From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 20945 invoked from network); 10 Jan 2021 18:27:49 -0000 Received: from alyss.skarnet.org (95.142.172.232) by inbox.vuxu.org with ESMTPUTF8; 10 Jan 2021 18:27:49 -0000 Received: (qmail 12128 invoked by uid 89); 10 Jan 2021 18:28:12 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm Sender: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Received: (qmail 12113 invoked from network); 10 Jan 2021 18:28:11 -0000 From: "Laurent Bercot" To: "skaware@list.skarnet.org" , "supervision@list.skarnet.org" Subject: [announce] skarnet.org New Year 2021 release Date: Sun, 10 Jan 2021 18:27:45 +0000 Message-Id: Reply-To: "Laurent Bercot" User-Agent: eM_Client/8.1.979.0 Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedujedrvdegledgudduvdcutefuodetggdotffvucfrrhhofhhilhgvmecupfgfoffgtffkveetuefngfdpqfgfvfenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkrhgfgggtgfesthhqredttderjeenucfhrhhomhepfdfnrghurhgvnhhtuceuvghrtghothdfuceoshhkrgdqshhkrgifrghrvgesshhkrghrnhgvthdrohhrgheqnecuggftrfgrthhtvghrnhepgeduudetleehiefhtddtieetvdffvefgtefgffetgfeuueeigfffteefuddtvdfhnecuffhomhgrihhnpehskhgrrhhnvghtrdhorhhgpdhgihhthhhusgdrtghomhdptggruhhsrghlrdgrghgvnhgthienucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphhouhht Hello, Happy New Year to everyone! New versions of the skarnet.org packages are available. This is a major release. The skalibs major version number has been bumped, which means that compatibility with previous versions is not ensured. Other packages have been updated to build against the new skalibs. If they only had their patch number increased, that's all the modifications they had (save for possible bugfixes); but some packages also received significant changes and underwent either a major (compatibility not ensured) or minor (simple additions) release. Support for the 2.9.* branch of skalibs, and associated versions of the other packages, is still ensured for a while, but users are always strongly encouraged to upgrade. * General ------- - Some rarely-triggered build bugs have been fixed. - -fno-stack-protector is not part of the default CFLAGS anymore; stack protector policy now defaults to the compiler's settings. * skalibs-2.10.0.0 ---------------- - Bugfixes. - Significant code cleanup. - New sysdep: chroot. - Lots of new functions, mostly to optimize the number of needed fcntl() calls at open() time. Traces should generally be marginally shorter than they were before. - Removal of the DJBUNIX_FLAG_NB and DJBUNIX_FLAG_COE macros, replaced by the POSIX O_NONBLOCK and O_CLOEXEC macros wherever they were used. - Removal of the skalibs/webipc.h header, and better header separation. - Complete revamping of the pathexec functions, now separated into exec_* (simple execution) and mexec_* (execution with merging of the environment first). In true skalibs fashion, there is a little code, and 3 pages of convenience macros (the exec.h header). - Complete rewrite of the locking functions, with a change of underlying mechanisms. The skalibs locking primitives are now named fd_lock(), fd_unlock() and fd_islocked(). The Unix locks primitive space is a horror show. flock() is not POSIX and does not have a way to test for a lock without taking it. The POSIX lockf() only has exclusive locks, not shared ones. The least bad option is fcntl(), which has shared and exclusive locks *and* a way to check for a lock without taking it, but does not allow taking a shared lock via a O_WRONLY file descriptor. Of all inconveniences this is the most minor one, so now skalibs uses fcntl(). https://skarnet.org/software/skalibs/ git://git.skarnet.org/skalibs * nsss-0.1.0.0 ------------ - New --enable-libc-includes configure option. Without this option, the pwd.h, grp.h and shadow.h headers are not installed anymore, so by default installing nsss on a FHS system does not overwrite the libc headers. https://skarnet.org/software/nsss/ git://git.skarnet.org/nsss * utmps-0.1.0.0 ------------- - New --enable-libc-includes configure option. Without this option, the utmpx.h header is not installed anymore, so by default installing utmps on a FHS system does not overwrite the libc headers. https://skarnet.org/software/utmps/ git://git.skarnet.org/utmps * execline-2.7.0.0 ---------------- - Bugfixes. - The trap program has changed. The "timeout" directive has been removed; a "default" directive has been added, to handle all signals for which a specific directive has not been given. Subprograms are now run with the SIGNAL environment variable set to the signal number (in addition to ! always being set to the application's pid). - The forstdin program has changed. It now exits 0 if it has read at least one line, and 1 otherwise. - The default list of delimiters for backtick, withstdinas, forstdin and forbacktickx has been set to "\n", so by default those programs will read and/or split on lines and only lines. - The backtick, withstdinas, forstdin, forbacktickx, forx, getpid and getcwd programs now have a -E option to activate autoimport. (This saves the user from manually adding "importas var var" after every use of these programs.) https://skarnet.org/software/execline/ git://git.skarnet.org/execline * s6-2.10.0.0 ----------- It is imperative to restart your supervision trees, by rebooting if necessary, after upgrading