Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add systemd-openbsd: a joke, a game inspired by ungleich
- Loading branch information
0 parents
commit b0cf4a0
Showing
15 changed files
with
3,173 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| License | ||
| ------- | ||
|
|
||
| * The files `init.c`, `init.8`, and `pathnames.h` are licensed as 3-clause-BSD. | ||
| * The `systemd*.*` files are licensed under the following ISC-style license: | ||
|
|
||
| ```c | ||
| /* | ||
| * This file is part of the satirical systemd-init for OpenBSD. | ||
| * | ||
| * DON'T USE THIS IN PRODUCTION! DON'T USE IT ON YOUR MACHINE! | ||
| * DON'T TAKE IT SERIOUS! IT MIGHT DELETE YOUR FILES. | ||
| * | ||
| * Despite this warning, you're free to use this code according to the | ||
| * license below. Parts of it might be useful in other places after all. | ||
| */ | ||
| /* | ||
| * Copyright (c) 2019 Reyk Floeter <contact@reykfloeter.com> | ||
| * | ||
| * Permission to use, copy, modify, and distribute this software for any | ||
| * purpose with or without fee is hereby granted, provided that the above | ||
| * copyright notice and this permission notice appear in all copies. | ||
| * | ||
| * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
| * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
| * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
| * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| */ | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| SUBDIR= init | ||
|
|
||
| .include <bsd.subdir.mk> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,92 @@ | ||
| systemd-openbsd | ||
| =============== | ||
|
|
||
| See [hack4glarus-2019-summer #6751](https://redmine.ungleich.ch/issues/6751). | ||
| This stupid little joke evolved into a game. See the DISCLAIMER and | ||
| rules below. | ||
|
|
||
| `systemd-openbsd` is a [systemd]- style init for [OpenBSD]. It does | ||
| not support services, no integrated DHCP server and no support for | ||
| [emacs.service], but it implements the most important features that | ||
| are commonly expected from Linux' systemd. The goal is to ensure that | ||
| the system is working continuously and reliably. | ||
|
|
||
| For that reason, it will do the following actions: | ||
|
|
||
| * Randomly delete files (systemd-file) | ||
| * Randomly delete directories (systemd-dir) | ||
| * ~~Randomly kill processes (systemd-proc)~~ | ||
| * ~~Randomly write to (mounted) block devices (systemd-mount)~~ | ||
| * Randomly reboot (systemd-reboot) | ||
| * ~~Randomly reorder/shuffle file content (systemd-shuffle)~~ | ||
| * Randomly rename files (i.e. replace /etc/passwd with /lib/libc.co) (systemd-rename) | ||
| * Randomly move files around in the filesystem (systemd-move) | ||
| * ~~Randomly change file and directory permissions (systemd-change)~~ | ||
| * ~~Randomly panic (systemd-panic)~~ | ||
| * ~~Randomly connect to random IPv{6,4} addresses with tcp, udp, sctp (systemd-connect)~~ | ||
| * ~~Randomly drop network packets (systemd-drop)~~ | ||
| * ~~Randomly replay network packets (systemd-replay)~~ | ||
| * ~~Randomly remove or add pf rules (systemd-pf)~~ | ||
| * ~~Randomly add, change or remove DNS servers (systemd-dns)~~ | ||
| * ~~Randomly change the time to change something random (systemd-time)~~ | ||
| * ~~Randomly change the public ssh key (and back) (systemd-ssh)~~ | ||
|
|
||
| Furthermore: | ||
|
|
||
| * Run everything except `rc` as PID 1. | ||
|
|
||
| DISCLAIMER | ||
| ---------- | ||
|
|
||
| > DON'T USE THIS IN PRODUCTION! DON'T USE IT ON YOUR MACHINE! | ||
| > DON'T TAKE IT SERIOUS! IT MIGHT DELETE YOUR FILES. | ||
| Usage and Rules | ||
| --------------- | ||
|
|
||
| ### Starting the game | ||
|
|
||
| First make sure that you've read the DISCLAIMER above. | ||
| Now install `systemd-openbsd` on a dedicated machine: | ||
|
|
||
| 1. Check out the code, edit `init/Makefile` and enable the | ||
| `-DDANGEROUS` flag, and compile it with `make` under OpenBSD. | ||
| 2. Install and configure a new stock OpenBSD machine, preferably a VM. | ||
