š¾ Archived View for gemini.omarpolo.com āŗ post āŗ one-year-of-gmid.gmi captured on 2022-01-08 at 13:39:27. Gemini links have been rewritten to link to archived content
ā¬ ļø Previous capture (2021-11-30)
ā”ļø Next capture (2022-06-03)
-=-=-=-=-=-=-
Written while listening to āDriver 8ā by R.E.M..
Published: 2021-10-12
Tagged with:
The first commit in gmid git repository was the 2 October of the last year, with the 1.0 being tagged a couple of days later 2020-10-07. I wanted to publish this on some days ago, exactly one year after the first release, but I couldnāt make it in time.
gmid has been my introduction to Gemini. I think Iāve wrote about it before, but the first time Iāve used a Gemini client (I think it was amfora, not sure) was to see if gmid was acting correctly. Overall, Iām happy of how gmid has grown in this year. Itās also the first bit of code I wrote that gave me the impression it was useful to others, and it still make my day when I hear someone says that theyāre using it.
Incidentally, Iāve also uploaded this capsule a year ago, on the 4th of October. (I can tell thanks to a certain TLS certificate expiring.)
I took it as a chance to think about the project and where Iām headed.
The first version, compared to what gmid is now, is almost a joke. It was a single C file, ~500 LOC, with a hand-written loop around poll(2) to serve multiple clients using a single thread. Nothing fancy, but it worked. No CGI scripts, no FastCGI, no directory listings, no configuration, just serving static files.
Then it slowly grew. First with CGI scripts support, then by adding a flexible configuration file, later by improving the performance (and the code!) thanks to libevent and finally by adding FastCGI support.
The configuration file was added at the beginning of this year, around the 15 January. Looking back, I can say that adding a configuration file was the major turning point for gmid. It allowed it to become one of the most featureful gemini servers available today, but it also kinda shifted the point: gmid was not merely a simple zero-conf gemini server, but something more complex.
Adding a configuration file was the right choice I think, after all Iām developing gmid so it can be useful *to me* in the first place, and I needed more flexibilty, but once you have a configuration file itās difficult to say ānoā and donāt add features. This was one of the lessons learned. In some sense, a configuration file is a way to add āinfinite extensibilityā to a program.
Developing gmid allowed me to study and apply the idea of sandboxing a process. Iām talking about āself-sandboxingā, that is when a process voluntarily restricts itself, not to āexternalā sandboxes like a jail, LXC, apparmor or SELinux or ā¦ Iām more interested in the former kind more than the latter because itās 1) primarily under the control of the developer and 2) doesnāt require any kind of setup on the users part.
gmid is the only server I know that sandboxes itself on multiple OSes. On OpenBSD uses pledge and unveil, on FreeBSD capsicum and on linux seccomp and landlock (if available).
To be honest, this is not something Iām particularly happy of. It would be better if the whole ecosystem employed these techniques. OpenBSDā unveil and the new Linuxā landlock API in particular shouldnāt be hard to use even in high level languages.
If youāre using OpenBSD I know two other Gemini server that are are properly sandboxed:
I like the idea of āfinished softwareā. I donāt think that finishing a project means throwing it in the trash can and ignoring it, it still needs attentions, but most of the work should be the occasional bug fixing and documentation improvements. Or at least thatās the idea.
I have a long plan to finish gmid. It should take two releases. Hope Iām not too optimistic, but Iām serious about finishing this project.
The next release, v1.8 still without a code name, would be probably the last version to introduce a bunch of new features, other than the usual improvements.
Iāve restructured the server internally and reworked the FastCGI implementation: I still havenāt done any benchmarking even if I expect improvements, but more importantly the code is more clear, easier to follow, and possible bugs will stand out more.
The test suite was also restructured and now is easier to reply only a subset of the tests, something thatās really useful during debugging sessions, but also doesnāt stop anymore at the first error. Instead, it continues with the next test and produce a nice report with the falling tests.
Talking about new features, Iām drafting the proxying code: gmid will be able to relay gemini requests to other servers if configured to do so. Iām particularly exited for this because itāll allow to deploy the duckling-proxy on my server, protect it with the ārequire client caā rule and use it from all my devices.
Once thatās in place, Iād like to find a way to allow gmid proxy *other protocols* stream to some backend application. The idea would be to allow to easily set up a, say, titan server and have gmid relay the data. (Iām still not sure whether titan is a good idea or not, but Iād like to play a bit with it.) There will probably be limitation on the kinds of protocols gmid will be able to relay, but thatās OK.
(This is not a comprehensive list of the improvements; as always, check out the ChangeLog.)
The last release, v1.9 will instead focus only on internal changes. I want to bring gmid up to the same level of quality of the OpenBSD daemons. Well, at least thatās the goal ;-)
This means that 1.9 will focus on re-execāing the children process, improve the imsg message passing and making it fully asynchronous (which will also improve the overall performance.) These three points seems really easy when written, but due to how the server expects the data to flow internally, will take some time.
I already have a diff that rewrites how the gmid process are managed, but itās not complete and simply too complex.
In the meantime Iām also trying to improve the documentation. Iāve imported the sources of the official gemini capsule and web site into the repository to simplify my workflow and make easier for other people to contribute. Iāve also started to write a quickstart page that covers how to set up a capsule using gmid:
and added two scripts to the ācontribā directory: gencert and renew-certs. Gencerts is a simple wrapper around openssl to create self-signed certificates, while renew-certs is something meant to be run in a cronjob and checks for certificate expiration. It can renew and restart the server too. I think Iāll write more about these in the following days.
-- text: CC-BY-SA-4.0; code: public domain unless specified otherwise
For comments, write at < blog at omarpolo dot com > or @op@bsd.network in the fediverse.