[PATCH] debuginfod: add --listen-address option
Use MHD_OPTION_SOCK_ADDR to bind the http listen socket to a single address.
The address should be an IPv4 or IPv6 address configured on the system:
--listen-address=127.0.0.1
--listen-address=::1
--listen-address='LOCAL_IPv4|IPv6_ADDRESS'
As debuginfod does not include any security features, a listen on the
localhost address is sufficient for a HTTP/HTTPS reverse-proxy setup.
Signed-off-by: Michael Trapp
---
debuginfod/debuginfod.cxx | 115 ++
doc/debuginfod.8 | 5 ++
2 files changed, 84 insertions(+), 36 deletions(-)
diff --git a/debuginfod/debuginfod.cxx b/debuginfod/debuginfod.cxx
index 0edd57cb..8fc9426e 100644
--- a/debuginfod/debuginfod.cxx
+++ b/debuginfod/debuginfod.cxx
@@ -81,6 +81,7 @@ extern "C" {
#include
#include
#include
+#include
/* If fts.h is included before config.h, its indirect inclusions may not
@@ -481,6 +482,8 @@ static const struct argp_option options[] =
#define ARGP_KEY_METADATA_MAXTIME 0x100C
{ "metadata-maxtime", ARGP_KEY_METADATA_MAXTIME, "SECONDS", 0,
"Number of seconds to limit metadata query run time, 0=unlimited.", 0 },
+#define ARGP_KEY_HTTP_ADDR 0x100D
+ { "listen-address", ARGP_KEY_HTTP_ADDR, "ADDR", 0, "HTTP address to listen
on.", 0 },
{ NULL, 0, NULL, 0, NULL, 0 },
};
@@ -512,6 +515,8 @@ static volatile sig_atomic_t sigusr1 = 0;
static volatile sig_atomic_t forced_groom_count = 0;
static volatile sig_atomic_t sigusr2 = 0;
static unsigned http_port = 8002;
+static struct sockaddr_in6 http_sockaddr;
+static string addr_info = "";
static bool webapi_cors = false;
static unsigned rescan_s = 300;
static unsigned groom_s = 86400;
@@ -753,6 +758,16 @@ parse_opt (int key, char *arg,
requires_koji_sigcache_mapping = true;
break;
#endif
+case ARGP_KEY_HTTP_ADDR:
+ if (inet_pton(AF_INET, arg, &(((sockaddr_in*)&http_sockaddr)->sin_addr))
== 1)
+ http_sockaddr.sin6_family = AF_INET;
+ else
+ if (inet_pton(AF_INET6, arg, &http_sockaddr.sin6_addr) == 1)
+ http_sockaddr.sin6_family = AF_INET6;
+ else
+ argp_failure(state, 1, EINVAL, "listen-address");
+ addr_info = arg;
+ break;
// case 'h': argp_state_help (state, stderr,
ARGP_HELP_LONG|ARGP_HELP_EXIT_OK);
default: return ARGP_ERR_UNKNOWN;
}
@@ -5596,6 +5611,8 @@ main (int argc, char *argv[])
fdcache_prefetch = 64; // guesstimate storage is this much less costly than
re-decompression
/* Parse and process arguments. */
+ memset(&http_sockaddr, 0, sizeof(http_sockaddr));
+ http_sockaddr.sin6_family = AF_UNSPEC;
int remaining;
(void) argp_parse (&argp, argc, argv, ARGP_IN_ORDER, &remaining, NULL);
if (remaining != argc)
@@ -5702,50 +5719,75 @@ main (int argc, char *argv[])
#endif
| MHD_USE_DEBUG); /* report errors to stderr */
- // Start httpd server threads. Use a single dual-homed pool.
