tjh.dev
commits
(cherry picked from commit 800a379cb317182722c8cbfe1a9716cd454c32cd)
(cherry picked from commit c5b96ca8016d00794b690a451e8f946b8809aff8)
(cherry picked from commit cc0b3bbcc2a834640df07c341ba7b0853d72592b)
(cherry picked from commit 516f331227d7879c157190f888ad644d8665172d)
stable 51.0.2704.63 => 51.0.2704.103
beta 51.0.2704.63 => 52.0.2743.41
dev 52.0.2743.10 => 53.0.2767.4
This addresses 15 security fixes, including:
* High CVE-2015-1696: Cross-origin bypass in Extension bindings. Credit to
anonymous.
* High CVE-2015-1697: Cross-origin bypass in Blink. Credit to Mariusz
Mlynski.
* Medium CVE-2016-1698: Information leak in Extension bindings. Credit to
Rob Wu.
* Medium CVE-2016-1699: Parameter sanitization failure in DevTools. Credit
to Gregory Panakkal.
* Medium CVE-2016-1700: Use-after-free in Extensions. Credit to Rob Wu.
* Medium CVE-2016-1701: Use-after-free in Autofill. Credit to Rob Wu.
* Medium CVE-2016-1702: Out-of-bounds read in Skia. Credit to cloudfuzzer.
See: http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html
(cherry picked from commit 1f1f0f049b229bfe3a8be11fe4b964d33100c7e4)
Reason: 18 Security fixes for the stable channel.
This is the original pull request plus some commits from me to bring all
channels to the latest versions, because the fixed security
vulnerabilites might not be fixed in the dev version we had before.
I've tested the whole changeset on my Hydra at:
https://headcounter.org/hydra/eval/322006
Thanks to @srp for the initial commit and thus implicitly also for the
security notice.
Cc: @abbradar
(backported from commit b5f95a5303a4bf20b513c2a4f636b82cb588239a)
Reason: Lots of security fixes (see e2d067d)
Overview of the updated versions:
beta: 50.0.2661.49 -> 51.0.2704.47
dev: 51.0.2693.2 -> 52.0.2729.3
It has been a while since we had a major Chromium update that compiled
and worked without troubles, but version 52 builds and the VM tests are
successful as well:
https://headcounter.org/hydra/eval/320335
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit ad2c8d3510eaec68861a610574b09aca45b9cad3)
Reason: 50.0.2661.102 fixes a bunch of security vulnerabilities and
we want to have them fixed in beta/dev as well.
This addresses the following security fixes:
* High CVE-2016-1667: Same origin bypass in DOM. Credit to
Mariusz Mlynski.
* High CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit
to Mariusz Mlynski.
* High CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han.
* Medium CVE-2016-1670: Race condition in loader. Credit to anonymous.
* Medium CVE-2016-1671: Directory traversal using the file scheme on
Android. Credit to Jann Horn.
See: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
Signed-off-by: Scott R. Parish <srparish@gmail.com>
Tested-by: aszlig <aszlig@redmoonstudios.org>
Closes: #15446
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit 5ebf20db0f514ef9c6f08da0bb650a02cb2120fd)
(cherry picked from commit 45a14c873b90023e83cd9a97b642f206da1ac432)
I just tested it builds on x86_64-linux.
(cherry picked from commit cade2f36e556c9defa601e408bd793b21c7d8aca)
Release announcement, 2016-01-30:
https://www.sigrok.org/blog/major-sigrok-releases-libsigrok-libsigrokdecode-sigrok-cli-pulseview
I first tried updating the projects in separate commits. But later I
found cyclic dependencies, that would break git bisect, so I ended up
squashing the commits:
* libsigrok: 0.3.0 -> 0.4.0
Enable building libsigrokcxx.so, the C++ bindings for libsigrok, by
adding doxygen, glibmm and python as build deps. This is needed for
Pulseview >= 0.3.0. Also update the firmware (sigrok-firmware-fx2lafw)
while at it.
* libsigrokdecode: 0.3.0 -> 0.4.0
* sigrok-cli: 0.5.0 -> 0.6.0
* pulseview: 0.2.0 -> 0.3.0
New dependency: glibmm (due to libsigrokcxx.pc from libsigrok).
