Re: dnscrypt-proxy: Unable to set the close on exec flag: [function not implemented]
Stuart Henderson writes:
> On 2024/01/23 20:14, Nam Nguyen wrote:
>> Theo Buehler writes:
>>
>> > On Wed, Jan 17, 2024 at 01:11:54PM +0100, Florian Obser wrote:
>> >> On 2024-01-03 17:14 +01, Florian Obser wrote:
>> >> > Hi there,
>> >> >
>> >> > dnscrypt-proxy fails thusly on -current:
>> >> >
>> >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: dnscrypt-proxy 2.1.5
>> >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Network connectivity
>> >> > detected
>> >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Dropping privileges
>> >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Unable to set the close on
>> >> > exec flag: [function not implemented]
>> >
>> > The port uses golang.org/x/sys v0.11.0 whose fnctl() implementation does
>> >
>> > valptr, _, errno := Syscall(fcntl64Syscall, uintptr(fd), uintptr(cmd),
>> > uintptr(arg))
>> >
>> > It would need to use at least v0.15.0 to include jrick's
>> >
>> > https://go-review.googlesource.com/c/sys/+/538995
>> >
>> > which is what DNSCrypt/dnscrypt-proxy's master branch seems to be using.
>> >
>> > So someone would need to update the port to use said branch, or build
>> > from source.
>>
>> Thanks for the report and cluestick. I'll try to update to use that
>> until upstream cuts a new release. Sorry for the timeout.
>
> This might do the trick. Bonus do-build fix to respect MAKE_JOBS rather
> than using all cores.
I like this approach. there's some weird characters in
/usr/obj/pobj/dnscrypt-proxy-2.1.5/dnscrypt-proxy-2.1.5/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
> + GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8
# github.com/jedisct1/dnscrypt-proxy/vendor/golang.org/x/sys/unix
../vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s:183:7: invalid UTF-8
encoding
../vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s:184:6: invalid UTF-8
encoding
# github.com/jedisct1/dnscrypt-proxy/vendor/golang.org/x/sys/unix
../vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s:183:7: invalid UTF-8
encoding
../vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s:183: expected '(',
found libc_fcntl_trampoline_addr
../vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s:184:6: invalid UTF-8
encoding
../vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s:184: expected '(',
found libc_fcntl_trampoline_addr
asm: assembly of ../vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s failed
unbreak net/dnscrypt-proxy 2.1.5pl20240118 [Was:Re: dnscrypt-proxy: Unable to set the close on exec flag: [function not implemented]]
Theo Buehler writes:
> On Wed, Jan 17, 2024 at 01:11:54PM +0100, Florian Obser wrote:
>> On 2024-01-03 17:14 +01, Florian Obser wrote:
>> > Hi there,
>> >
>> > dnscrypt-proxy fails thusly on -current:
>> >
>> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: dnscrypt-proxy 2.1.5
>> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Network connectivity detected
>> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Dropping privileges
>> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Unable to set the close on
>> > exec flag: [function not implemented]
>
> The port uses golang.org/x/sys v0.11.0 whose fnctl() implementation does
>
> valptr, _, errno := Syscall(fcntl64Syscall, uintptr(fd), uintptr(cmd),
> uintptr(arg))
>
> It would need to use at least v0.15.0 to include jrick's
>
> https://go-review.googlesource.com/c/sys/+/538995
>
> which is what DNSCrypt/dnscrypt-proxy's master branch seems to be using.
>
> So someone would need to update the port to use said branch, or build
> from source.
Here is an update to a more recent commit to unbreak dnscrypt-proxy with
the removal of syscall in libc. It is better than having dnscrypt-proxy
being broken. I took the commit that updated the go.mod to have
golang.org/x/sys v0.16.0 (which is not the latest commit).
see:
https://github.com/DNSCrypt/dnscrypt-proxy/commit/63f8d9b30d41eac7cfa2668f2bf4a3da104ed9f0
The update
- moves to DIST_TUPLE
- defines PKGNAME to ensure an upgrade path
- defines WRKDIST so that go-module(5) defines MODGO_SUBDIR = WRKDIST
properly: "During execution of pre-configure target module moves source
code from ${MODGO_SUBDIR} to ${WRKSRC}"
It works in testing. OK?
