From b7f2d0ba2488993f4a68e34d9718039b3c97cb1e Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Jul 2017 12:28:17 +0900 Subject: [PATCH 1/4] units,sysusers: use DynamicUser= for journal-gatewayd and drop user systemd-journal-gateway from sysusers --- sysusers.d/systemd-remote.conf.m4 | 1 - units/systemd-journal-gatewayd.service.in | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/sysusers.d/systemd-remote.conf.m4 b/sysusers.d/systemd-remote.conf.m4 index 0e9d71cdd0..83b362643f 100644 --- a/sysusers.d/systemd-remote.conf.m4 +++ b/sysusers.d/systemd-remote.conf.m4 @@ -6,7 +6,6 @@ # (at your option) any later version. m4_ifdef(`HAVE_MICROHTTPD', -u systemd-journal-gateway - "systemd Journal Gateway" u systemd-journal-remote - "systemd Journal Remote" )m4_dnl m4_ifdef(`HAVE_LIBCURL', diff --git a/units/systemd-journal-gatewayd.service.in b/units/systemd-journal-gatewayd.service.in index 99099967e7..42da3504b8 100644 --- a/units/systemd-journal-gatewayd.service.in +++ b/units/systemd-journal-gatewayd.service.in @@ -15,6 +15,7 @@ ExecStart=@rootlibexecdir@/systemd-journal-gatewayd User=systemd-journal-gateway Group=systemd-journal-gateway SupplementaryGroups=systemd-journal +DynamicUser=yes PrivateTmp=yes PrivateDevices=yes PrivateNetwork=yes From c831aa7554fa9dcb56e68db884022699e1f4a881 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Jul 2017 13:19:52 +0900 Subject: [PATCH 2/4] journal-remote,gateway: use MHD_USE_TLS instead of MHD_USE_SSL The option is renamed in libmicrohttpd-0.9.52. --- src/journal-remote/journal-gatewayd.c | 4 ++-- src/journal-remote/journal-remote.c | 2 +- src/journal-remote/microhttpd-util.h | 5 +++++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c index 9a1c5b76ca..e75edce127 100644 --- a/src/journal-remote/journal-gatewayd.c +++ b/src/journal-remote/journal-gatewayd.c @@ -1053,10 +1053,10 @@ int main(int argc, char *argv[]) { {MHD_OPTION_HTTPS_MEM_KEY, 0, arg_key_pem}; opts[opts_pos++] = (struct MHD_OptionItem) {MHD_OPTION_HTTPS_MEM_CERT, 0, arg_cert_pem}; - flags |= MHD_USE_SSL; + flags |= MHD_USE_TLS; } if (arg_trust_pem) { - assert(flags & MHD_USE_SSL); + assert(flags & MHD_USE_TLS); opts[opts_pos++] = (struct MHD_OptionItem) {MHD_OPTION_HTTPS_MEM_TRUST, 0, arg_trust_pem}; } diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c index 810206c621..a658301252 100644 --- a/src/journal-remote/journal-remote.c +++ b/src/journal-remote/journal-remote.c @@ -671,7 +671,7 @@ static int setup_microhttpd_server(RemoteServer *s, opts[opts_pos++] = (struct MHD_OptionItem) {MHD_OPTION_HTTPS_MEM_CERT, 0, (char*) cert}; - flags |= MHD_USE_SSL; + flags |= MHD_USE_TLS; if (trust) opts[opts_pos++] = (struct MHD_OptionItem) diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h index 7f88c2cb7d..0e669aa1ad 100644 --- a/src/journal-remote/microhttpd-util.h +++ b/src/journal-remote/microhttpd-util.h @@ -41,6 +41,11 @@ # define MHD_USE_EPOLL MHD_USE_EPOLL_LINUX_ONLY #endif +/* Renamed in µhttpd 0.9.52 */ +#ifndef MHD_USE_SSL +# define MHD_USE_TLS MHD_USE_SSL +#endif + /* Both the old and new names are defines, check for the new one. */ /* Renamed in µhttpd 0.9.53 */ From 315629a83f6c46695ce7ff87c77ad493f1283172 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Jul 2017 13:21:34 +0900 Subject: [PATCH 3/4] journal-gateway: use MHD_USE_POLL_INTERNAL_THREAD instead of MHD_USE_POLL The option MHD_USE_THREAD_PER_CONNECTION requires MHD_USE_POLL_INTERNAL_THREAD since libmicrohttpd-0.9.53. If MHD_USE_POLL is used instead of MHD_USE_POLL_INTERNAL_THREAD, then the library outputs the following warning: ``` Warning: MHD_USE_THREAD_PER_CONNECTION must be used only with MHD_USE_INTERNAL_POLLING_THREAD. Flag MHD_USE_INTERNAL_POLLING_THREAD was added. Consider setting MHD_USE_INTERNAL_POLLING_THREAD explicitly. ``` The option MHD_USE_POLL_INTERNAL_THREAD is defined as `MHD_USE_POLL_INTERNAL_THREAD = MHD_USE_POLL | MHD_USE_INTERNAL_POLLING_THREAD,` So, let's use MHD_USE_POLL_INTERNAL_THREAD instead of MHD_USE_POLL. --- src/journal-remote/journal-gatewayd.c | 2 +- src/journal-remote/microhttpd-util.h | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c index e75edce127..63261bfa6c 100644 --- a/src/journal-remote/journal-gatewayd.c +++ b/src/journal-remote/journal-gatewayd.c @@ -1041,7 +1041,7 @@ int main(int argc, char *argv[]) { MHD_USE_DEBUG | MHD_USE_DUAL_STACK | MHD_USE_ITC | - MHD_USE_POLL | + MHD_USE_POLL_INTERNAL_THREAD | MHD_USE_THREAD_PER_CONNECTION; if (n > 0) diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h index 0e669aa1ad..8112851b16 100644 --- a/src/journal-remote/microhttpd-util.h +++ b/src/journal-remote/microhttpd-util.h @@ -46,6 +46,11 @@ # define MHD_USE_TLS MHD_USE_SSL #endif +/* Renamed in µhttpd 0.9.53 */ +#ifndef MHD_USE_POLL_INTERNALLY +# define MHD_USE_POLL_INTERNAL_THREAD MHD_USE_POLL_INTERNALLY +#endif + /* Both the old and new names are defines, check for the new one. */ /* Renamed in µhttpd 0.9.53 */ From 010585873454d07625ee962ffa2ef2823624bfbe Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Jul 2017 16:22:14 +0900 Subject: [PATCH 4/4] journal-remote: use MHD_OPTION_STRICT_FOR_CLIENT if MHD_USE_PEDANTIC_CHECKS is deprecated The option MHD_OPTION_STRICT_FOR_CLIENT is provided since libmicrohttpd-0.9.54, and MHD_USE_PEDANTIC_CHECKS will be deprecated in future. This makes support both option. --- src/journal-remote/journal-remote.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c index a658301252..0e051c8ff9 100644 --- a/src/journal-remote/journal-remote.c +++ b/src/journal-remote/journal-remote.c @@ -644,6 +644,7 @@ static int setup_microhttpd_server(RemoteServer *s, { MHD_OPTION_END}, { MHD_OPTION_END}, { MHD_OPTION_END}, + { MHD_OPTION_END}, { MHD_OPTION_END}}; int opts_pos = 4; int flags = @@ -663,6 +664,15 @@ static int setup_microhttpd_server(RemoteServer *s, if (r < 0) return log_error_errno(r, "Failed to make fd:%d nonblocking: %m", fd); +/* MHD_OPTION_STRICT_FOR_CLIENT is introduced in microhttpd 0.9.54, + * and MHD_USE_PEDANTIC_CHECKS will be deprecated in future. */ +#ifdef MHD_USE_PEDANTIC_CHECKS + opts[opts_pos++] = (struct MHD_OptionItem) + {MHD_OPTION_STRICT_FOR_CLIENT, 1}; +#else + flags |= MHD_USE_PEDANTIC_CHECKS; +#endif + if (key) { assert(cert);