đŸ Archived View for gemini.omarpolo.com âș post âș gmid-1.7.gmi captured on 2024-03-21 at 15:33:23. Gemini links have been rewritten to link to archived content
âŹ ïž Previous capture (2023-01-29)
-=-=-=-=-=-=-
Your preferred Gemini server, updated!
Written while listening to âSpace-Dye Vestâ by Dream Theater.
Published: 2021-07-10
Tagged with:
Early today, this hot Saturday morning, I tagged a new version of gmid. As always, this release is dubbed after a song, this time itâs one of my favourites by Dream Theater: âSpace-dye Vestâ. It has nothing to do with space other than the title, but itâs a really good song. Itâs also one of their saddest songs, you have been warned.
This 1.7 brings in a lot of new stuff, improvements and bugfixes. One of the most interesting things is, in my opinion, the initial FastCGI work. I think FastCGI could work really well in a Gemini context, as itâs a easy way to have servers that acts like reverse proxies and forward the requests to backends application. Itâs better than a TLS-relay because it can forward information about client certificates to the application, something thatâs impossible otherwise, and itâs lighter too!
Another interesting feature is that itâs now possible to specify the ârootâ directory per-location block, that along with the improved handling of âstripâ allows really flexible setups like â~userâ directories, for instance. This feature in particular was inspired by a concern raised by cage on #gemini-it over at libera.chat, thanks!
The new macro support is also pretty cool IMHO. It allows to define variables in the configuration file or from the cli with the â-Dâ flag to simplify the configuration file and cut some repetitions. Itâs known to be used in a systemd setup with the LoadCertificates option in order to start gmid with non-root privileges but still letting it read the keys.
(To be honest, thereâs nothing wrong with starting gmid as root, but please do use the âchrootâ and âuserâ rules to drop priviledges and chroot into a safe sandbox. Also, self-signed certs are cool! But this is just my opinion.)
The last thing Iâd like to mention (the whole changelog is at the end of this entry) is the pidfile support. The new (optional!) â-P pidfileâ flag makes gmid write its pid at the given location, that itâs also used as a lockfile to avoid spawning multiple instances by accident. This was a feature request, and from what I can see it was already included in the Gentoo overlay GURU package.
Recently Iâve started a new secret project. Itâs yet another daemon, for a not-so-famous (but pretty) protocol. While working on this, instead of starting from scratch I cannibalised a lot of code from the OpenBSDâ rad(8) daemon. I chose it because itâs rad (sorry, I just had to make a stupid pun) and because it seems pretty simple, so I can easily swap out the code that implements the logic and write my own stuff.
Oh my, I was impressed. Itâs well known that the OpenBSD project produces simple, solid code thatâs secure by default and so on; but itâs not something you can fully understand if you donât look at the sources. Just by inheriting that code, I had for free a complete privsep framework, where every child process is re-execâed to gain a completely new and fresh address space, a solid imsg infrastructure to send messages around (also used to reload the configuration on-the-fly), the glorious parse.y, and a socket to control the daemon via a cli tool. And did I mention that all the messages via imsg are completely 100% asynchronous?!
So, for the next version Iâd like to replicate some of this. Itâll require some changes under the hood, so probably the next changelog wonât be as rich as this, but itâs worth.
Iâd also like to improve the log management. To be honest, it was one of those things that I intended to do for this release, but failed to do so. I have a local diff to allow logging to custom files, but I donât like the implementation and so I dropped it; weâll see for the next release. Patches are always welcome :P
-- text: CC0 1.0; code: public domain (unless specified otherwise). No copyright here.