Re: Case-sensitivity of timezone paths in the installer
Okay, thanks for the clarification. If it's by design, and not all implementations may be case-sensitive, should the installer clarify in case of a user not entering a valid timezone path that paths are case-sensitive? Right now I think it could be made a little clearer that it's looking for an exact match. I know it's not a big deal but changing the error message might make things clearer for some users. Katherine On Sat, May 1, 2021 at 9:55 PM Theo de Raadt wrote: > > Luigi30 wrote: > > > I noticed that timezone paths in the installer step that sets the system > > timezone are case-sensitive to match the paths in /usr/share/zoneinfo. > > (Specifically, it's set_timezone() in > > /usr/src/distrib/miniroot/install.sub.) > > > > It seems like the behavior should be more like: > > > > - Upon entering set_timezone(), it builds its /usr/share/zoneinfo lookup > > table and converts it to lowercase with sed. > > - User enters "America/chicago" or something for the timezone path. > > - The script converts the timezone path to lowercase with sed. > > - The script compares the lowercase path to the /usr/share/zoneinfo table. > > - If there's a match, it uses the properly capitalized path. > > > > As implemented now, the script would only confusingly reply that there > > is no such timezone as America/chicago. > > > > I started working on a fix for this but before I go tilting at windmills, > > is there a technical reason that the script behaves this way? > > Issues with internationalization? Or is it just an oversight? > > I disagree with your assessment and proposal. > > "Do not use names that differ only in case. Although the reference > implementation is case-sensitive, some other implementations are not, > and they would mishandle names differing only in case." > > Timezones are case sensitive. > > We may as well force people to correctly select the name in this > situation, because if they "learn" that lowercase is acceptable in the > installer, they may return to userland and insist that > TZ=America/chicago should work. > > % TZ=America/Chicago date > Sat May 1 21:53:50 CDT 2021 > % TZ=America/chicago date > Sun May 2 02:53:47 GMT 2021 > > As you can see, it does not work.
Re: Case-sensitivity of timezone paths in the installer
Luigi30 wrote: > I noticed that timezone paths in the installer step that sets the system > timezone are case-sensitive to match the paths in /usr/share/zoneinfo. > (Specifically, it's set_timezone() in /usr/src/distrib/miniroot/install.sub.) > > It seems like the behavior should be more like: > > - Upon entering set_timezone(), it builds its /usr/share/zoneinfo lookup > table and converts it to lowercase with sed. > - User enters "America/chicago" or something for the timezone path. > - The script converts the timezone path to lowercase with sed. > - The script compares the lowercase path to the /usr/share/zoneinfo table. > - If there's a match, it uses the properly capitalized path. > > As implemented now, the script would only confusingly reply that there > is no such timezone as America/chicago. > > I started working on a fix for this but before I go tilting at windmills, > is there a technical reason that the script behaves this way? > Issues with internationalization? Or is it just an oversight? I disagree with your assessment and proposal. "Do not use names that differ only in case. Although the reference implementation is case-sensitive, some other implementations are not, and they would mishandle names differing only in case." Timezones are case sensitive. We may as well force people to correctly select the name in this situation, because if they "learn" that lowercase is acceptable in the installer, they may return to userland and insist that TZ=America/chicago should work. % TZ=America/Chicago date Sat May 1 21:53:50 CDT 2021 % TZ=America/chicago date Sun May 2 02:53:47 GMT 2021 As you can see, it does not work.
Re: added support for precompressed static files on httpd(so sorry about my other email that was unreadable)
On Sat, May 01, 2021 at 09:26:39PM +, alloca wrote:
> This patch adds a serve_gzip option. When enabled, If the client requests
> path, then serve path.gz if it exists and the client accepts
> Content-Encoding: gzip.
>
>
man style
> diff -up httpd.orig/config.c httpd/config.c
> --- httpd.orig/config.c Sat May 1 15:03:11 2021
> +++ httpd/config.c Sat May 1 15:45:43 2021
> @@ -568,12 +568,12 @@ config_getserver_config(struct httpd *env, struct serv
> &parent->default_type, sizeof(struct media_type));
> }
>
> - f = SRVFLAG_PATH_REWRITE|SRVFLAG_NO_PATH_REWRITE;
> +/* f = SRVFLAG_PATH_REWRITE|SRVFLAG_NO_PATH_REWRITE;
> if ((srv_conf->flags & f) == 0) {
> srv_conf->flags |= parent->flags & f;
> (void)strlcpy(srv_conf->path, parent->path,
> sizeof(srv_conf->path));
> - }
> + } */
>
> f = SRVFLAG_SERVER_HSTS;
> srv_conf->flags |= parent->flags & f;
> diff -up httpd.orig/httpd.conf.5 httpd/httpd.conf.5
> --- httpd.orig/httpd.conf.5 Sat May 1 15:03:11 2021
> +++ httpd/httpd.conf.5 Sat May 1 16:02:44 2021
> @@ -397,6 +397,13 @@ a browser's preload list.
> Signal to the receiving user agent that this host and all sub domains
> of the host's domain should be considered HSTS hosts.
> .El
> +.It Ic serve_gzip
> +If the client requests
> +.Nm path ,
> +then serve
> +.Nm path.gz
> +if it exists and the client accepts
> +.Nm Content-Encoding: gzip .
> .It Ic listen on Ar address Oo Ic tls Oc Ic port Ar number
> Set the listen address and port.
> This statement can be specified multiple times.
