Age | Commit message (Collapse) | Author |
|
The "/* flags = AT_SYMLINK_NOFOLLOW */" comment only works if
it comes AFTER the semicolon in wrapfuncs.in. Who knew? Fix
those. Also rename the "flags" arguments for *setxattr() to
"xflags" to avoid any confusion about the flags variable.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Was using the length of the name instead of the length of the
value on insert, but not on update, so initial settings of values
were busted often.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
The xattr first-pass implementation was allocating a buffer to
hold the name and value for a set operation, then pseudo_client was
allocating *another* buffer to hold the path and those two values.
pseudo_client_op develops more nuanced argument handling, and also
uses a static buffer for the extended paths it sometimes needs. So
for the typical use case, only occasional operations will need to
reallocate/expand the buffer, and we'll be down to copying things
into that buffer once per operation, instead of having two alloc/free
pairs and two copies.
And of course, that wasn't two alloc/free pairs, it was one alloc/free
pair and one alloc without a free. Whoops.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
In the fairly common case where someone is using
setxattr() to specify the "posix_acl_access" attribute, but in fact
the ACL list specified can be fully represented in a plain old mode,
we intercept the request and just do a chmod. Even if the request
can't be fully represented, we try to represent any aspects of it that
we can in the plain old mode.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Issue #1: If an operation came in for an item with no path
provided by the wrapper, the client would not construct the
combined "path" value. Fixed, and missing paths are now
consistently handled as 0-byte paths.
Issue #2: The database code was assuming the values were
strings, and ignoring a specified length.
Issue #3: The computation of the length of the stored value
was off by one, because it was including the extra terminating
null the client added in case the value was a path.
With this in place, "cp -a" on CentOS is consistently
duplicating the system.posix_acl_access fields as expected,
but unfortunately not handling their permissions too.
(Intent is to translate a system.posix_acl_access setxattr
into corresponding permissions whenever possible.)
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Initial, incomplete, support for extended attributes. Extended
attributes are implemented fairly naively, using a second table
in the file database using the primary file table's id as a
foreign key. The ON DELETE CASCADE behavior requires sqlite 3.6.19
or later with foreign key and trigger support compiled in.
To reduce round-trips, the client does not check for existing
attributes, but rather, sends three distinct set messages;
OP_SET_XATTR, OP_CREATE_XATTR, OP_REPLACE_XATTR. A SET message
always succeeds, a CREATE fails if the attribute already
exists, and a REPLACE fails if the attribute does not already
exist.
The /* flags */ feature of makewrappers is used to correct
path names appropriately, so all functions are already working
with complete paths, and can always use functions that work
on links; if they were supposed to dereference, the path
fixup code got that.
The xattr support is enabled, for now, conditional on
whether getfattr --help succeeds.
Not yet implemented: Translation for system.posix_acl_access,
which is used by "cp -a" (or "cp --preserve-all") on some
systems to try to copy modes.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
When invoked as a non-daemon, either with a command or to get a
shell, shut the server down automatically. This is currently
implemented by sending a shutdown request; I also considered
adding an environment flag for "shut down when there's no clients",
but this was simpler.
Main reason this is useful: In development, it's often the case
that I want to run a single command under pseudo, then check
the database directly with sqlite.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Ports can provide pseudo_wrappers.c or portdefs.h, and individual
functions have implementations. These dependencies aren't known until
post-configure. Make the Makefile include two sub-Makefiles which can
be updated by makewrappers.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
|
|
|
|
|
|
|
|
In some cases, we'd rather pseudo fail than fall back to using
/etc/passwd or /etc/group. Make the determination of what to fall
back to when neither PSEUDO_PASSWD nor a chroot directory contains
passwd/group files controllable by a configure-time flag, controlled
by --with-passwd-fallback= or --without-passwd-fallback.
|
|
|
|
|
|
|
|
|
|
This is a moderately intrusive change. The basic overall effect:
Debugging messages are now controlled, not by a numeric "level",
but by a series of flags, which are expressed as a string of
letters. Each flag has a single-letter form used for string
specifications, a name, a description, a numeric value (1 through N),
and a flag value (which is 1 << the numeric value). (This does mean
that no flag has the value 1, so we only have 31 bits available.
Tiny violins play.)
The other significant change is that the pseudo_debug calls
are now implemented with a do/while macro containing a conditional,
so that computationally-expensive arguments are never evaluated
if the corresponding debug flags weren't set. The assumption is
that in the vast majority of cases (specifically, all of them
so far) the debug flags for a given call are a compile-time constant,
so the nested conditional will never actually show up in code
when compiled with optimization; we'll just see the appropriate
conditional test.
The VERBOSE flag is magical, in that if the VERBOSE flag is
used in a message, the debug flags have to have both VERBOSE and
at least one other flag for the call to be made.
This should dramatically improve performance for a lot of cases
without as much need for PSEUDO_NDEBUG, and improve the ability of
users to get coherent debugging output that means something and is
relevant to a given case.
It's also intended to set the stage for future development work
involving improving the clarity and legibility of pseudo's diagnostic
messages in general.
