16306: Remove daemontools dependency.

author Tom Clegg <tom@curii.com>

Mon, 4 Jan 2021 20:58:24 +0000 (15:58 -0500)

committer Tom Clegg <tom@curii.com>

Mon, 4 Jan 2021 20:58:24 +0000 (15:58 -0500)
author Tom Clegg <tom@curii.com>
Mon, 4 Jan 2021 20:58:24 +0000 (15:58 -0500)
committer Tom Clegg <tom@curii.com>
Mon, 4 Jan 2021 20:58:24 +0000 (15:58 -0500)
diff --git a/lib/boot/passenger.go b/lib/boot/passenger.go

index 4a605e35afb3c1a16346b74af0bba24522c1d720..84f51d0a71d19cd6cc2a5c2f42d4947a18952e02 100644 (file)
--- a/lib/boot/passenger.go
+++ b/lib/boot/passenger.go
@@ -148,11 +148,11 @@ func (runner runPassenger) Run(ctx context.Context, fail func(error), super *Sup
                 if super.ClusterType == "production" {
                         opts.user = "www-data"
                 } else {
                 if super.ClusterType == "production" {
                         opts.user = "www-data"
                 } else {
-                       // This would be desirable in the production
-                       // case too, but it fails with sudo because
-                       // /dev/stderr is a symlink to a pty owned by
-                       // root: "nginx: [emerg] open() "/dev/stderr"
-                       // failed (13: Permission denied)"
+                       // This would be desirable when changing uid
+                       // too, but it fails because /dev/stderr is a
+                       // symlink to a pty owned by root: "nginx:
+                       // [emerg] open() "/dev/stderr" failed (13:
+                       // Permission denied)"
                         cmdline = append(cmdline, "--log-file", "/dev/stderr")
                 }
                 err = super.RunProgram(ctx, appdir, opts, cmdline[0], cmdline[1:]...)
                         cmdline = append(cmdline, "--log-file", "/dev/stderr")
                 }
                 err = super.RunProgram(ctx, appdir, opts, cmdline[0], cmdline[1:]...)
diff --git a/lib/boot/postgresql.go b/lib/boot/postgresql.go

index daa0414a3ce84d5a66186cf07c5c3ece9687b940..4ed7603d2a55689a298041286dddca5f09643b97 100644 (file)
--- a/lib/boot/postgresql.go
+++ b/lib/boot/postgresql.go
@@ -60,6 +60,7 @@ func (runPostgreSQL) Run(ctx context.Context, fail func(error), super *Superviso
                 return err
         }
         prog, args := filepath.Join(bindir, "initdb"), []string{"-D", datadir, "-E", "utf8"}
                 return err
         }
         prog, args := filepath.Join(bindir, "initdb"), []string{"-D", datadir, "-E", "utf8"}
+       opts := runOptions{}
         if iamroot {
                 postgresUser, err := user.Lookup("postgres")
                 if err != nil {
         if iamroot {
                 postgresUser, err := user.Lookup("postgres")
                 if err != nil {
@@ -85,15 +86,9 @@ func (runPostgreSQL) Run(ctx context.Context, fail func(error), super *Superviso
                 if err != nil {
                         return err
                 }
                 if err != nil {
                         return err
                 }
-               // We can't use "sudo -u" here because it creates an
-               // intermediate process that interferes with our
-               // ability to reliably kill postgres. The setuidgid
-               // program just calls exec without forking, so it
-               // doesn't have this problem.
-               args = append([]string{"postgres", prog}, args...)
-               prog = "setuidgid"
-       }
-       err = super.RunProgram(ctx, super.tempdir, runOptions{}, prog, args...)
+               opts.user = "postgres"
+       }
+       err = super.RunProgram(ctx, super.tempdir, opts, prog, args...)
         if err != nil {
                 return err
         }
         if err != nil {
                 return err
         }
@@ -120,11 +115,11 @@ func (runPostgreSQL) Run(ctx context.Context, fail func(error), super *Superviso
                         "-k", datadir, // socket dir
                         "-p", super.cluster.PostgreSQL.Connection["port"],
                 }
                         "-k", datadir, // socket dir
                         "-p", super.cluster.PostgreSQL.Connection["port"],
                 }
+               opts := runOptions{}
                 if iamroot {
                 if iamroot {
-                       args = append([]string{"postgres", prog}, args...)
-                       prog = "setuidgid"
+                       opts.user = "postgres"
                 }
                 }
-               fail(super.RunProgram(ctx, super.tempdir, runOptions{}, prog, args...))
+               fail(super.RunProgram(ctx, super.tempdir, opts, prog, args...))
         }()
  
