Home
last modified time | relevance | path

Searched hist:16 (Results 176 – 200 of 377) sorted by relevance

12345678910>>...16

/unit/go/
H A Dldflags-lrt.godiff 2612:3774f26d544d Tue Jan 09 18:14:00 UTC 2024 Danielle De Leo <d.deleo@f5.com> Go: Add missing +build and go:build comments

A RHEL 8 test was failing because it uses go1.16. The old style must
be retained for backwards compat.

Fixes: 9a36de84c ("Go: Use Homebrew include paths")
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Reviewed-by: Dylan Arbour <d.arbour@f5.com>
Signed-off-by: Danielle De Leo <d.deleo@f5.com>
H A Dnxt_cgo_lib.hdiff 1547:cbcd76704c90 Tue Aug 11 16:20:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Introducing the shared application port.

This is the port shared between all application processes which use it to pass
requests for processing. Using it significantly simplifies the request
processing code in the router. The drawback is 2 more file descriptors per each
configured application and more complex libunit message wait/read code.
/unit/pkg/docker/
H A Dwelcome.htmldiff 2566:2a4197259464 Wed Oct 04 16:52:00 UTC 2023 Liam Crilly <liam.crilly@nginx.com> Docker: fix HTML escaping.
/unit/src/nodejs/unit-http/
H A Dunit.cppdiff 1767:582a004c73f8 Tue Dec 29 16:01:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Libunit: processing single port message.

This partially reverts the optimisation introduced in 1d84b9e4b459 to avoid an
unpredictable block in nxt_unit_process_port_msg(). Under high load, this
function may never return control to its caller, and the external event loop
(in Node.js and Python asyncio) won't be able to process other scheduled
events.

To reproduce the issue, two request processing types are needed: 'fast' and
'furious'. The 'fast' one simply returns a small response, while the 'furious'
schedules asynchronous calls to external resources. Thus, if Unit is subjected
to a large amount of 'fast' requests, the 'furious' request processing freezes
until the high load ends.

The issue was found by Wu Jian Ping (@wujjpp) during Node.js stream
implementation discussion and relates to PR #502 on GitHub.
diff 1766:9ec17030b67e Tue Dec 29 16:00:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Node.js: ServerRequest and ServerResponse compliance to Stream API.

ServerRequest now inherit stream Readable object. ServerResponse
provides 'writable' property.

Thanks to Wu Jian Ping (@wujjpp).

This closes #274, closes #317 issues and closes #502 PR on GitHub.
diff 1547:cbcd76704c90 Tue Aug 11 16:20:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Introducing the shared application port.

This is the port shared between all application processes which use it to pass
requests for processing. Using it significantly simplifies the request
processing code in the router. The drawback is 2 more file descriptors per each
configured application and more complex libunit message wait/read code.
diff 1543:42f27153db91 Tue Aug 11 16:19:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Libunit refactoring: port management.

- Changed the port management callbacks to notifications, which e. g. avoids
the need to call the libunit function
- Added context and library instance reference counts for a safer resource
release
- Added the router main port initialization
diff 1038:77fb332f214a Wed Apr 17 16:15:00 UTC 2019 Max Romanov <max.romanov@nginx.com> Node.js: using low-case header names as key in req.headers.

Node.js modules (body-parser, row-body) search low-cased names
('content-length', 'content-type' etc.) to properly assemble request body.

This closes #246 issue on GitHub.
diff 830:85a1832ad45c Thu Nov 01 16:10:00 UTC 2018 Andrey Zelenkov <zelenkov@nginx.com> Node.js: fixed typo in naming rawHeaders() method of request.
/unit/test/
H A Dtest_node_application.pydiff 2642:d92e92c69c5d Wed Feb 14 18:16:00 UTC 2024 Gabor Javorszky <g.javorszky@f5.com> fix: Take options as well as requestListener (#1091)

* Take options as well as requestListener

Unit-http have not kept up with the signature of nodejs's http package
development. Nodejs allows an optional `options` object to be passed to
the `createServer` function, we didn't. This resulted in function
signature errors when user code that did make use of the options arg
tried to call unit's replaced function.

This change changes the signature to be more in line with how nodejs
does it discarding it and printing a message to stdout.

* Add test file to start node application with options

* Add changes to docs/changes.xml

Closes: https://github.com/nginx/unit/issues/1043
diff 2488:55440e02a873 Mon Jun 12 13:16:00 UTC 2023 Andrei Zeliankou <zelenkov@nginx.com> Tests: prerequisites checking reworked.

Prerequisites check moved to the module level to simplify class structure.
Discovery and prerequisites checks functions moved to the separate files.
Introduced "require" fixture to provide per-test requirements check.
diff 1766:9ec17030b67e Tue Dec 29 16:00:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Node.js: ServerRequest and ServerResponse compliance to Stream API.

ServerRequest now inherit stream Readable object. ServerResponse
provides 'writable' property.

Thanks to Wu Jian Ping (@wujjpp).

This closes #274, closes #317 issues and closes #502 PR on GitHub.
diff 1596:b7e2d4d92624 Wed Sep 16 20:31:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: migrated to the pytest.
diff 970:2f4376c8f358 Wed Feb 27 16:15:00 UTC 2019 Andrey Zelenkov <zelenkov@nginx.com> Tests: added "Host" and "Connetion" headers where necessary.

Also minor header organizing.
diff 864:5ebd6964fb93 Tue Dec 04 16:05:00 UTC 2018 Andrey Zelenkov <zelenkov@nginx.com> Tests: fixed test_node_application_write_callback.

Fixed the write() callback order test.
Also introduced a separate test to verify the callback call itself.
H A Dtest_upstreams_rr.pydiff 2488:55440e02a873 Mon Jun 12 13:16:00 UTC 2023 Andrei Zeliankou <zelenkov@nginx.com> Tests: prerequisites checking reworked.

Prerequisites check moved to the module level to simplify class structure.
Discovery and prerequisites checks functions moved to the separate files.
Introduced "require" fixture to provide per-test requirements check.
diff 1730:44912af5b3e6 Sun Dec 06 16:01:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: options moved to the separate class.

This change is necessary to separate the logic
and prevent possible circular dependency.
diff 1596:b7e2d4d92624 Wed Sep 16 20:31:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: migrated to the pytest.
H A Dtest_asgi_application.pydiff 2488:55440e02a873 Mon Jun 12 13:16:00 UTC 2023 Andrei Zeliankou <zelenkov@nginx.com> Tests: prerequisites checking reworked.

Prerequisites check moved to the module level to simplify class structure.
Discovery and prerequisites checks functions moved to the separate files.
Introduced "require" fixture to provide per-test requirements check.
diff 2177:bd12f07de5c4 Tue Aug 16 02:12:00 UTC 2022 Andrei Zeliankou <zelenkov@nginx.com> Tests: added test for ASGI with UNIX socket.
diff 1850:839024ce4a6a Thu Apr 08 16:11:00 UTC 2021 Max Romanov <max.romanov@nginx.com> Tests: preserving unit.log when run without restart.

Introducing "unit.log.Log" class for "unit.log" file management.
Moving "findall()" function into TestApplicationProto.
Using "os.kill()" to send signals.
diff 1804:ed698edaaf1e Wed Feb 10 16:34:00 UTC 2021 Andrei Zeliankou <zelenkov@nginx.com> Tests: increased timeout in wait_for_record().
diff 1730:44912af5b3e6 Sun Dec 06 16:01:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: options moved to the separate class.

This change is necessary to separate the logic
and prevent possible circular dependency.
H A Dtest_python_application.pydiff 2488:55440e02a873 Mon Jun 12 13:16:00 UTC 2023 Andrei Zeliankou <zelenkov@nginx.com> Tests: prerequisites checking reworked.

Prerequisites check moved to the module level to simplify class structure.
Discovery and prerequisites checks functions moved to the separate files.
Introduced "require" fixture to provide per-test requirements check.
diff 1850:839024ce4a6a Thu Apr 08 16:11:00 UTC 2021 Max Romanov <max.romanov@nginx.com> Tests: preserving unit.log when run without restart.

Introducing "unit.log.Log" class for "unit.log" file management.
Moving "findall()" function into TestApplicationProto.
Using "os.kill()" to send signals.
diff 1804:ed698edaaf1e Wed Feb 10 16:34:00 UTC 2021 Andrei Zeliankou <zelenkov@nginx.com> Tests: increased timeout in wait_for_record().
diff 1730:44912af5b3e6 Sun Dec 06 16:01:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: options moved to the separate class.

This change is necessary to separate the logic
and prevent possible circular dependency.
diff 1706:a1da56837554 Mon Nov 16 17:37:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Tests: fixing tests interrupt in terminal.

KeyboardInterrupt re-raised.
diff 1596:b7e2d4d92624 Wed Sep 16 20:31:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: migrated to the pytest.
diff 970:2f4376c8f358 Wed Feb 27 16:15:00 UTC 2019 Andrey Zelenkov <zelenkov@nginx.com> Tests: added "Host" and "Connetion" headers where necessary.

Also minor header organizing.
diff 753:0f0094dc0f51 Fri Aug 10 16:27:00 UTC 2018 Max Romanov <max.romanov@nginx.com> Introducing app joint to accurate app release.

For accurate app descriptor release, it is required to count the number of
use counts. Use count increased when:
- app linked to configuration app queue;
- socket conf stores pointer to app;
- request for start app process posted to router service thread;

Application port has pointer to app, but it does not increase use count
to avoid use count loop.

Timer needs a pointer to nxt_timer_t which is stored in engine timers tree.
nxt_timer_t now resides in nxt_app_joint_t and does not lock the application.

Start process port RPC handlers is also linked to nxt_app_joint_t.

