Commit dfb4b4cb authored by Carlo Landmeter's avatar Carlo Landmeter
Browse files

main/uwsgi: refactor init and cleanup

* remove extraneous patches
* run uwsgi with its own user/group
* add support for POSIX Capabilities (libcap)
* simplify init with emperor mode
* set base emperor config /etc/uwsgi/uwsgi.ini
* set emperor dir to /etc/uwsgi/conf.d
* put pid and socket into /run/uwsgi (created by init)
parent cffed188
From 1a09a7264026339d8e0c4899a2f9ff488c0bd97d Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Mon, 10 Feb 2014 12:13:00 +0000
Subject: [PATCH 1/4] use portable pthread functions instead of the
non-portable
The pthread functions pthread_mutexattr_setrobust and
pthread_mutex_consistent are in posix nowdays. Use those instead of their
non-portable synonyms.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
---
core/lock.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/core/lock.c b/core/lock.c
index d368148..f806b2c 100644
--- a/core/lock.c
+++ b/core/lock.c
@@ -99,7 +99,7 @@ retry:
exit(1);
}
if (uwsgi_pthread_robust_mutexes_enabled) {
- if (pthread_mutexattr_setrobust_np(&attr, PTHREAD_MUTEX_ROBUST)) {
+ if (pthread_mutexattr_setrobust(&attr, PTHREAD_MUTEX_ROBUST)) {
uwsgi_log("unable to make the mutex 'robust'\n");
exit(1);
}
@@ -161,7 +161,7 @@ void uwsgi_lock_fast(struct uwsgi_lock_item *uli) {
#ifdef EOWNERDEAD
if (pthread_mutex_lock((pthread_mutex_t *) uli->lock_ptr) == EOWNERDEAD) {
uwsgi_log("[deadlock-detector] a process holding a robust mutex died. recovering...\n");
- pthread_mutex_consistent_np((pthread_mutex_t *) uli->lock_ptr);
+ pthread_mutex_consistent((pthread_mutex_t *) uli->lock_ptr);
}
#else
pthread_mutex_lock((pthread_mutex_t *) uli->lock_ptr);
--
1.8.5.3
From ab68dc90d3a6e3ae660adb65cf8a020d91eb8f09 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Mon, 10 Feb 2014 12:17:18 +0000
Subject: [PATCH 2/4] Check for GNU libc instead of linux for use of execinfo.h
Since execinfo.h is a GNU extension it makes more sense to check for GNU
than to assume that linux is GNU.
This is needed for building on linux with musl libc.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
---
core/uwsgi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/uwsgi.c b/core/uwsgi.c
index 67b175b..b3b25ae 100644
--- a/core/uwsgi.c
+++ b/core/uwsgi.c
@@ -1690,7 +1690,7 @@ void uwsgi_plugins_atexit(void) {
void uwsgi_backtrace(int depth) {
-#if defined(__linux__) || (defined(__APPLE__) && !defined(NO_EXECINFO)) || defined(UWSGI_HAS_EXECINFO)
+#if defined(__GLIBC__) || (defined(__APPLE__) && !defined(NO_EXECINFO)) || defined(UWSGI_HAS_EXECINFO)
#include <execinfo.h>
--
1.8.5.3
From c6ddb3e4ca72f6ec8662f8a18674eb4d861561b8 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Mon, 10 Feb 2014 13:03:50 +0000
Subject: [PATCH 3/4] always define _GNU_SOURCE for linux
We are using various extenstions that the spec say depends on _GNU_SOURCE,
for example unshare, CPU_SET, CPU_ZERO, cpu_set_t. We enable those always
for linux and we never unset it.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
---
uwsgi.h | 18 +++++-------------
1 file changed, 5 insertions(+), 13 deletions(-)
diff --git a/uwsgi.h b/uwsgi.h
index b3ce4f7..3131a0f 100644
--- a/uwsgi.h
+++ b/uwsgi.h
@@ -149,29 +149,22 @@ extern "C" {
#endif
#endif
+#ifdef __linux__
#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
-#include <stdio.h>
-#ifdef __UCLIBC__
-#include <sched.h>
+#ifndef __USE_GNU
+#define __USE_GNU
+#endif
#endif
-#undef _GNU_SOURCE
+#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
#include <signal.h>
#include <math.h>
#include <sys/types.h>
-#ifdef __linux__
-#ifndef _GNU_SOURCE
-#define _GNU_SOURCE
-#endif
-#ifndef __USE_GNU
-#define __USE_GNU
-#endif
-#endif
#include <sys/socket.h>
#include <net/if.h>
#ifdef __linux__
@@ -179,7 +172,6 @@ extern "C" {
#define MSG_FASTOPEN 0x20000000
#endif
#endif
-#undef _GNU_SOURCE
#include <netinet/in.h>
#include <termios.h>
--
1.8.5.3
From 393de27d01710718ffedf46cbbe20c5a1d559c9e Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Mon, 10 Feb 2014 13:15:07 +0000
Subject: [PATCH 4/4] define WAIT_ANY if missing
POSIX uses -1 and does not define WAIT_ANY so we need to define it if
needed.
See:
http://pubs.opengroup.org/onlinepubs/9699919799/functions/waitpid.html
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_wait.h.html
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
---
uwsgi.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/uwsgi.h b/uwsgi.h
index 3131a0f..7a0d93e 100644
--- a/uwsgi.h
+++ b/uwsgi.h
@@ -257,6 +257,9 @@ extern int pivot_root(const char *new_root, const char *put_old);
#include <stdint.h>
#include <sys/wait.h>
+#ifndef WAIT_ANY
+#define WAIT_ANY (-1)
+#endif
#ifdef __APPLE__
#ifndef MAC_OS_X_VERSION_MIN_REQUIRED
--
1.8.5.3
From 6dc5730a234f4bc8a0cbfb0bd3360e860d39e340 Mon Sep 17 00:00:00 2001
From: Jakub Jirutka <jakub@jirutka.cz>
Date: Sat, 26 Mar 2016 00:17:35 +0100
Subject: [PATCH] Add variable plugin_build_dir to uwsgiconfig
Package managers in Alpine Linux (APK) and Gentoo (Portage) builds
packages in different directory than where are eventually installed.
Therefore we need to set different plugin_dir for build and runtime.
Gentoo ebuild for uWSGI solved this problem using simple workaround that
involves patching uwsgiconfig.py (see [1]). This patch do the same
thing; it adds build variable plugin_build_dir, but with fallback to
plugin_dir for backward compatibility.
[1]: https://github.com/gentoo/gentoo/blob/master/www-servers/uwsgi/uwsgi-2.0.11.2-r1.ebuild#L149
---
uwsgiconfig.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/uwsgiconfig.py b/uwsgiconfig.py
index 835d6b4..617d6b3 100644
--- a/uwsgiconfig.py
+++ b/uwsgiconfig.py
@@ -1424,7 +1424,7 @@ def build_plugin(path, uc, cflags, ldflags, libs, name=None):
pass
if uc:
- plugin_dest = uc.get('plugin_dir') + '/' + name + '_plugin'
+ plugin_dest = uc.get('plugin_build_dir', uc.get('plugin_dir')) + '/' + name + '_plugin'
else:
plugin_dest = name + '_plugin'
......@@ -4,43 +4,41 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=uwsgi
pkgver=2.0.13.1
pkgrel=1
pkgrel=2
pkgdesc="uWSGI application container server"
url=http://projects.unbit.it/uwsgi/
arch=all
license=GPL2
depends=mailcap
install="uwsgi.pre-install"
pkgusers="uwsgi"
pkggroups="uwsgi"
makedepends="linux-headers lua5.2-dev python python-dev zeromq-dev paxmark
pcre-dev"
pcre-dev libcap-dev"
source="http://projects.unbit.it/downloads/uwsgi-${pkgver}.tar.gz
uwsgi.initd uwsgi.confd
uwsgi.initd
uwsgi.ini
readme.emperor
alpine.buildconf
musl-fix-python.patch
"
subpackages=""
builddir=$srcdir/$pkgname-$pkgver
_plugins="lua python router_uwsgi cgi"
subpackages=""
for _p in $_plugins ; do
for _p in ${_plugins}; do
subpackages="$subpackages uwsgi-$_p:_$_p"
done
_builddir=$srcdir/$pkgname-$pkgver
prepare() {
local i
cd "$_builddir"
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
default_prepare
cp "$srcdir"/alpine.buildconf buildconf/alpine.ini || return 1
}
build() {
cd "$_builddir"
cd "$builddir"
msg "building core"
# ccache seems to trigger some weird bug on musl
CC="gcc" python uwsgiconfig.py --build alpine || return 1
......@@ -53,29 +51,25 @@ build() {
}
package() {
cd "$_builddir"
local bindir=$pkgdir/usr/sbin
install -d "$bindir"
install uwsgi "$bindir"
local libdir=$pkgdir/usr/lib/uwsgi
install -d "$libdir"
install *_plugin.so "$libdir"
cd "$builddir"
install -D uwsgi \
"$pkgdir"/usr/sbin/uwsgi || return 1
install -D "$srcdir"/readme.emperor \
"$pkgdir"/etc/uwsgi/conf.d || return 1
