Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package catatonit for openSUSE:Factory checked in at 2021-09-20 23:32:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/catatonit (Old) and /work/SRC/openSUSE:Factory/.catatonit.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "catatonit" Mon Sep 20 23:32:16 2021 rev:8 rq:919465 version:0.1.6 Changes: -------- --- /work/SRC/openSUSE:Factory/catatonit/catatonit.changes 2020-09-15 16:24:56.594404528 +0200 +++ /work/SRC/openSUSE:Factory/.catatonit.new.1899/catatonit.changes 2021-09-20 23:33:04.463167736 +0200 @@ -1,0 +2,9 @@ +Thu Sep 16 05:16:12 UTC 2021 - Aleksa Sarai <[email protected]> + +- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to + socket activation or features somewhat adjacent to socket activation (such as + passing file descriptors). +- Update catatonit-rpmlintrc in order to cover that static binaries are now an + error not a warning. + +------------------------------------------------------------------- Old: ---- catatonit-0.1.5.tar.xz catatonit-0.1.5.tar.xz.asc New: ---- catatonit-0.1.6.tar.xz catatonit-0.1.6.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ catatonit.spec ++++++ --- /var/tmp/diff_new_pack.uMPKfL/_old 2021-09-20 23:33:05.811169402 +0200 +++ /var/tmp/diff_new_pack.uMPKfL/_new 2021-09-20 23:33:05.815169407 +0200 @@ -1,7 +1,7 @@ # # spec file for package catatonit # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: catatonit -Version: 0.1.5 +Version: 0.1.6 Release: 0 Summary: A signal-forwarding process manager for containers License: GPL-3.0-or-later ++++++ catatonit-0.1.5.tar.xz -> catatonit-0.1.6.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/catatonit-0.1.5/.travis.yml new/catatonit-0.1.6/.travis.yml --- old/catatonit-0.1.5/.travis.yml 2020-03-02 17:11:24.000000000 +0100 +++ new/catatonit-0.1.6/.travis.yml 1970-01-01 01:00:00.000000000 +0100 @@ -1,30 +0,0 @@ -# catatonit: a container init so simple it's effectively brain-dead -# Copyright (C) 2018 SUSE LLC -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <https://www.gnu.org/licenses/>. - -os: linux -language: c - -compiler: - - gcc - - clang - -notifications: - email: false - -script: - - autoreconf -fi && ./configure && make - - file ./catatonit | grep 'statically linked' -# TODO: Add tests. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/catatonit-0.1.5/README.md new/catatonit-0.1.6/README.md --- old/catatonit-0.1.5/README.md 2020-03-02 17:11:24.000000000 +0100 +++ new/catatonit-0.1.6/README.md 2021-09-16 03:47:50.000000000 +0200 @@ -38,6 +38,7 @@ catatonit uses autotools for building, so building is a fairly standard: ``` +% ./autogen.sh % ./configure % make % sudo make install diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/catatonit-0.1.5/catatonit.c new/catatonit-0.1.6/catatonit.c --- old/catatonit-0.1.5/catatonit.c 2020-03-02 17:11:24.000000000 +0100 +++ new/catatonit-0.1.6/catatonit.c 2021-09-16 03:47:50.000000000 +0200 @@ -21,6 +21,7 @@ #include <fcntl.h> #include <signal.h> #include <stdarg.h> +#include <string.h> #include <stdio.h> #include <stdlib.h> #include <stdbool.h> @@ -31,6 +32,14 @@ #include <sys/stat.h> #include <sys/types.h> #include <sys/wait.h> +#include <limits.h> +#include <dirent.h> + +#ifdef HAVE_CLOSE_RANGE +# include <linux/close_range.h> +#else +# include <sys/syscall.h> +#endif #include "config.h" @@ -102,6 +111,9 @@ static void version(void) { + // The name is intentional to make `docker-info` happy: docker is hard-coded + // against `tini`. This is an (unfortunate) hack to make it work nicely with + // catatonit. fprintf(stdout, "tini version %s_%s\n", PROGRAM_VERSION, PROGRAM_NAME); } @@ -129,10 +141,107 @@ * don't want to forward these to the child, as it will just confuse them. If * we get one of these, we let ourselves die rather than just carrying on. */ -int kernel_signals[] = {SIGFPE, SIGILL, SIGSEGV, SIGSEGV, SIGBUS, SIGABRT, SIGTRAP, SIGSYS}; +int kernel_signals[] = {SIGFPE, SIGILL, SIGSEGV, SIGBUS, SIGABRT, SIGTRAP, SIGSYS}; #define ARRAY_LEN(arr) (sizeof(arr) / sizeof(*arr)) +#ifndef HAVE_CLOSE_RANGE +static int close_range(unsigned int fd, unsigned int max_fd, unsigned int flags) +{ +# ifdef __NR_close_range + return (int) syscall(__NR_close_range, fd, max_fd, flags); +# else + errno = ENOSYS; + return -1; +# endif +} +#endif + +/* + * Close every fd >= n that is different from exclude_fd using close_range. + */ +static int close_range_fds_ge_than(int n, int exclude_fd) +{ + int r, saved_errno = 0; + + /* exclude_fd is not in the [n, UINT_MAX] range. */ + if (exclude_fd < n) + return close_range(n, UINT_MAX, 0); + + /* exclude_fd is the first fd in the [n, UINT_MAX] range. */ + if (exclude_fd == n) + return close_range(n + 1, UINT_MAX, 0); + + /* exclude_fd is between n and UINT_MAX. */ + errno = 0; + r = close_range(n, exclude_fd - 1, 0); + /* + * attempt to close