| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Arjun <pkillarjun@protonmail.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
* default behavior is now a read write application mount
* use can specify a flag (-r) to mount app dir as read only
Signed-off-by: Ava Hahn <a.hahn@f5.com>
|
|
|
|
|
|
|
|
Signed-off-by: Ava Hahn <a.hahn@f5.com>
|
|
Signed-off-by: Ava Hahn <a.hahn@f5.com>
|
|
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.64 to 0.10.66.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.64...openssl-v0.10.66)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
Bumps <https://github.com/github/codeql-action> from 2 to 3.
Link: Release notes <https://github.com/github/codeql-action/releases>
Link: Changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>
Link: Commits <https://github.com/github/codeql-action/compare/v2...v3>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Fixes: 965fc94e ("fuzzing: add fuzzing infrastructure in build system")
Fixes: 5b65134c ("fuzzing: add a basic README")
Signed-off-by: Arjun <pkillarjun@protonmail.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
There are multiple false positive bugs in harness due to improper
use of the internal API.
Fixes: a93d878e ("fuzzing: add fuzzing targets")
Signed-off-by: Arjun <pkillarjun@protonmail.com>
[ Removed private links - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Signed-off-by: Arjun <pkillarjun@protonmail.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Fixes: 707f4ef8 ("status: Show list of loaded language modules")
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
As the comment for 'Memory-only buffers' says
"... it is equal to offsetof(nxt_buf_t, file.pos)"
and
"... that is it is nxt_buf_t without file and mmap part"
Those are at odds with each other, 'file.pos' comes _after_ 'file' in
the nxt_buf_t structure.
Fix the 'offset()' bit of the comment to reflect that and to match the
relevant macro
#define NXT_BUF_MEM_SIZE offsetof(nxt_buf_t, file)
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Now that the `/status` endpoint returns a list of loaded language
modules, e.g
{
"modules": {
"python": {
"version": "3.12.2",
"lib": "/opt/unit/modules/python.unit.so"
},
...
...
}
This broke 'test/test_status.py' in a number of ways
1) The check for all the object values being 0 at startup is no longer
true with the modules section.
2) The find_diffs() check broke trying to subtract strings from
strings.
So don't include the 'modules' section in the check_zeros() check and in
the find_diffs() check, if we're dealing with strings do a basic
compare returning that value instead.
[ Commit message - Andrew ]
Co-developed-by: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
When querying the '/status' node in the control API, display the list of
currently loaded modules.
So we now get something like
{
"modules": {
"python": [
{
"version": "3.12.3",
"lib": "/opt/unit/modules/python.unit.so"
},
{
"version": "3.12.1",
"lib": "/opt/unit/modules/python-3.12.1.unit.so"
}
],
"wasm": {
"version": "0.1",
"lib": "/opt/unit/modules/wasm.unit.so"
},
"wasm-wasi-component": {
"version": "0.1",
"lib": "/opt/unit/modules/wasm_wasi_component.unit.so"
}
},
...
}
This can be useful for debugging to show exactly what modules Unit has
loaded _and_ from where.
Closes: https://github.com/nginx/unit/issues/1343
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
The nxt_app_lang_module_t structure contains various bits of information
as obtained from the nxt_app_module_t structure that language modules
define.
One bit of information that is in the nxt_app_module_t but not in the
nxt_app_lang_module_t is the language module name.
Having this name flowed through will be useful for displaying the loaded
language modules in the /status endpoint.
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
In nxt_status_get() call nxt_conf_set_member() multiple times to set the
main /status json sections.
Previously this used hard coded values, 0, 1, 2 etc, if you wanted to
change the order or insert new sections it could mean renumbering all
these.
Instead use a variable to track this index which starts at 0 and is
simply incremented in each call of nxt_conf_set_member().
Currently this is only for the main outer sections, but can be
replicated for inner sections if required.
This is a preparatory patch for adding a new "modules" section at the
top.
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
This is yet more missed constification, due in this case to me searching
for 'static nxt_str_t ' but these only having a single space after the
type...
Anyway no problem, this can be a preparatory patch for adding further
/status information...
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
FreeBSD introduced sha512sum binary in version 14, but with slightly
incompatible flags as compared to Linux version. This change makes it
work in both worlds.
|
|
This commit refactors the CLI code to accept
multiple instances of the control socket flag.
All subcommands except for edit and save now
support being run against multiple specified
instances of unitd.