install -D "$srcdir"/uwsgi.ini \
"$pkgdir"/etc/uwsgi/uwsgi.ini return 1
install -Dm755 "$srcdir"/uwsgi.initd \
"$pkgdir"/etc/init.d/uwsgi || return 1
install -Dm644 "$srcdir"/uwsgi.confd \
"$pkgdir"/etc/conf.d/uwsgi || return 1
# disable emutramp/mprotect, this is needed for luajit and cffi
paxmark -em "$bindir"/uwsgi
paxmark -em "$pkgdir"/usr/sbin/uwsgi
}
_plugin() {
cd "$builddir"
depends=uwsgi
mkdir -p "$subpkgdir"/usr/lib/uwsgi
mv "$pkgdir/usr/lib/uwsgi/$1_plugin.so" "$subpkgdir/usr/lib/uwsgi" || return 1
pkgdesc="$1 plugin for uwsgi"
install -D "$1_plugin".so \
"$subpkgdir"/usr/lib/uwsgi/"$1_plugin".so || return 1
}
for _p in $_plugins; do
......@@ -83,17 +77,20 @@ for _p in $_plugins; do
done
md5sums="e9ec5b2b296ce21b3787e0579d02bade uwsgi-2.0.13.1.tar.gz
6b285debf97aac42f6c1289f3625017e uwsgi.initd
3d6afe6a8c52556d1d6c52384fc38d9a uwsgi.confd
6226e676b95d9d0d7b4520443cb98479 uwsgi.initd
67463bbb7807664d57d5ed89b5a490da uwsgi.ini
b9b4b9a21a16e2ee686172b7d78ec2b0 readme.emperor
98407f45c566a2c39a34b882e1ac9fe4 alpine.buildconf
87c16f6fe482c9b0eac0d33c51873f45 musl-fix-python.patch"
sha256sums="2eca0c2f12ab76f032154cd147f4d5957d3195a022678d59cb507f4995a48d7f uwsgi-2.0.13.1.tar.gz
9463bd286fa3cae72e65037766c3fe2847d10f95c7e920de16b2046b971c3799 uwsgi.initd
4cb047e311aecd0f498da1d6a4c0947dd6dc7cc98575d54cb2ef150cacf8425c uwsgi.confd
cd6bde9c8e41b09cdc1ad74b21dd119e7b56c999970399f49a035d08e27db768 uwsgi.initd
19fafa3528ce96b1f683c4d02f991c823a6afc9953b65098cb70f5eea2c3b387 uwsgi.ini
0162660ac33712784b1a5ff54db51c46ec8a4af873a813407c0eb9de571d1372 readme.emperor
31fc9c17f17aa067c3b025a3f7a84c6102d24368afcbc237f3d58041083c0875 alpine.buildconf
3838e8e3926a1f6271bb5aa88d309837a3bcd06cd570c499b72ca549326c682e musl-fix-python.patch"
sha512sums="f85ecc34cfa6c24476475996a16432f9ebd8563e4e9866392dbbf5beebec909b50634651d822bdad54bbae886c913c1502edbf04766bba94138330d46798046d uwsgi-2.0.13.1.tar.gz
00a7e3ce888724716d1245eb7676062c5270098ea0429a12c82623db0806bb098872df7ebda38ad5ae796d8ac34d23f71d67af76ddce82f3669565ff034c1a2c uwsgi.initd
9f00afb2aa574bbc59040f945475712b8c40da0c06eeb5699de5510aa116148e35ab0429fa891084cf0cd7868876d5a80e1601b7c85d0e2e9ea2a1f54cdde619 uwsgi.confd
7325ac2b52539060516f2a0bf28da0c5c325d7c462343ba6496055b1c9d78c902e17bf071a374d9ab141e47e29f1b28a8c058b868a9aa9dfb673250c7bababba uwsgi.initd
ac182ef6ce7526ccea701bcaef940863218c332239caaf6e35c22d44c70a4d6c51e29afeefd8f443335fce666195e1c9f9b51794e3a96d5f8567b49528f44f53 uwsgi.ini
1867cd04599e6577f8f7d0b34241a51bbce6789db982bab509d64a7ccdbeab086bfd342c359cd6ba1d37ea8a217f42a56cecbecf646d12ad4cd258792c8eb61e readme.emperor
f3cff00926929a5bb40afafb65fd5228582af35fbf524562282020c4c4ae9c659231b2381f4b3cceb18e8f3f6c888c21bdd8ed4ddcd81e92fbc6a0891800ce38 alpine.buildconf
de68b16b44e554a79c073c9befa10566796316dbf4c375b4d6b633d80b0282694cca233f0a70f3d6570584324f14276826bbeb8f38b550c00087a05f9ba9227f musl-fix-python.patch"
--- uwsgi-2.0.4.orig/core/lock.c
+++ uwsgi-2.0.4/core/lock.c
@@ -96,7 +96,9 @@
#endif
if (pthread_mutexattr_setprotocol(&attr, PTHREAD_PRIO_INHERIT)) {
uwsgi_log("unable to set PTHREAD_PRIO_INHERIT\n");
+#if 0
exit(1);
+#endif
}
if (uwsgi_pthread_robust_mutexes_enabled) {
if (pthread_mutexattr_setrobust(&attr, PTHREAD_MUTEX_ROBUST)) {
drop your uwsgi config files inside this directory.
