Eric Wong [Tue, 4 Jun 2019 10:38:20 +0000 (10:38 +0000)]
Merge branch 'charclass'
* charclass: (24 commits)
www: require ASCII word characters for CSS filenames
www: require ASCII range for mbox downloads
githttpbackend: require ASCII in path
require ASCII digits for local FS items
www: require ASCII digit for git epoch
solver|viewdiff: restrict digit matches to ASCII
inbox: require ASCII digits for feedmax var
filter/rubylang: require ASCII digit for mailcount
msgtime: require ASCII digits for parsing dates
searchview: do not allow non-ASCII offsets and limits
githttpbackend: require Range:, Status: to be ASCII digits
view: require YYYYmmDD(HHMMSS) timestamps to be ASCII
newswww: only accept ASCII digits as article numbers
config: do not accept non-ASCII digits in cgitrc params
www: require ASCII filenames in git blob downloads
www: only emit ASCII chars in attachment filenames
wwwattach: only pass the charset through if ASCII
wwwlisting: require ASCII digit for port number
http: require SERVER_PORT to be ASCII digit
feed: only accept ASCII digits for ref~$N
...
Eric Wong [Tue, 4 Jun 2019 09:05:51 +0000 (09:05 +0000)]
www: require ASCII range for mbox downloads
We do not support many mboxrd download range specifications at
the moment; but parsing non-ASCII characters isn't planned.
This makes no difference aside from being able to return 404
slightly earlier than we would've in the past.
Eric Wong [Tue, 4 Jun 2019 08:58:32 +0000 (08:58 +0000)]
githttpbackend: require ASCII in path
We mainly support git-upload-pack; and maybe somebody uses
git-receive-pack with this. Perhaps other (experimental)
command names are acceptable. But it's unlikely anybody will
want Unicode command names for git services.
Eric Wong [Tue, 4 Jun 2019 08:30:55 +0000 (08:30 +0000)]
solver|viewdiff: restrict digit matches to ASCII
git would not generate non-ASCII digits to describe
hunk offsets, so don't waste more time than necessary
to make sense of non-ASCII digit chars for line offsets.
Eric Wong [Tue, 4 Jun 2019 02:04:32 +0000 (02:04 +0000)]
githttpbackend: require Range:, Status: to be ASCII digits
Non-ASCII digits would be interpreted as a zeroes as integers.
While we're at it, ensure the Status: code is an ASCII digit,
too; though I would not expect git-http-backend(1) or cgit(1)
start spewing non-ASCII digits at us.
Eric Wong [Tue, 4 Jun 2019 09:02:01 +0000 (09:02 +0000)]
www: require ASCII filenames in git blob downloads
Our Hval::to_filename sub has always been strict about emitting
ASCII-only characters for ViewVCS "raw" links.
However, somebody could manually generate a filename with
non-ASCII words for somebody else to download (we have no
cheap and fast way of mapping filenames back to blobs for
validation).
Eric Wong [Tue, 4 Jun 2019 02:04:28 +0000 (02:04 +0000)]
www: only emit ASCII chars in attachment filenames
We don't want to emit funky URLs which can be lost in
translation or cause problems with non-Unicode-aware
clients.
Then, don't accept non-ASCII filenames in URLs, since
a manually-generated URL/filename in attachment downloads
could be used for Unicode homographs to confuse folks who
down the attachment.
Eric Wong [Tue, 4 Jun 2019 08:20:40 +0000 (08:20 +0000)]
nntp: ensure we only handle ASCII whitespace
RFC3977 does not have provisions for whitespace beyond ASCII
TAB, SP, CR and LF. I doubt there's any NNTP clients broken
enough to be sending non-ASCII whitespace delimiters.
We're probably excessively liberal regarding TAB acceptance,
even; but it's probably too late to change at this point...
Eric Wong [Tue, 4 Jun 2019 02:04:21 +0000 (02:04 +0000)]
linkify: support Internationalized Domain Names in URLs
The "\w" character class in Perl matches any word characters
in the Unicode database, not just ASCII characters. So we
must be prepared for that and generate links to IDNs.