Note that collectd is incompatible with the new libsigrok release, so
I let it use the old one (0.3.0).
(cherry picked from commit 300e495101245ac3b711415aa8fbb278573cd278)
(cherry picked from commit f768098e3eabf85ab014991d067378b5ac65b14d)
The current URL is broken, upstream has moved the download from .../files/ to
.../files_legacy/. But after fixing that, starting hashcat results in:
$ ./result/bin/hashcat
ERROR: this copy of hashcat is outdated. Get a more recent version.
So just update to latest.
New releases are on github, the license is now MIT and there are build
system changes.
(cherry picked from commit 800042b310d43814837dc4be4dccb152da338f76)
(cherry picked from commit 977cd5de36aa59a24685a730c332a422a62bfa39)
I've built this a lot of times on different machines without getting
compile errors, so I'd assume this to be safe. Of course, the compile
time is very small in comparison to bigger packages but it's still an
annoyance to wait for up to a few minutes, especially during
development.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit 37429a2c74a4dfb141e497a62e608f0dd00a0cb5)
So far it was only possible to run john if you've either copied over the
default configuration over to ~/.john and substitute $JOHN with the
right path or set $JOHN to the store path directly.
Both methods are not really a very good user experience, so we're now
patching in the resulting paths into the default rules/configurations.
This also splits off configuration files into $out/etc/john instead of
putting everything into $out/share/john and now also properly installs
the auxiliary programs into $out/bin.
Closes #8792.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: devhell <"^"@regexmail.net>
Cc: @offlinehacker
(cherry picked from commit 902bcf1422ecabb6efa771505ba5b6b3c76254c8)
It prevents john from running with older CPUs such as Core2Duo and gives
an illegal hardware instruction error on these CPUs.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit cf4e2c426ef7b93926303dc2e878a7368fe62d17)
Cleanups are mostly stylistic, like putting src more to the top (to make
sure it won't be missed on updates of the version attribute) or using
mkdir -p instead of ensureDir.
The most significant change here is that we update the package to
1.8.0-jumbo-1, which is the latest tag available and contains community
updates which were already in magnumripper/JohnTheRipper@93f061bc41652.
We're now also using fetchurl to ensure that we don't need to clone the
whole repository and keep download times low.
And the derivation name is now "john" instead of "JohnTheRipper",
because most users would expect "nix-env -i john" to work.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit 2a1bf2a7769eee1453fbe24d8e37ff1a42cd6bff)
Merges pull request #15275:
This addresses #15226 and fixes killing of processes before
switching from the initrd to the real root.
Right now, the pkill that is issued not only kills user space
processes but also sends a SIGKILL to kernel threads as well.
Usually these threads ignore signals, but some of these processes do
handle signals, like for example the md module, which happened in
#15226.
It also adds a small check for the swraid installer test and a
standalone test which checks on just that problem, so in the future
this shouldn't happen again.
This has been acked by @edolstra on IRC.
The reason I'm merging this to 15.09 is that this branch fixes #15226
and thus also fixes mdraid setups out there.
Tested using the boot-stage1.nix NixOS test against release-15.09.
As @edolstra pointed out that the kernel module might be painful to
maintain. I strongly disagree because it's only a small module and it's
good to have such a canary in the tests no matter how the bootup process
looks like, so I'm going the masochistic route and try to maintain it.
If it *really* becomes too much maintenance burden, we can still drop or
disable kcanary.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
We don't want to push out a channel update whenever this test fails,
because that might have unexpected and confused side effects and it
*really* means that stage 1 of our boot up is broken.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
We already have a small regression test for #15226 within the swraid
installer test. Unfortunately, we only check there whether the md
kthread got signalled but not whether other rampaging processes are
still alive that *should* have been killed.
So in order to do this we provide multiple canary processes which are
checked after the system has booted up:
* canary1: It's a simple forking daemon which just sleeps until it's
going to be killed. Of course we expect this process to not
be alive anymore after boot up.
* canary2: Similar to canary1, but tries to mimick a kthread to make
sure that it's going to be properly killed at the end of
stage 1.
* canary3: Like canary2, but this time using a @ in front of its
command name to actually prevent it from being killed.
* kcanary: This one is a real kthread and it runs until killed, which
shouldn't be the case.
