diff --git a/README.md b/README.md index 075a2c5..fc6a11b 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,22 @@ You can also serve a secret that is already base64 encoded, as plain-text: secrets-bridge print key hello-world +## Daemonization + +You can start `serve` as a daemon with: + + secrets-bridge serve -d daemon.log -A -w -f bridge-conf + +This will daemonize and log outputs to `daemon.log` (with `-d`), it +will enable SSH-Agent forwarding (`-A`), write (`-w`) the bridge +config to `bridge-conf` (with `-f`). + +You can then kill that instance with: + + secrets-bridge kill -c $(cat bridge-conf) + +Et hop! + ## Usage with Docker diff --git a/cmd/serve.go b/cmd/serve.go index 045f678..463cf5f 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -11,13 +11,16 @@ import ( "log" "net/http" "os" + "os/signal" "regexp" "strings" + "syscall" "time" "github.com/abourget/secrets-bridge/pkg/agentfwd" "github.com/abourget/secrets-bridge/pkg/bridge" "github.com/abourget/secrets-bridge/pkg/secrets" + daemon "github.com/sevlyar/go-daemon" "github.com/spf13/cobra" "golang.org/x/net/websocket" ) @@ -27,7 +30,7 @@ var serveCmd = &cobra.Command{ Use: "serve", Short: "Serves an SSH Agent forwarder over the network, and secrets", Long: ``, - Run: serve, + Run: serveDaemonized, } var caKeyStore string @@ -37,6 +40,7 @@ var enableSSHAgent bool var timeout int var insecureMode bool var writeConf bool +var daemonize string func init() { RootCmd.AddCommand(serveCmd) @@ -46,12 +50,51 @@ func init() { serveCmd.Flags().StringVarP(&caKeyStore, "ca-key-store", "", "", "Filenam where to read/store the CA Key if you want to reuse, to avoid changing the bridge conf, thus avoiding Docker rebuilds.") serveCmd.Flags().BoolVarP(&enableSSHAgent, "ssh-agent-forwarder", "A", false, "Enable SSH Agent forwarder. Uses env's SSH_AUTH_SOCK.") + serveCmd.Flags().StringVarP(&daemonize, "daemonize", "d", "", "Daemonize after listening socket successfully opened. The parameter is the output file to log stdout / stderr.") serveCmd.Flags().StringSliceVar(&secretLiterals, "secret", []string{}, "Literal secret, in the form `key=value`. 'key' can be prefixed by 'b64:' or 'b64u:' to denote that the 'value' is base64-encoded or base64-url-encoded") serveCmd.Flags().StringSliceVar(&secretsFromFiles, "secret-from-file", []string{}, "Secret from the content of a file, in the form `key=filename`. 'key' can also be prefixed by 'b64:' and 'b64u:' to indicate the encoding of the file") serveCmd.Flags().IntVarP(&timeout, "timeout", "t", 0, "Timeout in `seconds` before the server exits. Defaults to 0 (indefinite)") serveCmd.Flags().BoolVarP(&insecureMode, "insecure", "", false, "Do not check client certificate for incoming connections") } +func serveDaemonized(cmd *cobra.Command, args []string) { + if daemonize == "" { + serve(cmd, args) + return + } + + ctx := daemon.Context{ + LogFileName: daemonize, + } + child, err := ctx.Reborn() + if err != nil { + log.Fatalln("Error setting up daemon:", err) + } + + if child == nil { + log.Printf("Will daemonize upon successful socket listening. pid=%d\n", os.Getpid()) + + serve(cmd, args) + // WARN: with all those `Fatalln` in `serve`, it's possible + // `ctx.Release()` won't get called. + ctx.Release() + return + } + + log.Printf("Setting up secrets-bridge daemon, pid=%d\n", child.Pid) + + // Parent, waiting for Listen signal, then exits. + childReady := make(chan os.Signal, 5) + signal.Notify(childReady, syscall.SIGUSR1) + select { + case <-childReady: + log.Println("Setup successfully.") + return + case <-time.After(5 * time.Second): + log.Fatalln("Failed. Timed out") + } +} + func serve(cmd *cobra.Command, args []string) { confFile := bridgeConfFilenameWithDefault() var b *bridge.Bridge @@ -200,6 +243,20 @@ func serve(cmd *cobra.Command, args []string) { }() } + if daemonize != "" { + time.Sleep(100 * time.Millisecond) + proc, err := os.FindProcess(os.Getppid()) + if err != nil { + log.Fatalln("Couldn't find parent process id:", err) + } + + log.Println("Daemonizing") + + if err := proc.Signal(syscall.SIGUSR1); err != nil { + log.Fatalln("couldn't send