfix release: bugs have been fixed in every released
package. A .0 release number means that the minor has been bumped
because there are also new features, in which case details are provided
below.
I have a oneshot that needs to perform, let's say, more complex
operations than I'm willing to implement with execline ATM. So I want to
call a regular shell script from the up/down files.
However, since oneshots ignore the shebang I can neither change the
interpreter, nor pass arguments to
Hey Ansgar,
You sent your mail to the skaware mailing-list, which I don't think is
what you wanted to do. ;)
I'll answer it privately in a separate e-mail.
--
Laurent
(Posting my answer to the mailing-list as well afterall, because I'm
not revealing any trade secrets, just general s6-rc behaviour, so it may
be useful to readers who are wondering about s6-rc-update mechanisms.)
After adding a new service to our exclusive policy package we're
observing
Meh. It looks like libressl uses pthreads *unconditionally*, so I added
-lpthread to its linker command line unconditionally as well.
Apparently I didn't build-test in a libressl+glibc configuration, sorry
about that.
Please test with the latest s6-networking git head, and tell me if it
I understand that configure file is unable to link against pthread in
static.
I didn't find any options to add some libs, right?
Sounds like your libressl was built with threads. Bleh.
For now, you can patch package/targets.mak by adding "-lpthread" to
the end of the CRYPTO_LIB definition
In a setup where the supervise subdirectory of a service is a symlink to
some other location (such as with Void where /etc/sv/$svc/supervise is a
symlink to /run/runit/supervise.$svc) and that target does not currently
exist, attempting to run the service via s6 results in a failure.
Thanks
Is there a way to wait starting a service until a device is ready for being
used?
That's a service-specific and nonportable thing, so, there's no generic
solution.
However, if for a given service you have a way to wait until the
device appears, then it's easy.
Pure s6 solution: put the
The log directory is currently treated as a special case, but what if it
didn't need to be?
The only reason for specialcasing the log directory is that s6-svscan
will maintain a pipe between the service's stdout and the logger's
stdin. It's a feature directly inherited from daemontools'
the package is missing a few bits, as in mostly everything not a directory at
top level!
Not sure where you're getting the package from. The tarball on
skarnet.org has everything in it.
https://skarnet.org/software/skalibs/skalibs-2.9.2.1.tar.gz
--
Laurent
Hello,
s6-2.9.2.0 is out.
This release is happening a lot earlier than I intended, but I made a
mistake: I released s6-linux-init-1.0.4.1 (a bugfix version) and it
depends on the new feature of s6-2.9.2.0. So, in order to keep the
latest versions in sync, I have to release s6-2.9.2.0 now.
Hello,
execline-2.6.1.0 is out.
This version features a more expressive format for the envfile binary.
Most of the files that are suitable for a systemd EnvironmentFile=
directive are now parsable with envfile: double quotes are supported,
backslashed newlines are supported, a few C escape
-if (!memchr(delim, delimlen, *s))
+if (!memchr(delim, *s, delimlen))
Ouch. I blame djb's byte_chr(), which has arguments 2 and 3 inverted,
for that one. :)
Applied, thanks!
--
Laurent
Hi Alex,
I noticed that both skalibs and execline have -fno-stack-protector by
default, i haven't found anything related while searching commits or
mailing lists. Is this flag a left over or it's wanted?
It's a nice default for code size and efficiency, when you're
confident enough in
Hi Amitai,
Nice to have you here! What took you so long? ;)
So, the reason why I never followed the ucspi-tls thing is that I
simply
don't like opportunistic TLS. A core tenet of my philosophy is that
dynamic stuff is inherently more dangerous than static stuff, and it is
harmful to have
fixsmtpio(8) sits in this spot and does some of these things. One way to be
sure the SMTP server has reset all internal state after STARTTLS is to kill and
restart it, architecture permitting. fixsmtpio does exactly this. :-)
Yeah, that would work too. My proposed scheme kills the originally
s6-rc-update has a mechanism to help people give instructions on how
to switch databases: the conversion file. However, it is a difficult
tool to use in automated scripts such as svctl, because it requires
writing a file by hand: it has been designed to help smoothen the
transition between two
I think it is possible to achieve this while also respecting the configured
umask.
