summaryrefslogtreecommitdiffhomepage
path: root/auto (follow)
AgeCommit message (Collapse)AuthorFilesLines
2019-12-24Go: installing go module for tests into build directory.Max Romanov1-1/+1
2019-12-24Go: linking against libunit.Max Romanov1-12/+20
2019-12-09Java: fixing racing condition in external JAR download.Max Romanov1-3/+6
Temporary file name with configure process PID used to download JAR from external repository. Then file renamed using command 'mv'. The issue reproduced in clean environment when 2 or more concurrent builds started.
2019-12-06Isolation: allowed the use of credentials with unpriv userns.Tiago Natel2-0/+11
The setuid/setgid syscalls requires root capabilities but if the kernel supports unprivileged user namespace then the child process has the full set of capabilities in the new namespace, then we can allow setting "user" and "group" in such cases (this is a common security use case). Tests were added to ensure user gets meaningful error messages for uid/gid mapping misconfigurations.
2019-12-06Moved credential-related code to nxt_credential.c.Tiago Natel1-0/+1
This is required to avoid include cycles, as some nxt_clone_* functions depend on the credential structures, but nxt_process depends on clone structures.
2019-11-26Changed the group listing to run unprivileged when possible.Tiago Natel1-0/+16
Now the nxt_user_groups_get() function uses getgrouplist(3) when available (except MacOS, see below). For some platforms, getgrouplist() supports a method of probing how much groups the user has but the behavior is not consistent. The method used here consists of optimistically trying to get up to min(256, NGROUPS_MAX) groups; only if ngroups returned exceeds the original value, we do a second call. This method can block main's process if LDAP/NDIS+ is in use. MacOS has getgrouplist(3) but it's buggy. It doesn't update ngroups if the value passed is smaller than the number of groups the user has. Some projects (like Go stdlib) call getgrouplist() in a loop, increasing ngroups until it exceeds the number of groups user belongs to or fail when a limit is reached. For performance reasons, this is to be avoided and MacOS is handled in the fallback implementation. The fallback implementation is the old Unit approach. It saves main's user groups (getgroups(2)) and then calls initgroups(3) to load application's groups in main, then does a second getgroups(2) to store the gids and restore main's groups in the end. Because of initgroups(3)' call to setgroups(2), this method requires root capabilities. In the case of OSX, which has small NGROUPS_MAX by default (16), it's not possible to restore main's groups if it's large; if so, this method fallbacks again: user_cred gids aren't stored, and the worker process calls initgroups() itself and may block for some time if LDAP/NDIS+ is in use.
2019-11-22Configure: fixed posix_spawn() detection with glic 2.30.Sergey Kandaurov1-2/+2
In particular, it was previously broken on Ubuntu 19.10 and Fedora 31. See for details: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2ab5741
2019-11-14Initial proxy support.Igor Sysoev1-0/+1
2019-11-07Respecting AR environment variable to configure ar binary.Valentin Bartenev3-12/+22
2019-10-23Python: fixing Python 3.8 build with clang.Max Romanov1-1/+1
Python 3.8 has 'tp_print' field in PyTypeObject struct. This field is attributed as deprecated. So, clang generates warning (which is turned to error) as a result of initializing this field. From the other hand, it is impossible to omit this field in positional initialization. The solution is to use designated initializer. Silencing usage message during configure python. This is related to #331 issue on GitHub.
2019-10-22Python: fixing build for Python 3.8.Max Romanov1-0/+4
Thanks to tonyafanasyev. This is related to #331 issue on GitHub.
2019-10-02Fixed "make tests" build without preceding "make".Max Romanov6-10/+7
Currently almost all Unit object files depends on generated nxt_version.h. This patch adds missing dependence and fixes running make with multiple jobs. This closes #318 issue on GitHub.
2019-09-19Basic support for serving static files.Valentin Bartenev1-0/+1
2019-09-19Initial applications isolation support using Linux namespaces.Tiago de Bem Natel de Moura4-0/+80
2019-09-05Java: introducing websocket support.Max Romanov1-9/+157
2019-08-23Installing libunit files for websocket support.Max Romanov1-4/+12
2019-08-20Introducing websocket support in router and libunit.Max Romanov3-2/+28
2019-07-17Perl: propagated compile options from perl build.Valentin Bartenev1-1/+2
Some Perl compile options affects ABI and not using them while compiling our module resulted in non-working build. Notably on 32-bit Debian 10, Perl is built with -D_FILE_OFFSET_BITS=64 and our module after being compiled without this option caused segmentation faults in unexpected places.
2019-07-17Perl: removed "--include=" configure option.Valentin Bartenev1-11/+5
It's surplus option because the perl executable returns the proper path. Also the Perl module configure script was cleaned up a bit. Note that NXT_PERL_LDOPTS already contains the library path.
