diff options
| -rw-r--r-- | AUTHORS | 2 | ||||
| -rw-r--r-- | INSTALL | 12 | ||||
| -rw-r--r-- | NEWS | 11 | ||||
| -rwxr-xr-x | configure | 22 | ||||
| -rw-r--r-- | doc/index.html | 4 | ||||
| -rw-r--r-- | doc/upgrade.html | 23 | ||||
| -rw-r--r-- | package/deps-build | 2 | ||||
| -rw-r--r-- | package/info | 2 | ||||
| -rw-r--r-- | src/conn-tools/s6-tcpserver-access.c | 13 |
9 files changed, 74 insertions, 17 deletions
@@ -11,3 +11,5 @@ Thanks to: Thomas Pornin <pornin@bolet.org> Samuel Holland <samuel@sholland.org> Paul Jarc <prj@case.edu> + Colin Booth <colin@heliocat.net> + Amitai Schleier <schmonz@schmonz.com> @@ -6,13 +6,13 @@ Build Instructions - A POSIX-compliant C development environment - GNU make version 3.81 or later - - skalibs version 2.9.3.0 or later: http://skarnet.org/software/skalibs/ - - execline version 2.6.1.1 or later: http://skarnet.org/software/execline/ - - s6 version 2.9.2.0 or later: http://skarnet.org/software/s6/ - - s6-dns version 2.3.3.0 or later: http://skarnet.org/software/s6-dns/ + - skalibs version 2.9.4.0 or later: https://skarnet.org/software/skalibs/ + - (Optional) execline version 2.6.1.1 or later: https://skarnet.org/software/execline/ + - s6 version 2.9.2.0 or later: https://skarnet.org/software/s6/ + - s6-dns version 2.3.3.0 or later: https://skarnet.org/software/s6-dns/ - Depending on whether you build the SSL tools, - libressl version 3.1.4 or later: http://libressl.org/ - or bearssl version 0.6 or later: http://bearssl.org/ + libressl version 3.1.4 or later: https://libressl.org/ + or bearssl version 0.6 or later: https://bearssl.org/ This software will run on any operating system that implements POSIX.1-2008, available at: @@ -1,5 +1,16 @@ Changelog for s6-networking. +In 2.4.0.0 +---------- + + - execline is now optional. + - s6-tlsc and s6-tlsd rewrite. They're now wrappers around new +binaries: s6-tlsc-io and s6-tlsd-io, which establish and run a +TLS tunnel over already existing fds. + - New functionality: s6-ucspitlsc and s6-ucspitlsd, for an +implementation of delayed encryption. + + In 2.3.2.0 ---------- @@ -46,6 +46,7 @@ Optional features: --enable-absolute-paths do not rely on PATH to access this package's binaries, hardcode absolute BINDIR/foobar paths instead [disabled] --enable-nsss use the nsss library for user information [disabled] + --disable-execline don't use the execline library [enabled] SSL support: --enable-ssl=libressl|bearssl build SSL tools, w/ libtls or bearssl implementation [disabled] @@ -153,6 +154,7 @@ allpic=true slashpackage=false abspath=false usensss=false +useexecline=true sproot= home= exthome= @@ -197,6 +199,8 @@ for arg ; do --disable-absolute-paths|--enable-absolute-paths=no) abspath=false ;; --enable-nsss|--enable-nsss=yes) usensss=true ;; --disable-nsss|--enable-nsss=no) usensss=false ;; + --enable-execline|--enable-execline=yes) useexecline=true ;; + --disable-execline|--enable-execline=no) useexecline=false ;; --enable-ssl=libressl) ssl=tls ;; --enable-ssl=bearssl) ssl=bearssl ;; --disable-ssl|--enable-ssl=none) ssl= ;; @@ -458,6 +462,11 @@ else echo "LIBNSSS :=" echo "MAYBEPTHREAD_LIB :=" fi +if $useexecline ; then + echo "EXECLINE_LIB := -lexecline" +else + echo "EXECLINE_LIB :=" +fi if test -n $ssl ; then echo "SSL_IMPL := $ssl" else @@ -491,15 +500,16 @@ else echo "#define ${package_macro_name}_EXTBINPREFIX \"\"" fi echo "#define ${package_macro_name}_LIBEXECPREFIX \"$libexecdir/\"" +echo "#undef ${package_macro_name}_USE_EXECLINE" +if $useexecline ; then + echo "#define ${package_macro_name}_USE_EXECLINE" +fi +echo "#undef ${package_macro_name}_USE_TLS" +echo "#undef ${package_macro_name}_USE_BEARSSL" if test "tls" = "$ssl" ; then echo "#define ${package_macro_name}_USE_TLS" -else - echo "#undef ${package_macro_name}_USE_TLS" -fi -if test "bearssl" = "$ssl" ; then +elif test "bearssl" = "$ssl" ; then echo "#define ${package_macro_name}_USE_BEARSSL" -else - echo "#undef ${package_macro_name}_USE_BEARSSL" fi echo diff --git a/doc/index.html b/doc/index.html index 747eb98..049ed70 100644 --- a/doc/index.html +++ b/doc/index.html @@ -44,7 +44,7 @@ compiled with IPv6 support, s6-networking is IPv6-ready. <li> A POSIX-compliant system with a standard C development environment </li> <li> GNU make, version 3.81 or later </li> <li> <a href="//skarnet.org/software/skalibs/">skalibs</a> version -2.9.3.0 or later. It's a build-time requirement. It's also a run-time +2.9.4.0 or later. It's a build-time requirement. It's also a run-time requirement if you link against the shared version of the skalibs library. </li> <li> <a href="//skarnet.org/software/execline/">execline</a> version @@ -76,7 +76,7 @@ run-time requirement if you link against its shared version. </li> <ul> <li> The current released version of s6-networking is -<a href="s6-networking-2.3.2.0.tar.gz">2.3.2.0</a>. </li> +<a href="s6-networking-2.4.0.0.tar.gz">2.4.0.0</a>. </li> <li> Alternatively, you can checkout a copy of the <a href="//git.skarnet.org/cgi-bin/cgit.cgi/s6-networking/">s6-networking git repository</a>: diff --git a/doc/upgrade.html b/doc/upgrade.html index e49af01..eabebb6 100644 --- a/doc/upgrade.html +++ b/doc/upgrade.html @@ -18,6 +18,29 @@ <h1> What has changed in s6-networking </h1> +<h2> in 2.4.0.0 </h2> + +<ul> + <li> <a href="//skarnet.org/software/skalibs/">skalibs</a> +dependency bumped to 2.9.4.0. </li> + <li> <a href="//skarnet.org/software/execline/">execline</a> +has been made optional. It's still enabled by default; disabling +it with the <tt>--disable-execline</tt> configure option disables +<tt>exec</tt> file support in +<a href="s6-tcpserver-access.html">s6-tcpserver-access</a>. </li> + <li> New binaries: +<a href="s6-tlsc-io.html">s6-tlsc-io</a> and +<a href="s6-tlsd-io.html">s6-tlsd-io</a> (which are now the +only binaries to perform actual cryptography); +<a href="s6-ucspitlsc.html">s6-ucspitlsc</a>, and +<a href="s6-ucspitlsd.html">s6-ucspitlsd</a> (for delayed +encryption). </li> + <li> <a href="s6-tlsc.html">s6-tlsc</a> and +<a href="s6-tlsd.html">s6-tlsd</a> have been rewritten as +wrappers around <a href="s6-tlsc-io.html">s6-tlsc-io</a> and +<a href="s6-tlsd-io.html">s6-tlsd-io</a> respectively. </li> +</ul> + <h2> in 2.3.2.0 </h2> <ul> diff --git a/package/deps-build b/package/deps-build index c33cb48..ecfc3d6 100644 --- a/package/deps-build +++ b/package/deps-build @@ -1,5 +1,5 @@ /package/prog/skalibs /package/admin/nsss $usensss -/package/admin/execline +/package/admin/execline $useexecline /package/admin/s6 /package/web/s6-dns diff --git a/package/info b/package/info index 4939680..e053193 100644 --- a/package/info +++ b/package/info @@ -1,4 +1,4 @@ package=s6-networking -version=2.3.2.0 +version=2.4.0.0 category=net package_macro_name=S6_NETWORKING diff --git a/src/conn-tools/s6-tcpserver-access.c b/src/conn-tools/s6-tcpserver-access.c index b09a2b8..ec2ac63 100644 --- a/src/conn-tools/s6-tcpserver-access.c +++ b/src/conn-tools/s6-tcpserver-access.c @@ -4,6 +4,7 @@ #include <stdint.h> #include <unistd.h> #include <errno.h> + #include <skalibs/gccattributes.h> #include <skalibs/types.h> #include <skalibs/strerr2.h> @@ -18,11 +19,17 @@ #include <skalibs/socket.h> #include <skalibs/ip46.h> #include <skalibs/unix-timed.h> -#include <execline/config.h> + #include <s6/accessrules.h> #include <s6-dns/s6dns.h> + +#include <s6-networking/config.h> #include <s6-networking/ident.h> +#ifdef S6_NETWORKING_USE_EXECLINE +#include <execline/config.h> +#endif + #define USAGE "s6-tcpserver-access [ -v verbosity ] [ -W | -w ] [ -D | -d ] [ -H | -h ] [ -R | -r ] [ -P | -p ] [ -l localname ] [ -B banner ] [ -t timeout ] [ -i rulesdir | -x rulesfile ] prog..." #define dieusage() strerr_dieusage(100, USAGE) #define dienomem() strerr_diefu1sys(111, "update environment") @@ -378,10 +385,14 @@ int main (int argc, char const *const *argv, char const *const *envp) stralloc_free(&modifs) ; if (verbosity) log_accept(getpid(), &remoteip) ; if (params.exec.len) +#ifdef S6_NETWORKING_USE_EXECLINE { char *specialargv[4] = { EXECLINE_EXTBINPREFIX "execlineb", "-c", params.exec.s, 0 } ; xpathexec_r((char const *const *)specialargv, envp, env_len(envp), params.env.s, params.env.len) ; } +#else + strerr_warnw1x("exec file found but ignored because s6-networking was compiled without execline support!") ; +#endif xpathexec_r(argv, envp, env_len(envp), params.env.s, params.env.len) ; |