App joint (nxt_app_joint_t) is a 'weak pointer':
- single threaded;
- use countable;
- store pointer to nxt_app_t (which can be NULL);

nxt_app_t has pointer to nxt_app_joint_t and update its pointer to app.
diff 684:8d2796b77db8 Wed May 30 16:29:00 UTC 2018 Andrey Zelenkov <zelenkov@nginx.com> Tests: added keep-alive with reconfiguration test.
diff 504:e9ebde982898 Tue Jan 30 13:16:00 UTC 2018 Andrey Zelenkov <zelenkov@nginx.com> Tests: added methods to manage unit configuration.
H A Dtest_static.pydiff 2488:55440e02a873 Mon Jun 12 13:16:00 UTC 2023 Andrei Zeliankou <zelenkov@nginx.com> Tests: prerequisites checking reworked.

Prerequisites check moved to the module level to simplify class structure.
Discovery and prerequisites checks functions moved to the separate files.
Introduced "require" fixture to provide per-test requirements check.
diff 1730:44912af5b3e6 Sun Dec 06 16:01:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: options moved to the separate class.

This change is necessary to separate the logic
and prevent possible circular dependency.
diff 1706:a1da56837554 Mon Nov 16 17:37:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Tests: fixing tests interrupt in terminal.

KeyboardInterrupt re-raised.
diff 1596:b7e2d4d92624 Wed Sep 16 20:31:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: migrated to the pytest.
H A Dtest_php_targets.pydiff 2488:55440e02a873 Mon Jun 12 13:16:00 UTC 2023 Andrei Zeliankou <zelenkov@nginx.com> Tests: prerequisites checking reworked.

Prerequisites check moved to the module level to simplify class structure.
Discovery and prerequisites checks functions moved to the separate files.
Introduced "require" fixture to provide per-test requirements check.
diff 1730:44912af5b3e6 Sun Dec 06 16:01:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: options moved to the separate class.

This change is necessary to separate the logic
and prevent possible circular dependency.
diff 1596:b7e2d4d92624 Wed Sep 16 20:31:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: migrated to the pytest.
/unit/src/
H A Dnxt_unit.cdiff 2217:8019e6c650f6 Sat Sep 10 16:00:00 UTC 2022 Alex Colomar <a.colomar@f5.com> Added missing error checking in the C API.

pthread_mutex_init(3) may fail for several reasons, and failing to
check will cause Undefined Behavior when those errors happen. Add
missing checks, and correctly deinitialize previously created
stuff before exiting from the API.

Signed-off-by: Alejandro Colomar <alx@nginx.com>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Reviewed-by: Zhidao HONG <z.hong@f5.com>
diff 2143:52dda4e05868 Thu Jun 16 01:01:00 UTC 2022 Andrew Clayton <andrew@digital-domain.net> Unit: removed a useless assignment.

As was pointed out by the cppcheck[0] static code analysis utility there
was a useless assignment in nxt_unit_request_read(). The size parameter
is passed in by value and was being modified without being used again.

[0]: https://cppcheck.sourceforge.io/
diff 2142:0729b05c45d4 Thu Jun 16 01:00:00 UTC 2022 Andrew Clayton <andrew@digital-domain.net> Unit: avoided needlessly setting lib in nxt_unit_shm_open().

As was pointed out by the cppcheck[0] static code analysis utility, lib
was being set in nxt_unit_shm_open() regardless of platform when in fact
it's only used when (NXT_HAVE_MEMFD_CREATE || NXT_HAVE_SHM_OPEN).

Move the variable declaration & definition to be within the

#if (NXT_HAVE_MEMFD_CREATE || NXT_HAVE_SHM_OPEN)

block.

[0]: https://cppcheck.sourceforge.io/
diff 2139:99d792169ffb Thu Jun 16 01:00:00 UTC 2022 Andrew Clayton <andrew@digital-domain.net> Constified numerous function parameters.

As was pointed out by the cppcheck[0] static code analysis utility we
can mark numerous function parameters as 'const'. This acts as a hint to
the compiler about our intentions and the compiler will tell us when we
deviate from them.

[0]: https://cppcheck.sourceforge.io/
diff 2078:0996dd223cdd Sat Dec 18 23:58:00 UTC 2021 Alejandro Colomar <alx.manpages@gmail.com> Fixed indentation.

Some lines (incorrectly) had an indentation of 3 or 5, or 7 or 9,
or 11 or 13, or 15 or 17 spaces instead of 4, 8, 12, or 16. Fix them.

Found with:

$ find src -type f | xargs grep -n '^ [^ ]';
$ find src -type f | xargs grep -n '^ [^ *]';
$ find src -type f | xargs grep -n '^ [^ ]';
$ find src -type f | xargs grep -n '^ [^ *]';
$ find src -type f | xargs grep -n '^ [^ +]';
$ find src -type f | xargs grep -n '^ [^ *+]';
$ find src -type f | xargs grep -n '^ [^ +]';
$ find src -type f | xargs grep -n '^ [^ *+]';
diff 1767:582a004c73f8 Tue Dec 29 16:01:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Libunit: processing single port message.

This partially reverts the optimisation introduced in 1d84b9e4b459 to avoid an
unpredictable block in nxt_unit_process_port_msg(). Under high load, this
function may never return control to its caller, and the external event loop
(in Node.js and Python asyncio) won't be able to process other scheduled
events.

To reproduce the issue, two request processing types are needed: 'fast' and
'furious'. The 'fast' one simply returns a small response, while the 'furious'
schedules asynchronous calls to external resources. Thus, if Unit is subjected
to a large amount of 'fast' requests, the 'furious' request processing freezes
until the high load ends.

The issue was found by Wu Jian Ping (@wujjpp) during Node.js stream
implementation discussion and relates to PR #502 on GitHub.
diff 1756:72e75ce3c99f Thu Dec 17 21:25:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Libunit: fixed shared memory waiting.

The nxt_unit_ctx_port_recv() function may return the NXT_UNIT_AGAIN code, in
which case an attempt to reread the message should be made.

The issue was reproduced in load testing with response sizes 16k and up.
In the rare case of a NXT_UNIT_AGAIN result, a buffer of size -1 was processed,
which triggered a 'message too small' alert; after that, the app process was
terminated.
diff 1631:73a1935e3899 Tue Oct 06 16:06:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Removing a meaningless warning message.

Data in the queue and the socket are transmitted independently; special
READ_QUEUE and READ_SOCKET message types are used for synchronization.

The warning was accidentally committed with changeset 1d84b9e4b459.
diff 1590:b479e8ec1e36 Wed Sep 09 21:16:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Fixing WebSocket frame retain function.

Some of the pointers were not adjusted after frame's memory re-allocation.
Fortunately, this function was not used and the bug has no effect.
diff 1556:2f09c86168d9 Tue Aug 11 16:20:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Wrapping close() call in libunit for logging.
H A Dnxt_openssl.cdiff 2617:18a10bb7346d Tue Jan 16 15:37:00 UTC 2024 Andrei Zeliankou <zelenkov@nginx.com> White space formatting fixes

Closes: <https://github.com/nginx/unit/pull/1062>
diff 2224:478701bc6706 Thu Nov 18 16:47:00 UTC 2021 Remi Collet <remi@remirepo.net> TLS: Using ERR_get_error_all() with OpenSSL 3.

Link: <https://www.openssl.org/docs/man3.0/man7/migration_guide.html>
Cc: Andy Postnikov <apostnikov@gmail.com>
Cc: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Remi Collet <remi@remirepo.net>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
diff 2223:1019031754fe Wed Jan 16 07:38:00 UTC 2019 Remi Collet <remi@remirepo.net> Preferring system crypto policy.

If we don't call SSL_CTX_set_cipher_list(), then it uses the
system's default.

Link: <https://fedoraproject.org/wiki/Changes/CryptoPolicy>
Link: <https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/>
Link: <https://www.redhat.com/en/blog/consistent-security-crypto-policies-red-hat-enterprise-linux-8>
Signed-off-by: Remi Collet <remi@remirepo.net>
Acked-by: Andrei Belov <defan@nginx.com>
[ alx: add changelog and tweak commit message ]
Signed-off-by: Alejandro Colomar <alx@nginx.com>
diff 836:ecd3c5bbf7d8 Tue Nov 13 16:04:00 UTC 2018 Igor Sysoev <igor@sysoev.ru> Checking error states in I/O handlers.
diff 808:a148b7d3942c Mon Oct 22 13:16:00 UTC 2018 Sergey Kandaurov <pluknet@nginx.com> Compatibility with LibreSSL.

LibreSSL uses high OPENSSL_VERSION_NUMBER, but has no SSL_CTX_add0_chain_cert().
diff 65:10688b89aa16 Tue Jun 20 16:49:00 UTC 2017 Igor Sysoev <igor@sysoev.ru> Using new memory pool implementation.
diff 1:fdc027c56872 Mon Jan 23 16:56:00 UTC 2017 Igor Sysoev <igor@sysoev.ru> Introducing tasks.
H A Dnxt_http_parse.cdiff 2139:99d792169ffb Thu Jun 16 01:00:00 UTC 2022 Andrew Clayton <andrew@digital-domain.net> Constified numerous function parameters.

As was pointed out by the cppcheck[0] static code analysis utility we
can mark numerous function parameters as 'const'. This acts as a hint to
the compiler about our intentions and the compiler will tell us when we
deviate from them.

[0]: https://cppcheck.sourceforge.io/
diff 1459:358b957ca294 Thu Apr 16 14:09:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Using malloc/free for the http fields hash.

This is required due to lack of a graceful shutdown: there is a small gap
between the runtime's memory pool release and router process's exit. Thus, a
worker thread may start processing a request between these two operations,
which may result in an http fields hash access and subsequent crash.

To simplify issue reproduction, it makes sense to add a 2 sec sleep before
exit() in nxt_runtime_exit().
diff 1214:c3666b232602 Mon Sep 30 16:11:00 UTC 2019 Valentin Bartenev <vbart@nginx.com> HTTP parser: removed unused "exten" field.

