Age | Commit message (Collapse) | Author | Files | Lines |
|
With Ubuntu 24.04 this service is no longer enabled/installed and so
this bit would fail.
This commit makes it handle both cases (installed/not-installed).
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Bumps <https://github.com/bytecodealliance/wasmtime> from 24.0.0 to
24.0.1.
Fixes:
a runtime crash when combining tail-calls with host imports that
capture a stack trace or trap. GHSA-q8hx-mm92-4wvg
a race condition could lead to WebAssembly control-flow integrity and
type safety violations. GHSA-7qmx-3fpx-r45m
Link: Release notes <https://github.com/bytecodealliance/wasmtime/releases>
Link: Changelog <https://github.com/bytecodealliance/wasmtime/blob/main/docs/WASI-some-possible-changes.md>
Link: Commits <https://github.com/bytecodealliance/wasmtime/compare/v24.0.0...v24.0.1>
Signed-off-by: dependabot[bot] <support@github.com>
[ Tweaked commit message/subject - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
There has been a long standing clang-analyzer issue in
nxt_process_check_pid_status(), well ever since I introduced this
function in commit b0e2d9d0a ("Isolation: Switch to fork(2) & unshare(2)
on Linux."),
It is complaining that there are cases where 'status' could be returned
with an undefined or garbage value.
Now I'm convinced this can't happen
If nxt_process_pipe_timer() returns NXT_OK
read(2) the status value
If the read(2) failed or if we got NXT_ERROR from
nxt_process_pipe_timer(), NXT_OK (0) and NXT_ERROR (-1) are the only
possible return values here, then we set status to -1
I don't see a scenario where status is either not set by the read(2) or
not set to -1.
Now I'm not a fan of initialising variables willy-nilly, however, in
this case if we initialise status to -1, then we can simply remove the
if (ret <= 0) {
check. So it closes this (non-)issue but also provides a little code
simplification.
NOTE: There is no need to check the return from the read(2) here. We are
reading a single byte, we either get it or don't.
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Signed-off-by: Ava Hahn <a.hahn@f5.com>
|
|
Signed-off-by: Ava Hahn <a.hahn@f5.com>
|
|
The function nxt_term_parse() is able to take strings with trailing
whitespace e.g. "1w1d ", add a test case to cover such things.
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Both clang-analyzer and coverity flagged an issue in nxt_term_parse()
that we set 'state = st_letter' but then set it to 'state = st_space'
before using it.
While we could simply remove the first assignment and placate the
analyzers, upon further analysis it seems that there is some more
cleanup that could be done in this function.
This commit addresses the above issue, subsequent commits will continue
the cleanup.
To solve the unused assignment issue we can get rid of the
'state == st_letter'
assignment and unconditionally execute the code that was behind the
if (state != st_letter) {
guard. If we're not handling a space then we should have either a digit
or letter.
Also, perhaps more importantly, this if () statement would never be
false at this point as state would never == st_letter.
We may as well also remove the st_letter enum value.
The src/test/nxt_term_parse_test.c still passes
tests: [notice] term parse test passed
NOTE: Although this function is not currently used in Unit (only by
src/test/nxt_term_parse_test.c), it is probably worth cleaning it up and
solving one of the open clang-analyzer (and coverity) issues.
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Due to 'char' (unless explicitly set) being signed or unsigned depending
on architecture, e.g on x86 it's signed, while on Arm it's unsigned,
this can lead to subtle bugs such if you use a plain char as a byte
thinking it's unsigned on all platforms (maybe you live in the world of
Arm).
What we can do is tell the compiler to treat 'char' as unsigned by
default, thus it will be consistent across platforms. Seeing as most of
the time it doesn't matter whether char is signed or unsigned, it
really only matters when you're dealing with 'bytes', which means it
makes sense to default char to unsigned.
The Linux Kernel made this change at the end of 2022.
This will also allow in the future to convert our u_char's to char's
(which will now be unsigned) and pass them directly into the libc
functions for example, without the need for casting.
Here is what the ISO C standard has to say
From §6.2.5 Types ¶15
The three types char, signed char, and unsigned char are collectively
called the character types. The implementation shall define char to
have the same range, representation, and behavior as either signed
char or unsigned char.[45]
and from Footnote 45)
CHAR_MIN, defined in <limits.h>, will have one of the values 0 or
SCHAR_MIN, and this can be used to distinguish the two options.
Irrespective of the choice made, char is a separate type from the
other two and is not compatible with either.
If you're still unsure why you'd want this change...
It was never clear to me, why we used u_char, perhaps that was used as
an alternative to -funsigned-char...
