From afb0fe3ccead10a3a68f938e80c891fe9d9cb9d3 Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Tue, 14 Aug 2018 19:52:39 +0000 Subject: Move s6 higher in the supervision chain - Better s6 layout, with a place for early services and a place for packages to add their services later on. - s6-svscan is now supervised by sysvinit (instead of being run once by openrc) - s6-svscan is now the only process supervised by sysvinit. All the other "respawn" lines are delegated to s6. - utmpd and wtmpd are now early services instead of being added by openrc. These changes implement a full supervision architecture and make init more flexible. Later on, it will be easier to - add conditional gettys (for /dev/hvc0...) - remove sysvinit entirely - decouple the init process from the service manager. --- system/s6/APKBUILD | 29 +++++++++++++--------- system/s6/agetty-run | 2 ++ system/s6/s6-svscanboot | 62 +++++++++++++++++++++++++++++++++++++---------- system/s6/s6.initd | 15 ------------ system/s6/s6.post-upgrade | 3 +++ system/s6/s6.pre-install | 2 +- system/s6/s6.pre-upgrade | 2 +- 7 files changed, 74 insertions(+), 41 deletions(-) create mode 100644 system/s6/agetty-run delete mode 100644 system/s6/s6.initd create mode 100644 system/s6/s6.post-upgrade (limited to 'system/s6') diff --git a/system/s6/APKBUILD b/system/s6/APKBUILD index 77a123cd9..14ae3ba07 100644 --- a/system/s6/APKBUILD +++ b/system/s6/APKBUILD @@ -2,19 +2,18 @@ # Maintainer: Laurent Bercot pkgname=s6 pkgver=2.7.1.1 -pkgrel=0 +pkgrel=4 pkgdesc="skarnet.org's small & secure supervision software suite" url="https://skarnet.org/software/$pkgname/" arch="all" options="!check" # No test suite. license="ISC" makedepends="skalibs-dev execline-dev" -install="s6.pre-install s6.pre-upgrade" -subpackages="$pkgname-dev $pkgname-doc $pkgname-openrc" -triggers="s6.trigger=/run/service" +install="$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgrade" +subpackages="$pkgname-dev $pkgname-doc" +triggers="$pkgname.trigger=/run/service" source="https://skarnet.org/software/$pkgname/$pkgname-$pkgver.tar.gz - s6-svscanboot - s6.initd" + s6-svscanboot agetty-run" build() { @@ -33,9 +32,17 @@ package() { cd "$builddir" make DESTDIR="$pkgdir" install cp -f "$srcdir/s6-svscanboot" "$pkgdir/lib/s6/s6-svscanboot" - mkdir -p "$pkgdir/etc/init.d" - cp -f "$srcdir/s6.initd" "$pkgdir/etc/init.d/s6" - chmod 0755 "$pkgdir/lib/s6/s6-svscanboot" "$pkgdir/etc/init.d/s6" + mkdir -p -m 0755 "$pkgdir/etc/s6/early-services" "$pkgdir/var/lib/s6/services" + chmod 0755 "$pkgdir/lib/s6/s6-svscanboot" + + + # The getty scripts are created here + + for i in 1 2 3 4 5 6 ; do + mkdir -m 0755 "$pkgdir/etc/s6/early-services/getty-$i" + sed -e "s/%TTY%/tty$i/g" < "$srcdir/agetty-run" > "$pkgdir/etc/s6/early-services/getty-$i/run" + chmod 0755 "$pkgdir/etc/s6/early-services/getty-$i/run" + done } doc() { @@ -45,5 +52,5 @@ doc() { } sha512sums="59b0a611eaa0bbdeae3133a182e933e14806151d3b8d44c7f4258a63693cf2fa487fce91a4ea37527ed0f52f211a5391b3fcf6202773b0a80d6ce7f3de60ff79 s6-2.7.1.1.tar.gz -871ca1f86b354b7c63ce1d3bef8794627e176f993144ed67a17d0a069f5ac2164d94aba980711f61ad349dcd4fe2bf928195f2121a75e611c9897d73f1af12a0 s6-svscanboot -e7f4fcdc04fc7f72df4419018d048e14f80d50d01ebc284b6d208d6bada3201ca91be0a110930618a26fb0e6bcc1603de01467f6f1dc635c8dcae60f1a0b1b9b s6.initd" +b4919f76498f86257e13210010a84284dd8574db062b96bcc527c0c5dcc2a35716ff0f3c4d23cb3ec7eed416f16aeec31247b1fda3bd06c1a8f6fd65cf32c6da s6-svscanboot +fb60b841da03583ba9f0f0541b45e4cf88fa5311b26376042e951317428dcaa6c81bb6c739c7a442ef0d36e1581a29cb9c4fb2d87411268fb23a033130fc8051 agetty-run" diff --git a/system/s6/agetty-run b/system/s6/agetty-run new file mode 100644 index 000000000..79884efc7 --- /dev/null +++ b/system/s6/agetty-run @@ -0,0 +1,2 @@ +#!/bin/execlineb -P +/sbin/agetty 38400 %TTY% linux diff --git a/system/s6/s6-svscanboot b/system/s6/s6-svscanboot index 2b41d2916..447a1a01b 100644 --- a/system/s6/s6-svscanboot +++ b/system/s6/s6-svscanboot @@ -1,21 +1,53 @@ -#!/bin/execlineb -S1 +#!