Index: Makefile
===
RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v
retrieving revision 1.65
diff -u -p -r1.65 Makefile
--- Makefile12 Aug 2023 08:55:43 - 1.65
+++ Makefile24 Jan 2024 10:38:07 -
@@ -1,8 +1,8 @@
COMMENT = flexible DNS proxy with support for encrypted DNS protocols
-GH_ACCOUNT = jedisct1
-GH_PROJECT = dnscrypt-proxy
-GH_TAGNAME = 2.1.5
+PKGNAME = dnscrypt-proxy-2.1.5pl20240118
+C =63f8d9b30d41eac7cfa2668f2bf4a3da104ed9f0
+DIST_TUPLE += github jedisct1 dnscrypt-proxy ${C} .
CATEGORIES = net
@@ -18,6 +18,8 @@ MODULES = lang/go
MODGO_TYPE = bin
INSTDIR = ${PREFIX}/share/examples/dnscrypt-proxy
+
+WRKDIST = ${WRKDIR}/dnscrypt-proxy-${C}
pre-configure:
sed -i "s;cache_file = '\(.*\)\.md';cache_file =\
Index: distinfo
===
RCS file: /cvs/ports/net/dnscrypt-proxy/distinfo,v
retrieving revision 1.37
diff -u -p -r1.37 distinfo
--- distinfo12 Aug 2023 08:55:43 - 1.37
+++ distinfo24 Jan 2024 10:38:07 -
@@ -1,2 +1,2 @@
-SHA256 (dnscrypt-proxy-2.1.5.tar.gz) =
BExNuaPHvc+Ib/j4PEsTfS/TemVHepK/6Gv2lYfqc1U=
-SIZE (dnscrypt-proxy-2.1.5.tar.gz) = 4065395
+SHA256
(jedisct1-dnscrypt-proxy-63f8d9b30d41eac7cfa2668f2bf4a3da104ed9f0.tar.gz) =
3xnf2ezSLYJVu8oXaswZWMN7VZ7EZ3dYYSMDLCzNFbc=
+SIZE (jedisct1-dnscrypt-proxy-63f8d9b30d41eac7cfa2668f2bf4a3da104ed9f0.tar.gz)
= 3983365
Re: dnscrypt-proxy: Unable to set the close on exec flag: [function not implemented]
On 2024/01/23 20:14, Nam Nguyen wrote:
> Theo Buehler writes:
>
> > On Wed, Jan 17, 2024 at 01:11:54PM +0100, Florian Obser wrote:
> >> On 2024-01-03 17:14 +01, Florian Obser wrote:
> >> > Hi there,
> >> >
> >> > dnscrypt-proxy fails thusly on -current:
> >> >
> >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: dnscrypt-proxy 2.1.5
> >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Network connectivity detected
> >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Dropping privileges
> >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Unable to set the close on
> >> > exec flag: [function not implemented]
> >
> > The port uses golang.org/x/sys v0.11.0 whose fnctl() implementation does
> >
> > valptr, _, errno := Syscall(fcntl64Syscall, uintptr(fd), uintptr(cmd),
> > uintptr(arg))
> >
> > It would need to use at least v0.15.0 to include jrick's
> >
> > https://go-review.googlesource.com/c/sys/+/538995
> >
> > which is what DNSCrypt/dnscrypt-proxy's master branch seems to be using.
> >
> > So someone would need to update the port to use said branch, or build
> > from source.
>
> Thanks for the report and cluestick. I'll try to update to use that
> until upstream cuts a new release. Sorry for the timeout.
This might do the trick. Bonus do-build fix to respect MAKE_JOBS rather
than using all cores.