What do you think?
It really does not matter at all, and the log files permissions are
relaxed by default because it gives the user one and only one place to
set the permissions they want: the log directory.
Hello,
Happy New Year to everyone!
New versions of the skarnet.org packages are available.
This is a major release. The skalibs major version number has been
bumped, which means that compatibility with previous versions is not
ensured. Other packages have been updated to build against the
Unfortunately, after updating to skalibs-2.10.0.1 (downloaded from
https://skarnet.org/software/skalibs/skalibs-2.10.0.1.tar.gz) and recompiling execline
(statically linked) the problem persists. I also tried compiling and installing both of
them on clean system (no previous versions of
Hello,
New skarnet.org packages are available:
skalibs-2.10.0.1
execline-2.7.0.1
s6-2.10.0.1
Those are bugfix releases.
I normally don't announce bugfix releases, but the bugs that have
been fixed here are pretty visible (sorry about that!), so all users
are encouraged to upgrade
I'm using skalibs-2.10.0.0 and execline-2.7.0.0 here in my system. I noticed on my system that
"emptyenv -c" unsets all environment variables just like "emptyenv" does. This
didn't happen with previous versions of execline and skalibs. Has anyone encountered this too?
Already fixed in
Hi Alex,
After the latest updates i noticed that the trap command hangs on exit
(all of my scripts using trap hang at exit), something like:
Fixed in git.
trap: fatal: unable to trap signals: Invalid argument
This one is more difficult: it's caused by the fact that the list of
I'm struggling to figure out how to start a particular initialization when a
service first comes up (since service startup, system startup, or ever).
I'm pretty sure it's well documented, but if the question is phrased
incorrectly, you can search for a long time.
Do you mean that the "start"
i've just finished porting the s6-networking documentation to mdoc:
https://github.com/flexibeast/s6-networking-man-pages/releases/tag/v2.4.0.0.1
And that completely blindsided me. :)
That's awesome! Thanks a lot Alexis!
If it's ready for an announcement, I suppose it is also ready to be
Contributions to... the skalibs documentation??
Is this the real life? Is this just fantasy?
Both patches applied, thanks!
On closer inspection, I also discovered the devino variants have their
arguments rearranged (except for *_internal).
This bothers me though. I clearly didn't
Sorry, I should have clarified that I meant the hypermail links in this page:
* https://www.skarnet.org/lists.html
and I realized minutes after sending the previous messages that they
don't have the "list/" part in the URL, and that's why they don't
work.
Ah, yes. lists.html is a symbolic
Test message, please ignore. Apologies for the noise.
--
Laurent
Hello,
ezmlm-cgi, the web interface to the archives of the skarnet.org
mailing-lists, has been broken for... forever, resulting in an
inability to display certain messages. I tried debugging it, but
could not find out what was happening within a reasonable amount
of time dedicated to it.
A
It did, and I didn't apply the change as suggested, but wrote
something similar. Look at the Notes section of
https://skarnet.org/software/execline/fdmove.html
--
Laurent
Hello,
As some of you are aware of, last week, the Freenode IRC network was
subjected to a forceful change of its operational control. The history
and details of the change are deeply political in nature and very much
off-topic for our lists, and I really do not wish this event to be
On bash, the editor receives ^C and ignores the signal properly.
On execline, foreground receives ^C and closes the whole script,
maybe causing me to lose the work done so far.
execline was not designed to handle interactive scripts: you need
some extra tooling in the presence of job
Isn't job control the task of commands such as `foreground` and
`background`?
No, it's not. "foreground" means that the script waits for the
process being spawned to exit before resuming; "background" means that
the parent and the child execute in parallel. This has nothing to do
with job
The latest s6 git now supports -r and -R operations for s6-svwait.
If testing shows it's good, it will be integrated into the next
release.
--
Laurent
"s6-svwait -wD foo && s6-svwait -wu foo".
Hmf. "s6-svwait -D foo && s6-svwait -U foo", obviously.
--
Laurent
And you mean, just -wr is invalid at all, but -wu not?
s6-svc -w options are really a shortcut for longer command lines
involving s6-svwait and/or s6-svlisten1; I added them as an afterthought
because people wanted them. Then, I added -r options by popular demand
as well.
