From fdcb6e6873aaea6065b436450d59316d8450673b Mon Sep 17 00:00:00 2001 From: Ansuel Smith Date: Wed, 9 Oct 2019 20:11:51 +0200 Subject: [PATCH 1/3] uwsgi-cgi: add patch to fix #10134 - add uwsgi patch to add option to don't follow simbolic link but call it directly (waiting to be approved) Signed-off-by: Ansuel Smith --- net/uwsgi-cgi/Makefile | 2 +- ...-plugins-cgi_adds_dontresolve_option.patch | 65 +++++++++++++++++++ 2 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 net/uwsgi-cgi/patches/030-plugins-cgi_adds_dontresolve_option.patch diff --git a/net/uwsgi-cgi/Makefile b/net/uwsgi-cgi/Makefile index 933ce885e..72f2ef720 100644 --- a/net/uwsgi-cgi/Makefile +++ b/net/uwsgi-cgi/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=uwsgi-cgi PKG_VERSION:=2.0.18 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE_URL= \ https://projects.unbit.it/downloads \ diff --git a/net/uwsgi-cgi/patches/030-plugins-cgi_adds_dontresolve_option.patch b/net/uwsgi-cgi/patches/030-plugins-cgi_adds_dontresolve_option.patch new file mode 100644 index 000000000..7acdfc71c --- /dev/null +++ b/net/uwsgi-cgi/patches/030-plugins-cgi_adds_dontresolve_option.patch @@ -0,0 +1,65 @@ +From f259999d824b921a8a443e73d8c2b9e2d2170413 Mon Sep 17 00:00:00 2001 +From: Ansuel Smith +Date: Tue, 8 Oct 2019 02:10:43 +0200 +Subject: [PATCH] plugins/cgi: adds dontresolve option + +This option permit to call the simbolic link instead of the file the simbolic link points. +All the security check are still done as the simbolic path is passed at the end after all the checks are passed. This is useful if some cgi app are used for multiple function based on the name they are called by. + +Signed-off-by: Ansuel Smith +--- + plugins/cgi/cgi_plugin.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/plugins/cgi/cgi_plugin.c b/plugins/cgi/cgi_plugin.c +index d032db17c..30e1cc528 100644 +--- a/plugins/cgi/cgi_plugin.c ++++ b/plugins/cgi/cgi_plugin.c +@@ -15,6 +15,7 @@ struct uwsgi_cgi { + struct uwsgi_string_list *loadlib; + struct uwsgi_string_list *cgi_safe; + int optimize; ++ int dontresolve; + int from_docroot; + int has_mountpoints; + struct uwsgi_dyn_dict *default_cgi; +@@ -75,6 +76,8 @@ struct uwsgi_option uwsgi_cgi_options[] = { + + {"cgi-safe", required_argument, 0, "skip security checks if the cgi file is under the specified path", uwsgi_opt_add_string_list, &uc.cgi_safe, 0}, + ++ {"cgi-dontresolve", no_argument, 0 , "call symbolic link directly instead of the real path", uwsgi_opt_true,&uc.dontresolve, 0}, ++ + {0, 0, 0, 0, 0, 0, 0}, + + }; +@@ -475,6 +478,7 @@ static int uwsgi_cgi_request(struct wsgi_request *wsgi_req) { + + char full_path[PATH_MAX]; + char tmp_path[PATH_MAX]; ++ char symbolic_path[PATH_MAX]; + struct stat cgi_stat; + int need_free = 0; + int is_a_file = 0; +@@ -533,6 +537,10 @@ static int uwsgi_cgi_request(struct wsgi_request *wsgi_req) { + uwsgi_404(wsgi_req); + return UWSGI_OK; + } ++ if (uc.dontresolve) { ++ full_path_len = strlen(full_path); ++ memcpy(symbolic_path, full_path, full_path_len+1); ++ } + + full_path_len = strlen(tmp_path); + // add +1 to copy the null byte +@@ -639,6 +647,11 @@ static int uwsgi_cgi_request(struct wsgi_request *wsgi_req) { + } + } + ++ if (uc.dontresolve) { ++ full_path_len = strlen(symbolic_path); ++ memcpy(full_path, symbolic_path, full_path_len+1); ++ } ++ + int ret = uwsgi_cgi_run(wsgi_req, docroot, docroot_len, full_path, helper, path_info, script_name, is_a_file, discard_base); + if (need_free) free(docroot); + return ret; From e8a391e9c71e0f666b62dfc525d063b347aaa335 Mon Sep 17 00:00:00 2001 From: Ansuel Smith Date: Fri, 11 Oct 2019 00:30:45 +0200 Subject: [PATCH 2/3] uwsgi-cgi: introduce emperor mode as default uwsgi installation - Use uwsgi in emperor mode by default Signed-off-by: Ansuel Smith --- net/uwsgi-cgi/Makefile | 12 ++++++--- net/uwsgi-cgi/files-luci-support/uwsgi.conf | 27 ------------------- net/uwsgi-cgi/files/emperor.ini | 10 +++++++ .../{files-luci-support => files}/uwsgi.init | 6 ++--- 4 files changed, 22 insertions(+), 33 deletions(-) delete mode 100644 net/uwsgi-cgi/files-luci-support/uwsgi.conf create mode 100644 net/uwsgi-cgi/files/emperor.ini rename net/uwsgi-cgi/{files-luci-support => files}/uwsgi.init (53%) diff --git a/net/uwsgi-cgi/Makefile b/net/uwsgi-cgi/Makefile index 72f2ef720..e307184d6 100644 --- a/net/uwsgi-cgi/Makefile +++ b/net/uwsgi-cgi/Makefile @@ -51,12 +51,18 @@ endef define Package/uwsgi-cgi/install $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_BUILD_DIR)/uwsgi $(1)/usr/sbin/ + + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/uwsgi.init $(1)/etc/init.d/uwsgi + + $(INSTALL_DIR) $(1)/etc/uwsgi + $(INSTALL_DATA) ./files/emperor.ini $(1)/etc/uwsgi/emperor.ini + + $(INSTALL_DIR) $(1)/etc/uwsgi/vassals endef define Package/uwsgi-cgi-luci-support/install - $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) ./files-luci-support/uwsgi.init $(1)/etc/init.d/uwsgi - $(INSTALL_BIN) ./files-luci-support/uwsgi.conf $(1)/etc/uwsgi.conf + endef $(eval $(call BuildPackage,uwsgi-cgi)) diff --git a/net/uwsgi-cgi/files-luci-support/uwsgi.conf b/net/uwsgi-cgi/files-luci-support/uwsgi.conf deleted file mode 100644 index cf48a42bb..000000000 --- a/net/uwsgi-cgi/files-luci-support/uwsgi.conf +++ /dev/null @@ -1,27 +0,0 @@ -[uwsgi] -strict = true -socket = /var/run/uwsgi.sock -cgi-mode = true -cgi = /www/ -chdir = /usr/lib/lua/luci/ -master = true -buffer-size = 10000 -reload-mercy = 8 -max-requests = 2000 -limit-as = 200 -reload-on-as = 256 -reload-on-rss = 192 -no-orphans = true -vacuum = true -enable-threads = true -post-buffering = 8192 -socket-timeout = 120 -thunder-lock = true -logger = syslog:uwsgi -disable-logging = true -log-format = %(addr) %(method) %(uri) => generated %(rsize) bytes in %(msecs) msecs -pidfile = /var/run/uwsgi.pid -die-on-term = true -threads = 3 -processes = 3 -chmod-socket = 666 diff --git a/net/uwsgi-cgi/files/emperor.ini b/net/uwsgi-cgi/files/emperor.ini new file mode 100644 index 000000000..5baa11bf2 --- /dev/null +++ b/net/uwsgi-cgi/files/emperor.ini @@ -0,0 +1,10 @@ +[uwsgi] +strict = true +pidfile = /var/run/uwsgi.pid +emperor = /etc/uwsgi/vassals/*.ini +logger = syslog:uwsgi-emperor +vacuum = true +emperor-on-demand-directory = /var/run/ +emperor-required-heartbeat = 99 +vassal-set = die-on-idle=true +#disable-logging = true \ No newline at end of file diff --git a/net/uwsgi-cgi/files-luci-support/uwsgi.init b/net/uwsgi-cgi/files/uwsgi.init similarity index 53% rename from net/uwsgi-cgi/files-luci-support/uwsgi.init rename to net/uwsgi-cgi/files/uwsgi.init index af2a307e9..98f2c839c 100644 --- a/net/uwsgi-cgi/files-luci-support/uwsgi.init +++ b/net/uwsgi-cgi/files/uwsgi.init @@ -5,9 +5,9 @@ USE_PROCD=1 start_service() { procd_open_instance - procd_set_param command /usr/sbin/uwsgi --ini /etc/uwsgi.conf - procd_set_param file /etc/uwsgi.conf + procd_set_param command /usr/sbin/uwsgi --ini /etc/uwsgi/emperor.ini + procd_set_param file /etc/uwsgi/emperor.ini procd_set_param respawn procd_close_instance - } +} From 6cc1ae7fd52452dba234d624907aafe27e4686e0 Mon Sep 17 00:00:00 2001 From: Ansuel Smith Date: Fri, 11 Oct 2019 00:31:36 +0200 Subject: [PATCH 3/3] uwsgi-cgi: adds luci webui and cgi-io vassals config Signed-off-by: Ansuel Smith --- net/uwsgi-cgi/Makefile | 4 ++- .../files-luci-support/luci-cgi_io.ini | 23 ++++++++++++++ .../files-luci-support/luci-webui.ini | 31 +++++++++++++++++++ 3 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 net/uwsgi-cgi/files-luci-support/luci-cgi_io.ini create mode 100644 net/uwsgi-cgi/files-luci-support/luci-webui.ini diff --git a/net/uwsgi-cgi/Makefile b/net/uwsgi-cgi/Makefile index e307184d6..a1c039ec8 100644 --- a/net/uwsgi-cgi/Makefile +++ b/net/uwsgi-cgi/Makefile @@ -62,7 +62,9 @@ define Package/uwsgi-cgi/install endef define Package/uwsgi-cgi-luci-support/install - + $(INSTALL_DIR) $(1)/etc/uwsgi/vassals + $(INSTALL_DATA) ./files-luci-support/luci-webui.ini $(1)/etc/uwsgi/vassals/luci-webui.ini + $(INSTALL_DATA) ./files-luci-support/luci-cgi_io.ini $(1)/etc/uwsgi/vassals/luci-cgi_io.ini endef $(eval $(call BuildPackage,uwsgi-cgi)) diff --git a/net/uwsgi-cgi/files-luci-support/luci-cgi_io.ini b/net/uwsgi-cgi/files-luci-support/luci-cgi_io.ini new file mode 100644 index 000000000..f6c56370f --- /dev/null +++ b/net/uwsgi-cgi/files-luci-support/luci-cgi_io.ini @@ -0,0 +1,23 @@ +[uwsgi] +strict = true +socket = /var/run/luci-cgi_io.socket +cgi-mode = true +cgi = /www/ +buffer-size = 10000 +reload-mercy = 8 +max-requests = 2000 +limit-as = 200 +reload-on-as = 256 +reload-on-rss = 192 +no-orphans = true +post-buffering = 8192 +socket-timeout = 120 +thunder-lock = true +#logger = syslog:uwsgi-luci-cgi_io +disable-logging = true +chmod-socket = 666 +cgi-safe = /usr/libexec/cgi-io +cgi-dontresolve = true +cgi-close-stdin-on-eof = true +cheap = true +idle = 360 \ No newline at end of file diff --git a/net/uwsgi-cgi/files-luci-support/luci-webui.ini b/net/uwsgi-cgi/files-luci-support/luci-webui.ini new file mode 100644 index 000000000..48d621931 --- /dev/null +++ b/net/uwsgi-cgi/files-luci-support/luci-webui.ini @@ -0,0 +1,31 @@ +[uwsgi] +strict = true +socket = /var/run/luci-webui.socket +cgi-mode = true +cgi = /www/ +chdir = /usr/lib/lua/luci/ +buffer-size = 10000 +reload-mercy = 8 +max-requests = 2000 +limit-as = 200 +reload-on-as = 256 +reload-on-rss = 192 +no-orphans = true +vacuum = true +enable-threads = true +post-buffering = 8192 +socket-timeout = 120 +thunder-lock = true +#logger = syslog:uwsgi-luci +disable-logging = true +log-format = %(addr) %(method) %(uri) => generated %(rsize) bytes in %(msecs) msecs +threads = 3 +processes = 3 +chmod-socket = 666 +cheap = true +cheaper-algo = spare +cheaper = 1 +cheaper-initial = 2 +cheaper-step = 1 +master = true +idle = 360 \ No newline at end of file