Commit 93003735 by Łukasz Nowak

Update Release Candidate

2 parents fa2c988f b50f2166
......@@ -38,9 +38,9 @@ md5sum = 2202b18f269ad606d70e1864857ed93c
# inspired on http://old.aclark.net/team/aclark/blog/a-lamp-buildout-for-wordpress-and-other-php-apps/
recipe = slapos.recipe.cmmi
shared = false
version = 2.4.37
version = 2.4.38
url = https://archive.apache.org/dist/httpd/httpd-${:version}.tar.bz2
md5sum = 6a36e742180ee74bff97b28eee90c3f7
md5sum = 4a2b87ca55e42017d21f18724c560084
pre-configure =
cp -ar ${apr:location}/apr-${apr:version} srclib/apr/ &&
cp -ar ${apr-util:location}/apr-util-${apr-util:version} srclib/apr-util
......
......@@ -29,9 +29,9 @@ python = python2.7
[python2.7]
recipe = slapos.recipe.cmmi
shared = true
package_version = 2.7.14
package_version = 2.7.15
package_version_suffix =
md5sum = 1f6db41ad91d9eb0a6f0c769b8613c5b
md5sum = a80ae3cc478460b922242f43a1b4094d
# This is actually the default setting for prefix, but we can't use it in
# other settings in this part if we don't set it explicitly here.
......@@ -42,7 +42,7 @@ executable = ${:prefix}/bin/python${:version}
patch-options = -p1
patches =
${:_profile_base_location_}/fix_compiler_module_issue_20613.patch#94443a77f903e9de880a029967fa6aa7
${:_profile_base_location_}/pytracemalloc_pep445.patch#46662cf0ccc7cb7cfb8289bbfd68b21a
${:_profile_base_location_}/pytracemalloc_pep445.patch#3dfad79654af9671325f988c36fb6be2
${:_profile_base_location_}/disabled_module_list.patch#71ad30d32bcdbc50c19cf48675b1246e
${:_profile_base_location_}/asyncore_poll_insteadof_select.patch#ab6991c0ee6e25aeb8951e71f280a2f1
url =
......
diff -urN Python-2.7.10.ORIG/Include/objimpl.h Python-2.7.10/Include/objimpl.h
--- Python-2.7.10.ORIG/Include/objimpl.h 2015-05-24 01:08:59.000000000 +0900
+++ Python-2.7.10/Include/objimpl.h 2015-10-13 17:31:13.771317208 +0900
diff -Naru a/Include/objimpl.h b/Include/objimpl.h
--- a/Include/objimpl.h 2018-04-30 06:47:33.000000000 +0800
+++ b/Include/objimpl.h 2018-10-31 11:59:39.000000000 +0800
@@ -98,10 +98,8 @@
PyAPI_FUNC(void *) PyObject_Realloc(void *, size_t);
PyAPI_FUNC(void) PyObject_Free(void *);
......@@ -48,9 +48,9 @@ diff -urN Python-2.7.10.ORIG/Include/objimpl.h Python-2.7.10/Include/objimpl.h
/* for source compatibility with 2.2 */
#define _PyObject_Del PyObject_Free
diff -urN Python-2.7.10.ORIG/Include/pymem.h Python-2.7.10/Include/pymem.h
--- Python-2.7.10.ORIG/Include/pymem.h 2015-05-24 01:09:00.000000000 +0900
+++ Python-2.7.10/Include/pymem.h 2015-10-13 17:31:13.771317208 +0900
diff -Naru a/Include/pymem.h b/Include/pymem.h
--- a/Include/pymem.h 2018-04-30 06:47:33.000000000 +0800
+++ b/Include/pymem.h 2018-10-31 12:00:33.000000000 +0800
@@ -11,6 +11,11 @@
extern "C" {
#endif
......@@ -96,9 +96,9 @@ diff -urN Python-2.7.10.ORIG/Include/pymem.h Python-2.7.10/Include/pymem.h
/* Returns NULL to indicate error if a negative size or size larger than
Py_ssize_t can represent is supplied. Helps prevents security holes. */
-#define PyMem_MALLOC(n) ((size_t)(n) > (size_t)PY_SSIZE_T_MAX ? NULL \
- : malloc((n) ? (n) : 1))
- : malloc(((n) != 0) ? (n) : 1))
-#define PyMem_REALLOC(p, n) ((size_t)(n) > (size_t)PY_SSIZE_T_MAX ? NULL \
- : realloc((p), (n) ? (n) : 1))
- : realloc((p), ((n) != 0) ? (n) : 1))
-#define PyMem_FREE free
-
-#endif /* PYMALLOC_DEBUG */
......@@ -176,10 +176,10 @@ diff -urN Python-2.7.10.ORIG/Include/pymem.h Python-2.7.10/Include/pymem.h
#ifdef __cplusplus
}
#endif
diff -urN Python-2.7.10.ORIG/Objects/object.c Python-2.7.10/Objects/object.c