Tested with and without 67223ee and everything works as expected, at
least on my machine.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This is a regression test for #15226, so that the test will fail once we
accidentally kill one or more of the md kthreads (aka: if safe mode is
enabled).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Unfortunately, pkill doesn't distinguish between kernel and user space
processes, so we need to make sure we don't accidentally kill kernel
threads.
Normally, a kernel thread ignores all signals, but there are a few that
do. A quick grep on the kernel source tree (as of kernel 4.6.0) shows
the following source files which use allow_signal():
drivers/isdn/mISDN/l1oip_core.c
drivers/md/md.c
drivers/misc/mic/cosm/cosm_scif_server.c
drivers/misc/mic/cosm_client/cosm_scif_client.c
drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
drivers/staging/rtl8188eu/core/rtw_cmd.c
drivers/staging/rtl8712/rtl8712_cmd.c
drivers/target/iscsi/iscsi_target.c
drivers/target/iscsi/iscsi_target_login.c
drivers/target/iscsi/iscsi_target_nego.c
drivers/usb/atm/usbatm.c
drivers/usb/gadget/function/f_mass_storage.c
fs/jffs2/background.c
fs/lockd/clntlock.c
fs/lockd/svc.c
fs/nfs/nfs4state.c
fs/nfsd/nfssvc.c
While not all of these are necessarily kthreads and some functionality
may still be unimpeded, it's still quite harmful and can cause
unexpected side-effects, especially because some of these kthreads are
storage-related (which we obviously don't want to kill during bootup).
During discussion at #15226, @dezgeg suggested the following
implementation:
for pid in $(pgrep -v -f '@'); do
if [ "$(cat /proc/$pid/cmdline)" != "" ]; then
kill -9 "$pid"
fi
done
This has a few downsides:
* User space processes which use an empty string in their command line
won't be killed.
* It results in errors during bootup because some shell-related
processes are already terminated (maybe it's pgrep itself, haven't
checked).
* The @ is searched within the full command line, not just at the
beginning of the string. Of course, we already had this until now, so
it's not a problem of his implementation.
I posted an alternative implementation which doesn't suffer from the
first point, but even that one wasn't sufficient:
for pid in $(pgrep -v -f '^@'); do
readlink "/proc/$pid/exe" &> /dev/null || continue
echo "$pid"
done | xargs kill -9
This one spawns a subshell, which would be included in the processes to
kill and actually kills itself during the process.
So what we have now is even checking whether the shell process itself is
in the list to kill and avoids killing it just to be sure.
Also, we don't spawn a subshell anymore and use /proc/$pid/exe to
distinguish between user space and kernel processes like in the comments
of the following StackOverflow answer:
http://stackoverflow.com/a/12231039
We don't need to take care of terminating processes, because what we
actually want IS to terminate the processes.
The only point where this (and any previous) approach falls short if we
have processes that act like fork bombs, because they might spawn
additional processes between the pgrep and the killing. We can only
address this with process/control groups and this still won't save us
because the root user can escape from that as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #15226
(cherry picked from commit baf7f98b454cc2d404f119cd6b0eeecae0d5ac44)
[Bjørn: some tweaks needed to apply to release-15.09]
Needed for newer 'cryptography', which is needed to fix build against
latest openssl.
Based on 4b23328e39 ("buildPythonPackage: fix more wheels failures").
(cherry picked from commit a42698d2a496516da08f31cfc7daab3d6f69a0fe)
Probably missed a few. Also adding xauth to the system path (it was
already in the closure).
(cherry picked from commit 9153d8ed640e4df38422cad89a72a43c9df9f057)
(cherry picked from commit 93856f36a26ccd5dfc47d8e3cb7589ab73a785e4)
(cherry picked from commit b2d0886b37bc7a927c98a15430b3be3cbc4f81f7)
I think the name 'listenAddress' is more descriptive. Other NixOS
modules that define 'host' either use it as listen address or as address
a client connects to. listenAddress is unambiguous.
The addition of 'host' was added earlier today[1], so not bothering with
./nixos/modules/rename.nix.