The problem with
s6-setlock -t 200 -r ...
it'll fail with EBADF:
Thanks for the report! Fixed in git.
--
Laurent
In some cases it is preferential to only explicitly install a subset of
the possible functions that s6-front-end-alias and friends provide.
The --disable-symlinks option will suppress automatic generation of
symlinks on install and instead only install the main binaries.
Applied with some
s6-dnsip: fatal: unable to resolve fakedomain.org: query still
processing
# echo $?
2
I would expect the tool to return “1” as its exit code, since the
domain exists, but has not A/ record.
You're absolutely right and it was a bug.
Should be fixed in git head; bugfix release coming
> It seems that s6-svscan and s6-supervise sets SIGPIPE to ignored
It was a long-time bug indeed, but it has been fixed in 2.10.0.2. :)
If it's still occurring with the latest version of s6, please submit
a strace that illustrates your issue.
--
Laurent
#!/usr/lib/execline/bin/execlineb -P
foreground {
backtick -i file_loc {
fdmove -c 2 1 xmlstarlet sel -t -v //File/Path /etc/some-config.xml
}
importas -iu file_loc file_loc
if -n { test -e $file_loc }
create-file
}
/usr/bin/s6-svscan /service
LGTM. As an addition, if you use
1) I think I misunderstood how the kernel warning works. It may only
apply to images that the kernel execve() itself directly rather than
to any execve() syscall.
Looks like it. Otherwise, I would have seen zillions of warning
messages
in my kernel logs, with all the executable-stack
Fair enough. That's totally fine for self-contained packages in which
you control the build parameters from end-to-end. This may become an
issue with skarnet libraries, such as utmps, that are used with other,
non-skarnet packages. Libutmps pulls in libskarnet and libskarnet
'pollutes' the other
Without the GNU-stack section the
linker reverts to its backwards-compatible default which is to make
the stack executable.
Oh! That's interesting, and actually makes sense. Well, I guess
we've found a reason for the existence of the .note.GNU-stack section,
and stripping it is not as free a
Wow, my client really did a number on the formatting this time.
Sorry about that. Here's a version with, hopefully, better
whitespace.
Hello,
New bugfix versions of all the skarnet.org packages are available.
I normally don't announce bugfix releases, but this one spans all
the packages,
Hello,
New bugfix versions of all the skarnet.org packages are available.
I normally don't announce bugfix releases, but this one spans all
the packages, because it makes an important fix to the build system:
- Libraries and binaries don't have the .note.GNU-stack section
stripped anymore.
Erratum: mdevd's version is 0.1.4.0.
I only did some ad-hoc testing with the only 2 programs that both read
and write to utmp and that I have integrated with utmps: util-linux
login and OpenSSH. And I used the simple tests I attached earlier. All
good.
Cool, thanks. I'll still give it some more thought. The fact that my
earlier
How can I opt-out if the subscription to this email chain? I don’t think it is
related to me.
Regards,
Amin Rasooli
Associate Director, AI Enablement and AI Ops
- This is a mailing-list, not a chain. We do not forward conspiracy
theories; we have legitimate conversations on technical topics.
I'm lamenting the sorry state of basic user administration and
security software on Linux.
You and me both. ;)
I think the communities around my software and related software such
as musl are made of individuals who recognize that there's huge room
for improvement in that area, and try to
What's your take on this? My interpretation of the POSIX doc is that
pututxline(3) should start searching from the last entry found/read,
not from the next entry after it.
Well, yes, as you said, the spec is unclear, but the login(1) and
glibc interpretation makes sense: after a getutxline()
Fixed in git, please try it and tell me if it works for you.
(I simply made the getutx*() functions stay on the current record on
success, instead of pointing to the next record.)
--
Laurent
As of version 0.1.0.0, utmps' configure script ignores the
--with-xtmpd-socket options.
Indeed, thanks for the report, and the patch. Fixed in git.
Bugfix release coming out, uh, at some point in the future when I do
the next batch :)
--
Laurent
Recent versions of the Linux kernel issue a warning when a process
executes an image with an executable stack, as an indicator of a
_potential_ security vulnerability. Such a warning is issued when
execlineb is executed.