- MHD_Daemon *d46 = MHD_start_daemon (mhd_flags, http_port,
- NULL, NULL, /* default accept policy */
- handler_cb, NULL, /* handler callback */
- MHD_OPTION_EXTERNAL_LOGGER,
- error_cb, NULL,
- MHD_OPTION_THREAD_POOL_SIZE,
- (int)connection_pool,
- MHD_OPTION_END);
-
- MHD_Daemon *d4 = NULL;
- if (d46 == NULL)
+ MHD_Daemon *dsa = NULL,
+*d4 = NULL,
+*d46 = NULL;
+
+ if (http_sockaddr.sin6_family != AF_UNSPEC)
{
- // Cannot use dual_stack, use ipv4 only
- mhd_flags &= ~(MHD_USE_DUAL_STACK);
- d4 = MHD_start_daemon (mhd_flags, http_port,
-NULL, NULL, /* default accept policy */
+ if (http_sockaddr.sin6_family == AF_INET)
+ ((sockaddr_in*)&http_sockaddr)->sin_port = htons(http_port);
+ if (http_sockaddr.sin6_family == AF_INET6)
+ http_sockaddr.sin6_port = htons(http_port);
+ // Start httpd server threads on socket addr:port.
+ dsa = MHD_start_daemon (mhd_flags & ~MHD_USE_DUAL_STACK, http_port,
+ NULL, NULL, /* default accept policy */
handler_cb, NULL, /* handler callback */
MHD_OPTION_EXTERNAL_LOGGER,
error_cb, NULL,
-(connection_pool
- ? MHD_OPTION_THREAD_POOL_SIZE
- : MHD_OPTION_END),
-(connection_pool
- ? (int)connection_pool
- : MHD_OPTION_END),
+MHD_OPTION_SOCK_ADDR,
+
[PATCH] debuginfod: add --listen-address option
Use MHD_OPTION_SOCK_ADDR to bind the http listen socket to a single address.
The address should be an IPv4 or IPv6 address configured on the system:
--listen-address=127.0.0.1
--listen-address=::1
--listen-address='LOCAL_IPv4|IPv6_ADDRESS'
As debuginfod does not include any security features, a listen on the
localhost address is sufficient for a HTTP/HTTPS reverse-proxy setup.
---
debuginfod/debuginfod.cxx | 115 ++
doc/debuginfod.8 | 5 ++
2 files changed, 84 insertions(+), 36 deletions(-)
diff --git a/debuginfod/debuginfod.cxx b/debuginfod/debuginfod.cxx
index 0edd57cb..8fc9426e 100644
--- a/debuginfod/debuginfod.cxx
+++ b/debuginfod/debuginfod.cxx
@@ -81,6 +81,7 @@ extern "C" {
#include
#include
#include
+#include
/* If fts.h is included before config.h, its indirect inclusions may not
@@ -481,6 +482,8 @@ static const struct argp_option options[] =
#define ARGP_KEY_METADATA_MAXTIME 0x100C
{ "metadata-maxtime", ARGP_KEY_METADATA_MAXTIME, "SECONDS", 0,
"Number of seconds to limit metadata query run time, 0=unlimited.", 0 },
+#define ARGP_KEY_HTTP_ADDR 0x100D
+ { "listen-address", ARGP_KEY_HTTP_ADDR, "ADDR", 0, "HTTP address to listen
on.", 0 },
{ NULL, 0, NULL, 0, NULL, 0 },
};
@@ -512,6 +515,8 @@ static volatile sig_atomic_t sigusr1 = 0;
static volatile sig_atomic_t forced_groom_count = 0;
static volatile sig_atomic_t sigusr2 = 0;
static unsigned http_port = 8002;
+static struct sockaddr_in6 http_sockaddr;
+static string addr_info = "";
static bool webapi_cors = false;
static unsigned rescan_s = 300;
static unsigned groom_s = 86400;
@@ -753,6 +758,16 @@ parse_opt (int key, char *arg,
requires_koji_sigcache_mapping = true;
break;
#endif
+case ARGP_KEY_HTTP_ADDR:
+ if (inet_pton(AF_INET, arg, &(((sockaddr_in*)&http_sockaddr)->sin_addr))
== 1)
+ http_sockaddr.sin6_family = AF_INET;
+ else
+ if (inet_pton(AF_INET6, arg, &http_sockaddr.sin6_addr) == 1)
+ http_sockaddr.sin6_family = AF_INET6;
+ else
+ argp_failure(state, 1, EINVAL, "listen-address");
+ addr_info = arg;
+ break;
// case 'h': argp_state_help (state, stderr,
ARGP_HELP_LONG|ARGP_HELP_EXIT_OK);
default: return ARGP_ERR_UNKNOWN;
}
@@ -5596,6 +5611,8 @@ main (int argc, char *argv[])
fdcache_prefetch = 64; // guesstimate storage is this much less costly than
re-decompression
/* Parse and process arguments. */
+ memset(&http_sockaddr, 0, sizeof(http_sockaddr));
+ http_sockaddr.sin6_family = AF_UNSPEC;
int remaining;
(void) argp_parse (&argp, argc, argv, ARGP_IN_ORDER, &remaining, NULL);
if (remaining != argc)
@@ -5702,50 +5719,75 @@ main (int argc, char *argv[])
#endif
| MHD_USE_DEBUG); /* report errors to stderr */
- // Start httpd server threads. Use a single dual-homed pool.
