diff options
author | Laurent Bercot <ska-adelie@skarnet.org> | 2018-08-14 19:52:39 +0000 |
---|---|---|
committer | Laurent Bercot <ska-adelie@skarnet.org> | 2018-08-15 15:12:16 +0000 |
commit | afb0fe3ccead10a3a68f938e80c891fe9d9cb9d3 (patch) | |
tree | b5809b8e852347718303fa2c93a5bc0c2eb07bfc | |
parent | cdbdb41c2da9c3185122be33fdef720f7d9f0883 (diff) | |
download | packages-afb0fe3ccead10a3a68f938e80c891fe9d9cb9d3.tar.gz packages-afb0fe3ccead10a3a68f938e80c891fe9d9cb9d3.tar.bz2 packages-afb0fe3ccead10a3a68f938e80c891fe9d9cb9d3.tar.xz packages-afb0fe3ccead10a3a68f938e80c891fe9d9cb9d3.zip |
Move s6 higher in the supervision chain
- Better s6 layout, with a place for early services and a
place for packages to add their services later on.
- s6-svscan is now supervised by sysvinit (instead of being
run once by openrc)
- s6-svscan is now the only process supervised by sysvinit.
All the other "respawn" lines are delegated to s6.
- utmpd and wtmpd are now early services instead of being
added by openrc.
These changes implement a full supervision architecture and
make init more flexible. Later on, it will be easier to
- add conditional gettys (for /dev/hvc0...)
- remove sysvinit entirely
- decouple the init process from the service manager.
-rw-r--r-- | system/s6/APKBUILD | 29 | ||||
-rw-r--r-- | system/s6/agetty-run | 2 | ||||
-rw-r--r-- | system/s6/s6-svscanboot | 62 | ||||
-rw-r--r-- | system/s6/s6.initd | 15 | ||||
-rw-r--r-- | system/s6/s6.post-upgrade | 3 | ||||
-rw-r--r-- | system/s6/s6.pre-install | 2 | ||||
-rw-r--r-- | system/s6/s6.pre-upgrade | 2 | ||||
-rw-r--r-- | system/sysvinit/APKBUILD | 6 | ||||
-rw-r--r-- | system/sysvinit/inittab-2.88 | 15 | ||||
-rw-r--r-- | system/utmps/APKBUILD | 30 | ||||
-rw-r--r-- | system/utmps/utmpd.run | 2 | ||||
-rw-r--r-- | system/utmps/utmps.initd | 32 | ||||
-rw-r--r-- | system/utmps/utmps.post-upgrade | 3 | ||||
-rw-r--r-- | system/utmps/utmps.pre-install | 1 | ||||
-rw-r--r-- | system/utmps/utmps.pre-upgrade | 1 | ||||
-rw-r--r-- | system/utmps/wtmpd.run | 2 |
16 files changed, 98 insertions, 109 deletions
diff --git a/system/s6/APKBUILD b/system/s6/APKBUILD index 77a123cd9..14ae3ba07 100644 --- a/system/s6/APKBUILD +++ b/system/s6/APKBUILD @@ -2,19 +2,18 @@ # Maintainer: Laurent Bercot <ska-devel@skarnet.org> pkgname=s6 pkgver=2.7.1.1 -pkgrel=0 +pkgrel=4 pkgdesc="skarnet.org's small & secure supervision software suite" url="https://skarnet.org/software/$pkgname/" arch="all" options="!check" # No test suite. license="ISC" makedepends="skalibs-dev execline-dev" -install="s6.pre-install s6.pre-upgrade" -subpackages="$pkgname-dev $pkgname-doc $pkgname-openrc" -triggers="s6.trigger=/run/service" +install="$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgrade" +subpackages="$pkgname-dev $pkgname-doc" +triggers="$pkgname.trigger=/run/service" source="https://skarnet.org/software/$pkgname/$pkgname-$pkgver.tar.gz - s6-svscanboot - s6.initd" + s6-svscanboot agetty-run" build() { @@ -33,9 +32,17 @@ package() { cd "$builddir" make DESTDIR="$pkgdir" install cp -f "$srcdir/s6-svscanboot" "$pkgdir/lib/s6/s6-svscanboot" - mkdir -p "$pkgdir/etc/init.d" - cp -f "$srcdir/s6.initd" "$pkgdir/etc/init.d/s6" - chmod 0755 "$pkgdir/lib/s6/s6-svscanboot" "$pkgdir/etc/init.d/s6" + mkdir -p -m 0755 "$pkgdir/etc/s6/early-services" "$pkgdir/var/lib/s6/services" + chmod 0755 "$pkgdir/lib/s6/s6-svscanboot" + + + # The getty scripts are created here + + for i in 1 2 3 4 5 6 ; do + mkdir -m 0755 "$pkgdir/etc/s6/early-services/getty-$i" + sed -e "s/%TTY%/tty$i/g" < "$srcdir/agetty-run" > "$pkgdir/etc/s6/early-services/getty-$i/run" + chmod 0755 "$pkgdir/etc/s6/early-services/getty-$i/run" + done } doc() { @@ -45,5 +52,5 @@ doc() { } sha512sums="59b0a611eaa0bbdeae3133a182e933e14806151d3b8d44c7f4258a63693cf2fa487fce91a4ea37527ed0f52f211a5391b3fcf6202773b0a80d6ce7f3de60ff79 s6-2.7.1.1.tar.gz -871ca1f86b354b7c63ce1d3bef8794627e176f993144ed67a17d0a069f5ac2164d94aba980711f61ad349dcd4fe2bf928195f2121a75e611c9897d73f1af12a0 s6-svscanboot -e7f4fcdc04fc7f72df4419018d048e14f80d50d01ebc284b6d208d6bada3201ca91be0a110930618a26fb0e6bcc1603de01467f6f1dc635c8dcae60f1a0b1b9b s6.initd" +b4919f76498f86257e13210010a84284dd8574db062b96bcc527c0c5dcc2a35716ff0f3c4d23cb3ec7eed416f16aeec31247b1fda3bd06c1a8f6fd65cf32c6da s6-svscanboot +fb60b841da03583ba9f0f0541b45e4cf88fa5311b26376042e951317428dcaa6c81bb6c739c7a442ef0d36e1581a29cb9c4fb2d87411268fb23a033130fc8051 agetty-run" diff --git a/system/s6/agetty-run b/system/s6/agetty-run new file mode 100644 index 000000000..79884efc7 --- /dev/null +++ b/system/s6/agetty-run @@ -0,0 +1,2 @@ +#!/bin/execlineb -P +/sbin/agetty 38400 %TTY% linux diff --git a/system/s6/s6-svscanboot b/system/s6/s6-svscanboot index 2b41d2916..447a1a01b 100644 --- a/system/s6/s6-svscanboot +++ b/system/s6/s6-svscanboot @@ -1,21 +1,53 @@ -#!/bin/execlineb -S1 +#!/bin/execlineb -P -foreground { redirfd -w 2 /dev/null mkdir -p /run/uncaught-logs } +# Basic sanity. + +export PATH /usr/bin:/usr/sbin:/bin:/sbin +umask 022 + + +# The live service directories are in /run/services +# The scandir is /run/service, containing only the catch-all logger and symlinks +# (and the s6-svscan configuration in /run/service/.s6-svscan) + +if { rm -rf /run/service /run/services } +if { mkdir -p -m 0755 /run/service/.s6-svscan /run/service/s6-svscan-log } +if { ln -sf /bin/false /run/service/.s6-svscan/crash } +if +{ + redirfd -w 1 /run/service/.s6-svscan/finish + heredoc 0 "#!/bin/execlineb -P\ns6-svc -X -- \"/run/service/s6-svscan-log\"\n" + cat +} +if { chmod 0755 /run/service/.s6-svscan/finish } + + +# Directory for the catch-all logger to store its logs + +if { mkdir -p -m 2700 /run/uncaught-logs } if { chown catchlog:catchlog /run/uncaught-logs } if { chmod 2700 /run/uncaught-logs } -foreground { redirfd -w 2 /dev/null mkdir -p ${1}/.s6-svscan ${1}/s6-svscan-log } -foreground { redirfd -w 2 /dev/null ln -sf /bin/false ${1}/.s6-svscan/crash } + + +# Copy all the early services and link them into the scandir + +if { /bin/cp -a /etc/s6/early-services /run/services } if { - redirfd -w 1 ${1}/.s6-svscan/finish - heredoc 0 "#!