Old things which used numeric values for PSEUDO_DEBUG will sort
of continue to work, though they will almost always be less verbose
than they used to. There should probably be a pass through adding
"| PDBGF_CONSISTENCY" to a lot of the messages that are specific
to some other type.
|
|
No idea how this survived so long, but the clone() syscall
prototype on RHEL 4.7 doesn't have the "..." for additional
arguments, so we can't pass them. Also had unused variables
that would otherwise have been being filled in from va_args
and passed. But there's no extra args to pass.
Interestingly, this contradicts the clone() man page in
RHEL 4.7. If you have problems with clone() there, that's
probably why.
|
|
|
|
|
|
Some filesystems have buggy semantics where stat(2) will return incorrect
sizes for files for a while after some changes, sometimes, unless they've
been fsync'd. We still want to disable fsync most of the time, but enabling
it for specific programs can be useful.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
|
|
Darwin's off_t is a 64-bit type, so there's no off64_t. Also,
there's an uninitialized variable usage in unlinkat which LLVM
catches.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Most pseudo operations don't actually USE the server's response. So
why wait for a response?
This patch introduces a new message type, PSEUDO_MSG_FASTOP. It
also tags pseudo operation types with whether or not they need to
give a response. This requires updates to maketables to allow non-string
types for additional columns, and the addition of some quotes to the
SQL query enums/query_type.in table.
A few routines are altered to change their behavior and whether or not
they perform a stat operation. The only operations that do wait are
OP_FSTAT and OP_STAT, OP_MKNOD, and OP_MAY_UNLINK. Rationale:
You can't query the server for replacement information and not wait for
it. Makes no sense.
There's extra checking in mknod, because we really do want to fail out
if we couldn't do that -- that implies that we haven't created a thing
that will look like a node.
The result from OP_MAY_UNLINK is checked because it's used to determine
whether we need to send a DID_UNLINK or CANCEL_UNLINK. It might be cheaper
to send two messages without waiting than to send one, wait, and maybe
send another, but I don't want to send invalid messages.
This is highly experimental.
|
|
The openembedded build, at least with RPM or SMART, is heavily affected
by the cost of calling fsync or fdatasync on package databases all the
time. Gosh, wouldn't it be nice if we could suppress that without making
dozens of highly intrusive and risky changes into RPM, various database
packages, and so on?
Yes, yes it would. If only there were a program which could intercept
system calls and change their behavior!
Enter --enable-force-async. There are now wrappers for fsync, fdatasync,
and a few related functions. If --enable-force-async is set, these wrappers
instantly return 0, even if PSEUDO_DISABLED is set. And with any luck,
bitbake will now perform a bit better.
Credit for this insight goes to Richard Purdie. I've reimplemented
this to add the configure option, and make the fsync suppression work
even when PSEUDO_DISABLED is set.
|
|
It turns out that file databases don't get very large, and that
sqlite3 can be quite fast with an in-memory database. It also turns
out that dumping the database to disk on exit (or during idle times)
is pretty cheap compared to constant updates.
So: We add "--enable-memory-db", which defaults to on if you have
sqlite 3.7 or later, and off for 3.6 (because 3.6 has horrible
performance with in-memory db on some hosts we tried).
|
|
wrap_linkat() was trying to avoid "redundantly" expanding paths before
calling real_linkat(). Which is fine when you're not using an absolute
path in a chroot environment, but if you are, it ends up calling the
real syscall with the absolute path and no chroot prefix.
General observation: All the *at() implementations are expanding paths
into absolute paths, then dutifully calling real_*at() functions with
them anyway. This is silly. Added a note to Futures.txt to fix it some
day. In the mean time, linkat() is fixed correctly; it always expands
paths, does so exactly once, and then uses the underlying link()
call because it doesn't need special processing of directory fds
anymore. Also fixed errno stashing to reduce the risk that link()
will change errno in a circumstance where it doesn't actually fail.
|
|
The automatic path fixups invoked for names which end in the string
"path" was still applying to link(), which then called linkat(),
which would do the same path fixups; if you were chrooted, this would
produce bogus paths. On systems which actually have linkat(), this
would produce the even more mysterious behavior that the link would
succeed, but the following stat would fail.
Solution: Change the wrapfuncs prototypes for link() so it doesn't
invoke automatic path name fixups.
|
|
Fixed up the libdir stuff in a saner way, fixed the @GLIBC_2.7 thing,
want to avoid any risk of someone having a stale archive.
|
|
There's a few circumstances where sqlite's libdir isn't the same as
the directory name we want to use for libpseudo.so, so make it a
separate setting. This may obviate the need for --with-static-sqlite.
Signed-off-by: seebs <peter.seebach@windriver.com>
|
|
There were a couple of cases where pseudo built against GLIBC_2.7 or
newer was ending up with dependencies on symbols which required
GLIBC_2.7. With these gone, it appears that a libpseudo.so can be
used on an older host in some cases. None were particularly important
or intentional:
1. pseudo_util was conditionally calling open() with only two arguments,
which can invoke a new __open2() function in some systems. Don't care,
and the docs specifically state that the mode argument is "ignored" when
O_CREAT is absent, so it's not necessary to omit it.
