Re: dnscrypt-proxy: Unable to set the close on exec flag: [function not implemented]
Stuart Henderson writes: > On 2024/01/23 20:14, Nam Nguyen wrote: >> Theo Buehler writes: >> >> > On Wed, Jan 17, 2024 at 01:11:54PM +0100, Florian Obser wrote: >> >> On 2024-01-03 17:14 +01, Florian Obser wrote: >> >> > Hi there, >> >> > >> >> > dnscrypt-proxy fails thusly on -current: >> >> > >> >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: dnscrypt-proxy 2.1.5 >> >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Network connectivity >> >> > detected >> >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Dropping privileges >> >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Unable to set the close on >> >> > exec flag: [function not implemented] >> > >> > The port uses golang.org/x/sys v0.11.0 whose fnctl() implementation does >> > >> > valptr, _, errno := Syscall(fcntl64Syscall, uintptr(fd), uintptr(cmd), >> > uintptr(arg)) >> > >> > It would need to use at least v0.15.0 to include jrick's >> > >> > https://go-review.googlesource.com/c/sys/+/538995 >> > >> > which is what DNSCrypt/dnscrypt-proxy's master branch seems to be using. >> > >> > So someone would need to update the port to use said branch, or build >> > from source. >> >> Thanks for the report and cluestick. I'll try to update to use that >> until upstream cuts a new release. Sorry for the timeout. > > This might do the trick. Bonus do-build fix to respect MAKE_JOBS rather > than using all cores. I like this approach. there's some weird characters in /usr/obj/pobj/dnscrypt-proxy-2.1.5/dnscrypt-proxy-2.1.5/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s > + GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 # github.com/jedisct1/dnscrypt-proxy/vendor/golang.org/x/sys/unix ../vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s:183:7: invalid UTF-8 encoding ../vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s:184:6: invalid UTF-8 encoding # github.com/jedisct1/dnscrypt-proxy/vendor/golang.org/x/sys/unix ../vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s:183:7: invalid UTF-8 encoding ../vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s:183: expected '(', found libc_fcntl_trampoline_addr ../vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s:184:6: invalid UTF-8 encoding ../vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s:184: expected '(', found libc_fcntl_trampoline_addr asm: assembly of ../vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s failed
unbreak net/dnscrypt-proxy 2.1.5pl20240118 [Was:Re: dnscrypt-proxy: Unable to set the close on exec flag: [function not implemented]]
Theo Buehler writes: > On Wed, Jan 17, 2024 at 01:11:54PM +0100, Florian Obser wrote: >> On 2024-01-03 17:14 +01, Florian Obser wrote: >> > Hi there, >> > >> > dnscrypt-proxy fails thusly on -current: >> > >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: dnscrypt-proxy 2.1.5 >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Network connectivity detected >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Dropping privileges >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Unable to set the close on >> > exec flag: [function not implemented] > > The port uses golang.org/x/sys v0.11.0 whose fnctl() implementation does > > valptr, _, errno := Syscall(fcntl64Syscall, uintptr(fd), uintptr(cmd), > uintptr(arg)) > > It would need to use at least v0.15.0 to include jrick's > > https://go-review.googlesource.com/c/sys/+/538995 > > which is what DNSCrypt/dnscrypt-proxy's master branch seems to be using. > > So someone would need to update the port to use said branch, or build > from source. Here is an update to a more recent commit to unbreak dnscrypt-proxy with the removal of syscall in libc. It is better than having dnscrypt-proxy being broken. I took the commit that updated the go.mod to have golang.org/x/sys v0.16.0 (which is not the latest commit). see: https://github.com/DNSCrypt/dnscrypt-proxy/commit/63f8d9b30d41eac7cfa2668f2bf4a3da104ed9f0 The update - moves to DIST_TUPLE - defines PKGNAME to ensure an upgrade path - defines WRKDIST so that go-module(5) defines MODGO_SUBDIR = WRKDIST properly: "During execution of pre-configure target module moves source code from ${MODGO_SUBDIR} to ${WRKSRC}" It works in testing. OK? Index: Makefile === RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v retrieving revision 1.65 diff -u -p -r1.65 Makefile --- Makefile12 Aug 2023 08:55:43 - 1.65 +++ Makefile24 Jan 2024 10:38:07 - @@ -1,8 +1,8 @@ COMMENT = flexible DNS proxy with support for encrypted DNS protocols -GH_ACCOUNT = jedisct1 -GH_PROJECT = dnscrypt-proxy -GH_TAGNAME = 2.1.5 +PKGNAME = dnscrypt-proxy-2.1.5pl20240118 +C =63f8d9b30d41eac7cfa2668f2bf4a3da104ed9f0 +DIST_TUPLE += github jedisct1 dnscrypt-proxy ${C} . CATEGORIES = net @@ -18,6 +18,8 @@ MODULES = lang/go MODGO_TYPE = bin INSTDIR = ${PREFIX}/share/examples/dnscrypt-proxy + +WRKDIST = ${WRKDIR}/dnscrypt-proxy-${C} pre-configure: sed -i "s;cache_file = '\(.*\)\.md';cache_file =\ Index: distinfo === RCS file: /cvs/ports/net/dnscrypt-proxy/distinfo,v retrieving revision 1.37 diff -u -p -r1.37 distinfo --- distinfo12 Aug 2023 08:55:43 - 1.37 +++ distinfo24 Jan 2024 10:38:07 - @@ -1,2 +1,2 @@ -SHA256 (dnscrypt-proxy-2.1.5.tar.gz) = BExNuaPHvc+Ib/j4PEsTfS/TemVHepK/6Gv2lYfqc1U= -SIZE (dnscrypt-proxy-2.1.5.tar.gz) = 4065395 +SHA256 (jedisct1-dnscrypt-proxy-63f8d9b30d41eac7cfa2668f2bf4a3da104ed9f0.tar.gz) = 3xnf2ezSLYJVu8oXaswZWMN7VZ7EZ3dYYSMDLCzNFbc= +SIZE (jedisct1-dnscrypt-proxy-63f8d9b30d41eac7cfa2668f2bf4a3da104ed9f0.tar.gz) = 3983365