- MHD_Daemon *d46 = MHD_start_daemon (mhd_flags, http_port,
- NULL, NULL, /* default accept policy */
- handler_cb, NULL, /* handler callback */
- MHD_OPTION_EXTERNAL_LOGGER,
- error_cb, NULL,
- MHD_OPTION_THREAD_POOL_SIZE,
- (int)connection_pool,
- MHD_OPTION_END);
-
- MHD_Daemon *d4 = NULL;
- if (d46 == NULL)
+ MHD_Daemon *dsa = NULL,
+*d4 = NULL,
+*d46 = NULL;
+
+ if (http_sockaddr.sin6_family != AF_UNSPEC)
{
- // Cannot use dual_stack, use ipv4 only
- mhd_flags &= ~(MHD_USE_DUAL_STACK);
- d4 = MHD_start_daemon (mhd_flags, http_port,
-NULL, NULL, /* default accept policy */
+ if (http_sockaddr.sin6_family == AF_INET)
+ ((sockaddr_in*)&http_sockaddr)->sin_port = htons(http_port);
+ if (http_sockaddr.sin6_family == AF_INET6)
+ http_sockaddr.sin6_port = htons(http_port);
+ // Start httpd server threads on socket addr:port.
+ dsa = MHD_start_daemon (mhd_flags & ~MHD_USE_DUAL_STACK, http_port,
+ NULL, NULL, /* default accept policy */
handler_cb, NULL, /* handler callback */
MHD_OPTION_EXTERNAL_LOGGER,
error_cb, NULL,
-(connection_pool
- ? MHD_OPTION_THREAD_POOL_SIZE
- : MHD_OPTION_END),
-(connection_pool
- ? (int)connection_pool
- : MHD_OPTION_END),
+MHD_OPTION_SOCK_ADDR,
+(struct sockaddr *) &http_sockaddr,
+MHD_OPTION_THREAD_POOL_SIZE,
+(int)connection_pool,
[PATCH 1/1] debuginfod: add --http-addr option
Use MHD_OPTION_SOCK_ADDR to bind the http listen socket to a single address.
The address can be any IPv4 or IPv6 address configured on the system:
--http-addr=127.0.0.1
--http-addr=::1
--http-addr='ANY_ACTIVE_LOCAL_IP_ADDRESS'
As debuginfod does not include any security features, a listen on the
localhost address is sufficient for a HTTP/HTTPS reverse-proxy setup.