This field was intended for MIME type lookup by file extension when serving
static files, but this use case is too narrow; only a fraction of requests
targets static content, and the URI presumably isn't rewritten. Moreover,
current implementation uses the entire filename for MIME type lookup if the
file has no extension.

Instead of extracting filenames and extensions when parsing requests, it's
easier to obtain them right before serving static content; this behavior is
already implemented. Thus, we can drop excessive logic from parser.
diff 1213:f334dd97291d Mon Sep 30 16:11:00 UTC 2019 Valentin Bartenev <vbart@nginx.com> HTTP parser: normalization of paths ending with "." or "..".

Earlier, the paths were normalized only if there was a "/" at the end, which
is wrong according to section 5.2.4 of RFC 3986 and hypothetically may allow
to the directory above the document root.
diff 1170:830d6af7d24c Mon Sep 16 17:17:00 UTC 2019 Valentin Bartenev <vbart@nginx.com> HTTP parser: removed unused "plus_in_target" flag.
diff 1168:d4b329089cca Mon Sep 16 17:17:00 UTC 2019 Valentin Bartenev <vbart@nginx.com> HTTP parser: removed unused "exten_start" and "args_start" fields.
diff 1167:a49ee872e83d Mon Sep 16 17:17:00 UTC 2019 Valentin Bartenev <vbart@nginx.com> Configuration: added ability to access object members with slashes.

Now URI encoding can be used to escape "/" in the request path:

GET /config/listeners/unix:%2Fpath%2Fto%2Fsocket/
diff 410:35d3565882ac Fri Dec 08 16:18:00 UTC 2017 Valentin Bartenev <vbart@nginx.com> HTTP parser: improved detection of corrupted request line.
diff 409:703c6b2bb0ac Fri Dec 08 16:18:00 UTC 2017 Valentin Bartenev <vbart@nginx.com> HTTP parser: slightly improved readability of code.

As suggested by Igor Sysoev.
diff 65:10688b89aa16 Tue Jun 20 16:49:00 UTC 2017 Igor Sysoev <igor@sysoev.ru> Using new memory pool implementation.
H A Dnxt_clone.hdiff 1595:d1884e46cf71 Wed Sep 16 16:52:00 UTC 2020 Tiago Natel de Moura <t.nateldemoura@f5.com> Isolation: remove redundant macro.
diff 1595:d1884e46cf71 Wed Sep 16 16:52:00 UTC 2020 Tiago Natel de Moura <t.nateldemoura@f5.com> Isolation: remove redundant macro.
diff 1488:6976d36be926 Mon Mar 09 16:28:00 UTC 2020 Tiago Natel de Moura <t.nateldemoura@f5.com> Refactor of process management.

The process abstraction has changed to:

setup(task, process)
start(task, process_data)
prefork(task, process, mp)

The prefork() occurs in the main process right before fork.

The file src/nxt_main_process.c is completely free of process
specific logic.

The creation of a process now supports a PROCESS_CREATED state. The
The setup() function of each process can set its state to either
created or ready. If created, a MSG_PROCESS_CREATED is sent to main
process, where external setup can be done (required for rootfs under
container).

The core processes (discovery, controller and router) doesn't need
external setup, then they all proceeds to their start() function
straight away.

In the case of applications, the load of the module happens at the
process setup() time and The module's init() function has changed
to be the start() of the process.

The module API has changed to:

setup(task, process, conf)
start(task, data)

As a direct benefit of the PROCESS_CREATED message, the clone(2) of
processes using pid namespaces now doesn't need to create a pipe
to make the child block until parent setup uid/gid mappings nor it
needs to receive the child pid.
diff 1306:3604d05e48be Fri Dec 06 16:52:00 UTC 2019 Tiago Natel <t.nateldemoura@f5.com> Isolation: allowed the use of credentials with unpriv userns.

The setuid/setgid syscalls requires root capabilities but if the kernel
supports unprivileged user namespace then the child process has the full
set of capabilities in the new namespace, then we can allow setting "user"
and "group" in such cases (this is a common security use case).

Tests were added to ensure user gets meaningful error messages for
uid/gid mapping misconfigurations.
H A Dnxt_port_hash.c75:63205c12a84b Fri Jun 23 16:19:00 UTC 2017 Max Romanov <max.romanov@nginx.com> lvlhash for ports moved to separate files for future re-use.
H A Dnxt_port_hash.h75:63205c12a84b Fri Jun 23 16:19:00 UTC 2017 Max Romanov <max.romanov@nginx.com> lvlhash for ports moved to separate files for future re-use.
H A Dnxt_work_queue.cdiff 1:fdc027c56872 Mon Jan 23 16:56:00 UTC 2017 Igor Sysoev <igor@sysoev.ru> Introducing tasks.
H A Dnxt_array.cdiff 65:10688b89aa16 Tue Jun 20 16:49:00 UTC 2017 Igor Sysoev <igor@sysoev.ru> Using new memory pool implementation.
H A Dnxt_log.cdiff 1:fdc027c56872 Mon Jan 23 16:56:00 UTC 2017 Igor Sysoev <igor@sysoev.ru> Introducing tasks.
H A Dnxt_process.cdiff 2376:1a48ea61fec8 Thu Mar 09 23:26:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Remove some dormant code from nxt_process_quit().

In nxt_process_quit() there is a loop that iterates over the
task->thread->runtime->listen_sockets array and closes the connections.

This code has been there from the beginning

$ git log --pretty=oneline -S'if (rt->listen_sockets != NULL)'
e9e5ddd5a5d9ce99768833137eac2551a710becf Refactor of process management.
6f2c9acd1841ca20a1388b34aef64e9f00459090 Processes refactoring. The cycle has been renamed to the runtime.
$ git log --pretty=oneline -S'if (cycle->listen_sockets != NULL) {'
6f2c9acd1841ca20a1388b34aef64e9f00459090 Processes refactoring. The cycle has been renamed to the runtime.
16cbf3c076a0aca6d47adaf3f719493674cf2363 Initial version.

but never seems to have been used (AFAICT and certainly not recently,
confirmed by code inspection and running pytests with a bunch of
language modules enabled and the code in question was never executed) as
the listen_sockets array has never been populated... until now.

The previous commit now adds Unix domain sockets to this array so that
they can be unlink(2)'d upon exit and reconfiguration.

This has now caused this dormant code to become active as it now tries
to close these sockets (from at least the prototype processes), this
array is inherited via fork by other processes.

The file descriptor for these sockets is set to -1 when they are put
into this array. This then results in close(-1) calls which caused
multiple failures in the pytests such as

> assert not alerts, 'alert(s)'
E AssertionError: alert(s)
E assert not ['2023/03/09 23:26:14 [alert] 137673#137673 socket close(-1) failed (9: Bad file descriptor)']

I think the simplest thing is to just remove this code.

Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 2260:3005b3de99a5 Mon Oct 24 16:35:00 UTC 2022 Andrew Clayton <a.clayton@nginx.com> Isolation: wired up per-application cgroup support internally.

This commit hooks into the cgroup infrastructure added in the previous
commit to create per-application cgroups.

It does this by adding each "prototype process" into its own cgroup,
then each child process inherits its parents cgroup.

If we fail to create a cgroup we simply fail the process. This behaviour
may get enhanced in the future.

This won't actually do anything yet. Subsequent commits will hook this
up to the build and config systems.

Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 1548:a745db447e56 Tue Aug 11 16:20:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Process structures refactoring in runtime and libunit.

Generic process-to-process shared memory exchange is no more required. Here,
it is transformed into a router-to-application pattern. The outgoing shared
memory segments collection is now the property of the application structure.
The applications connect to the router only, and the process only needs to group
the ports.
diff 1545:78836321a126 Tue Aug 11 16:20:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Changing router to application port exchange protocol.

The application process needs to request the port from the router instead of the
latter pushing the port before sending a request to the application. This is
required to simplify the communication between the router and the application
and to prepare the router to use the application shared port and then the queue.
diff 1543:42f27153db91 Tue Aug 11 16:19:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Libunit refactoring: port management.

- Changed the port management callbacks to notifications, which e. g. avoids
the need to call the libunit function
- Added context and library instance reference counts for a safer resource
release
- Added the router main port initialization
diff 1488:6976d36be926 Mon Mar 09 16:28:00 UTC 2020 Tiago Natel de Moura <t.nateldemoura@f5.com> Refactor of process management.

The process abstraction has changed to:

setup(task, process)
start(task, process_data)
prefork(task, process, mp)

The prefork() occurs in the main process right before fork.

The file src/nxt_main_process.c is completely free of process
specific logic.

The creation of a process now supports a PROCESS_CREATED state. The
The setup() function of each process can set its state to either
created or ready. If created, a MSG_PROCESS_CREATED is sent to main
process, where external setup can be done (required for rootfs under
container).

The core processes (discovery, controller and router) doesn't need
external setup, then they all proceeds to their start() function
straight away.

In the case of applications, the load of the module happens at the
process setup() time and The module's init() function has changed
to be the start() of the process.

The module API has changed to:

setup(task, process, conf)
start(task, data)

As a direct benefit of the PROCESS_CREATED message, the clone(2) of
processes using pid namespaces now doesn't need to create a pipe
to make the child block until parent setup uid/gid mappings nor it
needs to receive the child pid.
diff 1306:3604d05e48be Fri Dec 06 16:52:00 UTC 2019 Tiago Natel <t.nateldemoura@f5.com> Isolation: allowed the use of credentials with unpriv userns.

The setuid/setgid syscalls requires root capabilities but if the kernel
supports unprivileged user namespace then the child process has the full
set of capabilities in the new namespace, then we can allow setting "user"
and "group" in such cases (this is a common security use case).

