summaryrefslogtreecommitdiffhomepage
path: root/auto (follow)
AgeCommit message (Collapse)AuthorFilesLines
2020-09-09PHP: fixed "rootfs" isolation dependency on system mounts.Tiago Natel de Moura1-29/+1
2020-09-14Python: split module initialization from WSGI implementation.Max Romanov1-0/+1
This is required for futher ASGI implementation.
2020-09-14Python: source file moved to 'python' sub-directory.Max Romanov1-1/+2
No functional changes. Get ready for an increase in file number.
2020-08-25Isolation: added "automount" option.Tiago Natel de Moura4-14/+14
Now it's possible to disable default bind mounts of languages by setting: { "isolation": { "automount": { "language_deps": false } } } In this case, the user is responsible to provide a "rootfs" containing the language libraries and required files for the application.
2020-08-25PHP: added bind mounts for extensions directory.Tiago Natel de Moura1-1/+32
2020-08-20Moved isolation related code to "nxt_isolation.c".Tiago Natel de Moura1-0/+1
2020-08-17Supporting platforms without sendfile() implementation.Max Romanov1-4/+2
This is a quick and dirty sendfile() replacement. This closes #452 PR on GitHub.
2020-08-13Basic variables support.Valentin Bartenev1-0/+2
2020-08-11Circular queues implementations and a test.Max Romanov1-0/+52
- naive circular queue, described in the article "A Scalable, Portable, and Memory-Efficient Lock-Free FIFO Queue" by Ruslan Nikolaev: https://drops.dagstuhl.de/opus/volltexte/2019/11335/pdf/LIPIcs-DISC-2019-28.pdf - circular queue, proposed by Valentin Bartenev in the "Unit router application IPC" design draft
2020-08-09Ruby: fixed gem mount paths.Valentin Bartenev1-4/+2
The gem paths must depend on the specified interpreter. Also, gemdir looks redundant as it's already included in Gem.default_path().
2020-08-09Ruby: simplified commands in ./configure script.Valentin Bartenev1-9/+9
There is no reason to use printf instead of just print. No functional changes.
2020-08-09Ruby: removed unused variable from ./configure script.Valentin Bartenev1-1/+0
2020-08-08Configure: verifying the Ruby library path.Valentin Bartenev1-4/+10
An attempt to build a Ruby module for a custom Ruby installation that has the same major version as the system Ruby may unexpectedly cause the use of the system Ruby library. This closes #449 issue on GitHub.
2020-07-31Isolation: fixed the generation of mounts table.Tiago Natel de Moura3-13/+20
Since the introduction of rootfs feature, some language modules can't be configured multiple times. Now the configure generates a separate nxt_<module>_mounts.h for each module compiled.
2020-07-28PHP: fixed version comparison in configure script.Tiago Natel de Moura1-2/+2
Some PPAs for Ubuntu package PHP with versions like: 7.2.28-3+ubuntu18.04.1+deb.sury.org+1 But the script expected only "X.Y.Z". The issue was introduced in: http://hg.nginx.org/unit/rev/2ecb15904ba5
2020-06-23Upstream chunked transfer encoding support.Igor Sysoev1-1/+1
2020-06-23Isolation: fixed build when features aren't detected.Tiago Natel de Moura1-18/+2
2020-06-23Python: fixed interpreter path in ./configure.Tiago Natel de Moura1-2/+1
2020-05-28Packages: fixed java configure script.1.18.0Tiago Natel de Moura1-2/+2
Now the configure script appends /server to --lib-path argument.
2020-05-28Added "rootfs" feature.Tiago Natel de Moura5-3/+235
2020-03-09Refactor of process management.Tiago Natel de Moura1-1/+1
The process abstraction has changed to: setup(task, process) start(task, process_data) prefork(task, process, mp) The prefork() occurs in the main process right before fork. The file src/nxt_main_process.c is completely free of process specific logic. The creation of a process now supports a PROCESS_CREATED state. The The setup() function of each process can set its state to either created or ready. If created, a MSG_PROCESS_CREATED is sent to main process, where external setup can be done (required for rootfs under container). The core processes (discovery, controller and router) doesn't need external setup, then they all proceeds to their start() function straight away. In the case of applications, the load of the module happens at the process setup() time and The module's init() function has changed to be the start() of the process. The module API has changed to: setup(task, process, conf) start(task, data) As a direct benefit of the PROCESS_CREATED message, the clone(2) of processes using pid namespaces now doesn't need to create a pipe to make the child block until parent setup uid/gid mappings nor it needs to receive the child pid.
2020-05-20PHP: building with PHP 8 (development version).Remi Collet1-1/+5
2020-03-27Implemented "return" action.Valentin Bartenev1-0/+1
The "return" action can be used to immediately generate a simple HTTP response with an arbitrary status: { "action": { "return": 404 } } This is especially useful for denying access to specific resources.
2020-03-17Checking sendfile() availability in configure.Max Romanov1-24/+32
Removing SF_NODISKIO flag for FreeBSD sendfile() check because it is not used yet and to support DragonFlyBSD. This closes #414 issue on GitHub.
2020-03-12Using disk file to store large request body.Max Romanov4-0/+9
This closes #386 on GitHub.
2020-03-06Round robin upstream added.Igor Sysoev1-0/+1
2020-03-04PHP: added ZTS indication to ./configure output.Valentin Bartenev1-0/+19
2020-03-04PHP: rearranged feature checks in ./configure.Valentin Bartenev1-46/+48
Now it prints version even if PHP was built without embed SAPI.
