đŸ’Ÿ Archived View for gemini.omarpolo.com â€ș post â€ș gmid-1.7.gmi captured on 2023-07-10 at 13:52:46. Gemini links have been rewritten to link to archived content

View Raw

More Information

âŹ…ïž Previous capture (2023-01-29)

-=-=-=-=-=-=-

gmid “Space-dye Vest” 1.7 update

Your preferred Gemini server, updated!

Written while listening to “Space-Dye Vest” by Dream Theater.

Published: 2021-07-10

Tagged with:

#gemini

#gmid

Early today, this hot Saturday morning, I tagged a new version of gmid. As always, this release is dubbed after a song, this time it’s one of my favourites by Dream Theater: “Space-dye Vest”. It has nothing to do with space other than the title, but it’s a really good song. It’s also one of their saddest songs, you have been warned.

This 1.7 brings in a lot of new stuff, improvements and bugfixes. One of the most interesting things is, in my opinion, the initial FastCGI work. I think FastCGI could work really well in a Gemini context, as it’s a easy way to have servers that acts like reverse proxies and forward the requests to backends application. It’s better than a TLS-relay because it can forward information about client certificates to the application, something that’s impossible otherwise, and it’s lighter too!

Another interesting feature is that it’s now possible to specify the ‘root’ directory per-location block, that along with the improved handling of ‘strip’ allows really flexible setups like ‘~user’ directories, for instance. This feature in particular was inspired by a concern raised by cage on #gemini-it over at libera.chat, thanks!

The new macro support is also pretty cool IMHO. It allows to define variables in the configuration file or from the cli with the ‘-D’ flag to simplify the configuration file and cut some repetitions. It’s known to be used in a systemd setup with the LoadCertificates option in order to start gmid with non-root privileges but still letting it read the keys.

(To be honest, there’s nothing wrong with starting gmid as root, but please do use the ‘chroot’ and ‘user’ rules to drop priviledges and chroot into a safe sandbox. Also, self-signed certs are cool! But this is just my opinion.)

The last thing I’d like to mention (the whole changelog is at the end of this entry) is the pidfile support. The new (optional!) ‘-P pidfile’ flag makes gmid write its pid at the given location, that it’s also used as a lockfile to avoid spawning multiple instances by accident. This was a feature request, and from what I can see it was already included in the Gentoo overlay GURU package.

Future plans

Recently I’ve started a new secret project. It’s yet another daemon, for a not-so-famous (but pretty) protocol. While working on this, instead of starting from scratch I cannibalised a lot of code from the OpenBSD’ rad(8) daemon. I chose it because it’s rad (sorry, I just had to make a stupid pun) and because it seems pretty simple, so I can easily swap out the code that implements the logic and write my own stuff.

Oh my, I was impressed. It’s well known that the OpenBSD project produces simple, solid code that’s secure by default and so on; but it’s not something you can fully understand if you don’t look at the sources. Just by inheriting that code, I had for free a complete privsep framework, where every child process is re-exec’ed to gain a completely new and fresh address space, a solid imsg infrastructure to send messages around (also used to reload the configuration on-the-fly), the glorious parse.y, and a socket to control the daemon via a cli tool. And did I mention that all the messages via imsg are completely 100% asynchronous?!

So, for the next version I’d like to replicate some of this. It’ll require some changes under the hood, so probably the next changelog won’t be as rich as this, but it’s worth.

I’d also like to improve the log management. To be honest, it was one of those things that I intended to do for this release, but failed to do so. I have a local diff to allow logging to custom files, but I don’t like the implementation and so I dropped it; we’ll see for the next release. Patches are always welcome :P

Changelog

New features

Improvements

Bug fixes

Breaking changes

-- text: CC0 1.0; code: public domain (unless specified otherwise). No copyright here.