summaryrefslogtreecommitdiffhomepage
path: root/auto (unfollow)
AgeCommit message (Collapse)AuthorFilesLines
2022-11-30Enable the PR_SET_CHILD_SUBREAPER prctl(2) option on Linux.Andrew Clayton1-0/+13
This prctl(2) option can be used to set the "child subreaper" attribute of the calling process. This allows a process to take on the role of 'init', which means the process will inherit descendant processes when their immediate parent terminates. This will be used in an upcoming commit that uses a double fork(2) + unshare(2) to create a new PID namespace. The parent from the second fork will terminate leaving the child process to be inherited by 'init'. Aside from it being better to maintain the parent/child relationships between the various unit processes, without setting this you need to ^C twice to fully quit unit when running in the foreground after the double fork. Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2022-11-18Isolation: Rename NXT_HAVE_CLONE -> NXT_HAVE_LINUX_NS.Andrew Clayton2-8/+8
Due to the need to replace our use of clone/__NR_clone on Linux with fork(2)/unshare(2) for enabling Linux namespaces(7) to keep the pthreads(7) API working. Let's rename NXT_HAVE_CLONE to NXT_HAVE_LINUX_NS, i.e name it after the feature, not how it's implemented, then in future if we change how we do namespaces again we don't have to rename this. Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2022-11-25Isolation: Fix the enablement of PR_SET_NO_NEW_PRIVS.Andrew Clayton1-1/+1
This prctl(2) option is checked for in auto/isolation, unfortunately due to a typo this feature has never been enabled. In the auto/isolation script the feature name was down as NXT_HAVE_PR_SET_NO_NEW_PRIVS0, which means we end up with the following in build/nxt_auto_config.h #ifndef NXT_HAVE_PR_SET_NO_NEW_PRIVS0 #define NXT_HAVE_PR_SET_NO_NEW_PRIVS0 1 #endif Whereas everywhere else is checking for NXT_HAVE_PR_SET_NO_NEW_PRIVS. This also guards the inclusion of sys/prctl.h in src/nxt_process.c which is required by a subsequent commit. Fixes: e2b53e1 ("Added "rootfs" feature.") Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2022-12-02Autodetect endianness.Andrew Clayton1-0/+31
In configure we set NXT_HAVE_LITTLE_ENDIAN for i386, amd64 and x86_64. However that misses at least AArch64 (arm64) where it's usually run in little endian mode. However none of that really matters as NXT_HAVE_LITTLE_ENDIAN isn't used anywhere. So why this patch? The only place we need to explicitly know about endianness is the nxt_websocket_header_t structure where we lay it out differently depending on endianness. This is currently done using BYTE_ORDER, LITTLE_ENDIAN and BIG_ENDIAN macros. However on at least illumos (OpenSolaris / OpenIndiana) those macros are not defined and we get compiler errors due to duplicate structure members. So let's use our own NXT_HAVE_{BIG,LITTLE}_ENDIAN macros. However it would be better to detect endianness programmatically as some architectures can run in either mode, e.g Linux used to run in big endian on PowerPC but has since switched to little endian (to match x86). This commit adds an auto/endian script (using a slightly modified version of the test program from nginx's auto script), that checks for the endianness of the platform being built on. E.g checking for endianness ... little endian The next commit will switch the nxt_websocket_header_t structure over to these new macros. Link: <https://github.com/nginx/unit/pull/298> Link: <https://developer.ibm.com/articles/l-power-little-endian-faq-trs/> Tested-by: Alejandro Colomar <alx@nginx.com> Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2022-12-14Java: upgrading third-party components.Sergey A. Osokin2-16/+16
2022-12-10Isolation: wired up cgroup to build system.Andrew Clayton3-0/+28
This commit enables the building of the cgroup code. This is only built when the cgroupv2 filesystem is found. If cgroupv2 support is found then cgroupv2: .................. YES will be printed by ./configure Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2022-11-29Used pkg-config to detect njs where available.Konstantin Pavlov1-4/+12
2022-11-22NJS: added http request prototype.Zhidao HONG1-1/+1
2022-11-20Basic njs support.Zhidao HONG5-0/+52
2022-11-20Var: separating nxt_tstr_t from nxt_var_t.Zhidao HONG1-0/+1
It's for the introduction of njs support. For each option that supports native variable and JS template literals introduced next, it's unified as template string. No functional changes.
2022-11-16Propagated NXT_RUBY_CFLAGS to Ruby checks.Konstantin Pavlov1-3/+3
This fixes an issue addressed in 651f5a37f5b8 on FreeBSD 12. The problem manifested itself as: configuring Ruby module checking for -fdeclspec ... found checking for Ruby library ... not found checking for Ruby library in /usr/local/lib ... not found ./configure: error: no Ruby found.
2022-10-28Fixed main() prototypes in auto tests.Andrew Clayton22-129/+129
Future releases of GCC are planning to remove[0] default support for some old features that were removed from C99 but GCC still accepts. We can test for these changes by using the following -Werror= directives -Werror=implicit-int -Werror=implicit-function-declaration -Werror=int-conversion -Werror=strict-prototypes -Werror=old-style-definition Doing so revealed an issue with the auto/ tests in that the test programs always define main as int main() rather than int main(void) which results in a bunch of errors like build/autotest.c:3:23: error: function declaration isn't a prototype [-Werror=strict-prototypes] 3 | int main() { | ^~~~ build/autotest.c: In function 'main': build/autotest.c:3:23: error: old-style function definition [-Werror=old-style-definition] The fix was easy, it only required fixing the main prototype with find -type f -exec sed -i 's/int main() {/int main(void) {/g' {} \; Regardless of these upcoming GCC changes, this is probably a good thing to do anyway for correctness. [0]: https://fedoraproject.org/wiki/Changes/PortingToModernC Link: <https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/CJXKTLXJUPZ4F2C2VQOTNMEA5JAUPMBD/> Link: <https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/6SGHPHPAXKCVJ6PUZ57WVDQ5TDBVIRMF/> Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2022-10-20Avoided modifying existing directories at 'make install'.Alex Colomar1-5/+10
'install -d' has an issue compared to 'mkdir -p': it doesn't respect existing directories. It will set the ownership, file mode, and SELinux contexts (and any other property that would be set by install(1) to a newly-created directory), overwriting any existing properties of the existing directory. 'mkdir -p' doesn't have this issue: it is a no-op if the directory exists. However, it's not an ideal solution either, since it can't be used to set the properties (owner, mode, ...) of a newly-created directory. Therefore, the best solution is to use install(1), but only after making sure that the directory doesn't exist with test(1). Reported-by: Andrew Clayton <a.clayton@nginx.com> Reported-by: Alejandro Colomar <alx@nginx.com> Closes: <https://github.com/nginx/unit/issues/769> Signed-off-by: Alejandro Colomar <alx@nginx.com> Tested-by: Andrew Clayton <a.clayton@nginx.com> Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
2022-10-20Configuration: added the regex status in configure summary.Zhidao HONG1-0/+1
2022-10-19PHP: Fixed php_module_startup() call for PHP 8.2.Remi Collet1-0/+4
PHP 8.2 changed the prototype of the function, removing the last parameter. Signed-off-by: Remi Collet <remi@remirepo.net> Cc: Timo Stark <t.stark@nginx.com> Cc: George Peter Banyard <girgias@php.net> Tested-by: Andy Postnikov <apostnikov@gmail.com> Acked-by: Andy Postnikov <apostnikov@gmail.com> Reviewed-by: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com>
2022-10-14Fixed the build on MacOS (and others).Andrew Clayton1-1/+2