> diff -up httpd.orig/httpd.h httpd/httpd.h
> --- httpd.orig/httpd.h Sat May 1 15:03:11 2021
> +++ httpd/httpd.h Sat May 1 15:41:58 2021
> @@ -390,17 +390,17 @@ SPLAY_HEAD(client_tree, client);
> #define SRVFLAG_SERVER_MATCH 0x0020
> #define SRVFLAG_SERVER_HSTS 0x0040
> #define SRVFLAG_DEFAULT_TYPE 0x0080
> -#define SRVFLAG_PATH_REWRITE 0x0100
> -#define SRVFLAG_NO_PATH_REWRITE 0x0200
> +/* #define SRVFLAG_PATH_REWRITE 0x0100
> +#define SRVFLAG_NO_PATH_REWRITE 0x0200 */
> #define SRVFLAG_LOCATION_FOUND 0x4000
> #define SRVFLAG_LOCATION_NOT_FOUND 0x8000
> -
> +#define SRVFLAG_SERVER_GZIP 0x0100
> #define SRVFLAG_BITS \
> "\10\01INDEX\02NO_INDEX\03AUTO_INDEX\04NO_AUTO_INDEX" \
> "\05ROOT\06LOCATION\07FCGI\10NO_FCGI\11LOG\12NO_LOG" \
> "\14SYSLOG\15NO_SYSLOG\16TLS\17ACCESS_LOG\20ERROR_LOG" \
> "\21AUTH\22NO_AUTH\23BLOCK\24NO_BLOCK\25LOCATION_MATCH" \
> - "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE\31PATH\32NO_PATH" \
> + "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE\31SERVER_GZIP" \
> "\37LOCATION_FOUND\40LOCATION_NOT_FOUND"
>
> #define TCPFLAG_NODELAY 0x01
> @@ -684,7 +684,7 @@ int server_headers(struct client *, void *,
> int (*)(struct client *, struct kv *, void *), void *);
> int server_writeresponse_http(struct client *);
> int server_response_http(struct client *, unsigned int,
> - struct media_type *, off_t, time_t);
> + struct media_type *, off_t, time_t, int);
> void server_reset_http(struct client *);
> void server_close_http(struct client *);
> int server_response(struct httpd *, struct client *);
> diff -up httpd.orig/parse.y httpd/parse.y
> --- httpd.orig/parse.y Sat May 1 15:03:11 2021
> +++ httpd/parse.y Sat May 1 15:48:31 2021
> @@ -138,7 +138,7 @@ typedef struct {
> %token COMBINED CONNECTION DHE DIRECTORY ECDHE ERR FCGI INDEX IP KEY LIFETIME
> %token LISTEN LOCATION LOG LOGDIR MATCH MAXIMUM NO NODELAY OCSP ON PORT
> PREFORK
> %token PROTOCOLS REQUESTS ROOT SACK SERVER SOCKET STRIP STYLE SYSLOG TCP
> TICKET
> -%token TIMEOUT TLS TYPE TYPES HSTS MAXAGE SUBDOMAINS DEFAULT PRELOAD REQUEST
> +%token TIMEOUT TLS TYPE TYPES HSTS SERVE_GZIP MAXAGE SUBDOMAINS DEFAULT
> PRELOAD REQUEST
> %token ERROR INCLUDE AUTHENTICATE WITH BLOCK DROP RETURN PASS REWRITE
> %token CA CLIENT CRL OPTIONAL PARAM FORWARDED FOUND NOT
> %token STRING
> @@ -644,6 +644,9 @@ serveroptsl : LISTEN ON STRING opttls port {
> }
> srv->srv_conf.flags |= SRVFLAG_SERVER_HSTS;
> }
> + | SERVE_GZIP {
> + srv->srv_conf.flags |= SRVFLAG_SERVER_GZIP;
> + }
> ;
>
> optfound : /* empty */ { $$ = 0; }
> @@ -925,23 +928,7 @@ requestflags_l : requestflags optcommanl requestflags_
> | requestflags optnl
> ;
>
> -requestflags : REWRITE STRING {
> - if (strlcpy(srv->srv_conf.path, $2,
> - sizeof(srv->srv_conf.path)) >=
> - sizeof(srv->srv_conf.path)) {
> - yyerror("request path too long");
> - free($2);
> - YYERROR;
> - }
> - free($2);
> - srv->srv_conf.flags |= SRVFLAG_PATH_REWRITE;
> - srv->srv_conf.flags &= ~SRVFLAG_NO_PATH_REWRITE;
> - }
> - | NO REWRITE {
> - srv->srv_conf.flags |= SRVFLAG_NO_PATH_REWRITE;
> - srv->srv_conf.flags &= ~SRVFLAG_PATH_REWRITE;
> - }
> - | STRIP NUMBER {
> +requestflags : STRIP NUMBER {
> if ($2 < 0 || $2 > INT_MAX) {
> yyerror("invalid strip number");
> YYERROR;
> @@ -1431,6 +1418,7 @@ lookup(char *s)
> { "rewrite", REWRITE },
> { "root", ROOT },
> { "sack", SACK },
> + { "serve_gzip", SERVE_GZIP },
> { "server", SERVER },
> { "socket", SOCKET },
> {
Case-sensitivity of timezone paths in the installer
Hi, I noticed that timezone paths in the installer step that sets the system timezone are case-sensitive to match the paths in /usr/share/zoneinfo. (Specifically, it's set_timezone() in /usr/src/distrib/miniroot/install.sub.) It seems like the behavior should be more like: - Upon entering set_timezone(), it builds its /usr/share/zoneinfo lookup table and converts it to lowercase with sed. - User enters "America/chicago" or something for the timezone path. - The script converts the timezone path to lowercase with sed. - The script compares the lowercase path to the /usr/share/zoneinfo table. - If there's a match, it uses the properly capitalized path. As implemented now, the script would only confusingly reply that there is no such timezone as America/chicago. I started working on a fix for this but before I go tilting at windmills, is there a technical reason that the script behaves this way? Issues with internationalization? Or is it just an oversight? Katherine
Cleanup of err(1, "unveil") pattern? Diff for ps.c.
Hi all,
I saw a discussion on here a while ago about the use of patterns like:
if (unveil(some_path, "r") == -1)
err(1, "unveil");
And why that's maybe not preferable for debugging and troubleshooting
purposes for programs which have multiple unveil calls (which happens
fairly often).
Original message here: https://marc.info/?l=openbsd-tech&m=161470144611031&w=2
I would like to try and clean this up if I can. I did the first program
that came up from my grep of the tree - bin/ps/ps.c - as an example to
accompany this mail.
Would this work be of interest if I were to undertake it broadly
across the tree?
2. If so, are there any suggestions/strong feelings with the formatting
of the messages. My included diff shows one possible suggestion.
Comments/suggestions welcome.
Thanks,
Ash
diff --git a/bin/ps/ps.c b/bin/ps/ps.c
index 84be7afe802..3b6593a46a1 100644
--- a/bin/ps/ps.c
+++ b/bin/ps/ps.c
@@ -276,18 +276,18 @@ main(int argc, char *argv[])
errx(1, "%s", errbuf);
if (unveil(_PATH_DEVDB, "r") == -1 && errno != ENOENT)
- err(1, "unveil");
+ err(1, "unveil: _PATH_DEVDB -> %s", _PATH_DEVDB);
if (unveil(_PATH_DEV, "r") == -1 && errno != ENOENT)
- err(1, "unveil");
+ err(1, "unveil: _PATH_DEV -> %s", _PATH_DEV);
if (swapf)
if (unveil(swapf, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil: swapf -> %s", swapf);
if (nlistf)
if (unveil(nlistf, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil: nlistf -> %s", nlistf);
if (memf)
if (unveil(memf, "r") == -1)
- err(1, "unveil");
+ err(1, "unveil: memf -> %s", memf);
if (pledge("stdio rpath getpw ps", NULL) == -1)
err(1, "pledge");
added support for precompressed static files on httpd(so sorry about my other email that was unreadable)
This patch adds a serve_gzip option. When enabled, If the client requests path,
then serve path.gz if it exists and the client accepts Content-Encoding: gzip.
diff -up httpd.orig/config.c httpd/config.c
--- httpd.orig/config.c Sat May 1 15:03:11 2021
+++ httpd/config.c Sat May 1 15:45:43 2021
@@ -568,12 +568,12 @@ config_getserver_config(struct httpd *env, struct serv
&parent->default_type, sizeof(struct media_type));
}
- f = SRVFLAG_PATH_REWRITE|SRVFLAG_NO_PATH_REWRITE;
+/* f = SRVFLAG_PATH_REWRITE|SRVFLAG_NO_PATH_REWRITE;
if ((srv_conf->flags & f) == 0) {
srv_conf->flags |= parent->flags & f;
(void)strlcpy(srv_conf->path, parent->path,
sizeof(srv_conf->path));
- }
+ } */
f = SRVFLAG_SERVER_HSTS;
srv_conf->flags |= parent->flags & f;
diff -up httpd.orig/httpd.conf.5 httpd/httpd.conf.5
--- httpd.orig/httpd.conf.5 Sat May 1 15:03:11 2021
+++ httpd/httpd.conf.5 Sat May 1 16:02:44 2021
@@ -397,6 +397,13 @@ a browser's preload list.
Signal to the receiving user agent that this host and all sub domains
of the host's domain should be considered HSTS hosts.
.El
+.It Ic serve_gzip
+If the client requests
+.Nm path ,
+then serve
+.Nm path.gz
+if it exists and the client accepts
+.Nm Content-Encoding: gzip .
.It Ic listen on Ar address Oo Ic tls Oc Ic port Ar number
Set the listen address and port.
