202937 – Fix rc.d script in www/h2o

Bug 202937 - Fix rc.d script in www/h2o

Summary: Fix rc.d script in www/h2o

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Grzegorz Blach

URL:
Keywords:

Depends on:
Blocks:	203147
	Show dependency tree / graph

Reported:	2015-09-06 20:42 UTC by Grzegorz Blach
Modified:	2015-09-18 09:57 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	dch: maintainer-feedback+

Attachments
Fix for rc.d script (2.98 KB, patch) 2015-09-06 20:42 UTC, Grzegorz Blach	gblach: maintainer-approval? (dch)	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Grzegorz Blach freebsd_committer

2015-09-06 20:42:07 UTC

Created attachment 160784 [details]
Fix for rc.d script

Currently rc.d script in www/h2o is broken.  Daemon simply don't start with `/usr/local/etc/rc.d/h2o start`.  Attached patch fixes this issue.

Comment 1 Dave Cottlehuber freebsd_committer

2015-09-10 21:28:57 UTC

Thanks Grzegorz for the patch! I'm new to BSD so forgive my questions & errors.

1. remove PIDDIR and leave pidfile to be set by h2o.conf

https://bugs.freebsd.org/bugzilla/attachment.cgi?id=160784&action=diff#Makefile_sec2

If I read these changes correctly, now we require h2o to start as root, and drop privileges. Is this considered safe enough?

My intent with PIDDIR etc was h2o should be run completely non-privileged, from a daemon process. See https://github.com/h2o/h2o/issues/152 & https://github.com/h2o/h2o/issues/145 for some comments on that.

BTW using daemon mode is a good idea, IIRC this wasn't available when the original port was done, so this is definitely an improvement! thanks.

2. daemon invocation changes

https://bugs.freebsd.org/bugzilla/attachment.cgi?id=160784&action=diff#files/h2o.in_sec2

`grep pid-file: ...` feels tidier.

why is procname set to perl, when /usr/local/bin/h2o is a binary, not perl? Is there a reason for switching from the default?

/usr/local/bin/h2o: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 10.2, not stripped

I +1 this change anyway, I would just like to understand the last points better for myself.

Comment 2 Grzegorz Blach freebsd_committer

2015-09-10 22:14:18 UTC

Ad. 1)

Design of Unix requires to start h2o as root, since only root can open port < 1024.  H2o needs to listen on port 80, so you can't run this (and many others) server completely non-privileged.  It's save and common pattern to start server as root, open port for listening and then switch to another user.

Ad. 2)

When you want to stop daemon, rc.d script reads PID from PIDFILE and looks for process with given PID and given procname.  If found process is stopped, otherwise process isn't terminated.  H2o in daemon mode uses perl script as top-level process and spawn regular h2o as subprocesses.  In PIDFILE is saved PID which points to this perl script.  When you set procname!=perl (eg. h2o) server can't be found by rc.d script, thus can't be stopped.

Comment 3 Grzegorz Blach freebsd_committer

2015-09-10 23:00:38 UTC

Committed, thanks.

Comment 4 commit-hook freebsd_committer

2015-09-10 23:00:54 UTC

A commit references this bug:

Author: gblach
Date: Thu Sep 10 22:59:57 UTC 2015
New revision: 396629
URL: https://svnweb.freebsd.org/changeset/ports/396629

Log:
  - Fix rc.d script
  - Bump PORTVERSION

  PR:		202937
  Submitted by:	gblach
  Approved by:	Dave Cottlehuber (dch <at> skunkwerks <dot> at)

Changes:
  head/www/h2o/Makefile
  head/www/h2o/files/h2o.conf.sample
  head/www/h2o/files/h2o.in
  head/www/h2o/pkg-plist

Comment 5 Dave Cottlehuber freebsd_committer

2015-09-14 21:00:27 UTC

Can we reopen this? With this patch I don't get daemon to stop or correctly anymore. I think this is the recent perl update breaking things.