--- Python-2.7.10.ORIG/Objects/object.c 2015-05-24 01:09:22.000000000 +0900
+++ Python-2.7.10/Objects/object.c 2015-10-13 17:31:13.771317208 +0900
@@ -2335,27 +2335,6 @@
diff -Naru a/Objects/object.c b/Objects/object.c
--- a/Objects/object.c 2018-04-30 06:47:33.000000000 +0800
+++ b/Objects/object.c 2018-10-31 12:00:49.000000000 +0800
@@ -2340,27 +2340,6 @@
Py_ssize_t (*_Py_abstract_hack)(PyObject *) = PyObject_Size;
......@@ -206,10 +206,10 @@ diff -urN Python-2.7.10.ORIG/Objects/object.c Python-2.7.10/Objects/object.c
-
/* These methods are used to control infinite recursion in repr, str, print,
etc. Container objects that may recursively contain themselves,
e.g. builtin dictionaries and lists, should used Py_ReprEnter() and
diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
--- Python-2.7.10.ORIG/Objects/obmalloc.c 2015-05-24 01:09:22.000000000 +0900
+++ Python-2.7.10/Objects/obmalloc.c 2015-10-13 17:37:24.665726972 +0900
e.g. builtin dictionaries and lists, should use Py_ReprEnter() and
diff -Naru a/Objects/obmalloc.c b/Objects/obmalloc.c
--- a/Objects/obmalloc.c 2018-04-30 06:47:33.000000000 +0800
+++ b/Objects/obmalloc.c 2018-10-31 12:01:05.000000000 +0800
@@ -18,6 +18,281 @@
#endif
#endif
......@@ -492,6 +492,15 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
#ifdef WITH_PYMALLOC
#ifdef HAVE_MMAP
@@ -214,7 +489,7 @@
* Arenas are allocated with mmap() on systems supporting anonymous memory
* mappings to reduce heap fragmentation.
*/
-#define ARENA_SIZE (256 << 10) /* 256KiB */
+#define ARENA_SIZE (256 << 10) /* 256KB */
#ifdef WITH_MEMORY_LIMITS
#define MAX_ARENAS (SMALL_MEMORY_LIMIT / ARENA_SIZE)
@@ -581,7 +856,7 @@
return NULL; /* overflow */
#endif
......@@ -529,10 +538,12 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
* This implicitly redirects malloc(0).
*/
if ((nbytes - 1) < SMALL_REQUEST_THRESHOLD) {
@@ -983,15 +1248,14 @@
@@ -981,17 +1246,13 @@
* last chance to serve the request) or when the max memory limit
* has been reached.
*/
if (nbytes == 0)
nbytes = 1;
- if (nbytes == 0)
- nbytes = 1;
- return (void *)malloc(nbytes);
+ return PyMem_Malloc(nbytes);
}
......@@ -540,7 +551,7 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
/* free */
-#undef PyObject_Free
ATTRIBUTE_NO_ADDRESS_SAFETY_ANALYSIS
-ATTRIBUTE_NO_ADDRESS_SAFETY_ANALYSIS
-void
-PyObject_Free(void *p)
+static void
......@@ -548,7 +559,7 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
{
poolp pool;
block *lastfree;
@@ -1211,7 +1475,7 @@
@@ -1211,7 +1472,7 @@
redirect:
#endif
/* We didn't allocate this address. */
......@@ -557,12 +568,12 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
}
/* realloc. If p is NULL, this acts like malloc(nbytes). Else if nbytes==0,
@@ -1219,10 +1483,9 @@
@@ -1219,10 +1480,8 @@
* return a non-NULL result.
*/
-#undef PyObject_Realloc
ATTRIBUTE_NO_ADDRESS_SAFETY_ANALYSIS
-ATTRIBUTE_NO_ADDRESS_SAFETY_ANALYSIS
-void *
-PyObject_Realloc(void *p, size_t nbytes)
+static void *
......@@ -570,7 +581,7 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
{
void *bp;
poolp pool;
@@ -1232,16 +1495,7 @@
@@ -1232,16 +1491,7 @@
#endif
if (p == NULL)
......@@ -588,7 +599,7 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
#ifdef WITH_VALGRIND
/* Treat running_on_valgrind == -1 the same as 0 */
@@ -1269,10 +1523,10 @@
@@ -1269,10 +1519,10 @@
}
size = nbytes;
}
......@@ -601,7 +612,7 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
}
return bp;
}
@@ -1290,40 +1544,17 @@
@@ -1290,40 +1540,17 @@
* at p. Instead we punt: let C continue to manage this block.
