[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: spiped process matching on OpenBSD

Good information, thank you. I'm not surprised djb has a utility for
this. Links are actually a reasonably elegant workaround here.

On Sat, Apr 8, 2023, at 11:56 PM, Colin Percival wrote:
> Aside from "make OpenBSD support pid files" (which I'm guessing is not an
> option) and "match the source address", the other option which occurs to me
> is to fake argv[0].  The spiped daemon doesn't care what you put there (aside
> from using it when printing warnings) so if you have something like djb's
> argv0 utility you could have several spiped processes with different "daemon
> names".  (For that matter, even without argv0 you could create links to let
> you invoke spiped with different names.)
> But yes, setproctitle is ugly and not likely to happen.
> Colin Percival
> On 4/8/23 20:33, Jared Harper wrote:
>> Yes, I ended up successfully escaping the square brackets before. However,
>> your suggestion makes me realize that my target of matching the whole
>> daemon+daemon_flags set is probably unnecessary, all I need to match is the
>> -s, which should be unique on the host.
>> Thanks!
>> P.S. I looked at `setproctitle` a bit more and realized that it's really,
>> _really_ un-portable so that's definitely not an option.
>> On Sat, Apr 8, 2023, at 7:32 PM, Graham Percival wrote:
>>> Hi Jared,
>>> Sorry if this seems like "too obvious" of a solution, but have you tried
>>> escaping the square brackets with \ ?  i.e.
>>>      pexp="${daemon} -s \[\] .*"
>>> or something like that?
>>> I'm not familiar with rc files, so it's possible that they use a different
>>> character for escaping, but I'm certain they have that capability somehow.
>>> Cheers,
>>> - Graham
>>> On Sat, Apr 08, 2023 at 03:22:25PM -0700, Jared Harper wrote:
>>>> I have spiped running on two OpenBSD 7.2 hosts, installed via `pkg_add`,
>>>> and it works great.
>>>> The port's rc script for spiped, however, is only usable for a single
>>>> instance because it sets `pexp="${daemon} .*"`[1], which will match
>>>> every running instance of spiped.
>>>> (For those unfamiliar with `pexp`, it is the regex used to identify a
>>>> running process via `pgrep`. OpenBSD's rc system relies on this process
>>>> matching method and does not support pid files.)
>>>> I spent some time trying to configure the pexp to not be so greedy by
>>>> using the default `${daemon} ${daemon_flags}`.  This approach is
>>>> unsuccessful due to the brackets surrounding the IP address (e.g.,
>>>> `[]`) becoming a regex matching list.
>>>> Some options I could use to workaround this limitation:
>>>> 1) Use hostnames and no brackets; This apparently works but it limits
>>>> usefulness.
>>>> 2) Manually set `pexp`; This does work but requires that I remember to
>>>> update it whenever the `daemon_flags` change. Also, across multiple
>>>> processes this becomes borderline umaintainable.
>>>> (Unfortunately, using the pidfile is a no-go because of how the rc
>>>> subroutines use `pexp` in multiple places.)
>>>> Since the primary author of spiped is a long-time contributor to
>>>> FreeBSD, and FreeBSD supports pidfiles in their rc-system[2], I want to
>>>> be clear I'm not saying that spiped does anything wrong, or that OpenBSD
>>>> is doing something right. I just want to come up with a solution that I
>>>> can contribute to the OpenBSD port so that we don't have to have this
>>>> issue.
>>>> A potential solution I can see would be to support `setproctitle(3)`[3]
>>>> via a flag, such as `--name <name>`, which could result in a process
>>>> title like `spiped: myname`.  What's the appetite for this sort of
>>>> change?
>>>> However, since I'm new to a lot of these technologies, I'm fairly
>>>> certain I've missed something obvious or easy (other than "switch to
>>>> FreeBSD" ;). Do you have any other ideas?
>>>> Thanks in advance.
>>>> [1]: https://github.com/openbsd/ports/blob/master/security/spiped/pkg/spiped.rc#L9
>>>> [2]: https://man.freebsd.org/cgi/man.cgi?rc.subr(8)
>>>> [3]: https://man.freebsd.org/cgi/man.cgi?query=setproctitle&sektion=3&format=html
>>>> -jh
> -- 
> Colin Percival
> FreeBSD Deputy Release Engineer & EC2 platform maintainer
> Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid