deblan-mirror/reaction
1
0
Fork 0
mirror of https://framagit.org/ppom/reaction synced 2026-03-14 12:45:47 +01:00
Code Issues Projects Releases Packages Wiki Activity
618 commits 6 branches 26 tags 1.6 MiB
Commit graph

618 commits

This branch
This branch
All branches
Author SHA1 Message Date
ppom
285954f7cd
 		Remove outdated FIXME 2026-02-18 12:00:00 +01:00
ppom
dc51d7d432
 		Add support for macOS 2026-02-17 12:00:00 +01:00
ppom
488dc6c66f
 		Update release instructions 2026-02-15 12:00:00 +01:00
ppom
88c99fff0f
 		Fix install instructions 2026-02-12 12:00:00 +01:00
ppom
645d72ac1e
 		.gitignore cleanup 2026-02-12 12:00:00 +01:00
ppom
a7e958f248
 		Update ARCHITECTURE.md 2026-02-12 12:00:00 +01:00
ppom
5577d4f46f
 		reaction-plugin: Add metadata v2.3.0 2026-02-12 12:00:00 +01:00
ppom
a8cd1af78d
 		Set CapabiltyBoundingSet again 2026-02-12 12:00:00 +01:00
ppom
2f57f73ac9
 		Fix systemd functionality 
- Non-absolute WorkingDirectory was refused by systemd
- Plugin specific-conf updated

Improvements:
- ReadOnlyPaths=/
- ProtectHome=true in release builds
- SystemCallFilter further restricted

Disabled:
- DynamicUser: breaks stdio communication, FIXME!
- RestrictAddressFamilies: seems impossible to override to default.
- CapabilityBoundingSet: too restrictive
 2026-02-12 12:00:00 +01:00
ppom
d629d57a7e
 		Change ipset version option from 4/6/46 to ipv4/ipv6/ip 2026-02-12 12:00:00 +01:00
ppom
3c20d8f008
 		Fix merging of systemd options 2026-02-12 12:00:00 +01:00
ppom
5a030ffb7e
 		Make systemd default options more accessible for users by moving them up 2026-02-12 12:00:00 +01:00
ppom
a4ea173c13
 		Do not permit options key when stream/action is not a plugin 2026-02-12 12:00:00 +01:00
ppom
3a61db9e6f
 		plugin: shutdown: add function that permit graceful shutdown by signal 
Handling SIGTERM (etc) signals permit graceful shutdown, cleaning of resources etc.

Added in ipset and cluster.
 2026-02-12 12:00:00 +01:00
ppom
b4313699df
 		systemd: Let reaction stop its subprocesses before killing them 
systemd by default send SIGTERM to all processes in the cgroup, which
doesn't let reaction handle the shutdown of its plugins.
This is fixed by adding KillMode=mixed.
 2026-02-12 12:00:00 +01:00
ppom
270c6cb969
 		systemd service: config file must live in /etc/reaction/ 
This is a breaking change, but it unifies config
for yaml, json, jsonnet and directory users.
 2026-02-12 12:00:00 +01:00
ppom
15f923ef64
 		Safeguard against users executing plugins themselves 
main_loop now first checks that it has been started with the `serve` argument.
If not, it prints an info message and quits.
 2026-02-11 12:00:00 +01:00
ppom
a37a5e5752
 		release v2.3.0 
- cross-rs project doesn't compile anymore: switching to debian12-amd64 only binary release
- package virtual plugin in reaction .deb
- package ipset plugin in separate .deb with its required libipset-dev dependency
 2026-02-11 12:00:00 +01:00
ppom
a8651bf2e0
 		Removal of nft46 and ip46tables 2026-02-11 12:00:00 +01:00
ppom
b07b5064e9
 		Improve reaction-plugin developer documentation 2026-02-11 12:00:00 +01:00
ppom
b7d997ca5e
 		Slight change on the "no audit" sentence 2026-02-09 12:00:00 +01:00
ppom
cce850fc71
 		Add recommandation on ipset or nftables rather than plain iptables 2026-02-09 12:00:00 +01:00
ppom
109fb6d869
 		Adapt reaction core to plugin interface change 2026-02-09 12:00:00 +01:00
ppom
ae28cfbb31
 		cluster: adapt to plugin interface change 2026-02-09 12:00:00 +01:00
ppom
b0dc3c56ad
 		ipset: adapt to plugin interface change 2026-02-09 12:00:00 +01:00
ppom
57d6da5377
 		virtual: adapt to plugin interface change 2026-02-09 12:00:00 +01:00
ppom
12fc90535a
 		Change plugin interface: oneshot load_config and start 
Instead of multiple stream_impl / action_impl and one finish_setup.
This made plugin implementations awkward: they often got some conf and
couldn't determine if it was valid or not.
Now they get all the conf in one function and don't have to keep partial
state from one call to another.

