support admin server restart --force

Signed-off-by: Jason Volk <jason@zemos.net>
This commit is contained in:
Jason Volk 2024-07-03 04:46:50 +00:00
parent 7658387a74
commit 5edd391e83
4 changed files with 62 additions and 6 deletions

View file

@ -1,4 +1,4 @@
use conduit::{warn, Result};
use conduit::{warn, Error, Result};
use ruma::events::room::message::RoomMessageEventContent;
use crate::services;
@ -102,7 +102,17 @@ pub(super) async fn reload(_body: Vec<&str>) -> Result<RoomMessageEventContent>
}
#[cfg(unix)]
pub(super) async fn restart(_body: Vec<&str>) -> Result<RoomMessageEventContent> {
pub(super) async fn restart(_body: Vec<&str>, force: bool) -> Result<RoomMessageEventContent> {
use conduit::utils::sys::current_exe_deleted;
if !force && current_exe_deleted() {
return Err(Error::Err(
"The server cannot be restarted because the executable was tampered with. If this is expected use --force \
to override."
.to_owned(),
));
}
services().server.restart()?;
Ok(RoomMessageEventContent::notice_plain("Restarting server..."))

View file

@ -51,7 +51,10 @@ pub(super) enum ServerCommand {
#[cfg(unix)]
/// - Restart the server
Restart,
Restart {
#[arg(short, long)]
force: bool,
},
/// - Shutdown the server
Shutdown,
@ -77,7 +80,9 @@ pub(super) async fn process(command: ServerCommand, body: Vec<&str>) -> Result<R
#[cfg(conduit_mods)]
ServerCommand::Reload => reload(body).await?,
#[cfg(unix)]
ServerCommand::Restart => restart(body).await?,
ServerCommand::Restart {
force,
} => restart(body, force).await?,
ServerCommand::Shutdown => shutdown(body).await?,
})
}

View file

@ -34,3 +34,34 @@ pub fn available_parallelism() -> usize {
.expect("Unable to query for available parallelism.")
.get()
}
/// Return a possibly corrected std::env::current_exe() even if the path is
/// marked deleted.
///
/// # Safety
/// This function is declared unsafe because the original result was altered for
/// security purposes, and altering it back ignores those urposes and should be
/// understood by the user.
pub unsafe fn current_exe() -> Result<std::path::PathBuf> {
use std::path::PathBuf;
let exe = std::env::current_exe()?;
match exe.to_str() {
None => Ok(exe),
Some(str) => Ok(str
.strip_suffix(" (deleted)")
.map(PathBuf::from)
.unwrap_or(exe)),
}
}
/// Determine if the server's executable was removed or replaced. This is a
/// specific check; useful for successful restarts. May not be available or
/// accurate on all platforms; defaults to false.
#[must_use]
pub fn current_exe_deleted() -> bool {
std::env::current_exe().map_or(false, |exe| {
exe.to_str()
.map_or(false, |exe| exe.ends_with(" (deleted)"))
})
}

View file

@ -2,10 +2,20 @@
use std::{env, os::unix::process::CommandExt, process::Command};
use conduit::{debug, info};
use conduit::{debug, info, utils};
pub(super) fn restart() -> ! {
let exe = env::current_exe().expect("program path must be identified and available");
// SAFETY: We have allowed an override for the case where the current_exe() has
// been replaced or removed. By default the server will fail to restart if the
// binary has been replaced (i.e. by cargo); this is for security purposes.
// Command::exec() used to panic in that case.
//
// We can (and do) prevent that panic by checking the result of current_exe()
// prior to committing to restart, returning an error to the user without any
// unexpected shutdown. In a nutshell that is the execuse for this unsafety.
// Nevertheless, we still want a way to override the restart preventation (i.e.
// admin server restart --force).
let exe = unsafe { utils::sys::current_exe().expect("program path must be available") };
let envs = env::vars();
let args = env::args().skip(1);
debug!(?exe, ?args, ?envs, "Restart");