2. The calls to sscanf/fscanf in pseudo_client.c were getting translated
into a special new iso_c99 sscanf/fscanf, and we don't care because we're
not using those features; #define _GNU_SOURCE suppresses the extra-compliant
behavior.
Signed-off-by: seebs <peter.seebach@windriver.com>
|
|
|
|
|
|
We never had an implementation for linkat() because no one used it;
now someone uses it. link() is now implemented on top of linkat().
Note the abnormal AT_SYMLINK_FOLLOW (as opposed to _NOFOLLOW) flag.
|
|
It turns out that the -L usage mostly doesn't matter (usually something
else has requested the right directory, or it's the default), but the
explicit path to libsqlite3.a hardcoded "lib", and on some systems
it should be something else, such as "lib64". Solution: Use $(LIB) for
that directory.
Note that this may not resolve things if, say, you're doing MIPS n32 on a
target where that lives in /usr/lib32, but I think in that case you'd
be specifying $libdir, so it should still work out.
Also added --with-static-sqlite=/path as an option in case people need
to further outsmart this.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
The PSEUDO_STATBUF change (allowing operations on files over
2GB even on 32-bit systems) introduced a subtle bug; by calling
stat64() rather than real_stat(), pseudo stopped handling
chrooted paths well. In most cases, this was fine, but in the
specific case of a rename, where the stat buffers for the various
parts were actually used, it wasn't. Of particular note, pseudo
could end up creating links which had stack garbage for their
stat buffs, because it assumed that if the rename operation
succeeded, the stat operations must have succeeded.
Of course, there is no real_stat64 in the Linux port, because
there's no need for it; most code is calling __xstat64 or some
relative thereof, and even if you did really call stat64, it'd
end up routed there anyway. So we add that so that it can be
used for calls and we don't have to encode Linux-specific
magic about __xstat into the generic header.
|
|
The _plain thing was added because of clashes between Linux
("struct stat64 for 64-bit file sizes") and Darwin ("struct stat
is already 64 bits"). But it turns out not to be enough,
because stat will *fail* if it cannot represent a file size,
so when something like unlinkat() calls a non-64-bit stat in
order to determine whether a file exists, it gets the wrong
answer if the file is over 2GB in size.
Solution: Continue using PSEUDO_STATBUF, and also provide
defines for base_stat() which can be either real_stat() or
real_stat64(), etcetera.
This eliminates any reason to need the _plain functions. It
also suggests that the other real___fxstatat() calls should
someday go away because that is an ugly, ugly, implementation
detail.
As part of testing this, fix up some bitrot which affected
Darwin (such as the continue outside of a loop, but inside
an #ifdef; that was left over from the conversion of
init_one_wrapper to a separate function).
|
|
Instead of using .tgz, use .tar.bz2 (and change czf to cjf). This makes
life easier for Yocto.
|
|
Clean up a couple of (harmless, but unsightly) bits of cruft
left from a failed attempt at implementing the ARCH_FLAGS support.
|
|
|
|
Pseudo should never have been the one picking -m32/-m64. That should be
coming from the build system in some way. Deprecate --arch, add --cflags.
|
|
Enough changes to justify a tag.
|
|
The logic for whether to allocate space for the "base" path
in pseudo_fix_path recognized that you don't need it when the
path you're evaluating starts with a slash.
This is great, except:
1. It's not actually true, if rootlen isn't 0.
2. The decision of whether or not to copy over the base
path didn't check for this, so it would happen anyway.
The net result is, if you had a path in excess of 256 characters as
a base (say, a chroot directory), and you tried to evaluate a path
starting with a slash (say, /etc/shadow), pseudo would allocate enough
space for the path, but not for the base path, and then copy the
base path into it anyway. The rounding up to multiples of 256 isn't
enough to save us in this case.
Solution:
1. Make the logic for the base path copy match the allocation logic.
2. Use (path[0] != '/' || rootlen) as the second part of the test,
because if there's a non-zero rootlen, we're in a chroot and MUST
preserve at least some of the path.
This could maybe be smarter (what if we only allocated space for
rootlen in that case?) except that in reality, it's very very
often the case that baselen == rootlen, and it's not as though we
want MORE complexity.
|
|
|
|
Long story short: ARM doesn't use -m32 and -m64, so make those
a little more dependent. We'll probably rework this completely "soon"
as we mess with more targets and x32 becomes an issue.
|
|
The existing behavior was to set rpath to whatever was specified
explicitly with --with-rpath, or to set a default if the opt_rpath
variable was unset and we reached a --with-sqlite.
This turns out to be incorrect in the case where a static sqlite is
being used. You can force the issue with --without-rpath, but it's
probably better to make the inference smarter. This also allows the
slight cleanup of setting opt_rpath to '' to begin with, because we're
no longer depending on the distinction between empty and unset.
|
|
Spotted a couple of things during the last batch of fixes; fixing these
up so things are more consistent or clearer.
|
|
|
|
Some systems prefer to avoid messing with LD_LIBRARY_PATH as much,
and instead link sqlite statically.
|