/bin/execlineb -P\ns6-svc -X -- \"${1}/s6-svscan-log\"\n" - cat + forbacktickx -pnd"\n" i { ls -1 -U /run/services } + importas -u i i + ln -nsf ../services/$i /run/service/$i } -if { chmod 0755 ${1}/.s6-svscan/finish } -foreground { redirfd -w 2 /dev/null mkfifo -m 0600 ${1}/s6-svscan-log/fifo } + + +# Create the catch-all logger servicedir directly in the scandir +# (It's too fundamental to be made configurable as an early service.) + +if { rm -f /run/service/s6-svscan-log/fifo } +if { mkfifo -m 0600 /run/service/s6-svscan-log/fifo } if { - redirfd -w 1 ${1}/s6-svscan-log/run + redirfd -w 1 /run/service/s6-svscan-log/run heredoc 0 "#!/bin/execlineb -P redirfd -w 2 /dev/console redirfd -rnb 0 fifo @@ -24,9 +56,13 @@ exec -c s6-log t /run/uncaught-logs\n" cat } -if { chmod 0755 ${1}/s6-svscan-log/run } +if { chmod 0755 /run/service/s6-svscan-log/run } + + +# All ready, exec into s6-svscan. +# By default all messages from all services will go to the catch-all logger it spawns. redirfd -r 0 /dev/null -redirfd -wnb 1 ${1}/s6-svscan-log/fifo +redirfd -wnb 1 /run/service/s6-svscan-log/fifo fdmove -c 2 1 -s6-svscan -St0 ${1} +s6-svscan -St0 /run/service diff --git a/system/s6/s6.initd b/system/s6/s6.initd deleted file mode 100644 index 9f984cc13..000000000 --- a/system/s6/s6.initd +++ /dev/null @@ -1,15 +0,0 @@ -#!/sbin/openrc-run -# Copyright 2016 Laurent Bercot -# Distributed under the terms of the ISC License. -# -# We currently start the supervision tree under OpenRC because -# it's easy integration. It's not perfect: the supervision tree -# should ideally be rooted in process 1, and here it's not. -# But it's only temporary: in a later Alpine release, s6-svscan -# will *be* process 1. - -name="s6" -command="/lib/s6/s6-svscanboot" -command_args="/run/service" -pidfile="/run/s6.pid" -start_stop_daemon_args="-b -m -k 022" diff --git a/system/s6/s6.post-upgrade b/system/s6/s6.post-upgrade new file mode 100644 index 000000000..54144895b --- /dev/null +++ b/system/s6/s6.post-upgrade @@ -0,0 +1,3 @@ +#!/bin/sh -e + +rm -f /etc/runlevels/default/s6 diff --git a/system/s6/s6.pre-install b/system/s6/s6.pre-install index 19804af6d..2c175a325 100644 --- a/system/s6/s6.pre-install +++ b/system/s6/s6.pre-install @@ -2,5 +2,5 @@ addgroup -S catchlog 2>/dev/null adduser -S -D -H -s /bin/false -G catchlog -g catchlog catchlog 2>/dev/null -echo 'Run "rc-update add s6 default" to automatically start a s6 supervision tree on /run/service at boot time.' 1>&2 + exit 0 diff --git a/system/s6/s6.pre-upgrade b/system/s6/s6.pre-upgrade index 19804af6d..2c175a325 100644 --- a/system/s6/s6.pre-upgrade +++ b/system/s6/s6.pre-upgrade @@ -2,5 +2,5 @@ addgroup -S catchlog 2>/dev/null adduser -S -D -H -s /bin/false -G catchlog -g catchlog catchlog 2>/dev/null -echo 'Run "rc-update add s6 default" to automatically