wintermute# service h2o start
/usr/local/etc/rc.d/h2o: DEBUG: Sourcing /etc/rc.conf.d/h2o
/usr/local/etc/rc.d/h2o: DEBUG: checkyesno: h2o_enable is set to YES.
Starting h2o.
/usr/local/etc/rc.d/h2o: DEBUG: run_rc_command: doit: /usr/local/bin/h2o  -m daemon -c /usr/local/etc/h2o/h2o.conf
start_server (pid:92099) starting now...
starting new worker 92102
wintermute# [INFO] raised RLIMIT_NOFILE to 22500
h2o server (pid:92102) is ready to serve requests
fetch-ocsp-response (using OpenSSL 1.0.1p-freebsd 9 Jul 2015)
fetch-ocsp-response (using OpenSSL 1.0.1p-freebsd 9 Jul 2015)
...
188.166.111.169 - - [14/Sep/2015:20:44:46 +0000] "GET / HTTP/1.1" 200 344 "-" "raintank collector"

wintermute# pgrep -ilf h2o; ps aux |grep h2o; cat /var/run/h2o.pid
92121 python /usr/local/bin/autojump -a /usr/local/share/h2o
92102 /usr/local/bin/h2o -c /usr/local/etc/h2o/h2o.conf
92101 /usr/local/bin/perl -x /usr/local/share/h2o/start_server --pid-file=/var/run/h2o.pid --log-file=/var/log/h2o/error.log --daemonize --port=[::]:80 --port=0.0.0.0:80 --port=[::]:443 --port=0.0.0.0:443 -- /usr/local/bin/h2o -c /usr/local/etc/h2o/h2o.conf
www      92102   4.0  0.0    64216   7992  -  S     8:44PM     0:00.50 /usr/local/bin/h2o -c /usr/local/etc/h2o/h2o.conf
root     92101   0.1  0.0    47648  12368  -  S     8:44PM     0:00.00 /usr/local/bin/perl -x /usr/local/share/h2o/start_server --pid-file=/var/run/h2o.pid
root     92121   0.0  0.0    25612   5372  6  RN    8:44PM     0:00.00 python /usr/local/bin/autojump -a /usr/local/share/h2o (python2.7)
root     92124   0.0  0.0    18824   2612  6  S+    8:44PM     0:00.00 grep h2o
92101

wintermute# service h2o stop
/usr/local/etc/rc.d/h2o: DEBUG: Sourcing /etc/rc.conf.d/h2o
/usr/local/etc/rc.d/h2o: DEBUG: checkyesno: h2o_enable is set to YES.
h2o not running? (check /var/run/h2o.pid).

wintermute# killall -9 -m 'h2o|perl'

wintermute# grep pid-file /usr/local/etc/h2o/h2o.conf |cut -d' ' -f2
/var/run/h2o.pid

config snippet:

listen: 80
listen:
    port: 443
    ssl:
...
access-log: /var/log/h2o/access.log
error-log: /var/log/h2o/error.log
pid-file: /var/run/h2o.pid
user: www


To fix this, I think 3 changes are required:

# /usr/local/share/h2o/*
replace all shebangs by full /usr/local/bin/perl path

# /usr/local/etc/rc.d/h2o
procname="/usr/local/bin/perl"

# /usr/ports/www/h2o/Makefile
introduce perl as a dependency which is missing from the original patch.

Which works here at least for me. Is this ok for you Grzegorz?

Comment 6 commit-hook freebsd_committer

2015-09-18 09:57:29 UTC

A commit references this bug:

Author: junovitch
Date: Fri Sep 18 09:56:31 UTC 2015
New revision: 397229
URL: https://svnweb.freebsd.org/changeset/ports/397229

Log:
  MFH r393066,r396229,r396629,r397062:

  r393066
  www/h2o: 1.2.0 -> 1.4.2

  ChangeLog:
  https://github.com/h2o/h2o/releases

  PR:		200998
  Submitted by:	sean@x-n.su
  Approved by:	Dave Cottlehuber <dch@skunkwerks.at> (maintainer)

  r396229
  - Update to 1.4.4 [1]
  - Drop 8.x support [2]

  PR:		202818 [1]
  Submitted by:	Dave Cottlehuber (dch <at> skunkwerks <dot> at) [1]
  Approved by:	portmgr blanket [2]

  r396629
  - Fix rc.d script
  - Bump PORTVERSION

  PR:		202937
  Submitted by:	gblach
  Approved by:	Dave Cottlehuber (dch <at> skunkwerks <dot> at)

  r397062
  - Fix rc.d issues introduced with recent perl changes [1]
  - Update to 1.4.5 [2]

  PR:		203147 [1], 203096 [2]
  Submitted by:	Dave Cottlehuber (maintainer)

  Security:	31ea7f73-5c55-11e5-8607-74d02b9a84d5
  Security:	CVE-2015-5638
  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2015Q3/
  branches/2015Q3/www/h2o/Makefile
  branches/2015Q3/www/h2o/distinfo
  branches/2015Q3/www/h2o/files/h2o.conf.sample
  branches/2015Q3/www/h2o/files/h2o.in
  branches/2015Q3/www/h2o/files/patch-CMakeLists.txt
  branches/2015Q3/www/h2o/pkg-plist