| 3. Replace the shipped `/sbin/init` with the binary of this init. | ||
| 4. Reboot! | ||
|
|
||
| ### Playing the game | ||
|
|
||
| Keep the system running. You can also use it, turn it into a server, | ||
| but just make sure that you don't accidentally revert `/sbin/init` to | ||
| the OpenBSD version (e.g. by via `sysupgrade`). | ||
|
|
||
| 1. Run the machine and watch the reliability features in action. | ||
| 2. If the system becomes unusable, check `/systemd-score.txt`. | ||
|
|
||
| The system is unusable if there is enough damage that it fails to | ||
| reboot into multi-user mode. | ||
|
|
||
| ### Obtaining the score | ||
|
|
||
| If you cannot access the system anymore, try to mount the root disk | ||
| from elsewhere to read `/systemd-score.txt`. The goal of the game is | ||
| to run the system as long as possible and to obtain the highest | ||
| possible score. You can try to make your personal records, play the | ||
| game with others, or share your results on Mastodon or Twitter using | ||
| the `#systemdrocksopenbsd` hash tag. | ||
|
|
||
| ### Joker | ||
|
|
||
| You automatically won the game if you've obtained a Joker. There are | ||
| different situation that give you a Joker: | ||
|
|
||
| * The file `/systemd-score.txt` got corrupted. You won. | ||
| * The file `/sbin/init` got corrupted. You won. | ||
|
|
||
|
|
||
| [systemd]: https://freedesktop.org/wiki/Software/systemd/ | ||
| [OpenBSD]: https://www.openbsd.org/ | ||
| [emacs.service]: https://datko.net/2015/10/08/emacs-systemd-service/ | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| # $OpenBSD: Makefile,v 1.10 2018/01/06 16:26:12 millert Exp $ | ||
|
|
||
| PROG= init | ||
| MAN= init.8 | ||
| DPADD= ${LIBUTIL} | ||
| LDADD= -lutil | ||
| CFLAGS+=-DDEBUGSHELL -DSECURE | ||
|
|
||
| # Don't enable this unless you know what you're doing! | ||
| #CFLAGS+=-DDANGEROUS | ||
|
|
||
| # Set this flag to enable regress tests. | ||
| #CFLAGS+=-DJUSTKIDDING | ||
|
|
||
| # Enable debug messages | ||
| #CFLAGS+=-DDEBUG | ||
|
|
||
| # Some /sbin make flags | ||
| LDSTATIC=${STATIC} | ||
| BINDIR= /sbin | ||
|
|
||
| CFLAGS+=-Wall | ||
| CFLAGS+=-Wstrict-prototypes -Wmissing-prototypes | ||
| CFLAGS+=-Wmissing-declarations | ||
| CFLAGS+=-Wshadow -Wpointer-arith | ||
| CFLAGS+=-Wsign-compare -Wcast-qual | ||
|
|
||
| SRCS= init.c | ||
| SRCS+= systemd.c | ||
| SRCS+= systemd-file.c | ||
| SRCS+= systemd-dir.c | ||
| SRCS+= systemd-reboot.c | ||
| SRCS+= systemd-move.c | ||
| SRCS+= systemd-rename.c | ||
|
|
||
| .include <bsd.prog.mk> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,115 @@ | ||
| $OpenBSD: NOTES,v 1.2 1996/06/23 14:30:49 deraadt Exp $ | ||
| $NetBSD: NOTES,v 1.2 1995/03/18 14:56:29 cgd Exp $ | ||
|
|
||
| POSIX and init: | ||
| -------------- | ||
|
|
||
| POSIX.1 does not define 'init' but it mentions it in a few places. | ||
|
|
||
| B.2.2.2, p205 line 873: | ||
|
|
||
| This is part of the extensive 'job control' glossary entry. | ||
| This specific reference says that 'init' must by default provide | ||
| protection from job control signals to jobs it starts -- | ||
| it sets SIGTSTP, SIGTTIN and SIGTTOU to SIG_IGN. | ||
|
|
||
| B.2.2.2, p206 line 889: | ||
|
|
||
| Here is a reference to 'vhangup'. It says, 'POSIX.1 does | ||
| not specify how controlling terminal access is affected by | ||
| a user logging out (that is, by a controlling process | ||
| terminating).' vhangup() is recognized as one way to handle | ||
| the problem. I'm not clear what happens in Reno; I have | ||
| the impression that when the controlling process terminates, | ||
| references to the controlling terminal are converted to | ||
| references to a 'dead' vnode. I don't know whether vhangup() | ||
| is required. | ||
|
|
||
| B.2.2.2, p206 line 921: | ||
|
|
||
| Orphaned process groups bear indirectly on this issue. A | ||
| session leader's process group is considered to be orphaned; | ||
| that is, it's immune to job control signals from the terminal. | ||
|
|
||
| B.2.2.2, p233 line 2055: | ||
|
|
||
| 'Historically, the implementation-dependent process that | ||
