[announce] skarnet.org November 2023 release

From: Laurent Bercot <ska-skaware_at_skarnet.org>
Date: Mon, 06 Nov 2023 14:17:20 +0000


  New versions of all the skarnet.org packages are available.
  This is a big one, fixing a lot of small bugs, optimizing a lot behind
the scenes, adding some functionality. Some major version bumps were
necessary, which means compatibility with previous versions is not
guaranteed; updating the whole stack is strongly recommended.

  Also, tipidee is out! If you've been looking for a small inetd-like
Web server that is still standards-compliant and fast, you should
definitely check it out.

skalibs- (major)
nsss- (release)
utmps- (release)
execline- (minor)
s6- (major)
s6-rc- (release)
s6-linux-init- (minor)
s6-portable-utils- (release)
s6-linux-utils- (minor)
s6-dns- (minor)
s6-networking- (major)
mdevd- (release)
smtpd-starttls-proxy- (release)
bcnm- (release)
dnsfunnel- (release)
tipidee- (new!)

  * skalibs-

  This version of skalibs adds a lot of new sysdeps, a lot of new
functions, and changes to existing functions, in order to support
the new features in other packages.
  The most important change is the new cspawn() function, providing
an interface to posix_spawn() with support for most of its options
with a fork() fallback for systems that do not have it.
  What this means is that on systems supporting posix_spawn(), the
number of calls to fork() in the whole skarnet.org stack has been
significantly reduced. This is important for programs where spawning
a new process is in a hot path - typically s6-tcpserver.

  Updating skalibs is a prerequisite for updating any other part of
the skarnet.org stack.
  Once you've updated skalibs, you probably don't *have to* update
the rest; old versions of packages should generally build with the new
skalibs as is, and if indeed they do, nothing should break. But it is
a major update, so there are no guarantees; please update to the
latest versions at your convenience.


  * execline-

  - execlineb now has a dummy -e option (it does nothing). This is so
it can be used as a replacement for a shell in more environments.
Also, execline programs use fork() a lot less, so overall execline
script performance is better.
  - The multicall setup did not properly install symbolic links for
execline programs; this is fixed, and is fixed as well as in other
packages supporting a multicall setup (s6-portable-utils and


  * s6-

  - s6 programs use fork() less.
  - New -s option to s6-svc, to send a signal by name or number.
  - s6-svscan has been entirely rewritten, in order to handle logged
services in a more logical, less ad-hoc way. It should also be more
performant when running as init for a system with lots of s6-supervise
processes (improved reaping routine).
  - The obsolete (and clunky) s6lockd subsystem has been deleted.
s6-setlock now implements timed locking in a much simpler way.


  * s6-linux-init-

  - New -v option to s6-linux-init-maker, setting the boot verbosity.
  - Several small bugfixes, one of them being crucial: now your
systems shut down one second faster!


  * s6-linux-utils-

  - Support for the minflt and majflt fields in s6-ps.


  * s6-dns-

  - Support for on-demand /etc/hosts data in s6-dnsip and s6-dnsname.
It is achieved by first processing /etc/hosts into a cdb, then looking
up data in the cdb. You can, if you so choose, perform this processing
in advance via a new binary: s6-dns-hosts-compile.


  * s6-networking-

  This is the package that has undergone the biggest changes.

  - No more s6-tcpserver{4,6}[d]. IPv4 and IPv6 are now handled by the
same program, s6-tcpserver, which chainloads into a unique long-lived
one, s6-tcpserverd.
  - s6-tcpserver now exports TCPLOCALIP and TCPLOCALPORT without the
need to invoke s6-tcpserver-access.
  - s6-tcpserver-access does not hardcode a warning when it is
invoked without a ruleset. It can now just be used for additional data
gathering (such as TCPREMOTEHOST) without jumping through hoops.
  - s6-tcpserverd has been thoroughly optimized for performance. It will
handle as heavy a load as the underlying system will allow.
  - Yes, this means you can now use s6-tcpserver to serve 10k clients.
  - s6-tlsc and s6-tlsd have been deforked.
  - This means establishing a TCP + TLS connection is lighter on CPU
usage and has shorter latency, which is important if, example chosen
at random, you're going to serve files over HTTPS.


  * tipidee-

  - Finally, it's officially released! The skarnet.org web server.
  - Full HTTP/1.1 support with virtual domains, CGI support,
customizable headers, customizable error pages, and more.
  - Works under s6-tcpserver/s6-tlsserver. Or another TCP or TLS
super-server, even inetd, if you insist - but you won't get the
same kind of performance.


  And, as always, bug-reports are welcome.

Received on Mon Nov 06 2023 - 15:17:20 CET

This archive was generated by hypermail 2.4.0 : Mon Nov 06 2023 - 15:17:53 CET