/bin/execlineb -P -foreground { redirfd -w 2 /dev/null mkdir -p /run/uncaught-logs } +# Basic sanity. + +export PATH /usr/bin:/usr/sbin:/bin:/sbin +umask 022 + + +# The live service directories are in /run/services +# The scandir is /run/service, containing only the catch-all logger and symlinks +# (and the s6-svscan configuration in /run/service/.s6-svscan) + +if { rm -rf /run/service /run/services } +if { mkdir -p -m 0755 /run/service/.s6-svscan /run/service/s6-svscan-log } +if { ln -sf /bin/false /run/service/.s6-svscan/crash } +if +{ + redirfd -w 1 /run/service/.s6-svscan/finish + heredoc 0 "#!/bin/execlineb -P\ns6-svc -X -- \"/run/service/s6-svscan-log\"\n" + cat +} +if { chmod 0755 /run/service/.s6-svscan/finish } + + +# Directory for the catch-all logger to store its logs + +if { mkdir -p -m 2700 /run/uncaught-logs } if { chown catchlog:catchlog /run/uncaught-logs } if { chmod 2700 /run/uncaught-logs } -foreground { redirfd -w 2 /dev/null mkdir -p ${1}/.s6-svscan ${1}/s6-svscan-log } -foreground { redirfd -w 2 /dev/null ln -sf /bin/false ${1}/.s6-svscan/crash } + + +# Copy all the early services and link them into the scandir + +if { /bin/cp -a /etc/s6/early-services /run/services } if { - redirfd -w 1 ${1}/.s6-svscan/finish - heredoc 0 "#!/bin/execlineb -P\ns6-svc -X -- \"${1}/s6-svscan-log\"\n" - cat + forbacktickx -pnd"\n" i { ls -1 -U /run/services } + importas -u i i + ln -nsf ../services/$i /run/service/$i } -if { chmod 0755 ${1}/.s6-svscan/finish } -foreground { redirfd -w 2 /dev/null mkfifo -m 0600 ${1}/s6-svscan-log/fifo } + + +# Create the catch-all logger servicedir directly in the scandir +# (It's too fundamental to be made configurable as an early service.) + +if { rm -f /run/service/s6-svscan-log/fifo } +if { mkfifo -m 0600 /run/service/s6-svscan-log/fifo } if { - redirfd -w 1 ${1}/s6-svscan-log/run + redirfd -w 1 /run/service/s6-svscan-log/run heredoc 0 "#!/bin/execlineb -P redirfd -w 2 /dev/console redirfd -rnb 0 fifo @@ -24,9 +56,13 @@ exec -c s6-log t /run/uncaught-logs\n" cat } -if { chmod 0755 ${1}/s6-svscan-log/run } +if { chmod 0755 /run/service/s6-svscan-log/run } + + +# All ready, exec into s6-svscan. +# By default all messages from all services will go to the catch-all logger it spawns. redirfd -r 0 /dev/null -redirfd -wnb 1 ${1}/s6-svscan-log/fifo +redirfd -wnb 1 /run/service/s6-svscan-log/fifo fdmove -c 2 1 -s6-svscan -St0 ${1} +s6-svscan -St0 /run/service diff --git a/system/s6/s6.initd b/system/s6/s6.initd deleted file mode 100644 index 9f984cc13..000000000 --- a/system/s6/s6.initd +++ /dev/null @@ -1,15 +0,0 @@ -#!/sbin/openrc-run -# Copyright 2016 Laurent Bercot -# Distributed under the terms of the ISC License. -# -# We currently start the supervision tree under OpenRC because -# it's easy integration. It's not perfect: the supervision tree -# should ideally be rooted in process 1, and here it's not. -# But it's only temporary: in a later Alpine release, s6-svscan -# will *be* process 1. - -name="s6" -command="/lib/s6/s6-svscanboot" -command_args="/run/service" -pidfile="/run/s6.pid" -start_stop_daemon_args="-b -m -k 022" diff --git a/system/s6/s6.post-upgrade b/system/s6/s6.post-upgrade new file mode 100644 index 000000000..54144895b --- /dev/null +++ b/system/s6/s6.post-upgrade @@ -0,0 +1,3 @@ +#!/bin/sh -e + +rm -f /etc/runlevels/default/s6 diff --git a/system/s6/s6.pre-install b/system/s6/s6.pre-install index 19804af6d..2c175a325 100644 --- a/system/s6/s6.pre-install +++ b/system/s6/s6.pre-install @@ -2,5 +2,5 @@ addgroup -S catchlog 2>/dev/null adduser -S -D -H -s /bin/false -G catchlog -g catchlog catchlog 2>/dev/null -echo 'Run "rc-update add s6 default" to automatically start a s6 supervision tree on /run/service at boot time.' 1>&2 + exit 0 diff --git a/system/s6/s6.pre-upgrade b/system/s6/s6.pre-upgrade index 19804af6d..2c175a325 100644 --- a/system/s6/s6.pre-upgrade +++ b/system/s6/s6.pre-upgrade @@ -2,5 +2,5 @@ addgroup -S catchlog 2>/dev/null adduser -S -D -H -s /bin/false -G catchlog -g catchlog catchlog 2>/dev/null -echo 'Run "rc-update add s6 default" to automatically start a s6 supervision tree on /run/service at boot time.' 1>&2 + exit 0 -- cgit v1.2.3-60-g2f50