Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
50 events by user wyoung occurring around 2022-10-07 22:15:16.
|
2022-12-01
| ||
| 00:14 | Updates to the systemd service doc, primarily to refer the reader to the new containerized runner methods, but also to add other tips. ... (check-in: ad09d3eee0 user: wyoung tags: trunk) | |
|
2022-11-30
| ||
| 23:32 | Updated the nojail patch so it'll apply atop the new Dockerfile changes. ... (check-in: 45e0475ca7 user: wyoung tags: trunk) | |
| 23:09 | Worked out how to get systemd-container (a.k.a. nspawn + machinectl) working with the stock Fossil container. Following the above commits, it's pure documentation. Removed the runc and crun docs at the same time since this is as small as crun while being more functional; there's zero reaon to push through all the additional complexity of those even lower-level tools now that this method is debugged and documented. ... (check-in: 930a655a14 user: wyoung tags: trunk) | |
| 21:27 | Added empty /tmp and /run directories to the "OS image" layer of the stock container in case someone is mounting the base layer read-only with tmpfs mounted atop these points. (Seen with "systemd-nspawn --read-only" but might affect other runtimes.) ... (check-in: 0733be502b user: wyoung tags: trunk) | |
| 15:24 | • Edit [f74ddbce71cd05f9|f74ddbce71]: Edit check-in comment. ... (artifact: 73efbb36ba user: wyoung) | |
| 15:23 | Container build changes to allow systemd-nspawn to recognize it as an "OS tree:" * Added a dummied-up /etc/os-release file * Moved several programs from /bin to /usr/bin, since existence of /usr is how it decides if the rootfs you point it at contains an OS image. Bogus, but [https://github.com/systemd/systemd/blob/98eb99b7e84dcdc39b6e8c00585f74f256f7cfcb/src/nspawn/nspawn.c#L5647 | that's how it is]. Had to switch to buildx to make this work, so I could use heredocs in the first step. ... (check-in: f74ddbce71 user: wyoung tags: trunk) | |
| 14:29 | Added "container-clean" target to cleanup after the other container-* targets. ... (check-in: e119d59836 user: wyoung tags: trunk) | |
| 12:59 | Tried to get "--with-tcl=1" working in the containerized build, but failed, so I documented the reason why it isn't going to work given our current design goals and pointed at an alternative with different tradeoffs. ... (check-in: fb1bfce16d user: wyoung tags: trunk) | |
| 12:32 | Added the FSLCFG Dockerfile build arg and showed how to use it in the containers doc, plus other improvements to the doc while in there. ... (check-in: e2277aad16 user: wyoung tags: trunk) | |
| 12:23 | Put a "sleep 1" into "make container-run" before the step that shows the container logs to ensure we show everything it says on startup. Added this on seeing just the first line of output due to a race condition, so I missed the generated admin password. ... (check-in: 4429e10f6d user: wyoung tags: trunk) | |
| 12:19 | The "container-run" target now runs "container-image" conditionally, building it only if it wasn't created in a prior step. This allows custom image builds followed by a one-command way of running that built image. Without this, the custom image gets stomped on. ... (check-in: a9e862b887 user: wyoung tags: trunk) | |
| 11:44 | Reverted the build hack to strip out all but the default and darkmode skins in the stock Dockerfile. That was done to cater to a wish for extremely small ARM builds, for fun, not for any practical reason. It conflicts with a key philosophy behind this container project, to create stock Fossil builds by default. "make container-image" should get you a functionally identical binary inside the container as "./configure && make" does outside it. ... (check-in: 3e95d94583 user: wyoung tags: trunk) | |
|
2022-11-16
| ||
| 20:53 | Prefixing each shell script section in the Dockerfile with "set -x" broke the checks to prevent running UPX on ARM builds. You can still get release container builds on ARM by copying this fixed Dockerfile to your release checkout. ... (check-in: b4c3d9a13e user: wyoung tags: trunk) | |
|
2022-10-28
| ||
| 19:48 | Also documented the new "clone -u -v" feature. ... (check-in: 0d61fd2310 user: wyoung tags: trunk) | |
| 19:45 | Since it seems my clone -u fixes are going to stick, documented them in the changelog. ... (check-in: 02631e3500 user: wyoung tags: trunk) | |
|
2022-10-27
| ||
| 17:56 | The check for whether to continue during sync due to outstanding "uvgimme" requests was being skipped in clone -u mode due to misordered tests at the end of the client side of the sync protocol. ... (check-in: 52648d0384 user: wyoung tags: trunk) | |