uwsgi will automatically load them (Emperor mode).
see: http://uwsgi-docs.readthedocs.io/en/latest/Emperor.html
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/www-servers/uwsgi/files/uwsgi.confd-r3,v 1.1 2013/03/01 09:50:06 ultrabug Exp $
# YOU SHOULD ONLY MODIFY THIS FILE IF YOU USE THE UWSGI EMPEROR MODE!
# IF YOU WANT TO RUN A SINGLE APP INSTANCE, CREATE A COPY AND MODIFY THAT INSTEAD!
# Path (or name) of UNIX/TCP socket to bind to
# Example : UWSGI_SOCKET=127.0.0.1:1234
UWSGI_SOCKET=
# Enable threads? (1 = yes, 0 = no). The default is 0
#
UWSGI_THREADS=0
# The path to your uWSGI application.
#
UWSGI_PROGRAM=
# The path to your uWSGI xml config file.
#
UWSGI_XML_CONFIG=
# The number of child processes to spawn. The default is 1.
#
UWSGI_PROCESSES=1
# The log file path. If empty, log only errors
#
UWSGI_LOG_FILE=
# If you want to run your application inside a chroot then specify the
# directory here. Leave this blank otherwise.
#
UWSGI_CHROOT=
# If you want to run your application from a specific directiory specify
# it here. Leave this blank otherwise.
#
UWSGI_DIR=
# The user to run your application as. If you do not specify these,
# the application will be run as user root.
#
UWSGI_USER=
# The group to run your application as. If you do not specify these,
# the application will be run as group root.
#
UWSGI_GROUP=
# Run the uwsgi emperor which loads vassals dynamically from this PATH
# see http://projects.unbit.it/uwsgi/wiki/Emperor
# The advised Gentoo folder is /etc/uwsgi.d/
UWSGI_EMPEROR_PATH=
# The group the emperor should run as. This is different from the UWSGI_GROUP
# as you could want your apps share some sockets with other processes such as
# www servers while preserving your emperor logs from being accessible by them.
UWSGI_EMPEROR_GROUP=
# Additional options you might want to pass to uWSGI
#
UWSGI_EXTRA_OPTIONS=
[uwsgi]
uid = uwsgi
gid = uwsgi
emperor = /etc/uwsgi/conf.d
stats = /run/uwsgi/stats.sock
emperor-tyrant = true
cap = setgid,setuid
#!/sbin/openrc-run
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/www-servers/uwsgi/files/uwsgi.initd-r3,v 1.1 2013/03/01 09:50:06 ultrabug Exp $
PROGNAME=${SVCNAME#*.}
UWSGI_EXEC=/usr/sbin/uwsgi
if [ "${SVCNAME}" == "uwsgi" ]; then
PIDPATH=/var/run/uwsgi
else
PIDPATH="/var/run/uwsgi_${PROGNAME}"
fi
PIDFILE="${PIDPATH}/${PROGNAME}.pid"
extra_started_commands="${opts} reload stats"
pidfile="/run/uwsgi/uwsgi.pid"
command="/usr/sbin/uwsgi"
command_args="--daemonize=/var/log/uwsgi.log --emperor /etc/uwsgi/conf.d --emperor-pidfile=$pidfile"
depend() {
need net
need net
}
start_pre() {
checkpath -d -m 0750 -o "${UWSGI_USER}":"${UWSGI_GROUP}" "${PIDPATH}"
}
start_emperor() {
local OPTIONS
OPTIONS="--daemonize"
if [ -n "${UWSGI_LOG_FILE}" ]; then
OPTIONS="${OPTIONS} ${UWSGI_LOG_FILE}"
else
OPTIONS="${OPTIONS} /dev/null --disable-logging"
fi
[ -z "${UWSGI_DIR}" ] && UWSGI_DIR="/"
[ -z "${UWSGI_USER}" ] && UWSGI_USER="root"
[ -z "${UWSGI_GROUP}" ] && UWSGI_GROUP="root"
if [ -n "${UWSGI_EXTRA_OPTIONS}" ]; then
OPTIONS="${OPTIONS} ${UWSGI_EXTRA_OPTIONS}"
fi
ebegin "Starting uWSGI emperor"
cd "${UWSGI_DIR}" && \
start-stop-daemon --start --user "${UWSGI_USER}" --exec "${UWSGI_EXEC}" \
--group ${UWSGI_EMPEROR_GROUP:-${UWSGI_GROUP}} \
-- --emperor "${UWSGI_EMPEROR_PATH}" ${OPTIONS} --pidfile "${PIDFILE}"
return $?
