| Date | Commit message (Collapse) |
|---|
|
We need to handle arbitrary integers and case-insensitive
variations of human words to match git-config(1) behavior,
since that's what users would expect given we use config
files parseable by git-config(1).
|
|
Actually do the redirect properly
|
|
We don't want the stdin from the test runner to accidentally
cause this test to fail.
|
|
We don't use the return value in real code since we do waitpid
asynchronously, now. So simplify our runtime code at the cost
of making our test slighly more complex.
|
|
We already import `which' for lsof(8), so we might as well
use it to detect curl(1), too.
|
|
-W0 (no workers) should not create any pipes on its own,
and we shouldn't have any deleted FDs if no clients are
connected.
This can find if leaks which may be triggered by PublicInbox::HTTP
(and not Qspawn or GitHTTPBackend).
|
|
|
|
IO::Socket::INET->new is rather verbose with the options hash,
extract it into a standalone sub
|
|
RFC3977 6.1.2.2 LISTGROUP allows a [range] arg after [group],
and supporting it allows NNTP support in neomutt to work again.
Tested with NeoMutt 20170113 (1.7.2) on Debian stretch
(oldstable)
|
|
RFC3977 8.4.2 mandates the order of non-standard headers
to be after the first seven standard headers/metadata;
so "Xref:" must appear after "Lines:"|":lines".
Additionally, non-required header names must be followed
by ":full".
Cc: Jonathan Corbet <corbet@lwn.net>
Reported-by: Urs Janßen
<E1hmKBw-0008Bq-8t@akw>
|
|
Using Z_FULL_FLUSH at the right places in our event loop, it
appears we can share a single zlib deflate context across ALL
clients in a process.
The zlib deflate context is the biggest factor in per-client
memory use, so being able to share that across many clients
results in a large memory savings.
With 10K idle-but-did-something NNTP clients connected to a
single process on a 64-bit system, TLS+DEFLATE used around
1.8 GB of RSS before this change. It now uses around 300 MB.
TLS via IO::Socket::SSL alone uses <200MB in the same situation,
so the actual memory reduction is over 10x.
This makes compression less efficient and bandwidth increases
around 45% in informal testing, but it's far better than no
compression at all. It's likely around the same level of
compression gzip gives on the HTTP side.
Security implications with TLS? I don't know, but I don't
really care, either... public-inbox-nntpd doesn't support
authentication and it's up to the client to enable compression.
It's not too different than Varnish caching gzipped responses
on the HTTP side and having responses go to multiple HTTPS
clients.
|
|
This is only tested so far with my patches to Net::NNTP at:
https://rt.cpan.org/Ticket/Display.html?id=129967
Memory use in C10K situations is disappointing, but that's
the nature of compression.
gzip compression over HTTPS does have the advantage of not
keeping zlib streams open when clients are idle, at the
cost of worse compression.
|
|
Net::NNTP won't attempt to use older versions of IO::Socket::SSL
because 2.007 is the "first version with default CA on most platforms"
according to comments in Net::NNTP. But then again we don't make
remote requests when testing...
|
|
We need to ensure the BIN_DETECT (8000 byte) check in
ViewVCS can be handled properly when sending giant
files. Otherwise, EPOLLET won't notify us, again,
and responses can get stuck.
While we're at it, bump up the read-size up to 4096
bytes so we make fewer trips to the kernel.
|
|
* origin/nntp:
nntp: add support for CAPABILITIES command
nntp: remove DISABLED hash checks
|
|
Some clients may rely on this for STARTTLS support.
|
|
We need to be able to successfully connect() to the socket
before attempting further tests. Merely testing for the
existence of a socket isn't enough, since the server may've
only done bind(), not listen().
|
|
For users relying on socket activation via service manager (e.g.
systemd) and running multiple service instances (@1, @2),
we need to ensure configuration of the socket is NonBlocking.
Otherwise, service managers such as systemd may clear the
O_NONBLOCK flag for a small window where accept/accept4
blocks:
public-inbox-nntpd@1 |systemd |public-inbox-nntpd@2
--------------------------+----------------+--------------------
F_SETFL,O_NONBLOCK|O_RDWR | | (not running, yet)
|F_SETFL, O_RDWR |
|fork+exec @2... |
accept(...) # blocks! | |(started by systemd)
| |F_SETFL,O_NONBLOCK|O_RDWR
| |accept(...) non-blocking
It's a very small window where O_NONBLOCK can be cleared,
but it exists, and I finally hit it after many years.
|
|
IO::Socket:*->new options are verbose and we can save
a bunch of code by putting this into t/common.perl,
since the related spawn_listener stuff is already there.
|
|
20190431 isn't real, NNTP.pm failed to parse it when our
test client sent it.
|
|
Perl prior to 5.22 did not bundle a Net::NNTP (or libnet)
capable of handling TLS.
|
|
It's barely any effort at all to support HTTPS now that we have
NNTPS support and can share all the code for writing daemons.
However, we still depend on Varnish to avoid hug-of-death
situations, so supporting reverse-proxying will be required.
|
|
We need to ensure we run lsof on the sleep(1) process, and not
the fork of ourselves before execve(2). This race applies when
we're using the default pure-Perl spawn() implementation.
|
|
On Linux systems with epoll support, we don't want to be
clobbering defined subs in the t/ds-poll.t test; so use
OO ->method dispatch instead and require users to explicitly
import subs via EXPORT_OK.
|
|
* origin/nntp-tls: (59 commits)
ds: ->write must not clobber empty wbuf array
Makefile: skip DSKQXS in global syntax check
ds: reduce overhead of tempfile creation
Revert "ci: require IO::KQueue on FreeBSD, for now"
ds: reimplement IO::Poll support to look like epoll
ds: split out IO::KQueue-specific code
daemon: use FreeBSD accept filters on non-NNTP
daemon: set TCP_DEFER_ACCEPT on everything but NNTP
nntp: send greeting immediately for plain sockets
ci: require IO::KQueue on FreeBSD, for now
nntp: lazily allocate and stash rbuf
ds: flush_write runs ->write callbacks even if closed
nntp: simplify long response logic and fix nesting
ds: always use EV_ADD with EV_SET
nntp: reduce allocations for greeting
ds: allow ->write callbacks to syswrite directly
daemon: use SSL_MODE_RELEASE_BUFFERS
t/nntpd-tls: slow client connection test
nntp: call SSL_shutdown in normal cases
ds|nntp: use CORE::close on socket
...
|
|
"INSERT OR IGNORE" still bumps the auto-increment counter in
SQLite, which causes gaps to appear in NNTP article numbering.
This bug appeared in v2 repos where V2Writable may call ->add
repeatedly on the same message. This bug is apparent with
public-inbox-watch and work-in-progress IMAP watchers which may
rescan and (attempt to) reinsert the same message on mailbox
changes.
Most uses of public-inbox-mda were not affected, unless the
same message is actually delivered multiple times to the mda.
v1 is not affected, either, since deduplication is only based
on Message-ID and msgmap never sees the duplicate.
Reported-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
At least the subset of epoll we use. EPOLLET might be
difficult to emulate if we end up using it.
|
|
Similar to TCP_DEFER_ACCEPT on Linux, FreeBSD has a 'dataready'
accept filter which we can use to reduce wakeups when doing
TLS negotiation or plain HTTP. There's also a 'httpready'
which we can use for plain HTTP connections.
|
|
This Linux-specific option can save us some wakeups during
the TLS negotiation phase, and it can help with ordinary HTTP,
too.