* control_socket_addresses CLI field is now a vector
* centralize error related logic into the error module
* wait_for_socket now returns a vector of sockets. all
sockets in vector are waited upon and validated
* extraneous code is removed
* applications, execute, import, listeners, and status
commands all run against N control sockets now
* edit and save commands return error when run against
a single control socket
Signed-off-by: Ava Hahn <a.hahn@f5.com>
|
|
Normally when the language modules are built, they are built directly
into the build/lib/unit/modules/ directory.
This then allows Unit to find them without being installed. This is
useful for things like the pytests.
This wasn't happening for the wasm-wasi-component language module. So we
now copy it over and give it the right name as part of the make/build
process.
Reported-by: Andrei Zeliankou <zelenkov@nginx.com>
Fixes: 4e6d7e876 ("Wasm-wc: Wire it up to the build system")
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
|
|
|
|
|
|
The default on Ubuntu 24.04 and newer is now -D_FORTIFY_SOURCE=3 which
clashes with our definition. We shouldnt be setting it for Ubuntus
anyway since _FORTIFY_SOURCE=2 for older distros is already handled by
the defaults in their gcc builds.
|
|
|
|
|
|
These somehow got missed in my previous constification patches...
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Previously, the certificate deletion only handled string type
certificates, causing issues when certificates were specified
as an array in the configuration.
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Add the following tests cases:
1. When "factory" key is used inside the "targets" option.
2. When "factory" key is used at the root level of python application
config.
3. When factory returns invalid callable or When factory is invalid
callable
Link: <https://github.com/nginx/unit/pull/1336>
[ Commit subject & message formatting tweaks - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Adds support for the app factory pattern to the Python language module.
A factory is a callable that returns a WSGI or ASGI application object.
Unit does not support passing arguments to factories.
Setting the `factory` option to `true` instructs Unit to treat the
configured `callable` as a factory.
For example:
"my-app": {
"type": "python",
"path": "/srv/www/",
"module": "hello",
"callable": "create_app",
"factory": true
}
This is similar to other WSGI / ASGI servers. E.g.,
$ uvicorn --factory hello:create_app
$ gunicorn 'hello:create_app()'
The factory setting defaults to false.
Closes: https://github.com/nginx/unit/issues/1106
Link: <https://github.com/nginx/unit/pull/1336#issuecomment-2179381605>
[ Commit message - Dan / Minor code tweaks - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
njs changed strings API so now instead of njs_vm_value_string_set() used
njs_vm_value_string_create() as a drop-in replacement.
Link: <https://github.com/nginx/njs/commit/5730d5ffe23a4965c001d873695d22005fcfa588>
|
|
This issue was found with oss-fuzz.
==18420==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55dd798a5797 in nxt_vsprintf unit/src/nxt_sprintf.c:163:31
#1 0x55dd798d5bdb in nxt_conf_vldt_error unit/src/nxt_conf_validation.c:1525:11
#2 0x55dd798dd4cd in nxt_conf_vldt_var unit/src/nxt_conf_validation.c:1560:16
#3 0x55dd798dd4cd in nxt_conf_vldt_if unit/src/nxt_conf_validation.c:1592:16
#4 0x55dd798d55f4 in nxt_conf_vldt_object unit/src/nxt_conf_validation.c:2815:23
#5 0x55dd798d6f84 in nxt_conf_vldt_access_log unit/src/nxt_conf_validation.c:3426:11
#6 0x55dd798d55f4 in nxt_conf_vldt_object unit/src/nxt_conf_validation.c:2815:23
#7 0x55dd798d47bd in nxt_conf_validate unit/src/nxt_conf_validation.c:1421:11
#8 0x55dd79871c82 in LLVMFuzzerTestOneInput unit/fuzzing/nxt_json_fuzz.c:67:5
#9 0x55dd79770620 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
#10 0x55dd7975adb4 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6
#11 0x55dd7976084a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9
#12 0x55dd7978cc42 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#13 0x7e8192213082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16
#14 0x55dd7975188d in _start
Uninitialized value was created by an allocation of 'error.i' in the stack frame
#0 0x55dd798dd42b in nxt_conf_vldt_var unit/src/nxt_conf_validation.c:1557:5
#1 0x55dd798dd42b in nxt_conf_vldt_if unit/src/nxt_conf_validation.c:1592:16
The issue was in nxt_tstr_test() where we create an error message with
nxt_sprintf(), where this error message is then later used with the
'%s' format specifier which expects a nul-terminated string, but by
default nxt_sprintf() doesn't nul-terminate, you must use the '%Z'
specifier to signify a '\0' at the end of the string.