---
debuginfod/debuginfod.cxx | 115 ++
doc/debuginfod.8 | 5 ++
2 files changed, 84 insertions(+), 36 deletions(-)
diff --git a/debuginfod/debuginfod.cxx b/debuginfod/debuginfod.cxx
index 0edd57cb..30916093 100644
--- a/debuginfod/debuginfod.cxx
+++ b/debuginfod/debuginfod.cxx
@@ -81,6 +81,7 @@ extern "C" {
#include
#include
#include
+#include
/* If fts.h is included before config.h, its indirect inclusions may not
@@ -481,6 +482,8 @@ static const struct argp_option options[] =
#define ARGP_KEY_METADATA_MAXTIME 0x100C
{ "metadata-maxtime", ARGP_KEY_METADATA_MAXTIME, "SECONDS", 0,
"Number of seconds to limit metadata query run time, 0=unlimited.", 0 },
+#define ARGP_KEY_HTTP_ADDR 0x100D
+ { "http-addr", ARGP_KEY_HTTP_ADDR, "ADDR", 0, "HTTP address to listen on.",
0 },
{ NULL, 0, NULL, 0, NULL, 0 },
};
@@ -512,6 +515,8 @@ static volatile sig_atomic_t sigusr1 = 0;
static volatile sig_atomic_t forced_groom_count = 0;
static volatile sig_atomic_t sigusr2 = 0;
static unsigned http_port = 8002;
+static struct sockaddr_in6 http_sockaddr;
+static string addr_info = "";
static bool webapi_cors = false;
static unsigned rescan_s = 300;
static unsigned groom_s = 86400;
@@ -753,6 +758,16 @@ parse_opt (int key, char *arg,
requires_koji_sigcache_mapping = true;
break;
#endif
+case ARGP_KEY_HTTP_ADDR:
+ if (inet_pton(AF_INET, arg, &(((sockaddr_in*)&http_sockaddr)->sin_addr))
== 1)
+ http_sockaddr.sin6_family = AF_INET;
+ else
+ if (inet_pton(AF_INET6, arg, &http_sockaddr.sin6_addr) == 1)
+ http_sockaddr.sin6_family = AF_INET6;
+ else
+ argp_failure(state, 1, EINVAL, "HTTP address");
+ addr_info = arg;
+ break;
// case 'h': argp_state_help (state, stderr,
ARGP_HELP_LONG|ARGP_HELP_EXIT_OK);
default: return ARGP_ERR_UNKNOWN;
}
@@ -5596,6 +5611,8 @@ main (int argc, char *argv[])
fdcache_prefetch = 64; // guesstimate storage is this much less costly than
re-decompression
/* Parse and process arguments. */
+ memset(&http_sockaddr, 0, sizeof(http_sockaddr));
+ http_sockaddr.sin6_family = AF_UNSPEC;
int remaining;
(void) argp_parse (&argp, argc, argv, ARGP_IN_ORDER, &remaining, NULL);
if (remaining != argc)
@@ -5702,50 +5719,75 @@ main (int argc, char *argv[])
#endif
| MHD_USE_DEBUG); /* report errors to stderr */
- // Start httpd server threads. Use a single dual-homed pool.
- MHD_Daemon *d46 = MHD_start_daemon (mhd_flags, http_port,
- NULL, NULL, /* default accept policy */
- handler_cb, NULL, /* handler callback */
- MHD_OPTION_EXTERNAL_LOGGER,
- error_cb, NULL,
- MHD_OPTION_THREAD_POOL_SIZE,
- (int)connection_pool,
- MHD_OPTION_END);
-
- MHD_Daemon *d4 = NULL;
- if (d46 == NULL)
+ MHD_Daemon *dsa = NULL,
+*d4 = NULL,
+*d46 = NULL;
+
+ if (http_sockaddr.sin6_family != AF_UNSPEC)
{
- // Cannot use dual_stack, use ipv4 only
- mhd_flags &= ~(MHD_USE_DUAL_STACK);
- d4 = MHD_start_daemon (mhd_flags, http_port,
-NULL, NULL, /* default accept policy */
+ if (http_sockaddr.sin6_family == AF_INET)
+ ((sockaddr_in*)&http_sockaddr)->sin_port = htons(http_port);
+ if (http_sockaddr.sin6_family == AF_INET6)
+ http_sockaddr.sin6_port = htons(http_port);
+ // Start httpd server threads on socket addr:port.