[1]: 44ea18499710049e ("jenkins ci enhancement: add port and prefix option")
(cherry picked from commit c6b251f5d549f8d3dd877d0b086ae4f876bc5a2b)
As named these options enable to specify a bind host and url prefix
to be used by jenkins. Adding these options in the config rather than
using extra arguments allows us to re-use those information in other
services using jenkins such as jenkins-job-builder or a reverse proxy.
(cherry picked from commit 44ea18499710049e165b475a98e04d02252d7533)
* Perform HTTP HEAD request instead of full GET (lighter weight)
* Don't log output of curl to the journal (it's noise/debug)
* Use explicit http:// URL scheme
* Reduce poll interval from 10s to 2s (respond to state changes
quicker). Probably not relevant on boot (lots of services compete for
the CPU), but online service restarts/reloads should be quicker.
* Pass --fail to curl (should be more robust against false positives)
* Use 4 space indent for shell code.
(cherry picked from commit 78b6e8c3199c1ce8ad4744cb90b47e94739083da)
The current postStart code holds Jenkins off the "started" state until
Jenkins becomes idle. But it should be enough to wait until Jenkins
start handling HTTP requests to consider it "started".
More reasons why the current approach is bad and we should remove it,
from @coreyoconnor in
https://github.com/NixOS/nixpkgs/issues/14991#issuecomment-216572571:
1. Repeatedly curling for a specific human-readable string to
determine "Active" is fragile. For instance, what happens when jenkins
is localized?
2. The time jenkins takes to initializes is variable. This (at least
used to) depend on the number of jobs and any plugin upgrades requested.
3. Jenkins can be requested to restart from the UI. Which will not
affect the status of the service. This means that the service being
"active" does not imply jenkins is initialized. Downstream services
cannot assume jenkins is initialized if the service is active. Might
as well accept that and remove the initialized test from service
startup.
Fixes #14991.
(cherry picked from commit 51e5beca4267d4138e9ac8babb744a65f8c4bed0)
(cherry picked from commit d45ac41e8740a96d59860dfe7c404041a2ed962b)
(cherry picked from commit 28232c374687d9ab401ac55e3061bc067d120969)
(cherry picked from commit 03e74fb117a7651e2ea835f0251b9ce05952b184)
(cherry picked from commit 218901bdb680b730d554d461588351624c8f6a77)
(cherry picked from commit d9066cd36fec3116a01ed06df97ee5f365698fb9)
* It grew a couple of extra (hard) dependencies:
libxcb, cups, xkeyboardconfig
* It is also available in native 64-bit version (yay!)
(cherry picked from commit c27de52d39b1963d0b13765db6a20d7c2f56e2d7)
(cherry picked from commit d51a55366efc925d4fbd0bbd3e829cae516766e4)
(cherry picked from commit 0efb1f7963f1eba695a993678ff61b2e651424e4)
(cherry picked from commit 6d7273571c8f71e49e406227206b35312074a714)
(cherry picked from commit 0e1a15f2da786f3e67e15d272febcf4aa7be3b0b)
(cherry picked from commit 33d2f27d959332e38abb7fba9de22cbbc97613a8)
(cherry picked from commit 2ea03ece8647374e02dda0664b8ed510e905a0d5)
(cherry picked from commit 69e828b5a1fc6c9a5dc6f50938a5061a3b209d7c)
(cherry picked from commit 9aa595ef50764049b68ec1091e8d1c874af6c349)
(cherry picked from commit 6efcbd89506590a2d16fc3ca8d540ae3e632e219)
PHP security updates (r15.09 backport)
Squid security fixes (15.09 backport)
squid supplies patches for advisories, but patches for the above advisories applied together don't compile, hence the version bump for stable
sqlite on release-15.09 is too old, use bundled sqlite instead to fix this
build issue:
configure:24978: checking for sqlite3 >= 3.9.1
configure: error: Library requirements (sqlite3 >= 3.9.1) not met; [...]
This is the same fix as in commit 969c67f48cb8cde4c6981cdc644c6ca4e6e4ba57
("firefox: Fix build").
(cherry picked from commit 800a379cb317182722c8cbfe1a9716cd454c32cd)
stable 51.0.2704.63 => 51.0.2704.103
beta 51.0.2704.63 => 52.0.2743.41
dev 52.0.2743.10 => 53.0.2767.4
This addresses 15 security fixes, including:
* High CVE-2015-1696: Cross-origin bypass in Extension bindings. Credit to
anonymous.
