Pike-devel September 2017

pike-devel@lists.lysator.liu.se

2 participants
9 discussions

GTK/GDK on OSX
by H William Wellliver III 08 Jan '18

08 Jan '18

I’m running into some build problems on OSX. It seems that the GTK module assumes that if a system is NT that gdkwin.h is used and otherwise gdkx.h is used. Unfortunately, it seems that on some builds of GTK/GDK for OS X, neither of those is correct and that gdkquartz.h should be used. I’m guessing that some configure tests are needed to determine which of the 3 files is actually present. However a quick look at configure.in leaves me unsure how best to include that. Anyone with more expertise in the GTK module’s inner workings care to weigh in? Bill

4 9

Conditional inclusion of inotify_config.h?
by Chris Angelico 22 Nov '17

22 Nov '17

Branch: rosuav/inotify-config Currently, inotify.cmod won't go looking for inotify_config.h unless HAVE_INOTIFY_CONFIG_H is defined. This doesn't seem to match the way other autoheader files get included, and it results in System.Inotify not being available even on systems that support inotify. How does this system work? Is the config file absent in some situations? Not merging this change into trunk yet in case it breaks stuff. ChrisA

2 1

more on smartlink on darwin
by H. William Welliver III 22 Nov '17

22 Nov '17

I’ve looked a little more into the linking problems I’ve been having and noticed that on Darwin, smartlink.c is compiled to use LD_LIBRARY_PATH/LD_RUN_PATH. That’s problematic, because Darwin uses DYLD_LIBRARY_PATH and doesn’t have an equivalent of LD_RUN_PATH, so it doesn’t seem like smart link is doing much of anything for us on Darwin. I considered switching it to use -Wl,-rpath, however the darwin linker -rpath flag works differently from all of the other variants in that it only accepts one path per instance of the flag. smartlink.c seems to be set up to use a colon delimited list, which won’t work on Darwin (well, it isn’t rejected but won’t work as required). Before I start cluttering up smartlink.c with the code necessary to properly support the Darwin linker, does anyone have any thoughts? Bill