@alejandro-colomar reported that the build was broken on MacOS cc -o build/unitd -pipe -fPIC -fvisibility=hidden -O -W -Wall -Wextra -Wno-unused-parameter -Wwrite-strings -fstrict-aliasing -Wstrict-overflow=5 -Wmissing-prototypes -Werror -g \ build/src/nxt_main.o build/libnxt.a \ \ \ -L/usr/local/Cellar/pcre2/10.40/lib -lpcre2-8 Undefined symbols for architecture x86_64: "_nxt_fs_mkdir_parent", referenced from: _nxt_runtime_pid_file_create in libnxt.a(nxt_runtime.o) _nxt_runtime_controller_socket in libnxt.a(nxt_controller.o) ld: symbol(s) not found for architecture x86_64 clang: error: linker command failed with exit code 1 (use -v to see invocation) make: *** [build/unitd] Error 1 This was due to commit 57fc920 ("Socket: Created control socket & pid file directories."). This happened because this commit introduced the usage of nxt_fs_mkdir_parent() in core code which uses nxt_fs_mkdir(), both of these are defined in src/nxt_fs.c. It turns out however that this file doesn't get built on MacOS (or any system that isn't Linux or that lacks a FreeBSD compatible nmount(2) system call) due to the following In auto/sources we have if [ $NXT_HAVE_ROOTFS = YES ]; then NXT_LIB_SRCS="$NXT_LIB_SRCS src/nxt_fs.c" fi NXT_HAVE_ROOTFS is set in auto/isolation If [ $NXT_HAVE_MOUNT = YES -a $NXT_HAVE_UNMOUNT = YES ]; then NXT_HAVE_ROOTFS=YES cat << END >> $NXT_AUTO_CONFIG_H #ifndef NXT_HAVE_ISOLATION_ROOTFS #define NXT_HAVE_ISOLATION_ROOTFS 1 #endif END fi While we do have a check for a generic umount(2) which is found on MacOS, for mount(2) we currently only check for the Linux mount(2) and FreeBSD nmount(2) system calls. So NXT_HAVE_ROOTFS is set to NO on MacOS and we don't build src/nxt_fs.c This fixes the immediate build issue by taking the mount/umount OS support out of nxt_fs.c into a new nxt_fs_mount.c file which is guarded by the above while we now build nxt_fs.c unconditionally. This should fix the build on any _supported_ system. Reported-by: Alejandro Colomar <alx@nginx.com> Fixes: 57fc920 ("Socket: Created control socket & pid file directories.") Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2022-08-29Implemented basic statistics API.Valentin Bartenev1-0/+1
2022-08-11Removed dead code.Alejandro Colomar1-1/+0
nxt_sockaddr_ntop() stopped being used in commit (git) 029942f4eb71. It has been replaced mostly by nxt_sockaddr_text(). commit 029942f4eb7196c2cff0d0e26bc6ff274138f7d8 Author: Igor Sysoev <igor@sysoev.ru> Date: Wed Feb 22 15:09:59 2017 +0300 I/O operations refactoring. nxt_job_sockaddr_parse() stopped being used in commit (git) 794248090a74. commit 794248090a74f31cbfcf24ea8c835df2d4d21073 Author: Igor Sysoev <igor@sysoev.ru> Date: Wed Mar 4 14:04:08 2020 +0300 Legacy upstream code removed. Also, remove functions and types used only by those two functions: nxt_job_sockaddr_unix_parse() nxt_job_sockaddr_inet6_parse() nxt_job_sockaddr_inet_parse() nxt_job_sockaddr_parse_t nxt_job_resolve() nxt_job_resolve_t
2022-08-02Rejecting non-Linux pivot_root(2).Alejandro Colomar1-1/+4
Some non-Linux systems implement pivot_root(2), even if they don't document that. An example is MacOS: $ grepc pivot_root / 2>/dev/null .../sys/sysproto.h:3012: int pivot_root(struct proc *, struct pivot_root_args *, int *); Since the prototype of the syscall differs from that of Linux, we can't use that syscall. Let's make sure the test only detects pivot_root(2) under Linux. Also, rename the feature macro to make clear that it's only about Linux's pivot_root(2). This closes #737 issue on GitHub.