Re: dnscrypt-proxy: Unable to set the close on exec flag: [function not implemented]
On 2024/01/23 20:14, Nam Nguyen wrote: > Theo Buehler writes: > > > On Wed, Jan 17, 2024 at 01:11:54PM +0100, Florian Obser wrote: > >> On 2024-01-03 17:14 +01, Florian Obser wrote: > >> > Hi there, > >> > > >> > dnscrypt-proxy fails thusly on -current: > >> > > >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: dnscrypt-proxy 2.1.5 > >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Network connectivity detected > >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Dropping privileges > >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Unable to set the close on > >> > exec flag: [function not implemented] > > > > The port uses golang.org/x/sys v0.11.0 whose fnctl() implementation does > > > > valptr, _, errno := Syscall(fcntl64Syscall, uintptr(fd), uintptr(cmd), > > uintptr(arg)) > > > > It would need to use at least v0.15.0 to include jrick's > > > > https://go-review.googlesource.com/c/sys/+/538995 > > > > which is what DNSCrypt/dnscrypt-proxy's master branch seems to be using. > > > > So someone would need to update the port to use said branch, or build > > from source. > > Thanks for the report and cluestick. I'll try to update to use that > until upstream cuts a new release. Sorry for the timeout. This might do the trick. Bonus do-build fix to respect MAKE_JOBS rather than using all cores. Index: Makefile === RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v retrieving revision 1.65 diff -u -p -r1.65 Makefile --- Makefile12 Aug 2023 08:55:43 - 1.65 +++ Makefile24 Jan 2024 09:05:18 - @@ -3,6 +3,7 @@ COMMENT = flexible DNS proxy with suppor GH_ACCOUNT = jedisct1 GH_PROJECT = dnscrypt-proxy GH_TAGNAME = 2.1.5 +REVISION = 0 CATEGORIES = net @@ -25,7 +26,7 @@ pre-configure: ${MODGO_SUBDIR}/dnscrypt-proxy/example-dnscrypt-proxy.toml do-build: - cd ${WRKSRC}/dnscrypt-proxy && ${MODGO_CMD} build + cd ${WRKSRC}/dnscrypt-proxy && ${MODGO_CMD} build ${MODGO_FLAGS} do-test: cd ${WRKSRC}/dnscrypt-proxy && ${MODGO_CMD} test Index: patches/patch-vendor_golang_org_x_sys_unix_fcntl_go === RCS file: patches/patch-vendor_golang_org_x_sys_unix_fcntl_go diff -N patches/patch-vendor_golang_org_x_sys_unix_fcntl_go --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-vendor_golang_org_x_sys_unix_fcntl_go 24 Jan 2024 09:05:18 - @@ -0,0 +1,17 @@ +similar to +https://github.com/golang/sys/commit/ec230dae7fd9abe06a61e3e05310d935e7e32b12.patch + +Index: vendor/golang.org/x/sys/unix/fcntl.go +--- vendor/golang.org/x/sys/unix/fcntl.go.orig vendor/golang.org/x/sys/unix/fcntl.go +@@ -2,8 +2,8 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build dragonfly || freebsd || linux || netbsd || openbsd +-// +build dragonfly freebsd linux netbsd openbsd ++//go:build dragonfly || freebsd || linux || netbsd ++// +build dragonfly freebsd linux netbsd + + package unix + Index: patches/patch-vendor_golang_org_x_sys_unix_syscall_openbsd_go === RCS file: patches/patch-vendor_golang_org_x_sys_unix_syscall_openbsd_go diff -N patches/patch-vendor_golang_org_x_sys_unix_syscall_openbsd_go --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-vendor_golang_org_x_sys_unix_syscall_openbsd_go 24 Jan 2024 09:05:18 - @@ -0,0 +1,26 @@ +https://github.com/golang/sys/commit/ec230dae7fd9abe06a61e3e05310d935e7e32b12.patch + +Index: vendor/golang.org/x/sys/unix/syscall_openbsd.go +--- vendor/golang.org/x/sys/unix/syscall_openbsd.go.orig vendor/golang.org/x/sys/unix/syscall_openbsd.go +@@ -171,6 +171,20 @@ func Getresgid() (rgid, egid, sgid int) { + + //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL + ++//sys fcntl(fd int, cmd int, arg int) (n int, err error) ++//sys fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) = SYS_FCNTL ++ ++// FcntlInt performs a fcntl syscall on fd with the provided command and argument. ++func FcntlInt(fd uintptr, cmd, arg int) (int, error) { ++ return fcntl(int(fd), cmd, arg) ++} ++ ++// FcntlFlock performs a fcntl syscall for the F_GETLK, F_SETLK or F_SETLKW command. ++func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error { ++ _, err := fcntlPtr(int(fd), cmd, unsafe.Pointer(lk)) ++ return err ++} ++ + //sys ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) + + func Ppoll(fds []PollFd, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { Index: patches/patch-vendor_golang_org_x_sys_unix_zsyscall_openbsd_386_go === RCS file: patches/patch-vendor_golang_org_x_sys_unix_zsyscall_openbsd_386_go diff -N patches/patch-vendor_golang_org_x_sys_unix_zsys