* High CVE-2015-1697: Cross-origin bypass in Blink. Credit to Mariusz
Mlynski.
* Medium CVE-2016-1698: Information leak in Extension bindings. Credit to
Rob Wu.
* Medium CVE-2016-1699: Parameter sanitization failure in DevTools. Credit
to Gregory Panakkal.
* Medium CVE-2016-1700: Use-after-free in Extensions. Credit to Rob Wu.
* Medium CVE-2016-1701: Use-after-free in Autofill. Credit to Rob Wu.
* Medium CVE-2016-1702: Out-of-bounds read in Skia. Credit to cloudfuzzer.
See: http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html
(cherry picked from commit 1f1f0f049b229bfe3a8be11fe4b964d33100c7e4)
Reason: 18 Security fixes for the stable channel.
This is the original pull request plus some commits from me to bring all
channels to the latest versions, because the fixed security
vulnerabilites might not be fixed in the dev version we had before.
I've tested the whole changeset on my Hydra at:
https://headcounter.org/hydra/eval/322006
Thanks to @srp for the initial commit and thus implicitly also for the
security notice.
Cc: @abbradar
(backported from commit b5f95a5303a4bf20b513c2a4f636b82cb588239a)
Reason: Lots of security fixes (see e2d067d)
Overview of the updated versions:
beta: 50.0.2661.49 -> 51.0.2704.47
dev: 51.0.2693.2 -> 52.0.2729.3
It has been a while since we had a major Chromium update that compiled
and worked without troubles, but version 52 builds and the VM tests are
successful as well:
https://headcounter.org/hydra/eval/320335
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit ad2c8d3510eaec68861a610574b09aca45b9cad3)
Reason: 50.0.2661.102 fixes a bunch of security vulnerabilities and
we want to have them fixed in beta/dev as well.
This addresses the following security fixes:
* High CVE-2016-1667: Same origin bypass in DOM. Credit to
Mariusz Mlynski.
* High CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit
to Mariusz Mlynski.
* High CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han.
* Medium CVE-2016-1670: Race condition in loader. Credit to anonymous.
* Medium CVE-2016-1671: Directory traversal using the file scheme on
Android. Credit to Jann Horn.
See: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
Signed-off-by: Scott R. Parish <srparish@gmail.com>
Tested-by: aszlig <aszlig@redmoonstudios.org>
Closes: #15446
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit 5ebf20db0f514ef9c6f08da0bb650a02cb2120fd)
Release announcement, 2016-01-30:
https://www.sigrok.org/blog/major-sigrok-releases-libsigrok-libsigrokdecode-sigrok-cli-pulseview
I first tried updating the projects in separate commits. But later I
found cyclic dependencies, that would break git bisect, so I ended up
squashing the commits:
* libsigrok: 0.3.0 -> 0.4.0
Enable building libsigrokcxx.so, the C++ bindings for libsigrok, by
adding doxygen, glibmm and python as build deps. This is needed for
Pulseview >= 0.3.0. Also update the firmware (sigrok-firmware-fx2lafw)
while at it.
* libsigrokdecode: 0.3.0 -> 0.4.0
* sigrok-cli: 0.5.0 -> 0.6.0
* pulseview: 0.2.0 -> 0.3.0
New dependency: glibmm (due to libsigrokcxx.pc from libsigrok).
Note that collectd is incompatible with the new libsigrok release, so
I let it use the old one (0.3.0).
(cherry picked from commit 300e495101245ac3b711415aa8fbb278573cd278)
The current URL is broken, upstream has moved the download from .../files/ to
.../files_legacy/. But after fixing that, starting hashcat results in:
$ ./result/bin/hashcat
ERROR: this copy of hashcat is outdated. Get a more recent version.
So just update to latest.
New releases are on github, the license is now MIT and there are build
system changes.
(cherry picked from commit 800042b310d43814837dc4be4dccb152da338f76)
I've built this a lot of times on different machines without getting
compile errors, so I'd assume this to be safe. Of course, the compile
time is very small in comparison to bigger packages but it's still an
annoyance to wait for up to a few minutes, especially during
development.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit 37429a2c74a4dfb141e497a62e608f0dd00a0cb5)
So far it was only possible to run john if you've either copied over the
default configuration over to ~/.john and substitute $JOHN with the
right path or set $JOHN to the store path directly.