Signed-off-by: Arjun <pkillarjun@protonmail.com>
Co-developed-by: Zhidao HONG <z.hong@f5.com>
Signed-off-by: Zhidao HONG <z.hong@f5.com>
Link: <https://github.com/google/oss-fuzz>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
[ Commit message/subject - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
These somehow got missed in my previous constification patches...
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
These somehow got missed in my previous constification patches...
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
|
|
|
|
|
|
|
|
Closes: https://github.com/nginx/unit/issues/915
Closes: https://github.com/nginx/unit/issues/1178
|
|
This is a temporary support for chunked request bodies by converting
to Content-Length. This allows for processing of such requests until
a more permanent solution is developed.
A new configuration option "chunked_transform" has been added to enable
this feature. The option can be set as follows:
{
"settings": {
"chunked_transform": true
}
}
By default, this option is set to false, which retains the current
behaviour of rejecting chunked requests with a '411 Length Required'
status code.
Please note that this is an experimental implementation.
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
|
|
It's prepared for the subsequent patch.
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
|
|
Previously, Unit didn't move the buffer pointer when parsing chunked
data because the buffer was not used after sent. It's used for upstream
response. With the new requirement to support request chunked body,
the buffer might be used for pipeline request, so it's necessary to move
the pos pointer while parsing.
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
|
|
* new subcommand for "export" in CLI
* new cmd submodule for exporting config tarballs
* logic to also output to stdout
* README additions
* limitations documented
Signed-off-by: Ava Hahn <a.hahn@f5.com>
|
|
* application subcommand UI schema
* application subcommand handler
* additions to unit-client-rs to expose application API
* elaborate on OpenAPI error handling
* adds wasm and wasi app schemas to OpenAPI Schema
* updates tools/unitctl OpenAPI library
* many linter fixes
* README.md updates
Signed-off-by: Ava Hahn <a.hahn@f5.com>
|
|
They are more readable.
And we had a mix of both styles; there wasn't really a consistent style.
Tested-by: Andrew Clayton <a.clayton@nginx.com>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
|
This directory should exist already in the system, and if not, it should
(and will) be created at run time, not at install time.
It triggered a warning in Alpine Linux's packaging system:
ERROR: unit*: Packages must not put anything under /var/run
Fixes: 5a37171f733f ("Added default values for pathnames.")
Fixes: 57fc9201cb91 ("Socket: Created control socket & pid file directories.")
Closes: <https://github.com/nginx/unit/issues/742>
Reported-by: Andy Postnikov <apostnikov@gmail.com>
Tested-by: Andy Postnikov <apostnikov@gmail.com>
Tested-by: Andrew Clayton <a.clayton@nginx.com>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Cc: Liam Crilly <liam@nginx.com>
Cc: Konstantin Pavlov <thresh@nginx.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
|
Build systems should not attempt to create $runstatedir (or anything
under it). Doing so causes warnings in packaging systems, such as in
Alpine Linux, as reported by Andy.
But unitd(8) can be configured to be installed under /opt, or other
trees, where no directories exist before hand. Expecting that the user
creates the entire directory trees that unit will need is a bit
unreasonable. Instead, let's just create any directories that we need,
with all their parents, at run time.
Fixes: 57fc9201cb91 ("Socket: Created control socket & pid file directories.")
Link: <https://github.com/nginx/unit/issues/742>
Reported-by: Andy Postnikov <apostnikov@gmail.com>
Tested-by: Andy Postnikov <apostnikov@gmail.com>
Tested-by: Andrew Clayton <a.clayton@nginx.com>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Acked-by: Konstantin Pavlov <thresh@nginx.com>
Cc: Liam Crilly <liam@nginx.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
|
The previous code attempted to mkdir(""), that is an empty string.
Since "/" necessarily exists, just goto out_free.
Fixes: 57fc9201cb91 ("Socket: Created control socket & pid file directories.")
Link: <https://github.com/nginx/unit/issues/742>
Tested-by: Andy Postnikov <apostnikov@gmail.com>
Tested-by: Andrew Clayton <a.clayton@nginx.com>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Cc: Liam Crilly <liam@nginx.com>
Cc: Konstantin Pavlov <thresh@nginx.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
