profile
viewpoint
Jonathan Rudenberg titanous @flynn https://titanous.com Co-founder @flynn

getsentry/raven-go 552

Sentry client in Go

Shopify/chef-ebs 30

Scalarium's EBS cookbook with added magic

seagreen/station 16

The File Strikes Back

titanous/a3 10

Asterisk-Adhearsion API; A Sinatra app that brings REST to Asterisk [shelved]

titanous/bitcoin-crypto 6

A library for ECDSA using Koblitz curves, such as secp256k1

PeculiarVentures/webcrypto-local 5

webcrypto-local is a cross platform service that provides access to PKCS#11 implementations over a protocol we call webcrypto-socket.

titanous/brisk 4

Pimped Fork of DataStax Brisk Distribution

joshk/travis-logs-in-go 3

A little experiment, nothing more

titanous/beam 3

A protocol and library for service-oriented communication, with an emphasis on real-world patterns, simplicity and not reinventing the wheel.

flynn/go-p9p 2

A modern, performant 9P library for Go.

issue commentzfsonlinux/zfs

send: kernel NULL pointer dereference

This is still happening on 5.4.12.

titanous

comment created time in 11 days

Pull request review commentflynn/flynn

gRPC controller

 package data  import ( 	"fmt"+	"strconv" 	"strings"+	"time" -	controller "github.com/flynn/flynn/controller/client" 	ct "github.com/flynn/flynn/controller/types" 	"github.com/flynn/flynn/pkg/postgres" 	"github.com/flynn/flynn/pkg/shutdown"+	"github.com/flynn/flynn/pkg/typeconv" 	"github.com/inconshreveable/log15" ) -var ErrNotFound = controller.ErrNotFound+var ErrNotFound = ct.ErrNotFound var logger = log15.New("component", "controller/data") +const DEFAULT_PAGE_SIZE = 1000++type PageToken struct {+	CursorID *string+	Size     int+}++// ParsePageToken decodes a PageToken from a string of the format+// '<cursorID>|<size>'+func ParsePageToken(tokenStr string) (*PageToken, error) {+	token := &PageToken{}+	if tokenStr == "" {+		token.Size = DEFAULT_PAGE_SIZE+		return token, nil+	}+	parts := strings.SplitN(tokenStr, "|", 2)+	if len(parts) != 2 {+		return nil, fmt.Errorf("error parsing pageToken %q: expected two pipe separated parts, got %d", tokenStr, len(parts))+	}+	if parts[0] != "" {+		token.CursorID = &parts[0]+	}+	if parts[1] != "" && parts[1] != "0" {+		token.Size, _ = strconv.Atoi(parts[1])+	}+	if token.Size == 0 {+		token.Size = DEFAULT_PAGE_SIZE+	}+	return token, nil+}++func (t *PageToken) String() string {+	if t == nil {+		return ""+	}+	var cursorID string+	if t.CursorID != nil {+		cursorID = *t.CursorID+	}+	return fmt.Sprintf("%s|%d", cursorID, t.Size)+}++const cursorIDTimeFormat = "2006-01-02T15:04:05.999999Z07:00"

Is there a reason why this isn't just microseconds since the unix epoch?

jvatic

comment created time in 13 days

fork titanous/biscuit

delegated, decentralized, capabilities based authorization token

fork in a month

startedbenalexau/envoy-exporter

started time in a month

startedvegasbrianc/prometheus

started time in a month

push eventflynn/biscuit-go

Jonathan Rudenberg

commit sha b42cb21e3d22e1cb2e2fc01254676562435f9e4c

Remove excessive zeros Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

push time in a month

push eventflynn/biscuit-go

Jonathan Rudenberg

commit sha 5e9073f359e25ff7f10dc92780d23a626150b88a

Optimize verify Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

push time in a month

push eventflynn/biscuit-go

Jonathan Rudenberg

commit sha f90950ea2c01f4c65aefcd7f47f689dfd6f63e01

Cleanup, add benchmarks Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

push time in a month

create barnchflynn/biscuit-go

branch : master

created branch time in a month

created repositoryflynn/biscuit-go

created time in a month

PR opened NixOS/ofborg

known-users: Add myself
+1 -0

0 comment

1 changed file

pr created time in a month

push eventtitanous/ofborg

Jonathan Rudenberg

commit sha 08344920b2581f155adabef4668f34162605855a

known-users: Add myself

view details

push time in a month

fork titanous/ofborg

@grahamcofborg tooling automation https://monitoring.nix.ci/dashboard/db/ofborg

https://nix.ci

fork in a month

issue commentflynn/flynn

Restored production cluster: Applications won't come up

Have you tried a (much) more recent version? Have you tried re-deploying the cluster? It seems like something is wrong with the base images that get downloaded by the installer.

philiplb

comment created time in a month

issue commentzfsonlinux/zfs

send: kernel NULL pointer dereference

Confirmed that this is happening on 5.4.6 as well:

BUG: kernel NULL pointer dereference, address: 0000000000000030
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 80000017567af067 P4D 80000017567af067 PUD 17567bb067 PMD 0 
Oops: 0000 [#1] SMP PTI
CPU: 10 PID: 13311 Comm: zfs Tainted: P        W  OE     5.4.6 #1-NixOS
Hardware name: Supermicro X8DTN/X8DTN, BIOS  
RIP: 0010:dump_write+0x277/0x330 [zfs]
Code: 58 49 8b 44 24 60 48 89 43 38 49 8b 44 24 68 48 89 43 40 49 8b 44 24 70 48 89 43 48 49 8b 44 24 78 48 89 43 50 e9 96 fe ff ff <49> 8b 44 24 30 45 85 ed 74 32 48 85 c0 78 04 80 4b 31 02 48 8d 53
RSP: 0018:ffffb00ef1d2f998 EFLAGS: 00010206
RAX: a7c36d19488bb92c RBX: ffff97fac71c0400 RCX: 0000000000000000
RDX: 0000000000000082 RSI: 0000000000000013 RDI: ffff97fac71c0538
RBP: ffff97e256d66f00 R08: 0000000000020000 R09: 0000000000020000
R10: 0000000000000082 R11: 0000000000000013 R12: 0000000000000000
R13: 0000000001000000 R14: 0000000000020000 R15: 0000000000000000
FS:  00007fac8ebcf7c0(0000) GS:ffff97fadf900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000030 CR3: 0000001789794005 CR4: 00000000000206e0
Call Trace:
 do_dump+0x792/0xa30 [zfs]
 dmu_send_impl+0x57b/0xae0 [zfs]
 dmu_send_obj+0x1fb/0x310 [zfs]
 zfs_ioc_send+0xad/0x2b0 [zfs]
 zfsdev_ioctl+0x6cf/0x8c0 [zfs]
 do_vfs_ioctl+0xa4/0x620
 ksys_ioctl+0x60/0x90
 __x64_sys_ioctl+0x16/0x20
 do_syscall_64+0x4e/0x120
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fac8ecc3b57
Code: 00 00 00 48 8b 05 29 53 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f9 52 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffefab57878 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffefab57cb0 RCX: 00007fac8ecc3b57
RDX: 00007ffefab57cb0 RSI: 0000000000005a1c RDI: 0000000000000003
RBP: 00007ffefab5b290 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000214d650
R13: 0000000000000000 R14: 000000000214d640 R15: 00007ffefab60160
Modules linked in: af_packet cfg80211 rfkill 8021q ext4 crc32c_generic crc16 mbcache jbd2 radeon intel_powerclamp coretemp ttm iTCO_wdt watchdog crct10dif_pclmul gpio_ich drm_kms_helper crc32_pclmul ghash_clmulni_intel drm aesni_intel crypto_simd ipmi_si agpgart cryptd glue_helper fb_sys_fops intel_cstate input_leds ipmi_devintf syscopyarea evdev led_class sysfillrect intel_uncore ipmi_msghandler mac_hid sysimgblt i2c_i801 backlight ata_generic lpc_ich pata_acpi igb ses enclosure ptp pps_core i2c_algo_bit i7core_edac ioatdma i2c_core edac_core i5500_temp dca floppy button acpi_cpufreq tcp_bbr sch_fq atkbd libps2 serio loop tap macvlan bridge stp llc tun kvm_intel kvm nfsd irqbypass auth_rpcgss nfs_acl lockd grace sunrpc ip_tables x_tables ipv6 nf_defrag_ipv6 crc_ccitt autofs4 sd_mod raid1 hid_apple hid_generic usbhid hid md_mod mpt3sas ahci pata_jmicron libahci libata uhci_hcd ehci_pci ehci_hcd raid_class scsi_transport_sas usbcore scsi_mod nvme crc32c_intel nvme_core
 usb_common rtc_cmos dm_mod zfs(POE) zunicode(POE) zavl(POE) icp(POE) zlua(POE) zcommon(POE) znvpair(POE) spl(OE)
CR2: 0000000000000030
---[ end trace 298d86c320cefea8 ]---
RIP: 0010:dump_write+0x277/0x330 [zfs]
Code: 58 49 8b 44 24 60 48 89 43 38 49 8b 44 24 68 48 89 43 40 49 8b 44 24 70 48 89 43 48 49 8b 44 24 78 48 89 43 50 e9 96 fe ff ff <49> 8b 44 24 30 45 85 ed 74 32 48 85 c0 78 04 80 4b 31 02 48 8d 53
RSP: 0018:ffffb00ef1d2f998 EFLAGS: 00010206
RAX: a7c36d19488bb92c RBX: ffff97fac71c0400 RCX: 0000000000000000
RDX: 0000000000000082 RSI: 0000000000000013 RDI: ffff97fac71c0538
RBP: ffff97e256d66f00 R08: 0000000000020000 R09: 0000000000020000
R10: 0000000000000082 R11: 0000000000000013 R12: 0000000000000000
R13: 0000000001000000 R14: 0000000000020000 R15: 0000000000000000
FS:  00007fac8ebcf7c0(0000) GS:ffff97fadf900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000030 CR3: 0000001789794005 CR4: 00000000000206e0
titanous

comment created time in a month

issue openedzfsonlinux/zfs

send: kernel NULL pointer dereference

<!-- Please fill out the following template, which will help other contributors address your issue. -->

<!-- Thank you for reporting an issue.

IMPORTANT - Please search our issue tracker before making a new issue. If you cannot find a similar issue, then create a new issue. https://github.com/zfsonlinux/zfs/issues

IMPORTANT - This issue tracker is for bugs and issues only. Please search the wiki and the mailing list archives before asking questions on the mailing list. https://github.com/zfsonlinux/zfs/wiki/Mailing-Lists

Please fill in as much of the template as possible. -->

System information

<!-- add version after "|" character -->

Type Version/Name
Distribution Name NixOS
Distribution Version unstable
Linux Kernel 5.4.5
Architecture amd64
ZFS Version 0.8.2-1
SPL Version 0.8.2-1

<!-- Commands to find ZFS/SPL versions: modinfo zfs | grep -iw version modinfo spl | grep -iw version -->

Describe the problem you're observing

zfs send hangs due to a kernel null pointer deref. I'm recursively sending a raw encrypted zfs dataset containing a docker data directory and many datasets and snapshots containing container images.

Describe how to reproduce the problem

Not sure whether this will reproduce, but try installing Docker and enabling the zfs storage driver and running several containers, then run the same command that I was:

sudo zfs send -Rw tank1/e/docker@send | pv | sudo zfs recv tank2/e/docker

Include any warning/errors/backtraces from the system logs

BUG: kernel NULL pointer dereference, address: 0000000000000030
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 8000002da4875067 P4D 8000002da4875067 PUD 2d6e215067 PMD 0 
Oops: 0000 [#4] SMP PTI
CPU: 10 PID: 17405 Comm: zfs Tainted: P      D    OE     5.4.5 #1-NixOS
Hardware name: Supermicro X8DTN/X8DTN, BIOS  
RIP: 0010:dump_write+0x277/0x330 [zfs]
Code: 58 49 8b 44 24 60 48 89 43 38 49 8b 44 24 68 48 89 43 40 49 8b 44 24 70 48 89 43 48 49 8b 44 24 78 48 89 43 50 e9 96 fe ff ff <49> 8b 44 24 30 45 85 ed 74 32 48 85 c0 78 04 80 4b 31 02 48 8d 53
RSP: 0018:ffffac55d7dab998 EFLAGS: 00010206
RAX: a7c36d19488bb92c RBX: ffff943d04a44400 RCX: 0000000000000000
RDX: 0000000000000082 RSI: 0000000000000013 RDI: ffff943d04a44538
RBP: ffff943cdf49d740 R08: 0000000000020000 R09: 0000000000020000
R10: 0000000000000082 R11: 0000000000000013 R12: 0000000000000000
R13: 0000000001000000 R14: 0000000000020000 R15: 0000000000000000
FS:  00007f1f5f5a07c0(0000) GS:ffff94401f900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000030 CR3: 0000002eb7bfa004 CR4: 00000000000206e0
Call Trace:
 do_dump+0x792/0xa30 [zfs]
 dmu_send_impl+0x57b/0xae0 [zfs]
 dmu_send_obj+0x1fb/0x310 [zfs]
 zfs_ioc_send+0xad/0x2b0 [zfs]
 zfsdev_ioctl+0x6cf/0x8c0 [zfs]
 do_vfs_ioctl+0xa4/0x620
 ksys_ioctl+0x60/0x90
 __x64_sys_ioctl+0x16/0x20
 do_syscall_64+0x4e/0x120
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f1f5f694b57
Code: 00 00 00 48 8b 05 29 53 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f9 52 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffd4cf39838 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffd4cf39c70 RCX: 00007f1f5f694b57
RDX: 00007ffd4cf39c70 RSI: 0000000000005a1c RDI: 0000000000000003
RBP: 00007ffd4cf3d250 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001888650
R13: 0000000000000000 R14: 0000000001888640 R15: 00007ffd4cf42120
Modules linked in: xt_nat xt_tcpudp veth xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv4 libcrc32c br_netfilter af_packet cfg80211 rfkill 8021q ext4 crc32c_generic crc16 mbcache jbd2 radeon intel_powerclamp coretemp iTCO_wdt gpio_ich watchdog ttm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel drm_kms_helper aesni_intel drm crypto_simd cryptd glue_helper intel_cstate ipmi_si agpgart intel_uncore input_leds fb_sys_fops ipmi_devintf syscopyarea led_class sysfillrect evdev ipmi_msghandler ata_generic sysimgblt mac_hid backlight i2c_i801 lpc_ich pata_acpi ses enclosure igb ptp i7core_edac pps_core ioatdma i2c_algo_bit i2c_core edac_core dca i5500_temp floppy button acpi_cpufreq tcp_bbr sch_fq atkbd libps2 serio loop tap macvlan bridge stp llc tun nfsd kvm_intel auth_rpcgss kvm nfs_acl lockd grace sunrpc irqbypass ip_tables x_tables ipv6 nf_defrag_ipv6 crc_ccitt autofs4 sd_mod
 raid1 hid_apple hid_generic usbhid hid md_mod mpt3sas ahci libahci pata_jmicron uhci_hcd libata ehci_pci ehci_hcd raid_class scsi_transport_sas usbcore scsi_mod nvme crc32c_intel nvme_core usb_common rtc_cmos dm_mod zfs(POE) zunicode(POE) zavl(POE) icp(POE) zlua(POE) zcommon(POE) znvpair(POE) spl(OE)
CR2: 0000000000000030
---[ end trace 56eb015b0f353f0a ]---
RIP: 0010:dump_write+0x277/0x330 [zfs]
Code: 58 49 8b 44 24 60 48 89 43 38 49 8b 44 24 68 48 89 43 40 49 8b 44 24 70 48 89 43 48 49 8b 44 24 78 48 89 43 50 e9 96 fe ff ff <49> 8b 44 24 30 45 85 ed 74 32 48 85 c0 78 04 80 4b 31 02 48 8d 53
RSP: 0018:ffffac55c7c97998 EFLAGS: 00010206
RAX: a7c36d19488bb92c RBX: ffff943d64234200 RCX: 0000000000000000
RDX: 0000000000000082 RSI: 0000000000000013 RDI: ffff943d64234338
RBP: ffff9427f12de240 R08: 0000000000020000 R09: 0000000000020000
R10: 0000000000000082 R11: 0000000000000013 R12: 0000000000000000
R13: 0000000001000000 R14: 0000000000020000 R15: 0000000000000000
FS:  00007f1f5f5a07c0(0000) GS:ffff94401f900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000030 CR3: 0000002eb7bfa004 CR4: 00000000000206e0

created time in a month

issue openedgolang/go

access: may-start-trybots

I'd like trybot access, thanks!

Email: jonathan@titanous.com URL: https://go-review.googlesource.com/#/admin/groups/1030,members

/cc @andybons @dmitshur

created time in a month

startedken-clifton/Enphase-Envoy-S-Panel-Production

started time in a month

starteddsymonds/solarmon

started time in a month

startedgkalele/enphase-envoy-scraper

started time in a month

startedlambfrier/enphase-envoy-local-monitoring

started time in a month

startedkyleconroy/sqlc

started time in 2 months

startedsaucelabs/isign

started time in 2 months

issue commentdresden-elektronik/deconz-rest-plugin

Names with single quotes cause problems

I don't think this issue has been fixed. Do not close.

titanous

comment created time in 2 months

Pull request review commentflynn/flynn

controller: Add in-batches deploy strategy

     "deploy_timeout": {       "$ref": "/schema/controller/common#/definitions/deploy_timeout"     },+    "batch_size": {

I think this should be called deploy_batch_size here and in the database schema.

lmars

comment created time in 2 months

pull request commentflynn/flynn

router: Implement "power of two random choices" algorithm

Can you also run a one-off benchmark of request throughput against this branch and master to ensure this doesn't have a major perf impact?

lmars

comment created time in 2 months

Pull request review commentflynn/flynn

router: Implement "power of two random choices" algorithm

 type transport struct {  	stickyCookieKey   *[32]byte 	useStickySessions bool++	inFlightMtx      sync.Mutex+	inFlightRequests map[string]int64+}++func (t *transport) trackRequestStart(backend *router.Backend) {+	t.inFlightMtx.Lock()+	defer t.inFlightMtx.Unlock()+	t.inFlightRequests[backend.Addr]+++}++func (t *transport) trackRequestEnd(backend *router.Backend) {+	t.inFlightMtx.Lock()+	defer t.inFlightMtx.Unlock()+	t.inFlightRequests[backend.Addr]--+	if t.inFlightRequests[backend.Addr] == 0 {+		delete(t.inFlightRequests, backend.Addr)+	}+}++// eachBackend iterates through the given backends and calls the given+// function, returning early if the function returns nil or if the error+// returned is not retryable, iterating through no more than+// maxBackendAttempts.+//+// If stickyBackend matches one of the backends then that backend will be tried+// first.+//+// On each iteration, two random backends are picked and the one with the least+// load is tried, thus implementing the "power of two random choices"+// algorithm.+func (t *transport) eachBackend(stickyBackend string, backends []*router.Backend, l log15.Logger, f func(*router.Backend) error) error {+	// check we have some backends+	if len(backends) == 0 {+		return errNoBackends+	}++	attempt := 0++	// try tries calling f with the backend at the given index, returning+	// the resulting error and whether or not the request can be retried+	try := func(index int) (error, bool) {+		backend := backends[index]+		t.trackRequestStart(backend)+		err := f(backend)+		if err == nil {+			return nil, false+		}+		t.trackRequestEnd(backend)+		if _, ok := err.(dialErr); !ok {+			l.Error("unretriable request error", "status", httpErrStatus(err), "job.id", backend.JobID, "addr", backend.Addr, "err", err, "attempt", attempt)+			return err, false+		}+		l.Error("retriable dial error", "job.id", backend.JobID, "addr", backend.Addr, "err", err, "attempt", attempt)+		// remove the backend now that we've tried it+		backends = append(backends[:index], backends[index+1:]...)+		attempt+++		return err, attempt < maxBackendAttempts+	}++	// prioritise the sticky backend if it exists+	if stickyBackend != "" {+		for index, backend := range backends {+			if backend.Addr == stickyBackend {+				if err, shouldRetry := try(index); err == nil || !shouldRetry {+					return err+				}+				break+			}+		}+	}++	// keep picking two random backends and trying the one with the least+	// number of in flight requests+	for len(backends) > 0 {+		// if there is only one backend, try it and return+		if len(backends) == 1 {+			err, _ := try(0)+			return err+		}++		// pick two distinct random backends+		n1 := random.Math.Intn(len(backends))+		n2 := (n1 + 1) % len(backends)
		n2 := random.Math.Intn(len(backends))
		if n2 == n1 {
			n2 = (n2 + 1) % len(backends)
		}
lmars

comment created time in 2 months

Pull request review commentflynn/flynn

router: Implement "power of two random choices" algorithm

 type transport struct {  	stickyCookieKey   *[32]byte 	useStickySessions bool++	inFlightMtx      sync.Mutex+	inFlightRequests map[string]int64+}++func (t *transport) trackRequestStart(backend *router.Backend) {+	t.inFlightMtx.Lock()+	defer t.inFlightMtx.Unlock()

defer has some overhead and this is a hot path, just unlock it after incrementing (make the same change in trackRequestEnd.