Index: Makefile
===
RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v
retrieving revision 1.65
diff -u -p -r1.65 Makefile
--- Makefile12 Aug 2023 08:55:43 - 1.65
+++ Makefile24 Jan 2024 09:05:18 -
@@ -3,6 +3,7 @@ COMMENT = flexible DNS proxy with suppor
GH_ACCOUNT = jedisct1
GH_PROJECT = dnscrypt-proxy
GH_TAGNAME = 2.1.5
+REVISION = 0
CATEGORIES = net
@@ -25,7 +26,7 @@ pre-configure:
${MODGO_SUBDIR}/dnscrypt-proxy/example-dnscrypt-proxy.toml
do-build:
- cd ${WRKSRC}/dnscrypt-proxy && ${MODGO_CMD} build
+ cd ${WRKSRC}/dnscrypt-proxy && ${MODGO_CMD} build ${MODGO_FLAGS}
do-test:
cd ${WRKSRC}/dnscrypt-proxy && ${MODGO_CMD} test
Index: patches/patch-vendor_golang_org_x_sys_unix_fcntl_go
===
RCS file: patches/patch-vendor_golang_org_x_sys_unix_fcntl_go
diff -N patches/patch-vendor_golang_org_x_sys_unix_fcntl_go
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patches/patch-vendor_golang_org_x_sys_unix_fcntl_go 24 Jan 2024 09:05:18
-
@@ -0,0 +1,17 @@
+similar to
+https://github.com/golang/sys/commit/ec230dae7fd9abe06a61e3e05310d935e7e32b12.patch
+
+Index: vendor/golang.org/x/sys/unix/fcntl.go
+--- vendor/golang.org/x/sys/unix/fcntl.go.orig
vendor/golang.org/x/sys/unix/fcntl.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+
+-//go:build dragonfly || freebsd || linux || netbsd || openbsd
+-// +build dragonfly freebsd linux netbsd openbsd
++//go:build dragonfly || freebsd || linux || netbsd
++// +build dragonfly freebsd linux netbsd
+
+ package unix
+
Index: patches/patch-vendor_golang_org_x_sys_unix_syscall_openbsd_go
===
RCS file: patches/patch-vendor_golang_org_x_sys_unix_syscall_openbsd_go
diff -N patches/patch-vendor_golang_org_x_sys_unix_syscall_openbsd_go
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patches/patch-vendor_golang_org_x_sys_unix_syscall_openbsd_go 24 Jan
2024 09:05:18 -
@@ -0,0 +1,26 @@
+https://github.com/golang/sys/commit/ec230dae7fd9abe06a61e3e05310d935e7e32b12.patch
+
+Index: vendor/golang.org/x/sys/unix/syscall_openbsd.go
+--- vendor/golang.org/x/sys/unix/syscall_openbsd.go.orig
vendor/golang.org/x/sys/unix/syscall_openbsd.go
+@@ -171,6 +171,20 @@ func Getresgid() (rgid, egid, sgid int) {
+
+ //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen
uintptr) (err error) = SYS___SYSCTL
+
++//sys fcntl(fd int, cmd int, arg int) (n int, err error)
++//sys fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) =
SYS_FCNTL
++
++// FcntlInt performs a fcntl syscall on fd with the provided command and
argument.
++func FcntlInt(fd uintptr, cmd, arg int) (int, error) {
++ return fcntl(int(fd), cmd, arg)
++}
++
++// FcntlFlock performs a fcntl syscall for the F_GETLK, F_SETLK or F_SETLKW
command.