I just checked my kernel logs and indeed, I get such a warning as well.
Okay, so the problem is that setting the noexecstack attribute at the
asm level (-Wa,--noexecstack in CFLAGS) is useless: even without it,
.note.GNU-stack is never marked as executable unless you have nested
functions.
What works is setting the attribute at the link level
(-Wl,-z,noexecstack
All my packages, in their git head, now have their Makefile fixed (by
not stripping .note.GNU-stack) and configure changed to not force
noexecstack, so it all defaults to what the toolchain does.
(And indeed the toolchains I was using were bad, because I stripped
.note.GNU-stack from the libc
Finally I sucked up the courage and defined in /boot/loader.conf
init_exec=/root/bin/init_exec.sh
which contains
#!/usr/local/bin/execlineb -S0
redirfd -wnb 1 /m/fifo/catch_all
redirfd -r - /dev/null
fdmove -c 2 1
exec -c /sbin/s6/svscan -t 0 -s /s/scan
And finally /sbin/s6-svscan runs as pid 1.
As the title says. If you put "1234" in the ut_field of the utmpx,
call pututxline() and then read it back, you get "123" back. An od(1)
dump of the utmp file shows that what is stored is 1, 2, 3 and \0.
Yup. Again, it comes down to a lack of specification.
Hello,
New versions of some of the skarnet.org packages are available.
skalibs-2.10.0.2: bugfixes
execline-2.8.0.0: major version bump, but few and low-impact changes
s6-2.10.0.2: bugfixes
s6-linux-init-1.0.6.1: bugfixes
s6-networking-2.4.1.0: minor version bump
Some details:
*
When I try to run the example program in the documentation for case, the
default case is executed every time:
... yeah, that's because the example program in the documentation
was wrong. ^^' (I wrote it with BREs in mind, then made EREs the
default, and ended up with something that works in
Hello,
New versions of all the skarnet.org packages are available.
The changes are, for the most part, minimal: essentially, the new
versions fix a bug in the build system that made cross-building under
slashpackage more difficult than intended. Very few people should
have been impacted
Laurent,
Thanks for the quick turnaround. Let's see if I understand. The key part is
here:
case SIGTERM :
if (flagprotect) break ;
case SIGHUP :
handle_stdin = _stdin ;
if (!indata.len) { prepare_to_exit() ; e = 1 ; }
break ;
The risk is that
So indeed, when an exit signal was received at the same time stdin was
readable (unless your producer is spamming logs, that's a rare event,
which is why I never saw it), prepare_to_exit() was called but the
xindex0 marker was not updated and the remainder of the iteration still
called
Is there any appetite for providing a way for ./run to know the PID of its
parent s6-supervise instance?
This information allows the supervised child to know that it has been orphaned,
and to tie its fate to its parent (eg PDEATHSIG
https://stackoverflow.com/a/36945270).
Using getppid(2)
If getppid() returns 1, it means the service has already been orphaned.
I don't think that's guaranteed by Posix.
Apparently another data point:
https://gist.github.com/gsauthof/8c8406748e536887c45ec14b2e476cbc
I thought it was, but apparently you're right:
IIRC the use case involves signal handling, which causes prepare_to_exit() to
be called in handle_signals(). Once the signal handler returns, stdin is
closed. The mainline continues to refer to the now closed file descriptor, and
emits errors as consequence. The process terminates, but the
I have a problem process that's getting stuck somewhere in its network
code (clearly the right answer is to find/fix the problem, but it's
infrequent and we're up against time constraints...)
I'm looking at just adding a wrapper around it which does something
along the lines of the existing
socket-helper { name1 /run/name1.socket name2 /run/name2.socket } prog
Currently socket-helper is a shell script, as I haven't found a way to
generate the unknown number of `s6-ipcserver-socketbinder /path/sock
fdmove N 0` using just execline. Is this socket-helper (or an
easier-to-implement
User services come with their own batch of design questions to solve,
which are pretty different from the questions raised by system services.
And most of these questions are policy-related, i.e. there's no obvious
answer but the answers strongly depend on what exactly the users want
and how
301 - 400 of 534 matches
Mail list logo