*/
if (nbytes)
......@@ -644,7 +655,7 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
#endif /* WITH_PYMALLOC */
#ifdef PYMALLOC_DEBUG
@@ -1343,10 +1574,6 @@
@@ -1343,10 +1570,6 @@
#define DEADBYTE 0xDB /* dead (newly freed) memory */
#define FORBIDDENBYTE 0xFB /* untouchable bytes at each end of a block */
......@@ -655,7 +666,7 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
static size_t serialno = 0; /* incremented on each debug {m,re}alloc */
/* serialno is always incremented via calling this routine. The point is
@@ -1429,58 +1656,18 @@
@@ -1429,58 +1652,18 @@
p[2*S+n: 2*S+n+S]
Copies of FORBIDDENBYTE. Used to catch over- writes and reads.
p[2*S+n+S: 2*S+n+2*S]
......@@ -719,7 +730,7 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
uchar *p; /* base address of malloc'ed block */
uchar *tail; /* p + 2*SST + nbytes == pointer to tail pad bytes */
size_t total; /* nbytes + 4*SST */
@@ -1491,14 +1678,14 @@
@@ -1491,14 +1674,14 @@
/* overflow: can't represent total as a size_t */
return NULL;
......@@ -737,7 +748,7 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
if (nbytes > 0)
memset(p + 2*SST, CLEANBYTE, nbytes);
@@ -1516,35 +1703,37 @@
@@ -1516,35 +1699,37 @@
Then fills the original bytes with DEADBYTE.
Then calls the underlying free.
*/
......@@ -784,11 +795,11 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
bumpserialno();
original_nbytes = read_size_t(q - 2*SST);
total = nbytes + 4*SST;
@@ -1552,24 +1741,26 @@
@@ -1552,16 +1737,12 @@
/* overflow: can't represent total as a size_t */
return NULL;
- if (nbytes < original_nbytes) {
- if (nbytes <= original_nbytes) {
- /* shrinking: mark old extra memory dead */
- memset(q + nbytes, DEADBYTE, original_nbytes - nbytes + 2*SST);
- }
......@@ -800,10 +811,14 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
- q = (uchar *)PyObject_Realloc(q - 2*SST, total);
+ oldq = q;
+ q = (uchar *)api->alloc.realloc(api->alloc.ctx, q - 2*SST, total);
if (q == NULL)
if (q == NULL) {
if (nbytes <= original_nbytes) {
/* bpo-31626: the memset() above expects that realloc never fails
@@ -1571,11 +1752,17 @@
return NULL;
}
+ if (q == oldq && nbytes < original_nbytes) {
+ if (q == oldq && nbytes <= original_nbytes) {
+ /* shrinking: mark old extra memory dead */
+ memset(q + nbytes, DEADBYTE, original_nbytes - nbytes);
+ }
......@@ -818,7 +833,7 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
tail = q + nbytes;
memset(tail, FORBIDDENBYTE, SST);
write_size_t(tail + SST, serialno);
@@ -1588,8 +1779,8 @@
@@ -1594,8 +1781,8 @@
* and call Py_FatalError to kill the program.
* The API id, is also checked.
*/
......@@ -829,7 +844,7 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
{
const uchar *q = (const uchar *)p;
char msgbuf[64];
@@ -1935,3 +2126,44 @@
@@ -1941,3 +2128,44 @@
arenas[arenaindex_temp].address != 0;
}
#endif
......@@ -838,7 +853,7 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
+#if defined(WITH_PYMALLOC) && defined(PYMALLOC_DEBUG)
+/* Dummy functions only present to keep the same ABI with the vanilla Python
+ compiled in debug mode: they are not used in practice. See issue:
+ https://github.com/haypo/pytracemalloc/issues/1 */
+ https://github.com/vstinner/pytracemalloc/issues/1 */
+
+void* _PyMem_DebugMalloc(size_t nbytes)
+{ return PyMem_RawMalloc(nbytes); }
......@@ -874,11 +889,11 @@ diff -urN Python-2.7.10.ORIG/Objects/obmalloc.c Python-2.7.10/Objects/obmalloc.c
+{}
+#endif
+
diff -urN Python-2.7.10.ORIG/Python/pythonrun.c Python-2.7.10/Python/pythonrun.c
--- Python-2.7.10.ORIG/Python/pythonrun.c 2015-05-24 01:09:24.000000000 +0900
+++ Python-2.7.10/Python/pythonrun.c 2015-10-13 17:31:13.771317208 +0900
@@ -137,6 +137,41 @@
return flag;
diff -Naru a/Python/pythonrun.c b/Python/pythonrun.c
--- a/Python/pythonrun.c 2018-04-30 06:47:33.000000000 +0800
+++ b/Python/pythonrun.c 2018-10-31 12:01:31.000000000 +0800
@@ -158,6 +158,42 @@
return 0;
}
+static void
......@@ -916,15 +931,16 @@ diff -urN Python-2.7.10.ORIG/Python/pythonrun.c Python-2.7.10/Python/pythonrun.c
+ Py_XDECREF(res);
+}
+
+
void
Py_InitializeEx(int install_sigs)
{
@@ -266,6 +301,8 @@
_PyGILState_Init(interp, tstate);
#endif /* WITH_THREAD */
+ inittracemalloc();
+
@@ -290,6 +326,8 @@
if (!Py_NoSiteFlag)
initsite(); /* Module site */
+ inittracemalloc();
+
if ((p = Py_GETENV("PYTHONIOENCODING")) && *p != '\0') {
p = icodeset = codeset = strdup(p);
free_codeset = 1;
......@@ -21,7 +21,7 @@ configure-options =
environment =
PATH=${xz-utils:location}/bin:%(PATH)s
CPPFLAGS=-I${gdbm:location}/include -I${libffi:location}/include -I${libyaml:location}/include -I${ncurses:location}/include -I${ncurses:location}/include/ncursesw -I${openssl-1.0:location}/include -I${readline:location}/include -I${zlib:location}/include
LDFLAGS=-L${gdbm:location}/lib -L${libffi:location}/lib -L${libyaml:location}/lib -L${ncurses:location}/lib -L${openssl-1.0:location}/lib -L${readline:location}/lib -L${zlib:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${libffi:location}/lib -Wl,-rpath=${libyaml:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${zlib:location}/lib
LDFLAGS=-L${gdbm:location}/lib -L${libffi:location}/lib -L${libyaml:location}/lib -L${ncurses:location}/lib -L${openssl-1.0:location}/lib -L${readline:location}/lib -L${zlib:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${libffi:location}/lib -Wl,-rpath=${libyaml:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${openssl-1.0:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${zlib:location}/lib
PKG_CONFIG_PATH=${libyaml:location}/lib/
......
