Created attachment 160784 [details] Fix for rc.d script Currently rc.d script in www/h2o is broken. Daemon simply don't start with `/usr/local/etc/rc.d/h2o start`. Attached patch fixes this issue.
Thanks Grzegorz for the patch! I'm new to BSD so forgive my questions & errors. 1. remove PIDDIR and leave pidfile to be set by h2o.conf https://bugs.freebsd.org/bugzilla/attachment.cgi?id=160784&action=diff#Makefile_sec2 If I read these changes correctly, now we require h2o to start as root, and drop privileges. Is this considered safe enough? My intent with PIDDIR etc was h2o should be run completely non-privileged, from a daemon process. See https://github.com/h2o/h2o/issues/152 & https://github.com/h2o/h2o/issues/145 for some comments on that. BTW using daemon mode is a good idea, IIRC this wasn't available when the original port was done, so this is definitely an improvement! thanks. 2. daemon invocation changes https://bugs.freebsd.org/bugzilla/attachment.cgi?id=160784&action=diff#files/h2o.in_sec2 `grep pid-file: ...` feels tidier. why is procname set to perl, when /usr/local/bin/h2o is a binary, not perl? Is there a reason for switching from the default? /usr/local/bin/h2o: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 10.2, not stripped I +1 this change anyway, I would just like to understand the last points better for myself.
Ad. 1) Design of Unix requires to start h2o as root, since only root can open port < 1024. H2o needs to listen on port 80, so you can't run this (and many others) server completely non-privileged. It's save and common pattern to start server as root, open port for listening and then switch to another user. Ad. 2) When you want to stop daemon, rc.d script reads PID from PIDFILE and looks for process with given PID and given procname. If found process is stopped, otherwise process isn't terminated. H2o in daemon mode uses perl script as top-level process and spawn regular h2o as subprocesses. In PIDFILE is saved PID which points to this perl script. When you set procname!=perl (eg. h2o) server can't be found by rc.d script, thus can't be stopped.
Committed, thanks.
A commit references this bug: Author: gblach Date: Thu Sep 10 22:59:57 UTC 2015 New revision: 396629 URL: https://svnweb.freebsd.org/changeset/ports/396629 Log: - Fix rc.d script - Bump PORTVERSION PR: 202937 Submitted by: gblach Approved by: Dave Cottlehuber (dch <at> skunkwerks <dot> at) Changes: head/www/h2o/Makefile head/www/h2o/files/h2o.conf.sample head/www/h2o/files/h2o.in head/www/h2o/pkg-plist
Can we reopen this? With this patch I don't get daemon to stop or correctly anymore. I think this is the recent perl update breaking things. wintermute# service h2o start /usr/local/etc/rc.d/h2o: DEBUG: Sourcing /etc/rc.conf.d/h2o /usr/local/etc/rc.d/h2o: DEBUG: checkyesno: h2o_enable is set to YES. Starting h2o. /usr/local/etc/rc.d/h2o: DEBUG: run_rc_command: doit: /usr/local/bin/h2o -m daemon -c /usr/local/etc/h2o/h2o.conf start_server (pid:92099) starting now... starting new worker 92102 wintermute# [INFO] raised RLIMIT_NOFILE to 22500 h2o server (pid:92102) is ready to serve requests fetch-ocsp-response (using OpenSSL 1.0.1p-freebsd 9 Jul 2015) fetch-ocsp-response (using OpenSSL 1.0.1p-freebsd 9 Jul 2015) ... 188.166.111.169 - - [14/Sep/2015:20:44:46 +0000] "GET / HTTP/1.1" 200 344 "-" "raintank collector" wintermute# pgrep -ilf h2o; ps aux |grep h2o; cat /var/run/h2o.pid 92121 python /usr/local/bin/autojump -a /usr/local/share/h2o 92102 /usr/local/bin/h2o -c /usr/local/etc/h2o/h2o.conf 92101 /usr/local/bin/perl -x /usr/local/share/h2o/start_server --pid-file=/var/run/h2o.pid --log-file=/var/log/h2o/error.log --daemonize --port=[::]:80 --port=0.0.0.0:80 --port=[::]:443 --port=0.0.0.0:443 -- /usr/local/bin/h2o -c /usr/local/etc/h2o/h2o.conf www 92102 4.0 0.0 64216 7992 - S 8:44PM 0:00.50 /usr/local/bin/h2o -c /usr/local/etc/h2o/h2o.conf root 92101 0.1 0.0 47648 12368 - S 8:44PM 0:00.00 /usr/local/bin/perl -x /usr/local/share/h2o/start_server --pid-file=/var/run/h2o.pid root 92121 0.0 0.0 25612 5372 6 RN 8:44PM 0:00.00 python /usr/local/bin/autojump -a /usr/local/share/h2o (python2.7) root 92124 0.0 0.0 18824 2612 6 S+ 8:44PM 0:00.00 grep h2o 92101 wintermute# service h2o stop /usr/local/etc/rc.d/h2o: DEBUG: Sourcing /etc/rc.conf.d/h2o /usr/local/etc/rc.d/h2o: DEBUG: checkyesno: h2o_enable is set to YES. h2o not running? (check /var/run/h2o.pid). wintermute# killall -9 -m 'h2o|perl' wintermute# grep pid-file /usr/local/etc/h2o/h2o.conf |cut -d' ' -f2 /var/run/h2o.pid config snippet: listen: 80 listen: port: 443 ssl: ... access-log: /var/log/h2o/access.log error-log: /var/log/h2o/error.log pid-file: /var/run/h2o.pid user: www To fix this, I think 3 changes are required: # /usr/local/share/h2o/* replace all shebangs by full /usr/local/bin/perl path # /usr/local/etc/rc.d/h2o procname="/usr/local/bin/perl" # /usr/ports/www/h2o/Makefile introduce perl as a dependency which is missing from the original patch. Which works here at least for me. Is this ok for you Grzegorz?
A commit references this bug: Author: junovitch Date: Fri Sep 18 09:56:31 UTC 2015 New revision: 397229 URL: https://svnweb.freebsd.org/changeset/ports/397229 Log: MFH r393066,r396229,r396629,r397062: r393066 www/h2o: 1.2.0 -> 1.4.2 ChangeLog: https://github.com/h2o/h2o/releases PR: 200998 Submitted by: sean@x-n.su Approved by: Dave Cottlehuber <dch@skunkwerks.at> (maintainer) r396229 - Update to 1.4.4 [1] - Drop 8.x support [2] PR: 202818 [1] Submitted by: Dave Cottlehuber (dch <at> skunkwerks <dot> at) [1] Approved by: portmgr blanket [2] r396629 - Fix rc.d script - Bump PORTVERSION PR: 202937 Submitted by: gblach Approved by: Dave Cottlehuber (dch <at> skunkwerks <dot> at) r397062 - Fix rc.d issues introduced with recent perl changes [1] - Update to 1.4.5 [2] PR: 203147 [1], 203096 [2] Submitted by: Dave Cottlehuber (maintainer) Security: 31ea7f73-5c55-11e5-8607-74d02b9a84d5 Security: CVE-2015-5638 Approved by: ports-secteam (feld) Changes: _U branches/2015Q3/ branches/2015Q3/www/h2o/Makefile branches/2015Q3/www/h2o/distinfo branches/2015Q3/www/h2o/files/h2o.conf.sample branches/2015Q3/www/h2o/files/h2o.in branches/2015Q3/www/h2o/files/patch-CMakeLists.txt branches/2015Q3/www/h2o/pkg-plist