2 1

The Crypto module and mere mortals
by Pontus Östlund 22 Nov '17

22 Nov '17

Everytime I need to use the Crypto module, a great wave of anxiety sweeps over me. For most common programmers the case is usually that you need to MD5 or SHA256 som some data to send over HTTP to some REST API or something like that, or compare something to a hash stored in a database or something like that. I had to make HMAC-SHA256 hash yesterday and it took me like 1,5 hours to figure that stuff out: String.string2hex(Crypto.HMAC(Crypto.SHA256)(secret)(data)); Not the most intuitive stuff if you ask me. That led me to the question: Why aren't there any helper methods directly in Crypto, for the more common use cases? So I've been fiddling around with it some and though that maybe something like below could be nice to have. This is just a mockup so feel free to point out if there are better ways to write the code, and if this is something that would fit at all. //! Typedef for a generic hashing function that takes a string as argument //! and returnes a hashed and @[String.string2hex]'ed string. typedef function(string(8bit):string(8bit)) hash_func_t; //! Typedef for a generic HMAC hash function that takes data and a secret as //! arguments and returns a hashed and @[String.string2hex]'ed string typedef function(string(8bit),string(8bit):string(8bit)) hash_hmac_func_t; protected hash_func_t make_hash_func(Crypto.Hash hash, void|bool raw) { return lambda (string in) { string s = hash->hash(in); return raw ? s : String.string2hex(s); }; } protected hash_hmac_func_t make_hash_hmac_func(Crypto.Hash hash, void|bool raw) { return lambda (string data, string secret) { string s = Crypto.HMAC(hash)(secret)(data); return raw ? s : String.string2hex(s); }; } //! Create a HMAC hash of @[data] and @[secret] using the Crypto module @[hash]. //! //! @param hash //! @param data //! @param secret string hash_hmac(Crypto.Hash hash, string data, string secret) { return make_hash_hmac_func(hash)(data, secret); } //! Creates a HMAC hashing function using the Crypto module @[hash]. This can //! later be called with the data and secret to make a hash of. //! //! @returns //! @tt{function(string, string : string)@} variant hash_hmac_func_t hash_hmac(Crypto.Hash hash) { return make_hash_hmac_func(hash); } //! Creates a hash of @[data] using the hashing algorithm in @[hash]. //! If @[raw] is given the hash will not pass through @[String.string2hex]. string hash(Crypto.Hash hash, string data, void|bool raw) { return make_hash_func(hash, raw)(data); } //! Creates a hashing function using the Crypto module @[hash]. This can later //! be called with the data to make a hash of. //! If @[raw] is given the hash will not pass through @[String.string2hex]. //! //! @returns //! @tt{function(string : string)@} variant hash_func_t hash(Crypto.Hash hash, void|bool raw) { return make_hash_func(hash, raw); } hash_hmac_func_t hmac_sha256 = hash_hmac(Crypto.SHA256); hash_hmac_func_t hmac_md5 = hash_hmac(Crypto.MD5); hash_func_t md5 = hash(Crypto.MD5); hash_func_t sha256 = hash(Crypto.SHA256); int main(int argc, array(string) argv) { string data = "my data"; string secret = "abc123"; write("%-20s %s\n", "hash_hmac(MD5):", hash_hmac(Crypto.MD5, data, secret)); write("%-20s %s\n", "hash_hmac_md5:", hmac_md5(data, secret)); write("%-20s %s\n", "hash_hmac_sha256:", hmac_sha256(data, secret)); write("%-20s %s\n", "hash(md5):", hash(Crypto.MD5, data)); write("%-20s %s\n", "hash(md5:raw):", hash(Crypto.MD5, data, true)); write("%-20s %s\n", "md5:", md5(data)); write("%-20s %s\n", "sha256:", sha256(data)); return 0; } Regards ----------------------------- Pontus Östlund Developer • Roxen AB +46 70-662 81 69 www.roxen.com <http://www.roxen.com/> | twitter.com/roxen <https://twitter.com/roxen>

3 2

autoconf and ac_tool_prefix
by H. William Welliver III 22 Nov '17

22 Nov '17

I’ve noticed that there are a number of checks like this in various configure.ins: MY_AC_PATH_PROG(FT_CONFIG, ${ac_tool_prefix}freetype-config, no) The pkgsrc framework automatically sets the --host option (among other things) on configure, which causes ac_tool_prefix to be set to something like x86_64-sun-solaris2.11. The problem is that in this case (and others), there is no x86_64-sun-solaris2.11-freetype-config, only freetype-config. That causes a lot of dependencies to be left unfound, which isn’t ideal. I notice that the check for gcc falls back to gcc, so it’s possible there’s a bug in autoconf itself. Would anyone care to offer an opinion as to the proper solution to this problem? I could create a bunch of symlinks, but that doesn’t seem like the best way to solve this (though it might be the quickest). Bill

2 1

Interactive debugging and live data inspection
by Stephen R. van den Berg 22 Nov '17

22 Nov '17

I just checked in a debugging aid I created to be able to do some live data inspection in running Pike programs (I used it to find the cause of a deadlock in pgsql). I'd appreciate feedback on the implementation and usability of Debug.Peek (in Pike 8.1). To get a rough impression of what it does, here's an excerpt out of the documentation: ------------------------------------------------ Class Debug.Peek Description Allows for interactive debugging and live data structure inspection in both single- and multi-threaded programs. Creates an independent background thread that every pollinterval will show a list of running threads. Optionally, a triggersignal can be specified which allows the dump to be triggered by signal. Example: In the program you'd like to inspect, insert the following one-liner: Debug.Peek("/tmp/test.pike"); Then start the program and keep it running. Next you create a /tmp/test.pike with the following content: void create() { werror("Only once per modification of test.pike\n"); } int main() { werror("This will run every iteration\n"); werror("By returning 1 here, we disable the stacktrace dumps\n"); return 0; } void destroy() { werror("destroy() runs just as often as create()\n"); } Whenever you edit /tmp/test.pike, it will automatically reload the file. ------------------------------------------------ -- Stephen.