}
start_app() {
local OPTIONS
OPTIONS="--master --daemonize"
if [ -n "${UWSGI_LOG_FILE}" ]; then
OPTIONS="${OPTIONS} ${UWSGI_LOG_FILE}"
else
OPTIONS="${OPTIONS} /dev/null --disable-logging"
fi
[ -z "${UWSGI_DIR}" ] && UWSGI_DIR="/"
[ -z "${UWSGI_USER}" ] && UWSGI_USER="root"
[ -z "${UWSGI_GROUP}" ] && UWSGI_GROUP="root"
if [ -n "${UWSGI_EXTRA_OPTIONS}" ]; then
OPTIONS="${OPTIONS} ${UWSGI_EXTRA_OPTIONS}"
fi
if [ "${UWSGI_THREADS}" = "1" ]; then
OPTIONS="${OPTIONS} --enable-threads"
fi
if [ -n "${UWSGI_SOCKET}" ]; then
OPTIONS="${OPTIONS} --socket ${UWSGI_SOCKET}"
fi
if [ -n "${UWSGI_PROCESSES}" ]; then
OPTIONS="${OPTIONS} --processes ${UWSGI_PROCESSES}"
fi
if [ -n "${UWSGI_CHROOT}" ]; then
OPTIONS="${OPTIONS} --chroot ${UWSGI_CHROOT}"
fi
if [ -n "${UWSGI_PROGRAM}" ]; then
OPTIONS="${OPTIONS} --fileserve-mode ${UWSGI_PROGRAM}"
fi
if [ -n "${UWSGI_XML_CONFIG}" ]; then
OPTIONS="${OPTIONS} --xmlconfig ${UWSGI_XML_CONFIG}"
fi
ebegin "Starting uWSGI application ${PROGNAME}"
cd "${UWSGI_DIR}" && \
start-stop-daemon --start --user "${UWSGI_USER}" --group "${UWSGI_GROUP}" \
--exec "${UWSGI_EXEC}" -- ${OPTIONS} --pidfile "${PIDFILE}"
return $?
}
start() {
if [ "${SVCNAME}" == "uwsgi" ]; then
if [ -n "${UWSGI_EMPEROR_PATH}" ]; then
start_emperor
eend $?
else
eerror "You are not supposed to run this script directly unless you"
eerror "want to run in Emperor mode. In that case please set the UWSGI_EMPEROR_PATH."
eerror "Otherwise create a symlink for the uwsgi application you want to run as well as"
eerror "a copy of the configuration file and modify it appropriately like so..."
eerror
eerror " ln -s uwsgi /etc/init.d/uwsgi.trac"
eerror " cp /etc/conf.d/uwsgi /etc/conf.d/uwsgi.trac"
eerror " nano /etc/conf.d/uwsgi.trac"
eerror
return 1
fi
else
start_app
eend $?
fi
}
stop() {
if [ -n "${UWSGI_EMPEROR_PATH}" ]; then
ebegin "Stopping uWSGI emperor"
else
ebegin "Stopping uWSGI application ${PROGNAME}"
fi
start-stop-daemon --stop --signal QUIT --pidfile "${PIDFILE}"
eend $?
}
reload() {
ebegin "Reloading uWSGI"
start-stop-daemon --signal HUP --pidfile "${PIDFILE}"
eend $?
}
stats() {
ebegin "Logging uWSGI statistics"
start-stop-daemon --signal USR1 --pidfile "${PIDFILE}"
eend $?
checkpath --directory --owner uwsgi:uwsgi \
--mode 0775 /run/uwsgi
}
#!/bin/sh
addgroup -S uwsgi 2>/dev/null
adduser -S -D -H -h /dev/null -s /sbin/nologin -G uwsgi -g uwsgi uwsgi 2>/dev/null
exit 0
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment