Menu
▾
▴
naviserver-devel — Developer discussion
You can subscribe to this list here.
| 2005 |
Jan
|
Feb
(53) |
Mar
(62) |
Apr
(88) |
May
(55) |
Jun
(204) |
Jul
(52) |
Aug
|
Sep
(1) |
Oct
(94) |
Nov
(15) |
Dec
(68) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2006 |
Jan
(130) |
Feb
(105) |
Mar
(34) |
Apr
(61) |
May
(41) |
Jun
(92) |
Jul
(176) |
Aug
(102) |
Sep
(247) |
Oct
(69) |
Nov
(32) |
Dec
(140) |
| 2007 |
Jan
(58) |
Feb
(51) |
Mar
(11) |
Apr
(20) |
May
(34) |
Jun
(37) |
Jul
(18) |
Aug
(60) |
Sep
(41) |
Oct
(105) |
Nov
(19) |
Dec
(14) |
| 2008 |
Jan
(3) |
Feb
|
Mar
(7) |
Apr
(5) |
May
(123) |
Jun
(5) |
Jul
(1) |
Aug
(29) |
Sep
(15) |
Oct
(21) |
Nov
(51) |
Dec
(3) |
| 2009 |
Jan
|
Feb
(36) |
Mar
(29) |
Apr
|
May
|
Jun
(7) |
Jul
(4) |
Aug
|
Sep
(4) |
Oct
|
Nov
(13) |
Dec
|
| 2010 |
Jan
|
Feb
|
Mar
(9) |
Apr
(11) |
May
(16) |
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
(7) |
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
(92) |
Nov
(28) |
Dec
(16) |
| 2013 |
Jan
(9) |
Feb
(2) |
Mar
|
Apr
(4) |
May
(4) |
Jun
(6) |
Jul
(14) |
Aug
(12) |
Sep
(4) |
Oct
(13) |
Nov
(1) |
Dec
(6) |
| 2014 |
Jan
(23) |
Feb
(19) |
Mar
(10) |
Apr
(14) |
May
(11) |
Jun
(6) |
Jul
(11) |
Aug
(15) |
Sep
(41) |
Oct
(95) |
Nov
(23) |
Dec
(11) |
| 2015 |
Jan
(3) |
Feb
(9) |
Mar
(19) |
Apr
(3) |
May
(1) |
Jun
(3) |
Jul
(11) |
Aug
(1) |
Sep
(15) |
Oct
(5) |
Nov
(2) |
Dec
|
| 2016 |
Jan
(7) |
Feb
(11) |
Mar
(8) |
Apr
(1) |
May
(3) |
Jun
(17) |
Jul
(12) |
Aug
(3) |
Sep
(5) |
Oct
(19) |
Nov
(12) |
Dec
(6) |
| 2017 |
Jan
(30) |
Feb
(23) |
Mar
(12) |
Apr
(32) |
May
(27) |
Jun
(7) |
Jul
(13) |
Aug
(16) |
Sep
(6) |
Oct
(11) |
Nov
|
Dec
(12) |
| 2018 |
Jan
(1) |
Feb
(5) |
Mar
(6) |
Apr
(7) |
May
(23) |
Jun
(3) |
Jul
(2) |
Aug
(1) |
Sep
(6) |
Oct
(6) |
Nov
(10) |
Dec
(3) |
| 2019 |
Jan
(26) |
Feb
(15) |
Mar
(9) |
Apr
|
May
(8) |
Jun
(14) |
Jul
(10) |
Aug
(10) |
Sep
(4) |
Oct
(2) |
Nov
(20) |
Dec
(10) |
| 2020 |
Jan
(10) |
Feb
(14) |
Mar
(29) |
Apr
(11) |
May
(25) |
Jun
(21) |
Jul
(23) |
Aug
(12) |
Sep
(19) |
Oct
(6) |
Nov
(8) |
Dec
(12) |
| 2021 |
Jan
(29) |
Feb
(9) |
Mar
(8) |
Apr
(8) |
May
(2) |
Jun
(2) |
Jul
(9) |
Aug
(9) |
Sep
(3) |
Oct
(4) |
Nov
(12) |
Dec
(13) |
| 2022 |
Jan
(4) |
Feb
|
Mar
(4) |
Apr
(12) |
May
(15) |
Jun
(7) |
Jul
(10) |
Aug
(2) |
Sep
|
Oct
(1) |
Nov
(8) |
Dec
|
| 2023 |
Jan
(15) |
Feb
|
Mar
(23) |
Apr
(1) |
May
(2) |
Jun
(10) |
Jul
|
Aug
(22) |
Sep
(19) |
Oct
(2) |
Nov
(20) |
Dec
|
| 2024 |
Jan
(1) |
Feb
|
Mar
(16) |
Apr
(15) |
May
(6) |
Jun
(4) |
Jul
(1) |
Aug
(1) |
Sep
|
Oct
(13) |
Nov
(18) |
Dec
(6) |
| 2025 |
Jan
(12) |
Feb
|
Mar
(2) |
Apr
(1) |
May
(11) |
Jun
(5) |
Jul
(4) |
Aug
(2) |
Sep
(2) |
Oct
(6) |
Nov
|
Dec
|
|
From: Gustaf N. <ne...@wu...> - 2023-05-01 15:54:53
|
Dear all, I am glad to announce that the release of NaviServer 4.99.25 is available at SourceForge [1]. This release is mostly a bug-fix release. The forthcoming version 5.0 of NaviServer will contain several new features omitted in this bug-fix branch. In case, you are building NaviServer from the Bitbucket repository, please note that the release 4.99.25 is in the branch release/4.99 (bug fix branch for the NaviServer 4.99 family). New development happens in the "main" branch of the repository, leading to NaviServer 5.*. See below for a summary of the changes. Many thanks to the contributors of this release: Andrew Piskorski Antonio Pisano Brian Fenton Gustaf Neumann Hector Romojaro Joe Oldak Khy Huang Oleg Oleinick Zoran Vasiljevic All the best! -gustaf neumann [1] https://sourceforge.net/projects/naviserver/files/naviserver/4.99.25/ ======================================= NaviServer 4.99.25, released 2023-05-01 ======================================= 132 files changed, 3957 insertions(+), 2068 deletions(-) New Features: ------------- - Added meta-information to configuration values NaviServer can now report, what configuration values provided in the configuration file were actually used, what their default values are, and whether these values were specified or not (using the default values). With this information, administration (e.g. migration) becomes easier. The NaviServer module "nsstats" shows this meta information via the web interface. This functionality is provided via the new option "-filter" for the command "ns_configsection ... section". When the "-filter" option is used, different kinds of information about the parameters is returned from the specified section. "-filter unread": Returns the parameters, which were set during configuration (i.e., in the configuration file) but which were not read in the startup phase of the server. This option is useful to determine e.g. typographical errors of specified parameter names. "-filter defaulted": Returns the parameters, from which the default values were read (i.e., which were not explicitly set) "-filter defaults": Returns the defaults of the parameter. This is useful for contrasting the actual values with the default values for Parameters, e.g. in a web based interface. - ns_set reform (per default deactivated in 4.99, but activated in 5.*) The classical implementation for ns_sets uses separately malloced storage for every attribute name and attribute value. So, e.g., for 1000 ns_sets with 20 members each, this means 1,000*20*2 = 40,000 malloc/free operations, e.g., for a single db query! Although the malloc implementations have improved over the years, these will require many lock operations, especially under load, where many threads might perform many concurrent malloc operations. One other consequence is that the allocated memory will be scattered over address space, which has bad implications for CPU caching. The new implementation uses for one "ns_set" a single Tcl_DString keeping all attribute names and attribute values. This reduces the malloc operations and improves memory locality, such that cache hits will improve. One caveat of this change is that modules using "ns_set" have to be recompiled, since the full C-level data structure of the "ns_set" is exposed. Therefore, adding a member causes a binary incompatibility. One other potential problem is that C-level modules using the Ns_Set* API have to make sure that long-living string values are copied (this was necessary before as well, but was in many cases no problem, when the "ns_sets" were seldom updated). For high compatibility, this feature is deactivated per default in the 4.99.* series and can be activated by setting the compile-time C macro "NS_SET_DSTRING". API changes: ------------ API extensions: - Provide a new interface ending with *Sz to provide string sizes. This reduces the need of strlen() operations. * Ns_SetCreateSz() * Ns_SetIUpdateSz() * Ns_SetPutSz() * Ns_SetPutValueSz() * Ns_SetUpdateSz() - New API calls for "ns_set" reform * Ns_SetClearValues(): clear the values for all keys * Ns_SetDataPrealloc(): creating ns_sets with preallocated values to avoid resize operations * NsSetResize() * NsHeaderSetGet() - Ns_ConfigSet(const char *section, const char *key, const char *name) The last argument is new and allows one to create named sets (previously, all such sets were unnamed) - NsHexPrint(): Print the potentially binary content of a buffer in human-readable form. - Ns_RelativeTime(Ns_Time *relTimePtr, Ns_Time *timePtr) This call implements the inverse operation of Ns_AbsoluteTime(), and is used mostly to make debug messages eye-friendly. Performance Improvements: ------------------------- - Replaced malloc operation per log entry by thread local variable in system log implementation. - When NaviServer 4.99.25 is compiled with NS_SET_DSTRING supportm the following preliminary performance results were measured from the "ns_set" reform (see above). The tests were performed on openacs.org (Xeon Gold 6226R CPU @ 2.90GHz, 32 cores, hyper-threading enabled). The test executes the SQL query select * from acs_objects limit 1000 100 times in sequence. This test is run in 1 to 30 concurrent threads. With 30 threads, 3mio tuples are retrieved, and 72 mio malloc/free operations are needed alone for the retrieved values. Before (classical ns_set with many mallocs): threads 1 total 4606.787 ms avg 3285.25 ms threads 5 total 4595.358 ms avg 3493.07 ms threads 10 total 4804.193 ms avg 3755.93 ms threads 20 total 6279.524 ms avg 4569.16 ms threads 30 total 8966.427 ms avg 6618.58 ms After reform (using common Tcl_DString per tuple): threads 1 total 4524.645 ms avg 3242.54 ms threads 5 