Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

daemon: --allow-private fixes #451

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

daemon: --allow-private fixes #451

wants to merge 3 commits into from

Conversation

martinetd
Copy link

The three commits are widely independent, if you don't agree with any of them I'd suggest just dropping the dubious patches, merge what we can, and continue with the other(s) more leisurely.

  • running a standalone daemon with --allow-private would fail on alpine, because rfc2553 is not explicitly enabled and the code chokes on ipv6 address parsing.
  • running a standalone daemon with no --allow option would print a big warning that --allow-private is assumed instead, but not actually do anything with it
  • lastly I'd suggest enabling rfc2553 by default, I'm not sure why it's not. If there's a compatibility problem somewhere make it autodetected? But I haven't found one and would assume it's more widely used? Looking at debian/fedora, debian uses it but not fedora...

Thanks!

@martinetd
daemon: fix --allow-private with RFC2553 disabled
032ac20 
Trying to run a distccd server with --allow-private would fail with
the following error in the native parsing path:

distccd[1] (dcc_parse_mask) ERROR: can't parse internet address "fe80::"
@martinetd
daemon: fix allow-private default if nothing specified
29b8181 
There is a big warning that --allow-private is used if no --allow block is specified,
but it is not actually enforced: the check on opt_allow_private happens
directly in parsing before it is set.
It just leaves opt_allowed set to NULL, which allows all inbound connections and is
not what the warning claims
@martinetd
configure: enable rfc2553 by default
b88e8a1 
not having rfc2553 makes ipv6 not working, and there is little reason
one would not want to use getaddrinfo etc functions nowadays
(tested to build on linux and freebsd)
vt-alt pushed a commit to altlinux/specs that referenced this pull request Sep 15, 2022
@asheplyakov
306859: distcc-3.4-alt8
ea62bf1 
- Repaired IP based access control (Closes: #42251)
- Added systemd unit file (Closes: #40669)
- Improved --allow-private, see distcc/distcc#451
- Removed clients.allow, commands.allow.sh: these have never ever worked
- Avoid infinite loop when DISTCC_BACKOFF is disabled, see
  distcc/distcc#434
- Refuse to distribute files with the `.incbin` assembler directive, see
  distcc/distcc#461
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@martinetd