1. 07 May, 2019 1 commit
  2. 06 May, 2019 2 commits
  3. 02 May, 2019 5 commits
  4. 01 May, 2019 3 commits
  5. 30 Apr, 2019 2 commits
  6. 26 Apr, 2019 13 commits
  7. 24 Apr, 2019 2 commits
  8. 23 Apr, 2019 7 commits
  9. 22 Apr, 2019 1 commit
  10. 19 Apr, 2019 2 commits
    • David Johnson's avatar
      Better handle systemd-networkd chattiness in control net search. · 126ef78e
      David Johnson authored
      systemd-networkd and friends have become very chatty.  This commit
      is about turning down the noise.  It also removes PreferredLiftime=forever
      because it is no longer valid where it used to be, and cannot be used
      apparently in the DHCP case.  Seems that the default is now "forever"
      anyway, so it's now irrelevant to us.  (Older systemd-networkds would
      set the address lifetime to the advertised lease.)
      
      We also only mark an iface with CriticalConnection=yes once that iface
      has been chosen as the control net.  We used to just mark them all
      in the udev helper so that we didn't have to modify the generated
      config after successful detection, but now systemd-networkd complains
      about bringing down a searched-but-not-control-net interface if
      it is critical.  So, avoid that.
      
      Finally, I added `-q` to our invocation of systemd-networkd-wait-online,
      and increased the timeout with which we call it.  Timeout increase is
      because we would get spurious event loop disconnect messages without it;
      and q to quiet it in other ways.  Ugh.
      126ef78e
    • David Johnson's avatar
      Remove m2crypto from sslxmlrpc_server; enable ssl handshake timeout by default. · fccfee60
      David Johnson authored
      Now we rely on the builtin SocketServer and ssl modules.  This combination is
      basically feature-equivalent to m2crypto, for our purposes.  The hack that
      sets a socket timeout to prevent non-ssl clients tying up the server's main
      thread (see commit 381e67a3) remains, but is significantly easier.  The
      problem is that the ssl.SSLSocket.accept method combines both the accept()
      on the server socket, and the ssl handshake "accept", into one function call,
      so we don't get an opportunity to propagate the finite timeout from the
      server socket to the client.  Thus, we override SSLSocket.accept in our own
      derived class, and avoid using the ssl module's various wrap_socket helpers.
      
      It seems reasonable to enable this by default, especially now that we're
      no longer vulnerable to m2crypto version variance.
      
      I also added real argument processing to make it easier to run devel versions.
      fccfee60
  11. 18 Apr, 2019 2 commits