This statement can be specified multiple times.
diff -up httpd.orig/httpd.h httpd/httpd.h
--- httpd.orig/httpd.h Sat May 1 15:03:11 2021
+++ httpd/httpd.h Sat May 1 15:41:58 2021
@@ -390,17 +390,17 @@ SPLAY_HEAD(client_tree, client);
#define SRVFLAG_SERVER_MATCH 0x0020
#define SRVFLAG_SERVER_HSTS 0x0040
#define SRVFLAG_DEFAULT_TYPE 0x0080
-#define SRVFLAG_PATH_REWRITE 0x0100
-#define SRVFLAG_NO_PATH_REWRITE 0x0200
+/* #define SRVFLAG_PATH_REWRITE 0x0100
+#define SRVFLAG_NO_PATH_REWRITE 0x0200 */
#define SRVFLAG_LOCATION_FOUND 0x4000
#define SRVFLAG_LOCATION_NOT_FOUND 0x8000
-
+#define SRVFLAG_SERVER_GZIP 0x0100
#define SRVFLAG_BITS \
"\10\01INDEX\02NO_INDEX\03AUTO_INDEX\04NO_AUTO_INDEX" \
"\05ROOT\06LOCATION\07FCGI\10NO_FCGI\11LOG\12NO_LOG" \
"\14SYSLOG\15NO_SYSLOG\16TLS\17ACCESS_LOG\20ERROR_LOG" \
"\21AUTH\22NO_AUTH\23BLOCK\24NO_BLOCK\25LOCATION_MATCH" \
- "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE\31PATH\32NO_PATH" \
+ "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE\31SERVER_GZIP" \
"\37LOCATION_FOUND\40LOCATION_NOT_FOUND"
#define TCPFLAG_NODELAY 0x01
@@ -684,7 +684,7 @@ int server_headers(struct client *, void *,
int (*)(struct client *, struct kv *, void *), void *);
int server_writeresponse_http(struct client *);
int server_response_http(struct client *, unsigned int,
- struct media_type *, off_t, time_t);
+ struct media_type *, off_t, time_t, int);
void server_reset_http(struct client *);
void server_close_http(struct client *);
int server_response(struct httpd *, struct client *);
diff -up httpd.orig/parse.y httpd/parse.y
--- httpd.orig/parse.y Sat May 1 15:03:11 2021
+++ httpd/parse.y Sat May 1 15:48:31 2021
@@ -138,7 +138,7 @@ typedef struct {
%token COMBINED CONNECTION DHE DIRECTORY ECDHE ERR FCGI INDEX IP KEY LIFETIME
%token LISTEN LOCATION LOG LOGDIR MATCH MAXIMUM NO NODELAY OCSP ON PORT PREFORK
%token PROTOCOLS REQUESTS ROOT SACK SERVER SOCKET STRIP STYLE SYSLOG TCP TICKET
-%token TIMEOUT TLS TYPE TYPES HSTS MAXAGE SUBDOMAINS DEFAULT PRELOAD REQUEST
+%token TIMEOUT TLS TYPE TYPES HSTS SERVE_GZIP MAXAGE SUBDOMAINS DEFAULT
PRELOAD REQUEST
%token ERROR INCLUDE AUTHENTICATE WITH BLOCK DROP RETURN PASS REWRITE
%token CA CLIENT CRL OPTIONAL PARAM FORWARDED FOUND NOT
%token STRING
@@ -644,6 +644,9 @@ serveroptsl : LISTEN ON STRING opttls port {
}
srv->srv_conf.flags |= SRVFLAG_SERVER_HSTS;
}
+ | SERVE_GZIP {
+ srv->srv_conf.flags |= SRVFLAG_SERVER_GZIP;
+ }
;
optfound : /* empty */ { $$ = 0; }
@@ -925,23 +928,7 @@ requestflags_l : requestflags optcommanl requestflags_
| requestflags optnl
;
-requestflags : REWRITE STRING {
- if (strlcpy(srv->srv_conf.path, $2,
- sizeof(srv->srv_conf.path)) >=
- sizeof(srv->srv_conf.path)) {
- yyerror("request path too long");
- free($2);
- YYERROR;
- }
- free($2);
- srv->srv_conf.flags |= SRVFLAG_PATH_REWRITE;
- srv->srv_conf.flags &= ~SRVFLAG_NO_PATH_REWRITE;
- }
- | NO REWRITE {
- srv->srv_conf.flags |= SRVFLAG_NO_PATH_REWRITE;
- srv->srv_conf.flags &= ~SRVFLAG_PATH_REWRITE;
- }
- | STRIP NUMBER {
+requestflags : STRIP NUMBER {
if ($2 < 0 || $2 > INT_MAX) {
yyerror("invalid strip number");
YYERROR;
@@ -1431,6 +1418,7 @@ lookup(char *s)
{ "rewrite", REWRITE },
{ "root", ROOT },
{ "sack", SACK },
+ { "serve_gzip", SERVE_GZIP },
{ "server", SERVER },
{ "socket", SOCKET },
{ "strip", STRIP },
diff -up httpd.orig/server_file.c httpd/server_file.c
--- httpd.orig/server_file.c Sat May 1 15:03:11 2021
+++ httpd/server_file.c Sat May 1 15:40:14 2021
@@ -50,7 +50,7 @@ int server_file_modified_since(struct http_descripto
int server_file_method(struct client *);
int parse_range_spec(char *, size_t, struc
added support for precompressed static files on httpd
This patch adds a serve_gzip option. When enabled, If the client requests path,
then serve path.gz if it exists and the client accepts Content-Encoding: gzip.
diff -up httpd.orig/config.c httpd/config.c
--- httpd.orig/config.c Sat May 1 15:03:11 2021
+++ httpd/config.c Sat May 1 15:45:43 2021
@@ -568,12 +568,12 @@ config_getserver_config(struct httpd *env, struct serv
&parent->default_type, sizeof(struct media_type));
}
- f = SRVFLAG_PATH_REWRITE|SRVFLAG_NO_PATH_REWRITE;
+/* f = SRVFLAG_PATH_REWRITE|SRVFLAG_NO_PATH_REWRITE;
if ((srv_conf->flags & f) == 0) {
srv_conf->flags |= parent->flags & f;
(void)strlcpy(srv_conf->path, parent->path,
sizeof(srv_conf->path));
- }
+ } */
f = SRVFLAG_SERVER_HSTS;
srv_conf->flags |= parent->flags & f;
diff -up httpd.orig/httpd.conf.5 httpd/httpd.conf.5
--- httpd.orig/httpd.conf.5 Sat May 1 15:03:11 2021
+++ httpd/httpd.conf.5 Sat May 1 16:02:44 2021
@@ -397,6 +397,13 @@ a browser's preload list.
Signal to the receiving user agent that this host and all sub domains
of the host's domain should be considered HSTS hosts.
.El
+.It Ic serve_gzip
+If the client requests
+.Nm path ,
+then serve
+.Nm path.gz
+if it exists and the client accepts
+.Nm Content-Encoding: gzip .
.It Ic listen on Ar address Oo Ic tls Oc Ic port Ar number
Set the listen address and port.
This statement can be specified multiple times.
diff -up httpd.orig/httpd.h httpd/httpd.h
--- httpd.orig/httpd.h Sat May 1 15:03:11 2021
+++ httpd/httpd.h Sat May 1 15:41:58 2021
@@ -390,17 +390,17 @@ SPLAY_HEAD(client_tree, client);
#define SRVFLAG_SERVER_MATCH 0x0020
#define SRVFLAG_SERVER_HSTS 0x0040
#define SRVFLAG_DEFAULT_TYPE 0x0080
-#define SRVFLAG_PATH_REWRITE 0x0100
-#define SRVFLAG_NO_PATH_REWRITE 0x0200
+/* #define SRVFLAG_PATH_REWRITE 0x0100
+#define SRVFLAG_NO_PATH_REWRITE 0x0200 */
#define SRVFLAG_LOCATION_FOUND 0x4000
#define SRVFLAG_LOCATION_NOT_FOUND 0x8000
-
+#define SRVFLAG_SERVER_GZIP 0x0100
#define SRVFLAG_BITS \
"\10\01INDEX\02NO_INDEX\03AUTO_INDEX\04NO_AUTO_INDEX" \
"\05ROOT\06LOCATION\07FCGI\10NO_FCGI\11LOG\12NO_LOG" \
"\14SYSLOG\15NO_SYSLOG\16TLS\17ACCESS_LOG\20ERROR_LOG" \
"\21AUTH\22NO_AUTH\23BLOCK\24NO_BLOCK\25LOCATION_MATCH" \
- "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE\31PATH\32NO_PATH" \
+ "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE\31SERVER_GZIP" \
"\37LOCATION_FOUND\40LOCATION_NOT_FOUND"
#define TCPFLAG_NODELAY 0x01
@@ -684,7 +684,7 @@ int server_headers(struct client *, void *,
int (*)(struct client *, struct kv *, void *), void *);
int server_writeresponse_http(struct client *);
int server_response_http(struct client *, unsigned int,
- struct media_type *, off_t, time_t);
+ struct media_type *, off_t, time_t, int);
void server_reset_http(struct client *);
void server_close_http(struct client *);
int server_response(struct httpd *, struct client *);
diff -up httpd.orig/parse.y httpd/parse.y
--- httpd.orig/parse.y Sat May 1 15:03:11 2021
+++ httpd/parse.y Sat May 1 15:48:31 2021
@@ -138,7 +138,7 @@ typedef struct {
%token COMBINED CONNECTION DHE DIRECTORY ECDHE ERR FCGI INDEX IP KEY LIFETIME
%token LISTEN LOCATION LOG LOGDIR MATCH MAXIMUM NO NODELAY OCSP ON PORT PREFORK
%token PROTOCOLS REQUESTS ROOT SACK SERVER SOCKET STRIP STYLE SYSLOG TCP TICKET
-%token TIMEOUT TLS TYPE TYPES HSTS MAXAGE SUBDOMAINS DEFAULT PRELOAD REQUEST
+%token TIMEOUT TLS TYPE TYPES HSTS SERVE_GZIP MAXAGE SUBDOMAINS DEFAULT
PRELOAD REQUEST
%token ERROR INCLUDE AUTHENTICATE WITH BLOCK DROP RETURN PASS REWRITE
%token CA CLIENT CRL OPTIONAL PARAM FORWARDED FOUND NOT
%token STRING
@@ -644,6 +644,9 @@ serveroptsl : LISTEN ON STRING opttls port {
}
srv->srv_conf.flags |= SRVFLAG_SERVER_HSTS;
}
+ | SERVE_GZIP {
+ srv->srv_conf.flags |= SRVFLAG_SERVER_GZIP;
+ }
;
optfound : /* empty */ { $$ = 0; }
@@ -925,23 +928,7 @@ requestflags_l : requestflags optcommanl requestflags_
| requestflags optnl
;
-requestflags : REWRITE STRING {
- if (strlcpy(srv->srv_conf.path, $2,
- sizeof(srv->srv_conf.path)) >=
- sizeof(srv->srv_conf.path)) {
- yyerror("request path too long");
- free($2);
- YYERROR;
- }
- free($2);
- srv->srv_conf.flags |= SRVFLAG_PATH_REWRITE;
- srv->srv_conf.flags &= ~SRVFLAG_NO_PATH_REWRITE;
- }
- | NO REWRITE {
- srv->srv_conf.flags |= SRVFLAG_NO_PATH_REWRITE;
- srv->srv_conf.flags &= ~SRVFLAG_PATH_REWRITE;
- }
- | STRIP NUMBER {
+requestflags : STRIP NUMBER {
if ($2 < 0 || $2 > INT_MAX) {
yyerror("invalid strip number");
YYERROR;
@@ -1431,6 +1418,7 @@ lookup(char *s)
{ "rewrite", REWRITE },
{ "root", ROOT },
{ "sack", SACK },
+ { "serve_gzip", SERVE_GZIP },
{ "server", SERVER },
{ "socket", SOCKET },
{ "strip", STRIP },
diff -up httpd.orig/server_file.c httpd/server_file.c
--- httpd.orig/server_file.c Sat May 1 15:03:11 2021
+++ httpd/server_file.c Sat May 1 15:40:14 2021
@@ -50,7 +50,7 @@ int server_file_modified_since(struct http_descripto
int server_file_method(struct client *);
int parse_range_spec(char *, size_t, struct range *);
int parse_ranges(struct clie
rcctl(8): use modern ksh semantics
Hello,
I've been perusing some of the ksh scripts within /usr/sbin/ and noticed some
differences in coding style and shell syntax usage.
Is there an "official" OpenBSD ksh style guide or a list of recommendations?
For example, syspatch, sysupgrade and sysmerge all use double square brackets
'[[' exclusively and the '((' arithmetic operator where appropriate.
Conversely, /usr/sbin/rcctl seems to use double brackets only for pattern
matching/comparisons, and uses the single square bracket '[' almost exclusively.
Is there a specific reason for this? Are there external requirements/goals that
I'm oblivious to?
To test the waters, I've included a diff below that brings rcctl's usage of
comparison operators in line with that of the other shell scripts in /usr/sbin/.
This diff should apply cleanly against current; I grabbed my copy of rcctl.sh
off of the github mirror a few hours ago.
Does this diff look reasonable? Or should I stop tinkering? These changes
passed my rudimentary testing and also got a clean bill of health from
shellcheck.