total 4251.266 ms avg 3450.09 ms threads 10 total 4656.795 ms avg 3665.31 ms threads 20 total 5934.105 ms avg 4671.38 ms threads 30 total 7384.591 ms avg 5642.76 ms To summarize, the improvement increases under higher load (with more parallel threads). E.g., with 30 threads, the total time improved by 17%.... leading also to a smaller RSS. These tests were not performed under "clinical" conditions. The new Tcl API call "ns_set size" can be used to pre-allocate larger ns_sets, such that the usual Tcl_DString growing policy does not kick in, reducing further realloc() operations. Bug Fixes: ---------- - Fixed potential crash in "ns_accesslog extendedheaders XXXX". Setting extended headers via configuration file was correct, but changing it dynamically via "ns_accesslog extendedheaders .." was broken. (Issuehttps://sourceforge.net/p/naviserver/bugs/91/) - "ns_conn location": Fixed potential race condition It was possible that "ns_conn location" could return inconsistent results in a single request, when the underlying sockPtr was aggressively reused. Now, the value of the location member is copied to the connection structure instead of being shared with the socket structure (as before). - "ns_cache_eval -force": Fixed potential race condition There was a problem with "ns_cache_eval -force", where the system relied on the existence of a pre-existing entry, but in case the entry was flushed in the meantime problems a crash might have happened. Now the value during the "-force" call is cleared exactly like in the case of an unset operation. The null-value operations are already protected until these are finished in various places in the code. - "ns_socknread": Fix potentially wrong result for buffered channels - Bug fixes for problems showing up under MS Windows: * Make sure that the output variable of Ns_ObjvIndex() is always an integer. Previously, the output variable was in two places a character variable, causing crashes under MS Windows. * Handle incompatibility in setlocale() under MS Windows. Under MS Windows, later calls to setlocale() overwrite the string returned by former calls. So, it is necessary to copy of the returned string of a setlocale() call under MS Windows. * Handling linking problems: MS Windows requires explicit handling when importing symbols from .dll files (Ns_LogSqlDebug, NS_intTypePtr) * Pass error codes from low-level function SockRecv() and SockSend() via variables. This change makes sure the real error code (immediately after the I/O operation) is passed to the caller to avoid missed error cases and weird error message (e.g. under windows). - Bug fixes for ADP parser: * Support for greater than sign ">" inside attribute values. Previously, NaviServer determined the terminating end-of-tag character as literally the first greater than sign, no matter if this was used as attribute values between single or double quotes. The new version supports such values, since the "Living Standard of HTML" [1] allows the use of less than "<" and greater than ">" signs inside attribute values as long these are between single or double quotes. The guide [2] just recommends using character escapes for "<", ">" and "&". [1]https://html.spec.whatwg.org/multipage/syntax.html#syntax-attribute-value [2]https://www.w3.org/International/questions/qa-escapes This problem was reported by Wolfgang Winkler * Clear ADP flags in case of errors (this error was present for many years) Previously, The following ADP page could lead to a full breakdown of the server, since the error states of the server were never cleared, and subsequent requests served be the same interpreter could lead to the old error states. Many thanks to Oleg Oleinick for reporting and the great test cases. - Provide better HTTP status code for early errors: When the driver terminates already a request, it might be the case that the error flags were not read out. In such cases, we provide now more specific status codes rather than 400. - ns_http: * Improved robustness with domain names resolving against many IP addresses: When a domain name is resolved against many IP addresses, and all these IP addresses block (connect returns "in progress") then the old code might have looped infinitely. Now the code respects the provided timeout (default set to 5s) per resolved IP address. Many thanks to Joe Oldak for pointing out the problem and leading us to the solution. * Fixed timeout handling during TLS handshake: This problem could appear, when the TCP connection to a server succeeded quickly, but the TLS handshake was taking a long time, without a raising a timeout exception, although the timeout time has expired. - Set the default server before the init-scripts is called to make it accessible from there - Provide compatibility between in-memory and file-based form-data handling for invalid characters: Since the file based implementation uses a fallback-charset of iso8859-1 when parsing form data in POST requests (in order to be able to extract "_charset_" data), the in-memory based variant does now the same. The decision of which parser is used is taken based on the size of the form data.... and should therefore be consistent. - nscp: Fixed problem, when the nscp module is activated but no "users" section is specified. Many thanks to Andrew Piskorski for reporting the problem. - Security Improvement: Added protection against sneaking in fake NAME.tmpfile entries into form fields, when performing file upload operations. Documentation improvements: --------------------------- - Improved the following man pages: doc/src/manual/adp-overview.man doc/src/manual/tcl-lib-nstrace.man doc/src/naviserver/commandlist.man doc/src/naviserver/ns_adp.man doc/src/naviserver/ns_adp_ctl.man doc/src/naviserver/ns_config.man doc/src/naviserver/ns_conn.man doc/src/naviserver/ns_connchan.man doc/src/naviserver/ns_cookie.man doc/src/naviserver/ns_crypto.man doc/src/naviserver/ns_http.man doc/src/naviserver/ns_ictl.man doc/src/naviserver/ns_locationproc.man doc/src/naviserver/ns_parsehostport.man doc/src/naviserver/ns_return.man doc/src/naviserver/ns_set.man doc/src/naviserver/ns_setprivileges.man Configuration Files: -------------------- - New feature for the sample configuration file openacs-config.tcl The following variables (with prefix oacs_) can be taken from the shell variables. This makes it easier to run similar variants of NaviServer instances from a single configuration file, while providing variables from the command line. This is e.g. useful for Docker or cluster setups. CookieNamespace bindir cachingmode db_host db_name db_port db_user homedir hostname httpport httpsport ipaddress logroot nscpport server serverroot smtpdport One can use e.g.the following command to change some ports and the log file during startup oacs_httpport=8000 oacs_httpsport=8443 oacs_smtpdport=2526 \ oacs_logroot=/var/www/XXXX/log-node1/ \ /usr/local/ns/bin/nsd -t /var/www/XXXX/etc/openacs-config.tcl ... - further updates for openacs-config.tcl: * Added sample nssmtpd configuration * Added placeholder for ClusterSecret * Reflect recent Oracle requirements (tested with Oracle 19c) * Added documentation for "StaticCSP", "CookieNamespace", "NsShutdownWithNonZeroExitCode", "LogIncludeUserId" - Updated all sample configuration files Code Changes: ------------- - Added and updated predefined MIME types based on https://www.iana.org/assignments/media-types/media-types.xhtml - Added compile time macro NS_VERBOSE_MALLOC to identify frequent *alloc operations - Print version of zlib during startup - OpenSSL maintenance: * Improved robustness for OCSP with OpenSSL 3.* The previous version crashed with OpenSSL 3.*, when OCSP was tried on self-signed certificates. Aside of the fact that OCSP does not make sense for self-signed certificates, the server should not crash in such situations. * Fixed ns_crypto::aead::encrypt/decrypt test under OpenSSL 1.1.1 (as shipped per default, e.g. on Ubuntu 18.04.4) In short, the problem was that with this version of OpenSSL, setting empty additional authenticated data (AAD) behaved differently from other versions, namely it was clearing incorrectly (forgetting) the information that the initialization vector (IV) was already set. An upgrade of OpenSSL fixed the problem. However, with these changes, also the stock version of OpenSSL can be used. As a byproduct, better error messages are now produced, the code received more cleanup (e.g. explicit initialization, etc.) - Automated testing: * Setup if Bitbucket + GitHub pipelines for automated regression testing with multiple versions of components For NaviServer 4.99 the current setup performs tests with gcc-10 + gcc-11, Tcl 8.6.13 + 8.7a5, NSF 2.4,0 + 2.4.0, tDOM 0.9.1 + 0.9.3, extra modules: nsdbpg nsdbi nsdbipg nsudp nscoap nssmtpd. https://github.com/nm-wu/naviserver-mirror/actions * Improved robustness of regression test when running with the docker networking setup * Force nonzero exit code when regression test fails * Added parameter "-timeout" to call of regression test cases Previously, the timeout was hard-wired to 3 seconds. One can now call a test with e.g. "nstest::http -timeout 1s ... GET ..." * adp_compress.test: removed trailing newline to ease cross-platform regression tests * Prefer standard Tcl test constraint "macOrUnix" over own solution * Extended regression tests with more test cases - Code management: * Changed name of branch from "master" to "main" - Code Cleanup * Improved type cleanness * Removed deprecated calls to "sprintf" * Improved portability for Tcl 8.7* (handling of binary data) - Improved comments, fixed typos Changes in NaviServer Modules: ============================== 39 files changed, 9658 insertions(+), 1781 deletions(-) General: Adjust to necessary API changes in NaviServer (contains as well support for the forthcoming release of NaviServer 5) nsdbpg: ------- - new pg-driver specific command: ns_pg_prepare /sql/ Return a dict building a prepared statement for the passed-in SQL statement. The dict contains the keys "sql" and "args". The function is used by e.g. OpenACS to generate prepared statements from SQL commands with bind variables. - Raise exception when a value for a bind variable contains a NUL character. This value is explicitly forbidden in text strings passed to PostgreSQL. - Let "ns_pg" report available subcommands even when handle is not specified. This makes the command compatible with the "icanuse" feature in OpenACS. nsstats: -------- - HTTP client log analysis: * Provide charts for performance (using highcharts via CDN) * Provide charts on request frequency (using highcharts via CDN) * Provide a summary table for HTTP client requests * Improved robustness against invalid URLs (containing unescaped spaces) * Added support for selection of different HTTP client log files via web interface - "Process" page: * Added percentage of request distribution over connection pools * Added information about the connected client * Added more detailed version information - Added cache configuration to output when looking at a single cache - Improved "log file" analysis * Automated stripping of color codes * Added filter option. The filter can be used to grep for (ID) strings in both the system and access logs, providing a summary for the traces of a request in the access log and system log on a single place. - Added default and usage information to "Config Parameters" page nsoracle: --------- - Fixed bug when streaming LOB content to connection. The old code did not distinguish between binary and non-binary content. This bug was discussed in https://openacs.org/forums/message-view?message_id=5693661 Bumped version number to 2.9 - switched to plain Debug handling for debugging the driver The handling of Ns_LogSqlDebug is performed inside nsdb, including also the printout of (long) SQL statements. Previously, the driver was too chatty when Debug(sql) was turned on. - Added support for output columns of type SQLT_TIMESTAMP or SQLT_TIMESTAMP_TZ This change fixes a bug, where SQL queries of the form SELECT TO_TIMESTAMP(sysdate) FROM dual lead to errors for the form: Database operation "getrow" failed (exception 1406, "nsoracle.c:3659:Ns_OracleGetRow: error in `OCIStmtFetch ()': ORA-01406: fetched column value was truncated The driver needs for several output types special rules, where the timestamp cases were not supported so far. It is also recommended to set the according environment variables specifying the output format in the configuration server of NaviServer, such as e.g. set ::env(NLS_TIMESTAMP_FORMAT) "YYYY-MM-DD HH24:MI:SS.FF6" set ::env(NLS_TIMESTAMP_TZ_FORMAT) "YYYY-MM-DD HH24:MI:SS.FF6 TZH:TZM" For testing in you local Oracle installation, you might test the output formats (and the required sizes with the following snippet for sqlplus: COLUMN localtimestamp format a40 COLUMN systimestamp format a40 COLUMN ts_bytes format a80 alter session set nls_timestamp_format='YYYY-MM-DD HH24:MI:SS.FF6'; select localtimestamp, length(localtimestamp), dump(localtimestamp) ts_bytes from dual; alter session set nls_timestamp_tz_format='YYYY-MM-DD HH24:MI:SS.FF6 TZH:TZM'; select systimestamp, length(systimestamp), dump(systimestamp) ts_bytes from dual; alter session set nls_timestamp_tz_format='YYYY-MM-DD HH24:MI:SS.FF6 TZR'; select systimestamp, length(systimestamp), dump(systimestamp) ts_bytes from dual; letsencrypt: ------------ - Added option to produce certificates with ECDSA: Prior to this change, all certificates were using RSA keys. Since a while, keys based on elliptic curves became the preference of letsencrypt. nsshell: -------- - Fixed a bug in "ns_conn" emulation, when the "kernel" was not correctly identified |
|
From: Brian F. <bri...@ai...> - 2023-04-03 12:34:00
|
Hi thanks for the response, that was really helpful to get a report of real-world usage. I think it's definitely worth our while exploring this further. I'm currently trying to compile the Oracle driver on Vlad V's Docker image. I will post separately about an issue I'm having there. thanks! Brian ________________________________ From: Maksym Zinchenko <siq...@gm...> Sent: Friday 31 March 2023 1:23 pm To: Brian Fenton <bri...@ai...> Cc: nav...@li... <nav...@li...> Subject: Re: [naviserver-devel] Some questions about Docker images for Naviserver Hello, I'm using Docker Naviserver in production, but it's not a big one. I can recommend it. In my case I'm using only Naviserver, not OpenACS. I have some images on docker hub under siqsuruq/naviserver, it's not official, but they work for me. They are based on a custom ubuntu image I made with Tcl. They are kinda big, about 300 mb but it works for me. About S6 and non S6, difference is only on type of init system used in the image, but i'm not pro at this question. The S6 version of Docker images uses an init system called s6-overlay, the non-S6 version of Docker images typically use a different init system, such as Systemd or SysVinit. In my case I'm using Postgres only, at host not in a Docker container. it looks like its working faster this way. So, in general, you can use a Docker container with Naviserver without any problem. Maksym On Fri, 31 Mar 2023, 10:44 Brian Fenton, <bri...@ai...<mailto:bri...@ai...>> wrote: Hello all We're exploring reviving the Linux version of our Naviserver product. As part of this we'd like to investigate the feasibility of using Docker, initially for ease of development, and potentially later for production systems. I have a couple of questions that would be good to get the community's responses to. 1. Is there anyone using Docker Naviserver in production? If so would you recommend it, and are there any peculiarities that we should know about? 2. There are quite a few Naviserver images on on https://hub.docker.com, but I don't see an official one. It seems from posts on OpenACS.org <https://openacs.org/xowiki/setup-with-docker-s6> that Vlad V's build has had a lot of community input, and seems to be the de facto build. Would it be worth trying to get that version tagged as an official Naviserver Docker<https://docs.docker.com/docker-hub/official_images/> build to give newcomers clarity? I must admit to some confusion regarding the difference between the S6 and the non-S6 versions - should we as a community pick one as the official one? 3. For those of us using Oracle, what would be involved in getting Oracle driver support added as a build/run option? I'd be happy to help with this in any way I can. thanks in advance Brian _______________________________________________ naviserver-devel mailing list nav...@li...<mailto:nav...@li...> https://lists.sourceforge.net/lists/listinfo/naviserver-devel |
|
From: Gustaf N. <ne...@wu...> - 2023-03-31 12:41:36
|