3 4

Proposal: Create Stdio.Port from systemd-provided socket
by Chris Angelico 22 Nov '17

22 Nov '17

Branch: rosuav/systemd-sockets Currently, you can create a Stdio.Port("stdin") as a means of accepting a socket handed to you as FD 0. However, there's no way to accept a socket given as any other FD, making it impossible to use this for systemd's sockets. Example: $ cat /etc/systemd/system/listendemo.service [Unit] Description=Listen Demo Requires=listendemo.socket [Service] User=rosuav ExecStart=/usr/local/bin/pike /home/rosuav/listendemo.pike WorkingDirectory=/home/rosuav $ cat /etc/systemd/system/listendemo.socket [Socket] ListenStream=123 $ cat listendemo.pike object mainsock = Stdio.Port("systemd", acceptloop); void acceptloop() { while (object sock=mainsock->accept()) { write("Accepted sock: %O\n", sock); sock->write("Stub\n"); sock->close(); } } int main() { write("Main sock: %O\n", mainsock); return -1; } Note that the "User=rosuav" directive means that Pike is run as a non-root user. This spares the application the hassle of managing privileges securely, as it never gets root privileges (assuming, of course, that the only reason it needed root was to bind to a privileged port, which is true for a lot of programs). As with "stdin" mode, the second parameter is optional (blocking vs nonblocking). This won't break on non-systemd systems for two reasons: firstly, all it ever does is query environment variables, and secondly, it does this only if the application requests it explicitly, so you have to actually ask for it. Is this something that would be useful? Feel free to bikeshed the API - it's not in 8.1 yet, so anything can change. ChrisA

3 6

Possible issue with elliptic curve crypto?
by Chris Angelico 29 Sep '17

29 Sep '17

I'm far from any sort of crypto expert, but this looks a bit odd. SSL.File() is bombing out when trying to work with ECDHE ciphers. Using this Pike script: object ssl; void readcb(mixed id, string data) {exit(0, "Readable\n%s\n", data);} int x=1; void writecb() {if (x) ssl->write("asdf\n"); x=0; write("Writable\n");} int main() { Stdio.File sock = Stdio.File(); sock->connect("127.0.0.1", 2211); ssl = SSL.File(sock, SSL.Context()); ssl->set_nonblocking(readcb, writecb, lambda() {exit(0, "Closed\n");}); ssl->connect("localhost"); write("Connected\n"); return -1; } Generate a keypair: $ openssl req -x509 -newkey rsa:4096 -keyout server.pem -out cert.pem -days 365 -nodes -subj '/CN=localhost' Start a simple server: $ openssl s_server -port 2211 -cert cert.pem -key server.pem Run the above script. It crashes out: sprintf: Wrong type for argument 3: expected integer, got string. pike/lib/modules/SSL.pmod/Cipher.pmod:1213: SSL.Cipher.KeyExchangeECDHE()->client_key_exchange_packet(_static_modules. _Stdio()->Buffer(0 bytes, read=[..-1] data=[0..-1] free=[0..224] allocated ),771) ... full traceback snipped ... Start the server with ECDH ciphers disabled: $ openssl s_server -port 2211 -cert cert.pem -key server.pem -cipher 'DEFAULT:!ECDH' Run the same script. It succeeds - sends a message to the server, waits for a response, then terminates. There seems to be an issue with the way the premaster_secret is being generated. But a quick hack to change get_x() to get_x_num(), while it prevents the crash, doesn't actually make the connection work. Hoping that someone else actually understands what's going on here! ChrisA

1 0

Update CHANGES
by Peter Bortas 24 Sep '17

24 Sep '17

I note that there has been no edit of CHANGES in 8.0 since the last release was made over a month ago. There have been a number of checkins though, several of them looking like they should have a changelog entry. Please fix. -- Peter Bortas

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Pike-devel September 2017