SIGUSR1 signal to parent:", err) + } + } + <-done } diff --git a/vendor/github.com/kardianos/osext/LICENSE b/vendor/github.com/kardianos/osext/LICENSE new file mode 100644 index 0000000..7448756 --- /dev/null +++ b/vendor/github.com/kardianos/osext/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2012 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/kardianos/osext/README.md b/vendor/github.com/kardianos/osext/README.md new file mode 100644 index 0000000..15cbc3d --- /dev/null +++ b/vendor/github.com/kardianos/osext/README.md @@ -0,0 +1,21 @@ +### Extensions to the "os" package. + +[![GoDoc](https://godoc.org/github.com/kardianos/osext?status.svg)](https://godoc.org/github.com/kardianos/osext) + +## Find the current Executable and ExecutableFolder. + +As of go1.8 the Executable function may be found in `os`. The Executable function +in the std lib `os` package is used if available. + +There is sometimes utility in finding the current executable file +that is running. This can be used for upgrading the current executable +or finding resources located relative to the executable file. Both +working directory and the os.Args[0] value are arbitrary and cannot +be relied on; os.Args[0] can be "faked". + +Multi-platform and supports: + * Linux + * OS X + * Windows + * Plan 9 + * BSDs. diff --git a/vendor/github.com/kardianos/osext/osext.go b/vendor/github.com/kardianos/osext/osext.go new file mode 100644 index 0000000..17f380f --- /dev/null +++ b/vendor/github.com/kardianos/osext/osext.go @@ -0,0 +1,33 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Extensions to the standard "os" package. +package osext // import "github.com/kardianos/osext" + +import "path/filepath" + +var cx, ce = executableClean() + +func executableClean() (string, error) { + p, err := executable() + return filepath.Clean(p), err +} + +// Executable returns an absolute path that can be used to +// re-invoke the current program. +// It may not be valid after the current program exits. +func Executable() (string, error) { + return cx, ce +} + +// Returns same path as Executable, returns just the folder +// path. Excludes the executable name and any trailing slash. +func ExecutableFolder() (string, error) { + p, err := Executable() + if err != nil { + return "", err + } + + return filepath.Dir(p), nil +} diff --git a/vendor/github.com/kardianos/osext/osext_go18.go b/vendor/github.com/kardianos/osext/osext_go18.go new file mode 100644 index 0000000..009d8a9 --- /dev/null +++ b/vendor/github.com/kardianos/osext/osext_go18.go @@ -0,0 +1,9 @@ +//+build go1.8,!openbsd + +package osext + +import "os" + +func executable() (string, error) { + return os.Executable() +} diff --git a/vendor/github.com/kardianos/osext/osext_plan9.go b/vendor/github.com/kardianos/osext/osext_plan9.go new file mode 100644 index 0000000..95e2371 --- /dev/null +++ b/vendor/github.com/kardianos/osext/osext_plan9.go @@ -0,0 +1,22 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//+build !go1.8 + +package osext + +import ( + "os" + "strconv" + "syscall" +) + +func executable() (string, error) { + f, err := os.Open("/proc/" + strconv.Itoa(os.Getpid()) + "/text") + if err != nil { + return "", err + } + defer f.Close() + return syscall.Fd2path(int(f.Fd())) +} diff --git a/vendor/github.com/kardianos/osext/osext_procfs.go b/vendor/github.com/kardianos/osext/osext_procfs.go new file mode 100644 index 0000000..7b0debb --- /dev/null +++ b/vendor/github.com/kardianos/osext/osext_procfs.go @@ -0,0 +1,36 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build !go1.8,linux !go1.8,netbsd !go1.8,solaris !go1.8,dragonfly + +package osext + +import ( + "errors" + "fmt" + "os" + "runtime" + "strings" +) + +func executable() (string, error) { + switch runtime.GOOS { + case "linux": + const deletedTag = " (deleted)" + execpath, err := os.Readlink("/proc/self/exe") + if err != nil { + return execpath, err + } + execpath = strings.TrimSuffix(execpath, deletedTag) + execpath = strings.TrimPrefix(execpath, deletedTag) + return execpath, nil + case "netbsd": + return os.Readlink("/proc/curproc/exe") + case "dragonfly": + return os.Readlink("/proc/curproc/file") + case "solaris": + return os.Readlink(fmt.Sprintf("/proc/%d/path/a.out", os.Getpid())) + } + return "", errors.New("ExecPath not implemented for " + runtime.GOOS) +} diff --git a/vendor/github.com/kardianos/osext/osext_sysctl.go b/vendor/github.com/kardianos/osext/osext_sysctl.go new file mode 100644 index 0000000..33cee25 --- /dev/null +++ b/vendor/github.com/kardianos/osext/osext_sysctl.go @@ -0,0 +1,126 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build !go1.8,darwin !go1.8,freebsd openbsd + +package osext + +import ( + "os" + "os/exec" + "path/filepath" + "runtime" + "syscall" + "unsafe" +) + +var initCwd, initCwdErr = os.Getwd() + +func executable() (string, error) { + var mib [4]int32 + switch runtime.GOOS { + case "freebsd": + mib = [4]int32{1 /* CTL_KERN */, 14 /* KERN_PROC */, 12 /* KERN_PROC_PATHNAME */, -1} + case "darwin": + mib = [4]int32{1 /* CTL_KERN */, 38 /* KERN_PROCARGS */, int32(os.Getpid()), -1} + case "openbsd": + mib = [4]int32{1 /* CTL_KERN */, 55 /* KERN_PROC_ARGS */, int32(os.Getpid()), 1 /* KERN_PROC_ARGV */} + } + + n := uintptr(0) + // Get length. + _, _, errNum := syscall.Syscall6(syscall.SYS___SYSCTL, uintptr(unsafe.Pointer(&mib[0])), 4, 0, uintptr(unsafe.Pointer(&n)), 0, 0) + if errNum != 0 { + return "", errNum + } + if n == 0 { // This shouldn't happen. + return "", nil + } + buf := make([]byte, n) + _, _, errNum = syscall.Syscall6(syscall.SYS___SYSCTL, uintptr(unsafe.Pointer(&mib[0])), 4, uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&n)), 0, 0) + if errNum != 0 { + return "", errNum + } + if n == 0 { // This shouldn't happen. + return "", nil + } + + var execPath string + switch runtime.GOOS { + case "openbsd": + // buf now contains **argv, with pointers to each of the C-style + // NULL terminated arguments. + var args []string + argv := uintptr(unsafe.Pointer(&buf[0])) + Loop: + for { + argp := *(**[1 << 20]byte)(unsafe.Pointer(argv)) + if argp == nil { + break + } + for i := 0; uintptr(i) < n; i++ { + // we don't want the full arguments list + if string(argp[i]) == " " { + break Loop + } + if argp[i] != 0 { + continue + } + args = append(args, string(argp[:i])) + n -= uintptr(i) + break + } + if n < unsafe.Sizeof(argv) { + break + } + argv += unsafe.Sizeof(argv) + n -= unsafe.Sizeof(argv) + } + execPath = args[0] + // There is no canonical way to get an executable path on + // OpenBSD, so check PATH in case we are called directly + if execPath[0] != '/' && execPath[0] != '.' { + execIsInPath, err := exec.LookPath(execPath) + if err == nil { + execPath = execIsInPath + } + } + default: + for i, v := range buf { + if v == 0 { + buf = buf[:i] + break + } + } + execPath = string(buf) + } + + var err error + // execPath will not be empty due to above checks. + // Try to get the absolute path if the execPath is not rooted. + if execPath[0] != '/' { + execPath, err = getAbs(execPath) + if err != nil { + return execPath, err + } + } + // For darwin KERN_PROCARGS may return the path to a symlink rather than the + // actual executable. + if runtime.GOOS == "darwin" { + if execPath, err = filepath.EvalSymlinks(execPath); err != nil { + return execPath, err + } + } + return execPath, nil +} + +func getAbs(execPath string) (string, error) { + if initCwdErr != nil { + return execPath, initCwdErr + } + // The execPath may begin with a "../" or a "./" so clean it first. + // Join the two paths, trailing and starting slashes undetermined, so use + // the generic Join function. + return filepath.Join(initCwd, filepath.Clean(execPath)), nil +} diff --git a/vendor/github.com/kardianos/osext/osext_windows.go b/vendor/github.com/kardianos/osext/osext_windows.go new file mode 100644 index 0000000..074b3b3 --- /dev/null +++ b/vendor/github.com/kardianos/osext/osext_windows.go @@ -0,0 +1,36 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//+build !go1.8 + +package osext + +import ( + "syscall" + "unicode/utf16" + "unsafe" +) + +var ( + kernel = syscall.MustLoadDLL("kernel32.dll") + getModuleFileNameProc = kernel.MustFindProc("GetModuleFileNameW") +) + +// GetModuleFileName() with