Here is some background, what's good about s6-overlay: https://kreuzwerker.de/post/managing-multi-process-applications-in-containers-using-s6 In short: it is sufficiently simple to use and has a couple of useful utilities... -g On 31.03.23 14:23, Maksym Zinchenko wrote: > Hello, I'm using Docker Naviserver in production, but it's not a big > one. I can recommend it. In my case I'm using only Naviserver, not > OpenACS. I have some images on docker hub under siqsuruq/naviserver, > it's not official, but they work for me. They are based on a custom > ubuntu image I made with Tcl. They are kinda big, about 300 mb but it > works for me. About S6 and non S6, difference is only on type of init > system used in the image, but i'm not pro at this question. The S6 > version of Docker images uses an init system called s6-overlay, the > non-S6 version of Docker images typically use a different init system, > such as Systemd or SysVinit. In my case I'm using Postgres only, at > host not in a Docker container. it looks like its working faster this way. > So, in general, you can use a Docker container with Naviserver without > any problem. > > Maksym > > On Fri, 31 Mar 2023, 10:44 Brian Fenton, > <bri...@ai...> wrote: > > Hello all > > We're exploring reviving the Linux version of our Naviserver > product. As part of this we'd like to investigate the feasibility > of using Docker, initially for ease of development, and > potentially later for production systems. I have a couple of > questions that would be good to get the community's responses to. > > 1. Is there anyone using Docker Naviserver in production? If so > would you recommend it, and are there any peculiarities that we > should know about? > > 2. There are quite a few Naviserver images on on > https://hub.docker.com, but I don't see an official one. It seems > from posts on OpenACS.org > <https://openacs.org/xowiki/setup-with-docker-s6>that Vlad V's > build has had a lot of community input, and seems to be the /de > facto /build. Would it be worth trying to get that version tagged > as an official Naviserver Docker > <https://docs.docker.com/docker-hub/official_images/> build to > give newcomers clarity? I must admit to some confusion regarding > the difference between the S6 and the non-S6 versions - should we > as a community pick one as the official one? > > 3. For those of us using Oracle, what would be involved in getting > Oracle driver support added as a build/run option? I'd be happy to > help with this in any way I can. > > thanks in advance > Brian > > _______________________________________________ > naviserver-devel mailing list > nav...@li... > https://lists.sourceforge.net/lists/listinfo/naviserver-devel > > > > _______________________________________________ > naviserver-devel mailing list > nav...@li... > https://lists.sourceforge.net/lists/listinfo/naviserver-devel -- Univ.Prof. Dr. Gustaf Neumann Head of the Institute of Information Systems and New Media of Vienna University of Economics and Business Program Director of MSc "Information Systems" |
|
From: Maksym Z. <siq...@gm...> - 2023-03-31 12:23:46
|
Hello, I'm using Docker Naviserver in production, but it's not a big one. I can recommend it. In my case I'm using only Naviserver, not OpenACS. I have some images on docker hub under siqsuruq/naviserver, it's not official, but they work for me. They are based on a custom ubuntu image I made with Tcl. They are kinda big, about 300 mb but it works for me. About S6 and non S6, difference is only on type of init system used in the image, but i'm not pro at this question. The S6 version of Docker images uses an init system called s6-overlay, the non-S6 version of Docker images typically use a different init system, such as Systemd or SysVinit. In my case I'm using Postgres only, at host not in a Docker container. it looks like its working faster this way. So, in general, you can use a Docker container with Naviserver without any problem. Maksym On Fri, 31 Mar 2023, 10:44 Brian Fenton, <bri...@ai...> wrote: > Hello all > > We're exploring reviving the Linux version of our Naviserver product. As > part of this we'd like to investigate the feasibility of using Docker, > initially for ease of development, and potentially later for production > systems. I have a couple of questions that would be good to get the > community's responses to. > > 1. Is there anyone using Docker Naviserver in production? If so would you > recommend it, and are there any peculiarities that we should know about? > > 2. There are quite a few Naviserver images on on https://hub.docker.com, > but I don't see an official one. It seems from posts on OpenACS.org > <https://openacs.org/xowiki/setup-with-docker-s6>that Vlad V's build has > had a lot of community input, and seems to be the *de facto *build. Would > it be worth trying to get that version tagged as an official Naviserver > Docker <https://docs.docker.com/docker-hub/official_images/> build to > give newcomers clarity? I must admit to some confusion regarding the > difference between the S6 and the non-S6 versions - should we as a > community pick one as the official one? > > 3. For those of us using Oracle, what would be involved in getting Oracle > driver support added as a build/run option? I'd be happy to help with this > in any way I can. > > thanks in advance > Brian > > _______________________________________________ > naviserver-devel mailing list > nav...@li... > https://lists.sourceforge.net/lists/listinfo/naviserver-devel > |
|
From: Brian F. <bri...@ai...> - 2023-03-31 11:44:15
|
Hello all We're exploring reviving the Linux version of our Naviserver product. As part of this we'd like to investigate the feasibility of using Docker, initially for ease of development, and potentially later for production systems. I have a couple of questions that would be good to get the community's responses to. 1. Is there anyone using Docker Naviserver in production? If so would you recommend it, and are there any peculiarities that we should know about? 2. There are quite a few Naviserver images on on https://hub.docker.com, but I don't see an official one. It seems from posts on OpenACS.org <https://openacs.org/xowiki/setup-with-docker-s6> that Vlad V's build has had a lot of community input, and seems to be the de facto build. Would it be worth trying to get that version tagged as an official Naviserver Docker<https://docs.docker.com/docker-hub/official_images/> build to give newcomers clarity? I must admit to some confusion regarding the difference between the S6 and the non-S6 versions - should we as a community pick one as the official one? 3. For those of us using Oracle, what would be involved in getting Oracle driver support added as a build/run option? I'd be happy to help with this in any way I can. thanks in advance Brian |
|
From: Gustaf N. <ne...@wu...> - 2023-03-20 11:03:39
|
Dear all, For all security hungry NaviServer users: NaviServer supports now Argon2, which is currently the best known password hashing function (well more than this, it is a key derivation algorithm). For details, see [1]. It may take still some time until OpenSSL 3.2 is available in the main Linux distributions. With this change, NaviServer provides direct support for the two most recommended password hashing algorithms of the OWASP project [2], namely Argon2 and scrypt, along with SCRAM-sha-256 (actually PBKDF2) which is the most secure algorithm implemented in PostgreSQL. All the best -g [1] https://bitbucket.org/naviserver/naviserver/commits/4d634d54b77d1ce6b61f07944871f3dcf1a330a5 [2] https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#password-hashing-algorithms |
|
From: Gustaf N. <ne...@wu...> - 2023-03-19 17:23:27
|
Thanks for the report. The problem could be repeated and is fixed in the public repository [1]. The problem was introduced in 2022-07-11, but not included in any released version. all the best -g [1] https://bitbucket.org/naviserver/naviserver/commits/168eebbe67d0d631df5948e1647a36e6e0d9baf0 On 18.03.23 20:07, Andrew Piskorski wrote: > Probably nscp shouldn't segfault if it's missing that section? |
|
From: Andrew P. <at...@pi...> - 2023-03-18 19:08:01
|
Using the Naviserver head on Linux, the installed "conf/nsd-config.tcl"
and "conf/simple-config.tcl" config fieles both work fine for testing
that a newly compliled server starts up correctly. However, simple-config.tcl
includes a commented-out line loading the nscp module, like so:
#ns_param nscp nscp
If you uncomment that line, then the server crashes every time on startup.
