From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id YF74CFO2NWNDnwAAbAwnHQ (envelope-from ) for ; Thu, 29 Sep 2022 17:14:27 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id 8Gi+BlO2NWMfawEAG6o9tA (envelope-from ) for ; Thu, 29 Sep 2022 17:14:27 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6892017F69 for ; Thu, 29 Sep 2022 17:14:26 +0200 (CEST) Received: from localhost ([::1]:52870 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1odvF3-000596-H6 for larch@yhetil.org; Thu, 29 Sep 2022 11:14:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41972) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1odtNW-0003Xa-2b for guix-patches@gnu.org; Thu, 29 Sep 2022 09:15:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:37529) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1odtNV-0001IV-P1 for guix-patches@gnu.org; Thu, 29 Sep 2022 09:15:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1odtNV-0004Ts-LF for guix-patches@gnu.org; Thu, 29 Sep 2022 09:15:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#57387] [PATCH] gnu: Add restartd. Resent-From: Nicolas Graves Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 29 Sep 2022 13:15:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 57387 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 57387@debbugs.gnu.org Cc: othacehe@gnu.org, maximedevos@telenet.be Received: via spool by 57387-submit@debbugs.gnu.org id=B57387.166445728917191 (code B ref 57387); Thu, 29 Sep 2022 13:15:01 +0000 Received: (at 57387) by debbugs.gnu.org; 29 Sep 2022 13:14:49 +0000 Received: from localhost ([127.0.0.1]:36607 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1odtNI-0004TC-Ku for submit@debbugs.gnu.org; Thu, 29 Sep 2022 09:14:49 -0400 Received: from 4.mo560.mail-out.ovh.net ([87.98.172.75]:47777) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1odtND-0004Sz-Qw for 57387@debbugs.gnu.org; Thu, 29 Sep 2022 09:14:47 -0400 Received: from player746.ha.ovh.net (unknown [10.111.172.14]) by mo560.mail-out.ovh.net (Postfix) with ESMTP id DA2B4260CC for <57387@debbugs.gnu.org>; Thu, 29 Sep 2022 13:14:41 +0000 (UTC) Received: from ngraves.fr (met42-h01-213-44-161-47.dsl.sta.abo.bbox.fr [213.44.161.47]) (Authenticated sender: ngraves@ngraves.fr) by player746.ha.ovh.net (Postfix) with ESMTPSA id 8048B21C37614; Thu, 29 Sep 2022 13:14:38 +0000 (UTC) X-OVh-ClientIp: 213.44.161.47 In-Reply-To: <87edvu1hy9.fsf@ngraves.fr> References: <87edvu1hy9.fsf@ngraves.fr> Date: Thu, 29 Sep 2022 15:14:35 +0200 Message-ID: <87pmfez5j8.fsf@ngraves.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 11115165357162422798 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvfedrfeehtddgieefucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpefhvfevufgjfhffkfggtgfgsehtqhertddttdejnecuhfhrohhmpefpihgtohhlrghsucfirhgrvhgvshcuoehnghhrrghvvghssehnghhrrghvvghsrdhfrheqnecuggftrfgrthhtvghrnheptdelfeegtdevueefhfefveeutdekleeuffevgedugeeugedvjedvfeevtdevffevnecuffhomhgrihhnpehgihhthhhusgdrtghomhdplhgruhhntghhphgrugdrnhgvthdpuggvsghirghnrdhorhhgnecukfhppedtrddtrddtrddtpddvudefrdeggedrudeiuddrgeejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhpohhuthdphhgvlhhopehplhgrhigvrhejgeeirdhhrgdrohhvhhdrnhgvthdpihhnvghtpedtrddtrddtrddtpdhmrghilhhfrhhomhepnhhgrhgrvhgvshesnhhgrhgrvhgvshdrfhhrpdhnsggprhgtphhtthhopedupdhrtghpthhtohepheejfeekjeesuggvsggsuhhgshdrghhnuhdrohhrghdpoffvtefjohhsthepmhhoheeitd X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" Reply-to: Nicolas Graves X-ACL-Warn: , Nicolas Graves via Guix-patches From: Nicolas Graves via Guix-patches via X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1664464466; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=YusyDgjTFgaqIWmg9ZTPWa08vmiYlFsHssttY9V5isE=; b=dzAqhhueGkIMwPCRSPeaYtSln2y5uHBUhy/zt4TqYnRIdk8Z0e78u2e9/2dWUrSvLimerf