Tests were added to ensure user gets meaningful error messages for
uid/gid mapping misconfigurations.
diff 1302:d4c6a91f7091 Tue Nov 26 16:26:00 UTC 2019 Tiago Natel <t.nateldemoura@f5.com> Refactor of process init.

Introduces the functions nxt_process_init_create() and
nxt_process_init_creds_set().
diff 1297:f04b5f7d6137 Tue Nov 26 16:15:00 UTC 2019 Tiago Natel <t.nateldemoura@f5.com> Changed the group listing to run unprivileged when possible.

Now the nxt_user_groups_get() function uses getgrouplist(3) when available
(except MacOS, see below). For some platforms, getgrouplist() supports
a method of probing how much groups the user has but the behavior is not
consistent. The method used here consists of optimistically trying to get up
to min(256, NGROUPS_MAX) groups; only if ngroups returned exceeds the original
value, we do a second call. This method can block main's process if LDAP/NDIS+
is in use.

MacOS has getgrouplist(3) but it's buggy. It doesn't update ngroups if the
value passed is smaller than the number of groups the user has. Some
projects (like Go stdlib) call getgrouplist() in a loop, increasing ngroups
until it exceeds the number of groups user belongs to or fail when a limit
is reached. For performance reasons, this is to be avoided and MacOS is
handled in the fallback implementation.

The fallback implementation is the old Unit approach. It saves main's
user groups (getgroups(2)) and then calls initgroups(3) to load application's
groups in main, then does a second getgroups(2) to store the gids and restore
main's groups in the end. Because of initgroups(3)' call to setgroups(2),
this method requires root capabilities. In the case of OSX, which has
small NGROUPS_MAX by default (16), it's not possible to restore main's groups
if it's large; if so, this method fallbacks again: user_cred gids aren't
stored, and the worker process calls initgroups() itself and may block for
some time if LDAP/NDIS+ is in use.
diff 1297:f04b5f7d6137 Tue Nov 26 16:15:00 UTC 2019 Tiago Natel <t.nateldemoura@f5.com> Changed the group listing to run unprivileged when possible.

Now the nxt_user_groups_get() function uses getgrouplist(3) when available
(except MacOS, see below). For some platforms, getgrouplist() supports
a method of probing how much groups the user has but the behavior is not
consistent. The method used here consists of optimistically trying to get up
to min(256, NGROUPS_MAX) groups; only if ngroups returned exceeds the original
value, we do a second call. This method can block main's process if LDAP/NDIS+
is in use.

MacOS has getgrouplist(3) but it's buggy. It doesn't update ngroups if the
value passed is smaller than the number of groups the user has. Some
projects (like Go stdlib) call getgrouplist() in a loop, increasing ngroups
until it exceeds the number of groups user belongs to or fail when a limit
is reached. For performance reasons, this is to be avoided and MacOS is
handled in the fallback implementation.

The fallback implementation is the old Unit approach. It saves main's
user groups (getgroups(2)) and then calls initgroups(3) to load application's
groups in main, then does a second getgroups(2) to store the gids and restore
main's groups in the end. Because of initgroups(3)' call to setgroups(2),
this method requires root capabilities. In the case of OSX, which has
small NGROUPS_MAX by default (16), it's not possible to restore main's groups
if it's large; if so, this method fallbacks again: user_cred gids aren't
stored, and the worker process calls initgroups() itself and may block for
some time if LDAP/NDIS+ is in use.
H A Dnxt_buf_pool.cdiff 65:10688b89aa16 Tue Jun 20 16:49:00 UTC 2017 Igor Sysoev <igor@sysoev.ru> Using new memory pool implementation.
H A Dnxt_isolation.cdiff 2379:927b793559d4 Thu Mar 16 21:35:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Default PR_SET_NO_NEW_PRIVS to off.

This prctl(2) option was enabled in commit 0277d8f1 ("Isolation: Fix the
enablement of PR_SET_NO_NEW_PRIVS.") and this was being set by default.

This prctl(2) when enabled renders (amongst other things) the set-UID
and set-GID bits on executables ineffective after an execve(2).

This causes an issue for applications that want to execute the
sendmail(8) binary, this includes the PHP mail() function, which is
usually set-GID.

After some internal discussion it was decided to disable this option by
default.

Closes: <https://github.com/nginx/unit/issues/852>
Fixes: 0277d8f1 ("Isolation: Fix the enablement of PR_SET_NO_NEW_PRIVS.")
Fixes: e2b53e16 ("Added "rootfs" feature.")
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 2354:c6a613bd7bd0 Wed Feb 22 16:04:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Isolation: rootfs: Set the sticky bit on the tmp directory.

When using the 'rootfs' isolation option, by default a tmpfs filesystem
is mounted on tmp/. Currently this is mounted with a mode of 0777, i.e

drwxrwxrwx. 3 root root 60 Feb 22 11:56 tmp

however this should really have the sticky bit[0] set (as is per-normal for
such directories) to prevent users from having free reign on the files
contained within.

What we really want is it mounted with a mode of 01777, i.e

drwxrwxrwt. 3 root root 60 Feb 22 11:57 tmp

[0]: To quote inode(7)

"The sticky bit (S_ISVTX) on a directory means that a file in that
directory can be renamed or deleted only by the owner of the file, by
the owner of the directory, and by a privileged process."

Reviewed-by: Liam Crilly <liam@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 2331:48798e038044 Wed Feb 22 16:04:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Isolation: rootfs: Set the sticky bit on the tmp directory.

When using the 'rootfs' isolation option, by default a tmpfs filesystem
is mounted on tmp/. Currently this is mounted with a mode of 0777, i.e

drwxrwxrwx. 3 root root 60 Feb 22 11:56 tmp

however this should really have the sticky bit[0] set (as is per-normal for
such directories) to prevent users from having free reign on the files
contained within.

What we really want is it mounted with a mode of 01777, i.e

drwxrwxrwt. 3 root root 60 Feb 22 11:57 tmp

[0]: To quote inode(7)

"The sticky bit (S_ISVTX) on a directory means that a file in that
directory can be renamed or deleted only by the owner of the file, by
the owner of the directory, and by a privileged process."

Reviewed-by: Liam Crilly <liam@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 2260:3005b3de99a5 Mon Oct 24 16:35:00 UTC 2022 Andrew Clayton <a.clayton@nginx.com> Isolation: wired up per-application cgroup support internally.

This commit hooks into the cgroup infrastructure added in the previous
commit to create per-application cgroups.

It does this by adding each "prototype process" into its own cgroup,
then each child process inherits its parents cgroup.

If we fail to create a cgroup we simply fail the process. This behaviour
may get enhanced in the future.

This won't actually do anything yet. Subsequent commits will hook this
up to the build and config systems.

Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 1708:4463c1fc26fd Mon Nov 16 17:56:00 UTC 2020 Tiago Natel de Moura <t.nateldemoura@f5.com> Isolation: added option to disable "procfs" mount.

Now users can disable the default procfs mount point
in the rootfs.

{
"isolation": {
"automount": {
"procfs": false
}
}
}
diff 1595:d1884e46cf71 Wed Sep 16 16:52:00 UTC 2020 Tiago Natel de Moura <t.nateldemoura@f5.com> Isolation: remove redundant macro.
diff 1595:d1884e46cf71 Wed Sep 16 16:52:00 UTC 2020 Tiago Natel de Moura <t.nateldemoura@f5.com> Isolation: remove redundant macro.
H A Dnxt_port_memory.hdiff 1546:06017e6e3a5f Tue Aug 11 16:20:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Changing router to application shared memory exchange protocol.

The application process needs to request the shared memory segment from the
router instead of the latter pushing the segment before sending a request to
the application. This is required to simplify the communication between the
router and the application and to prepare the router for using the application
shared port and then the queue.
diff 82:4be7aabeb2d1 Fri Jun 23 16:20:00 UTC 2017 Max Romanov <max.romanov@nginx.com> Moved message size to nxt_port_recv_msg_t for convenience.
diff 80:1b394e999c7c Fri Jun 23 16:20:00 UTC 2017 Max Romanov <max.romanov@nginx.com> Store pointer to shared memory start in buf->parent.

nxt_port_mmap_t stored in arrays and it is unsafe to store
pointer to array element.

Shared memory structures and macros moved to separate header
file to be used by GO package.
/unit/tools/
H A Dsetup-unitdiff 2617:18a10bb7346d Tue Jan 16 15:37:00 UTC 2024 Andrei Zeliankou <zelenkov@nginx.com> White space formatting fixes

Closes: <https://github.com/nginx/unit/pull/1062>
diff 2495:817c1d856f32 Tue Jun 06 11:16:00 UTC 2023 Alejandro Colomar <alx@nginx.com> Tools: setup-unit: ps: forcing full lines from ps(1).

Some ps(1) implementations trim lines to 80 columns, even if the output
is being piped. Let's force ps(1) to output full lines with `ww`, which
is not in POSIX, but seems to be portable enough.

On 2023-06-08 13:19, Andrew Clayton wrote:
> Just for posterity...
>
> BusyBox ps(1) knows about a grand total of 2 options!
>
> BusyBox v1.35.0 (2022-11-19 10:13:10 UTC) multi-call binary.
>
> Usage: ps [-o COL1,COL2=HEADER] [-T]
>
> Show list of processes
>
> -o COL1,COL2=HEADER Select columns for display
> -T Show threads
>
> But at least it doesn't make it worse. In fact all of these three do
> exactly the same thing
>
> ps
> ps ax
> ps axww
>
> I.e it ignores any non option argument...
>
> It does however help on OpenIndiana...

Link: <https://github.com/nginx/unit/issues/875>
Link: <https://github.com/nginx/unit/issues/886>
Link: <https://github.com/nginx/unit/pull/885>
Cc: <https://github.com/mattxtaz>
Cc: Liam Crilly <liam@nginx.com>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
diff 2432:6df870c978e6 Mon Apr 03 16:16:00 UTC 2023 Alejandro Colomar <alx@nginx.com> Tools: setup-unit: unified repeated code.

Instead of doing the same operation in each subcommand, do it once in
the parent.

Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
diff 2432:6df870c978e6 Mon Apr 03 16:16:00 UTC 2023 Alejandro Colomar <alx@nginx.com> Tools: setup-unit: unified repeated code.

Instead of doing the same operation in each subcommand, do it once in
the parent.

Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
diff 2314:bc5a90e2e6e8 Thu Jul 14 11:25:00 UTC 2022 Alejandro Colomar <alx.manpages@gmail.com> Added default values for pathnames.

This allows one to simply run `./configure` and expect it to
produce sane defaults for an install.

Previously, without specifying `--prefix=...`, `make install`
would simply fail, recommending to set `--prefix` or `DESTDIR`,
but that recommendation was incomplete at best, since it didn't
set many of the subdirs needed for a good organization.

Setting `DESTDIR` was even worse, since that shouldn't even affect
an installation (it is required to be transparent to the
installation).

/usr/local is the historic Unix standard path to use for
installations from source made manually by the admin of the
system. Some package managers (Homebrew, I'm looking specifically
at you) have abused that path to install their things, but 1) it's
not our fault that someone else incorrectly abuses that path (and
they seem to be fixing it for newer archs; e.g., they started
using /opt/homebrew for Apple Silicon), 2) there's no better path
than /usr/local, 3) we still allow changing it for systems where
this might not be the desired path (MacOS Intel with hombrew), and
4) it's _the standard_.

See a related conversation with Ingo (OpenBSD maintainer):

On 7/27/22 16:16, Ingo Schwarze wrote:
> Hi Alejandro,
[...]
>
> Alejandro Colomar wrote on Sun, Jul 24, 2022 at 07:07:18PM +0200:
>> On 7/24/22 16:57, Ingo Schwarze wrote:
>>> Alejandro Colomar wrote on Sun, Jul 24, 2022 at 01:20:46PM +0200:
>
>>>> /usr/local is for sysadmins to build from source;
>
>>> Doing that is *very* strongly discouraged on OpenBSD.
>
>> I guess that's why the directory was reused in the BSDs to install ports
>> (probably ports were installed by the sysadmin there, and by extension,
>> ports are now always installed there, but that's just a guess).
>
> Maybe. In any case, the practice of using /usr/local for packages
> created from ports is significantly older than the recommendation
> to refrain from using upstream "make install" outside the ports
> framework.
>
> * The FreeBSD ports framework was started by Jordan Hubbard in 1993.
> * The ports framework was ported from FreeBSD to OpenBSD
> by Niklas Hallqvist in 1996.
> * NetBSD pkgsrc was forked from FreeBSD ports by Alistair G. Crooks
> and Hubert Feyrer in 1997.
>
> I failed to quickly find Jordan's original version, but rev. 1.1
> of /usr/ports/infrastructure/mk/bsd.port.mk in OpenBSD (dated Jun 3
> 22:47:10 1996 UTC) already said
>
> LOCALBASE ?= /usr/local
> PREFIX ?= ${LOCALBASE}
>
[...]
>> I had a discussion in NGINX Unit about it, and
>> the decission for now has been: "support prefix=/usr/local for default
>> manual installation through the Makefile, and let BSD users adjust to
>> their preferred path".
>
> That's an *excellent* solution for the task, thanks for doing it
> the right way. By setting PREFIX=/usr/local by default in the
> upstream Makefile, you are minimizing the work for *BSD porters.
>
> The BSD ports frameworks will typically run the upstreak "make install"
> with the variable DESTDIR set to a custom value, for example
>
> DESTDIR=/usr/ports/pobj/groff-1.23.0/fake-amd64
>
> so if the upstream Makefile sets PREFIX=/usr/local ,
> that's perfect, everything gets installed to the right place
> without an intervention by the person doing the porting.
>
> Of course, if the upstream Makefile would use some other PREFIX,
> that would not be a huge obstacle. All we have to do in that case
> is pass the option --prefix=/usr/local to the ./configure script,
> or something equivalent if the software isn't using GNU configure.
>
>> We were concerned that we might get collisions
>> with the BSD port also installing in /usr/local, but that's the least
>> evil (and considering BSD users don't typically run `make install`, it's
>> not so bad).
>
> It's not bad at all. It's perfect.
>
> Of course, if a user wants to install *without* the ports framework,
> they have to provide their own --prefix. But that's not an issue
> because it is easy to do, and installing without a port is discouraged
> anyway.

===

Directory variables should never contain a trailing slash (I've
learned that the hard way, where some things would break
unexpectedly). Especially, make(1) is likely to have problems
when things have double slashes or a trailing slash, since it
treats filenames as text strings. I've removed the trailing slash
from the prefix, and added it to the derivate variables just after
the prefix. pkg-config(1) also expects directory variables to have
no trailing slash.

===

I also removed the code that would set variables as depending on
the prefix if they didn't start with a slash, because that is a
rather non-obvious behavior, and things should not always depend
on prefix, but other dirs such as $(runstatedir), so if we keep
a similar behavior it would be very unreliable. Better keep
variables intact if set, or use the default if unset.

===

Print the real defaults for ./configure --help, rather than the actual
values.

===

I used a subdirectory under the standard /var/lib for NXT_STATE,
instead of a homemade "state" dir that does the same thing.

===

Modified the Makefile to create some dirs that weren't being
created, and also remove those that weren't being removed in
uninstall, probably because someone forgot to add them.

===

Add new options for setting the new variables, and rename some to be
consistent with the standard names. Keep the old ones at configuration
time for compatibility, but mark them as deprecated. Don't keep the old
ones at exec time.

===

A summary of the default config is:

Unit configuration summary:

bin directory: ............. "/usr/local/bin"
sbin directory: ............ "/usr/local/sbin"
lib directory: ............. "/usr/local/lib"
include directory: ......... "/usr/local/include"
man pages directory: ....... "/usr/local/share/man"
modules directory: ......... "/usr/local/lib/unit/modules"
state directory: ........... "/usr/local/var/lib/unit"
tmp directory: ............. "/tmp"

pid file: .................. "/usr/local/var/run/unit/unit.pid"
log file: .................. "/usr/local/var/log/unit/unit.log"

control API socket: ........ "unix:/usr/local/var/run/unit/control.unit.sock"

Link: <https://www.gnu.org/prep/standards/html_node/Directory-Variables.html>
Link: <https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html>
Reviewed-by: Artem Konev <a.konev@f5.com>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Tested-by: Andrew Clayton <a.clayton@nginx.com>
Reviewed-by: Konstantin Pavlov <thresh@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
diff 2314:bc5a90e2e6e8 Thu Jul 14 11:25:00 UTC 2022 Alejandro Colomar <alx.manpages@gmail.com> Added default values for pathnames.

This allows one to simply run `./configure` and expect it to
produce sane defaults for an install.

Previously, without specifying `--prefix=...`, `make install`
would simply fail, recommending to set `--prefix` or `DESTDIR`,
but that recommendation was incomplete at best, since it didn't
set many of the subdirs needed for a good organization.

Setting `DESTDIR` was even worse, since that shouldn't even affect
an installation (it is required to be transparent to the
installation).

/usr/local is the historic Unix standard path to use for
installations from source made manually by the admin of the
system. Some package managers (Homebrew, I'm looking specifically
at you) have abused that path to install their things, but 1) it's
not our fault that someone else incorrectly abuses that path (and
they seem to be fixing it for newer archs; e.g., they started
using /opt/homebrew for Apple Silicon), 2) there's no better path
than /usr/local, 3) we still allow changing it for systems where
this might not be the desired path (MacOS Intel with hombrew), and
4) it's _the standard_.

See a related conversation with Ingo (OpenBSD maintainer):

On 7/27/22 16:16, Ingo Schwarze wrote:
> Hi Alejandro,
[...]
>
> Alejandro Colomar wrote on Sun, Jul 24, 2022 at 07:07:18PM +0200:
>> On 7/24/22 16:57, Ingo Schwarze wrote:
>>> Alejandro Colomar wrote on Sun, Jul 24, 2022 at 01:20:46PM +0200:
>
>>>> /usr/local is for sysadmins to build from source;
>
>>> Doing that is *very* strongly discouraged on OpenBSD.
>
>> I guess that's why the directory was reused in the BSDs to install ports
>> (probably ports were installed by the sysadmin there, and by extension,
>> ports are now always installed there, but that's just a guess).
>
> Maybe. In any case, the practice of using /usr/local for packages
> created from ports is significantly older than the recommendation
> to refrain from using upstream "make install" outside the ports
> framework.
>
> * The FreeBSD ports framework was started by Jordan Hubbard in 1993.
> * The ports framework was ported from FreeBSD to OpenBSD
> by Niklas Hallqvist in 1996.
> * NetBSD pkgsrc was forked from FreeBSD ports by Alistair G. Crooks
> and Hubert Feyrer in 1997.
>
> I failed to quickly find Jordan's original version, but rev. 1.1
> of /usr/ports/infrastructure/mk/bsd.port.mk in OpenBSD (dated Jun 3
> 22:47:10 1996 UTC) already said
>
> LOCALBASE ?= /usr/local
> PREFIX ?= ${LOCALBASE}
>
[...]
>> I had a discussion in NGINX Unit about it, and
>> the decission for now has been: "support prefix=/usr/local for default
>> manual installation through the Makefile, and let BSD users adjust to
>> their preferred path".
>
> That's an *excellent* solution for the task, thanks for doing it
> the right way. By setting PREFIX=/usr/local by default in the
> upstream Makefile, you are minimizing the work for *BSD porters.
>
> The BSD ports frameworks will typically run the upstreak "make install"
> with the variable DESTDIR set to a custom value, for example
>
> DESTDIR=/usr/ports/pobj/groff-1.23.0/fake-amd64
>
> so if the upstream Makefile sets PREFIX=/usr/local ,
> that's perfect, everything gets installed to the right place
> without an intervention by the person doing the porting.
>
> Of course, if the upstream Makefile would use some other PREFIX,
> that would not be a huge obstacle. All we have to do in that case
> is pass the option --prefix=/usr/local to the ./configure script,
> or something equivalent if the software isn't using GNU configure.
>
>> We were concerned that we might get collisions
>> with the BSD port also installing in /usr/local, but that's the least
>> evil (and considering BSD users don't typically run `make install`, it's
>> not so bad).
>
> It's not bad at all. It's perfect.
>
> Of course, if a user wants to install *without* the ports framework,
> they have to provide their own --prefix. But that's not an issue
> because it is easy to do, and installing without a port is discouraged
> anyway.

===

Directory variables should never contain a trailing slash (I've
learned that the hard way, where some things would break
unexpectedly). Especially, make(1) is likely to have problems
when things have double slashes or a trailing slash, since it
treats filenames as text strings. I've removed the trailing slash
from the prefix, and added it to the derivate variables just after
the prefix. pkg-config(1) also expects directory variables to have
no trailing slash.

===

I also removed the code that would set variables as depending on
the prefix if they didn't start with a slash, because that is a
rather non-obvious behavior, and things should not always depend
on prefix, but other dirs such as $(runstatedir), so if we keep
a similar behavior it would be very unreliable. Better keep
variables intact if set, or use the default if unset.

===

Print the real defaults for ./configure --help, rather than the actual
values.

===

I used a subdirectory under the standard /var/lib for NXT_STATE,
instead of a homemade "state" dir that does the same thing.

===

Modified the Makefile to create some dirs that weren't being
created, and also remove those that weren't being removed in
uninstall, probably because someone forgot to add them.

===

Add new options for setting the new variables, and rename some to be
consistent with the standard names. Keep the old ones at configuration
time for compatibility, but mark them as deprecated. Don't keep the old
ones at exec time.

===

A summary of the default config is:

Unit configuration summary:

bin directory: ............. "/usr/local/bin"
sbin directory: ............ "/usr/local/sbin"
lib directory: ............. "/usr/local/lib"
include directory: ......... "/usr/local/include"
man pages directory: ....... "/usr/local/share/man"
modules directory: ......... "/usr/local/lib/unit/modules"
state directory: ........... "/usr/local/var/lib/unit"
tmp directory: ............. "/tmp"

pid file: .................. "/usr/local/var/run/unit/unit.pid"
log file: .................. "/usr/local/var/log/unit/unit.log"

control API socket: ........ "unix:/usr/local/var/run/unit/control.unit.sock"

Link: <https://www.gnu.org/prep/standards/html_node/Directory-Variables.html>
Link: <https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html>
Reviewed-by: Artem Konev <a.konev@f5.com>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Tested-by: Andrew Clayton <a.clayton@nginx.com>
Reviewed-by: Konstantin Pavlov <thresh@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
diff 2314:bc5a90e2e6e8 Thu Jul 14 11:25:00 UTC 2022 Alejandro Colomar <alx.manpages@gmail.com> Added default values for pathnames.

This allows one to simply run `./configure` and expect it to
produce sane defaults for an install.

Previously, without specifying `--prefix=...`, `make install`
would simply fail, recommending to set `--prefix` or `DESTDIR`,
but that recommendation was incomplete at best, since it didn't
set many of the subdirs needed for a good organization.

Setting `DESTDIR` was even worse, since that shouldn't even affect
an installation (it is required to be transparent to the
installation).

/usr/local is the historic Unix standard path to use for
installations from source made manually by the admin of the
system. Some package managers (Homebrew, I'm looking specifically
at you) have abused that path to install their things, but 1) it's
not our fault that someone else incorrectly abuses that path (and
they seem to be fixing it for newer archs; e.g., they started
using /opt/homebrew for Apple Silicon), 2) there's no better path
than /usr/local, 3) we still allow changing it for systems where
this might not be the desired path (MacOS Intel with hombrew), and
4) it's _the standard_.

See a related conversation with Ingo (OpenBSD maintainer):

On 7/27/22 16:16, Ingo Schwarze wrote:
> Hi Alejandro,
[...]
>
> Alejandro Colomar wrote on Sun, Jul 24, 2022 at 07:07:18PM +0200:
>> On 7/24/22 16:57, Ingo Schwarze wrote:
>>> Alejandro Colomar wrote on Sun, Jul 24, 2022 at 01:20:46PM +0200:
>
>>>> /usr/local is for sysadmins to build from source;
>
>>> Doing that is *very* strongly discouraged on OpenBSD.
>
>> I guess that's why the directory was reused in the BSDs to install ports
>> (probably ports were installed by the sysadmin there, and by extension,
>> ports are now always installed there, but that's just a guess).
>
> Maybe. In any case, the practice of using /usr/local for packages
> created from ports is significantly older than the recommendation
> to refrain from using upstream "make install" outside the ports
> framework.
>
> * The FreeBSD ports framework was started by Jordan Hubbard in 1993.
> * The ports framework was ported from FreeBSD to OpenBSD
> by Niklas Hallqvist in 1996.
> * NetBSD pkgsrc was forked from FreeBSD ports by Alistair G. Crooks
> and Hubert Feyrer in 1997.
>
> I failed to quickly find Jordan's original version, but rev. 1.1
> of /usr/ports/infrastructure/mk/bsd.port.mk in OpenBSD (dated Jun 3
> 22:47:10 1996 UTC) already said
>
> LOCALBASE ?= /usr/local
> PREFIX ?= ${LOCALBASE}
>
[...]
>> I had a discussion in NGINX Unit about it, and
>> the decission for now has been: "support prefix=/usr/local for default
>> manual installation through the Makefile, and let BSD users adjust to
>> their preferred path".
>
> That's an *excellent* solution for the task, thanks for doing it
> the right way. By setting PREFIX=/usr/local by default in the
> upstream Makefile, you are minimizing the work for *BSD porters.
>
> The BSD ports frameworks will typically run the upstreak "make install"
> with the variable DESTDIR set to a custom value, for example
>
> DESTDIR=/usr/ports/pobj/groff-1.23.0/fake-amd64
>
> so if the upstream Makefile sets PREFIX=/usr/local ,
> that's perfect, everything gets installed to the right place
> without an intervention by the person doing the porting.
>
> Of course, if the upstream Makefile would use some other PREFIX,
> that would not be a huge obstacle. All we have to do in that case
> is pass the option --prefix=/usr/local to the ./configure script,
> or something equivalent if the software isn't using GNU configure.
>
>> We were concerned that we might get collisions
>> with the BSD port also installing in /usr/local, but that's the least
>> evil (and considering BSD users don't typically run `make install`, it's
>> not so bad).
>
> It's not bad at all. It's perfect.
>
> Of course, if a user wants to install *without* the ports framework,
> they have to provide their own --prefix. But that's not an issue
> because it is easy to do, and installing without a port is discouraged
> anyway.

===

Directory variables should never contain a trailing slash (I've
learned that the hard way, where some things would break
unexpectedly). Especially, make(1) is likely to have problems
when things have double slashes or a trailing slash, since it
treats filenames as text strings. I've removed the trailing slash
from the prefix, and added it to the derivate variables just after
the prefix. pkg-config(1) also expects directory variables to have
no trailing slash.

===

I also removed the code that would set variables as depending on
the prefix if they didn't start with a slash, because that is a
rather non-obvious behavior, and things should not always depend
on prefix, but other dirs such as $(runstatedir), so if we keep
a similar behavior it would be very unreliable. Better keep
variables intact if set, or use the default if unset.

===

Print the real defaults for ./configure --help, rather than the actual
values.

===

I used a subdirectory under the standard /var/lib for NXT_STATE,
instead of a homemade "state" dir that does the same thing.

===

Modified the Makefile to create some dirs that weren't being
created, and also remove those that weren't being removed in
uninstall, probably because someone forgot to add them.

===

Add new options for setting the new variables, and rename some to be
consistent with the standard names. Keep the old ones at configuration
time for compatibility, but mark them as deprecated. Don't keep the old
ones at exec time.

===

A summary of the default config is:

Unit configuration summary:

bin directory: ............. "/usr/local/bin"
sbin directory: ............ "/usr/local/sbin"
lib directory: ............. "/usr/local/lib"
include directory: ......... "/usr/local/include"
man pages directory: ....... "/usr/local/share/man"
modules directory: ......... "/usr/local/lib/unit/modules"
state directory: ........... "/usr/local/var/lib/unit"
tmp directory: ............. "/tmp"

pid file: .................. "/usr/local/var/run/unit/unit.pid"
log file: .................. "/usr/local/var/log/unit/unit.log"

control API socket: ........ "unix:/usr/local/var/run/unit/control.unit.sock"

Link: <https://www.gnu.org/prep/standards/html_node/Directory-Variables.html>
Link: <https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html>
Reviewed-by: Artem Konev <a.konev@f5.com>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Tested-by: Andrew Clayton <a.clayton@nginx.com>
Reviewed-by: Konstantin Pavlov <thresh@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
diff 2296:150700770bec Fri Dec 16 20:39:00 UTC 2022 Alejandro Colomar <alx@nginx.com> Tools: setup-unit: workarounded macOS tmp file permissions.

mktemp(1) in macOS uses a weird directory where only the running user
has permissions. If we use that for the welcome website, unitd(8) won't
be able to read the page. Use a directory at $HOME before trying a tmpdir.

Reported-by: Liam Crilly <lcrilly@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
diff 2295:d8fdf32b1106 Fri Dec 16 19:47:00 UTC 2022 Alejandro Colomar <alx@nginx.com> Tools: setup-unit: removed root checks.

Reported-by: Liam Crilly <lcrilly@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
diff 2291:4d5eef4916a1 Fri Dec 16 14:14:00 UTC 2022 Alejandro Colomar <alx@nginx.com> Tools: Fixed bug in help message.

'sudo' was misplaced.

Signed-off-by: Alejandro Colomar <alx@nginx.com>
/unit/auto/
H A Dsummarydiff 2520:a6dff8092e84 Tue Aug 01 17:16:00 UTC 2023 Konstantin Pavlov <thresh@nginx.com> Added unit pkg-config file.
diff 2314:bc5a90e2e6e8 Thu Jul 14 11:25:00 UTC 2022 Alejandro Colomar <alx.manpages@gmail.com> Added default values for pathnames.

This allows one to simply run `./configure` and expect it to
produce sane defaults for an install.

Previously, without specifying `--prefix=...`, `make install`
would simply fail, recommending to set `--prefix` or `DESTDIR`,
but that recommendation was incomplete at best, since it didn't
set many of the subdirs needed for a good organization.

Setting `DESTDIR` was even worse, since that shouldn't even affect
an installation (it is required to be transparent to the
installation).

/usr/local is the historic Unix standard path to use for
installations from source made manually by the admin of the
system. Some package managers (Homebrew, I'm looking specifically
at you) have abused that path to install their things, but 1) it's
not our fault that someone else incorrectly abuses that path (and
they seem to be fixing it for newer archs; e.g., they started
using /opt/homebrew for Apple Silicon), 2) there's no better path
than /usr/local, 3) we still allow changing it for systems where
this might not be the desired path (MacOS Intel with hombrew), and
4) it's _the standard_.

See a related conversation with Ingo (OpenBSD maintainer):

On 7/27/22 16:16, Ingo Schwarze wrote:
> Hi Alejandro,
[...]
>
> Alejandro Colomar wrote on Sun, Jul 24, 2022 at 07:07:18PM +0200:
>> On 7/24/22 16:57, Ingo Schwarze wrote:
>>> Alejandro Colomar wrote on Sun, Jul 24, 2022 at 01:20:46PM +0200:
>
>>>> /usr/local is for sysadmins to build from source;
>
>>> Doing that is *very* strongly discouraged on OpenBSD.
>
>> I guess that's why the directory was reused in the BSDs to install ports
>> (probably ports were installed by the sysadmin there, and by extension,
>> ports are now always installed there, but that's just a guess).
>
> Maybe. In any case, the practice of using /usr/local for packages
> created from ports is significantly older than the recommendation
> to refrain from using upstream "make install" outside the ports
> framework.
>
> * The FreeBSD ports framework was started by Jordan Hubbard in 1993.
> * The ports framework was ported from FreeBSD to OpenBSD
> by Niklas Hallqvist in 1996.
> * NetBSD pkgsrc was forked from FreeBSD ports by Alistair G. Crooks
> and Hubert Feyrer in 1997.
>
> I failed to quickly find Jordan's original version, but rev. 1.1
> of /usr/ports/infrastructure/mk/bsd.port.mk in OpenBSD (dated Jun 3
> 22:47:10 1996 UTC) already said
>
> LOCALBASE ?= /usr/local
> PREFIX ?= ${LOCALBASE}
>
[...]
>> I had a discussion in NGINX Unit about it, and
>> the decission for now has been: "support prefix=/usr/local for default
>> manual installation through the Makefile, and let BSD users adjust to
>> their preferred path".
>
> That's an *excellent* solution for the task, thanks for doing it
> the right way. By setting PREFIX=/usr/local by default in the
> upstream Makefile, you are minimizing the work for *BSD porters.
>
> The BSD ports frameworks will typically run the upstreak "make install"
> with the variable DESTDIR set to a custom value, for example
>
> DESTDIR=/usr/ports/pobj/groff-1.23.0/fake-amd64
>
> so if the upstream Makefile sets PREFIX=/usr/local ,
> that's perfect, everything gets installed to the right place
> without an intervention by the person doing the porting.
>
> Of course, if the upstream Makefile would use some other PREFIX,
> that would not be a huge obstacle. All we have to do in that case
> is pass the option --prefix=/usr/local to the ./configure script,
> or something equivalent if the software isn't using GNU configure.
>
>> We were concerned that we might get collisions
>> with the BSD port also installing in /usr/local, but that's the least
>> evil (and considering BSD users don't typically run `make install`, it's
>> not so bad).
>
> It's not bad at all. It's perfect.
>
> Of course, if a user wants to install *without* the ports framework,
> they have to provide their own --prefix. But that's not an issue
> because it is easy to do, and installing without a port is discouraged
> anyway.

===

Directory variables should never contain a trailing slash (I've
learned that the hard way, where some things would break
unexpectedly). Especially, make(1) is likely to have problems
when things have double slashes or a trailing slash, since it
treats filenames as text strings. I've removed the trailing slash
from the prefix, and added it to the derivate variables just after
the prefix. pkg-config(1) also expects directory variables to have
no trailing slash.

===

I also removed the code that would set variables as depending on
the prefix if they didn't start with a slash, because that is a
rather non-obvious behavior, and things should not always depend
on prefix, but other dirs such as $(runstatedir), so if we keep
a similar behavior it would be very unreliable. Better keep
variables intact if set, or use the default if unset.

===

Print the real defaults for ./configure --help, rather than the actual
values.

===

I used a subdirectory under the standard /var/lib for NXT_STATE,
instead of a homemade "state" dir that does the same thing.

===

Modified the Makefile to create some dirs that weren't being
created, and also remove those that weren't being removed in
uninstall, probably because someone forgot to add them.

===

Add new options for setting the new variables, and rename some to be
consistent with the standard names. Keep the old ones at configuration
time for compatibility, but mark them as deprecated. Don't keep the old
ones at exec time.

===

A summary of the default config is:

Unit configuration summary:

bin directory: ............. "/usr/local/bin"
sbin directory: ............ "/usr/local/sbin"
lib directory: ............. "/usr/local/lib"
include directory: ......... "/usr/local/include"
man pages directory: ....... "/usr/local/share/man"
modules directory: ......... "/usr/local/lib/unit/modules"
state directory: ........... "/usr/local/var/lib/unit"
tmp directory: ............. "/tmp"

pid file: .................. "/usr/local/var/run/unit/unit.pid"
log file: .................. "/usr/local/var/log/unit/unit.log"

control API socket: ........ "unix:/usr/local/var/run/unit/control.unit.sock"

Link: <https://www.gnu.org/prep/standards/html_node/Directory-Variables.html>
Link: <https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html>
Reviewed-by: Artem Konev <a.konev@f5.com>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Tested-by: Andrew Clayton <a.clayton@nginx.com>
Reviewed-by: Konstantin Pavlov <thresh@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
diff 2314:bc5a90e2e6e8 Thu Jul 14 11:25:00 UTC 2022 Alejandro Colomar <alx.manpages@gmail.com> Added default values for pathnames.

This allows one to simply run `./configure` and expect it to
produce sane defaults for an install.

Previously, without specifying `--prefix=...`, `make install`
would simply fail, recommending to set `--prefix` or `DESTDIR`,
but that recommendation was incomplete at best, since it didn't
set many of the subdirs needed for a good organization.

Setting `DESTDIR` was even worse, since that shouldn't even affect
an installation (it is required to be transparent to the
installation).

/usr/local is the historic Unix standard path to use for
installations from source made manually by the admin of the
system. Some package managers (Homebrew, I'm looking specifically
at you) have abused that path to install their things, but 1) it's
not our fault that someone else incorrectly abuses that path (and
they seem to be fixing it for newer archs; e.g., they started
using /opt/homebrew for Apple Silicon), 2) there's no better path
than /usr/local, 3) we still allow changing it for systems where
this might not be the desired path (MacOS Intel with hombrew), and
4) it's _the standard_.

See a related conversation with Ingo (OpenBSD maintainer):

On 7/27/22 16:16, Ingo Schwarze wrote:
> Hi Alejandro,
[...]
>
> Alejandro Colomar wrote on Sun, Jul 24, 2022 at 07:07:18PM +0200:
>> On 7/24/22 16:57, Ingo Schwarze wrote:
>>> Alejandro Colomar wrote on Sun, Jul 24, 2022 at 01:20:46PM +0200:
>
>>>> /usr/local is for sysadmins to build from source;
>
>>> Doing that is *very* strongly discouraged on OpenBSD.
>
>> I guess that's why the directory was reused in the BSDs to install ports
>> (probably ports were installed by the sysadmin there, and by extension,
>> ports are now always installed there, but that's just a guess).
>
> Maybe. In any case, the practice of using /usr/local for packages
> created from ports is significantly older than the recommendation
> to refrain from using upstream "make install" outside the ports
> framework.
>
> * The FreeBSD ports framework was started by Jordan Hubbard in 1993.
> * The ports framework was ported from FreeBSD to OpenBSD
> by Niklas Hallqvist in 1996.
> * NetBSD pkgsrc was forked from FreeBSD ports by Alistair G. Crooks
> and Hubert Feyrer in 1997.
>
> I failed to quickly find Jordan's original version, but rev. 1.1
> of /usr/ports/infrastructure/mk/bsd.port.mk in OpenBSD (dated Jun 3
> 22:47:10 1996 UTC) already said
>
> LOCALBASE ?= /usr/local
> PREFIX ?= ${LOCALBASE}
>
[...]
>> I had a discussion in NGINX Unit about it, and
>> the decission for now has been: "support prefix=/usr/local for default
>> manual installation through the Makefile, and let BSD users adjust to
>> their preferred path".
>
> That's an *excellent* solution for the task, thanks for doing it
> the right way. By setting PREFIX=/usr/local by default in the
> upstream Makefile, you are minimizing the work for *BSD porters.
>
> The BSD ports frameworks will typically run the upstreak "make install"
> with the variable DESTDIR set to a custom value, for example
>
> DESTDIR=/usr/ports/pobj/groff-1.23.0/fake-amd64
>
> so if the upstream Makefile sets PREFIX=/usr/local ,
> that's perfect, everything gets installed to the right place
> without an intervention by the person doing the porting.
>
> Of course, if the upstream Makefile would use some other PREFIX,
> that would not be a huge obstacle. All we have to do in that case
> is pass the option --prefix=/usr/local to the ./configure script,
> or something equivalent if the software isn't using GNU configure.
>
>> We were concerned that we might get collisions
>> with the BSD port also installing in /usr/local, but that's the least
>> evil (and considering BSD users don't typically run `make install`, it's
>> not so bad).
>
> It's not bad at all. It's perfect.
>
> Of course, if a user wants to install *without* the ports framework,
> they have to provide their own --prefix. But that's not an issue
> because it is easy to do, and installing without a port is discouraged
> anyway.

===

Directory variables should never contain a trailing slash (I've
learned that the hard way, where some things would break
unexpectedly). Especially, make(1) is likely to have problems
when things have double slashes or a trailing slash, since it
treats filenames as text strings. I've removed the trailing slash
from the prefix, and added it to the derivate variables just after
the prefix. pkg-config(1) also expects directory variables to have
no trailing slash.

===

I also removed the code that would set variables as depending on
the prefix if they didn't start with a slash, because that is a
rather non-obvious behavior, and things should not always depend
on prefix, but other dirs such as $(runstatedir), so if we keep
a similar behavior it would be very unreliable. Better keep
variables intact if set, or use the default if unset.

===

Print the real defaults for ./configure --help, rather than the actual
values.

===

I used a subdirectory under the standard /var/lib for NXT_STATE,
instead of a homemade "state" dir that does the same thing.

===

Modified the Makefile to create some dirs that weren't being
created, and also remove those that weren't being removed in
uninstall, probably because someone forgot to add them.

===

Add new options for setting the new variables, and rename some to be
consistent with the standard names. Keep the old ones at configuration
time for compatibility, but mark them as deprecated. Don't keep the old
ones at exec time.

===

A summary of the default config is:

Unit configuration summary:

bin directory: ............. "/usr/local/bin"
sbin directory: ............ "/usr/local/sbin"
lib directory: ............. "/usr/local/lib"
include directory: ......... "/usr/local/include"
man pages directory: ....... "/usr/local/share/man"
modules directory: ......... "/usr/local/lib/unit/modules"
state directory: ........... "/usr/local/var/lib/unit"
tmp directory: ............. "/tmp"

pid file: .................. "/usr/local/var/run/unit/unit.pid"
log file: .................. "/usr/local/var/log/unit/unit.log"

control API socket: ........ "unix:/usr/local/var/run/unit/control.unit.sock"

Link: <https://www.gnu.org/prep/standards/html_node/Directory-Variables.html>
Link: <https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html>
Reviewed-by: Artem Konev <a.konev@f5.com>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Tested-by: Andrew Clayton <a.clayton@nginx.com>
Reviewed-by: Konstantin Pavlov <thresh@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
diff 2314:bc5a90e2e6e8 Thu Jul 14 11:25:00 UTC 2022 Alejandro Colomar <alx.manpages@gmail.com> Added default values for pathnames.

This allows one to simply run `./configure` and expect it to
produce sane defaults for an install.

Previously, without specifying `--prefix=...`, `make install`
would simply fail, recommending to set `--prefix` or `DESTDIR`,
but that recommendation was incomplete at best, since it didn't
set many of the subdirs needed for a good organization.

Setting `DESTDIR` was even worse, since that shouldn't even affect
an installation (it is required to be transparent to the
installation).

/usr/local is the historic Unix standard path to use for
installations from source made manually by the admin of the
system. Some package managers (Homebrew, I'm looking specifically
at you) have abused that path to install their things, but 1) it's
not our fault that someone else incorrectly abuses that path (and
they seem to be fixing it for newer archs; e.g., they started
using /opt/homebrew for Apple Silicon), 2) there's no better path
than /usr/local, 3) we still allow changing it for systems where
this might not be the desired path (MacOS Intel with hombrew), and
4) it's _the standard_.

See a related conversation with Ingo (OpenBSD maintainer):

On 7/27/22 16:16, Ingo Schwarze wrote:
> Hi Alejandro,
[...]
>
> Alejandro Colomar wrote on Sun, Jul 24, 2022 at 07:07:18PM +0200:
>> On 7/24/22 16:57, Ingo Schwarze wrote:
>>> Alejandro Colomar wrote on Sun, Jul 24, 2022 at 01:20:46PM +0200:
>
>>>> /usr/local is for sysadmins to build from source;
>
>>> Doing that is *very* strongly discouraged on OpenBSD.
>
>> I guess that's why the directory was reused in the BSDs to install ports
>> (probably ports were installed by the sysadmin there, and by extension,
>> ports are now always installed there, but that's just a guess).
>
> Maybe. In any case, the practice of using /usr/local for packages
> created from ports is significantly older than the recommendation
> to refrain from using upstream "make install" outside the ports
> framework.
>
> * The FreeBSD ports framework was started by Jordan Hubbard in 1993.
> * The ports framework was ported from FreeBSD to OpenBSD
> by Niklas Hallqvist in 1996.
> * NetBSD pkgsrc was forked from FreeBSD ports by Alistair G. Crooks
> and Hubert Feyrer in 1997.
>
> I failed to quickly find Jordan's original version, but rev. 1.1
> of /usr/ports/infrastructure/mk/bsd.port.mk in OpenBSD (dated Jun 3
> 22:47:10 1996 UTC) already said
>
> LOCALBASE ?= /usr/local
> PREFIX ?= ${LOCALBASE}
>
[...]
>> I had a discussion in NGINX Unit about it, and
>> the decission for now has been: "support prefix=/usr/local for default
>> manual installation through the Makefile, and let BSD users adjust to
>> their preferred path".
>
> That's an *excellent* solution for the task, thanks for doing it
> the right way. By setting PREFIX=/usr/local by default in the
> upstream Makefile, you are minimizing the work for *BSD porters.
>
> The BSD ports frameworks will typically run the upstreak "make install"
> with the variable DESTDIR set to a custom value, for example
>
> DESTDIR=/usr/ports/pobj/groff-1.23.0/fake-amd64
>
> so if the upstream Makefile sets PREFIX=/usr/local ,
> that's perfect, everything gets installed to the right place
> without an intervention by the person doing the porting.
>
> Of course, if the upstream Makefile would use some other PREFIX,
> that would not be a huge obstacle. All we have to do in that case
> is pass the option --prefix=/usr/local to the ./configure script,
> or something equivalent if the software isn't using GNU configure.
>
>> We were concerned that we might get collisions
>> with the BSD port also installing in /usr/local, but that's the least
>> evil (and considering BSD users don't typically run `make install`, it's
>> not so bad).
>
> It's not bad at all. It's perfect.
>
> Of course, if a user wants to install *without* the ports framework,
> they have to provide their own --prefix. But that's not an issue
> because it is easy to do, and installing without a port is discouraged
> anyway.

===

Directory variables should never contain a trailing slash (I've
learned that the hard way, where some things would break
unexpectedly). Especially, make(1) is likely to have problems
when things have double slashes or a trailing slash, since it
treats filenames as text strings. I've removed the trailing slash
from the prefix, and added it to the derivate variables just after
the prefix. pkg-config(1) also expects directory variables to have
no trailing slash.

===

I also removed the code that would set variables as depending on
the prefix if they didn't start with a slash, because that is a
rather non-obvious behavior, and things should not always depend
on prefix, but other dirs such as $(runstatedir), so if we keep
a similar behavior it would be very unreliable. Better keep
variables intact if set, or use the default if unset.

===

Print the real defaults for ./configure --help, rather than the actual
values.

===

I used a subdirectory under the standard /var/lib for NXT_STATE,
instead of a homemade "state" dir that does the same thing.

===

Modified the Makefile to create some dirs that weren't being
created, and also remove those that weren't being removed in
uninstall, probably because someone forgot to add them.

===

Add new options for setting the new variables, and rename some to be
consistent with the standard names. Keep the old ones at configuration
time for compatibility, but mark them as deprecated. Don't keep the old
ones at exec time.

===

A summary of the default config is:

Unit configuration summary:

bin directory: ............. "/usr/local/bin"
sbin directory: ............ "/usr/local/sbin"
lib directory: ............. "/usr/local/lib"
include directory: ......... "/usr/local/include"
man pages directory: ....... "/usr/local/share/man"
modules directory: ......... "/usr/local/lib/unit/modules"
state directory: ........... "/usr/local/var/lib/unit"
tmp directory: ............. "/tmp"

pid file: .................. "/usr/local/var/run/unit/unit.pid"
log file: .................. "/usr/local/var/log/unit/unit.log"

control API socket: ........ "unix:/usr/local/var/run/unit/control.unit.sock"

Link: <https://www.gnu.org/prep/standards/html_node/Directory-Variables.html>
Link: <https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html>
Reviewed-by: Artem Konev <a.konev@f5.com>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Tested-by: Andrew Clayton <a.clayton@nginx.com>
Reviewed-by: Konstantin Pavlov <thresh@nginx.com>
Signed-off-by: Alejandro Colomar <alx@nginx.com>
diff 2247:baa6b9879267 Sun Nov 20 15:16:00 UTC 2022 Zhidao HONG <z.hong@f5.com> Basic njs support.
diff 2221:667ee7489a00 Wed Oct 19 16:02:00 UTC 2022 Zhidao HONG <z.hong@f5.com> Configuration: added the regex status in configure summary.

12345678910>>...16