Upstream changes:
* Fix ordering between systemd socket file descriptor names and rules.
* Fix usage of C library path as discovered by Meson.
Signed-off-by: aszlig <aszlig@nix.build>
(cherry picked from commit 8b7f8e2e6970f21d9f180887b91c979b41450fe8)
Upstream fixes:
- Pass linker version script to the linker instead of the compiler.
- Compile with `-fPIC` again (regression from version 2.1.2).
- Out of bounds array access in `globpath`.
- Handling of `epoll_ctl` calls (they're now replayed after replacing
socket).
- GCC 10 build errors and Clang warnings.
While most of these fixes are more relevant for other distros, the
linker script fix is actually a regression existing since a long time
(version 1.x) and caused libip2unix to expose way too many symbols.
Built and tested on i686-linux and x86_64-linux.
Signed-off-by: aszlig <aszlig@nix.build>
This fixes the issues with glibc 2.30, which were caused because glibc
no longer allows to dlopen/LD_PRELOAD a PIE executable.
So this release is essentially just a hotfix release which addresses
this issue by splitting the executable and library.
Signed-off-by: aszlig <aszlig@nix.build>
Reported-by: @zimbatm
This is just a small bugfix release (essentially adds two lines of code)
which fixes a segfault if using with a program that doesn't pass a
sockaddr buffer to accept() or accept4().
Signed-off-by: aszlig <aszlig@nix.build>
Upstream changes:
* Support AF_INET and AF_INET6 sockets for systemd socket activation.
This basically makes ip2unix generally usable for turning any (not
statically linked) application into systemd socket activated services.
Signed-off-by: aszlig <aszlig@nix.build>
Upstream fixes:
- Unregister socket as soon as we know that no rule matches.
I also removed the encode_rules() function which was an artifact left in
version 2.0.0.
Built and tested on i686-linux and x86_64-linux.
Signed-off-by: aszlig <aszlig@nix.build>
New upstream features:
- New ignore rule option, which prevents conversion to Unix socket.
- A way to increase the verbosity via the -v command line argument.
- Reams of log messages in addition to the FATAL errors we had so far.
- Use Syslog format for logging if stderr is a socket.
- Set FD_CLOEXEC on systemd socket file descriptors as soon as they're
associated.
Upstream fixes:
- Use right endian conversion functions in port matching.
- Pass is_unix to child socket on accept to prevent accidentally
replacing an already converted Unix socket by a new Unix socket. The
latter would be a socket that's not accepted, which would eventually
lead to an error.
- Correctly handle setsockopts used with other levels than SOL_SOCKET.
Upstream changes:
- Improve wording and add more descriptions in README and manpage.
- The implementation for fetching systemd sockets now no longer uses
libsystemd, thus the build-time dependency is no longer required.
- New serialiser for passing rules to the preloaded library in a more
compact form instead of using YAML, so it's less likely that we'll
hit the maximum stack size.
- Systemd sockets are now associated during rule initialisation and
thus behave more predictable in complex setups.
On our side, the dependency on systemd is only needed for running the
tests, as it uses the systemd-socket-activate helper. Socket association
is now done by ip2unix directly and doesn't rely on libsystemd anymore.
Built and tested on i686-linux and x86_64-linux.
Signed-off-by: aszlig <aszlig@nix.build>
Upstream changes:
- Fixed: Don't fail when building the manual with AsciiDoc and xmllint.
- Fixed: Some long options (--rule, --rules-file and --rules-data) were
ignored.
- Fixed: Manpage formatting is now more consistent.
- Added: A new --version command line argument for showing version
information.
With the new upstream release recommending to use AsciiDoc to generate
the manpage, I also switched to AsciiDoc instead of Asciidoctor. The
resulting manpage looks better in some ways (for example when definition
lists are used).
I also added an installCheckPhase to ensure that the manpage exists in
the resulting store path.
Signed-off-by: aszlig <aszlig@nix.build>
This tool was initially built specifically for nixcloud to prevent a few
annoying programs from binding to IP sockets.
While initially only accepting a JSON file as input, the tool now has a
proper command line interface and it's also generally usable to turn IP
sockets of any program into Unix sockets.
Another thing that might be even useful for NixOS modules is the
possibility to bend programs into using systemd socket activation.
Signed-off-by: aszlig <aszlig@nix.build>