......@@ -4,8 +4,8 @@ parts =
[zstd]
recipe = slapos.recipe.cmmi
url = https://github.com/facebook/zstd/archive/v1.3.5.tar.gz
md5sum = d2fc97be4852d666f086282053c02319
url = https://github.com/facebook/zstd/archive/v1.3.8.tar.gz
md5sum = 0e85b062003729776c6114cd9632cf75
shared = true
location = @@LOCATION@@
configure-command = :
......
......@@ -97,6 +97,7 @@
"title": "SSL Backend Authority's Certificate",
"description": "Content of the SSL Certificate Authority file of the backend (to be used with ssl-proxy-verify)",
"type": "string",
"textarea": true,
"default": ""
},
"monitor-ipv6-test": {
......
......@@ -14,7 +14,7 @@
# not need these here).
[template]
filename = instance.cfg.in
md5sum = de7e30546a952e306e2a74f8492ab419
md5sum = 2747f9125c8dffa0c27b79a6902a55cb
[template-common]
filename = instance-common.cfg.in
......@@ -22,15 +22,15 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend]
filename = instance-apache-frontend.cfg.in
md5sum = 2c8e1dd8df4a225b4a8d8f70688a85ca
md5sum = da7b5804d50c727412885e8b818ca433
[template-apache-replicate]
filename = instance-apache-replicate.cfg.in
md5sum = 6a86edb96b171fbd0a59d0adc9cc906b
md5sum = 86f15c85054800a55a7093d37b03cdce
[template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
md5sum = 4b06918875e889f850c5aca0d8c57796
md5sum = 5b91c0079b42780054da004f8fc6f26b
[template-slave-configuration]
filename = templates/custom-virtualhost.conf.in
......@@ -58,11 +58,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in
md5sum = a0b5a3dbf7b1d6622a52173ef5a90e72
md5sum = e57b9ae012f777482295698a23b7e850
[template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in
md5sum = c64f8ac7ec439460877ce5a5c5ccf1f7
md5sum = 907372828d1ceb05c41240078196f439
[template-log-access]
filename = templates/template-log-access.conf.in
......@@ -94,7 +94,7 @@ md5sum = 176cbca2070734a185a7ae5a4d1181c5
[template-nginx-notebook-slave-virtualhost]
filename = templates/nginx-notebook-slave.conf.in
md5sum = 2b765db72191197122554df17ad471d1
md5sum = ee3b5c23f1c81aa43ce7cd8f8e327f70
[template-apache-lazy-script-call]
filename = templates/apache-lazy-script-call.sh.in
......
......@@ -202,6 +202,8 @@ extra-context =
key login_ca_crt ca-custom-frontend:rendered
key enable_http2_by_default configuration:enable-http2-by-default
key global_disable_http2 configuration:global-disable-http2
key proxy_try_duration configuration:proxy-try-duration
key proxy_try_interval configuration:proxy-try-interval
key access_log caddy-configuration:access-log
key error_log caddy-configuration:error-log
key sixtunnel_executable :sixtunnel_executable
......
