Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
Temporary file name with configure process PID used to download
JAR from external repository. Then file renamed using command 'mv'.
The issue reproduced in clean environment when 2 or more concurrent builds
started.
|
|
The setuid/setgid syscalls requires root capabilities but if the kernel
supports unprivileged user namespace then the child process has the full
set of capabilities in the new namespace, then we can allow setting "user"
and "group" in such cases (this is a common security use case).
Tests were added to ensure user gets meaningful error messages for
uid/gid mapping misconfigurations.
|
|
This is required to avoid include cycles, as some nxt_clone_* functions
depend on the credential structures, but nxt_process depends on clone
structures.
|
|
Now the nxt_user_groups_get() function uses getgrouplist(3) when available
(except MacOS, see below). For some platforms, getgrouplist() supports
a method of probing how much groups the user has but the behavior is not
consistent. The method used here consists of optimistically trying to get up
to min(256, NGROUPS_MAX) groups; only if ngroups returned exceeds the original
value, we do a second call. This method can block main's process if LDAP/NDIS+
is in use.
MacOS has getgrouplist(3) but it's buggy. It doesn't update ngroups if the
value passed is smaller than the number of groups the user has. Some
projects (like Go stdlib) call getgrouplist() in a loop, increasing ngroups
until it exceeds the number of groups user belongs to or fail when a limit
is reached. For performance reasons, this is to be avoided and MacOS is
handled in the fallback implementation.
The fallback implementation is the old Unit approach. It saves main's
user groups (getgroups(2)) and then calls initgroups(3) to load application's
groups in main, then does a second getgroups(2) to store the gids and restore
main's groups in the end. Because of initgroups(3)' call to setgroups(2),
this method requires root capabilities. In the case of OSX, which has
small NGROUPS_MAX by default (16), it's not possible to restore main's groups
if it's large; if so, this method fallbacks again: user_cred gids aren't
stored, and the worker process calls initgroups() itself and may block for
some time if LDAP/NDIS+ is in use.
|
|
In particular, it was previously broken on Ubuntu 19.10 and Fedora 31.
See for details: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2ab5741
|
|
|
|
|
|
Python 3.8 has 'tp_print' field in PyTypeObject struct. This field is
attributed as deprecated. So, clang generates warning (which is turned to
error) as a result of initializing this field. From the other hand, it is
impossible to omit this field in positional initialization. The solution
is to use designated initializer.
Silencing usage message during configure python.
This is related to #331 issue on GitHub.
|
|
Thanks to tonyafanasyev.
This is related to #331 issue on GitHub.
|
|
Currently almost all Unit object files depends on generated nxt_version.h.
This patch adds missing dependence and fixes running make with multiple
jobs.
This closes #318 issue on GitHub.
|
|
|
|
|
|
|
|
|
|
|
|
Some Perl compile options affects ABI and not using them while compiling
our module resulted in non-working build.
Notably on 32-bit Debian 10, Perl is built with -D_FILE_OFFSET_BITS=64
and our module after being compiled without this option caused segmentation
faults in unexpected places.
|
|
It's surplus option because the perl executable returns the proper path.
Also the Perl module configure script was cleaned up a bit.
Note that NXT_PERL_LDOPTS already contains the library path.
|
|
|
|
|
|
While it looks nicer without zero 3-rd version number, this should
improve interoperability. Version string can be parsed or used for
sorting. And it is easier to handle and less confusing when there
is constant number of version parts.
Moreover, NPM also expects version format with 3 parts.
So ".0" has already been used in Node.js module version.
|
|
|
|
This also eliminates expressions that incompatible with BSD make, thus fixing
installation of Node.js module on FreeBSD (broken by dace60fc4926).
|
|
|
|
Added the nxt_unit_version.h dependency.
This closes #214 issue on GitHub.
|
|
|
|
|
|
By default "npm install" switches to non-privileged user to run package scripts
if it is invoked by root. As a result it may prevent node-gyp from writing to
package directory and break installation of the module.
To disable this switching the --unsafe-perm flag is added.
|
|
In most cases it is not needed because Ruby libraries are in the default path.
At the same time, rpath pointing to the default path is prohibited by rpmbuild
on Fedora.
This is related to issue #87 on GitHub.
|
|
Since PHP 7, a zend_signal_startup() call is required if the interpreter
was built with ZEND_SIGNALS defined; such a call was added in 3fd76e4ce70a.
However, the zend_signal_startup() export is missing from the PHP library;
as the result, dlopen() fails with the 'Undefined symbol "zend_signal_startup"'
error while loading the PHP module.
Meanwhile, if PHP is built without ZTS, the zend_signal_startup() call can
be omitted; otherwise, the missing call causes segmentation fault.
The PHP fix already was committed to upstream, but we still have to deal
with numerous unpatched versions remaining at large.
See the related PHP bug: https://bugs.php.net/bug.php?id=71041
|
|
This closes #184 issue on GitHub.
|
|
|
|
|
|
Now by default "make install" installs the module globally.
The "--local" configure option added for local installation.
|
|
|
|
|
|
|
|
|
|
|
|
There's nothing specific to Go language. This type of application object can
be used to run any external application that utilizes libunit API.
|
|
|
|
This closes #171 issue on GitHub.
Thanks to 洪志道 (Hong Zhi Dao).
|
|
_GNU_SOURCE is required there to expose off64_t and other types.
|
|
|
|
|
|
|
|
This closes #161 issue on GitHub.
Thanks to 洪志道 (Hong Zhi Dao).
|
|
|
|
Library now used in all language modules.
Old 'nxt_app_*' code removed.
See src/test/nxt_unit_app_test.c for usage sample.
|