s6 to the new version. Otherwise, new s6 binaries interacting with service directories maintained by old s6-supervise binaries may not work. If you are using s6-linux-init, it is necessary to upgrade to the latest version of s6-linux-init at the same time as s6. - Bugfixes. - Significant code refactoring. - The internal locking system of service directories has changed, allowing for a cleaner permissions model and official support of relaxed permissions. - New binary to implement those relaxed permissions: s6-svperms. - The "nosetsid" file is not supported anymore in service directories. Services are now always started in a new session. - s6-supervise now traps SIGINT: before dying, it sends a SIGINT to its service's process group. This allows correct transmission of ^C when a supervision tree is running in a terminal, even though every service runs in its own session. - s6-svc -X doesn't exist anymore. s6-supervise now always closes stdin and stdout on the last execution of the service. - The semantics of SIGHUP and SIGQUIT have changed for s6-supervise. - The set of commands sent by s6-svscanctl and received by s6-svscan has been cleaned up and made more logical. - When told to exit normally (typically via s6-svscanctl -t), s6-svscan now first waits for the whole supervision tree to die. The .s6-svscan/finish script can now assume that all services are completely down. (s6-svscanctl -b is an exception; it should not be used in normal circumstances.) - The -s and -S options to s6-svscan are not supported anymore. Signal management in s6-svscan has been streamlined: signals have a default handler that can be overridden by a corresponding executable .s6-svscan/SIGfoo file. - Default signal handlers for s6-svscan have more intuitive semantics. - New binary to help with management of user-owned supervision trees: s6-usertree-maker. https://skarnet.org/software/s6/ git://git.skarnet.org/s6 s6 now has man pages! Thanks to flexibeast for performing the=20 conversion work. Please allow some time for the man pages to be updated to reflect the current HTML documentation. The repository can be found here: https://github.com/flexibeast/s6-man-pages * s6-linux-init-1.0.6.0 --------------------- It *is necessary* to upgrade s6-linux-init at the same time as s6. It *is recommended*, although not strictly necessary, to create your run-image directory again via a s6-linux-init-maker invocation. Old images will still boot, as long as you are using an upgraded version of s6-linux-init; but they may incorrectly handle signals sent to init, so for instance Ctrl-Alt-Del may not work anymore, until you run s6-linux-init-maker again. - New internal binary: s6-linux-init-nuke. This program is not meant to be invoked by users directly: it simply removes a dependency to the 'kill' program in a rare case involving containers. https://skarnet.org/software/s6-linux-init/ git://git.skarnet.org/s6-linux-init * s6-dns-2.3.4.0 -------------- - New library function: s6dns_message_parse_question(). https://skarnet.org/software/s6-dns/ git://git.skarnet.org/s6-dns * s6-networking-2.4.0.0 --------------------- - Important refactoring of the tls code. The crypto tunnel now runs as a child of the application, instead of the other way around. It is now isolated in a s6-tls[cd]-io binary; s6-tlsc is now a simple wrapper around s6-tlsc-io, and s6-tlsd is a simple wrapper around s6-tlsd-io. - New binaries: s6-ucspitlsc and s6-ucspitlsd. Those implement opportunistic TLS via the UCSPI-TLS protocol. - The -K option to the tls binaries has changed semantics: it now enforces a timeout for the handshake instead of dropping the connection after some inactivity. Note that this option is only useful with the bearssl backend: the libtls backend always performs a synchronous handshake, with no way of interrupting it after a timeout expires. - The execline dependency is now optional. Disabling execline, however, changes the behaviour of s6-tcpserver-access (which cannot support exec files without it). https://skarnet.org/software/s6-networking/ git://git.skarnet.org/s6-networking It is now possible to build the s6-networking package against OpenSSL instead of LibreSSL, thanks to the libretls project: https://git.causal.agency/libretls/about/ * mdevd-0.1.3.0 ------------- - New -C option to the mdevd program. This option makes mdevd automatically spawn a mdevd-coldplug program when it's ready, allowing mdevd to be used as a drop-in mdev -d replacement. (Note that the coldplug is also performed if mdevd restarts after being killed, so this feature should not be used in place of a proper service startup sequence with a mdevd-coldplug oneshot depending on the mdevd longrun. It has only been added for convenience.) https://skarnet.org/software/mdevd/ git://git.skarnet.org/mdevd * Other packages -------------- The following packages have received an update so they build with the latest version of skalibs and other dependencies, but nothing has=20 changed except possibly some bugfixes, and hopefully not too many bug additions. - s6-rc-0.5.2.1. (It is not necessary to recompile your service database. However, it is necessary to upgrade s6-rc along with s6, and to reboot the system ASAP after upgrading.) - s6-portable-utils-2.2.3.1 - s6-linux-utils-2.5.1.4 - bcnm-0.0.1.2 Enjoy, Bug-reports welcome. -- Laurent