But that still leaves the potential for bugs with char being unsigned vs
signed...
Then because we use u_char but often need to pass such things into libc
(and perhaps other functions) which normally take a 'char' we need to
cast these cases.
So this change brings at least two (or more) benefits
1) Removal of potential for char unsigned vs signed bugs.
2) Removal of a bunch of casts. Reducing casting to the bare minimum
is good. This helps the compiler to do proper type checking.
3) Readability/maintainability, everything is now just char...
What if you want to work with bytes?
Well with char being unsigned (everywhere) you can of course use char.
However it would be much better to use the uint8_t type for that to
clearly signify that intention.
Link: <https://lore.kernel.org/lkml/Y1Bfg06qV0sDiugt@zx2c4.com/>
Link: <https://lore.kernel.org/lkml/20221019203034.3795710-1-Jason@zx2c4.com/>
Link: <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3bc753c06dd02a3517c9b498e3846ebfc94ac3ee>
Link: <https://www.iso-9899.info/n1570.html#6.2.5p15>
Suggested-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Better late than never!
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
|
|
|
|
|
|
Unit 1.33.0 release.
|
|
This is autogenerated from docs/changes.xml by
$ make -C docs/ changes && mv build/CHANGES .
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Signed-off-by: Ava Hahn <a.hahn@f5.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
CONTROL_SOCKET_ADDRESS is singular, adds note that the flag can be
specified multiple times, and adjusts code to print
CONTROL_SOCKET_ADDRESS as singular.
Signed-off-by: Gabor Javorszky <g.javorszky@f5.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Signed-off-by: Gabor Javorszky <g.javorszky@f5.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
The correct capitalisation of the name of the software is Unit, not all
caps.
Signed-off-by: Gabor Javorszky <g.javorszky@f5.com>
[ A bunch more s/UNIT/Unit/ - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
All new NGINX projects are created from the template repository which
has a SECURITY.md file in it. This adopts the file.
NOTE; We wrap the file around the 76-78 character mark for consistency
and readability.
Link: <https://github.com/nginxinc/template-repository>
Closes: https://github.com/nginx/unit/issues/1408
Signed-off-by: Gabor Javorszky <g.javorszky@f5.com>
[ Tweaked commit message - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
This comes after internal conversation with the NGINX security council.
Signed-off-by: Gabor Javorszky <g.javorszky@f5.com>
|
|
Signed-off-by: Gabor Javorszky <g.javorszky@f5.com>
|
|
Signed-off-by: Gabor Javorszky <g.javorszky@f5.com>
|
|
The two files under unit-openapi/.openapi-generator/, FILES and VERSIONS
are auto-generated.
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
On some Python 3.11 systems, 3.11.9 & 3.11.10, we were seeing a crash
triggered by Py_Finalize() in nxt_python_atexit() when running one of
our pytests, namely
test/test_python_factory.py::test_python_factory_invalid_callable_value
2024/09/12 15:07:29 [alert] 5452#5452 factory "wsgi_invalid_callable" in module "wsgi" can not be called to fetch callable
Fatal Python error: none_dealloc: deallocating None: bug likely caused by a refcount error in a C extension
Python runtime state: finalizing (tstate=0x00007f560b88a718)
Current thread 0x00007f560bde7ad0 (most recent call first):
<no Python frame>
2024/09/12 15:07:29 [alert] 5451#5451 app process 5452 exited on signal 6 (core dumped)
This was due to
obj = PyDict_GetItemString(PyModule_GetDict(module), callable);
in nxt_python_set_target() which returns a *borrowed* reference, then
due to the test meaning this is a `None` object we `goto fail` and call
Py_DECREF(obj);
which then causes `Py_Finalize()` to blow up.
The simple fix is to just increment its reference count before the `goto
fail`.
Note: This problem only showed up under (the various versions of Python
we test on); 3.11.9 & 3.11.10. It doesn't show up under; 3.6, 3.7, 3.9,
3.10, 3.12
Cc: Konstantin Pavlov <thresh@nginx.com>
Closes: https://github.com/nginx/unit/issues/1413
Fixes: a9aa9e76d ("python: Support application factories")
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
When the client closes the connection before the upstream,
the proxy's error handler was calling cleanup operation like
peer close and request close twice, this fix ensures the cleanup
is performed only once, improving proxy stability.
Closes: https://github.com/nginx/unit/issues/828
|
|
Suppress the output from cargo-component when we first run it to check
if it's available, otherwise you may see the following
$ pytest test/test_wasm-wasi-component.py
which: no go in (/home/andrew/.local/bin:/home/andrew/bin:/usr/share/Modules/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin)
error: no such command: `component`
View all installed commands with `cargo --list`
Find a package to install `component` with `cargo search cargo-component
Note: This didn't stop the tests from working, just an aesthetic issue.