++func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error {
++ _, err := fcntlPtr(int(fd), cmd, unsafe.Pointer(lk))
++ return err
++}
++
+ //sys ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n
int, err error)
+
+ func Ppoll(fds []PollFd, timeout *Timespec, sigmask *Sigset_t) (n int, err
error) {
Index: patches/patch-vendor_golang_org_x_sys_unix_zsyscall_openbsd_386_go
===
RCS file: patches/patch-vendor_golang_org_x_sys_unix_zsyscall_openbsd_386_go
diff -N patches/patch-vendor_golang_org_x_sys_unix_zsys
Re: dnscrypt-proxy: Unable to set the close on exec flag: [function not implemented]
Theo Buehler writes: > On Wed, Jan 17, 2024 at 01:11:54PM +0100, Florian Obser wrote: >> On 2024-01-03 17:14 +01, Florian Obser wrote: >> > Hi there, >> > >> > dnscrypt-proxy fails thusly on -current: >> > >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: dnscrypt-proxy 2.1.5 >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Network connectivity detected >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Dropping privileges >> > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Unable to set the close on >> > exec flag: [function not implemented] > > The port uses golang.org/x/sys v0.11.0 whose fnctl() implementation does > > valptr, _, errno := Syscall(fcntl64Syscall, uintptr(fd), uintptr(cmd), > uintptr(arg)) > > It would need to use at least v0.15.0 to include jrick's > > https://go-review.googlesource.com/c/sys/+/538995 > > which is what DNSCrypt/dnscrypt-proxy's master branch seems to be using. > > So someone would need to update the port to use said branch, or build > from source. Thanks for the report and cluestick. I'll try to update to use that until upstream cuts a new release. Sorry for the timeout.
Re: dnscrypt-proxy: Unable to set the close on exec flag: [function not implemented]
On Wed, Jan 17, 2024 at 01:11:54PM +0100, Florian Obser wrote: > On 2024-01-03 17:14 +01, Florian Obser wrote: > > Hi there, > > > > dnscrypt-proxy fails thusly on -current: > > > > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: dnscrypt-proxy 2.1.5 > > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Network connectivity detected > > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Dropping privileges > > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Unable to set the close on exec > > flag: [function not implemented] The port uses golang.org/x/sys v0.11.0 whose fnctl() implementation does valptr, _, errno := Syscall(fcntl64Syscall, uintptr(fd), uintptr(cmd), uintptr(arg)) It would need to use at least v0.15.0 to include jrick's https://go-review.googlesource.com/c/sys/+/538995 which is what DNSCrypt/dnscrypt-proxy's master branch seems to be using. So someone would need to update the port to use said branch, or build from source.
Re: dnscrypt-proxy: Unable to set the close on exec flag: [function not implemented]
On 2024-01-03 17:14 +01, Florian Obser wrote: > Hi there, > > dnscrypt-proxy fails thusly on -current: > > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: dnscrypt-proxy 2.1.5 > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Network connectivity detected > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Dropping privileges > Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Unable to set the close on exec > flag: [function not implemented] > So I've solved this by installing dnsdist instead. Since unwind(8) can't natively speak DoH and there are sometimes networks that try really hard to filter DNS put let through tcp/443 I need a thing that speaks Do53 as a server and forwards queries to quad9 DoH. dnsdist does this just fine. -- In my defence, I have been left unsupervised.
Re: dnscrypt-proxy: Unable to set the close on exec flag: [function not implemented]
Hi, Unfortunately many such cases lately in Go software. I think it's due to the syscall removal thing introduced with https://marc.info/?l=openbsd-ports-cvs&m=170057559813269&w=2 because it still works if you build it with a previous revision of Go. On 1/3/24 17:14, Florian Obser wrote: Hi there, dnscrypt-proxy fails thusly on -current: Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: dnscrypt-proxy 2.1.5 Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Network connectivity detected Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Dropping privileges Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Unable to set the close on exec flag: [function not implemented]
dnscrypt-proxy: Unable to set the close on exec flag: [function not implemented]
Hi there, dnscrypt-proxy fails thusly on -current: Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: dnscrypt-proxy 2.1.5 Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Network connectivity detected Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Dropping privileges Jan 3 17:07:29 x395 dnscrypt-proxy[54029]: Unable to set the close on exec flag: [function not implemented] -- In my defence, I have been left unsupervised.