Regards,
Jordan
--- a/rcctl.sh Sat May 1 12:07:06 2021
+++ b/rcctl.sh Sat May 1 16:33:30 2021
@@ -40,7 +40,7 @@
needs_root()
{
- [ "$(id -u)" -ne 0 ] && _rc_err "${0##*/}: \"$*\" needs root privileges"
+ (($(id -u) != 0)) && _rc_err "${0##*/}: \"$*\" needs root privileges"
}
rcctl_err()
@@ -55,17 +55,17 @@
cd /etc/rc.d && set -- *
for _s; do
[[ ${_s} == +([[:alnum:]_]) ]] || continue
- [ ! -d "${_s}" ] && echo "${_s}"
+ [[ ! -d ${_s} ]] && echo "${_s}"
done
}
pkg_scripts_append()
{
local _svc=$1
- [ -n "${_svc}" ] || return
+ [[ -n ${_svc} ]] || return
rcconf_edit_begin
- if [ -z "${pkg_scripts}" ]; then
+ if [[ -z ${pkg_scripts} ]]; then
echo pkg_scripts="${_svc}" >>${_TMP_RCCONF}
elif ! echo ${pkg_scripts} | grep -qw -- ${_svc}; then
grep -v "^pkg_scripts.*=" /etc/rc.conf.local >${_TMP_RCCONF}
@@ -77,7 +77,7 @@
pkg_scripts_order()
{
local _svcs="$*"
- [ -n "${_svcs}" ] || return
+ [[ -n ${_svcs} ]] || return
needs_root ${action}
local _pkg_scripts _svc
@@ -99,9 +99,9 @@
pkg_scripts_rm()
{
local _svc=$1
- [ -n "${_svc}" ] || return
+ [[ -n ${_svc} ]] || return
- [ -z "${pkg_scripts}" ] && return
+ [[ -z ${pkg_scripts} ]] && return
rcconf_edit_begin
sed "/^pkg_scripts[[:>:]]/{s/[[:<:]]${_svc}[[:>:]]//g
@@ -129,7 +129,7 @@
rcctl_err "cannot modify ${_TMP_RCCONF}"
cat ${_TMP_RCCONF} >/etc/rc.conf.local || \
rcctl_err "cannot append to /etc/rc.conf.local"
- if [ ! -s /etc/rc.conf.local ]; then
+ if [[ ! -s /etc/rc.conf.local ]]; then
rm /etc/rc.conf.local || \
rcctl_err "cannot remove /etc/rc.conf.local"
fi
@@ -142,19 +142,19 @@
local _svc=$1
_rc_check_name "${_svc}" || return
- [ -x "/etc/rc.d/${_svc}" ] && return
+ [[ -x /etc/rc.d/${_svc} ]] && return
svc_is_special ${_svc}
}
svc_is_base()
{
local _svc=$1
- [ -n "${_svc}" ] || return
+ [[ -n ${_svc} ]] || return
local _cached _ret
_cached=$(eval echo \${cached_svc_is_base_${_svc}})
- [ "${_cached}" ] && return "${_cached}"
+ [[ -n ${_cached} ]] && return "${_cached}"
grep -qw "^${_svc}_flags" /etc/rc.conf
_ret=$?
@@ -166,14 +166,14 @@
svc_is_meta()
{
local _svc=$1
- [ -n "${_svc}" ] || return
+ [[ -n ${_svc} ]] || return
local _cached _ret
_cached=$(eval echo \${cached_svc_is_meta_${_svc}})
- [ "${_cached}" ] && return "${_cached}"
+ [[ -n ${_cached} ]] && return "${_cached}"
- [ -r "/etc/rc.d/${_svc}" ] && ! grep -qw "^rc_cmd" /etc/rc.d/${_svc}
+ [[ -r /etc/rc.d/${_svc} ]] && ! grep -qw "^rc_cmd" /etc/rc.d/${_svc}
_ret=$?
set -A cached_svc_is_meta_${_svc} -- ${_ret}
@@ -183,12 +183,12 @@
svc_is_special()
{
local _svc=$1
- [ -n "${_svc}" ] || return
+ [[ -n ${_svc} ]] || return
local _cached _ret
_cached=$(eval echo \${cached_svc_is_special_${_svc}})
- [ "${_cached}" ] && return "${_cached}"
+ [[ -n ${_cached} ]] && return "${_cached}"
echo ${_special_svcs} | grep -qw -- ${_svc}
_ret=$?
@@ -200,7 +200,7 @@
svc_ls()
{
local _lsarg=$1
- [ -n "${_lsarg}" ] || return
+ [[ -n ${_lsarg} ]] || return
# we do not want to return the "status" nor the rc.d(8) script retcode
local _ret=0 _on _svc _started
@@ -222,8 +222,8 @@
off|on)
for _svc in $(svc_ls all); do
svc_get ${_svc} status && _on=1
- [ "${_lsarg}" = "on" -a -n "${_on}" ] || \
- [ "${_lsarg}" = "off" -a -z "${_on}" ] && \
+ [[ ${_lsarg} == on && -n ${_on} ]] || \
+ [[ ${_lsarg} == off && -z ${_on} ]] && \
echo ${_svc}
unset _on
done
@@ -231,8 +231,8 @@
started|stopped)
Re: added support for precompressed static files on httpd(so sorry about my other email that was unreadable)
alloca writes: > This patch adds a serve_gzip option. When enabled, If the client requests > path, then serve path.gz if it exists and the client accepts > Content-Encoding: gzip. While I believe I understand your objective, your diff has numerous issues. It also seems you've either purposely broken comment blocks or are commenting out sections of existing code. See https://www.openbsd.org/faq/faq5.html#Diff as well as style(9) man page. -dv
Re: /etc/netstart argument handling
On 01/05/21 11:09 Andreas Kusalananda K�h�ri wrote:
> On Fri, Apr 30, 2021 at 09:17:47PM +0200, Tilo Stritzky wrote:
> >
> > /etc/netstart contains the following getopts handler:
> >
> > while getopts ":n" opt; do
> >
> > That colon is just totally bogus, isn't it?
>
> The colon at the start of the optstring has the effect that makes the
> getopts utility silent when unsupported options are used. Instead of
> emitting a diagnostic message ("unknown option"), you'll get a "?" in
> $opt that you can choose to handle yourself (this is taken care of by
> the "*)" case in the code, which calls the "usage" function).
Oh. I was unaware of this functionality.
After a more careful reading of ksh(1) I conclude the code is correct.
> So it's not "totally bogus". The question is whether you want to see
> diagnostic messages from getopts when you call /etc/netstart with
> unsupported options in addition to the usage info or not, and it seems
> you're saying you do want to see such a message.
No, everything is fine. I had a brainfart.
I thank you for setting me straight and I apologise for the noise.
tilo
Re: recv.2 patch
Edgar Pettijohn wrote: > slight wording change. it doesn't return these values it sets errno to > these values... .Fn recv and .Fn recvfrom -may return the following error: +may fail if: .Bl -tag -width Er .It Bq Er EINVAL .Fa len I think it is more accurate the way it is, rather than coping the "will fail if" or "may fail if" wording from other pages. I've been unhappy about this style in other pages for quite a while. They say: ERRORS The open() and openat() functions will fail if: This type of wording describing the situation backwards. The functions do not fail if they return an error code. Rather, they return an error code to indicate they failed. It is the same with recv. recv doesn't return an error, and then "may fail". Rather, it has failed to perform the operation, and that is why it returned the error. This is horse before cart stuff.
recv.2 patch
slight wording change. it doesn't return these values it sets errno to these values... Index: recv.2 === RCS file: /cvs/src/lib/libc/sys/recv.2,v retrieving revision 1.47 diff -u -p -u -r1.47 recv.2 --- recv.2 11 Jan 2019 06:10:13 - 1.47 +++ recv.2 1 May 2021 18:37:19 - @@ -300,7 +300,7 @@ In addition, .Fn recv and .Fn recvfrom -may return the following error: +may fail if: .Bl -tag -width Er .It Bq Er EINVAL .Fa len @@ -310,7 +310,7 @@ was larger than .Pp And .Fn recvmsg -may return one of the following errors: +may fail if: .Bl -tag -width Er .It Bq Er EINVAL The sum of the
libagent: fix agentx_context_object_nfind
The parameters for ax_oid_cmp are swapped.
This fixes the few failing regress tests I just committed.
OK?
martijn@
Index: agentx.c
===
RCS file: /cvs/src/lib/libagentx/agentx.c,v
retrieving revision 1.9
diff -u -p -r1.9 agentx.c
--- agentx.c1 May 2021 16:44:17 - 1.9
+++ agentx.c1 May 2021 16:59:08 -
@@ -675,7 +675,7 @@ agentx_context_object_nfind(struct agent
axo = RB_NFIND(axc_objects, &(axc->axc_objects), &axo_search);
if (!inclusive && axo != NULL &&
- ax_oid_cmp(&(axo_search.axo_oid), &(axo->axo_oid)) <= 0) {
+ ax_oid_cmp(&(axo->axo_oid), &(axo_search.axo_oid)) <= 0) {
axo = RB_NEXT(axc_objects, &(axc->axc_objects), axo);
}
Re: Update the remaining SYSCTL_INT_READONLY cases
> On 1 May 2021, at 19:08, Greg Steuck wrote:
>
> Vitaliy Makkoveev writes:
>
>> On Fri, Apr 30, 2021 at 10:14:31PM -0700, Greg Steuck wrote:
>> Hi, you missing KERN_SYSVMSG, KERN_SYSVSEM, KERN_SYSVSHM variables. The
>> rest diff is ok by me.
