Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

50 most recent check-ins by user wyoung

Wrapping a few calls to vfile_check_signature() from the new local diff code in unprotect/pop call pairs to squish a DB protection error. ... (check-in: 1b3ef05ef9 user: wyoung tags: ui-local-diff)
Brought the ui-local-diff branch up to date relative to trunk. It isn't a simple merge, primarily due to all the changes to /vdiff and /fdiff made over the past 2 years. It seems to work as well as it originally did, but it isn't ready to merge down to trunk as-is. ... (check-in: 76fa165763 user: wyoung tags: ui-local-diff)
Replaced a standalone "diffFlags" variable in the /fdiff handler with use of the new DiffConfig.diffFlags member. No functional change, just a code cleanup found while working on another branch. Making it on trunk to keep that branch's diffs minimal. ... (check-in: 65d97f23f6 user: wyoung tags: trunk)
Small fix to the nojail patch; accidentally lost the [80faedbc] change in the shuffle. ... (check-in: 7a6cf9dd24 user: wyoung tags: trunk)
Removed the two "mknod" calls from the Dockerfile in the nojail patch used by Podman rootless containers. Not only is the build user not allowed to run mknod in that case, there will be a /dev tree mapped into the container, causing the commands to fail due to these two basic dev nodes preexisting. ... (check-in: d97a8fb17e user: wyoung tags: trunk)
No longer running "fossil" with a relative path ("bin/fossil") at the end of the Dockerfile, but instead relying on the hard-coded PATH defined a few sections prior. This allows the same command to work for both the rootful and rootless cases since moving the binary into /usr/bin/fossil to placate nspawn. Before, it was /jail/bin vs /bin, so the difference netted out to nothing. ... (check-in: 80faedbc51 user: wyoung tags: trunk)
Fixed a copy-paste error in the Podman sections of the container doc: was using "docker" commands instead of "podman" in a few places. That'll work for people who aliased them, but it's confusing. ... (check-in: 6eefa9b0d7 user: wyoung tags: trunk)
Removed use of UPX in the container build process. It complicates the build for a tiny gain while breaking ARM builds. We worked around the ARM-on-ARM case earlier, but it also breaks x86 cross-compilation on ARM. Images are already compressed, and while `upx -9` is stronger compression than whatever Docker Engine is using, it's a small advantage. This does mean the static executable isn't compressed any more on x86, but if you want that, you can UPX it afterward. ... (check-in: da545c9e79 user: wyoung tags: trunk)
Generating the /etc/os-release file for the OCI container using autosetup at configure time rather than from a build arg in the Dockerfile at image creation time. This lets us back out the use of heredocs in the Dockerfile, which isn't supported in Podman at all as of this writing and under Docker requires use of BuildKit rather than the legacy "docker build" mechanism. The primary consequence of doing it this way is that the Fossil version number in that generated file becomes the configure-time version, unconditionally. The old way let you override the FSLVER variable at image build time and have that value put into the os-release file. Under this new scheme, you now have to run "/jail/bin/fossil version" to find out what version of Fossil got baked into the image. ... (check-in: ec8ef573b3 user: wyoung tags: trunk)
Modernized several old URLs, changing "http" to "https" where absolute URLs are necessary, and using site-relative URLs otherwise. Also found and fixed a reference to, which doesn't seem to resolve any more. ... (check-in: 143f1db75f user: wyoung tags: trunk)
Removed pointless "udc=1" parameters from a few Fossil file links from the docs. ... (check-in: 40d912aec1 user: wyoung tags: trunk)
Added named anchors to the "Image Format vs Fossil Repo Size" doc so I can refer to one in particular. ... (check-in: 7de2410f74 user: wyoung tags: trunk)
Updated the macOS sidebar in the doc to cover Ventura. ... (check-in: a55042a015 user: wyoung tags: trunk)
Grammar and spelling fix pass on the new nspawn material in the containers doc. ... (check-in: 5405aa5738 user: wyoung tags: trunk)
Typo fixes ... (check-in: 00e4d91e28 user: wyoung tags: trunk)
Assorted prose polishing in the new systemd-container section at the end of the containers doc. ... (check-in: 120a207631 user: wyoung tags: trunk)
Added a few more "container-*" targets to the main makefile to simplify the examples in the containers doc and make the resulting images and containers easier to manage. ... (check-in: b7edb5f1c5 user: wyoung tags: trunk)
Merged two redundant discussions of the consequences of disabling private network virtualization under systemd-container infrastructure, then added better reasons why the reader might care. ... (check-in: 7055433695 user: wyoung tags: trunk)
Updates to the systemd service doc, primarily to refer the reader to the new containerized runner methods, but also to add other tips. ... (check-in: ad09d3eee0 user: wyoung tags: trunk)
Updated the nojail patch so it'll apply atop the new Dockerfile changes. ... (check-in: 45e0475ca7 user: wyoung tags: trunk)
Worked out how to get systemd-container (a.k.a. nspawn + machinectl) working with the stock Fossil container. Following the above commits, it's pure documentation. Removed the runc and crun docs at the same time since this is as small as crun while being more functional; there's zero reaon to push through all the additional complexity of those even lower-level tools now that this method is debugged and documented. ... (check-in: 930a655a14 user: wyoung tags: trunk)
Added empty /tmp and /run directories to the "OS image" layer of the stock container in case someone is mounting the base layer read-only with tmpfs mounted atop these points. (Seen with "systemd-nspawn --read-only" but might affect other runtimes.) ... (check-in: 0733be502b user: wyoung tags: trunk)
Container build changes to allow systemd-nspawn to recognize it as an "OS tree:" * Added a dummied-up /etc/os-release file * Moved several programs from /bin to /usr/bin, since existence of /usr is how it decides if the rootfs you point it at contains an OS image. Bogus, but [ | that's how it is]. Had to switch to buildx to make this work, so I could use heredocs in the first step. ... (check-in: f74ddbce71 user: wyoung tags: trunk)
Added "container-clean" target to cleanup after the other container-* targets. ... (check-in: e119d59836 user: wyoung tags: trunk)
Tried to get "--with-tcl=1" working in the containerized build, but failed, so I documented the reason why it isn't going to work given our current design goals and pointed at an alternative with different tradeoffs. ... (check-in: fb1bfce16d user: wyoung tags: trunk)
Added the FSLCFG Dockerfile build arg and showed how to use it in the containers doc, plus other improvements to the doc while in there. ... (check-in: e2277aad16 user: wyoung tags: trunk)
Put a "sleep 1" into "make container-run" before the step that shows the container logs to ensure we show everything it says on startup. Added this on seeing just the first line of output due to a race condition, so I missed the generated admin password. ... (check-in: 4429e10f6d user: wyoung tags: trunk)
The "container-run" target now runs "container-image" conditionally, building it only if it wasn't created in a prior step. This allows custom image builds followed by a one-command way of running that built image. Without this, the custom image gets stomped on. ... (check-in: a9e862b887 user: wyoung tags: trunk)
Reverted the build hack to strip out all but the default and darkmode skins in the stock Dockerfile. That was done to cater to a wish for extremely small ARM builds, for fun, not for any practical reason. It conflicts with a key philosophy behind this container project, to create stock Fossil builds by default. "make container-image" should get you a functionally identical binary inside the container as "./configure && make" does outside it. ... (check-in: 3e95d94583 user: wyoung tags: trunk)
Prefixing each shell script section in the Dockerfile with "set -x" broke the checks to prevent running UPX on ARM builds. You can still get release container builds on ARM by copying this fixed Dockerfile to your release checkout. ... (check-in: b4c3d9a13e user: wyoung tags: trunk)
Also documented the new "clone -u -v" feature. ... (check-in: 0d61fd2310 user: wyoung tags: trunk)
Since it seems my clone -u fixes are going to stick, documented them in the changelog. ... (check-in: 02631e3500 user: wyoung tags: trunk)
The check for whether to continue during sync due to outstanding "uvgimme" requests was being skipped in clone -u mode due to misordered tests at the end of the client side of the sync protocol. ... (check-in: 52648d0384 user: wyoung tags: trunk)
Since "fossil uv sync -v" turns on UV trace mode, made "fossil clone -u -v" enable that mode as well, since otherwise there's no way to get into UV trace mode during clone. (e.g. There is no global "--uvtrace" option.) ... (check-in: cdd58b1fbf user: wyoung tags: trunk)