If you ALSO copy this "module/nscp/users" section from nsd-config.tcl,
then the crash goes away and server again starts fine:
ns_section ns/server/default/module/nscp/users {
ns_param user "::"
}
Probably nscp shouldn't segfault if it's missing that section? Or
maybe we should either just add that section into simple-config.tcl,
or remove the commented-out nscp line entirely.
When the server crashes because of the missing nscp configuration, the
backtrace looked like this:
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007f4a13c2c859 in __GI_abort () at abort.c:79
#2 0x00007f4a13ea4288 in Panic () from /usr/local/pkg/nsd-20230317-1/lib/libnsd.so
#3 0x00007f4a13af358d in Tcl_PanicVA (format=<optimized out>, argList=argList@entry=0x7ffcecfc0b40) at /home/nobackup/co/tcl/tcl-core-8-6-branch/generic/tclPanic.c:99
#4 0x00007f4a13af36ff in Tcl_Panic (format=<optimized out>) at /home/nobackup/co/tcl/tcl-core-8-6-branch/generic/tclPanic.c:160
#5 0x00007f4a13f096c7 in Abort () from /usr/local/pkg/nsd-20230317-1/lib/libnsd.so
#6 <signal handler called>
#7 0x00007f4a13ebd18d in Ns_SetFindCmp () from /usr/local/pkg/nsd-20230317-1/lib/libnsd.so
#8 0x00007f4a13ebd287 in Ns_SetFind () from /usr/local/pkg/nsd-20230317-1/lib/libnsd.so
#9 0x00007f4a13ebc951 in Ns_SetUpdateSz () from /usr/local/pkg/nsd-20230317-1/lib/libnsd.so
#10 0x00007f4a13e22a6e in LoadUsers () from /home/local-20.04/pkg/nsd-20230317-1/bin/nscp.so
#11 0x00007f4a13e22eb0 in Ns_ModuleInit () from /home/local-20.04/pkg/nsd-20230317-1/bin/nscp.so
#12 0x00007f4a13ea6e61 in Ns_ModuleLoad () from /usr/local/pkg/nsd-20230317-1/lib/libnsd.so
#13 0x00007f4a13ea7141 in NsTclModuleLoadObjCmd () from /usr/local/pkg/nsd-20230317-1/lib/libnsd.so
--
Andrew Piskorski <at...@pi...>
|
|
From: Andrew P. <at...@pi...> - 2023-03-16 20:00:40
|
On Thu, Mar 16, 2023 at 02:36:27PM -0400, Andrew Piskorski wrote:
> > > Debug Error!
> > > Program: C:\web\ns-fork-pub\naviserver\nsd\libnsd.dll
> > > Run-Time Check Failure #2 - Stack around the variable 'filter' was corrupted.
> I put the same code that the ns_config-7.4.1 test runs into a simple
> *.tcl page like this:
>
> set xx [ns_set array [ns_configsection -filter "unread" ns/testconfig]]
> ns_return 200 {text/plain} "Result: $xx"
I found this helpful article on trying to find the source of stack
corruption via memory access breakpoints:
https://www.timdbg.com/posts/debugger-lies-part-1/#memory-access-breakpoints
Below is my attempt to do that; I got stuck without clear results.
My memory access breakpoint fired, but the stack trace said we were
still in NsTclConfigSectionObjCmd(), seemingly still at the beginning
of that function, with just this cryptic (to me) output:
(41d0.f7c): Break instruction exception - code 80000003 (first chance)
libnsd!failwithmessage+0x234:
00007ff8`c7101364 cc int 3
I'm not very skilled at using WinDbg, so it's likely I missed or
misinterpreted something.
Here's what I did to get that far:
------------------------------------------------------------
## I downloaded and installed Windows SDK 10.0.22621:
https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/
## That gave me WinDbg installed here:
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe
## Build NaviServer on Windows my usual way:
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat"
z: & cd Z:\src\web\ns-fork-pub\naviserver
nmake -f Makefile.win32 clean-core clean-mod
nmake -f Makefile.win32 all-core all-mod
# Fix permissions if necessary! e.g.:
# find . -type f \( -name "*.exe" -o -name "*.dll" \) -print | sudo xargs chmod 775
nmake -f Makefile.win32 _install
nmake -f Makefile.win32 _test
## Start up nsd.exe under WinDbg:
"C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe" -g C:\P\nsd\nsd-fp_2023-03-15-2\bin\nsd.exe -t Z:/src/web/ns-fork-pub/naviserver/tests/test.nscfg
## Tell WinDbg about my Naviserver code:
.srcpath Z:\src\web\ns-fork-pub\naviserver
.sympath C:\P\nsd\nsd-fp_2023-03-15-2\lib;C:\P\Tcl-64-8.6.12\lib;SRV*C:\MyLocalSymbols*http://msdl.microsoft.com/download/symbols
!sym noisy
lml
.reload libnsd.dll
.reload nsd.exe
## Set breakpoint 0 on NsTclConfigSectionObjCmd():
bp NsTclConfigSectionObjCmd
g
## Trigger the bug. I like to use Cygwin like so:
wget -O - -q http://localhost:8000/atp-crash.tcl
## Now in WinDbg were are in NsTclConfigSectionObjCmd().
## Show stack:
k
## Show current stack pointer:
dx @$csp
## Set memory access breakpoint 1 on the stack pointer:
ba w 8 @$csp
bl
g
## This is the cryptic output I got:
(41d0.f7c): Break instruction exception - code 80000003 (first chance)
libnsd!failwithmessage+0x234:
00007ff8`c7101364 cc int 3
## Disable the stack pointer breakpoint:
bd 1
------------------------------------------------------------
--
Andrew Piskorski <at...@pi...>
|
|
From: Andrew P. <at...@pi...> - 2023-03-16 18:36:37
|
On Wed, Mar 15, 2023 at 03:57:40PM -0400, Andrew Piskorski wrote:
> On Tue, Mar 14, 2023 at 04:44:21PM -0400, Andrew Piskorski wrote:
>
> > Debug Error!
> > Program: C:\web\ns-fork-pub\naviserver\nsd\libnsd.dll
> > Run-Time Check Failure #2 - Stack around the variable 'filter' was corrupted.
> On Windows, running the "ns_config.test" tests triggers that one. All
> the tests through ns_config-7.4.0, pass, then it stops with no further
> output. Yep, the next test, ns_config-7.4.1, is sufficient to trigger
> the problem all by itself.
I put the same code that the ns_config-7.4.1 test runs into a simple
*.tcl page like this:
set xx [ns_set array [ns_configsection -filter "unread" ns/testconfig]]
ns_return 200 {text/plain} "Result: $xx"
Hitting that web page, I the ns_return never runs, because nsd.exe has
broken before getting that far.
WinDbg says the stack corruption is happening in NsTclConfigSectionObjCmd()
(in "nsd/tclconf.c"), but it doesn't notice until it gets to the end
of that function. I think most of the work there is in Ns_ParseObjv(),
so maybe that, or something it calls, is the most likely place for
some sort of array bounds overrun to be hiding. I don't know though,
it could be anything that NsTclConfigSectionObjCmd() calls.
I don't know how else to further track down this bug, but if anybody
has further suggestions I'm willing to try them.