Plain NNTP (and in the future, POP3) are the only things which
require the server send messages, first.
|
|
We need to ensure slowly negotiating TLS clients don't block
the event loop. This is why I added the size check of
{wbuf} before and after calling the CODE ref in DS::flush_write.
|
|
This is in accordance with TLS standards and will be needed
to support session caching/reuse in the future. However, we
don't issue shutdown(2) since we know not to inadvertantly
share our sockets with other processes.
|
|
IO::Socket::SSL will try to re-bless back to the original class
on TLS negotiation failure. Unfortunately, the original class
is 'GLOB', and re-blessing to 'GLOB' takes away all the IO::Handle
methods, because Filehandle/IO are a special case in Perl5.
Anyways, since we already use syswrite() and sysread() as functions
on our socket, we might as well use CORE::close(), as well (and
it plays nicely with tied classes).
|
|
It kinda, barely works, and I'm most happy I got it working
without any modifications to the main NNTP::event_step callback
thanks to the DS->write(CODE) support we inherited from
Danga::Socket.
|
|
Instead, the O_NONBLOCK flag is set by PublicInbox::HTTPD::Async;
and we won't be setting it elsewhere.
|
|
The default $GIT_DIR/description (provided by git.git templates)
isn't very useful for v2 epochs, so use the inbox description
and suffix it with the epoch number if it's otherwise unnamed.
Requested-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
https://public-inbox.org/meta/20190620190017.GA27175@chatter.i7.local/
|
|
It never has, AFAIK, but I'm making some changes to this code in
another branch and nearly introduced a bug where it would be
overreading and discarding the pipelined request.
|
|
Plack is for Perl, Rack is for Ruby; this a Perl project :x
|
|
|
|
* origin/newspeak:
comments: replace "partition" with "shard"
t/xcpdb-reshard: use 'shard' term in local variables
xapcmd: favor 'shard' over 'part' in local variables
search: use "shard" for local variable
v2writable: use "epoch" consistently when referring to git repos
adminedit: "part" => "shard" for local variables
v2writable: rename local vars to match Xapian terminology
v2writable: avoid "part" in internal subs and fields
search*: rename {partition} => {shard}
xapcmd: update comments referencing "partitions"
v2: rename SearchIdxPart => SearchIdxShard
inboxwritable: s/partitions/shards/ in local var
tests: change messages to use "shard" instead of partition
v2writable: rename {partitions} field to {shards}
v2writable: count_partitions => count_shards
searchidxpart: start using "shard" in user-visible places
rename reference to git epochs as "partitions"
admin|xapcmd: user-facing messages say "shard"
v2writable: update comments regarding xcpdb --reshard
doc: rename our Xapian "partitions" to "shards"
|
|
No point in using lower-level APIs for a PSGI test.
|
|
I could not find a place to put the link the top without
making navigation too cluttered. Putting it at the bottom
of the page seems reasonable...
|
|
I found myself tempted to switch to HTTP::Tiny, here, since
it's distributed with Perl since 5.14, unlike Net::HTTP
(which AFAIK was never a part of Perl proper).
But we really want to use Net::HTTP, here, since it's
lower-level and allows us to trigger server-side buffering
by not reading the entity body.
|
|
Another step in maintaining consistency with Xapian docs.
|
|
Another potentially user-facing piece made consistent with
Xapian terminology.
|
|
Our internal data structure should be consistent with Xapian
terminology.
|
|
Try to remain consistent with our own documentation regarding
v2 git "epochs", first.
|
|
No sense in supporting multiple methods of initialization
for an internal class.
|
|
PublicInbox::Inbox objects have minimal dependencies, so
drop code to support old tests which existed before the
PublicInbox::Inbox object came into existence.
|
|
More testers are likely to have HTTP::Tiny than Net::HTTP, since
HTTP::Tiny is a dual-life module and distributed with Perl since
Perl 5.14 (2011-05-14), whereas Net::HTTP will likely live in
a separate package forever.
|
|
* origin/reshard:
xcpdb: support resharding v2 repos
xcpdb: use destination shard as progress prefix
xapcmd: preserve indexlevel based on the destination
v2writable: use a smaller default for Xapian partitions
|