summaryrefslogtreecommitdiffhomepage
path: root/auto (follow)
AgeCommit message (Collapse)AuthorFilesLines
2020-06-23Python: fixed interpreter path in ./configure.Tiago Natel de Moura1-2/+1
2020-05-28Packages: fixed java configure script.1.18.0Tiago Natel de Moura1-2/+2
Now the configure script appends /server to --lib-path argument.
2020-05-28Added "rootfs" feature.Tiago Natel de Moura5-3/+235
2020-03-09Refactor of process management.Tiago Natel de Moura1-1/+1
The process abstraction has changed to: setup(task, process) start(task, process_data) prefork(task, process, mp) The prefork() occurs in the main process right before fork. The file src/nxt_main_process.c is completely free of process specific logic. The creation of a process now supports a PROCESS_CREATED state. The The setup() function of each process can set its state to either created or ready. If created, a MSG_PROCESS_CREATED is sent to main process, where external setup can be done (required for rootfs under container). The core processes (discovery, controller and router) doesn't need external setup, then they all proceeds to their start() function straight away. In the case of applications, the load of the module happens at the process setup() time and The module's init() function has changed to be the start() of the process. The module API has changed to: setup(task, process, conf) start(task, data) As a direct benefit of the PROCESS_CREATED message, the clone(2) of processes using pid namespaces now doesn't need to create a pipe to make the child block until parent setup uid/gid mappings nor it needs to receive the child pid.
2020-05-20PHP: building with PHP 8 (development version).Remi Collet1-1/+5
2020-03-27Implemented "return" action.Valentin Bartenev1-0/+1
The "return" action can be used to immediately generate a simple HTTP response with an arbitrary status: { "action": { "return": 404 } } This is especially useful for denying access to specific resources.
2020-03-17Checking sendfile() availability in configure.Max Romanov1-24/+32
Removing SF_NODISKIO flag for FreeBSD sendfile() check because it is not used yet and to support DragonFlyBSD. This closes #414 issue on GitHub.
2020-03-12Using disk file to store large request body.Max Romanov4-0/+9
This closes #386 on GitHub.
2020-03-06Round robin upstream added.Igor Sysoev1-0/+1
2020-03-04PHP: added ZTS indication to ./configure output.Valentin Bartenev1-0/+19
2020-03-04PHP: rearranged feature checks in ./configure.Valentin Bartenev1-46/+48
Now it prints version even if PHP was built without embed SAPI.
2020-03-03PHP: optimization to avoid surplus chdir(2) calls.Tiago Natel de Moura1-2/+11
For each request, the worker calls the php_execute_script function from libphp that changes to the script directory before doing its work and then restores the process directory before returning. The chdir(2) calls it performs are unnecessary in Unit design. In simple benchmarks, profiling shows that the chdir syscall code path (syscall, FS walk, etc.) is where the CPU spends most of its time. PHP SAPI semantics requires the script to be run from the script directory. In Unit's PHP implementation, we have two use cases: - script - arbitrary path The "script" configuration doesn't have much need for a working directory change: it can be changed once at module initialization. The module needs to chdir again only if the user's PHP script also calls chdir to switch to another directory during execution. If "script" is not used in Unit configuration, we must ensure the script is run from its directory (thus calling chdir before exec), but there's no need to restore the working directory later. Our implementation disables mandatory chdir calls with the SAPI option SAPI_OPTION_NO_CHDIR, instead calling chdir only when needed. To detect the user's calls to chdir, a simple "unit" extension is added that hooks the built-in chdir() PHP call.
2020-01-28Go: adding main configure CFLAGS and LDFLAGS to module build flags.Max Romanov1-1/+10
This makes ASAN buildbot workers to work out-of-the-box.
2020-01-28Java: fixing configure errors reporting.Max Romanov1-3/+7
2020-01-28Java: introducing SHA512 sum validation for external JARs.Max Romanov4-1/+76
2020-01-28Java: fixing maven repository URL.Max Romanov1-1/+1
It is required to use https scheme and different host to download packages from maven repository.
2019-12-25Go: changing import name for "unit.nginx.org/go".Max Romanov1-1/+1
This patch includes packaging changes - update unit-go installation directory.
2019-12-24Router: introducing routing on client address.Axel Duch1-0/+1
2019-12-24Go: moving source files to the root of the project.Max Romanov1-1/+1
This patch includes packaging changes related to files move.
2019-12-24Go: installing go module for tests into build directory.Max Romanov1-1/+1
2019-12-24Go: linking against libunit.Max Romanov1-12/+20
2019-12-09Java: fixing racing condition in external JAR download.Max Romanov1-3/+6
Temporary file name with configure process PID used to download JAR from external repository. Then file renamed using command 'mv'. The issue reproduced in clean environment when 2 or more concurrent builds started.
2019-12-06Isolation: allowed the use of credentials with unpriv userns.Tiago Natel2-0/+11
The setuid/setgid syscalls requires root capabilities but if the kernel supports unprivileged user namespace then the child process has the full set of capabilities in the new namespace, then we can allow setting "user" and "group" in such cases (this is a common security use case). Tests were added to ensure user gets meaningful error messages for uid/gid mapping misconfigurations.
2019-12-06Moved credential-related code to nxt_credential.c.Tiago Natel1-0/+1
This is required to avoid include cycles, as some nxt_clone_* functions depend on the credential structures, but nxt_process depends on clone structures.
2019-11-26Changed the group listing to run unprivileged when possible.Tiago Natel1-0/+16
Now the nxt_user_groups_get() function uses getgrouplist(3) when available (except MacOS, see below). For some platforms, getgrouplist() supports a method of probing how much groups the user has but the behavior is not consistent. The method used here consists of optimistically trying to get up to min(256, NGROUPS_MAX) groups; only if ngroups returned exceeds the original value, we do a second call. This method can block main's process if LDAP/NDIS+ is in use. MacOS has getgrouplist(3) but it's buggy. It doesn't update ngroups if the value passed is smaller than the number of groups the user has. Some projects (like Go stdlib) call getgrouplist() in a loop, increasing ngroups until it exceeds the number of groups user belongs to or fail when a limit is reached. For performance reasons, this is to be avoided and MacOS is handled in the fallback implementation. The fallback implementation is the old Unit approach. It saves main's user groups (getgroups(2)) and then calls initgroups(3) to load application's groups in main, then does a second getgroups(2) to store the gids and restore main's groups in the end. Because of initgroups(3)' call to setgroups(2), this method requires root capabilities. In the case of OSX, which has small NGROUPS_MAX by default (16), it's not possible to restore main's groups if it's large; if so, this method fallbacks again: user_cred gids aren't stored, and the worker process calls initgroups() itself and may block for some time if LDAP/NDIS+ is in use.
2019-11-22Configure: fixed posix_spawn() detection with glic 2.30.Sergey Kandaurov1-2/+2
In particular, it was previously broken on Ubuntu 19.10 and Fedora 31. See for details: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2ab5741
2019-11-14Initial proxy support.Igor Sysoev1-0/+1
2019-11-07Respecting AR environment variable to configure ar binary.Valentin Bartenev3-12/+22
2019-10-23Python: fixing Python 3.8 build with clang.Max Romanov1-1/+1
Python 3.8 has 'tp_print' field in PyTypeObject struct. This field is attributed as deprecated. So, clang generates warning (which is turned to error) as a result of initializing this field. From the other hand, it is impossible to omit this field in positional initialization. The solution is to use designated initializer. Silencing usage message during configure python. This is related to #331 issue on GitHub.
2019-10-22Python: fixing build for Python 3.8.Max Romanov1-0/+4
Thanks to tonyafanasyev. This is related to #331 issue on GitHub.
2019-10-02Fixed "make tests" build without preceding "make".Max Romanov6-10/+7
Currently almost all Unit object files depends on generated nxt_version.h. This patch adds missing dependence and fixes running make with multiple jobs. This closes #318 issue on GitHub.
2019-09-19Basic support for serving static files.Valentin Bartenev1-0/+1
2019-09-19Initial applications isolation support using Linux namespaces.Tiago de Bem Natel de Moura4-0/+80
2019-09-05Java: introducing websocket support.Max Romanov1-9/+157
2019-08-23Installing libunit files for websocket support.Max Romanov1-4/+12
2019-08-20Introducing websocket support in router and libunit.Max Romanov3-2/+28
2019-07-17Perl: propagated compile options from perl build.Valentin Bartenev1-1/+2
Some Perl compile options affects ABI and not using them while compiling our module resulted in non-working build. Notably on 32-bit Debian 10, Perl is built with -D_FILE_OFFSET_BITS=64 and our module after being compiled without this option caused segmentation faults in unexpected places.
2019-07-17Perl: removed "--include=" configure option.Valentin Bartenev1-11/+5
It's surplus option because the perl executable returns the proper path. Also the Perl module configure script was cleaned up a bit. Note that NXT_PERL_LDOPTS already contains the library path.
2019-05-30Java: added java module in configure help.Max Romanov1-0/+3
2019-02-28Introducing Java Servlet Container beta.Max Romanov3-0/+495
2019-02-27Added trailing zero to version string.Valentin Bartenev1-1/+1
While it looks nicer without zero 3-rd version number, this should improve interoperability. Version string can be parsed or used for sorting. And it is easier to handle and less confusing when there is constant number of version parts. Moreover, NPM also expects version format with 3 parts. So ".0" has already been used in Node.js module version.
2019-02-27Initial routing implementation.Igor Sysoev1-0/+1
2019-02-22Improvement and unification of version processing in build scripts.Alexander Borisov3-19/+22
This also eliminates expressions that incompatible with BSD make, thus fixing installation of Node.js module on FreeBSD (broken by dace60fc4926).
2019-01-23Node.js: fixed module version on installation from sources.Alexander Borisov1-0/+5
2019-01-21Go: fixed module installation, broken in ed8b1aaefdd1.Alexander Borisov1-1/+1
Added the nxt_unit_version.h dependency. This closes #214 issue on GitHub.
2018-12-19Node.js: added check for libunit version at compile time.Alexander Borisov1-2/+9
2018-12-19libunit: added generation of version header file.Alexander Borisov2-4/+15
2018-12-12Node.js: fixed global install in some cases.Valentin Bartenev1-1/+1
By default "npm install" switches to non-privileged user to run package scripts if it is invoked by root. As a result it may prevent node-gyp from writing to package directory and break installation of the module. To disable this switching the --unsafe-perm flag is added.
2018-12-04Ruby: rpath made optional.Valentin Bartenev1-3/+22
In most cases it is not needed because Ruby libraries are in the default path. At the same time, rpath pointing to the default path is prohibited by rpmbuild on Fedora. This is related to issue #87 on GitHub.
2018-11-22PHP: workaround for bug #71041.Valentin Bartenev1-1/+26
Since PHP 7, a zend_signal_startup() call is required if the interpreter was built with ZEND_SIGNALS defined; such a call was added in 3fd76e4ce70a. However, the zend_signal_startup() export is missing from the PHP library; as the result, dlopen() fails with the 'Undefined symbol "zend_signal_startup"' error while loading the PHP module. Meanwhile, if PHP is built without ZTS, the zend_signal_startup() call can be omitted; otherwise, the missing call causes segmentation fault. The PHP fix already was committed to upstream, but we still have to deal with numerous unpatched versions remaining at large. See the related PHP bug: https://bugs.php.net/bug.php?id=71041