as many FDs as possible but return an error + * if the close_range() failed. + */ + if (exclude_fd < UINT_MAX) { + saved_errno = errno; + r = close_range(exclude_fd + 1, UINT_MAX, 0); + /* If the previous call failed, restore errno. */ + if (saved_errno != 0) { + r = -1; + errno = saved_errno; + } + } + return r; +} + +/* + * Close every fd >= n that is different from exclude_fd. + */ +static int close_fds_ge_than(int n, int exclude_fd) +{ + struct dirent *next; + int failures = 0; + DIR *dir; + int fd; + int r; + + if (close_range_fds_ge_than(n, exclude_fd) == 0) + return 0; + + /* Fallback when close_range fails. */ + debug("close_range() failed, fallback to close() each open FD: %m"); + + dir = opendir("/proc/self/fd"); + if (dir == NULL) { + debug("cannot opendir /proc/self/fd: %m"); + return -1; + } + + fd = dirfd(dir); + for (next = readdir(dir); next; next = readdir(dir)) { + const char *name = next->d_name; + long long val; + + if (name[0] == '.') + continue; + + val = strtoll(name, NULL, 10); + if (val < n || val == fd || val == exclude_fd) + continue; + + r = close(val); + if (r < 0) { + debug("cannot close %d: %m", val); + failures++; + } + } + + r = closedir(dir); + if (r < 0) { + debug("cannot close %d: %m", fd); + failures++; + } + + return -failures; +} + /* * Makes the current process a "foreground" process, by making it the leader of * a process group and session leader. It also updates the sigmask to include @@ -152,7 +261,7 @@ * using STDIN_FILENO) is the the file descriptor could be duped over, but * we still should become the controlling process. */ - int ttyfd = open("/dev/tty", O_RDWR); + int ttyfd = open("/dev/tty", O_RDWR|O_CLOEXEC); if (ttyfd < 0) { info("using stdin as tty fd: could not open /dev/tty: %m"); ttyfd = STDIN_FILENO; @@ -187,10 +296,43 @@ break; } } + if (ttyfd != STDIN_FILENO) + close(ttyfd); return 0; } /* + * If the LISTEN_PID environment variable is set to the parent pid, rewrite it to + * point to the current pid. + */ +static void rewrite_listen_pid_env() +{ + char *listen_pid = getenv("LISTEN_PID"); + long long val; + + if (listen_pid == NULL) + return; + + errno = 0; + val = strtoll(listen_pid, NULL, 10); + if (errno == ERANGE) { + warn("LISTEN_PID has an invalid value"); + return; + } + + if (val == getppid()) { + char pid_str[32]; + int r; + + snprintf(pid_str, sizeof(pid_str), "%d", getpid()); + + r = setenv("LISTEN_PID", pid_str, 1); + if (r < 0) + warn("could not overwrite env variable LISTEN_PID: %m"); + } +} + +/* * Spawn a child process with the given arguments and signal map and make it a * faux-pid1 by placing it in the foreground. This is the main process which * catatonit is going to be managing throughout its life. @@ -204,6 +346,8 @@ return child; } + rewrite_listen_pid_env(); + /* * We are now in the child. Set up our sigmask, put ourselves in the * foreground, and then finally exec (with the environment inherited). @@ -213,7 +357,7 @@ if (sigprocmask(SIG_SETMASK, sigmask, NULL) < 0) bail("failed to reset sigmask: %m"); - execvpe(file, argv, __environ); + execvpe(file, argv, environ); bail("failed to exec pid1: %m"); } @@ -358,6 +502,9 @@ bail("self-check that pid1 (%d) was spawned failed: %m", pid1); debug("pid1 (%d) spawned: %s", pid1, argv[0]); + if (close_fds_ge_than(3, sfd) < 0) + warn("failed to close some file descriptor in range >=3"); + /* * The "pid" we send signals to. With -g we send signals to the entire * process group which pid1 is in, which is represented by a -ve pid. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/catatonit-0.1.5/configure.ac new/catatonit-0.1.6/configure.ac --- old/catatonit-0.1.5/configure.ac 2020-03-02 17:11:24.000000000 +0100 +++ new/catatonit-0.1.6/configure.ac 2021-09-16 03:47:50.000000000 +0200 @@ -15,7 +15,7 @@ # along with this program. If not, see <https://www.gnu.org/licenses/>. AC_PREREQ([2.69]) -AC_INIT([catatonit], [0.1.5], [https://bugs.opensuse.org/], [], [https://github.com/openSUSE/catatonit/]) +AC_INIT([catatonit], [0.1.6], [https://bugs.opensuse.org/], [], [https://github.com/openSUSE/catatonit/]) AM_INIT_AUTOMAKE([-Wall foreign]) LT_PREREQ([2.4.2]) @@ -24,6 +24,8 @@ AC_CHECK_HEADERS([errno.h fcntl.h signal.h stdarg.h stdio.h stdlib.h unistd.h]) AC_CHECK_HEADERS([sys/prctl.h sys/signalfd.h sys/stat.h sys/types.h sys/wait.h]) +AC_CHECK_FUNCS([close_range]) + AC_TYPE_PID_T AC_FUNC_FORK ++++++ catatonit-rpmlintrc ++++++ --- /var/tmp/diff_new_pack.uMPKfL/_old 2021-09-20 23:33:05.899169510 +0200 +++ /var/tmp/diff_new_pack.uMPKfL/_new 2021-09-20 23:33:05.899169510 +0200 @@ -1,3 +1,3 @@ # We need catatonit to be statically linked. -addFilter ("^catatonit.*: W: statically-linked-binary /usr/bin/catatonit") +addFilter ("^catatonit.*: [EW]: statically-linked-binary /usr/bin/catatonit") addFilter ("^catatonit.*: W: position-independent-executable-suggested /usr/bin/catatonit")