>
> Good catch. My search/replace pattern wasn't good enough. Fixed and will
> commit.
>
> Unused, maybe introduce a single usage as an example?
>
Or introduce this with the separate diff which will convert all related
structures?
>>>
>>> I failed to find a case where to use SYSCTL_INT_UNBOUNDED. We always
>>> find better "common sense" limits than completely unconstrained.
>>>
>>
>> I guess it could be killed.
>
> OK?
ok mvs@
>
> From 157e54645ee8e0e36232db5be4f2ddce21a51d38 Mon Sep 17 00:00:00 2001
> From: Greg Steuck
> Date: Sat, 1 May 2021 09:03:07 -0700
> Subject: [PATCH] Removed unused SYSCTL_INT_UNBOUNDED (no use planned)
>
> Added a comment for SYSCTL_INT_READONLY.
> ---
> sys/sys/sysctl.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h
> index d574e2cb028..168c65ecf6d 100644
> --- a/sys/sys/sysctl.h
> +++ b/sys/sys/sysctl.h
> @@ -1000,7 +1000,7 @@ struct sysctl_bounded_args {
> int maximum; /* read-only variable if minimum > maximum */
> };
>
> -#define SYSCTL_INT_UNBOUNDED 0,0
> +/* Special case minimum,maximum marker for sysctl_bounded_args. */
> #define SYSCTL_INT_READONLY 1,0
>
> /*
> --
> 2.31.1
>
Re: Update the remaining SYSCTL_INT_READONLY cases
Vitaliy Makkoveev writes:
> On Fri, Apr 30, 2021 at 10:14:31PM -0700, Greg Steuck wrote:
> Hi, you missing KERN_SYSVMSG, KERN_SYSVSEM, KERN_SYSVSHM variables. The
> rest diff is ok by me.
Good catch. My search/replace pattern wasn't good enough. Fixed and will
commit.
>> >> Unused, maybe introduce a single usage as an example?
>> >>
>> >
>> > Or introduce this with the separate diff which will convert all related
>> > structures?
>>
>> I failed to find a case where to use SYSCTL_INT_UNBOUNDED. We always
>> find better "common sense" limits than completely unconstrained.
>>
>
> I guess it could be killed.
OK?
>From 157e54645ee8e0e36232db5be4f2ddce21a51d38 Mon Sep 17 00:00:00 2001
From: Greg Steuck
Date: Sat, 1 May 2021 09:03:07 -0700
Subject: [PATCH] Removed unused SYSCTL_INT_UNBOUNDED (no use planned)
Added a comment for SYSCTL_INT_READONLY.
---
sys/sys/sysctl.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h
index d574e2cb028..168c65ecf6d 100644
--- a/sys/sys/sysctl.h
+++ b/sys/sys/sysctl.h
@@ -1000,7 +1000,7 @@ struct sysctl_bounded_args {
int maximum; /* read-only variable if minimum > maximum */
};
-#define SYSCTL_INT_UNBOUNDED 0,0
+/* Special case minimum,maximum marker for sysctl_bounded_args. */
#define SYSCTL_INT_READONLY1,0
/*
--
2.31.1
Re: shell manpage tweaks wrt getopt
Christian Weisgerber wrote: > Marc Espie: > > > I would also actually be fairly happy if we changed drastically the way > > sh(1) and ksh(1) look. To me, sh(1) should be the (more or less) standard > > shell documentation, AND ksh(1) should contain the differences/extensions. > > I think that is a terrible idea. Historically the tcsh(1) man page > was like this: only document the extensions to csh, point to csh(1) > for the rest. > > This only makes sense for people who already fully know the base > man page. If you don't, you now have to go back and forth between > two man pages to figure out things. > > Eventually, the tcsh man page was overhauled and now describes the > whole shell, which was a huge improvement in my book. I agree with that. Solving the problem by changing "I have to look at 2 pages" into "I have to look at 2 pages, but interpret the results differently" is not great. Seperate coherent explanations are the best outcome, if it can be done.
Re: shell manpage tweaks wrt getopt
Marc Espie: > I would also actually be fairly happy if we changed drastically the way > sh(1) and ksh(1) look. To me, sh(1) should be the (more or less) standard > shell documentation, AND ksh(1) should contain the differences/extensions. I think that is a terrible idea. Historically the tcsh(1) man page was like this: only document the extensions to csh, point to csh(1) for the rest. This only makes sense for people who already fully know the base man page. If you don't, you now have to go back and forth between two man pages to figure out things. Eventually, the tcsh man page was overhauled and now describes the whole shell, which was a huge improvement in my book. -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: shell manpage tweaks wrt getopt
On Sat, May 01, 2021 at 04:33:08PM +0200, Christian Weisgerber wrote: > Jason McIntyre: > > > - i'm ok with the getopt.1 and ksh.1 parts > > - i'm not ok with the addition to sh.1 > > > > no one has really given a good reason why they think it should go into > > sh.1. i've given a few why i think it should not. > > My understanding is that sh.1 is a subset of ksh.1, describing the > POSIX-standardized functionality. Am I wrong? > that's correct. > ksh.1 has very little in the way of examples, but I think figuring > out the correct getopts idiom is difficult enough to warrant an > example. > > The problem is that if I'm trying to write a portable shell script, > I will refer to sh.1. I will not check ksh.1 for examples. > > But since you are the principal author of sh.1, I'm certainly > deferring to your judgment. > ok, your point is a good one too. i had been trying to keep sh(1) trim. i think the general idea is if you need more of an explanation, it's in ksh(1). but on balance i guess i'm ok with the addition to sh.1 too. jmc
Re: Update the remaining SYSCTL_INT_READONLY cases
On Fri, Apr 30, 2021 at 10:14:31PM -0700, Greg Steuck wrote:
> Vitaliy Makkoveev writes:
>
> > On Thu, Apr 29, 2021 at 09:31:57AM -0700, Greg Steuck wrote:
> >> Alexander Bluhm writes:
> >> >> I like this too. I somehow got the impression that macros are severely
> >> >> frowned upon and didn't offer this kind of interface before.
> >> >>
> >> >> If you get this submitted, I can do a pass through the codebase to be
> >> >> sure we catch them all.
> >>
> >> Vitaliy, I volunteer to do a separate pass, no reason to gate this clear
> >> improvement.
>
> See below. I tested the diff on amd64, i386 seems trivially correct, but
> if somebody feels like testing (or asking me to spin up a VM), we can do
> it.
Hi, you missing KERN_SYSVMSG, KERN_SYSVSEM, KERN_SYSVSHM variables. The
rest diff is ok by me.
>
> >> > diff -u -p -r1.214 sysctl.h
> >> > --- sys/sysctl.h 10 Mar 2021 10:21:47 - 1.214
> >> > +++ sys/sysctl.h 28 Apr 2021 10:04:02 -
> >> > @@ -1000,6 +1000,9 @@ struct sysctl_bounded_args {
> >> > int maximum; /* read-only variable if minimum > maximum */
> >> > };
> >> >
> >> > +#define SYSCTL_INT_UNBOUNDED0,0
> >>
> >> Unused, maybe introduce a single usage as an example?