Both methods are not really a very good user experience, so we're now
patching in the resulting paths into the default rules/configurations.
This also splits off configuration files into $out/etc/john instead of
putting everything into $out/share/john and now also properly installs
the auxiliary programs into $out/bin.
Closes #8792.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: devhell <"^"@regexmail.net>
Cc: @offlinehacker
(cherry picked from commit 902bcf1422ecabb6efa771505ba5b6b3c76254c8)
Cleanups are mostly stylistic, like putting src more to the top (to make
sure it won't be missed on updates of the version attribute) or using
mkdir -p instead of ensureDir.
The most significant change here is that we update the package to
1.8.0-jumbo-1, which is the latest tag available and contains community
updates which were already in magnumripper/JohnTheRipper@93f061bc41652.
We're now also using fetchurl to ensure that we don't need to clone the
whole repository and keep download times low.
And the derivation name is now "john" instead of "JohnTheRipper",
because most users would expect "nix-env -i john" to work.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit 2a1bf2a7769eee1453fbe24d8e37ff1a42cd6bff)
Merges pull request #15275:
This addresses #15226 and fixes killing of processes before
switching from the initrd to the real root.
Right now, the pkill that is issued not only kills user space
processes but also sends a SIGKILL to kernel threads as well.
Usually these threads ignore signals, but some of these processes do
handle signals, like for example the md module, which happened in
#15226.
It also adds a small check for the swraid installer test and a
standalone test which checks on just that problem, so in the future
this shouldn't happen again.
This has been acked by @edolstra on IRC.
The reason I'm merging this to 15.09 is that this branch fixes #15226
and thus also fixes mdraid setups out there.
Tested using the boot-stage1.nix NixOS test against release-15.09.
As @edolstra pointed out that the kernel module might be painful to
maintain. I strongly disagree because it's only a small module and it's
good to have such a canary in the tests no matter how the bootup process
looks like, so I'm going the masochistic route and try to maintain it.
If it *really* becomes too much maintenance burden, we can still drop or
disable kcanary.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
We already have a small regression test for #15226 within the swraid
installer test. Unfortunately, we only check there whether the md
kthread got signalled but not whether other rampaging processes are
still alive that *should* have been killed.
So in order to do this we provide multiple canary processes which are
checked after the system has booted up:
* canary1: It's a simple forking daemon which just sleeps until it's
going to be killed. Of course we expect this process to not
be alive anymore after boot up.
* canary2: Similar to canary1, but tries to mimick a kthread to make
sure that it's going to be properly killed at the end of
stage 1.
* canary3: Like canary2, but this time using a @ in front of its
command name to actually prevent it from being killed.
* kcanary: This one is a real kthread and it runs until killed, which
shouldn't be the case.
Tested with and without 67223ee and everything works as expected, at
least on my machine.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Unfortunately, pkill doesn't distinguish between kernel and user space
processes, so we need to make sure we don't accidentally kill kernel
threads.
Normally, a kernel thread ignores all signals, but there are a few that
do. A quick grep on the kernel source tree (as of kernel 4.6.0) shows
the following source files which use allow_signal():
drivers/isdn/mISDN/l1oip_core.c
drivers/md/md.c
drivers/misc/mic/cosm/cosm_scif_server.c
drivers/misc/mic/cosm_client/cosm_scif_client.c
drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
drivers/staging/rtl8188eu/core/rtw_cmd.c
drivers/staging/rtl8712/rtl8712_cmd.c
drivers/target/iscsi/iscsi_target.c
drivers/target/iscsi/iscsi_target_login.c
drivers/target/iscsi/iscsi_target_nego.c
drivers/usb/atm/usbatm.c
drivers/usb/gadget/function/f_mass_storage.c
fs/jffs2/background.c
fs/lockd/clntlock.c
fs/lockd/svc.c
fs/nfs/nfs4state.c
fs/nfsd/nfssvc.c
While not all of these are necessarily kthreads and some functionality
may still be unimpeded, it's still quite harmful and can cause
unexpected side-effects, especially because some of these kthreads are
storage-related (which we obviously don't want to kill during bootup).