......@@ -80,19 +80,19 @@ context =
{% do used_host_list.append(custom_domain) %}
{% endif %}
{% if slave.get('server-alias') %}
{% for slave_alias in slave['server-alias'].split() %}
{% for slave_alias in ('' ~ slave['server-alias']).split() %}
{% if slave_alias.startswith('*.') %}
{% set clean_slave_alias = slave_alias[2:] %}
{% else %}
{% set clean_slave_alias = slave_alias %}
{% endif %}
{% if not validators.domain(clean_slave_alias) %}
{% do slave_error_list.append('server-alias %r not valid' % (slave_alias,)) %}
{% do slave_error_list.append('server-alias \'%s\' not valid' % (slave_alias,)) %}
{% else %}
{% if slave_alias in slave_server_alias_unclashed or slave_alias == custom_domain %}
{# optionally do something about reporting back that server-alias has been unclashed #}
{% elif slave_alias in used_host_list %}
{% do slave_error_list.append('server-alias %r clashes' % (slave_alias,)) %}
{% do slave_error_list.append('server-alias \'%s\' clashes' % (slave_alias,)) %}
{% else %}
{% do slave_server_alias_unclashed.append(slave_alias) %}
{% do used_host_list.append(slave_alias) %}
......@@ -107,18 +107,18 @@ context =
{% if not unauthorized_message in slave_error_list %}
{% do slave_error_list.append(unauthorized_message) %}
{% endif %}
{% elif subprocess_module.call([caddy_custom_http_validator, slave[key]]) == 1 %}
{% elif subprocess_module.call([caddy_custom_http_validator, '' ~ slave[key]]) == 1 %}
{% do slave_error_list.append('slave %s configuration invalid' % (key,)) %}
{% endif %}
{% endif %}
{% endfor %} {# for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] #}
{% if slave.get('url') %}
{% if subprocess_module.call([caddy_backend_url_validator, slave['url']]) == 1 %}
{% if subprocess_module.call([caddy_backend_url_validator, '' ~ slave['url']]) == 1 %}
{% do slave_error_list.append('slave url %r invalid' % (slave['url'],)) %}
{% endif %}
{% endif %}
{% if slave.get('https-url') %}
{% if subprocess_module.call([caddy_backend_url_validator, slave['https-url']]) == 1 %}
{% if subprocess_module.call([caddy_backend_url_validator, '' ~ slave['https-url']]) == 1 %}
{% do slave_error_list.append('slave https-url %r invalid' % (slave['https-url'],)) %}
{% endif %}
{% endif %}
......@@ -128,17 +128,18 @@ context =
{% if slave.get('ssl_key') and slave.get('ssl_crt') %}
{% set key_popen = popen([openssl, 'rsa', '-noout', '-modulus']) %}
{% set crt_popen = popen([openssl, 'x509', '-noout', '-modulus']) %}
{% set key_modulus = key_popen.communicate(slave['ssl_key'])[0] | trim %}
{% set crt_modulus = crt_popen.communicate(slave['ssl_crt'])[0] | trim %}
{% set key_modulus = key_popen.communicate('' ~ slave['ssl_key'])[0] | trim %}
{% set crt_modulus = crt_popen.communicate('' ~ slave['ssl_crt'])[0] | trim %}
{% if not key_modulus or key_modulus != crt_modulus %}
{% do slave_error_list.append('slave ssl_key and ssl_crt does not match') %}
{% endif %}
{% endif %}
{% if slave.get('custom_domain') %}
{% if slave['custom_domain'].startswith('*.') %}
{% set clean_custom_domain = slave['custom_domain'][2:] %}
{% set slave_custom_domain = '' ~ slave['custom_domain'] %}
{% if slave_custom_domain.startswith('*.') %}
{% set clean_custom_domain = slave_custom_domain[2:] %}
{% else %}
{% set clean_custom_domain = slave['custom_domain'] %}
{% set clean_custom_domain = slave_custom_domain %}
{% endif %}
{% if not validators.domain(clean_custom_domain) %}
{% do slave_error_list.append('custom_domain %r invalid' % (slave['custom_domain'],)) %}
......
......@@ -86,6 +86,18 @@
],
"title": "Enable QUIC",
"type": "string"
},
"proxy-try-duration": {
"default": 5,
"description": "A time during which Caddy will try to establish connection with a backend. Setting it to 0 will result with immediate return of 502 EOF error to the browser, even if it would be possible to (re)connect to the backend during few moments. More info in https://caddyserver.com/docs/proxy try_durtion.",
"title": "Duration in seconds of trying a backend",
"type": "integer"
},
"proxy-try-interval": {
"default": 250,
"description": "How often Caddy will try to establish connection with a backend during proxy-try-duration. More info in https://caddyserver.com/docs/proxy try_interval",
"title": "Interval in milliseconds of tries during proxy-try-duration",
"type": "integer"
}
},
"title": "Input Parameters",
......
......@@ -163,6 +163,7 @@
"ssl_proxy_ca_crt": {
"default": "",
"description": "Content of the SSL Certificate Authority file of the backend (to be used with ssl-proxy-verify)",
"textarea": true,
"title": "SSL Backend Authority's Certificate",
"type": "string"
},
......
......@@ -102,3 +102,5 @@ configuration.enable-quic = false
configuration.mpm-graceful-shutdown-timeout = 5
configuration.monitor-httpd-port = 8072
configuration.frontend-name =
configuration.proxy-try-duration = 5
configuration.proxy-try-interval = 250
......@@ -66,6 +66,10 @@ crl = {{ custom_ssl_directory }}/crl/
{% do slave_instance.__setitem__('enable_http2_by_default', enable_http2_by_default) %}
{% do slave_instance.__setitem__('global_disable_http2', global_disable_http2) %}
{# Pass proxy_try_duration and proxy_try_interval #}
{% do slave_instance.__setitem__('proxy_try_duration', proxy_try_duration) %}
{% do slave_instance.__setitem__('proxy_try_interval', proxy_try_interval) %}
{# Set Up log files #}
{% do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) %}
{% do slave_parameter_dict.__setitem__('error_log', '/'.join([caddy_log_directory, '%s_error_log' % slave_reference])) %}
......@@ -158,7 +162,7 @@ bytes = 8
{# Set ssl certificates for each slave #}
{% for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt')%}
{% if cert_name in slave_instance %}
{% if slave_instance.get(cert_name) %}
{% set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %}
{% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
{% do part_list.append(cert_title) %}
......@@ -183,7 +187,7 @@ value = {{ dumps(slave_instance.get(cert_name)) }}
{% do slave_instance.__setitem__('login_ca_crt', login_ca_crt) %}
{% do slave_parameter_dict.__setitem__('ssl_crt', login_certificate) %}
{% do slave_parameter_dict.__setitem__('ssl_key', login_key) %}
{% if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %}
{% if slave_instance.get('ssl_key') and slave_instance.get('ssl_crt') %}
{% set cert_title = '%s-crt' % (slave_reference) %}
{% set key_title = '%s-key' % (slave_reference) %}
{% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
......@@ -207,7 +211,7 @@ extra-context =
< = jinja2-template-base
template = {{ empty_template }}
rendered = {{ cert_file }}
cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.get('ssl_ca_crt', '')) }}
cert-content = {{ dumps('%s\n%s' % (slave_instance.get('ssl_crt'), slave_instance.get('ssl_ca_crt', '') or '')) }}
extra-context =
key content :cert-content
{% endif %}
......@@ -215,21 +219,33 @@ extra-context =
{# ########################################## #}
{# Set Slave Configuration #}
[{{ slave_configuration_section_name }}]
https_port = {{ dumps(https_port) }}
http_port = {{ dumps(http_port) }}
local_ipv4 = {{ dumps(local_ipv4) }}
nginx_http_port = {{ dumps(nginx_http_port) }}
nginx_https_port = {{ dumps(nginx_https_port) }}
cached_port = {{ dumps(cached_port) }}
ssl_cached_port = {{ (ssl_cached_port) }}
https_port = {{ dumps('' ~ https_port) }}
http_port = {{ dumps('' ~ http_port) }}
local_ipv4 = {{ dumps('' ~ local_ipv4) }}
nginx_http_port = {{ dumps('' ~ nginx_http_port) }}
nginx_https_port = {{ dumps('' ~ nginx_https_port) }}
cached_port = {{ dumps('' ~ cached_port) }}
ssl_cached_port = {{ ('' ~ ssl_cached_port) }}
{# BBB: apache_custom_https and apache_custom_http #}
{% set caddy_custom_http = ((slave_instance.pop('caddy_custom_http', slave_instance.pop('apache_custom_http', ''))) % slave_parameter_dict) %}
{% set caddy_custom_https = ((slave_instance.pop('caddy_custom_https', slave_instance.pop('apache_custom_https', ''))) % slave_parameter_dict) %}
{% set caddy_custom_http_template = slave_instance.pop('caddy_custom_http', slave_instance.pop('apache_custom_http', '')) %}
{% set caddy_custom_https_template = slave_instance.pop('caddy_custom_https', slave_instance.pop('apache_custom_https', '')) %}
{% if caddy_custom_http_template is not none %}
{% set caddy_custom_http = ('' ~ caddy_custom_http_template) % slave_parameter_dict %}
caddy_custom_http = {{ dumps(caddy_custom_http) }}
{% else %}
{% set caddy_custom_http = None %}
{% endif %}
{% if caddy_custom_https_template is not none %}
{% set caddy_custom_https = ('' ~ caddy_custom_https_template) % slave_parameter_dict %}
caddy_custom_https = {{ dumps(caddy_custom_https) }}
{% else %}
{% set caddy_custom_https = None %}
{% endif %}
{{ '\n' }}
{% for key, value in slave_instance.iteritems() %}
{{ key }} = {{ dumps(value) }}
{% if value is not none %}
{{ key }} = {{ dumps('' ~ value) }}
{% endif %}
{% endfor %}
[{{ slave_section_title }}]
......@@ -295,7 +311,7 @@ filename = {{ monitor_ipv4_section_title }}
wrapper-path = {{ promise_directory }}/${:filename}
{% endif %}
{% set re6st_optimal_test = slave_instance.get('re6st-optimal-test', '') %}
{% set re6st_optimal_test = '' ~ slave_instance.get('re6st-optimal-test', '') %}
{% set re6st_ipv6 = None %}
{% set re6st_ipv4 = None %}
{% if ',' in re6st_optimal_test %}
......