Closes: https://github.com/nginx/unit/issues/1410
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Don't try and run the tests that require njs if it isn't enabled.
Closes: https://github.com/nginx/unit/issues/1411
Fixes: 43c4bfdcd ("tests: "if" option in http route match")
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
This will catch changes to the likes of wasmtime and njs.
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
With commit 9998918db ("Packages: bump wasmtime to 24.0.0 and
wasi-sysroot to 24.0.") the paths to the wasmtime C API include and lib
directories changed which broke the wasm ci tests.
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Wasm module is now not built for Amazon Linux 2, Debian 11 and Ubuntu
2.0.04, since it requires cmake version newer than what's available on
those OSes. wasm-wasi-component is not affected.
|
|
- Adds `unitctl/` prefix to tags generated by manual workflow runs.
Previously, only release titles (but not tags) were prefixed.
- Omits superfluous `name` field; falls back to `tag` when absent.
- Removes unnecessary conditional from `prelease` field.
This results in the following tagging / releasing behavior:
1. Running manually creates a pre-release and tags it `unitctl/VERSION`
2. Pushing a tag formatted like `x.y.z` creates a normal release
Refines: 3501a50ffb93756e145295021ff9313ac77f1ba9
|
|
[ Tweaked subject - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
While the C based wasm language module inherits the process environment
the Rust based wasm-wasi-component language module did not.
One upshot of this is that with wasm-wasi-component you don't get access
to any environment variables specified in the Unit configuration.
wasm-wasi-component was based on wasmtime 17.0.0. This capability wasn't
added to the wasmtime-crate until version 20.0.0.
Now that wasm-wasi-component has been updated to a newer wasmtime-crate
we can enable this functionality.
Closes: https://github.com/nginx/unit/issues/1312
[ Commit message - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Signed-off-by: Ava Hahn <a.hahn@f5.com>
|
|
We now have tests for this module via commit cad6aed52 ("Tests: initial
"wasm-wasi-component" test").
We need to install cargo-component for this test target.
Also the only way I found I could get this test to run was by running as
non-root. The issue I was seeing was that despite cargo being installed
into /home/runner/.cargo/bin *and* that being in the path, it kept
claiming it couldn't find cargo. E.g.
$ sudo -E echo $PATH
Showed /home/runner/.cargo/bin in there.
$ sudo -E /home/runner/.cargo/bin/cargo -V
Worked.
$ sudo -E cargo -V
cargo command not found.
(Also other oddities, despite claiming to be using bash, it couldn't
find shell builtins like 'hash' and 'export', perhaps some Ubuntu
weirdness...)
However, no problem, there is *no* need for it run as root anyway so
result!
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Rename this to 'test_wasm-wasi-component.py' to match the language
module name and the name as used in the CI.
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Changes are afoot... wasm32-wasi has been renamed wasm32-wasip1, there
is also a wasm32-wasip2 (seems not yet fully realised) and wasm32-wasi
is being kept clear for an eventual WASI 1.0 release.
cargo-component targets wasm32-wasip1 by default and adapts the module
to the preview2 version of WASI supported by the component model.
This means that the component is now found under
target/wasm32-wasip1/...
Link: <https://doc.rust-lang.org/nightly/rustc/platform-support/wasm32-wasip1.html>
Link: <https://github.com/bytecodealliance/cargo-component/blob/main/README.md#wasi-support>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
We can now get list objects from the /status endpoint in the case of
having different versions of the same language module.
That led to this error
> return d1 - d2
E TypeError: unsupported operand type(s) for -: 'list' and 'list'
We already cover a similar case for when we have simple strings so add
this to that.
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
This directory is needed for contribs to function.
|
|
Probably not needed now...
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
This is no longer needed since GitHub is our primary repository now.
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
|
|
Closes: https://github.com/nginx/unit/issues/1352
|
|
|
|
|
|
This was found via ASan.
Given a listener address like ":" (or any address where the first
character is a colon) we can end up under-reading the addr->start
buffer here
if (nxt_slow_path(*(buf + length - 1) == '.')) {
due to length (essentially the position of the ":" in the string) being
0.
Seeing as any address that starts with a ":" is invalid Unit config
wise, we should simply reject the address if length == 0 in
nxt_sockaddr_inet_parse().
Link: <https://clang.llvm.org/docs/AddressSanitizer.html>
Signed-off-by: Arjun <pkillarjun@protonmail.com>
[ Commit message - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|