hModule = NULL +func executable() (exePath string, err error) { + return getModuleFileName() +} + +func getModuleFileName() (string, error) { + var n uint32 + b := make([]uint16, syscall.MAX_PATH) + size := uint32(len(b)) + + r0, _, e1 := getModuleFileNameProc.Call(0, uintptr(unsafe.Pointer(&b[0])), uintptr(size)) + n = uint32(r0) + if n == 0 { + return "", e1 + } + return string(utf16.Decode(b[0:n])), nil +} diff --git a/vendor/github.com/sevlyar/go-daemon/LICENSE b/vendor/github.com/sevlyar/go-daemon/LICENSE new file mode 100644 index 0000000..6923f2f --- /dev/null +++ b/vendor/github.com/sevlyar/go-daemon/LICENSE @@ -0,0 +1,7 @@ +Copyright (C) 2013 Sergey Yarmonov + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/vendor/github.com/sevlyar/go-daemon/README.md b/vendor/github.com/sevlyar/go-daemon/README.md new file mode 100644 index 0000000..7d105d7 --- /dev/null +++ b/vendor/github.com/sevlyar/go-daemon/README.md @@ -0,0 +1,45 @@ +# go-daemon [![Build Status](https://travis-ci.org/sevlyar/go-daemon.png?branch=master)](https://travis-ci.org/sevlyar/go-daemon) [![GoDoc](https://godoc.org/github.com/sevlyar/go-daemon?status.png)](https://godoc.org/github.com/sevlyar/go-daemon) + +Library for writing system daemons in golang. + +Now supported only UNIX-based OS (Windows is not supported). But the library was tested only on Linux +and OSX, so that if you have an ability to test the library on other platforms, give me feedback, please. + +## Installation + + go get github.com/sevlyar/go-daemon + +You can use [gopkg.in](http://labix.org/gopkg.in): + + go get gopkg.in/sevlyar/go-daemon.v0 + +If you want to use the library in production project, please use vendoring, +because i can not ensure backward compatibility before release v1.0. + +## Idea + +We can not use `fork` syscall in Golang's runtime, because child process doesn't inherit +threads and goroutines in that case. The library uses a simple trick: it runs its own copy with +a mark - a predefined environment variable. Availability of the variable for the process means +an execution in the child's copy. So that if the mark is not setted - the library executes +parent's operations and runs its own copy with mark, and if the mark is setted - the library +executes child's operations: + +```go +func main() { + Pre() + + context := new(Context) + child, _ := context.Reborn() + + if child != nil { + PostParent() + } else { + defer context.Release() + PostChild() + } +} +``` + +![](img/idea.png) + diff --git a/vendor/github.com/sevlyar/go-daemon/command.go b/vendor/github.com/sevlyar/go-daemon/command.go new file mode 100644 index 0000000..07d23c8 --- /dev/null +++ b/vendor/github.com/sevlyar/go-daemon/command.go @@ -0,0 +1,99 @@ +package daemon + +import ( + "os" +) + +// AddCommand is wrapper on AddFlag and SetSigHandler functions. +func AddCommand(f Flag, sig os.Signal, handler SignalHandlerFunc) { + if f != nil { + AddFlag(f, sig) + } + if handler != nil { + SetSigHandler(handler, sig) + } +} + +// Flag is the interface implemented by an object that has two state: +// 'set' and 'unset'. +type Flag interface { + IsSet() bool +} + +// BoolFlag returns new object that implements interface Flag and +// has state 'set' when var with the given address is true. +func BoolFlag(f *bool) Flag { + return &boolFlag{f} +} + +// StringFlag returns new object that implements interface Flag and +// has state 'set' when var with the given address equals given value of v. +func StringFlag(f *string, v string) Flag { + return &stringFlag{f, v} +} + +type boolFlag struct { + b *bool +} + +func (f *boolFlag) IsSet() bool { + if f == nil { + return false + } + return *f.b +} + +type stringFlag struct { + s *string + v string +} + +func (f *stringFlag) IsSet() bool { + if f == nil { + return false + } + return *f.s == f.v +} + +var flags = make(map[Flag]os.Signal) + +// Flags returns flags that was added by the function AddFlag. +func Flags() map[Flag]os.Signal { + return flags +} + +// AddFlag adds the flag and signal to the internal map. +func AddFlag(f Flag, sig os.Signal) { + flags[f] = sig +} + +// SendCommands sends active signals to the given process. +func SendCommands(p *os.Process) (err error) { + for _, sig := range signals() { + if err = p.Signal(sig); err != nil { + return + } + } + return +} + +// ActiveFlags returns flags that has the state 'set'. +func ActiveFlags() (ret []Flag) { + ret = make([]Flag, 0, 1) + for f := range flags { + if f.IsSet() { + ret = append(ret, f) + } + } + return +} + +func signals() (ret []os.Signal) { + ret = make([]os.Signal, 0, 1) + for f, sig := range flags { + if f.IsSet() { + ret = append(ret, sig) + } + } + return +} diff --git a/vendor/github.com/sevlyar/go-daemon/daemon.go b/vendor/github.com/sevlyar/go-daemon/daemon.go new file mode 100644 index 0000000..acb1836 --- /dev/null +++ b/vendor/github.com/sevlyar/go-daemon/daemon.go @@ -0,0 +1,88 @@ +package daemon + +import ( + "errors" + "os" + "syscall" +) + +var errNotSupported = errors.New("daemon: Non-POSIX OS is not supported") + +// Mark of daemon process - system environment variable _GO_DAEMON=1 +const ( + MARK_NAME = "_GO_DAEMON" + MARK_VALUE = "1" +) + +// Default file permissions for log and pid files. +const FILE_PERM = os.FileMode(0640) + +// A Context describes daemon context. +type Context struct { + // If PidFileName is non-empty, parent process will try to create and lock + // pid file with given name. Child process writes process id to file. + PidFileName string + // Permissions for new pid file. + PidFilePerm os.FileMode + + // If LogFileName is non-empty, parent process will create file with given name + // and will link to fd 2 (stderr) for child process. + LogFileName string + // Permissions for new log file. + LogFilePerm os.FileMode + + // If WorkDir is non-empty, the child changes into the directory before + // creating the process. + WorkDir string + // If Chroot is non-empty, the child changes root directory + Chroot string + + // If Env is non-nil, it gives the environment variables for the + // daemon-process in the form returned by os.Environ. + // If it is nil, the result of os.Environ will be used. + Env []string + // If Args is non-nil, it gives the command-line args for the + // daemon-process. If it is nil, the result of os.Args will be used + // (without program name). + Args []string + + // Credential holds user and group identities to be assumed by a daemon-process. + Credential *syscall.Credential + // If Umask is non-zero, the daemon-process call Umask() func with given value. + Umask int + + // Struct contains only serializable public fields (!!!) + abspath string + pidFile *LockFile + logFile *os.File + nullFile *os.File + + rpipe, wpipe *os.File +} + +// WasReborn returns true in child process (daemon) and false in parent process. +func WasReborn() bool { + return os.Getenv(MARK_NAME) == MARK_VALUE +} + +// Reborn runs second copy of current process in the given context. +// function executes separate parts of code in child process and parent process +// and provides demonization of child process. It look similar as the +// fork-daemonization, but goroutine-safe. +// In success returns *os.Process in parent process and nil in child process. +// Otherwise returns error. +func (d *Context) Reborn() (child *os.Process, err error) { + return d.reborn() +} + +// Search search daemons process by given in context pid file name. +// If success returns pointer on daemons os.Process structure, +// else returns error. Returns nil if filename is empty. +func (d *Context) Search() (daemon *os.Process, err error) { + return d.search() +} + +// Release provides correct pid-file release in daemon. +func (d *Context) Release() (err error) { + return d.release() +} diff --git a/vendor/github.com/sevlyar/go-daemon/daemon_stub.go b/vendor/github.com/sevlyar/go-daemon/daemon_stub.go new file mode 100644 index 0000000..626957d --- /dev/null +++ b/vendor/github.com/sevlyar/go-daemon/daemon_stub.go @@ -0,0 +1,19 @@ +// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!plan9,!solaris + +package daemon + +import ( + "os" +) + +func (d *Context) reborn() (child *os.Process, err error) { + return nil, errNotSupported +} + +func (d *Context) search() (daemon *os.Process, err error) { + return nil, errNotSupported +} + +func (d *Context) release() (err error) { + return nil, errNotSupported +} diff --git a/vendor/github.com/sevlyar/go-daemon/daemon_unix.go b/vendor/github.com/sevlyar/go-daemon/daemon_unix.go new file mode 100644 index 0000000..2f2eb4f --- /dev/null +++ b/vendor/github.com/sevlyar/go-daemon/daemon_unix.go @@ -0,0 +1,201 @@ +// +build darwin dragonfly freebsd linux netbsd openbsd plan9 solaris + +package daemon + +import ( + "encoding/json" + "fmt" + "os" + "syscall" + + "github.com/kardianos/osext" +) + +func (d *Context) reborn() (child *os.Process, err error) { + if !WasReborn() { + child, err = d.parent() + } else { + err = d.child() + } + return +} + +func (d *Context) search() (daemon *os.Process, err error) { + if len(d.PidFileName) > 0 { + var pid int + if pid, err = ReadPidFile(d.PidFileName); err != nil { + return + } + daemon, err = os.FindProcess(pid) + } + return +} + +func (d *Context) parent() (child *os.Process, err error) { + if err = d.prepareEnv(); err != nil { + return + } + + defer d.closeFiles() + if err = d.openFiles(); err != nil { + return + } + + attr := &os.ProcAttr{ + Dir: d.WorkDir, + Env: d.Env, + Files: d.files(), + Sys: &syscall.SysProcAttr{ + //Chroot: d.Chroot, + Credential: d.Credential, + Setsid: true, + }, + } + + if child, err = os.StartProcess(d.abspath, d.Args, attr); err != nil { + if d.pidFile != nil { + d.pidFile.Remove() + } + return + } + + d.rpipe.Close() + encoder := json.NewEncoder(d.wpipe) + err = encoder.Encode(d) + + return +} + +func (d *Context) openFiles() (err error) { + if d.PidFilePerm == 0 { + d.PidFilePerm = FILE_PERM + } + if d.LogFilePerm == 0 { + d.LogFilePerm = FILE_PERM + } + + if d.nullFile, err = os.Open(os.DevNull); err != nil { + return + } + + if len(d.PidFileName) > 0 { + if d.pidFile, err = OpenLockFile(d.PidFileName, d.PidFilePerm); err != nil { + return + } + if err = d.pidFile.Lock(); err != nil { + return + } + } + + if len(d.LogFileName) > 0 { + if d.logFile, err = os.OpenFile(d.LogFileName, + os.O_WRONLY|os.O_CREATE|os.O_APPEND, d.LogFilePerm); err != nil { + return + } + } + + d.rpipe, d.wpipe, err = os.Pipe() + return +} + +func (d *Context) closeFiles() (err error) { + cl := func(file **os.File) { + if *file != nil { + (*file).Close() + *file = nil + } + } + cl(&d.rpipe) + cl(&d.wpipe) + cl(&d.logFile) + cl(&d.nullFile) + if d.pidFile != nil { + d.pidFile.Close() + d.pidFile = nil + } + return +} + +func (d *Context) prepareEnv() (err error) { + if d.abspath, err = osext.Executable(); err != nil { + return + } + + if len(d.Args) == 0 { + d.Args = os.Args + } + + mark := fmt.Sprintf("%s=%s", MARK_NAME, MARK_VALUE) + if len(d.Env) == 0 { + d.Env = os.Environ() + } + d.Env = append(d.Env, mark) + + return +} + +func (d *Context) files() (f []*os.File) { + log := d.nullFile + if d.logFile != nil { + log = d.logFile + } + + f = []*os.File{ + d.rpipe, // (0) stdin + log, // (1) stdout + log, // (2) stderr + d.nullFile, // (3) dup on fd 0 after initialization + } + + if d.pidFile != nil { + f = append(f, d.pidFile.File) // (4) pid file + } + return +} + +var initialized = false + +func (d *Context) child() (err error) { + if initialized { + return os.ErrInvalid + } + initialized = true + + decoder := json.NewDecoder(os.Stdin) + if err = decoder.Decode(d); err != nil { + return + } + + if err = syscall.Close(0); err != nil { + return + } + if err = syscall.Dup2(3, 0); err != nil { + return + } + + if len(d.PidFileName) > 0 { + d.pidFile = NewLockFile(os.NewFile(4, d.PidFileName)) + if err = d.pidFile.WritePid(); err != nil { + return + } + } + + if d.Umask != 0 { + syscall.Umask(int(d.Umask)) + } + if len(d.Chroot) > 0 { + err = syscall.Chroot(d.Chroot) + } + + return +} + +func (d *Context) release() (err error) { + if !initialized { + return + } + if d.pidFile != nil { + err = d.pidFile.Remove() + } + return +} diff --git a/vendor/github.com/sevlyar/go-daemon/lock_file.go b/vendor/github.com/sevlyar/go-daemon/lock_file.go new file mode 100644 index 0000000..f51ad12 --- /dev/null +++ b/vendor/github.com/sevlyar/go-daemon/lock_file.go @@ -0,0 +1,122 @@ +package daemon + +import ( + "errors" + "fmt" + "os" + "syscall" +) + +var ( + // ErrWoldBlock indicates on locking pid-file by another process. + ErrWouldBlock = errors.New("Daemon: Resource temporarily unavailable") +) + +// LockFile wraps *os.File and provide functions for locking of files. +type LockFile struct { + *os.File +} + +// NewLockFile returns a new LockFile with the given File. +func NewLockFile(file *os.File) *LockFile { + return &LockFile{file} +} + +// CreatePidFile opens the named file, applies exclusive lock and writes +// current process id to file. +func CreatePidFile(name string, perm os.FileMode) (lock *LockFile, err error) { + if lock, err = OpenLockFile(name, perm); err != nil { + return + } + if err = lock.Lock(); err != nil { + lock.Remove() + return + } + if err = lock.WritePid(); err != nil { + lock.Remove() + } + return +} + +// OpenLockFile opens the named file with flags os.O_RDWR|os.O_CREATE and specified perm. +// If successful, function returns LockFile for opened file. +func OpenLockFile(name string, perm os.FileMode) (lock *LockFile, err error) { + var file *os.File + if file, err = os.OpenFile(name, os.O_RDWR|os.O_CREATE, perm); err == nil { + lock = &LockFile{file} + } + return +} + +// Lock apply exclusive lock on an open file. If file already locked, returns error. +func (file *LockFile) Lock() error { + return lockFile(file.Fd()) +} + +// Unlock remove exclusive lock on an open file. +func (file *LockFile) Unlock() error { + return unlockFile(file.Fd()) +} + +// ReadPidFile reads process id from file with give name and returns pid. +// If unable read from a file, returns error. +func ReadPidFile(name string) (pid int, err error) { + var file *os.File + if file, err = os.OpenFile(name, os.O_RDONLY, 0640); err != nil { + return + } + defer file.Close() + + lock := &LockFile{file} + pid, err = lock.ReadPid() + return +} + +// WritePid writes current process id to an open file. +func (file *LockFile) WritePid() (err error) { + if _, err = file.Seek(0, os.SEEK_SET); err != nil { + return + } + var fileLen int + if fileLen, err = fmt.Fprint(file, os.Getpid()); err != nil { + return + } + if err = file.Truncate(int64(fileLen)); err != nil { + return + } + err = file.Sync() + return +} + +// ReadPid reads process id from file and returns pid. +// If unable read from a file, returns error. +func (file *LockFile) ReadPid() (pid int, err error) { + if _, err = file.Seek(0, os.SEEK_SET); err != nil { + return + } + _, err = fmt.Fscan(file, &pid) + return +} + +// Remove removes lock, closes and removes an open file. +func (file *LockFile) Remove() error { + defer file.Close() + + if err := file.Unlock(); err != nil { + return err + } + + // TODO(yar): keep filename? + name, err := GetFdName(file.Fd()) + if err != nil { + return err + } + + err = syscall.Unlink(name) + return err +} + +// GetFdName returns file name for given descriptor. +func GetFdName(fd uintptr) (name string, err error) { + return getFdName(fd) +} diff --git a/vendor/github.com/sevlyar/go-daemon/lock_file_darwin.go b/vendor/github.com/sevlyar/go-daemon/lock_file_darwin.go new file mode 100644 index 0000000..9036e2c --- /dev/null +++ b/vendor/github.com/sevlyar/go-daemon/lock_file_darwin.go @@ -0,0 +1,43 @@ +// +build darwin + +package daemon + +/* +#define __DARWIN_UNIX03 0 +#define KERNEL +#define _DARWIN_USE_64_BIT_INODE +#include +#include +#include +*/ +import "C" + +import ( + "syscall" + "unsafe" +) + +func lockFile(fd uintptr) error { + err := syscall.Flock(int(fd), syscall.LOCK_EX|syscall.LOCK_NB) + if err == syscall.EWOULDBLOCK { + err = ErrWouldBlock + } + return err +} + +func unlockFile(fd uintptr) error { + err := syscall.Flock(int(fd), syscall.LOCK_UN) + if err == syscall.EWOULDBLOCK { + err = ErrWouldBlock + } + return err +} + +func getFdName(fd uintptr) (name string, err error) { + buf := make([]C.char, int(C.MAXPATHLEN)+1) + _, _, errno := syscall.Syscall(syscall.SYS_FCNTL, fd, syscall.F_GETPATH, uintptr(unsafe.Pointer(&buf[0]))) + if errno == 0 { + return C.GoString(&buf[0]), nil + } + return "", errno +} diff --git a/vendor/github.com/sevlyar/go-daemon/lock_file_stub.go b/vendor/github.com/sevlyar/go-daemon/lock_file_stub.go new file mode 100644 index 0000000..5761376 --- /dev/null +++ b/vendor/github.com/sevlyar/go-daemon/lock_file_stub.go @@ -0,0 +1,15 @@ +// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!plan9,!solaris + +package daemon + +func lockFile(fd uintptr) error { + return errNotSupported +} + +func unlockFile(fd uintptr) error { + return errNotSupported +} + +func getFdName(fd uintptr) (name string, err error) { + return "", errNotSupported +} diff --git a/vendor/github.com/sevlyar/go-daemon/lock_file_unix.go b/vendor/github.com/sevlyar/go-daemon/lock_file_unix.go new file mode 100644 index 0000000..979b848 --- /dev/null +++ b/vendor/github.com/sevlyar/go-daemon/lock_file_unix.go @@ -0,0 +1,43 @@ +// +build dragonfly freebsd linux netbsd openbsd plan9 solaris + +package daemon + +import ( + "fmt" + "os" + "syscall" +) + +func lockFile(fd uintptr) error { + err := syscall.Flock(int(fd), syscall.LOCK_EX|syscall.LOCK_NB) + if err == syscall.EWOULDBLOCK { + err = ErrWouldBlock + } + return err +} + +func unlockFile(fd uintptr) error { + err := syscall.Flock(int(fd), syscall.LOCK_UN) + if err == syscall.EWOULDBLOCK { + err = ErrWouldBlock + } + return err +} + +func getFdName(fd uintptr) (name string, err error) { + path := fmt.Sprintf("/proc/self/fd/%d", int(fd)) + + var ( + fi os.FileInfo + n int + ) + if fi, err = os.Lstat(path); err != nil { + return + } + buf := make([]byte, fi.Size()+1) + + if n, err = syscall.Readlink(path, buf); err == nil { + name = string(buf[:n]) + } + return +} diff --git a/vendor/github.com/sevlyar/go-daemon/signal.go b/vendor/github.com/sevlyar/go-daemon/signal.go new file mode 100644 index 0000000..82021cb --- /dev/null +++ b/vendor/github.com/sevlyar/go-daemon/signal.go @@ -0,0 +1,59 @@ +package daemon + +import ( + "errors" + "os" + "os/signal" + "syscall" +) + +// ErrStop should be returned signal handler function +// for termination of handling signals. +var ErrStop = errors.New("stop serve signals") + +// SignalHandlerFunc is the interface for signal handler functions. +type SignalHandlerFunc func(sig os.Signal) (err error) + +// func SetSigHandler sets handler for the given signals. +// SIGTERM has the default handler, he returns ErrStop. +func SetSigHandler(handler SignalHandlerFunc, signals ...os.Signal) { + for _, sig := range signals { + handlers[sig] = handler + } +} + +// func ServeSignals calls handlers for system signals. +func ServeSignals() (err error) { + signals := make([]os.Signal, 0, len(handlers)) + for sig, _ := range handlers { + signals = append(signals, sig) + } + + ch := make(chan os.Signal, 8) + signal.Notify(ch, signals...) + + for sig := range ch { + err = handlers[sig](sig) + if err != nil { + break + } + } + + signal.Stop(ch) + + if err == ErrStop { + err = nil + } + + return +} + +var handlers = make(map[os.Signal]SignalHandlerFunc) + +func init() { + handlers[syscall.SIGTERM] = sigtermDefaultHandler +} + +func sigtermDefaultHandler(sig os.Signal) error { + return ErrStop +} diff --git a/vendor/vendor.json b/vendor/vendor.json index 7c34218..f9603b2 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -81,6 +81,12 @@ "revision": "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75", "revisionTime": "2014-10-17T20:07:13Z" }, + { + "checksumSHA1": "eWtEV0iBNTL6DRJVqEeniS+thHA=", + "path": "github.com/kardianos/osext", + "revision": "9d302b58e975387d0b4d9be876622c86cefe64be", + "revisionTime": "2017-03-09T17:28:38Z" + }, { "checksumSHA1": "eqs9e0Fw1wlUZCj/ZtrSwnPsJ54=", "path": "github.com/magiconair/properties", @@ -100,6 +106,12 @@ "revision": "2402e8e7a02fc811447d11f881aa9746cdc57983", "revisionTime": "2016-12-17T20:04:45Z" }, + { + "checksumSHA1": "BKf1LKBNe278ySHmpcZPjR5DmBI=", + "path": "github.com/sevlyar/go-daemon", + "revision": "8577c7ddef908e104dae56c9e46f0956cb33c844", + "revisionTime": "2016-11-17T05:31:40Z" + }, { "checksumSHA1": "E1899TNqCHhCtr6+joW4YEldRuE=", "path": "github.com/spf13/cast",