Eric Wong [Mon, 3 Jun 2019 09:04:01 +0000 (09:04 +0000)]
Merge remote-tracking branch 'origin/ds'
* origin/ds:
ds: remove PLCMap and per-socket PostLoopCallback
ds: drop write_set_watch field
ds: drop unused EVENT: label in epoll code path
ds: drop checks for invalid descriptors
ds: drop set_writer_func support
ds: add a note about planned future changes
ds: drop more unused subs
Eric Wong [Sun, 2 Jun 2019 03:39:34 +0000 (03:39 +0000)]
ds: drop set_writer_func support
This is not used by perlbal for OpenSSL support, either;
and it does not appear to be the right layer for doing
write translations anyways (IO::Socket::SSL uses `tie').
Eric Wong [Sat, 1 Jun 2019 03:27:55 +0000 (03:27 +0000)]
git: drop the deleted err_c file
No reason to leave that (usually) empty file open after killing off
"cat-file --batch-check". This wasn't an unbound leak, though,
as respawning the --batch-check process would've clobbered the
old err_c file.
Eric Wong [Sat, 1 Jun 2019 00:20:51 +0000 (00:20 +0000)]
git: unconditional expiry
A constant stream of traffic to either httpd/nntpd would mean
git-cat-file processes never expire. Things can go bad after a
full repack, as a full repack will unlink old pack indices and
git-cat-file does not currently detect unlinked files.
We could do something complicated by recursively stat-ing
objects/pack of every git directory and alternate;
but that's probably not worth the trouble compared to
occasionally restarting the cat-file process.
So simplify the code and let httpd/nntpd expire them
periodically, since spawning a "git-cat-file --batch" process
isn't too expensive. We already spawn for every request which
hits git-http-backend, cgit, and git-apply.
In the future, we may optionally support the Git::Raw module
to avoid IPC; but we must remain careful to not leave lingering
FDs open to unlinked files after repack.
Eric Wong [Sat, 1 Jun 2019 03:27:55 +0000 (03:27 +0000)]
git: drop the deleted err_c file
No reason to leave that (usually) empty file open after killing off
"cat-file --batch-check". This wasn't an unbound leak, though,
as respawning the --batch-check process would've clobbered the
old err_c file.
Eric Wong [Sat, 1 Jun 2019 00:20:51 +0000 (00:20 +0000)]
git: unconditional expiry
A constant stream of traffic to either httpd/nntpd would mean
git-cat-file processes never expire. Things can go bad after a
full repack, as a full repack will unlink old pack indices and
git-cat-file does not currently detect unlinked files.
We could do something complicated by recursively stat-ing
objects/pack of every git directory and alternate;
but that's probably not worth the trouble compared to
occasionally restarting the cat-file process.
So simplify the code and let httpd/nntpd expire them
periodically, since spawning a "git-cat-file --batch" process
isn't too expensive. We already spawn for every request which
hits git-http-backend, cgit, and git-apply.
In the future, we may optionally support the Git::Raw module
to avoid IPC; but we must remain careful to not leave lingering
FDs open to unlinked files after repack.
Eric Wong [Fri, 31 May 2019 16:58:46 +0000 (16:58 +0000)]
TODO: add item for optional Cache::FastMmap
Taking one step out of setting up a performant deployment could
make setup and administration easier (at the cost of installing
an extra-but-common XS module). This can also be useful for
the day NNTP servers see hug-of-death events.
* origin/v2-noop-speedup:
v2writable: short-circuit is_ancestor check on equality
v2writable: avoid mm_tmp creation without regen
v2writable: hoist out index_epoch sub
v2writable: split off unindex_range mapping
Eric Wong [Thu, 30 May 2019 06:54:06 +0000 (06:54 +0000)]
doc/hosted: drop some links and clarify wording
I don't have time to check and train spam for all these
projects.
Spam filtering is especially difficult on ruby-core: it
enters via Redmine, so it doesn't have a distinct Received:
chain, and also gets mixed with non-spam bug-report text,
throwing off Bayes training.
And I'm not sure if those mirrors did anybody any good, even;
so lets not say its' a "service" to anybody :P
The actual mirrors remain up, for now, but who knows...
I care about decentralization too much to ask anybody
to trust me to keep anything up :P
Eric Wong [Thu, 30 May 2019 03:59:40 +0000 (03:59 +0000)]
v2writable: avoid mm_tmp creation without regen
Creating mm_tmp is an expensive operation with large inboxes
and can be avoided if there are no new messages to process.
Since git-fetch(1) currently lacks an --exit-code option(*),
mirrors will run `public-inbox-index' unconditionally after
fetch, which is an expensive op if it needs to duplicate
a large SQLite DB.