lmars

comment created time in 2 months

pull request commentflynn/flynn

router: Implement "power of two random choices" algorithm

Yeah, going forward let's push changes as new commits, and don't forget to resolve the relevant conversations.

lmars

comment created time in 2 months

issue commentslackhq/nebula

Certificate verification relies on undefined protobuf behavior

Oh, forgot to mention that this should be a backwards compatible change, as embedded protobuf message fields are actually encoded in exactly the same format as bytes.

titanous

comment created time in 2 months

issue openedslackhq/nebula

Certificate verification relies on undefined protobuf behavior

Protobuf does not guarantee that the encoding is canonical/repeatable into the exact same bytes (especially between protobuf versions), just that it will successfully decode into the expected data.

https://github.com/slackhq/nebula/blob/d68a039838025b8992c702181b6e9eb42eaa111d/cert/cert.go#L233-L240

The code above verifies a certificate signature by encoding the certificate details into the protobuf representation and then verifying the signature across the message bytes that were encoded by the verifier. This means that if there is any meaningful skew between the encoder in the program that signed the certificate and the program that is verifying the certificate, it will not verify successfully.

The solution is to have the creator of the certificate encode it before signing and then send it in this representation as bytes:

message SignedCert {
  bytes data = 1;
  bytes signature = 2;
}

And then the verifier can decode the data into the RawNebulaCertificateDetails and separately run the signature algorithm across the data containing the encoded bytes from the signer to confirm that the certificate is properly signed.

created time in 2 months

issue commentflynn/flynn

Multiple buildpacks wrong primary pack

The '.buildpacks` file is not being detected. Please confirm that it is included in the root of the git repo you are pushing.

bin4ryio

comment created time in 2 months

issue commentflynn/flynn

Multiple buildpacks wrong primary pack

Please post the full output of the git push.

bin4ryio

comment created time in 2 months

Pull request review commentflynn/flynn

router: Implement "power of two random choices" algorithm

 type transport struct {  	stickyCookieKey   *[32]byte 	useStickySessions bool++	inFlightMtx      sync.Mutex+	inFlightRequests map[string]int64+}++func (t *transport) trackRequestStart(backend *router.Backend) {+	t.inFlightMtx.Lock()+	defer t.inFlightMtx.Unlock()+	t.inFlightRequests[backend.Addr]+++}++func (t *transport) trackRequestEnd(backend *router.Backend) {+	t.inFlightMtx.Lock()+	defer t.inFlightMtx.Unlock()+	t.inFlightRequests[backend.Addr]--

To prevent a memory leak, delete when the count drops to zero.

lmars

comment created time in 2 months

Pull request review commentflynn/flynn

router: Implement "power of two random choices" algorithm

 type transport struct {  	stickyCookieKey   *[32]byte 	useStickySessions bool++	inFlightMtx      sync.Mutex+	inFlightRequests map[string]int64+}++func (t *transport) trackRequestStart(backend *router.Backend) {+	t.inFlightMtx.Lock()+	defer t.inFlightMtx.Unlock()+	t.inFlightRequests[backend.Addr]+++}++func (t *transport) trackRequestEnd(backend *router.Backend) {+	t.inFlightMtx.Lock()+	defer t.inFlightMtx.Unlock()+	t.inFlightRequests[backend.Addr]--+}++// eachBackend iterates through the given backends and calls the given+// function, returning early if the function returns nil or if the error+// returned is not retryable.+//+// If stickyBackend matches one of the backends then that backend will be tried+// first.+//+// On each iteration, two random backends are picked and the one with the least+// load is tried, thus implementing the "power of two random choices"+// algorithm.+func (t *transport) eachBackend(stickyBackend string, backends []*router.Backend, l log15.Logger, f func(*router.Backend) error) error {+	// check we have some backends+	if len(backends) == 0 {+		return errNoBackends+	}++	attempt := 0++	// try tries calling f with the backend at the given index, returning+	// the resulting error and whether or not the request can be retried+	try := func(index int) (error, bool) {+		backend := backends[index]+		t.trackRequestStart(backend)+		err := f(backend)+		if err == nil {+			return nil, false+		}+		t.trackRequestEnd(backend)+		if _, ok := err.(dialErr); !ok {+			l.Error("unretriable request error", "status", httpErrStatus(err), "job.id", backend.JobID, "addr", backend.Addr, "err", err, "attempt", attempt)+			return err, false+		}+		l.Error("retriable dial error", "job.id", backend.JobID, "addr", backend.Addr, "err", err, "attempt", attempt)+		// remove the backend now that we've tried it+		backends = append(backends[:index], backends[index+1:]...)+		attempt+++		return err, true+	}++	// prioritise the sticky backend if it exists+	for index, backend := range backends {+		if backend.Addr == stickyBackend {+			if err, shouldRetry := try(index); err == nil || !shouldRetry {+				return err+			}+			break+		}+	}++	// keep picking two random backends and trying the one with the least+	// number of in flight requests+	for len(backends) > 0 {

We should cap this at a few retries, maybe 3 or 4?

lmars

comment created time in 2 months

Pull request review commentflynn/flynn

router: Implement "power of two random choices" algorithm

 type transport struct {  	stickyCookieKey   *[32]byte 	useStickySessions bool++	inFlightMtx      sync.Mutex+	inFlightRequests map[string]int64+}++func (t *transport) trackRequestStart(backend *router.Backend) {+	t.inFlightMtx.Lock()+	defer t.inFlightMtx.Unlock()+	t.inFlightRequests[backend.Addr]+++}++func (t *transport) trackRequestEnd(backend *router.Backend) {+	t.inFlightMtx.Lock()+	defer t.inFlightMtx.Unlock()+	t.inFlightRequests[backend.Addr]--+}++// eachBackend iterates through the given backends and calls the given+// function, returning early if the function returns nil or if the error+// returned is not retryable.+//+// If stickyBackend matches one of the backends then that backend will be tried+// first.+//+// On each iteration, two random backends are picked and the one with the least+// load is tried, thus implementing the "power of two random choices"+// algorithm.+func (t *transport) eachBackend(stickyBackend string, backends []*router.Backend, l log15.Logger, f func(*router.Backend) error) error {+	// check we have some backends+	if len(backends) == 0 {+		return errNoBackends+	}++	attempt := 0++	// try tries calling f with the backend at the given index, returning+	// the resulting error and whether or not the request can be retried+	try := func(index int) (error, bool) {+		backend := backends[index]+		t.trackRequestStart(backend)+		err := f(backend)+		if err == nil {+			return nil, false+		}+		t.trackRequestEnd(backend)+		if _, ok := err.(dialErr); !ok {+			l.Error("unretriable request error", "status", httpErrStatus(err), "job.id", backend.JobID, "addr", backend.Addr, "err", err, "attempt", attempt)+			return err, false+		}+		l.Error("retriable dial error", "job.id", backend.JobID, "addr", backend.Addr, "err", err, "attempt", attempt)+		// remove the backend now that we've tried it+		backends = append(backends[:index], backends[index+1:]...)+		attempt+++		return err, true+	}++	// prioritise the sticky backend if it exists+	for index, backend := range backends {

This should have a guard so that it doesn't run if stickyBackend == "".

lmars

comment created time in 2 months

Pull request review commentflynn/flynn

router: Implement "power of two random choices" algorithm

 type transport struct {  	stickyCookieKey   *[32]byte 	useStickySessions bool++	inFlightMtx      sync.Mutex+	inFlightRequests map[string]int64+}++func (t *transport) trackRequestStart(backend *router.Backend) {+	t.inFlightMtx.Lock()+	defer t.inFlightMtx.Unlock()+	t.inFlightRequests[backend.Addr]+++}++func (t *transport) trackRequestEnd(backend *router.Backend) {+	t.inFlightMtx.Lock()+	defer t.inFlightMtx.Unlock()+	t.inFlightRequests[backend.Addr]--+}++// eachBackend iterates through the given backends and calls the given+// function, returning early if the function returns nil or if the error+// returned is not retryable.+//+// If stickyBackend matches one of the backends then that backend will be tried+// first.+//+// On each iteration, two random backends are picked and the one with the least+// load is tried, thus implementing the "power of two random choices"+// algorithm.+func (t *transport) eachBackend(stickyBackend string, backends []*router.Backend, l log15.Logger, f func(*router.Backend) error) error {+	// check we have some backends+	if len(backends) == 0 {+		return errNoBackends+	}++	attempt := 0++	// try tries calling f with the backend at the given index, returning+	// the resulting error and whether or not the request can be retried+	try := func(index int) (error, bool) {+		backend := backends[index]+		t.trackRequestStart(backend)+		err := f(backend)+		if err == nil {+			return nil, false+		}+		t.trackRequestEnd(backend)+		if _, ok := err.(dialErr); !ok {+			l.Error("unretriable request error", "status", httpErrStatus(err), "job.id", backend.JobID, "addr", backend.Addr, "err", err, "attempt", attempt)+			return err, false+		}+		l.Error("retriable dial error", "job.id", backend.JobID, "addr", backend.Addr, "err", err, "attempt", attempt)+		// remove the backend now that we've tried it+		backends = append(backends[:index], backends[index+1:]...)+		attempt+++		return err, true+	}++	// prioritise the sticky backend if it exists+	for index, backend := range backends {+		if backend.Addr == stickyBackend {+			if err, shouldRetry := try(index); err == nil || !shouldRetry {+				return err+			}+			break+		}+	}++	// keep picking two random backends and trying the one with the least+	// number of in flight requests+	for len(backends) > 0 {+		// if there is only one backend, try it and return+		if len(backends) == 1 {+			err, _ := try(0)+			return err+		}++		// pick two distinct random backends+		n1 := random.Math.Intn(len(backends))+		n2 := random.Math.Intn(len(backends))+		for n2 == n1 {+			n2 = random.Math.Intn(len(backends))

We don't need to be perfect here, just do n2+1 % len(backends).

lmars

comment created time in 2 months

startedmitchellh/gon

started time in 3 months

Pull request review commentalloy-commons/alloy-open-source

Update for newest Android release

-var MINIMUM_ANDROID_VERSION = new Date(2019, 9, 5);-var ANDROID_LAST_UPDATE = new Date(2019, 9, 9);+var MINIMUM_ANDROID_VERSION = new Date(2019, 10, 5);+var ANDROID_LAST_UPDATE = new Date(2019, 10, 4);

Shouldn't this be November instead of October?

alex

comment created time in 3 months

pull request commentflynn/go-tuf

encrypted: fix flake in EncryptedSuite.TestTamperedRoundtrip

Thanks!

ComputerDruid

comment created time in 3 months

push eventflynn/go-tuf

Dan Johnson

commit sha 890a6cb82044de20e094222d137721d287f46b71

encrypted: fix flake in EncryptedSuite.TestTamperedRoundtrip If we get really unlucky the encrypted bytes already start with 0x0000 so the tampering fails. Signed-off-by: Dan Johnson <computerdruid@google.com>

view details

push time in 3 months

PR merged flynn/go-tuf

encrypted: fix flake in EncryptedSuite.TestTamperedRoundtrip

If we get really unlucky the encrypted bytes already start with 0x0000 so the tampering fails.

Signed-off-by: Dan Johnson computerdruid@google.com

+1 -2

0 comment

1 changed file

ComputerDruid

pr closed time in 3 months

issue closedCleverCloud/biscuit

Add license

Please add a license to this repo and biscuit-rust/java. Thanks!

closed time in 3 months

titanous

issue commentCleverCloud/biscuit

Add license

Awesome!

titanous

comment created time in 3 months

issue openedCleverCloud/biscuit

Add license

Please add a license to this repo and biscuit-rust/java. Thanks!

created time in 3 months

create barnchtitanous/weap

branch : test-mtu

created branch time in 3 months

push eventtitanous/weap

Jonathan Rudenberg

commit sha 9dac824a2a97f6627bc551b0116012e42fb9819a

Add LICENSE

view details

push time in 3 months

delete branch titanous/caddy

delete branch : prune-imports

delete time in 3 months

startedvertigo235/Build-Prusa-LA-15

started time in 3 months

push eventtitanous/weap

Jonathan Rudenberg

commit sha ff5f748f71420af31fedefa74f00a6594a58b485

set Framed-MTU

view details

push time in 3 months

push eventtitanous/nextdhcp

Jonathan Rudenberg

commit sha 07e615f068e96eb3eb2bff69b8243b3dc6f7080f

wip lease list command

view details

push time in 3 months

issue openednextdhcp/nextdhcp

Consider always sending Server Identifier

Follow-up to #11. RFC 2131 requires the server identifier option. Any reason it shouldn't be moved to the core packet handling code here?

created time in 4 months

PR opened caddyserver/caddy

Move certmagic import out of caddy package

<!-- Thank you for contributing to Caddy! Please fill this out to help us make the most of your pull request.

Was this change discussed in an issue first? That can help save time in case the change is not a good fit for the project. Not all pull requests get merged.

It is not uncommon for pull requests to go through several, iterative reviews. Please be patient with us! Every reviewer is a volunteer, and each has their own style. -->

What does this change do, exactly?

<!-- Please be specific. Motivate the problem, and justify why this is the best solution. -->

Moves the certmagic import out of the core caddy package. The only use of certmagic is calling a shutdown hook. The reason behind this change is reducing the import graph for projects that use Caddy's core packages but not certmagic, for example nextdhcp.

Ideally the telemetry import would be eliminated too (perhaps using an interface variable that is populated by an init func in the telemetry package), but I thought I'd start here.

Checklist

  • [ ] I have written tests and verified that they fail without my change
  • [x] I have squashed any insignificant commits
  • [x] This change has comments explaining package types, values, functions, and non-obvious lines of code
  • [ ] I am willing to help maintain this change if there are issues with it later
+1 -6

0 comment

3 changed files

pr created time in 4 months

push eventtitanous/caddy

Jonathan Rudenberg

commit sha 94f1bc8f0a177c8cec6f3e1ab83f9c5b25bcdbb4

Move certmagic import out of caddy package

view details

push time in 4 months

create barnchtitanous/caddy

branch : prune-imports

created branch time in 4 months

PR opened nextdhcp/nextdhcp

Set Server ID for all packets

Some clients, including ChromeOS, require this option for all packets.

+12 -7

0 comment

2 changed files

pr created time in 4 months

create barnchtitanous/nextdhcp

branch : staging

created branch time in 4 months

create barnchtitanous/nextdhcp

branch : serverid-always

created branch time in 4 months

pull request commentnextdhcp/nextdhcp

Call flag.Parse() to allow config flag

Done!

titanous

comment created time in 4 months

push eventtitanous/nextdhcp

Jonathan Rudenberg

commit sha f6d77feccbef6d09e0a8cd0755d8595db40d9ee6

Call flag.Parse() to allow config flag

view details

push time in 4 months

delete tag flynn/flynn

delete tag : v20191011.0

delete time in 4 months

delete branch flynn/flynn

delete branch : kill-timeout

delete time in 4 months

PR merged flynn/flynn

host: Bump job stop timeout to 30s
+1 -1

0 comment

1 changed file

titanous

pr closed time in 4 months

push eventflynn/flynn

Jonathan Rudenberg

commit sha fa3d9c08793e7d93bd6779ac17031f3cbaf6f990

host: Bump job stop timeout to 30s Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

push time in 4 months

PR opened flynn/flynn

host: Bump job stop timeout to 30s
+1 -1

0 comment

1 changed file

pr created time in 4 months

create barnchflynn/flynn

branch : kill-timeout

created branch time in 4 months

delete branch flynn/flynn

delete branch : router-499

delete time in 4 months

push eventflynn/flynn

Jonathan Rudenberg

commit sha 9a45e3986fd4fe492f424bd0efccdf865eb84987

router: Use HTTP status 499 in logs for client errors - Errors like clients disconnecting with DEBUG=1 will log a line with status=499 instead of status=503. - The logs now consistently use fractional milliseconds for all durations. - context is now used consistently and updated to use the APIs available as of Go 1.3.

view details

push time in 4 months

PR merged flynn/flynn

router: Use HTTP status 499 in logs for client errors
  • Errors like clients disconnecting with DEBUG=1 will log a line with status=499 instead of status=503.
  • The logs now consistently use fractional milliseconds for all durations.
  • context is now used consistently and updated to use the APIs available as of Go 1.3.
+65 -60

0 comment

3 changed files

titanous

pr closed time in 4 months

PR opened flynn/flynn

router: Use HTTP status 499 in logs for client errors
  • Errors like clients disconnecting with DEBUG=1 will log a line with status=499 instead of status=503.
  • The logs now consistently use fractional milliseconds for all durations.
  • context is now used consistently and updated to use the APIs available as of Go 1.3.
+65 -60

0 comment

3 changed files

pr created time in 4 months

push eventflynn/flynn

Jonathan Rudenberg

commit sha 41e2b2630bdca5272886073b8ae847ea684025f6

all: Switch to go mod Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jonathan Rudenberg

commit sha 948b3cf7a3ce6426f24932f8bcc6de24a1eee9a9

builder/img: Update to Go 1.3 Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jonathan Rudenberg

commit sha 100f8cd5833e41651a3832dbf4afe28b05528b7c

router: Use HTTP status 499 in logs for client errors - Errors like clients disconnecting with DEBUG=1 will log a line with status=499 instead of status=503. - The logs now consistently use fractional milliseconds for all durations. - context is now used consistently and updated to use the APIs available as of Go 1.3.

view details

push time in 4 months

delete branch flynn/flynn

delete branch : go-mod

delete time in 4 months

push eventflynn/flynn

Jonathan Rudenberg

commit sha 41e2b2630bdca5272886073b8ae847ea684025f6

all: Switch to go mod Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jonathan Rudenberg

commit sha 948b3cf7a3ce6426f24932f8bcc6de24a1eee9a9

builder/img: Update to Go 1.3 Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

push time in 4 months

PR merged flynn/flynn

Reviewers
all: Switch to go mod, update to Go 1.3

This changes the Go dependency management strategy from dep to go mod with vendoring enabled. Vendoring was kept for two reasons:

  1. Because of the aggressive sandboxing of the build, caching of the downloaded files in the non-vendored mode becomes a major issue that will require a fair amount of work to implement.
  2. Vendoring makes it obvious what the changes in dependencies are when changing or adding dependencies and allows trivial project-wide code searches across all dependencies.

Due to differences in the MVS algorithm that go mod uses, a variety of dependency versions have changed, unfortunately there is no way to avoid this.

+141299 -76840

0 comment

1023 changed files

titanous

pr closed time in 4 months

PublicEvent

startedjonnrb/mdns_repeater

started time in 4 months

push eventflynn/flynn

Jonathan Rudenberg

commit sha c627b088b217b9fef01498e566674b8a77aba31d

builder/img: Update to Go 1.3 Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

push time in 4 months

create barnchflynn/flynn

branch : router-499

created branch time in 4 months

PR opened nextdhcp/nextdhcp

Call flag.Parse() to allow config flag
+1 -0

0 comment

1 changed file

pr created time in 4 months

create barnchtitanous/nextdhcp

branch : fix-flags

created branch time in 4 months

fork titanous/nextdhcp

A DHCP server chaining middlewares. Similar to CoreDNS and Caddy

https://nextdhcp.io

fork in 4 months

PR opened tobmatth/rack-ssl-enforcer

Make middleware thread-safe

Rack middleware must not use instance variables for state, as the same instance can be called by multiple threads. This patch changes the middleware to pass all request state as method arguments.

As a result of the lack of thread safety in the current version, it is possible for the middleware to handle a request incorrectly, using the @request instance variable from another request. This can present itself as random redirects to other URLs for a small subset of requests, when using a threaded Rack server like Puma.

I have reproduced and verified this issue using a test application with many requests in a specific pattern that we observed in production to trigger this issue. After this patch, the issue no longer occurs.

+39 -39

0 comment

1 changed file

pr created time in 4 months

create barnchtitanous/rack-ssl-enforcer

branch : fix-thread-safety

created branch time in 4 months

fork titanous/rack-ssl-enforcer

A simple Rack middleware to enforce ssl connections

fork in 4 months

startedGandem/bonjour-reflector

started time in 4 months

issue openedsignalapp/Signal-iOS

New Message text misaligned on 5.8" devices

<!-- This is a bug report template. By following the instructions below and filling out the sections with your information, you will help the developers get all the necessary data to fix your issue. You can also preview your report before submitting it. You may remove sections that aren't relevant to your particular case.

Before we begin, please note that this tracker is only for issues. It is not for questions, comments, or feature requests.

If you would like to discuss a new feature or submit suggestions, please visit the community forum: https://community.signalusers.org

If you are looking for support, please visit our support center: https://support.signal.org/ or email support@signal.org

Let's begin with a checklist: Replace the empty checkboxes [ ] below with checked ones [x] accordingly. -->

  • [x] I have searched open and closed issues for duplicates
  • [x] I am submitting a bug report for existing functionality that does not work as intended
  • [x] This isn't a feature request or a discussion topic

Bug description

The New Message input text is misaligned on 5.8" devices.

Screenshots

image0

Device info

<!-- replace the examples with your info --> Device: iPhone 11 Pro (this almost certainly affects the X and XS too)

iOS version: 13.1.1

Signal version: 2.43.2.1

created time in 4 months

startedrohanpadhye/FuzzFactory

started time in 4 months

startedthrottled/throttled

started time in 4 months

startedstripe/safesql

started time in 4 months

PR opened flynn/flynn

Reviewers
all: Switch to go mod, update to Go 1.3

This changes the Go dependency management strategy from dep to go mod with vendoring enabled. Vendoring was kept for two reasons:

  1. Because of the aggressive sandboxing of the build, caching of the downloaded files in the non-vendored mode becomes a major issue that will require a fair amount of work to implement.
  2. Vendoring makes it obvious what the changes in dependencies are when changing or adding dependencies and allows trivial project-wide code searches across all dependencies.

Due to differences in the MVS algorithm that go mod uses, a variety of dependency versions have changed, unfortunately there is no way to avoid this.

+141299 -76840

0 comment

1023 changed files

pr created time in 4 months

push eventflynn/flynn

Jonathan Rudenberg

commit sha 731ca8626cbd738c9a7958473cd7528d002755cd

all: Switch to go mod Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jonathan Rudenberg

commit sha 096e07f8a300261b72c3a843b0e2c8c04dc6cfee

builder/img: Update to Go 1.3 Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

push time in 4 months

push eventflynn/flynn

Jonathan Rudenberg

commit sha ed2ff4ee224b43c9d12757c7e6d43151314aadf8

pkg/exec: Allow multiple calls to Wait This fixes a race in gitreceive where Wait is called after the connection closes for cleanup as well as during the request lifecycle. Sometimes the close notify is delivered just before the request finishes resulting in two calls to Wait. Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jonathan Rudenberg

commit sha f2d027cf47e666964d08c4a397964cb5e1cccced

router: Add connection idle and header read timeouts Closes #4306 Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jonathan Rudenberg

commit sha 54ac2b8438cde1c20822ad8a9794d8e9a5d31076

gitreceive/receiver: Fix formatting for warning Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jesse Stuart

commit sha 98fe0fbd713eebd952031d6b2094dd657572cf6b

controller: Move database layer into controller/data (#4541) Signed-off-by: Jesse Stuart <email@jessestuart.ca>

view details

Jonathan Rudenberg

commit sha 972c8f24f5a08d970563b65d936cc0a7239b8bb8

pkg/tlsconfig: Disable non-optimized curves Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jonathan Rudenberg

commit sha 317491a9623fee8583553c873576f10d547b05fe

test: Add backup restore test for v20190730.0 Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jonathan Rudenberg

commit sha 5dadfae4d3f9ce146d922b03c3b0e34da8d4463a

builder/img: Add vim-tiny to heroku-18 image Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jonathan Rudenberg

commit sha 59d7beb0d532cf4a46345e8db2264b00ede3f192

gitreceive: Turn off git gc autoDetach When this flag is the default of on, repos uploads can be corrupted when they happen in parallel with the forked `git gc --auto`. Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jonathan Rudenberg

commit sha 2d262d4ece1c910b031e9f9957e4fb3cf5712390

cli: Ensure curl in export uses HTTP/1.1 If curl gets redirected to a server that supports HTTP/2 (for example with the GCS blobstore backend), it will return output that is not parsed correctly and the export will hang. Closes #4548 Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jonathan Rudenberg

commit sha fc842fa8431366e09feb5a79c1f5686c03bb276d

slugbuilder: Silence stderr output from detect hooks Heroku has added debugging output to the detect hooks that shows up on every push. Silence it by diverting stderr to /dev/null. Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jonathan Rudenberg

commit sha 41f24729a252fb413f18bb15e07b92e2803f76aa

script/install-flynn: Bump fd limit Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jonathan Rudenberg

commit sha a78daccc7ca302ce4927aef28fe810e29e2f1f93

builder/img: Update to Go 1.12.8 Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jonathan Rudenberg

commit sha a543312e5f9ce82c325707f61dad7ae02b5800e8

vendor: Update golang.org/x/net/http2 Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jonathan Rudenberg

commit sha b13bf4e0ac5f5f8ff3b2c5badbcef9e4ba80d899

all: Switch to go mod Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

Jonathan Rudenberg

commit sha 607cfa8aeba0a4ee3f2e4eb9b1b94fe6e9288c37

builder/img: Update to Go 1.3 Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

view details

push time in 4 months

startedbjwbell/gensimd

started time in 4 months

Pull request review commentflynn/flynn

gRPC controller

 $$ LANGUAGE plpgsql`, 		$$ LANGUAGE plpgsql; 		`, 	)+	migrations.Add(36,+		// Add a "type" column to deployments to destinguash between code and

destinguash -> distinguish

jvatic

comment created time in 4 months

Pull request review commentflynn/flynn

gRPC controller

 func (r *DeploymentRepo) AddExpanded(appID, releaseID string) (*ct.ExpandedDeplo 		procCount += i 	} +	releaseType := (func(oldRelease, release *ct.Release) ct.ReleaseType {+		if oldRelease != nil {+			if reflect.DeepEqual(oldRelease.ArtifactIDs, release.ArtifactIDs) {

This should not use reflect.

jvatic

comment created time in 4 months

push eventflynn/flynn

Jonathan Rudenberg

commit sha ee8fe5c3b9a2069e28f85248bf6a930373528fcf

wip

view details

push time in 5 months

created tagflynn/runc

tagv1.0.0-rc1001

CLI tool for spawning and running containers according to the OCI specification

created time in 5 months

push eventflynn/runc

Lifubang

commit sha 472fe623a76a039c438429345c0ccf71dc7722e8

criu image path permission error in rootless checkpoint Signed-off-by: Lifubang <lifubang@acmcoder.com>

view details

Marco Vedovati

commit sha 9a599f62fbdc7cc366c09424485abea8efbbc004

Support for logging from children processes Add support for children processes logging (including nsexec). A pipe is used to send logs from children to parent in JSON. The JSON format used is the same used by logrus JSON formatted, i.e. children process can use standard logrus APIs. Signed-off-by: Marco Vedovati <mvedovati@suse.com>

view details

Marco Vedovati

commit sha feebfac358ca83fe0a1132f1b2a6da5fca69f1ce

Remove pipe close before exec. Pipe close before exec is not necessary as os.Pipe() is calling pipe2 with O_CLOEXEC option. Signed-off-by: Marco Vedovati <mvedovati@suse.com>

view details

Danail Branekov

commit sha c486e3c40633d571df38fca56da69f3ab0ab13fe

Address comments in PR 1861 Refactor configuring logging into a reusable component so that it can be nicely used in both main() and init process init() Co-authored-by: Georgi Sabev <georgethebeatle@gmail.com> Co-authored-by: Giuseppe Capizzi <gcapizzi@pivotal.io> Co-authored-by: Claudia Beresford <cberesford@pivotal.io> Signed-off-by: Danail Branekov <danailster@gmail.com>

view details

Aleksa Sarai

commit sha 8296826da5b372a4f7b344173b1dea753f8bd14b

specconv: always set "type: bind" in case of MS_BIND We discovered in umoci that setting a dummy type of "none" would result in file-based bind-mounts no longer working properly, which is caused by a restriction for when specconv will change the device type to "bind" to work around rootfs_linux.go's ... issues. However, bind-mounts don't have a type (and Linux will ignore any type specifier you give it) because the type is copied from the source of the bind-mount. So we should always overwrite it to avoid user confusion. Signed-off-by: Aleksa Sarai <asarai@suse.de>

view details

Xiao YongBiao

commit sha da5a2dd45625c3106d95b0dc7c44c3358c7a9ca2

`r.destroy` can defer exec in `runner.run` method. Signed-off-by: Xiao YongBiao <xyb4638@gmail.com>

view details

Sebastiaan van Stijn

commit sha e7831f2abb163fe39aef1067dc1a56087b68b3da

Update to Go 1.12 and drop obsolete versions Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Georgi Sabev

commit sha ba3cabf932943cc927059a6782ae51b7dd862b4e

Improve nsexec logging * Simplify logging function * Logs contain __FUNCTION__:__LINE__ * Bail uses write_log Co-authored-by: Julia Nedialkova <julianedialkova@hotmail.com> Co-authored-by: Danail Branekov <danailster@gmail.com> Signed-off-by: Georgi Sabev <georgethebeatle@gmail.com>

view details

Georgi Sabev

commit sha 475aef10f7a85c9a64dd86111a0540a4c37fe53d

Remove redundant log function Bump logrus so that we can use logrus.StandardLogger().Logf instead Co-authored-by: Julia Nedialkova <julianedialkova@hotmail.com> Signed-off-by: Georgi Sabev <georgethebeatle@gmail.com>

view details

Xiaochen Shen

commit sha 17b37ea3faa29bfae884907c0894c4d5e7588299

libcontainer: intelrdt: add missing destroy handler in defer func In the exception handling of initProcess.start(), we need to add the missing IntelRdtManager.Destroy() handler in defer func. Signed-off-by: Xiaochen Shen <xiaochen.shen@intel.com>

view details

Georgi Sabev

commit sha 68b4ff5b3725777172db52f897a84e86db7da5cd

Simplify bail logic & minor nsexec improvements Co-authored-by: Julia Nedialkova <julianedialkova@hotmail.com> Signed-off-by: Georgi Sabev <georgethebeatle@gmail.com>

view details

Georgi Sabev

commit sha a1460818288b8addfe9b70c8931da83864251f7a

Write logs to stderr by default Minor refactoring to use the filePair struct for both init sock and log pipe Co-authored-by: Julia Nedialkova <julianedialkova@hotmail.com> Signed-off-by: Georgi Sabev <georgethebeatle@gmail.com>

view details

Filipe Brandenburger

commit sha 46351eb3d14b8b42454787166811a61fe51e28b7

Move systemd.Manager initialization into a function in that module This will permit us to extend the internals of systemd.Manager to include further information about the system, such as whether cgroupv1, cgroupv2 or both are in effect. Furthermore, it allows a future refactor of moving more of UseSystemd() code into the factory initialization function. Signed-off-by: Filipe Brandenburger <filbranden@gmail.com>

view details

Michael Crosby

commit sha 70bc4cd847bcc731fb6e7ad8adeb1aa431bc4a50

Merge pull request #2034 from masters-of-cats/pr-child-logging Support for logging from children processes

view details

Mrunal Patel

commit sha a0ecf749ee4f236d3534a14c41c047fe6f488bd1

Merge pull request #2047 from filbranden/systemd7 Move systemd.Manager initialization into a function in that module

view details

Mrunal Patel

commit sha 2484581dd7d1dd9a15dd46887d1ea258283a5e58

Merge pull request #2035 from cyphar/bindmount-types specconv: always set "type: bind" in case of MS_BIND

view details

Mrunal Patel

commit sha eb4aeed24ffbf8e2d740fafea39d91faa0ee84d0

Merge pull request #2038 from imxyb/defer-destroy `r.destroy` can defer exec in `runner.run` method.

view details

Giuseppe Scrivano

commit sha 8383c724a4d76ab031159115127b32619a151099

main: not reopen /dev/stderr commit a1460818288b8addfe9b70c8931da83864251f7a introduced a change to write to /dev/stderr by default. Do not reopen the file in this case, but use directly the fd 2. Closes: https://github.com/opencontainers/runc/issues/2056 Closes: https://github.com/kubernetes/kubernetes/issues/77615 Closes: https://github.com/cri-o/cri-o/issues/2368 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

view details

Mrunal Patel

commit sha b9b6cc6e47fe4f2aa4f744a1fc62d248c182d28d

Merge pull request #2057 from giuseppe/no-reopen-stderr main: not reopen /dev/stderr

view details

Kenta Tada

commit sha 65032b55b152c8c8d4c630fbf4eeb63ba7159e87

libcontainer: fix TestGetContainerState to check configs.NEWCGROUP This test needs to handle the case of configs.NEWCGROUP as Namespace's type. Signed-off-by: Kenta Tada <Kenta.Tada@sony.com>

view details

push time in 5 months

create barnchflynn/runc

branch : fix-nsenter-unsupported

created branch time in 5 months

more