start a s6 supervision tree on /run/service at boot time.' 1>&2 + exit 0 diff --git a/system/sysvinit/APKBUILD b/system/sysvinit/APKBUILD index 184b330cf..7b0b0cee5 100644 --- a/system/sysvinit/APKBUILD +++ b/system/sysvinit/APKBUILD @@ -2,12 +2,12 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=sysvinit pkgver=2.88 -pkgrel=4 +pkgrel=5 pkgdesc="System V-style init programs" url="https://savannah.nongnu.org/projects/sysvinit" arch="all" license="GPL-2.0+" -depends="" +depends="s6" makedepends="linux-headers utmps-dev" install="sysvinit.post-upgrade" options="!check" @@ -57,6 +57,6 @@ package() { } sha512sums="0bd8eeb124e84fdfa8e621b05f796804ee69a9076b65f5115826bfa814ac1d5d28d31a5c22ebe77c86a93b2288edf4891adc0afaecc4de656c4ecda8a83807bf sysvinit-2.88dsf.tar.bz2 -3866d377873b44fb7675b9f05e28190b99b7fedddd9463a0bf41de6ff7cad90e0a4273a9908b1f5c77abea85aa867e2f20ce4d466ce97607863cd9b122f8e9b0 inittab-2.88 +52d301225bf0cb0c4d124d205cf3a1e1f4eca21a69179da4882359f79606562354fddf887da8203129bede1d073efa9cdd8fe84a327b51229248b22240b9d5dd inittab-2.88 27dfe089660a291cbcba06d8564bad11f7fd7c96629e72c2b005562689dc7d8bb479c760e980590906e98423b991ae0acd048713d3bc372174d55ed894abeb3f sysvinit-2.88-posix-header.patch 3605f88ac3faf7d12bf2269ca5d8625850d53e8583b573ab280fa17066c8e4e5217a0d17b94e47ea67a153ad3b88b433471a77544bd085f01f7d9d353ac16aae utmpx.patch" diff --git a/system/sysvinit/inittab-2.88 b/system/sysvinit/inittab-2.88 index 1f0b5eb98..e96205a06 100644 --- a/system/sysvinit/inittab-2.88 +++ b/system/sysvinit/inittab-2.88 @@ -10,6 +10,7 @@ # Modified by: Robin H. Johnson, <robbat2@gentoo.org> # Modified by: William Hubbs, <williamh@gentoo.org> # Modified by: A. Wilcox, <awilfox@adelielinux.org> +# Modified by: Laurent Bercot, <ska-adelie@skarnet.org> # # Default runlevel. @@ -36,18 +37,8 @@ l6r:6:wait:/sbin/reboot -fin su0:S:wait:/sbin/openrc single su1:S:wait:/sbin/sulogin -# TERMINALS -#x1:12345:respawn:/sbin/agetty 38400 console linux -c1:12345:respawn:/sbin/agetty 38400 tty1 linux -c2:2345:respawn:/sbin/agetty 38400 tty2 linux -c3:2345:respawn:/sbin/agetty 38400 tty3 linux -c4:2345:respawn:/sbin/agetty 38400 tty4 linux -c5:2345:respawn:/sbin/agetty 38400 tty5 linux -c6:2345:respawn:/sbin/agetty 38400 tty6 linux - -# SERIAL CONSOLES -#s0:12345:respawn:/sbin/agetty -L 9600 ttyS0 vt100 -#s1:12345:respawn:/sbin/agetty -L 9600 ttyS1 vt100 +# We now delegate all "respawn" services, including terminals, to s6. +s6:12345:respawn:/lib/s6/s6-svscanboot # What to do at the "Three Finger Salute". ca:12345:ctrlaltdel:/sbin/shutdown -r now diff --git a/system/utmps/APKBUILD b/system/utmps/APKBUILD index 01ac5356e..803097314 100644 --- a/system/utmps/APKBUILD +++ b/system/utmps/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Laurent Bercot <ska-devel@skarnet.org> pkgname=utmps pkgver=0.0.1.2 -pkgrel=0 +pkgrel=2 pkgdesc="A secure utmp/wtmp implementation" url="https://skarnet.org/software/$pkgname/" arch="all" @@ -11,10 +11,9 @@ license="ISC" depends="execline s6" depends_dev="skalibs-dev" makedepends="skalibs-dev" -subpackages="$pkgname-dev $pkgname-doc $pkgname-openrc" -install="$pkgname.pre-install $pkgname.pre-upgrade" +subpackages="$pkgname-dev $pkgname-doc" +install="$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgrade" source="https://skarnet.org/software/$pkgname/$pkgname-$pkgver.tar.gz - $pkgname.initd utmpd.run wtmpd.run" @@ -33,18 +32,12 @@ build() { package() { cd "$builddir" make DESTDIR="$pkgdir" install - mkdir -p "$pkgdir/etc/init.d" "$pkgdir/var/lib/$pkgname/services/utmpd" "$pkgdir/var/lib/$pkgname/services/wtmpd" - cp -f "$srcdir/$pkgname.initd" "$pkgdir/etc/init.d/$pkgname" - cp -f "$srcdir/utmpd.run" "$pkgdir/var/lib/$pkgname/services/utmpd/run" - echo 3 > "$pkgdir/var/lib/$pkgname/services/utmpd/notification-fd" - s6-mkfifodir -g0 -- "$pkgdir/var/lib/$pkgname/services/utmpd/event" - cp -f "$srcdir/wtmpd.run" "$pkgdir/var/lib/$pkgname/services/wtmpd/run" - echo 3 > "$pkgdir/var/lib/$pkgname/services/wtmpd/notification-fd" - s6-mkfifodir -g 0 -- "$pkgdir/var/lib/$pkgname/services/wtmpd/event" - chmod 0755 "$pkgdir/etc/init.d/$pkgname" "$pkgdir/var/lib/$pkgname/services/utmpd/run" "$pkgdir/var/lib/$pkgname/services/wtmpd/run" - mkdir -m 0700 "$pkgdir/var/lib/$pkgname/services/utmpd/supervise" "$pkgdir/var/lib/$pkgname/services/wtmpd/supervise" - dd if=/dev/zero of="$pkgdir/var/lib/$pkgname/services/utmpd/supervise/status" bs=35 count=1 - dd if=/dev/zero of="$pkgdir/var/lib/$pkgname/services/wtmpd/supervise/status" bs=35 count=1 + mkdir -p -m 0755 "$pkgdir/etc/s6/early-services/utmpd" "$pkgdir/etc/s6/early-services/wtmpd" + cp -f "$srcdir/utmpd.run" "$pkgdir/etc/s6/early-services/utmpd/run" + echo 3 > "$pkgdir/etc/s6/early-services/utmpd/notification-fd" + cp -f "$srcdir/wtmpd.run" "$pkgdir/etc/s6/early-services/wtmpd/run" + echo 3 > "$pkgdir/etc/s6/early-services/wtmpd/notification-fd" + chmod 0755 "$pkgdir/etc/s6/early-services/utmpd/run" "$pkgdir/etc/s6/early-services/wtmpd/run" } doc() { @@ -54,6 +47,5 @@ doc() { } sha512sums="663e9479ad9b684068769c7b2b8c9ac3a4ca46a945a86d909f43d9c19712099ea913b3a87cda5b56b72ec891dbecc2c61b518f985418c45d81d72a5afb366db8 utmps-0.0.1.2.tar.gz -437d0c52ef1ecd23775990225647c2a6ca53691fb5688ffa866a0e6db177a08fe465f2e683e8b98ba668d8ddcd4ffa0fe3939f23ded276f4ca7acaa2553b10e6 utmps.initd -0ec30284c64c6ea9f25142c5f4a643bd48b137fe85781b650104f5137ffa4dfc35ca7be3e41e3acd3403ebe1d8c5378073afa4e2f3607d3d794fcd9f98ed51c4 utmpd.run -cba4f2ec3b8f5becf3ae57eecf584745d783046ee6cf5d116322421ad5ffd074d2955da22d31d2b5b1d05f906378aae92f221d2ac95ac21b54a361fbdc0566e7 wtmpd.run" +525d43e3eced30c564e5390fc715b6caa1ae2b6515a9e3bf01263ff3fb9379bd6908ed302d0d50b6568ac36ed44d272dcc44a683f9ae34d586d8ad17023ed6b1 utmpd.run +93e4fae527ada9381e0b0a7ad5de9079e8d88959abd74fa5c0710c30c6153832abb010b57ddf83055ca34c032e7e5c9c1eedceb2f122a11ab20837ab66dcf5e2 wtmpd.run" diff --git a/system/utmps/utmpd.run b/system/utmps/utmpd.run index 47bc824a2..5d66c183c 100644 --- a/system/utmps/utmpd.run +++ b/system/utmps/utmpd.run @@ -1,6 +1,8 @@ #!/bin/execlineb -P fdmove -c 2 1 +if { mkdir -p -m 0755 /run/utmps } +if { chown utmp:utmp /run/utmps } s6-setuidgid utmp cd /run/utmps fdmove 1 3 diff --git a/system/utmps/utmps.initd b/system/utmps/utmps.initd deleted file mode 100644 index db4570031..000000000 --- a/system/utmps/utmps.initd +++ /dev/null @@ -1,32 +0,0 @@ -#!/sbin/openrc-run -# Copyright 2018 Laurent Bercot -# Distributed under the terms of the ISC License. -# -# OpenRC is only used here to trigger the s6 mechanisms. - -depend() { - need s6 -} - -start() { - ebegin "Starting utmpd and wtmpd services" - mkdir -p -m 0755 /run/utmps - chown utmp:utmp /run/utmps - - # OpenRC has no readiness notification framework, so it can run this before s6 is ready. - # To avoid the race (yes, I have hit it), do a polling check here. - # If you want to avoid unnecessary delays, switch to a real service manager like s6-rc. - until test -e /run/service/.s6-svscan/control ; do sleep 1 ; done - - ln -nsf /var/lib/utmps/services/utmpd /run/service/utmpd - ln -nsf /var/lib/utmps/services/wtmpd /run/service/wtmpd - s6-svlisten -U -t 5000 -- /var/lib/utmps/services/utmpd /var/lib/utmps/services/wtmpd "" s6-svscanctl -an /run/service - eend $? -} - -stop() { - ebegin "Stopping utmpd and wtmpd services" - rm -f /run/service/utmpd /run/service/wtmpd - s6-svlisten -d -t 5000 -- /var/lib/utmps/services/utmpd /var/lib/utmps/services/wtmpd "" s6-svscanctl -an /run/service - eend $? -} diff --git a/system/utmps/utmps.post-upgrade b/system/utmps/utmps.post-upgrade new file mode 100644 index 000000000..aab5eb125 --- /dev/null +++ b/system/utmps/utmps.post-upgrade @@ -0,0 +1,3 @@ +#!/bin/sh -e + +rm -f /etc/runlevels/default/utmps diff --git a/system/utmps/utmps.pre-install b/system/utmps/utmps.pre-install index 6db960686..10b5b31ff 100644 --- a/system/utmps/utmps.pre-install +++ b/system/utmps/utmps.pre-install @@ -2,5 +2,4 @@ addgroup -S utmp 2>/dev/null adduser -S -D -H -s /bin/false -G utmp -g utmp utmp 2>/dev/null -echo 'Run "rc-update add s6 default; rc-update add utmps default" to automatically start the utmpd and wtmpd services at boot time.' 1>&2 exit 0 diff --git a/system/utmps/utmps.pre-upgrade b/system/utmps/utmps.pre-upgrade index 6db960686..10b5b31ff 100644 --- a/system/utmps/utmps.pre-upgrade +++ b/system/utmps/utmps.pre-upgrade @@ -2,5 +2,4 @@ addgroup -S utmp 2>/dev/null adduser -S -D -H -s /bin/false -G utmp -g utmp utmp 2>/dev/null -echo 'Run "rc-update add s6 default; rc-update add utmps default" to automatically start the utmpd and wtmpd services at boot time.' 1>&2 exit 0 diff --git a/system/utmps/wtmpd.run b/system/utmps/wtmpd.run index ab5a40641..fa78806c9 100644 --- a/system/utmps/wtmpd.run +++ b/system/utmps/wtmpd.run @@ -1,6 +1,8 @@ #!/bin/execlineb -P fdmove -c 2 1 +if { mkdir -p -m 0755 /run/utmps } +if { chown utmp:utmp /run/utmps } s6-setuidgid utmp cd /run/utmps fdmove 1 3 |