Re: dnscrypt-proxy: Unable to set the close on exec flag: [function not implemented]
Theo Buehler writes: > On Wed, Jan 17, 2024 at 01:11:54PM +0100, Florian Obser wrote: >> On 2024-01-03 17:14 +01, Florian Obser wrote: >> > Hi there, >> > >> > dnscrypt-proxy fails thusly on -current: >> > >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: dnscrypt-proxy 2.1.5 >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Network connectivity detected >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Dropping privileges >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Unable to set the close on >> > exec flag: [function not implemented] > > The port uses golang.org/x/sys v0.11.0 whose fnctl() implementation does > > valptr, _, errno := Syscall(fcntl64Syscall, uintptr(fd), uintptr(cmd), > uintptr(arg)) > > It would need to use at least v0.15.0 to include jrick's > > https://go-review.googlesource.com/c/sys/+/538995 > > which is what DNSCrypt/dnscrypt-proxy's master branch seems to be using. > > So someone would need to update the port to use said branch, or build > from source. Thanks for the report and cluestick. I'll try to update to use that until upstream cuts a new release. Sorry for the timeout.
Re: dnscrypt-proxy: Unable to set the close on exec flag: [function not implemented]
On Wed, Jan 17, 2024 at 01:11:54PM +0100, Florian Obser wrote: > On 2024-01-03 17:14 +01, Florian Obser wrote: > > Hi there, > > > > dnscrypt-proxy fails thusly on -current: > > > > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: dnscrypt-proxy 2.1.5 > > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Network connectivity detected > > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Dropping privileges > > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Unable to set the close on exec > > flag: [function not implemented] The port uses golang.org/x/sys v0.11.0 whose fnctl() implementation does valptr, _, errno := Syscall(fcntl64Syscall, uintptr(fd), uintptr(cmd), uintptr(arg)) It would need to use at least v0.15.0 to include jrick's https://go-review.googlesource.com/c/sys/+/538995 which is what DNSCrypt/dnscrypt-proxy's master branch seems to be using. So someone would need to update the port to use said branch, or build from source.
Re: dnscrypt-proxy: Unable to set the close on exec flag: [function not implemented]
On 2024-01-03 17:14 +01, Florian Obser wrote: > Hi there, > > dnscrypt-proxy fails thusly on -current: > > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: dnscrypt-proxy 2.1.5 > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Network connectivity detected > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Dropping privileges > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Unable to set the close on exec > flag: [function not implemented] > So I've solved this by installing dnsdist instead. Since unwind(8) can't natively speak DoH and there are sometimes networks that try really hard to filter DNS put let through tcp/443 I need a thing that speaks Do53 as a server and forwards queries to quad9 DoH. dnsdist does this just fine. -- In my defence, I have been left unsupervised.
Re: dnscrypt-proxy: Unable to set the close on exec flag: [function not implemented]
Hi, Unfortunately many such cases lately in Go software. I think it's due to the syscall removal thing introduced with https://marc.info/?l=openbsd-ports-cvs&m=170057559813269&w=2 because it still works if you build it with a previous revision of Go. On 1/3/24 17:14, Florian Obser wrote: Hi there, dnscrypt-proxy fails thusly on -current: Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: dnscrypt-proxy 2.1.5 Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Network connectivity detected Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Dropping privileges Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Unable to set the close on exec flag: [function not implemented]
dnscrypt-proxy: Unable to set the close on exec flag: [function not implemented]
Hi there, dnscrypt-proxy fails thusly on -current: Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: dnscrypt-proxy 2.1.5 Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Network connectivity detected Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Dropping privileges Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Unable to set the close on exec flag: [function not implemented] -- In my defence, I have been left unsupervised.