2019-05-30Java: added java module in configure help.Max Romanov1-0/+3
2019-02-28Introducing Java Servlet Container beta.Max Romanov3-0/+495
2019-02-27Added trailing zero to version string.Valentin Bartenev1-1/+1
While it looks nicer without zero 3-rd version number, this should improve interoperability. Version string can be parsed or used for sorting. And it is easier to handle and less confusing when there is constant number of version parts. Moreover, NPM also expects version format with 3 parts. So ".0" has already been used in Node.js module version.
2019-02-27Initial routing implementation.Igor Sysoev1-0/+1
2019-02-22Improvement and unification of version processing in build scripts.Alexander Borisov3-19/+22
This also eliminates expressions that incompatible with BSD make, thus fixing installation of Node.js module on FreeBSD (broken by dace60fc4926).
2019-01-23Node.js: fixed module version on installation from sources.Alexander Borisov1-0/+5
2019-01-21Go: fixed module installation, broken in ed8b1aaefdd1.Alexander Borisov1-1/+1
Added the nxt_unit_version.h dependency. This closes #214 issue on GitHub.
2018-12-19Node.js: added check for libunit version at compile time.Alexander Borisov1-2/+9
2018-12-19libunit: added generation of version header file.Alexander Borisov2-4/+15
2018-12-12Node.js: fixed global install in some cases.Valentin Bartenev1-1/+1
By default "npm install" switches to non-privileged user to run package scripts if it is invoked by root. As a result it may prevent node-gyp from writing to package directory and break installation of the module. To disable this switching the --unsafe-perm flag is added.
2018-12-04Ruby: rpath made optional.Valentin Bartenev1-3/+22
In most cases it is not needed because Ruby libraries are in the default path. At the same time, rpath pointing to the default path is prohibited by rpmbuild on Fedora. This is related to issue #87 on GitHub.
2018-11-22PHP: workaround for bug #71041.Valentin Bartenev1-1/+26
Since PHP 7, a zend_signal_startup() call is required if the interpreter was built with ZEND_SIGNALS defined; such a call was added in 3fd76e4ce70a. However, the zend_signal_startup() export is missing from the PHP library; as the result, dlopen() fails with the 'Undefined symbol "zend_signal_startup"' error while loading the PHP module. Meanwhile, if PHP is built without ZTS, the zend_signal_startup() call can be omitted; otherwise, the missing call causes segmentation fault. The PHP fix already was committed to upstream, but we still have to deal with numerous unpatched versions remaining at large. See the related PHP bug: https://bugs.php.net/bug.php?id=71041
2018-11-21PHP: fixed compatibility with ZTS.Valentin Bartenev1-1/+1
This closes #184 issue on GitHub.
2018-11-15Prettier ./configure summary.Valentin Bartenev1-16/+17
2018-11-15Added TLS information to ./configure summary.Valentin Bartenev1-0/+1
2018-11-14Node.js: reworked installation procedure.Valentin Bartenev1-3/+25
Now by default "make install" installs the module globally. The "--local" configure option added for local installation.
2018-11-14Node.js: ./configure script cleanup.Valentin Bartenev1-11/+19
2018-11-01Mention of "nodejs" configure option in help.Sergey Kandaurov1-0/+3
2018-10-23Removed unused "--upstream" command line option.Valentin Bartenev1-1/+1
2018-10-18Fixed Makefile target for NodeJS.Alexander Borisov1-3/+3
2018-10-17Installing libunit headers and static library.Max Romanov4-0/+42
2018-10-09Renamed "go" application type to "external".Valentin Bartenev1-1/+1
There's nothing specific to Go language. This type of application object can be used to run any external application that utilizes libunit API.
2018-10-03Added Node.js support.Alexander Borisov3-0/+167
2018-10-01Mention of --openssl configure option in help.Valentin Bartenev1-0/+2
This closes #171 issue on GitHub. Thanks to 洪志道 (Hong Zhi Dao).
2018-09-20Fixed building perl on Alpine Linux.Sergey Kandaurov1-0/+2
_GNU_SOURCE is required there to expose off64_t and other types.
2018-09-20Controller: certificates storage interface.Valentin Bartenev1-1/+1
2018-09-20Added SSL/TLS support on connection level.Igor Sysoev4-12/+11
2018-09-17Removed deprecated MacOSX OSSpinLockLock().Igor Sysoev1-23/+0
2018-09-10Fixed spelling in a comment.Valentin Bartenev1-1/+1
This closes #161 issue on GitHub. Thanks to 洪志道 (Hong Zhi Dao).
2018-08-08Returning error for "make tests" when "--tests" wasn't configured.Valentin Bartenev1-13/+29
2018-08-06Unit application library.Max Romanov8-6/+56
Library now used in all language modules. Old 'nxt_app_*' code removed. See src/test/nxt_unit_app_test.c for usage sample.