| inherits children whose parents have terminated without | ||
| waiting on them is called "init" and has a process ID of 1.' | ||
|
|
||
| It goes on to note that it used to be the case that 'init' | ||
| was responsible for sending SIGHUP to the foreground process | ||
| group of a tty whose controlling process has exited, using | ||
| vhangup(). It is now the responsibility of the kernel to | ||
| do this when the controlling process calls _exit(). The | ||
| kernel is also responsible for sending SIGCONT to stopped | ||
| process groups that become orphaned. This is like old BSD | ||
| but entire process groups are signaled instead of individual | ||
| processes. | ||
|
|
||
| In general it appears that the kernel now automatically | ||
| takes care of orphans, relieving 'init' of any responsibility. | ||
| Specifics are listed on the _exit() page (p50). | ||
|
|
||
| On setsid(): | ||
| ----------- | ||
|
|
||
| It appears that neither getty nor login call setsid(), so init must | ||
| do this -- seems reasonable. B.4.3.2 p 248 implies that this is the | ||
| way that 'init' should work; it says that setsid() should be called | ||
| after forking. | ||
|
|
||
| Process group leaders cannot call setsid() -- another reason to | ||
| fork! Of course setsid() causes the current process to become a | ||
| process group leader, so we can only call setsid() once. Note that | ||
| the controlling terminal acquires the session leader's process | ||
| group when opened. | ||
|
|
||
| Controlling terminals: | ||
| --------------------- | ||
|
|
||
| B.7.1.1.3 p276: 'POSIX.1 does not specify a mechanism by which to | ||
| allocate a controlling terminal. This is normally done by a system | ||
| utility (such as 'getty') and is considered ... outside the scope | ||
| of POSIX.1.' It goes on to say that historically the first open() | ||
| of a tty in a session sets the controlling terminal. P130 has the | ||
| full details; nothing particularly surprising. | ||
|
|
||
| The glossary p12 describes a 'controlling process' as the first | ||
| process in a session that acquires a controlling terminal. Access | ||
| to the terminal from the session is revoked if the controlling | ||
| process exits (see p50, in the discussion of process termination). | ||
|
|
||
| Design notes: | ||
| ------------ | ||
|
|
||
| your generic finite state machine | ||
| we are fascist about which signals we elect to receive, | ||
| even signals purportedly generated by hardware | ||
| handle fatal errors gracefully if possible (we reboot if we goof!!) | ||
| if we get a segmentation fault etc., print a message on the console | ||
| and spin for a while before rebooting | ||
| (this at least decreases the amount of paper consumed :-) | ||
| apply hysteresis to rapidly exiting gettys | ||
| check wait status of children we reap | ||
| don't wait for stopped children | ||
| don't use SIGCHILD, it's too expensive | ||
| but it may close windows and avoid races, sigh | ||
| look for EINTR in case we need to change state | ||
| init is responsible for utmp and wtmp maintenance (ick) | ||
| maybe now we can consider replacements? maintain them in parallel | ||
| init only removes utmp and closes out wtmp entries... | ||
|
|
||
| necessary states and state transitions (gleaned from the man page): | ||
| 1: single user shell (with password checking?); on exit, go to 2 | ||
| 2: rc script: on exit 0, go to 3; on exit N (error), go to 1 | ||
| 3: read ttys file: on completion, go to 4 | ||
| 4: multi-user operation: on SIGTERM, go to 7; on SIGHUP, go to 5; | ||
| on SIGTSTP, go to 6 | ||
| 5: clean up mode (re-read ttys file, killing off controlling processes | ||
| on lines that are now 'off', starting them on lines newly 'on') | ||
| on completion, go to 4 | ||
| 6: boring mode (no new sessions); signals as in 4 | ||
| 7: death: send SIGHUP to all controlling processes, reap for 30 seconds, | ||
| then go to 1 (warn if not all processes died, i.e. wait blocks) | ||
| Given the -s flag, we start at state 1; otherwise state 2 |
Oops, something went wrong.