| 17:15 | Since "fossil uv sync -v" turns on UV trace mode, made "fossil clone -u -v" enable that mode as well, since otherwise there's no way to get into UV trace mode during clone. (e.g. There is no global "--uvtrace" option.) ... (check-in: cdd58b1fbf user: wyoung tags: trunk) | |
| 16:01 | Consolidated two related tests in the sync protocol to avoid re-testing a flag twice and to bring related code closer together. ... (check-in: 6293b28209 user: wyoung tags: trunk) | |
| 15:13 | Corrected a difference in the case of a SQLite table name. The DBMS doesn't care, but it risks missing relevant references to this table when searching with a case-sensitive text editor. ... (check-in: 1b1887cb69 user: wyoung tags: trunk) | |
|
2022-10-26
| ||
| 18:28 | Typo fix in the 2.20 changelog ... (check-in: c301250872 user: wyoung tags: trunk) | |
|
2022-10-09
| ||
| 01:11 | Grammar fix ... (check-in: 658547aa7c user: wyoung tags: trunk) | |
|
2022-10-07
| ||
| 23:28 | Assorted fixes and improvements to the ssl.wiki doc ... (check-in: 27458ef7ba user: wyoung tags: trunk) | |
| 23:06 | Updated the debian/nginx.md doc for Ubuntu 22.04. The biggie is simplifying the TLS configuration, since the manual method we used to have no longer seems to be required with current versions of Certbot. ... (check-in: 716ae7c069 user: wyoung tags: trunk) | |
| 22:21 | Fixed a few references to the obsolete tls-nginx.md doc. (It became part of the overall nginx.md server doc long ago.) ... (check-in: 780b58bccf user: wyoung tags: trunk) | |
| 22:15 | Assorted updates surrounding my fslsrv wrapper: * Reflected improvements from the tangentsoft.com version into this simpler alternative. Although we don't generally recommend use of this script any more, preferring systemd to get autostart on boot and autorestart on crash, www/server/any/none.md still refers to this script, and it feels like a regression to remove it. If someone is interested in simple-as-possible SCGI service, fslsrv is a fit companion. * Removed direct reference to fslsrv from www/server/debian/service.md since the indirect reference via the SCGI doc suffices. * The full-strength nginx doc now refers to both of these fslsrv variants in a handwavy way, since it's outside the scope of that doc to care how you get your background SCGI servers running. ... (check-in: 1cbcb38cc9 user: wyoung tags: trunk) | |
|
2022-10-06
| ||
| 15:42 | Added hyperlinks to the new changelog entries referencing the files in question. ... (check-in: 2c127ba7aa user: wyoung tags: trunk) | |
| 02:44 | Closing off the containers project: added the doc to the permuted index, noted the changes in the changelog, and removed all the hedging about WAL mode in the doc, having failed to make WAL fail in this scenario. ... (check-in: 92982dc4e2 user: wyoung tags: trunk) | |
|
2022-09-26
| ||
| 22:29 | Replaced most of the speculation in the walmode section of the containers doc with a link to the walbanger project, where we'll be answering this question. ... (check-in: 96633067d5 user: wyoung tags: trunk) | |
|
2022-09-07
| ||
| 09:11 | Mentioned containerd+nerdctl in place of runc in the containers doc. A tightened-up version of the prior runc and crun sections are now collected below the Podman section. This gives a better flow: each successive option is smaller than the last, excepting only nspawn, which is a bit bigger than crun. (We leave nspawn last because we can't get it to work!) ... (check-in: 457c14a490 user: wyoung tags: trunk) | |
| 07:35 | Updated the "nojail" patch for our Dockerfile to track the recent changes: rename back from Dockerfile.in and the layer refactoring. It does essentially the same thing as before. ... (check-in: 19abf0ac13 user: wyoung tags: trunk) | |
|
2022-09-05
| ||
| 08:15 | Broke the Dockerfile up into more layers to allow better local caching at build time. Further optimized build time by producing the Fossil source tarball from the local repo instead of hitting the home site if you use the container-image target, since we can be reasonably certain you're working from a repo checkout and thus have all the info available here locally already. ... (check-in: 1da464eeb9 user: wyoung tags: trunk) | |
| 01:42 | Expanded the paragraph on WAL mode interactions in the container doc into a full section, placed higher up, immediately after the first use of Docker's "--volume" flag, to explain why we don't map just the repo DB file, but the whole directory it sits in. Even if we later convince ourselves WAL is safe under this scenario, it'll be conditional at best, so some remnant of this section must remain, no matter which way the experiments go. ... (check-in: 698587d41d user: wyoung tags: trunk) | |
|
2022-09-04
| ||
