From 57c3fbfb0f75dc38be717d52f29abe5bcefea1bb Mon Sep 17 00:00:00 2001
From: Tom Clegg <tom@curii.com>
Date: Mon, 4 Jan 2021 15:58:24 -0500
Subject: [PATCH] 16306: Remove daemontools dependency.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
---
 lib/boot/passenger.go  | 10 +++++-----
 lib/boot/postgresql.go | 19 +++++++------------
 lib/boot/supervisor.go | 12 +++++++++---
 lib/install/deps.go    |  1 -
 4 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/lib/boot/passenger.go b/lib/boot/passenger.go
index 4a605e35af..84f51d0a71 100644
--- a/lib/boot/passenger.go
+++ b/lib/boot/passenger.go
@@ -148,11 +148,11 @@ func (runner runPassenger) Run(ctx context.Context, fail func(error), super *Sup
 		if super.ClusterType == "production" {
 			opts.user = "www-data"
 		} else {
-			// This would be desirable in the production
-			// case too, but it fails with sudo because
-			// /dev/stderr is a symlink to a pty owned by
-			// root: "nginx: [emerg] open() "/dev/stderr"
-			// failed (13: Permission denied)"
+			// This would be desirable when changing uid
+			// too, but it fails because /dev/stderr is a
+			// symlink to a pty owned by root: "nginx:
+			// [emerg] open() "/dev/stderr" failed (13:
+			// Permission denied)"
 			cmdline = append(cmdline, "--log-file", "/dev/stderr")
 		}
 		err = super.RunProgram(ctx, appdir, opts, cmdline[0], cmdline[1:]...)
diff --git a/lib/boot/postgresql.go b/lib/boot/postgresql.go
index daa0414a3c..4ed7603d2a 100644
--- a/lib/boot/postgresql.go
+++ b/lib/boot/postgresql.go
@@ -60,6 +60,7 @@ func (runPostgreSQL) Run(ctx context.Context, fail func(error), super *Superviso
 		return err
 	}
 	prog, args := filepath.Join(bindir, "initdb"), []string{"-D", datadir, "-E", "utf8"}
+	opts := runOptions{}
 	if iamroot {
 		postgresUser, err := user.Lookup("postgres")
 		if err != nil {
@@ -85,15 +86,9 @@ func (runPostgreSQL) Run(ctx context.Context, fail func(error), super *Superviso
 		if err != nil {
 			return err
 		}
-		// We can't use "sudo -u" here because it creates an
-		// intermediate process that interferes with our
-		// ability to reliably kill postgres. The setuidgid
-		// program just calls exec without forking, so it
-		// doesn't have this problem.
-		args = append([]string{"postgres", prog}, args...)
-		prog = "setuidgid"
-	}
-	err = super.RunProgram(ctx, super.tempdir, runOptions{}, prog, args...)
+		opts.user = "postgres"
+	}
+	err = super.RunProgram(ctx, super.tempdir, opts, prog, args...)
 	if err != nil {
 		return err
 	}
@@ -120,11 +115,11 @@ func (runPostgreSQL) Run(ctx context.Context, fail func(error), super *Superviso
 			"-k", datadir, // socket dir
 			"-p", super.cluster.PostgreSQL.Connection["port"],
 		}
+		opts := runOptions{}
 		if iamroot {
-			args = append([]string{"postgres", prog}, args...)
-			prog = "setuidgid"
+			opts.user = "postgres"
 		}
-		fail(super.RunProgram(ctx, super.tempdir, runOptions{}, prog, args...))
+		fail(super.RunProgram(ctx, super.tempdir, opts, prog, args...))
 	}()
 
 	for {
diff --git a/lib/boot/supervisor.go b/lib/boot/supervisor.go
index 5e88775e58..e892d3e623 100644
--- a/lib/boot/supervisor.go
+++ b/lib/boot/supervisor.go
@@ -491,9 +491,6 @@ func (super *Supervisor) RunProgram(ctx context.Context, dir string, opts runOpt
 
 	logprefix := prog
 	{
-		if logprefix == "setuidgid" && len(args) >= 3 {
-			logprefix = args[2]
-		}
 		innerargs := args
 		if logprefix == "sudo" {
 			for i := 0; i < len(args); i++ {
@@ -556,6 +553,15 @@ func (super *Supervisor) RunProgram(ctx context.Context, dir string, opts runOpt
 	cmd.Env = dedupEnv(env)
 
 	if opts.user != "" {
+		// Note: We use this approach instead of "sudo"
+		// because in certain circumstances (we are pid 1 in a
+		// docker container, and our passenger child process
+		// changes to pgid 1) the intermediate sudo process
+		// notices we have the same pgid as our child and
+		// refuses to propagate signals from us to our child,
+		// so we can't signal/shutdown our passenger/rails
+		// apps. "chpst" or "setuidgid" would work, but these
+		// few lines avoid depending on runit/daemontools.
 		u, err := user.Lookup(opts.user)
 		if err != nil {
 			return fmt.Errorf("user.Lookup(%q): %w", opts.user, err)
diff --git a/lib/install/deps.go b/lib/install/deps.go
index 049df2564a..504cdff8f2 100644
--- a/lib/install/deps.go
+++ b/lib/install/deps.go
@@ -141,7 +141,6 @@ func (inst *installCommand) RunCommand(prog string, args []string, stdin io.Read
 			"cadaver",
 			"curl",
 			"cython3",
-			"daemontools", // lib/boot uses setuidgid to drop privileges when running as root
 			"default-jdk-headless",
 			"default-jre-headless",
 			"gettext",
-- 
2.30.2