Eric Wong [Wed, 29 May 2019 20:56:32 +0000 (20:56 +0000)]
searchidx: store indexlevel=medium as metadata
And use it from Admin.
It's easy to tell what indexlevel=basic is from unconfigured
inboxes, but distinguishing between 'medium' and 'full' would
require stat()-ing position.* files which is fragile and
Xapian-implementation-dependent.
So use the metadata facility of Xapian and store it in the main
partition so Admin tools can deal better with unconfigured
inboxes copied using generic tools like cp(1) or rsync(1).
Eric Wong [Wed, 29 May 2019 20:56:31 +0000 (20:56 +0000)]
index: remove warning on unconfigured inboxes
It's annoying for people using "git fetch && public-inbox-index"
as one user; and running -httpd/-nntpd as a different user
(where users see different config files).
Eric Wong [Wed, 29 May 2019 08:45:49 +0000 (08:45 +0000)]
Merge branch 'v2-idx-progress'
* v2-idx-progress:
v2writable: show progress updates for index_sync
index: support --verbose option
v2writable: move index_sync options to sync state
v2writable: use prototypes for internal subs
v2writable: localize unindex-range.$EPOCH to $sync state
v2writable: move {ranges} into $sync state
v2writable: move {regen} into $sync state
v2writable: move {reindex} field to $sync state
v2writable: sync: move delete markers into $sync state
v2writable: introduce $sync state and put mm_tmp in it
Eric Wong [Wed, 29 May 2019 08:37:54 +0000 (08:37 +0000)]
Makefile.PL: enable prove warnings
We already "use warnings" everywhere, but could miss some spots.
This ought to cover that, and usually Perl module authors are
consistent about avoiding warnings that we won't clutter our
test outputs.
Eric Wong [Mon, 27 May 2019 18:45:45 +0000 (18:45 +0000)]
v2: fix reindex skipping NNTP article numbers
`public-inbox-index --reindex' could cause NNTP article number
gaps to form when it also has to deal with new,
never-before-seen commits in mirrors running off `git fetch'.
Fix this by running two distinct invocations of ->index_sync;
once to only reindex old commits, and a second time to index
new commits.
This does not appear to be a problem on v1 at the moment,
but I'll need more time to analyze this.
Eric Wong [Sun, 26 May 2019 08:24:46 +0000 (08:24 +0000)]
viewvcs: keep temporary Solver dir for large streams
Streaming large blobs can take multiple iterations of the event
loop in our -httpd; so we must not let the File::Temp::Dir
result go out-of-scope when streaming large blobs created from
patches.
Eric Wong [Fri, 24 May 2019 08:55:56 +0000 (08:55 +0000)]
TODO: more stuff: bundles, synonyms, dogfooding
git bundles could/should make self-hosting easier.
Being able to configure synonym (and spelling) lists would make
some searches more useful.
Might as well dogfood kernel stuff, too, given the overlap and
history between this project, git and the Linux kernel. Would
be interesting to have *BSD folks throw their hat in the ring,
too.
Building/testing userspace stuff is often the most
time-consuming, but necessary to ensure future compatibility.
Eric Wong [Fri, 24 May 2019 02:57:57 +0000 (02:57 +0000)]
doc: xcpdb: add switch documentation
In particular, the '--compact' switch is really useful since it
works without holding the inbox-wide lock for minutes at a time
on giant inboxes (inboxes where copies can take dozens, if not
hundreds of minutes).
Eric Wong [Fri, 24 May 2019 02:57:56 +0000 (02:57 +0000)]
doc: generate manpages for some Xapian commands
They're nowhere to be found on Xapian.org, and links to
external services are either too long (for manpages.debian.org)
or have privacy-invasive tracking JS on them.
Eric Wong [Fri, 24 May 2019 01:12:08 +0000 (01:12 +0000)]
search: don't log all warnings on retry_reopen
Some users (or bots :P) can trigger horrible queries which
the caller can choose to either log or ignore. This prevents
horrible queries from ExtMsg from logging confusing "ref: "
messages when $@ is not a Perl reference.
Eric Wong [Thu, 23 May 2019 10:37:38 +0000 (10:37 +0000)]
doc: various updates to reflect current state
-index documentation avoid redundant v1 information and refers
readers to apropriate v1/v2 manpages. Search::Xapian can also
be optional, now, as only the PSGI search interface uses it.