lMzt2pdjkJd6fwC15R7HbE6wFRikFcY9RAw/fRCQLbvUvARz8nIsQHxpgN1Jg710Ff9JcV +3TyCbaaSjYsILj2m/qLWL7baHDr2xIyI24JR/jdEjdcLSSKyHVJZIhxehyTT+hL7uBP7P tl0abUfPYrK6B/m49qyUEybEVgO5cUGOpiGwL6C2L5/JlXRSZbdsCVe+W/rSRuJNbd5HvF 7uQUOMsLJ1VUQXLO2emG+uPxgAiQjsVxjCfudzmxlmEu7Wq2mc4ylcODLwqcYg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1664464466; a=rsa-sha256; cv=none; b=dwW/s2rw/lCgTDUgTEUBCUsdgfDS5ynxtATmynrrFCEV6LMSE0OTqzjvJNzqDo2IURc9DB k6qEe+SBOmmGNI3EnWwsUAgBEn06fEka1pDbn3rvjfK+wRiSmKx+5H5HKv3YjyLjo1QDqk G1o+QcbQRGf9sJbvw9gAL3gf5Tlyw9hYN1i04z3xuFQpc/nyBZPjy81/zd7okvhxtd6570 uuutzp5L1DpWhlQigPLtp7OQ27ZjzpRm9Sffy0/InKQIcJUSl3/NFrAxtbRGjXltVbzkGU hww2FzIqASY48o/u3FsvXqNbVZpXIRMH2cLU1LMLM/m/RESqi8P+u0hudCammA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.84 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 6892017F69 X-Spam-Score: -2.84 X-Migadu-Scanner: scn0.migadu.com X-TUID: zFL9VJFyLySf * gnu/packages/admin.scm (restartd): New variable. --- gnu/packages/admin.scm | 51 +++ .../patches/restartd-update-robust.patch | 295 ++++++++++++++++++ 2 files changed, 346 insertions(+) create mode 100644 gnu/packages/patches/restartd-update-robust.patch diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 1a213adfdd..c696384211 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -53,6 +53,7 @@ ;;; Copyright =C2=A9 2022 Roman Riabenko ;;; Copyright =C2=A9 2022 Petr Hodina ;;; Copyright =C2=A9 2022 Andreas Rammhold +;;; Copyright =C2=A9 2022 Nicolas Graves ;;; ;;; This file is part of GNU Guix. ;;; @@ -5489,6 +5490,56 @@ (define-public fail2ban mechanisms if you really want to protect services.") (license license:gpl2+))) =20 +(define-public restartd + (let* ((commit "7044125ac55056f2663536f7137170edf92ebd75") + ;; Version is 0.2.4 in the version file in the repo + ;; but not in github tags. + ;; It is released as 0.2.3-1.1 for other distributions. + ;; Probably because of the lack of activity upstream. + (revision "1")) + (package + (name "restartd") + (version (git-version "0.2.3" revision commit)) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/ajraymond/restartd") + (commit commit))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1m1np00b4zvvwx63gzysbi38i5vj1jsjvh2s0p9czl6dzyz582z0")) + (patches (search-patches "restartd-update-robust.patch")))) + (build-system gnu-build-system) + (arguments + (list + #:tests? #f ; no tests + #:make-flags + #~(list (string-append "CC=3D" #$(cc-for-target))) + #:phases + #~(modify-phases %standard-phases + (delete 'configure) + (replace 'install + (lambda _ + (install-file "restartd.conf" (string-append #$output "/et= c")) + (install-file "restartd" (string-append #$output "/sbin")) + (install-file "restartd.8" + (string-append #$output "/share/man/man8")) + (mkdir-p (string-append #$output "/share/man/fr/man8")) + (copy-file + "restartd.fr.8" + (string-append #$output "/share/man/fr/man8/restartd.8"))= ))))) + (home-page "https://launchpad.net/debian/+source/restartd") + (synopsis "Daemon for restarting processes") + (description "This package provides a daemon for checking running an= d not +running processes. It reads the /proc directory every n seconds and does a +POSIX regexp on the process names. The daemon runs an user-provided script +when it detects a program in the running processes, or an alternate script= if +it doesn't detect the program. The daemon can only be called by the root +user, but can use @code{sudo -u user} in the process called if needed.") + (license license:gpl2+)))) + (define-public rex (package (name "rex") diff --git a/gnu/packages/patches/restartd-update-robust.patch b/gnu/packag= es/patches/restartd-update-robust.patch new file mode 100644 index 0000000000..d279ebd8ff --- /dev/null +++ b/gnu/packages/patches/restartd-update-robust.patch @@ -0,0 +1,295 @@ +From 01cd2d15a9bf1109e0e71b3e31b835d63dcf9cd8 