| 23:46 | Renamed Dockerfile.in back to Dockerfile so it can be used as-is on non-autosetup systems. Realized that we can pass the Fossil checkin hash prefix in as a build arg instead of regenerating the file on disk from auto.def. If you use the Dockerfile as-shipped, you get a "trunk" build, which risks a stale cache — it thinks it already has a tarball by that name and helpfully refuses to pull it again — but at least Windows users get *something* without hand-hacking the file. ... (check-in: b0c9c26a9c user: wyoung tags: trunk) | |
| 22:20 | Added a /jail/log directory to the container so someone can pass --errorlog and such to the Fossil instance and have a place to put it. It also acts as a mountpoint for appending to a log out on the host. ... (check-in: ed50ceee0d user: wyoung tags: trunk) | |
| 21:58 | /dev permissions were too tight in the container. They're still tighter than on a stock Ubuntu box, but they should suffice for Fossil's needs. ... (check-in: 8eeb95e127 user: wyoung tags: trunk) | |
| 12:55 | Restricted the container listeners to localhost in section 6 of the containers doc, and mentioned a few other items related to reverse proxying with nginx. ... (check-in: c9ab736f78 user: wyoung tags: trunk) | |
| 12:14 | Folded info from an exchange with the Podman devs into the container doc. ... (check-in: 80f4a1dd49 user: wyoung tags: trunk) | |
| 11:36 | Added section numbers to the containers doc (it was getting confusing) and added a few internal fragment IDs. ... (check-in: 4d51d52417 user: wyoung tags: trunk) | |
| 11:26 | Finished all the new topics planned for the new containers doc, adding sections on rootful Podman containers and on building via Docker but running via Podman, using Docker Hub as an intermediary to avoid building on the remote host. ... (check-in: 9c96e49995 user: wyoung tags: trunk) | |
| 09:27 | Sanitized a local port number out of previous ... (check-in: 3dfa458167 user: wyoung tags: trunk) | |
| 09:25 | Added my sad tale of failure and woe with systemd-nspawn to the container docs, both as a warning to those who follow, and as a cry for help to someone who can make this work. I can't be bothered to spend more time on it, but there's no point throwing the work away. ... (check-in: 1e8c665528 user: wyoung tags: trunk) | |
| 09:15 | Documented another cause to modify the "m" variable in the runc examples in the container docs. ... (check-in: bf5030883a user: wyoung tags: trunk) | |
| 08:09 | Added more jq filters to the runc examples to remove further problematic things left in the automatic conversion from the Docker container configuration file to the one we provide to runc. ... (check-in: 4e8c74797f user: wyoung tags: trunk) | |
| 07:15 | Worked through some difficulties here in applying the runc method on remote systems, then documented what I learned in the containers doc. ... (check-in: 56f4e2ce2f user: wyoung tags: trunk) | |
| 06:28 | Small fix to previous ... (check-in: d5695c8ef1 user: wyoung tags: trunk) | |
| 06:02 | Expanded the runc section of the container doc to cover "bundle" terminology and to show a method for rsyncing the bundle across to a remote host. Also explained why this is a bad idea unless you've got a rather constrained use case, lest people avoid using podman/docker in places where they could provide real value. ... (check-in: f9f13ce7a9 user: wyoung tags: trunk) | |
| 04:32 | Documented the runc and crun options for running a container, including the cryptic method for exporting an OCI bundle from Docker, allowing you to use both together: Docker Desktop on your big dev box in the office, then one of the two lightweight runtimes out in the cloud. ... (check-in: c9431ef4a3 user: wyoung tags: trunk) | |
| 02:35 | Added explicit instructions for patching the Dockerfile for the nojail/podman method and for mapping a single Fossil repo into the container rather than a directory. Also included my best current advice on using WAL mode in these contexts. ... (check-in: 87a23d2a7c user: wyoung tags: trunk) | |
| 02:15 | Removed a TODO-based section of the new containers doc that wasn't meant to be checked in yet. Made a few improvements to the new Podman material as well. ... (check-in: 5adf6c40d9 user: wyoung tags: trunk) | |
| 02:01 | Added the "Lightweight Alternatives to Docker" section to the new containers doc, currently limited to a tutorial on converting the stock Dockerfile to work under Podman in its default mode, creating a rootless container. This brings in the second container-related file at the root of the repo, the patch file for this, so we don't have to maintain two nearly-parallel Dockerfiles. As a bonus, it allows us to point to the patch from the prose, making explicit what we had to change. ... (check-in: f0399ea9ca user: wyoung tags: trunk) | |