         for {
         }()
  
         for {
diff --git a/lib/boot/supervisor.go b/lib/boot/supervisor.go

index 5e88775e58b49ce49f868c552ebc3aeb70c7169c..e892d3e6239af78062936acabca66299f74a2c26 100644 (file)
--- a/lib/boot/supervisor.go
+++ b/lib/boot/supervisor.go
@@ -491,9 +491,6 @@ func (super *Supervisor) RunProgram(ctx context.Context, dir string, opts runOpt
  
         logprefix := prog
         {
  
         logprefix := prog
         {
-               if logprefix == "setuidgid" && len(args) >= 3 {
-                       logprefix = args[2]
-               }
                 innerargs := args
                 if logprefix == "sudo" {
                         for i := 0; i < len(args); i++ {
                 innerargs := args
                 if logprefix == "sudo" {
                         for i := 0; i < len(args); i++ {
@@ -556,6 +553,15 @@ func (super *Supervisor) RunProgram(ctx context.Context, dir string, opts runOpt
         cmd.Env = dedupEnv(env)
  
         if opts.user != "" {
         cmd.Env = dedupEnv(env)
  
         if opts.user != "" {
+               // Note: We use this approach instead of "sudo"
+               // because in certain circumstances (we are pid 1 in a
+               // docker container, and our passenger child process
+               // changes to pgid 1) the intermediate sudo process
+               // notices we have the same pgid as our child and
+               // refuses to propagate signals from us to our child,
+               // so we can't signal/shutdown our passenger/rails
+               // apps. "chpst" or "setuidgid" would work, but these
+               // few lines avoid depending on runit/daemontools.
                 u, err := user.Lookup(opts.user)
                 if err != nil {
                         return fmt.Errorf("user.Lookup(%q): %w", opts.user, err)
                 u, err := user.Lookup(opts.user)
                 if err != nil {
                         return fmt.Errorf("user.Lookup(%q): %w", opts.user, err)
diff --git a/lib/install/deps.go b/lib/install/deps.go

index 049df2564ad54a01094cce813bab427748e358b8..504cdff8f2e4ab24f834761cb7b9558643f6914b 100644 (file)
--- a/lib/install/deps.go
+++ b/lib/install/deps.go
@@ -141,7 +141,6 @@ func (inst *installCommand) RunCommand(prog string, args []string, stdin io.Read
                         "cadaver",
                         "curl",
                         "cython3",
                         "cadaver",
                         "curl",
                         "cython3",
-                       "daemontools", // lib/boot uses setuidgid to drop privileges when running as root
                         "default-jdk-headless",
                         "default-jre-headless",
                         "gettext",
                         "default-jdk-headless",
                         "default-jre-headless",
                         "gettext",
author	Tom Clegg <tom@curii.com>
	Mon, 4 Jan 2021 20:58:24 +0000 (15:58 -0500)
committer	Tom Clegg <tom@curii.com>
	Mon, 4 Jan 2021 20:58:24 +0000 (15:58 -0500)
lib/boot/passenger.go		patch \| blob \| history
lib/boot/postgresql.go		patch \| blob \| history
lib/boot/supervisor.go		patch \| blob \| history
lib/install/deps.go		patch \| blob \| history