--
Andrew Piskorski <at...@pi...>
|
|
From: Andrew P. <at...@pi...> - 2023-03-15 19:57:46
|
On Tue, Mar 14, 2023 at 04:44:21PM -0400, Andrew Piskorski wrote: > Debug Error! > Program: C:\web\ns-fork-pub\naviserver\nsd\libnsd.dll > Run-Time Check Failure #2 - Stack around the variable 'filter' was corrupted. > > I never see the usual "all.tcl" test summary output. Maybe nsd is > hitting the above "Debug Error!" before getting there? On Windows, running the "ns_config.test" tests triggers that one. All the tests through ns_config-7.4.0, pass, then it stops with no further output. Yep, the next test, ns_config-7.4.1, is sufficient to trigger the problem all by itself. -- Andrew Piskorski <at...@pi...> |
|
From: Gustaf N. <ne...@wu...> - 2023-03-15 19:41:18
|
On 15.03.23 19:50, Andrew Piskorski wrote: > On Windows, what's the best (simple?) way to check if my nsd is > actually linked correctly with zlib? If zlib is not linked correctly, you would get errors during linking. The easiest thing to test, whether compression via zlib works fine is to test this via browser (e.g., browse the file tests/testserver/pages/ns_adp_compress.adp) Since the errors you get are from "nstest::http-0.9", i would not be surprised, if this is related with the last problem you reported, also using the old-style regression test interface. The code in "nstest::http-0.9" is quite old, it has not been changed since ages. Are you sure, these tests were working before? It can also be that this the one-of-content detection was never correct but happened to work due to different buffering in tcl/c-library/OS/.... all the best -g |
|
From: Gustaf N. <ne...@wu...> - 2023-03-15 19:15:44
|
On 15.03.23 19:39, Andrew Piskorski wrote: > But despite that change, I still get those same 4 failures on Windows. The change your are citing has nothing to do with windows. If i see correctly, all these tests use "nstest::http-0.9", which is the old-style regression test interface using ns_sockopen and tcl/IO (fconfigure, read, ...). I would expect an error there. The newer regression test interface is based on ns_http. The failing tests use the old interface, since one gets there the raw output from the server, while ns_http returns the parsed output. -gn |
|
From: Andrew P. <at...@pi...> - 2023-03-15 18:50:57
|
On Windows, what's the best (simple?) way to check if my nsd is
actually linked correctly with zlib?
Reason I ask, is on Windows I was always getting warnings like this:
Warning: init server test: compress is enabled, but no zlib support built in
I've now installed zlib-1.2.13, and am playing with the build to try
and make Naviserver use it. That made the, "no zlib support built in"
warning go away, but I'm not sure if I'm linking zlib correctly. I
still get the three "compress" test failures below, but I don't know
if this means my zlib support is completely missing or broken, or some
other problem.
==== compress-3.3 ns_write streaming, compressed FAILED
==== Contents of test case:
set b [nstest::http-0.9 -http 1.0 -getbinary 1 -encoding binary -setheaders {Accept-Encoding gzip} -getheaders {Content-Encoding Vary} GET /compress]
list {*}[lrange $b 0 2] [llength [lindex $b end]] [lrange [lindex $b end] end-15 end]
---- Result was:
200 gzip Accept-Encoding 37 {ff ff 52 48 54 28 49 2d 2e e1 02 00 00 00 ff ff}
---- Result should have been (exact matching):
200 gzip Accept-Encoding 47 {02 00 00 00 ff ff 03 00 12 13 05 72 0f 00 00 00}
==== compress-3.3 FAILED
==== compress-3.4 streaming adp, compressed FAILED
==== Contents of test case:
set b [nstest::http-0.9 -http 1.0 -getbinary 1 -encoding binary -setheaders {Accept-Encoding gzip} -getheaders {Content-Encoding Vary} GET /ns_adp_compress.adp?stream=1]
list {*}[lrange $b 0 2] [llength [lindex $b end]] [lrange [lindex $b end] end-20 end]
---- Result was:
200 gzip Accept-Encoding 30 {0a 2a c9 c8 2c 56 00 a2 44 85 92 d4 e2 12 2e 00 00 00 00 ff ff}
---- Result should have been (exact matching):
200 gzip Accept-Encoding 40 {92 d4 e2 12 2e 00 00 00 00 ff ff 03 00 12 13 05 72 0f 00 00 00}
==== compress-3.4 FAILED
==== compress-3.5 ns_write streaming + HTTP 1.1 chunking, compressed FAILED
==== Contents of test case:
set b [nstest::http-0.9 -http 1.1 -getbinary 1 -encoding binary -setheaders {Accept-Encoding gzip} -getheaders {Content-Encoding Vary Transfer-Encoding Content-Length} GET /compress]
list {*}[lrange $b 0 3] [llength [lindex $b end]] [lrange [lindex $b end] end-30 end]
---- Result was:
200 gzip Accept-Encoding chunked 44 {2a c9 c8 2c 56 c8 2c 06 00 00 00 ff ff 0a 65 0a 52 48 54 28 49 2d 2e e1 02 00 00 00 ff ff 0a}
---- Result should have been (exact matching):
200 gzip Accept-Encoding chunked 60 {52 48 54 28 49 2d 2e e1 02 00 00 00 ff ff 0a 61 0a 03 00 12 13 05 72 0f 00 00 00 0a 30 0a 0a}
==== compress-3.5 FAILED
--
Andrew Piskorski <at...@pi...>
|
|
From: Andrew P. <at...@pi...> - 2023-03-15 18:39:51
|
On Tue, Mar 14, 2023 at 04:44:21PM -0400, Andrew Piskorski wrote: > I also see 4 "http_chunked" test failures, below: > ==== http_chunked-1.1 ADP streaming w/chunks to HTTP/1.1 client FAILED > ==== http_chunked-1.1 FAILED > ==== http_chunked-1.3 ADP with longer partly-buffered response and auto-streaming FAILED > ==== http_chunked-1.3 FAILED > ==== http_chunked-2.1 Tcl streaming w/chunks to HTTP/1.1 client FAILED > ==== http_chunked-2.1 FAILED > ==== http_chunked-2.1.1 Tcl streaming multiple binary buffers w/chunks to HTTP/1.1 client FAILED > ==== http_chunked-2.1.1 FAILED I am now using this change: https://bitbucket.org/naviserver/naviserver/commits/7e65faade74d4da66dcffd0f7c271d73f748b3a2 commit 7e65faade74d4da66dcffd0f7c271d73f748b3a2 Author: Gustaf Neumann <ne...@wu...> Date: 2023-03-14 10:02:49 +0100 Tue ns_http: Fixed behavior of HEAD request for persistent connections. But despite that change, I still get those same 4 failures on Windows. Output looks the same, the output my nsd is sending ends in "01234\n", but the test is expecting it to be "01234\n0\n". -- Andrew Piskorski <at...@pi...> |
|
From: Andrew P. <at...@pi...> - 2023-03-14 20:44:32
|
On Tue, Mar 14, 2023 at 02:54:54PM -0400, Andrew Piskorski wrote:
>> [14/Mar/2023:13:17:45][16420.4aa0][-main:test-] Error: modload: Z:/src/web/ns-fork-pub/naviserver/tests/../nslog/nslog.dll: couldn't load library "Z:/src/web/ns-fork-pub/naviserver/tests/../nslog/nslog.dll": permission denied
>> [14/Mar/2023:13:17:45][16420.4aa0][-main:test-] Fatal: modload: failed to load module 'Z:/src/web/ns-fork-pub/naviserver/tests/../nslog/nslog.dll'
> In my case, trying to run on a network drive (over Samba) seems to be
> causing the "permission denied" problem.
Embarassingly, the problem there was simply that my compiled Windows
*.dll files, located on the Samba drive, lacked execute permission.
Some Samba configurations enforce that and some don't. With that
fixed I can actually look at real test failures.
I am still getting the pop-up I mentioned before:
Debug Error!
Program: C:\web\ns-fork-pub\naviserver\nsd\libnsd.dll
Run-Time Check Failure #2 - Stack around the variable 'filter' was corrupted.
I never see the usual "all.tcl" test summary output. Maybe nsd is
hitting the above "Debug Error!" before getting there?
