right now, theres no kernel that stores hostowner keys
in #r/nvram, but this could change in the future. so
only dump #r/nvram on the pc where we know that its
not used to hold keys.
the rcpu client dup's fd 0,1,2 to fd 10,11,12 which
can accidentally override the pipe file descriptor
allocated by the <{} operator. to avoid this problem,
we generate the remote script as an /env file in a
separate step now.
this is a reimplementation of cpu and import utilities in rc using a tlsclient
and tlssrv as the encryption and authentication layers. there is only one new
service, which after authentication and encryption setup accepts an arbitrary
rc script over the network and executes it with the standard filedescriptors
redirected to the conversaion (this is *after* authentication and in the
context of the authorized user).
the new rcpu program has a few improvements over cpu(1):
- doesnt mangle program arguments
- the remote process will get the clients standard file descriptors, so error
and output are separated and you can consume the clients input from the
remote side :-)
- forwards error status of remote process
theres no backwards mode for rimport, but a new program called rexport
for the same purpose.
all these services use exportfs without the bolted on initial handshake,
so the hope is to clean up exportfs in the future and remove all the ugly
crap in there.
theres a bootstrap problem:
when /bin/init is run, it processes /lib/namespace where we might want to
mount or bind resources to /n or /mnt. but mntgen was run later in
cpurc/termrc so these mounts would be ignored.
we already have mntgen in bootfs, so we can provide these mountpoints early.
i keep the termrc/cpurc mntgens where they are, but ignore the error
prints. this way old kernels will continue to work.
libdraw was attempting to bind '#i' and '#m' to /dev when it could not find
/dev/mouse or /dev/draw. a library shouldnt be that clever and do namespace
manipulations on behalf of the caller. so instead, we setup the graphics
environment in screenrc on boot time.
changing procmode has the nasty side effect that notes cannot
be posted to them, prventing sysfatal() and threadexitsall()
to cleanup properly.
recent kernels also check the noswap flag to void killing them
in out of memory condition, so this is really all we need now.
care has to be taken when splitting the host into SERVER_NAME and SERVER_PORT,
as ipv6 uses : in the host part. also do it consistently, the host can be set
thru the request uri and the host header.
set REMOTE_USER to empty string to prevent accidents.
we do not handle chunked transfer encoding, just assuming the client doesnt
do keep alive is wrong. we have to reject the post when the client tries
chunked post with 411 "Length required" error.
The mode printed under the -l option contains 11 characters,
interpreted as follows: the first character is
d if the entry is a directory;
a if the entry is an append-only file;
- if the entry is a plain file.
Therefore, handle them in automatically generated directory listings.
apache sends Content-Encoding: gzip header for Content-Type: application/x-gzip
causing hget to decompress tgz files.
from the w3c:
The Content-Encoding entity-header field is used as a modifier to the media-type.
When presented, its value indicates what additional content codings have been applied
to the entity-body, and thus what decoding mechanisms must be applied in order to
obtail the media-type referenced by the Conent-Type header field. Content-Encoding
is primarily used to allow a document to be compressed without losing the
identity of its underlying media type.
this is clearly silly, as the file is already compressed, and decompressing it
will not yield the indicated Content-type: application/x-gzip, but a tarball.
examples:
http://zlib.net/zlib-1.2.8.tar.gzhttps://www.mirbsd.org/MirOS/dist/mir/mksh/mksh-R50f.tgz
previously ircrc dialed through /net itself and resolved ips on its own. this prevented the use of an ip address, and also prevented use of ipv6. now you can use an ip, or a dns name that resolves to ipv6. the -T flag is also added to use tlsclient for encrypted connections.
previously, we setup mouse only when vgasize= was specifid in
plan9.ini. with efi systems, the framebuffer is already setup
for us and theres no requirement for going thru aux/vga setup,
but we still want to setup the mouse.
so do the mouseport= check once theres a framebuffer by testing
the existence of '#i/winname' (which fails when thers no
framebuffer).
we used to look for /^Plan 9$/ for the start of kernel
boot messages in /dev/kmesg. but the xen kernel prints
Plan 9 (.....) on boot. so just look for line starting
with /^Plan 9/ for now.