NEW: sysutils/dinit

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

NEW: sysutils/dinit

Edd Barrett-3
Hi all,

Here's a port of Dinit: a process supervisor.

I've been using this to run things that I want to run in the background
as me:

---8<---
$ dinitctl list
[{+}     ] boot
[{+}     ] mail-loop (pid: 10728)
[{+}     ] syncthing (pid: 6734)
[{+}     ] mpd (pid: 82135)
$ dinitctl stop mpd
Service stopped.
$ dinitctl list    
[{+}     ] boot
[{+}     ] mail-loop (pid: 10728)
[{+}     ] syncthing (pid: 6734)
[     {-}] mpd
$ kill 6734  # Pretend syncthing crashed.
$ dinitctl list
[{+}     ] boot
[{+}     ] mail-loop (pid: 10728)
[{+}     ] syncthing (pid: 96866)
[     {-}] mpd
--->8---

I've supplied a rc script in case anyone wishes to manage system-wide
services using it. Note that the system-wide instance runs as root so
that it can start services which need root permissions for whatever
reason. I've added a note to that effect in the README.

Comments? OK?

--
Best Regards
Edd Barrett

http://www.theunixzoo.co.uk

dinit.tgz (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: NEW: sysutils/dinit

Theo de Raadt-2
It is such an amazing business-friendly but risk-ignorant pattern to
simply restart software that has failed.

It's like you keep flying a plane that falls out of the sky twice,
rather than cease operation, figure out what is wrong, and fix it before
continuing.

Edd Barrett <[hidden email]> wrote:

> Hi all,
>
> Here's a port of Dinit: a process supervisor.
>
> I've been using this to run things that I want to run in the background
> as me:
>
> ---8<---
> $ dinitctl list
> [{+}     ] boot
> [{+}     ] mail-loop (pid: 10728)
> [{+}     ] syncthing (pid: 6734)
> [{+}     ] mpd (pid: 82135)
> $ dinitctl stop mpd
> Service stopped.
> $ dinitctl list    
> [{+}     ] boot
> [{+}     ] mail-loop (pid: 10728)
> [{+}     ] syncthing (pid: 6734)
> [     {-}] mpd
> $ kill 6734  # Pretend syncthing crashed.
> $ dinitctl list
> [{+}     ] boot
> [{+}     ] mail-loop (pid: 10728)
> [{+}     ] syncthing (pid: 96866)
> [     {-}] mpd
> --->8---
>
> I've supplied a rc script in case anyone wishes to manage system-wide
> services using it. Note that the system-wide instance runs as root so
> that it can start services which need root permissions for whatever
> reason. I've added a note to that effect in the README.
>
> Comments? OK?
>
> --
> Best Regards
> Edd Barrett
>
> http://www.theunixzoo.co.uk

Reply | Threaded
Open this post in threaded view
|

Re: NEW: sysutils/dinit

Stuart Henderson
In reply to this post by Edd Barrett-3
On 2019/05/30 16:56, Edd Barrett wrote:

> Hi all,
>
> Here's a port of Dinit: a process supervisor.
>
> I've been using this to run things that I want to run in the background
> as me:
>
> ---8<---
> $ dinitctl list
> [{+}     ] boot
> [{+}     ] mail-loop (pid: 10728)
> [{+}     ] syncthing (pid: 6734)
> [{+}     ] mpd (pid: 82135)
> $ dinitctl stop mpd
> Service stopped.
> $ dinitctl list    
> [{+}     ] boot
> [{+}     ] mail-loop (pid: 10728)
> [{+}     ] syncthing (pid: 6734)
> [     {-}] mpd
> $ kill 6734  # Pretend syncthing crashed.
> $ dinitctl list
> [{+}     ] boot
> [{+}     ] mail-loop (pid: 10728)
> [{+}     ] syncthing (pid: 96866)
> [     {-}] mpd
> --->8---
>
> I've supplied a rc script in case anyone wishes to manage system-wide
> services using it. Note that the system-wide instance runs as root so
> that it can start services which need root permissions for whatever
> reason. I've added a note to that effect in the README.
>
> Comments? OK?
>
> --
> Best Regards
> Edd Barrett
>
> http://www.theunixzoo.co.uk



There's a proper release tarball on the github releases page, please use
that instead of the autogenerated one

https://github.com/davmac314/dinit/releases/download/v0.5.1/dinit-0.5.1.tar.xz

Reply | Threaded
Open this post in threaded view
|

Re: NEW: sysutils/dinit

Edd Barrett-3
In reply to this post by Theo de Raadt-2
On Thu, May 30, 2019 at 10:00:12AM -0600, Theo de Raadt wrote:
> It is such an amazing business-friendly but risk-ignorant pattern to
> simply restart software that has failed.

It's all configurable, so if that isn't the desired behaviour, then omit
the `restart` line from the service description. Not restarting is the
default.

My example was just for demonstration purposes :)

--
Best Regards
Edd Barrett

http://www.theunixzoo.co.uk

Reply | Threaded
Open this post in threaded view
|

Re: NEW: sysutils/dinit

Theo de Raadt-2
Edd Barrett <[hidden email]> wrote:

> On Thu, May 30, 2019 at 10:00:12AM -0600, Theo de Raadt wrote:
> > It is such an amazing business-friendly but risk-ignorant pattern to
> > simply restart software that has failed.
>
> It's all configurable, so if that isn't the desired behaviour, then omit
> the `restart` line from the service description. Not restarting is the
> default.
>
> My example was just for demonstration purposes :)

That's not true.  You are simply demonstrating precisely why people use
such software.

I'm just making it clear the practice of restarting-services before
determining whether the failure is exploitation related, stands 100% in
opposition to security of service deployment.

In the zeal for high-availability, insecure configuration is considered
acceptable.  Wait not just acceptable, it's cheered as being state of the
art...


Reply | Threaded
Open this post in threaded view
|

Re: NEW: sysutils/dinit

Edd Barrett-3
In reply to this post by Stuart Henderson
On Thu, May 30, 2019 at 05:41:51PM +0100, Stuart Henderson wrote:
> There's a proper release tarball on the github releases page, please use
> that instead of the autogenerated one
>
> https://github.com/davmac314/dinit/releases/download/v0.5.1/dinit-0.5.1.tar.xz

Thanks Stuart. Attached is an updated tarball.

Diff to last:
https://github.com/jasperla/openbsd-wip/commit/595c193d98e824f3011a592e3ab0fa028db7d3fc

OK?

P.S.

I noticed 3 ports manually setting MASTER_SITES=${MASTER_SITES_GITHUB}:

lang/nqp/Makefile
lang/rakudo/Makefile
net/iperf3/Makefile

I think those lines can be killed, since when you use GH_* that step is
automatic?

--
Best Regards
Edd Barrett

http://www.theunixzoo.co.uk

dinit-1.tgz (3K) Download Attachment