Favor "INBOX_DIR" where appropriate, since "REPO_DIR" can be
confused for code repos which we also support.
XAPIAN_FLUSH_THRESHOLD is documented for all relevant
bulk commands.
Eric Wong [Thu, 23 May 2019 09:37:04 +0000 (09:37 +0000)]
xapcmd: do not reset %SIG until last Xtmpdir is done
To properly handle compact tmpdir cleanup in single process
situations, we need to carefully account for Xtmpdir not
being a singleton and ensuring we don't clobber signal
handlers which belong to other Xtmpdirs.
Eric Wong [Thu, 23 May 2019 09:37:03 +0000 (09:37 +0000)]
xcpdb|compact: support --jobs/-j flag like gmake(1)
We don't have to be tied to the number of partitions in case
we made a bad choice at initialization. This doesn't affect
reindexing, but the copying phase is already intensive.
And optimize away the extra process when we only have a single
job which won't parallelize.
The wording for the (v2) reindexing phase could be improved,
later. I also plan to allow repartitioning of existing
Xapian DBs.
Eric Wong [Thu, 23 May 2019 09:37:01 +0000 (09:37 +0000)]
xcpdb|compact: support some xapian-compact switches
Allow users to specify the --blocksize <B>, --no-full, --fuller
options for xapian-compact(1) for fine-tuning compact behavior
for low-traffic/inactive inboxes.
We also won't support --multipass, since it doesn't seem
compatible with our requirement to use --no-renumber.
We also won't support --single-file, since it only seems
intended for totally dead inboxes; and it doesn't seem
worth the support overhead when "totally dead" turns out
to be a misdiagnosis.
Eric Wong [Thu, 23 May 2019 09:37:00 +0000 (09:37 +0000)]
compact: reuse infrastructure from xcpdb
Since -xcpdb is a superset of -compact, we can reuse much of
that code used for driving compact.
For compact (only), this is slightly less memory efficient since
it requires an extra process per-partition, but we get to prefix
the output with the partition name for more readable output.
Eric Wong [Thu, 23 May 2019 09:36:59 +0000 (09:36 +0000)]
xcpdb: remove temporary directories on aborts
Cleanup temporary directories on common termination signals
(INT, HUP, PIPE, TERM), but only if it's not in the process
of being committed via rename() sequence.
Eric Wong [Thu, 23 May 2019 09:36:58 +0000 (09:36 +0000)]
xcpdb: show re-indexing progress
Emit information about reindexing git revision ranges when used
with xcpdb. Additionally, distinguish Xapian copy output from
v2 git epoch counting by increasing directory context info.
For now, v1 batches batches are emitted. v2 indexing is still
missing progress reporting for batches, as the data structures
for reindexing would benefit from a refactoring, first.
This does not currently affect the use of public-inbox-index,
but may in the future.
Eric Wong [Thu, 23 May 2019 09:36:57 +0000 (09:36 +0000)]
xapcmd: use "print STDERR" for progress reporting
`warn' is reserved for actual warnings, as it respects
$SIG{__WARN__} and we rely on that override to print
message context information when we are indexing.
Eric Wong [Thu, 23 May 2019 09:36:55 +0000 (09:36 +0000)]
xapcmd: avoid EXDEV when finalizing changes
By creating temporary directories as deep as possible,
we can allow v2 repositories to have `xap$SCHEMA_VERSION'
(e.g. `xap15') reside on a separate FS.
We also check st_dev ahead-of-time to avoid doing work which
will fail with EXDEV. Of course, another process may still
move/change things around.
Eric Wong [Thu, 23 May 2019 09:36:53 +0000 (09:36 +0000)]
xcpdb: implement progress reporting
Copying an entire Xapian DB is horribly slow whether it's done
via Perl or copydatabase(1). So displaying some progress
indication is good for user experience.
While we're at it, prefix xapian-compact output, too; since
parallel processes end up clobbering each other.
Eric Wong [Thu, 23 May 2019 09:36:52 +0000 (09:36 +0000)]
xcpdb: use fine-grained locking
Copying an entire Xapian DB takes a long time, so update our
reindexing code to support partial reindexing, snapshot the
pre-copydatabase git revisions, perform the lengthy copy,
and do a partial reindex when the copy + renames are done.