This has the other important benefit that configuration loading is
separated from startup. This will make plugin lifecycle management less
clunky.
 2026-02-09 12:00:00 +01:00
ppom
62933b55e4
 		Start plugins after start commands 
Because stop commands run after plugins' shutdown, so it seems better
that commands embrace ({ plugins }).

Fix outdated comment about aborting on startup.
 2026-02-09 12:00:00 +01:00
ppom
34e2a8f294
 		plugin: simpler crate version retrieval 2026-02-09 12:00:00 +01:00
ppom
41bc3525f8
 		Fix time-based test sometimes failing by increasing sleep 2026-02-09 12:00:00 +01:00
ppom
5ce773c8e5
 		cluster: ignore integration tests for now 2026-02-09 12:00:00 +01:00
ppom
6914f19fb8
 		fix assert_cmd::cargo_bin deprecation warning 2026-02-09 12:00:00 +01:00
ppom
7cd4a4305d
 		fix: merge plugins in configuration 2026-02-09 12:00:00 +01:00
ppom
c39fdecef3
 		ipset: add tests for configuration 2026-02-09 12:00:00 +01:00
ppom
885e6b7ef7
 		ipset: re-arrange spacing in logs 2026-02-09 12:00:00 +01:00
ppom
516e6956ab
 		fix double-printing of square brackets in plugin logs 2026-02-09 12:00:00 +01:00
ppom
79ec6d279f
 		ipset: Manuel e2e test does pass 2026-02-09 12:00:00 +01:00
ppom
a83c93ac9d
 		ipset: do not shutdown plugin when one action errors 2026-02-09 12:00:00 +01:00
ppom
47947d18db
 		ipset: Fix dumb bug due to future not awaited 
The edge case is so dumb, cargo is supposed to tell me about this ><

Just learnt that Python never warns about this btw:
https://trio.readthedocs.io/en/v0.9.0/tutorial.html#warning-don-t-forget-that-await
 2026-02-09 12:00:00 +01:00
ppom
915e308015
 		Better plugin process management 
following stderr: task doesn't use shutdown anymore. It will simply follow
stderr until the end of reaction, which at worst is a negligible
memory leak if reaction continues running.
I tried closing stderr on the plugin side with a raw syscall of the file
descriptor, but reaction side doesn't see that stderr is closed.
So I can't rely on that.
Quitting when shutdown.wait() returns is too early, because that's also
what makes reaction asking for the plugin to close(), and it can print
important logs during its shutdown.
The task ignoring all the shutdown part is dead simple and is most likely
correct everytime.

updated the wording of plugin-related errors.

also replaced futures::select! { future, sleep() } with more concise and
macro-less tokio::timeout.
 2026-02-09 12:00:00 +01:00
ppom
41b8a661d2
 		Print on stderr instead of stdout 
...stdout is already taken by remoc ;)
 2026-02-09 12:00:00 +01:00
ppom
87a25cf04c
 		Extract ipset options from action options so that it's globally merged 
Actions don't manage sets anymore.
Set options are merged at each new action,
then Sets are managed by themselves.
 2026-02-09 12:00:00 +01:00
ppom
d6b6e9096b
 		ipset: Add the add/del option, journal orders & deduplicate them 2026-02-09 12:00:00 +01:00
ppom
3ccd471b45
 		ipset: so much ~~waow~~ code 2026-02-09 12:00:00 +01:00
ppom
3a6260fa26
 		reaction-plugin-ipset: first work session 2026-02-09 12:00:00 +01:00
kol3rby
959c32c01e Fix project not compiling on BSD & Solaris systems 2026-02-09 11:03:00 +01:00
ppom
05c6c1fbce
 		Fix tests 
I initially wrote those tests with a test secret key file in the same directory.
Better having them write their own secret key file in their own dir
than a dangling test file in source code and be sensitive to the directory tests are run in.
 2026-01-19 12:00:00 +01:00
ppom
615d721c9a
 		cluster: Upgrade iroh to 0.95.1 2026-01-19 12:00:00 +01:00
ppom
19ee5688a7
 		Testing with clusters of up to 15 nodes. Fails at ~6 to 9 nodes. 
Still a "connection lost" issue.
Happens irregularly.
Nodes tend to ignore incoming connections because their id is too small.
I should debug why it is the case.
Nodes may succeed to recreate connections,
but they should not lose connections on localhost like that...
 2026-01-19 12:00:00 +01:00
ppom
fb6f54d84f
 		Disable test where one plugin is in multiple nodes of one cluster. Test pass! 2026-01-19 12:00:00 +01:00