In the test output, I have lots of "compress" failures, but that's
probably because I don't have zlib installed (yet) on this machine.
I also see 4 "http_chunked" test failures, below:
==== http_chunked-1.1 ADP streaming w/chunks to HTTP/1.1 client FAILED
==== Contents of test case:
nstest::http-0.9 -http 1.1 -setheaders {Connection keep-alive} -getbody 1 -getheaders {Transfer-Encoding Connection Content-Length} GET /http_chunked.adp?stream=1
---- Result was:
200 chunked keep-alive {} {a
0123456789
5
01234
}
---- Result should have been (exact matching):
200 chunked keep-alive {} {a
0123456789
5
01234
0
}
==== http_chunked-1.1 FAILED
==== http_chunked-1.3 ADP with longer partly-buffered response and auto-streaming FAILED
==== Contents of test case:
nstest::http-0.9 -http 1.1 -setheaders {Connection keep-alive} -getheaders {Transfer-Encoding Connection Content-Length} -getbody t GET /http_chunked.adp?stream=0&bufsize=8
---- Result was:
200 chunked keep-alive {} {a
0123456789
5
01234
}
---- Result should have been (exact matching):
200 chunked keep-alive {} {a
0123456789
5
01234
0
}
==== http_chunked-1.3 FAILED
==== http_chunked-2.1 Tcl streaming w/chunks to HTTP/1.1 client FAILED
==== Contents of test case:
nstest::http-0.9 -http 1.1 -getheaders {Transfer-Encoding Content-Length} -getbody 1 GET /tclchunked
---- Result was:
200 chunked {} {a
0123456789
5
01234
}
---- Result should have been (exact matching):
200 chunked {} {a
0123456789
5
01234
0
}
==== http_chunked-2.1 FAILED
==== http_chunked-2.1.1 Tcl streaming multiple binary buffers w/chunks to HTTP/1.1 client FAILED
==== Contents of test case:
nstest::http-0.9 -http 1.1 -getheaders {Transfer-Encoding Content-Length} -getbody 1 GET /tclchunked
---- Result was:
200 chunked {} {a
0123456789
5
01234
}
---- Result should have been (exact matching):
200 chunked {} {a
0123456789
5
01234
0
}
==== http_chunked-2.1.1 FAILED
|
|
From: Andrew P. <at...@pi...> - 2023-03-14 18:55:04
|
On Tue, Mar 14, 2023 at 01:46:34PM -0400, Andrew Piskorski wrote: > nmake -f Makefile.win32 _test_one > > Now, I can't get that to work, and I'm stuck trying to figure out why. In my case, trying to run on a network drive (over Samba) seems to be causing the "permission denied" problem. (I'm still trying to figure out why.) If I simply copy everything to a local Windows disk, then the tests do run. They eventually crash nsd with this popup error message: Debug Error! Program: C:\web\ns-fork-pub\naviserver\nsd\libnsd.dll Run-Time Check Failure #2 - Stack around the variable 'filter' was corrupted. I haven't tried to debug that yet. -- Andrew Piskorski <at...@pi...> |
|
From: Andrew P. <at...@pi...> - 2023-03-14 17:46:45
|
Back in 2020, we had the regression tests successfully running on Windows, from the command line with these sorts of commands: nmake -f Makefile.win32 _test nmake -f Makefile.win32 _test_one Now, I can't get that to work, and I'm stuck trying to figure out why. Note, I DON'T mean that the tests are failing - they're not. Rather, I currently can't get the test nsd to start up and run the tests at all! When run from nmake like the above, I get no useful output anywhere, just a "return code '0xc0000022'" message from nmake. If I copy that generated command line and run the it manually at the Windows command prompt, it then DOES write to "tests/nsd.log", where I see errors like this: [14/Mar/2023:13:17:45][16420.4aa0][-main:test-] Error: modload: Z:/src/web/ns-fork-pub/naviserver/tests/../nslog/nslog.dll: couldn't load library "Z:/src/web/ns-fork-pub/naviserver/tests/../nslog/nslog.dll": permission denied [14/Mar/2023:13:17:45][16420.4aa0][-main:test-] Fatal: modload: failed to load module 'Z:/src/web/ns-fork-pub/naviserver/tests/../nslog/nslog.dll' Yes, it says "permission denied", but I have no idea why! AFAICT that nslog.dll' file *IS* readable by everybody in every other context. Note that in that same Windows Command Prompt I can run tclsh and see that the file IS readable: Z:\src\web\ns-fork-pub\naviserver> tclsh % info patchlevel 8.6.12 % file readable Z:/src/web/ns-fork-pub/naviserver/tests/../nslog/nslog.dll 1 % exit I suspect I'm overlooking something. Any debugging suggestions for me? Btw, once I install Naviserver I can start it up using the "simple-config.tcl" just fine, but I don't remember if it's feasible to run the tests that way. In the past I definitely ran them using the build directory like the above, not after installing. -- Andrew Piskorski <at...@pi...> |
|
From: Andrew P. <at...@pi...> - 2023-03-13 22:26:05
|
Since c. 2022-04-10, code at line 614 of nsd/nsmain.c calls Ns_Fatal() with message like this: OpenSSL system configuration mismatch. The provided locale *****1 based on the system-wide default locale is not installed on this system. With latest Naviserver code on Windows 10, I was getting that error every time I tried to start Naviserver. In my string "locale *****1" above, the "*" symbols were actually weird rectangles, completely illegible. The only readable part was the "1" at the end. I set a System environment variable LC_COLLATE = en_US.UTF-8, and that fixed it, now Naviserver actually starts! I'm confused about why that was necessary, but so far it seems to work. -- Andrew Piskorski <at...@pi...> |
|
From: Gustaf N. <ne...@wu...> - 2023-03-11 16:43:06
|
The problem with ns_crypto::aead::encrypt/decrypt test under OpenSSL 1.1.1 (OpenSSL 1.1.1-1ubuntu2.1~18.04.21) on Ubuntu 18.04.4 is now fixed in the repositotry. In short, the problem was that with this version of OpenSSL, setting empty additional authenticated data (AAD) behaved differently from other versions, namely it was clearing incorrectly the information that the initialization vector (IV) was already set. An upgrade of OpenSSL fixed the problem. However, with these changes, also the stock version of OpenSSL can be used. Fixing this was more tricky as already apprehend, but solving a riddle is also rewarding. all the best -g |
|
From: Gustaf N. <ne...@wu...> - 2023-03-09 16:52:41
|
On 09.03.23 17:30, Andrew Piskorski wrote: > In the meantime, how widely used within NaviServer is aead::encrypt? > Is it necessary for basic serving of https pages, or just an extra API > programmers can optionally use? Do even the latest versions of > OpenACS depend on it? (In other words, I'm wondering if these two > aead::encrypt test failures actually matter for me.) the aead::* functions are not used anywhere in OpenACS, these are not used for serving pages via TLS/... or other kind of "regular" or "internal" usage. The only public code that i am aware of is the nswebpush module (optional naviserver module). But of course, every tailored OpenACS application might use this... all the best -g |
|
From: Andrew P. <at...@pi...> - 2023-03-09 16:30:48
|