> >>
> >
> > Or introduce this with the separate diff which will convert all related
> > structures?
>
> I failed to find a case where to use SYSCTL_INT_UNBOUNDED. We always
> find better "common sense" limits than completely unconstrained.
>
I guess it could be killed.
> From 691cf8f4635f22593fe8319055da7aa340a8164b Mon Sep 17 00:00:00 2001
> From: Greg Steuck
> Date: Fri, 30 Apr 2021 21:54:39 -0700
> Subject: [PATCH] Update the remaining SYSCTL_INT_READONLY cases
>
> ---
> sys/arch/amd64/amd64/machdep.c | 8 +++
> sys/arch/i386/i386/machdep.c | 10
> sys/kern/kern_sysctl.c | 44 +-
> sys/miscfs/fuse/fuse_vfsops.c | 8 +++
> sys/ufs/ffs/ffs_vfsops.c | 22 -
> 5 files changed, 46 insertions(+), 46 deletions(-)
>
> diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c
> index 40f68fde765..8c0c456da45 100644
> --- a/sys/arch/amd64/amd64/machdep.c
> +++ b/sys/arch/amd64/amd64/machdep.c
> @@ -475,10 +475,10 @@ extern int amd64_has_xcrypt;
> const struct sysctl_bounded_args cpuctl_vars[] = {
> { CPU_LIDACTION, &lid_action, 0, 2 },
> { CPU_PWRACTION, &pwr_action, 0, 2 },
> - { CPU_CPUID, &cpu_id, 1, 0 },
> - { CPU_CPUFEATURE, &cpu_feature, 1, 0 },
> - { CPU_XCRYPT, &amd64_has_xcrypt, 1, 0 },
> - { CPU_INVARIANTTSC, &tsc_is_invariant, 1, 0 },
> + { CPU_CPUID, &cpu_id, SYSCTL_INT_READONLY },
> + { CPU_CPUFEATURE, &cpu_feature, SYSCTL_INT_READONLY },
> + { CPU_XCRYPT, &amd64_has_xcrypt, SYSCTL_INT_READONLY },
> + { CPU_INVARIANTTSC, &tsc_is_invariant, SYSCTL_INT_READONLY },
> };
>
> /*
> diff --git a/sys/arch/i386/i386/machdep.c b/sys/arch/i386/i386/machdep.c
> index 87c5a0ed6a6..a8a45719ff6 100644
> --- a/sys/arch/i386/i386/machdep.c
> +++ b/sys/arch/i386/i386/machdep.c
> @@ -3560,11 +3560,11 @@ idt_vec_free(int vec)
>
> const struct sysctl_bounded_args cpuctl_vars[] = {
> { CPU_LIDACTION, &lid_action, 0, 2 },
> - { CPU_CPUID, &cpu_id, 1, 0 },
> - { CPU_OSFXSR, &i386_use_fxsave, 1, 0 },
> - { CPU_SSE, &i386_has_sse, 1, 0 },
> - { CPU_SSE2, &i386_has_sse2, 1, 0 },
> - { CPU_XCRYPT, &i386_has_xcrypt, 1, 0 },
> + { CPU_CPUID, &cpu_id, SYSCTL_INT_READONLY },
> + { CPU_OSFXSR, &i386_use_fxsave, SYSCTL_INT_READONLY },
> + { CPU_SSE, &i386_has_sse, SYSCTL_INT_READONLY },
> + { CPU_SSE2, &i386_has_sse2, SYSCTL_INT_READONLY },
> + { CPU_XCRYPT, &i386_has_xcrypt, SYSCTL_INT_READONLY },
> };
>
> /*
> diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
> index 2a41db49833..45cd6471247 100644
> --- a/sys/kern/kern_sysctl.c
> +++ b/sys/kern/kern_sysctl.c
> @@ -292,26 +292,26 @@ extern int uvm_wxabort;
> extern int global_ptrace;
>
> const struct sysctl_bounded_args kern_vars[] = {
> - {KERN_OSREV, &openbsd, 1, 0},
> + {KERN_OSREV, &openbsd, SYSCTL_INT_READONLY},
> {KERN_MAXVNODES, &maxvnodes, 0, INT_MAX},
> {KERN_MAXPROC, &maxprocess, 0, INT_MAX},
> {KERN_MAXFILES, &maxfiles, 0, INT_MAX},
> - {KERN_NFILES, &numfiles, 1, 0},
> - {KERN_TTYCOUNT, &tty_count, 1, 0},
> - {KERN_ARGMAX, &arg_max, 1, 0},
> - {KERN_NSELCOLL, &nselcoll, 1, 0},
> - {KERN_POSIX1, &posix_version, 1, 0},
> - {KERN_NGROUPS, &ngroups_max, 1, 0},
> - {KERN_JOB_CONTROL, &int_one, 1, 0},
> - {KERN_SAVED_IDS, &int_one, 1, 0},
> - {KERN_MAXPARTITIONS, &maxpartitions, 1, 0},
> - {KERN_RAWPARTITION, &raw_part, 1, 0},
> + {KERN_NFILES, &numfiles, SYSCTL_INT_READONLY},
> + {KERN_TTYCOUNT, &tty_count, SYSCTL_INT_READONLY},
> + {KERN_ARGMAX, &arg_max, SYSCTL_INT_READONLY},
> + {KERN_NSELCOLL, &nselcoll, SYSCTL_INT_READONLY},
> + {KERN_POSIX1, &posix_version,
ftpd(8): remove useless islower(3) in upper()
Hi,
This cleanup diff, removes a useless if islower(3) from the loop. It is
guarantee by toupper(3) that no character will be changed if its not a
lower one.
man toupper(3):
The toupper() and toupper_l() functions convert a lower-case letter
to the corresponding upper-case letter. The _toupper() function is
identical to toupper() except that c must be a lower-case letter.
POSIX:
...
All other arguments in the domain are returned unchanged.
...
OK?
bye,
Jan
Index: ftpcmd.y
===
RCS file: /cvs/src/libexec/ftpd/ftpcmd.y,v
retrieving revision 1.69
diff -u -p -r1.69 ftpcmd.y
--- ftpcmd.y4 Mar 2020 20:17:48 - 1.69
+++ ftpcmd.y1 May 2021 09:09:46 -
@@ -1435,10 +1435,8 @@ upper(s)
{
char *p;
- for (p = s; *p; p++) {
- if (islower((unsigned char)*p))
- *p = (char)toupper((unsigned char)*p);
- }
+ for (p = s; *p; p++)
+ *p = (char)toupper((unsigned char)*p);
}
static void
Re: shell manpage tweaks wrt getopt
Jason McIntyre: > - i'm ok with the getopt.1 and ksh.1 parts > - i'm not ok with the addition to sh.1 > > no one has really given a good reason why they think it should go into > sh.1. i've given a few why i think it should not. My understanding is that sh.1 is a subset of ksh.1, describing the POSIX-standardized functionality. Am I wrong? ksh.1 has very little in the way of examples, but I think figuring out the correct getopts idiom is difficult enough to warrant an example. The problem is that if I'm trying to write a portable shell script, I will refer to sh.1. I will not check ksh.1 for examples. But since you are the principal author of sh.1, I'm certainly deferring to your judgment. -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: /etc/netstart argument handling
On Fri, Apr 30, 2021 at 09:17:47PM +0200, Tilo Stritzky wrote:
>
> /etc/netstart contains the following getopts handler:
>
> while getopts ":n" opt; do
>
> That colon is just totally bogus, isn't it?