+ dsa = MHD_start_daemon (mhd_flags & ~MHD_USE_DUAL_STACK, http_port,
+ NULL, NULL, /* default accept policy */
handler_cb, NULL, /* handler callback */
MHD_OPTION_EXTERNAL_LOGGER,
error_cb, NULL,
-(connection_pool
- ? MHD_OPTION_THREAD_POOL_SIZE
- : MHD_OPTION_END),
-(connection_pool
- ? (int)connection_pool
- : MHD_OPTION_END),
+MHD_OPTION_SOCK_ADDR,
+(struct sockaddr *) &http_sockaddr,
+MHD_OPTION_THREAD_POOL_SIZE,
+(int)connection_pool,
MHD_OPT
[PATCH] debuginfod: add --disable-source-scan option.
--disable-source-scan disables scanning of the dwarf source info
of debuginfo sections. The source info is not required in setups
without source code access.
Signed-off-by: Michael Trapp
---
This option should save some scan cycles and DB space. If there
is no access to source code, the source info is not required.
In our setup the DB size is <5% without the source info.
debuginfod/debuginfod.cxx | 9 -
doc/debuginfod.8 | 6 ++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/debuginfod/debuginfod.cxx b/debuginfod/debuginfod.cxx
index 13980ced..51f4302b 100644
--- a/debuginfod/debuginfod.cxx
+++ b/debuginfod/debuginfod.cxx
@@ -381,6 +381,8 @@ static const struct argp_option options[] =
{"forwarded-ttl-limit", ARGP_KEY_FORWARDED_TTL_LIMIT, "NUM", 0, "Limit of
X-Forwarded-For hops, default 8.", 0},
#define ARGP_KEY_PASSIVE 0x1008
{ "passive", ARGP_KEY_PASSIVE, NULL, 0, "Do not scan or groom, read-only
database.", 0 },
+#define ARGP_KEY_DISABLE_SOURCE_SCAN 0x1009
+ { "disable-source-scan", ARGP_KEY_DISABLE_SOURCE_SCAN, NULL, 0, "Do not
scan dwarf source info.", 0 },
{ NULL, 0, NULL, 0, NULL, 0 },
};
@@ -430,6 +432,7 @@ static long fdcache_mintmp;
static long fdcache_prefetch_mbs;
static long fdcache_prefetch_fds;
static unsigned forwarded_ttl_limit = 8;
+static bool scan_source_info = true;
static string tmpdir;
static bool passive_p = false;
@@ -632,6 +635,9 @@ parse_opt (int key, char *arg,
// other conflicting options tricky to check
argp_failure(state, 1, EINVAL, "inconsistent options with passive
mode");
break;
+case ARGP_KEY_DISABLE_SOURCE_SCAN:
+ scan_source_info = false;
+ break;
// case 'h': argp_state_help (state, stderr,
ARGP_HELP_LONG|ARGP_HELP_EXIT_OK);
default: return ARGP_ERR_UNKNOWN;
}
@@ -2705,7 +2711,8 @@ elf_classify (int fd, bool &executable_p, bool
&debuginfo_p, string &buildid, se
startswith (section_name, ".zdebug_line"))
{
debuginfo_p = true;
- dwarf_extract_source_paths (elf, debug_sourcefiles);
+ if (scan_source_info)
+dwarf_extract_source_paths (elf, debug_sourcefiles);
break; // expecting only one .*debug_line, so no need to look
for others
}
else if (startswith (section_name, ".debug_") ||
diff --git a/doc/debuginfod.8 b/doc/debuginfod.8
index 95b827e9..a94315ad 100644
--- a/doc/debuginfod.8
+++ b/doc/debuginfod.8
@@ -273,6 +273,12 @@ Configure limits of X-Forwarded-For hops. if
X-Forwarded-For
exceeds N hops, it will not delegate a local lookup miss to
upstream debuginfods. The default limit is 8.
+.TP
+.B "\-\-disable\-source\-scan"
+Disable scan of the dwarf source info of debuginfo sections.
+If a setup has no access to source code, the source info is not
+required.
+
.TP
.B "\-v"
Increase verbosity of logging to the standard error file descriptor.
--
2.32.1 (Apple Git-133)