On Thu, Mar 09, 2023 at 12:27:46PM +0100, Gustaf Neumann wrote: > My first suspicion is the version of OpenSSL in use. OpenSSL is a moving > target. > If i see correctly, there is a version "1.1.1-1ubuntu2.1~18.04.21" in > place for Ubuntu 18.04 will all updates. It this what you are using? Yes, I am. Hm, clearly the best overall approach is for me to upgrade this server, Ubuntu 18.04.4 is very old. In the meantime, how widely used within NaviServer is aead::encrypt? Is it necessary for basic serving of https pages, or just an extra API programmers can optionally use? Do even the latest versions of OpenACS depend on it? (In other words, I'm wondering if these two aead::encrypt test failures actually matter for me.) On that old server, I'm currently using an old version of NaviServer with code from 2020-06-15. It had zero failed tests, and still seems to be working fine. Btw, these are the package versions I see on Ubuntu: Ubuntu 18.04.4: libssl-dev version 1.1.1-1ubuntu2.1~18.04.21 Ubuntu 20.04.1: libssl-dev version 1.1.1f-1ubuntu2.17 Ubuntu 22.04.2: libssl-dev version 3.0.2-0ubuntu1.8 Ubuntu 22.04 stopped shipping OpenSSL 1.1.x entirely, and replaced it with 3.0.2. And it looks like the newer OpenSSL 3.x is NOT included at all in the older 18.04 and 20.04 distributions of Ubuntu. -- Andrew Piskorski <at...@pi...> |
|
From: Gustaf N. <ne...@wu...> - 2023-03-09 15:03:34
|
Small update: with Ubuntu 18.04 + "OpenSSL 1.1.1-1ubuntu2.1~18.04.21", also older versions of naviserver do not work (went back until 4.99.20, jan 2021). so, in case this is really needed, it requires detailed debugging, including comparing the results of OpenSSL API calls. -gn On 09.03.23 12:27, Gustaf Neumann wrote: > > On 08.03.23 21:52, Andrew Piskorski wrote: >> Building the NaviServer head (latest code from 2023-03-02), I'm >> getting two "make test" failures, both from aead::encrypt (below). >> Any advice for me on what the problem might be, > > My first suspicion is the version of OpenSSL in use. OpenSSL is a > moving target. > If i see correctly, there is a version "1.1.1-1ubuntu2.1~18.04.21" in > place for > Ubuntu 18.04 will all updates. It this what you are using? > > Options: > - Upgrade of OpenSSL (i have just tested an installation with 18.04 + > OpenSSL 3) > - Upgrade of Ubuntu (18.04 is not the youngest) > - Downgrade of NaviServer: there were changes between NaviServer > 4.99.23 and .24 > concerning support of OpenSSL 3.0 - using newer API calls - so maybe > these newer API calls are available in this version of OpenSSL, but > not fully functioning yet. > > ... and of course, provide a fix to "make it work" also in your > combination. > > -gn > > >> or how I should >> further track it down? (Thanks!) >> >> This is on an old Ubuntu 18.04.4 LTS machine, using gcc 8.4.0, and Tcl >> 8.6.13. My built-from-source Tcl includes nsf 2.4.0, Thread 2.8.9, >> tdom 0.9.3, and tcllib 1.20. >> >> >> ## Excerpts from "make test" output: >> >> [08/Mar/2023:15:23:16][11421.7f2097bfc700][-command-] Notice: >> SSL_shutdown(33) has failed: error:14094123:SSL >> routines:ssl3_read_bytes:application data after close notify >> ns_crypt.test >> ns_crypto.test >> >> ==== aead-1.0 aead::encrypt FAILED >> ---- Result was: >> bytes 0 tag 32 >> ---- Result should have been (exact matching): >> bytes 22 tag 32 >> ==== aead-1.0 FAILED >> >> ==== aead-1.1 aead::encrypt and decrypt FAILED >> ---- Test generated error; Return code was: 1 >> ---- Return code should have been one of: 0 2 >> ==== aead-1.1 FAILED >> >> Tests ended at Wed Mar 08 15:24:13 EST 2023 >> all.tcl: Total 1998 Passed 1971 Skipped 25 Failed 2 >> Sourced 71 Test Files. >> Files with failing tests: ns_driver.test >> Number of tests skipped for each constraint: >> 19 !usingExternalToUtf >> 2 binaryMismatch >> 1 copyAliasBug >> 2 knownBug >> 1 stress >> Makefile:236: recipe for target 'test' failed >> make: *** [test] Error 130 >> -- Univ.Prof. Dr. Gustaf Neumann Head of the Institute of Information Systems and New Media of Vienna University of Economics and Business Program Director of MSc "Information Systems" |
|
From: Gustaf N. <ne...@wu...> - 2023-03-09 11:28:02
|
On 08.03.23 21:52, Andrew Piskorski wrote: > Building the NaviServer head (latest code from 2023-03-02), I'm > getting two "make test" failures, both from aead::encrypt (below). > Any advice for me on what the problem might be, My first suspicion is the version of OpenSSL in use. OpenSSL is a moving target. If i see correctly, there is a version "1.1.1-1ubuntu2.1~18.04.21" in place for Ubuntu 18.04 will all updates. It this what you are using? Options: - Upgrade of OpenSSL (i have just tested an installation with 18.04 + OpenSSL 3) - Upgrade of Ubuntu (18.04 is not the youngest) - Downgrade of NaviServer: there were changes between NaviServer 4.99.23 and .24 concerning support of OpenSSL 3.0 - using newer API calls - so maybe these newer API calls are available in this version of OpenSSL, but not fully functioning yet. ... and of course, provide a fix to "make it work" also in your combination. -gn > or how I should > further track it down? (Thanks!) > > This is on an old Ubuntu 18.04.4 LTS machine, using gcc 8.4.0, and Tcl > 8.6.13. My built-from-source Tcl includes nsf 2.4.0, Thread 2.8.9, > tdom 0.9.3, and tcllib 1.20. > > > ## Excerpts from "make test" output: > > [08/Mar/2023:15:23:16][11421.7f2097bfc700][-command-] Notice: SSL_shutdown(33) has failed: error:14094123:SSL routines:ssl3_read_bytes:application data after close notify > ns_crypt.test > ns_crypto.test > > ==== aead-1.0 aead::encrypt FAILED > ---- Result was: > bytes 0 tag 32 > ---- Result should have been (exact matching): > bytes 22 tag 32 > ==== aead-1.0 FAILED > > ==== aead-1.1 aead::encrypt and decrypt FAILED > ---- Test generated error; Return code was: 1 > ---- Return code should have been one of: 0 2 > ==== aead-1.1 FAILED > > Tests ended at Wed Mar 08 15:24:13 EST 2023 > all.tcl: Total 1998 Passed 1971 Skipped 25 Failed 2 > Sourced 71 Test Files. > Files with failing tests: ns_driver.test > Number of tests skipped for each constraint: > 19 !usingExternalToUtf > 2 binaryMismatch > 1 copyAliasBug > 2 knownBug > 1 stress > Makefile:236: recipe for target 'test' failed > make: *** [test] Error 130 > -- Univ.Prof. Dr. Gustaf Neumann Head of the Institute of Information Systems and New Media of Vienna University of Economics and Business Program Director of MSc "Information Systems" |
|
From: Andrew P. <at...@pi...> - 2023-03-08 21:10:19
|
Building the NaviServer head (latest code from 2023-03-02), I'm getting two "make test" failures, both from aead::encrypt (below). Any advice for me on what the problem might be, or how I should further track it down? (Thanks!) This is on an old Ubuntu 18.04.4 LTS machine, using gcc 8.4.0, and Tcl 8.6.13. My built-from-source Tcl includes nsf 2.4.0, Thread 2.8.9, tdom 0.9.3, and tcllib 1.20. ## Excerpts from "make test" output: [08/Mar/2023:15:23:16][11421.7f2097bfc700][-command-] Notice: SSL_shutdown(33) has failed: error:14094123:SSL routines:ssl3_read_bytes:application data after close notify ns_crypt.test ns_crypto.test ==== aead-1.0 aead::encrypt FAILED ---- Result was: bytes 0 tag 32 ---- Result should have been (exact matching): bytes 22 tag 32 ==== aead-1.0 FAILED ==== aead-1.1 aead::encrypt and decrypt FAILED ---- Test generated error; Return code was: 1 ---- Return code should have been one of: 0 2 ==== aead-1.1 FAILED Tests ended at Wed Mar 08 15:24:13 EST 2023 all.tcl: Total 1998 Passed 1971 Skipped 25 Failed 2 Sourced 71 Test Files. Files with failing tests: ns_driver.test Number of tests skipped for each constraint: 19 !usingExternalToUtf 2 binaryMismatch 1 copyAliasBug 2 knownBug 1 stress Makefile:236: recipe for target 'test' failed make: *** [test] Error 130 -- Andrew Piskorski <at...@pi...> |
14 messages has been excluded from this view by a project administrator.