Mon Sep 17 00:00:00 2001 +From: Maxime Devos , Yin Kangkai , Sudip Mukherjee +Subject: [PATCH] + +Fix segfault when run as normal user + +Also exit immediately when "restartd -h" +Signed-off-by: Yin Kangkai + +Fix build with gcc-10 + +Bug: https://bugs.debian.org/957761 +Signed-off-by: Sudip Mukherjee + +Handle memory allocation failures. + +This makes the code a little more robust. +Signed-off-by: Maxime Devos + +Handle fopen failures. + +This makes the code a little more robust. What if /var/run does not +exist, or we do not have permission to open +/var/run/restartd.pid (EPERM?) due to SELinux misconfiguration? +Signed-off-by: Maxime Devos + +Handle printf and fprintf failures. + +This makes the code a little more robust. What if the write was +refused to the underlying device being removed? + +The --help, debug and stderr printfs were ignored because there error +handling does not appear important to me. +Signed-off-by: Maxime Devos + +Handle fclose failures when writing. + +This makes the code a little more robust. What if a quotum is exceeded? +Signed-off-by: Maxime Devos +--- + config.c | 19 +++++++++---- + config.h | 14 ++++++---- + restartd.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++------- + 3 files changed, 92 insertions(+), 21 deletions(-) + +diff --git a/config.c b/config.c +index f307b8a..5cc0271 100644 +--- a/config.c ++++ b/config.c +@@ -57,7 +57,11 @@ int read_config(void) + config_process_number =3D 0; +=20 + line1 =3D (char *) malloc(MAX_LINE_LENGTH); ++ if (!line1) ++ oom_failure(); + line2 =3D (char *) malloc(MAX_LINE_LENGTH); ++ if (!line2) ++ oom_failure(); +=20 + if ((config_fd =3D fopen(config_file, "rt")) =3D=3D NULL) { + fprintf(stderr, "Error at opening config file: %s\n", config_file= ); +@@ -155,11 +159,16 @@ void dump_config(void) { + int i; +=20 + for(i=3D0; i + * Copyright (C) 2006 Aur=C3=A9lien G=C3=89R=C3=94ME ++ * Copyright (C) 2022 Maxime Devos + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License +@@ -25,12 +26,12 @@ +=20 + #define DEFAULT_CONFIG "/etc/restartd.conf" +=20 +-int debug; +-int config_process_number; +-int check_interval; +-int foreground; +-struct config_process_type *config_process; +-char *config_file; ++extern int debug; ++extern int config_process_number; ++extern int check_interval; ++extern int foreground; ++extern struct config_process_type *config_process; ++extern char *config_file; +=20 + typedef struct config_process_type { + char name[64]; +@@ -43,5 +44,6 @@ typedef struct config_process_type { +=20 + int read_config(/* char *config_file */); + void dump_config(void); ++void oom_failure(void); +=20 + #endif /* RESTARTD_CONFIG_H */ +diff --git a/restartd.c b/restartd.c +index 2aa720c..aa74334 100644 +--- a/restartd.c ++++ b/restartd.c +@@ -1,6 +1,7 @@ + /* restartd - Process checker and/or restarter daemon + * Copyright (C) 2000-2002 Tibor Koleszar + * Copyright (C) 2006 Aur=C3=A9lien G=C3=89R=C3=94ME ++ * Copyright (C) 2022 Maxime Devos + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License +@@ -35,6 +36,13 @@ +=20 + #include "config.h" +=20 ++int debug; ++int config_process_number; ++int check_interval; ++int foreground; ++struct config_process_type *config_process; ++char *config_file; ++ + /* SIGTERM & SIGHUP handler */ + void got_signal(int sig) + { +@@ -52,6 +60,17 @@ void got_signal(int sig) + } + } +=20 ++/* Ignoring out-of-memory failures is risky on systems without virtual me= mory ++ where additionally at address 0 there is actually something important ++ mapped. Additionally, while often on Linux the OOM killer will kill pr= ocesses ++ where an OOM happens, this is not always the case and there exist othe= r systems ++ without an OOM killer (e.g. the Hurd). */ ++void oom_failure() ++{ ++ syslog(LOG_ERR, "Failed to allocate memory. Exiting."); ++ exit(1); ++} ++ + int main(int argc, char *argv[]) + { + DIR *procdir_id; +@@ -75,15 +94,21 @@ int main(int argc, char *argv[]) +=20 + /* Options */ + config_file =3D strdup(DEFAULT_CONFIG); ++ if (!config_file) ++ oom_failure(); ++ + list_only =3D 0; +=20 + for(i =3D 0; i < argc; i++) { + if (!strcmp(argv[i], "-c") || !strcmp(argv[i], "--config")) { + config_file =3D strdup(argv[i + 1]); ++ if (!config_file) ++ oom_failure(); + } + if (!strcmp(argv[i], "-v") || !strcmp(argv[i], "--version")) { + printf("restard %s - Copyright 2000-2002 Tibor Koleszar \n" +- " Copyright 2006 Aur=C3=A9lien G=C3=89R= =C3=94ME \n", ++ " Copyright 2006 Aur=C3=A9lien G=C3=89R= =C3=94ME \n" ++ " Copyright 2022 Maxime Devos \n", + VERSION); + exit(0); + } +@@ -118,10 +143,13 @@ int main(int argc, char *argv[]) + " -i : the check interval in second\n" + " -l : list configuration options\n" + " -h : help\n\n", VERSION); ++ exit(0); + } + } +=20 + config_process =3D malloc(sizeof(struct config_process_type) * 128); ++ if (!config_process) ++ oom_failure(); +=20=20=20 + read_config(); + if (list_only) { +@@ -133,9 +161,17 @@ int main(int argc, char *argv[]) + config_process_number); +=20=20=20 + procdir_dirent =3D malloc(sizeof(struct dirent)); ++ if (!procdir_dirent) ++ oom_failure(); + proc_cmdline_str =3D (char *) malloc(1024); ++ if (!proc_cmdline_str) ++ oom_failure(); + proc_cmdline_name =3D (char *) malloc(1024); ++ if (!proc_cmdline_name) ++ oom_failure(); + regc =3D malloc(1024); ++ if (!regc) ++ oom_failure(); +=20=20=20 + /* Catch signals */ + signal(SIGTERM, got_signal); +@@ -187,8 +223,19 @@ int main(int argc, char *argv[]) + } +=20 + out_proc =3D fopen("/var/run/restartd.pid", "wt"); +- fprintf(out_proc, "%d", getpid()); +- fclose(out_proc); ++ if (!out_proc) { ++ syslog(LOG_ERR, "Failed to open /var/run/restartd.pid"); ++ return -1; ++ } ++ if (fprintf(out_proc, "%d", getpid()) < 0) { ++ syslog(LOG_ERR, "Failed to write to /var/run/restartd.pid. Exit= ing."); ++ return -1; ++ } ++ if (fclose(out_proc) < 0) { /* errors can happen when flushing th= e buffer */ ++ syslog(LOG_ERR, "Failed to write to /var/run/restartd.pid. Exit= ing."); ++ return -1; ++ } ++ +=20 + while(1) { + if ((procdir_id =3D opendir("/proc")) =3D=3D NULL) { +@@ -237,16 +284,23 @@ int main(int argc, char *argv[]) + now =3D time(NULL); +=20 + out_proc =3D fopen("/var/run/restartd", "wt"); ++ if (!out_proc) { ++ syslog(LOG_ERR, "Failed to open /var/run/restartd.pid"); ++ return -1; ++ } +=20 +- fprintf(out_proc, "%s\n", ctime(&now)); ++ if (fprintf(out_proc, "%s\n", ctime(&now)) < 0) { ++ syslog(LOG_ERR, "Failed to write to /var/run/restartd. Exiti= ng."); ++ return -1; ++ } +=20 + for(i=3D0; i 0) { + if (strlen(config_process[i].running) > 0) { + strcpy(config_process[i].status, "running"); +- syslog(LOG_INFO, "%s is running, executing '%s'", ++ /* syslog(LOG_INFO, "%s is running, executing '%s'= ", + config_process[i].name, +- config_process[i].running); ++ config_process[i].running); */ + system(config_process[i].running); + } else { + strcpy(config_process[i].status, "running"); +@@ -267,12 +321,18 @@ int main(int argc, char *argv[]) + strcpy(config_process[i].status, "not running"); + } +=20 +- fprintf(out_proc, "%-12s %-12s %s\n", +- config_process[i].name, config_process[i].status, +- config_process[i].processes); ++ if (fprintf(out_proc, "%-12s %-12s %s\n", ++ config_process[i].name, config_process[i].sta= tus, ++ config_process[i].processes) < 0) { ++ syslog(LOG_ERR, "Failed to write to /var/run/restartd. = Exiting."); ++ return -1; ++ } + } +=20 +- fclose(out_proc); ++ if (fclose(out_proc) < 0) { ++ syslog(LOG_ERR, "Failed to write to /var/run/restartd.pid. = Exiting."); ++ return -1; ++ } +=20 + sleep(check_interval); + } +--=20 +2.37.3 + --=20 Best regards, Nicolas Graves