2020-03-03PHP: optimization to avoid surplus chdir(2) calls.Tiago Natel de Moura1-2/+11
For each request, the worker calls the php_execute_script function from libphp that changes to the script directory before doing its work and then restores the process directory before returning. The chdir(2) calls it performs are unnecessary in Unit design. In simple benchmarks, profiling shows that the chdir syscall code path (syscall, FS walk, etc.) is where the CPU spends most of its time. PHP SAPI semantics requires the script to be run from the script directory. In Unit's PHP implementation, we have two use cases: - script - arbitrary path The "script" configuration doesn't have much need for a working directory change: it can be changed once at module initialization. The module needs to chdir again only if the user's PHP script also calls chdir to switch to another directory during execution. If "script" is not used in Unit configuration, we must ensure the script is run from its directory (thus calling chdir before exec), but there's no need to restore the working directory later. Our implementation disables mandatory chdir calls with the SAPI option SAPI_OPTION_NO_CHDIR, instead calling chdir only when needed. To detect the user's calls to chdir, a simple "unit" extension is added that hooks the built-in chdir() PHP call.
2020-01-28Go: adding main configure CFLAGS and LDFLAGS to module build flags.Max Romanov1-1/+10
This makes ASAN buildbot workers to work out-of-the-box.
2020-01-28Java: fixing configure errors reporting.Max Romanov1-3/+7
2020-01-28Java: introducing SHA512 sum validation for external JARs.Max Romanov4-1/+76
2020-01-28Java: fixing maven repository URL.Max Romanov1-1/+1
It is required to use https scheme and different host to download packages from maven repository.
2019-12-25Go: changing import name for "unit.nginx.org/go".Max Romanov1-1/+1
This patch includes packaging changes - update unit-go installation directory.
2019-12-24Router: introducing routing on client address.Axel Duch1-0/+1
2019-12-24Go: moving source files to the root of the project.Max Romanov1-1/+1
This patch includes packaging changes related to files move.
2019-12-24Go: installing go module for tests into build directory.Max Romanov1-1/+1
2019-12-24Go: linking against libunit.Max Romanov1-12/+20
2019-12-09Java: fixing racing condition in external JAR download.Max Romanov1-3/+6
Temporary file name with configure process PID used to download JAR from external repository. Then file renamed using command 'mv'. The issue reproduced in clean environment when 2 or more concurrent builds started.
2019-12-06Isolation: allowed the use of credentials with unpriv userns.Tiago Natel2-0/+11
The setuid/setgid syscalls requires root capabilities but if the kernel supports unprivileged user namespace then the child process has the full set of capabilities in the new namespace, then we can allow setting "user" and "group" in such cases (this is a common security use case). Tests were added to ensure user gets meaningful error messages for uid/gid mapping misconfigurations.
2019-12-06Moved credential-related code to nxt_credential.c.Tiago Natel1-0/+1
This is required to avoid include cycles, as some nxt_clone_* functions depend on the credential structures, but nxt_process depends on clone structures.
2019-11-26Changed the group listing to run unprivileged when possible.Tiago Natel1-0/+16
Now the nxt_user_groups_get() function uses getgrouplist(3) when available (except MacOS, see below). For some platforms, getgrouplist() supports a method of probing how much groups the user has but the behavior is not consistent. The method used here consists of optimistically trying to get up to min(256, NGROUPS_MAX) groups; only if ngroups returned exceeds the original value, we do a second call. This method can block main's process if LDAP/NDIS+ is in use. MacOS has getgrouplist(3) but it's buggy. It doesn't update ngroups if the value passed is smaller than the number of groups the user has. Some projects (like Go stdlib) call getgrouplist() in a loop, increasing ngroups until it exceeds the number of groups user belongs to or fail when a limit is reached. For performance reasons, this is to be avoided and MacOS is handled in the fallback implementation. The fallback implementation is the old Unit approach. It saves main's user groups (getgroups(2)) and then calls initgroups(3) to load application's groups in main, then does a second getgroups(2) to store the gids and restore main's groups in the end. Because of initgroups(3)' call to setgroups(2), this method requires root capabilities. In the case of OSX, which has small NGROUPS_MAX by default (16), it's not possible to restore main's groups if it's large; if so, this method fallbacks again: user_cred gids aren't stored, and the worker process calls initgroups() itself and may block for some time if LDAP/NDIS+ is in use.
2019-11-22Configure: fixed posix_spawn() detection with glic 2.30.Sergey Kandaurov1-2/+2
In particular, it was previously broken on Ubuntu 19.10 and Fedora 31. See for details: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2ab5741
2019-11-14Initial proxy support.Igor Sysoev1-0/+1
2019-11-07Respecting AR environment variable to configure ar binary.Valentin Bartenev3-12/+22
2019-10-23Python: fixing Python 3.8 build with clang.Max Romanov1-1/+1
Python 3.8 has 'tp_print' field in PyTypeObject struct. This field is attributed as deprecated. So, clang generates warning (which is turned to error) as a result of initializing this field. From the other hand, it is impossible to omit this field in positional initialization. The solution is to use designated initializer. Silencing usage message during configure python. This is related to #331 issue on GitHub.
2019-10-22Python: fixing build for Python 3.8.Max Romanov1-0/+4
Thanks to tonyafanasyev. This is related to #331 issue on GitHub.
2019-10-02Fixed "make tests" build without preceding "make".Max Romanov6-10/+7
Currently almost all Unit object files depends on generated nxt_version.h. This patch adds missing dependence and fixes running make with multiple jobs. This closes #318 issue on GitHub.
2019-09-19Basic support for serving static files.Valentin Bartenev1-0/+1
2019-09-19Initial applications isolation support using Linux namespaces.Tiago de Bem Natel de Moura4-0/+80