From 140b81208e83569913aa81f964eb64e15940d897 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 20 May 2020 11:18:03 +0300 Subject: PHP: building with PHP 8 (development version). --- auto/modules/php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'auto') diff --git a/auto/modules/php b/auto/modules/php index e2e5498a..2cec2f44 100644 --- a/auto/modules/php +++ b/auto/modules/php @@ -100,7 +100,11 @@ if /bin/sh -c "${NXT_PHP_CONFIG} --version" >> $NXT_AUTOCONF_ERR 2>&1; then `${NXT_PHP_CONFIG} --libs`" else - NXT_PHP_LIB="-lphp${NXT_PHP_VERSION%%.*}" + if [ $NXT_PHP_MAJOR_VERSION -ge 8 ]; then + NXT_PHP_LIB="-lphp" + else + NXT_PHP_LIB="-lphp${NXT_PHP_VERSION%%.*}" + fi if [ "$NXT_PHP_LIB_PATH" != "" ]; then # "php-config --ldflags" does not contain path to libphp, but -- cgit From e9e5ddd5a5d9ce99768833137eac2551a710becf Mon Sep 17 00:00:00 2001 From: Tiago Natel de Moura Date: Mon, 9 Mar 2020 16:28:25 +0000 Subject: Refactor of process management. The process abstraction has changed to: setup(task, process) start(task, process_data) prefork(task, process, mp) The prefork() occurs in the main process right before fork. The file src/nxt_main_process.c is completely free of process specific logic. The creation of a process now supports a PROCESS_CREATED state. The The setup() function of each process can set its state to either created or ready. If created, a MSG_PROCESS_CREATED is sent to main process, where external setup can be done (required for rootfs under container). The core processes (discovery, controller and router) doesn't need external setup, then they all proceeds to their start() function straight away. In the case of applications, the load of the module happens at the process setup() time and The module's init() function has changed to be the start() of the process. The module API has changed to: setup(task, process, conf) start(task, data) As a direct benefit of the PROCESS_CREATED message, the clone(2) of processes using pid namespaces now doesn't need to create a pipe to make the child block until parent setup uid/gid mappings nor it needs to receive the child pid. --- auto/sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'auto') diff --git a/auto/sources b/auto/sources index c6b34bbc..4ac132dd 100644 --- a/auto/sources +++ b/auto/sources @@ -78,7 +78,7 @@ NXT_LIB_SRCS=" \ src/nxt_conf.c \ src/nxt_conf_validation.c \ src/nxt_main_process.c \ - src/nxt_worker_process.c \ + src/nxt_signal_handlers.c \ src/nxt_controller.c \ src/nxt_router.c \ src/nxt_h1proto.c \ -- cgit From e2b53e16c60ba1e3bbbe59172c184e97f889326b Mon Sep 17 00:00:00 2001 From: Tiago Natel de Moura Date: Thu, 28 May 2020 14:57:41 +0100 Subject: Added "rootfs" feature. --- auto/isolation | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++++ auto/modules/java | 31 ++++++++++++- auto/modules/python | 34 +++++++++++++- auto/modules/ruby | 38 +++++++++++++++ auto/sources | 5 ++ 5 files changed, 235 insertions(+), 3 deletions(-) (limited to 'auto') diff --git a/auto/isolation b/auto/isolation index d231de12..4238b859 100644 --- a/auto/isolation +++ b/auto/isolation @@ -6,6 +6,9 @@ NXT_ISOLATION=NO NXT_HAVE_CLONE=NO NXT_HAVE_CLONE_NEWUSER=NO +NXT_HAVE_MOUNT=NO +NXT_HAVE_UNMOUNT=NO +NXT_HAVE_ROOTFS=NO nsflags="USER NS PID NET UTS CGROUP" @@ -55,3 +58,130 @@ if [ $nxt_found = yes ]; then fi done fi + + +nxt_feature="Linux pivot_root()" +nxt_feature_name=NXT_HAVE_PIVOT_ROOT +nxt_feature_run=no +nxt_feature_incs= +nxt_feature_libs= +nxt_feature_test="#include + + int main() { + return __NR_pivot_root; + }" +. auto/feature + + +nxt_feature="prctl(PR_SET_NO_NEW_PRIVS)" +nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS0 +nxt_feature_run=no +nxt_feature_incs= +nxt_feature_libs= +nxt_feature_test="#include + + int main() { + return PR_SET_NO_NEW_PRIVS; + }" +. auto/feature + + +nxt_feature="Linux mount()" +nxt_feature_name=NXT_HAVE_LINUX_MOUNT +nxt_feature_run=no +nxt_feature_incs= +nxt_feature_libs= +nxt_feature_test="#include + + int main() { + return mount((void*)0, (void*)0, (void*)0, 0, (void*)0); + }" +. auto/feature + +if [ $nxt_found = yes ]; then + NXT_HAVE_MOUNT=YES +fi + + +nxt_feature="Bind mount()" +nxt_feature_name=NXT_HAVE_BIND_MOUNT +nxt_feature_run=no +nxt_feature_incs= +nxt_feature_libs= +nxt_feature_test="#include + + int main() { + return MS_BIND | MS_REC + }" +. auto/feature + +if [ $nxt_found = yes ]; then + NXT_HAVE_MOUNT=YES +fi + + +if [ $nxt_found = no ]; then + nxt_feature="FreeBSD nmount()" + nxt_feature_name=NXT_HAVE_FREEBSD_NMOUNT + nxt_feature_run=no + nxt_feature_incs= + nxt_feature_libs= + nxt_feature_test="#include + + int main() { + return nmount((void *)0, 0, 0); + }" + . auto/feature + + if [ $nxt_found = yes ]; then + NXT_HAVE_MOUNT=YES + fi +fi + + +nxt_feature="Linux umount2()" +nxt_feature_name=NXT_HAVE_LINUX_UMOUNT2 +nxt_feature_run=no +nxt_feature_incs= +nxt_feature_libs= +nxt_feature_test="#include + + int main() { + return umount2((void *)0, 0); + }" +. auto/feature + +if [ $nxt_found = yes ]; then + NXT_HAVE_UNMOUNT=YES +fi + +if [ $nxt_found = no ]; then + nxt_feature="unmount()" + nxt_feature_name=NXT_HAVE_UNMOUNT + nxt_feature_run=no + nxt_feature_incs= + nxt_feature_libs= + nxt_feature_test="#include + + int main() { + return unmount((void *)0, 0); + }" + . auto/feature + + if [ $nxt_found = yes ]; then + NXT_HAVE_UNMOUNT=YES + fi +fi + +if [ $NXT_HAVE_MOUNT = YES -a $NXT_HAVE_UNMOUNT = YES ]; then + NXT_HAVE_ROOTFS=YES + + cat << END >> $NXT_AUTO_CONFIG_H + +#ifndef NXT_HAVE_ISOLATION_ROOTFS +#define NXT_HAVE_ISOLATION_ROOTFS 1 +#endif + +END + +fi diff --git a/auto/modules/java b/auto/modules/java index 68b10836..2e6f292d 100644 --- a/auto/modules/java +++ b/auto/modules/java @@ -172,13 +172,13 @@ if [ -z "$NXT_JAVA_LIB_PATH" ]; then exit 1 fi - NXT_JAVA_LIB_PATH="${NXT_JAVA_LIB_PATH}/server" + NXT_JAVA_LIB_SERVER_PATH="${NXT_JAVA_LIB_PATH}/server" $echo " $NXT_JAVA_LIB_PATH" $echo "got library path $NXT_JAVA_LIB_PATH" >> $NXT_AUTOCONF_ERR fi -NXT_JAVA_LDFLAGS="-L${NXT_JAVA_LIB_PATH} -Wl,-rpath ${NXT_JAVA_LIB_PATH} -ljvm" +NXT_JAVA_LDFLAGS="-L${NXT_JAVA_LIB_SERVER_PATH} -Wl,-rpath ${NXT_JAVA_LIB_SERVER_PATH} -ljvm" nxt_found=no @@ -227,6 +227,7 @@ NXT_JAVA_INSTALL_JARS= NXT_JAVA_UNINSTALL_JARS= NXT_JAVA_JARS=$NXT_BUILD_DIR/$NXT_JAVA_MODULE/nxt_jars.h +NXT_JAVA_MOUNTS_HEADER=$NXT_BUILD_DIR/$NXT_JAVA_MODULE/nxt_java_mounts.h mkdir -p $NXT_BUILD_DIR/$NXT_JAVA_MODULE cat << END > $NXT_JAVA_JARS @@ -308,6 +309,32 @@ cat << END >> $NXT_JAVA_JARS #endif /* _NXT_JAVA_JARS_INCLUDED_ */ END +NXT_JAVA_LIBJVM="$NXT_JAVA_LIB_SERVER_PATH/libjvm.so" + +if [ "$NXT_SYSTEM" = "Darwin" ]; then +NXT_JAVA_LIBC_DIR="/usr/lib" +else +NXT_JAVA_LIBC_DIR=`ldd "$NXT_JAVA_LIBJVM" | grep libc.so | cut -d' ' -f3` +NXT_JAVA_LIBC_DIR=`dirname $NXT_JAVA_LIBC_DIR` +fi + +cat << END > $NXT_JAVA_MOUNTS_HEADER +#ifndef _NXT_JAVA_MOUNTS_H_INCLUDED_ +#define _NXT_JAVA_MOUNTS_H_INCLUDED_ + + +static const nxt_fs_mount_t nxt_java_mounts[] = { + {(u_char *) "proc", (u_char *) "/proc", (u_char *) "proc", 0, NULL}, + {(u_char *) "$NXT_JAVA_LIBC_DIR", (u_char *) "$NXT_JAVA_LIBC_DIR", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, + {(u_char *) "$NXT_JAVA_HOME", (u_char *) "$NXT_JAVA_HOME", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, +}; + + +#endif /* _NXT_JAVA_MOUNTS_H_INCLUDED_ */ +END + $echo " + Java module: ${NXT_JAVA_MODULE}.unit.so" . auto/cc/deps diff --git a/auto/modules/python b/auto/modules/python index 6c8198f5..ad862f3c 100644 --- a/auto/modules/python +++ b/auto/modules/python @@ -68,6 +68,7 @@ if /bin/sh -c "$NXT_PYTHON_CONFIG --prefix" >> $NXT_AUTOCONF_ERR 2>&1; then NXT_PYTHON_CONFIG="${NXT_PYTHON_CONFIG} --embed" fi + NXT_PYTHON_EXEC=`${NXT_PYTHON_CONFIG} --exec-prefix`/bin/${NXT_PYTHON} NXT_PYTHON_INCLUDE=`${NXT_PYTHON_CONFIG} --includes` NXT_PYTHON_LIBS=`${NXT_PYTHON_CONFIG} --ldflags` @@ -129,6 +130,37 @@ if grep ^$NXT_PYTHON_MODULE: $NXT_MAKEFILE 2>&1 > /dev/null; then exit 1; fi + +NXT_PYTHON_MOUNTS_HEADER=$NXT_BUILD_DIR/nxt_python_mounts.h + +$NXT_PYTHON_EXEC -c 'import os.path +import sys +pyver = "python" + str(sys.version_info[0]) + "." + str(sys.version_info[1]) + +print("static const nxt_fs_mount_t nxt_python%d%d_mounts[] = {" % (sys.version_info[0], sys.version_info[1])) + +pattern = "{(u_char *) \"%s\", (u_char *) \"%s\", (u_char *) \"bind\", NXT_MS_BIND|NXT_MS_REC, NULL}," +base = None +for p in sys.path: + if len(p) > 0: + if os.path.basename(p) == pyver: + base = p + +if base is None: + raise Exception("failed to compute sys.path mount points") + +print(pattern % (base, base)) + +for p in sys.path: + if len(p) > 0: + if not p.startswith(base): + print(pattern % (p, p)) + +print("};\n\n") + +' >> $NXT_PYTHON_MOUNTS_HEADER + + $echo " + Python module: ${NXT_PYTHON_MODULE}.unit.so" . auto/cc/deps @@ -165,7 +197,7 @@ END done - + cat << END >> $NXT_MAKEFILE .PHONY: ${NXT_PYTHON_MODULE} diff --git a/auto/modules/ruby b/auto/modules/ruby index 407406ce..f7334cc7 100644 --- a/auto/modules/ruby +++ b/auto/modules/ruby @@ -51,6 +51,7 @@ $echo "configuring Ruby module ..." >> $NXT_AUTOCONF_ERR NXT_RUBY=${NXT_RUBY=ruby} NXT_RUBY_MODULE=${NXT_RUBY_MODULE=${NXT_RUBY}} +NXT_RUBY_MOUNTS_HEADER=$NXT_BUILD_DIR/nxt_ruby_mounts.h nxt_found=no @@ -58,6 +59,14 @@ if /bin/sh -c "$NXT_RUBY -v" >> $NXT_AUTOCONF_ERR 2>&1; then NXT_RUBY_RUBYHDRDIR=`$NXT_RUBY -r rbconfig -e 'printf("%s",RbConfig::CONFIG["rubyhdrdir"])'` NXT_RUBY_ARCHHDRDIR=`$NXT_RUBY -r rbconfig -e 'printf("%s",RbConfig::CONFIG["rubyarchhdrdir"])'` + NXT_RUBY_SITEARCHDIR=`$NXT_RUBY -r rbconfig -e 'printf("%s",RbConfig::CONFIG["sitearchhdrdir"])'` + NXT_RUBY_SITEDIR=`$NXT_RUBY -r rbconfig -e 'printf("%s",RbConfig::CONFIG["sitedir"])'` + NXT_RUBY_LIBDIR=`$NXT_RUBY -r rbconfig -e 'printf("%s",RbConfig::CONFIG["rubylibdir"])'` + NXT_RUBY_TOPDIR=`$NXT_RUBY -r rbconfig -e 'printf("%s",RbConfig::CONFIG["topdir"])'` + NXT_RUBY_PREFIXDIR=`$NXT_RUBY -r rbconfig -e 'printf("%s",RbConfig::CONFIG["rubylibprefix"])'` + NXT_RUBY_GEMDIR=`gem environment gemdir` + NXT_RUBY_GEMPATH=`gem environment gempath` + NXT_RUBY_INCPATH="-I$NXT_RUBY_ARCHHDRDIR -I$NXT_RUBY_RUBYHDRDIR" NXT_RUBY_LIBNAME=`$NXT_RUBY -r rbconfig -e 'printf("%s",RbConfig::CONFIG["RUBY_SO_NAME"])'` @@ -135,6 +144,35 @@ if grep ^$NXT_RUBY_MODULE: $NXT_MAKEFILE 2>&1 > /dev/null; then exit 1; fi + +cat << END > $NXT_RUBY_MOUNTS_HEADER + +static const nxt_fs_mount_t nxt_ruby_mounts[] = { + {(u_char *) "$NXT_RUBY_RUBYHDRDIR", (u_char *) "$NXT_RUBY_RUBYHDRDIR", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, + {(u_char *) "$NXT_RUBY_ARCHHDRDIR", (u_char *) "$NXT_RUBY_ARCHHDRDIR", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, + {(u_char *) "$NXT_RUBY_SITEDIR", (u_char *) "$NXT_RUBY_SITEDIR", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, + {(u_char *) "$NXT_RUBY_LIBDIR", (u_char *) "$NXT_RUBY_LIBDIR", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, + {(u_char *) "$NXT_RUBY_GEMDIR", (u_char *) "$NXT_RUBY_GEMDIR", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, + {(u_char *) "$NXT_RUBY_TOPDIR", (u_char *) "$NXT_RUBY_TOPDIR", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, + {(u_char *) "$NXT_RUBY_PREFIXDIR", (u_char *) "$NXT_RUBY_PREFIXDIR", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, + +END + +for path in `echo $NXT_RUBY_GEMPATH | tr ':' '\n'`; do + $echo "{(u_char *) \"$path\", (u_char *) \"$path\"," >> $NXT_RUBY_MOUNTS_HEADER + $echo "(u_char *) \"bind\", NXT_MS_BIND | NXT_MS_REC, NULL}," >> $NXT_RUBY_MOUNTS_HEADER +done + +$echo "};" >> $NXT_RUBY_MOUNTS_HEADER + + $echo " + Ruby module: ${NXT_RUBY_MODULE}.unit.so" . auto/cc/deps diff --git a/auto/sources b/auto/sources index 4ac132dd..2075ca0f 100644 --- a/auto/sources +++ b/auto/sources @@ -177,6 +177,11 @@ NXT_LIB_UTF8_FILE_NAME_TEST_SRCS=" \ " +if [ $NXT_HAVE_ROOTFS = YES ]; then + NXT_LIB_SRCS="$NXT_LIB_SRCS src/nxt_fs.c" +fi + + if [ $NXT_TLS = YES ]; then nxt_have=NXT_TLS . auto/have NXT_LIB_SRCS="$NXT_LIB_SRCS $NXT_LIB_TLS_SRCS" -- cgit