Consolidated two related tests in the sync protocol to avoid re-testing a flag twice and to bring related code closer together. ... (check-in: 6293b28209 user: wyoung tags: trunk)
Corrected a difference in the case of a SQLite table name. The DBMS doesn't care, but it risks missing relevant references to this table when searching with a case-sensitive text editor. ... (check-in: 1b1887cb69 user: wyoung tags: trunk)
Typo fix in the 2.20 changelog ... (check-in: c301250872 user: wyoung tags: trunk)
Grammar fix ... (check-in: 658547aa7c user: wyoung tags: trunk)
Assorted fixes and improvements to the doc ... (check-in: 27458ef7ba user: wyoung tags: trunk)
Updated the debian/ doc for Ubuntu 22.04. The biggie is simplifying the TLS configuration, since the manual method we used to have no longer seems to be required with current versions of Certbot. ... (check-in: 716ae7c069 user: wyoung tags: trunk)
Fixed a few references to the obsolete doc. (It became part of the overall server doc long ago.) ... (check-in: 780b58bccf user: wyoung tags: trunk)
Assorted updates surrounding my fslsrv wrapper: * Reflected improvements from the version into this simpler alternative. Although we don't generally recommend use of this script any more, preferring systemd to get autostart on boot and autorestart on crash, www/server/any/ still refers to this script, and it feels like a regression to remove it. If someone is interested in simple-as-possible SCGI service, fslsrv is a fit companion. * Removed direct reference to fslsrv from www/server/debian/ since the indirect reference via the SCGI doc suffices. * The full-strength nginx doc now refers to both of these fslsrv variants in a handwavy way, since it's outside the scope of that doc to care how you get your background SCGI servers running. ... (check-in: 1cbcb38cc9 user: wyoung tags: trunk)
Added hyperlinks to the new changelog entries referencing the files in question. ... (check-in: 2c127ba7aa user: wyoung tags: trunk)
Closing off the containers project: added the doc to the permuted index, noted the changes in the changelog, and removed all the hedging about WAL mode in the doc, having failed to make WAL fail in this scenario. ... (check-in: 92982dc4e2 user: wyoung tags: trunk)
Replaced most of the speculation in the walmode section of the containers doc with a link to the walbanger project, where we'll be answering this question. ... (check-in: 96633067d5 user: wyoung tags: trunk)
Mentioned containerd+nerdctl in place of runc in the containers doc. A tightened-up version of the prior runc and crun sections are now collected below the Podman section. This gives a better flow: each successive option is smaller than the last, excepting only nspawn, which is a bit bigger than crun. (We leave nspawn last because we can't get it to work!) ... (check-in: 457c14a490 user: wyoung tags: trunk)
Updated the "nojail" patch for our Dockerfile to track the recent changes: rename back from and the layer refactoring. It does essentially the same thing as before. ... (check-in: 19abf0ac13 user: wyoung tags: trunk)
Broke the Dockerfile up into more layers to allow better local caching at build time. Further optimized build time by producing the Fossil source tarball from the local repo instead of hitting the home site if you use the container-image target, since we can be reasonably certain you're working from a repo checkout and thus have all the info available here locally already. ... (check-in: 1da464eeb9 user: wyoung tags: trunk)
Expanded the paragraph on WAL mode interactions in the container doc into a full section, placed higher up, immediately after the first use of Docker's "--volume" flag, to explain why we don't map just the repo DB file, but the whole directory it sits in. Even if we later convince ourselves WAL is safe under this scenario, it'll be conditional at best, so some remnant of this section must remain, no matter which way the experiments go. ... (check-in: 698587d41d user: wyoung tags: trunk)
Renamed back to Dockerfile so it can be used as-is on non-autosetup systems. Realized that we can pass the Fossil checkin hash prefix in as a build arg instead of regenerating the file on disk from auto.def. If you use the Dockerfile as-shipped, you get a "trunk" build, which risks a stale cache — it thinks it already has a tarball by that name and helpfully refuses to pull it again — but at least Windows users get *something* without hand-hacking the file. ... (check-in: b0c9c26a9c user: wyoung tags: trunk)