During discussion at #15226, @dezgeg suggested the following
implementation:
for pid in $(pgrep -v -f '@'); do
if [ "$(cat /proc/$pid/cmdline)" != "" ]; then
kill -9 "$pid"
fi
done
This has a few downsides:
* User space processes which use an empty string in their command line
won't be killed.
* It results in errors during bootup because some shell-related
processes are already terminated (maybe it's pgrep itself, haven't
checked).
* The @ is searched within the full command line, not just at the
beginning of the string. Of course, we already had this until now, so
it's not a problem of his implementation.
I posted an alternative implementation which doesn't suffer from the
first point, but even that one wasn't sufficient:
for pid in $(pgrep -v -f '^@'); do
readlink "/proc/$pid/exe" &> /dev/null || continue
echo "$pid"
done | xargs kill -9
This one spawns a subshell, which would be included in the processes to
kill and actually kills itself during the process.
So what we have now is even checking whether the shell process itself is
in the list to kill and avoids killing it just to be sure.
Also, we don't spawn a subshell anymore and use /proc/$pid/exe to
distinguish between user space and kernel processes like in the comments
of the following StackOverflow answer:
http://stackoverflow.com/a/12231039
We don't need to take care of terminating processes, because what we
actually want IS to terminate the processes.
The only point where this (and any previous) approach falls short if we
have processes that act like fork bombs, because they might spawn
additional processes between the pgrep and the killing. We can only
address this with process/control groups and this still won't save us
because the root user can escape from that as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #15226
I think the name 'listenAddress' is more descriptive. Other NixOS
modules that define 'host' either use it as listen address or as address
a client connects to. listenAddress is unambiguous.
The addition of 'host' was added earlier today[1], so not bothering with
./nixos/modules/rename.nix.
[1]: 44ea18499710049e ("jenkins ci enhancement: add port and prefix option")
(cherry picked from commit c6b251f5d549f8d3dd877d0b086ae4f876bc5a2b)
As named these options enable to specify a bind host and url prefix
to be used by jenkins. Adding these options in the config rather than
using extra arguments allows us to re-use those information in other
services using jenkins such as jenkins-job-builder or a reverse proxy.
(cherry picked from commit 44ea18499710049e165b475a98e04d02252d7533)
* Perform HTTP HEAD request instead of full GET (lighter weight)
* Don't log output of curl to the journal (it's noise/debug)
* Use explicit http:// URL scheme
* Reduce poll interval from 10s to 2s (respond to state changes
quicker). Probably not relevant on boot (lots of services compete for
the CPU), but online service restarts/reloads should be quicker.
* Pass --fail to curl (should be more robust against false positives)
* Use 4 space indent for shell code.
(cherry picked from commit 78b6e8c3199c1ce8ad4744cb90b47e94739083da)
The current postStart code holds Jenkins off the "started" state until
Jenkins becomes idle. But it should be enough to wait until Jenkins
start handling HTTP requests to consider it "started".
More reasons why the current approach is bad and we should remove it,
from @coreyoconnor in
https://github.com/NixOS/nixpkgs/issues/14991#issuecomment-216572571:
1. Repeatedly curling for a specific human-readable string to
determine "Active" is fragile. For instance, what happens when jenkins
is localized?
2. The time jenkins takes to initializes is variable. This (at least
used to) depend on the number of jobs and any plugin upgrades requested.
3. Jenkins can be requested to restart from the UI. Which will not
affect the status of the service. This means that the service being
"active" does not imply jenkins is initialized. Downstream services
cannot assume jenkins is initialized if the service is active. Might
as well accept that and remove the initialized test from service
startup.
Fixes #14991.
(cherry picked from commit 51e5beca4267d4138e9ac8babb744a65f8c4bed0)
sqlite on release-15.09 is too old, use bundled sqlite instead to fix this
build issue:
configure:24978: checking for sqlite3 >= 3.9.1
configure: error: Library requirements (sqlite3 >= 3.9.1) not met; [...]
This is the same fix as in commit 969c67f48cb8cde4c6981cdc644c6ca4e6e4ba57
("firefox: Fix build").