The colon at the start of the optstring has the effect that makes the
getopts utility silent when unsupported options are used. Instead of
emitting a diagnostic message ("unknown option"), you'll get a "?" in
$opt that you can choose to handle yourself (this is taken care of by
the "*)" case in the code, which calls the "usage" function).
So it's not "totally bogus". The question is whether you want to see
diagnostic messages from getopts when you call /etc/netstart with
unsupported options in addition to the usage info or not, and it seems
you're saying you do want to see such a message.
>
>
> tilo
>
> Index: netstart
> ===
> RCS file: /cvs/src/etc/netstart,v
> retrieving revision 1.211
> diff -u -p -r1.211 netstart
> --- netstart 23 Dec 2020 17:22:07 - 1.211
> +++ netstart 30 Apr 2021 19:14:01 -
> @@ -233,7 +233,7 @@ PRINT_ONLY=false
> V4_DHCPCONF=false
> V6_AUTOCONF=false
>
> -while getopts ":n" opt; do
> +while getopts n opt; do
> case $opt in
> n) PRINT_ONLY=true;;
> *) usage;;
--
Andreas (Kusalananda) Kähäri
SciLifeLab, NBIS, ICM
Uppsala University, Sweden
.
Re: rpki-client delay deletes also for RRDP repos
Claudio Jeker wrote: > > So, that would suggest some sort of lockout against running multiple > > rpki-client with the correct termination strategy. I don't believe we > > have such a thing right now. We have the timeout, to ensure rpki-client > > doesn't run too long which may prevent simultaneous runs, but I'm not > > sure it covers all cases (imagine a weird case where two rpki-client are > > "unintentionally" started at the same time) > > > > We currently depend on cron to do the right thing and not start two > rpki-client at the same time. I would prefer to leave it up to cron (or > whatever other method people use to run rpki-client) and not add > complicated locking into rpki-client itself. That is unrealistic. To diagnose a problem, someone will run rpki-client by hand on machine which has it enabled in cron.
Re: softraid(4) crypto/raid1c refactoring
Hi Stefan, * Stefan Sperling wrote: > Refactor softraid crypto code to allow use of a discipline-specific data > structure for RAID1C volumes, as requested by jsing@ during review of my > initial RAID1C patch. > > This patch should effectively be a cosmetic change. > The whole point of this patch is to allow the data structure changes > made here in softraidvar.h. > > It works in my testing but more testing would be very welcome, given > that this touches the disk I/O path of machines using softraid crypto. I tested the patch on an Thinkpad X250 with two softraid encrypted disks (one containing all partitions except /home, the other one solely for /home mounted with rc.local). Cold and warm reboots work, suspend2ram works). Cheers Matthias OpenBSD 6.9-current (GENERIC.MP) #2: Sat May 1 10:47:45 CEST 2021 x...@epsilon.xosc.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17059979264 (16269MB) avail mem = 16527515648 (15761MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xacbfd000 (64 entries) bios0: vendor LENOVO version "N10ET61W (1.40 )" date 03/17/2020 bios0: LENOVO 20CM004VMN acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC ASF! HPET ECDT APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT UEFI MSDM BATB FPDT UEFI BGRT DMAR acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2095.44 MHz, 06-3d-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2095.16 MHz, 06-3d-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 acpicmos0 at acpi0 acpibat0 at acpi0: BAT0 model "45N1113" serial 1370 type LION oem "LGC" acpibat1 at acpi0: BAT1 model "45N1735" serial 745 type LION oem "LGC" acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0: version 1.0 "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured "INT340F" at acpi0 not configured acpicpu0 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1 acpipwrres1 at acpi0: NVP3, resource for PEG_ acpipwrres2 at acpi0: NVP2, resource for PEG_ acpitz0 at acpi0: critical temperature is 128 degC acpivideo0 at acpi0: VID_ acpivout0 at acpivideo0: LCD0 acpivideo1 at acpi0: VID_ cpu0: using VERW MDS workaround (except on vmm entry) cpu0: Enhanced SpeedStep 2095 MHz: speeds: 2201, 2200, 2100, 2000, 1800, 1700, 1600, 1500, 1300, 1200, 1100, 1000, 900, 700, 600, 500 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 5G Host" rev 0x09 inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 5500" rev 0x09 drm0 at inteldrm0 inteldrm0: msi, BROADWELL, gen 8 azalia0 at pci0 dev 3 function 0 "Intel Core 5G HD Audio" rev 0x09: msi azalia0: No codecs found xhci0 at pci0 dev 20 function 0 "Intel 9 Series xHCI" rev 0x03: msi, xHCI 1.0 usb0 at xhci0: USB revision 3.0 uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev
Re: rpki-client delay deletes also for RRDP repos
On Fri, Apr 30, 2021 at 10:58:25PM -0600, Theo de Raadt wrote: > Sebastian Benoit wrote: > > > Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.04.29 15:34:15 +0200: > > > Like for rsync repos files in the RRDP repos should be delayed until after > > > the validation finished. As with anything RPKI related there is little > > > trust in the repositories and their abilities to not botch an update. > > This is also working nicely for me. > > > You could get a file listing at the start and then remove files from the > > list that are referenced, at the end you delete the ones left. > > That isn't an unreasonable idea. > > If we go that way, we might need to be careful of >1 rpki-client running > against the same repo, because they can confuse their filesystem. Most > of these cases will lead to rpki-client aborting since it is pretty paranoid > about inconsistancy in the filesystem, but I'm not sure if all potential > weirdness > can be anticipated and handled. > > So, that would suggest some sort of lockout against running multiple > rpki-client with the correct termination strategy. I don't believe we > have such a thing right now. We have the timeout, to ensure rpki-client > doesn't run too long which may prevent simultaneous runs, but I'm not > sure it covers all cases (imagine a weird case where two rpki-client are > "unintentionally" started at the same time) > We currently depend on cron to do the right thing and not start two rpki-client at the same time. I would prefer to leave it up to cron (or whatever other method people use to run rpki-client) and not add complicated locking into rpki-client itself. -- :wq Claudio
Re: rpki-client delay deletes also for RRDP repos
On Sat, May 01, 2021 at 12:14:22AM +0200, Sebastian Benoit wrote: > Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.04.29 15:34:15 +0200: > > Like for rsync repos files in the RRDP repos should be delayed until after > > the validation finished. As with anything RPKI related there is little > > trust in the repositories and their abilities to not botch an update. > > > > One thing I'm not sure is what should happen if a file is supposed to be > > removed but is still referenced by some other file. For now this fact is > > logged and the file is kept in the repo. I'm unsure about keeping the > > fine with me, ok benno@ > > > file, it feels like the right move but may result in unreferenced files > > piling up in the rrdp repo dirs. > > > > There is no way to detect stale files in RRDP repos (apart from removing > > all files and fetching a snapshot). So until RRDP grows up to a real sync > > protocol the only thing one can do is to provide a large enough partition > > and to remove the cache from time to time. > > You could get a file listing at the start and then remove files from the > list that are referenced, at the end you delete the ones left. That does not work because when updating via RRDP deltas there is no full list of available files transferred. So if a file is removed the next RRDP run will not restore the file (like rsync does). So if a repo adds an unreferenced file and then a few deltas later change another file to point to that one the validation will fail because the file is missing. The sync mechanism in RRDP is weak and requires to start fresh from a snapshot from time to time. The problem is that rpki-client will do the same merge game for deltas and snapshots so unless you remove the rrdp cache old file will hang around. -- :wq Claudio