2022-08-02Including <mntent.h> iff it exists.Alejandro Colomar1-0/+13
With NXT_HAVE_PIVOT_ROOT, we had issues in MacOS. Headers should normally be included unconditionally, except of course if they don't exist. This fixes part of the #737 issue on GitHub.
2022-07-14Log: split access log from nxt_router.c.Zhidao HONG1-0/+1
No functional changes.
2022-07-18Replaced Linux syscall macros by libc macros.Alejandro Colomar1-2/+2
User-space programs should use the SYS_*form, as documented in syscall(2). That also adds compatibility to non-Linux systems.
2022-07-18Removed unnecessary include.Alejandro Colomar1-7/+0
Some OSes, as Linux, provide FIONBIO in <sys/ioctl.h>. Others, such as the BSDs and Illumos, provide it in <sys/filio.h>, but they all include that header from <sys/ioctl.h>, so for this test, we can simplify and just include <sys/ioctl.h>.
2022-07-18Removed code used when NXT_HAVE_POSIX_SPAWN is false.Alejandro Colomar1-15/+0
posix_spawn(3POSIX) was introduced by POSIX.1d (IEEE Std 1003.1d-1999), and was later consolidated in POSIX.1-2001, requiring it in all POSIX-compliant systems. It's safe to assume it's always available, more than 20 years after its standardization. Link: <https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/spawn.h.html>
2022-04-28Workarounded Clang bug triggered by Ruby.Alejandro Colomar1-1/+27
Add -fdeclspec to NXT_RUBY_CFLAGS for Clang, if it's available. Clang incorrectly reports 1 for __has_declspec_attribute(x) in some cases, such as MacOS or Cygwin. That causes ruby code to break. ruby added -fdeclspec to their CFLAGS in 2019 to workaround this bug, since it enables __declspec() and therefore, the compiler behavior matches what it reports. Since we don't know what are all the architectures that trigger the clang bug, let's add the flag for all of them (especially since it should be harmless). Add this workaround only at the time of configuring the ruby module. This way we don't clutter the global NXT_CFLAGS with an unnecessary flag. Link: unit bug <https://github.com/nginx/unit/issues/653> Link: ruby bug <https://bugs.ruby-lang.org/issues/18616> Link: LLVM bug <https://github.com/llvm/llvm-project/issues/49958> Commit: LLVM: Add -fdeclspec <d170c4b57a91adc74ca89c6d4af616a00323b12c> Commit: ruby: Use -fdeclspec <0958e19ffb047781fe1506760c7cbd8d7fe74e57>
2022-04-27Added NXT_MAYBE_UNUSED for __attribute__((__unused__)).Alejandro Colomar1-0/+18
When testing some configurations of compilers and OSes, I noticed that clang(1) 13 on Debian caused a function to be compiled but unused, and the compiler triggered a compile error. To avoid that error, use __attribute__((__unused__)). Let's call our wrapper NXT_MAYBE_UNUSED, since it describes itself more precisely than the GCC attribute name. It's also the name that C2x (likely C23) has given to the standard attribute, which is [[maybe_unused]], so it's also likely to be more readable because of that name being in ISO C.
2022-01-10Tests: using modules in Go.Max Romanov1-1/+2
2021-12-03Printing version in "./configure" output.Valentin Bartenev1-1/+2
2021-12-01Disabling SCM_CREDS usage on DragonFly BSD.Max Romanov1-30/+32
DragonFly BSD supports SCM_CREDS and SCM_RIGHTS, but only the first control message is passed correctly while the second one isn't processed by the kernel. This closes #599 issue on GitHub.
2021-12-01Disabling SCM_CREDS usage on DragonFly BSD.Max Romanov1-30/+32
DragonFly BSD supports SCM_CREDS and SCM_RIGHTS, but only the first control message is passed correctly while the second one isn't processed by the kernel. This closes #599 issue on GitHub.
2021-11-09Introduced SCM_CREDENTIALS / SCM_CREDS in the socket control msgs.Tiago Natel de Moura3-0/+54
2021-10-26Custom implementation of Base64 decoding function.Valentin Bartenev1-0/+1
Compared to the previous implementation based on OpenSSL, the new implementation has these advantages: 1. Strict and reliable detection of invalid strings, including strings with less than 4 bytes of garbage at the end; 2. Allows to use Base64 strings without '=' padding.
2021-08-17Added TLS session tickets support.Andrey Suvorov1-0/+17
2021-08-12Java: upgrading third-party components.Max Romanov2-12/+12
2021-08-09Java: upgrading third-party components.Max Romanov2-18/+18
2021-06-15Node.js: improving and test packaging.Max Romanov1-2/+5
The patch removes the "files" section from package.json to avoid future issues with missing files. For package testing purposes, 'npm pack' is used instead of plain 'tar' to simulate packaging more accurately.
2021-05-26Enabling SSL_CTX configuration by using SSL_CONF_cmd().Andrey Suvorov1-0/+14
To perform various configuration operations on SSL_CTX, OpenSSL provides SSL_CONF_cmd(). Specifically, to configure ciphers for a listener, "CipherString" and "Ciphersuites" file commands are used: https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html This feature can be configured in the "tls/conf_commands" section.
2021-05-25Go: fixing tests for Go 1.16.Max Romanov1-1/+1
In Go 1.16, the module-aware mode is enabled by default; to fall back to previous behavior, the GO111MODULE environment variable should be set to 'auto'. Details: https://golang.org/doc/go1.16
2021-04-29Static: support for openat2() features.Zhidao HONG1-0/+32
Support for chrooting, rejecting symlinks, and rejecting crossing mounting points on a per-request basis during static file serving.
2021-03-26Corrected man page permissions in manpage-install.Andrei Belov1-1/+1
Found by rpmlint.
2021-03-25Node.js: used distinct placeholder for version in "package.json".Valentin Bartenev1-1/+1
This makes the "sed" instruction simpler and more portable, as the previous variant didn't work well on BSD systems due to the "\s" metacharacter. Thanks to Sergey A. Osokin <osa@FreeBSD.org.ru> for spotting this issue. Also, this should prevent accidentally creating a version 1.0.0 package.
2021-03-25Node.js: fixing module global installation.Max Romanov1-12/+26
Globally installed modules require a globally installed libunit. The "binding_pub.gyp" file is the correct version, otherwise linked module may have unresolved symbols because libunit is not linked.
2021-03-24Added build system support for a man page.Konstantin Pavlov4-6/+35
2021-03-22Java: upgrading third-party components.Sergey A. Osokin2-18/+18
2020-11-17Router: matching regular expressions support.Axel Duch4-17/+62
2020-11-18Libunit: improving logging consistency.Max Romanov1-0/+2
Debug logging depends on macros defined in nxt_auto_config.h.
2020-11-10Java: fixing isolation mounts for Alpine musl.Max Romanov1-1/+1
Thanks to @wujjpp. This closes #490 PR on GitHub.
2020-11-02Java: upgrading 3rd-party components.Max Romanov2-18/+18
2020-10-29Isolation: mounting of procfs by default when using "rootfs".Tiago Natel de Moura3-11/+10
2020-10-26Configure: using comma instead of space for passing -rpath value.Valentin Bartenev3-4/+3
This variant will be more interoperable across various systems and it's already used in Ruby module. Otherwise, configure tests fail on NetBSD with: gcc: Missing argument for -Wl,-rpath