......@@ -21,6 +21,8 @@
gzip
# Rewrite part
proxy / {{ slave_parameter.get('backend_url', '') }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
......@@ -42,6 +44,8 @@
# Compress the output
gzip
proxy / {{ slave_parameter.get('https_backend_url', '') }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
transparent
......
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{%- set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES %}
{%- set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES %}
{%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES %}
{%- set disable_no_cache_header = slave_parameter.get('disable-no-cache-request', '').lower() in TRUE_VALUES %}
{%- set disable_via_header = slave_parameter.get('disable-via-header', '').lower() in TRUE_VALUES %}
{%- set prefer_gzip = slave_parameter.get('prefer-gzip-encoding-to-backend', '').lower() in TRUE_VALUES %}
{%- set proxy_append_list = [('', 'Default proxy configuration')] %}
{%- if prefer_gzip %}
{%- do proxy_append_list.append(('prefer-gzip', 'Proxy which always overrides Accept-Encoding to gzip if such is found')) %}
{%- endif %} {#- if prefer_gzip #}
{%- set server_alias_list = slave_parameter.get('server-alias', '').split() %}
{%- set enable_h2 = slave_parameter['global_disable_http2'].lower() not in TRUE_VALUES and ('' ~ slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default'])).lower() in TRUE_VALUES %}
{%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES %}
{%- set enable_h2 = slave_parameter['global_disable_http2'].lower() not in TRUE_VALUES and slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default']).lower() in TRUE_VALUES %}
{%- set ssl_proxy_verify = slave_parameter.get('ssl-proxy-verify', '').lower() in TRUE_VALUES %}
{%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %}
{%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES %}
{%- set https_only = slave_parameter.get('https-only', '').lower() in TRUE_VALUES %}
{%- set slave_type = slave_parameter.get('type', '') %}
{%- set host_list = server_alias_list %}
{%- if slave_parameter.get('custom_domain') not in host_list %}
......@@ -67,6 +67,8 @@
{%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }}
proxy /{{ proxy_name }} {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
{%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip
header_upstream Accept-Encoding gzip
......@@ -138,6 +140,8 @@
{%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }}
proxy /{{ proxy_name }} {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
{%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip
header_upstream Accept-Encoding gzip
......@@ -216,6 +220,8 @@
{%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }}
proxy /{{ proxy_name }} {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
{%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip
header_upstream Accept-Encoding gzip
......@@ -281,6 +287,8 @@
{%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }}
proxy /{{ proxy_name }} {{ slave_parameter.get('url', '') }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
{%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip
header_upstream Accept-Encoding gzip
......
......@@ -17,6 +17,8 @@ https://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_htt
}
proxy / {{ https_upstream }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
transparent
insecure_skip_verify
}
......@@ -25,6 +27,8 @@ https://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_htt
to /proxy/{1}
}
proxy /proxy/ {{ https_upstream }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
header_upstream X-Real-IP {remote}
header_upstream Host {host}
websocket
......@@ -42,6 +46,8 @@ http://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_http
errors {{ slave_parameter.get('error_log') }}
proxy / {{ upstream }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
transparent
insecure_skip_verify
}
......@@ -50,6 +56,8 @@ http://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_http
to /proxy/{1}
}
proxy /proxy/ {{ upstream }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
header_upstream X-Real-IP {remote}
header_upstream Host {host}
websocket
......
......@@ -187,6 +187,18 @@ class CertificateAuthority(object):
return certificate, certificate.public_bytes(serialization.Encoding.PEM)
def subprocess_output(*args, **kwargs):
prc = subprocess.Popen(
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
*args,
**kwargs
)
out, err = prc.communicate()
return out
def isHTTP2(domain, ip):
curl_command = 'curl --http2 -v -k -H "Host: %(domain)s" ' \
'https://%(domain)s:%(https_port)s/ '\
......@@ -456,6 +468,8 @@ class TestMasterRequestDomain(HttpFrontendTestCase, TestDataMixin):
class TestHandler(BaseHTTPRequestHandler):
def do_GET(self):
timeout = int(self.headers.dict.get('Timeout', '0'))
time.sleep(timeout)
self.send_response(200)
self.send_header("Content-type", "application/json")
self.send_header('Set-Cookie', 'secured=value;secure')
......@@ -1157,7 +1171,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
'test-path/deep/.././deeper',
headers={'Timeout': '10'} # more than default proxy-try-duration == 5
)
self.assertEqual(
self.certificate_pem,
......@@ -1171,6 +1187,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys())
self.assertEqual(j['Incoming Headers']['timeout'], '10')
self.assertFalse('Content-Encoding' in result.headers)
self.assertEqual(
......@@ -1196,6 +1214,14 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
result_http.headers['Set-Cookie']
)
# check that try_duration == 5 in the test_url slave
slave_configuration_file = glob.glob(os.path.join(
self.instance_path, '*', 'etc', '*slave-conf.d', '_url.conf'))[0]
with open(slave_configuration_file) as fh:
content = fh.read()
self.assertTrue('try_duration 5s' in content)
self.assertTrue('try_interval 250ms' in content)
@skip('Feature postponed')
def test_url_ipv6_access(self):
parameter_dict = self.parseSlaveParameterDict('url')
......@@ -2395,7 +2421,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'check-_monitor-ipv6-test-ipv6-packet-list-test'))[0]
self.assertEqual(
'-a monitor-ipv6-test',
subprocess.check_output(monitor_file).strip()
subprocess_output(monitor_file).strip()
)
def test_monitor_ipv4_test(self):
......@@ -2437,7 +2463,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'check-_monitor-ipv4-test-ipv4-packet-list-test'))[0]
self.assertEqual(
'-4 -a monitor-ipv4-test',
subprocess.check_output(monitor_file).strip()
subprocess_output(monitor_file).strip()
)
def test_re6st_optimal_test(self):
......@@ -2480,7 +2506,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'check-_re6st-optimal-test-re6st-optimal-test'))[0]
self.assertEqual(
'-4 ipv4 -6 ipv6',
subprocess.check_output(monitor_file).strip()
subprocess_output(monitor_file).strip()
)
def test_enable_cache(self):
......@@ -3825,7 +3851,7 @@ https://www.google.com {}""",
# correctly passed to the script.
self.assertEqual(
'-4 newline [s${esection:eoption} -6 new line;rm -fr ~;',
subprocess.check_output(monitor_file).strip()
subprocess_output(monitor_file).strip()
)
def test_re6st_optimal_test_nocomma(self):
......@@ -4014,7 +4040,7 @@ https://www.google.com {}""",
'check-_monitor-ipv4-test-unsafe-ipv4-packet-list-test'))[0]
self.assertEqual(
'-4 -a ${section:option} afternewline ipv4',
subprocess.check_output(monitor_file).strip()
subprocess_output(monitor_file).strip()
)
def test_monitor_ipv6_test_unsafe(self):
......@@ -4056,7 +4082,7 @@ https://www.google.com {}""",
'check-_monitor-ipv6-test-unsafe-ipv6-packet-list-test'))[0]
self.assertEqual(
'-a ${section:option} afternewline ipv6',
subprocess.check_output(monitor_file).strip()
subprocess_output(monitor_file).strip()
)
def test_ssl_key_ssl_crt_unsafe(self):
......
# THIS IS NOT A BUILDOUT FILE, despite purposedly using a compatible syntax.
# The only allowed lines here are (regexes):
# - "^#" comments, copied verbatim
# - "^[" section beginings, copied verbatim
# - lines containing an "=" sign which must fit in the following categorie.
# - "^\s*filename\s*=\s*path\s*$" where "path" is relative to this file
# Copied verbatim.
# - "^\s*hashtype\s*=.*" where "hashtype" is one of the values supported
# by the re-generation script.
# Re-generated.
# - other lines are copied verbatim
# Substitution (${...:...}), extension ([buildout] extends = ...) and
# section inheritance (< = ...) are NOT supported (but you should really
# not need these here).
[template]
filename = instance.cfg.in
md5sum = 028b6a6456d744c11b1bb2c51ecd51b2
[template-kvm]
filename = instance-kvm.cfg.jinja2
md5sum = e30912b1256bb093329ee3c108666f05
[template-kvm-cluster]
filename = instance-kvm-cluster.cfg.jinja2.in
md5sum = 63fa784d8946d0b6e3fbd6381e1ea9f4
[template-kvm-resilient]
filename = instance-kvm-resilient.cfg.jinja2
md5sum = c189bce8b196a3b5bcb01526a3f9b2aa
[template-kvm-import]
filename = instance-kvm-import.cfg.jinja2.in
md5sum = dc3f3ad9ebd8b3b5c3ded57b91cee9c7
[template-kvm-import-script]
filename = template/kvm-import.sh.jinja2
md5sum = cd0008f1689dfca9b77370bc4d275b70
[template-kvm-export]
filename = instance-kvm-export.cfg.jinja2
md5sum = 00ce5e6da3c833d9d9d1825311f11a81
[template-kvm-export-script]
filename = template/kvm-export.sh.jinja2
md5sum = b617d64de73de1eed518185f310bbc82
[template-nbd]
filename = instance-nbd.cfg.in
md5sum = f634a5249b773658b7a7bc9fa9bb0368
[template-frontend]
filename = instance-frontend.cfg.in
md5sum = cdb690495e9eb007d2b7d2f8e12f5c59
[template-ansible-promise]
filename = template/ansible-promise.in
md5sum = 2036bf145f472f62ef8dee5e729328fd
[template-kvm-run]
filename = template/template-kvm-run.in
md5sum = 9e40246b4bc4f968f0631016c939b014
[template-kvm-controller]
filename = template/kvm-controller-run.in
md5sum = b96cba47c97f277c857176d69e086a12
[template-apache-conf]
filename = template/apache.conf.in
md5sum = ac97f6a52e1c5a19a646242ef85abb8a
[template-content]
filename = template/template-content.in
md5sum = 822737e483864bf255ad1259237bef2a
[template-qemu-ready]