platform compatibility for pahes 1-4.
* What's new
+- The systemtap client and compile server are now available.
+ These allow you to compile a systemtap module on a host other than
+ the one which it will be run, providing the client and server
+ are compatible. Other than using a server for passes 1 through
+ 4, the client behaves like the 'stap' front end itself. This
+ means, among other things, that the client will automatically
+ load the resulting module on the local host unless -p[1234]
+ was specified.
+
+ The client/server now use SSL for network connection security and
+ for signing.
+
+ See stap-server(8) for more details.
+
- The stap "-r DIR" option may be used to identify a hand-made kernel
build directory. The tool determines the appropriate release string
automatically from the directory.
yet current lkml-track utrace; a "pass 4a"-time build failure means
your system cannot use this yet.
-- Prototype systemtap client and compile server are now available.
- These allow you to compile a systemtap module on a host other than
- the one which it will be run, providing the client and server
- are compatible. Other than using a server for passes 1 through
- 4, the client behaves like the 'stap' front end itself. This
- means, among other things, that the client will automatically
- load the resulting module on the local host unless -p[1234]
- was specified.
-
- This client/server implementation is a prototype. It provides
- NO NETWORK SECURITY OF ANY KIND and should be used only
- among trusted hosts on a trusted network.
-
- See stap-server(8) for more details.
-
- Global variables which are written to but never read are now
automatically displayed when the session does a shutdown. For example:
fatal "`pwd`/$tmpdir_server/META-INF does not exist or is not a directory"
# See if there is a systemtap temp directory
- tmpdir_stap=`ls $tmpdir_server | grep stap`
- tmpdir_stap=`expr "$tmpdir_stap" : "\\\(stap......\\\)"`
+ tmpdir_stap=`cd $tmpdir_server && ls | grep stap......\$ 2>/dev/null`
if test "X$tmpdir_stap" != "X"; then
test -d $tmpdir_server/$tmpdir_stap || \
- fatal "`pwd`/$tmpdir_server/$tmpdir_stap is not a directory"
+ fatal "$tmpdir_server/$tmpdir_stap is not a directory"
# Move the systemtap temp directory to a local temp location, if -k
# was specified.
test -f $nss_pw || \
fatal "Unable to find SSL certificate database password file $nss_pw"
nss_cert=stap-server
+
+ touch $tmpdir_server/stdout
+ touch $tmpdir_server/stderr
}
# function: unpack_request
# Identify the client's request tree. The zip file should have expanded
# into a single directory named to match $tmpdir_prefix_client.??????
# which should now be the only item in the current directory.
- test "`ls | wc -l`" = 1 || \
+ test "`ls | wc -l`" = 3 || \
fatal "Wrong number of files after expansion of client's zip file"
- tmpdir_client=`ls`
- tmpdir_client=`expr "$tmpdir_client" : "\\\($tmpdir_prefix_client\\\\.......\\\)"`
+ tmpdir_client=`ls | grep $tmpdir_prefix_client.......\$`
test "X$tmpdir_client" != "X" || \
fatal "Client zip file did not expand as expected"
# Move the client's temp directory to a local temp location
local local_tmpdir_client=`mktemp -dt $tmpdir_prefix_server.client.XXXXXX` || \
- fatal "Cannot create temporary zip file " $local_tmpdir_client
+ fatal "Cannot create temporary client request directory " $local_tmpdir_client
mv $tmpdir_client/* $local_tmpdir_client
rm -fr $tmpdir_client
tmpdir_client=$local_tmpdir_client
# Add the necessary info from files in our temporary directory.
cmdline=`read_data_file cmdline`
test "X$cmdline" != "X" || exit 1
+
+ eval parse_options "$cmdline"
+
client_sysinfo=`read_data_file sysinfo`
test "X$client_sysinfo" != "X" || exit 1
#
# Make sure that systemtap as described by SYSINFO1 and SYSINFO2 are compaible
function check_compatibility {
+ # Compatibility is irrelevant if the request is not for phase 5 activity.
+ test $p_phase -lt 5 && return
+
# TODO: This needs work
# - Make sure the linux kernel matches exactly
local sysinfo1=$1
# Fatal error
# Prints its arguments to stderr and exits
function fatal {
- echo "$0`: ERROR:" "$@" >> $tmpdir_server/stderr
+ echo "$0: ERROR:" "$@" >> $tmpdir_server/stderr
+ echo -n 1 > $tmpdir_server/rc
+ package_response
cleanup
exit 1
}
# Non fatal error
# Prints its arguments to stderr but does not exit
function error {
- echo "$0`: ERROR:" "$@" >> $tmpdir_server/stderr
+ echo "$0: ERROR:" "$@" >> $tmpdir_server/stderr
}
# function cleanup
initialization "$@"
unpack_request
check_request
-eval parse_options "$cmdline"
call_stap
create_response
package_response
.br
.B stap\-client
[
+.B \-\-server=\fIHOSTNAME\fR|\fIIP_ADDRESS\fR[\fB:\fIPORT\fR]
+]
+[
+.B \-\-ssl=
+.I DIRNAME
+]
+[
.I ARGUMENTS
]
The systemtap server listens for connections from
.I stap\-client
-on the local network and accepts requests to run the
+on a secure SLL network port and accepts requests to run the
.I stap
front end.
advertises its presence on the local network using the
.I avahi
daemon. If the server is successfully started, its process id is
-echoed to stdout and the exit code is 0. Otherwise, nothing is echoed and the exit code is 1.
+echoed to stdout and the exit code is 0. Otherwise, \-1 is echoed and the exit code is 1.
.PP
The
.IR stap\-find\-servers .
If a compatible server is found,
.I stap\-find\-or\-start\-server
-echos '0' to stdout and the exit code is 0. Otherwise
+echoes '0' to stdout and the exit code is 0. Otherwise
.I stap\-find\-or\-start\-server
attempts to start a server on the local network using
.IR stap\-start\-server .
.I stap
front end except that it attempts to find a compatible systemtap server on the
local network and then attempts to use that server for actions related to
-passes 1 through 4. Pass 5 actions, if requested, are performed on the localhost
-using
+passes 1 through 4. Pass 5 actions, if requested, are performed on the local
+host using
.IR staprun .
Upon successful completion, the exit code is 0. Otherwise the exit code
is 1.
program requires a process id argument which identifies the server to be stopped.
.PP
-The
-.I stap\-client
-program accepts the same arguments and options as the
+In addition to the options accepted by the
.I stap
-front end.
+front end,
+.I stap\-client
+accepts the following options:
+
.SH EXAMPLES
See the
.PP
where PID is the process id that was echoed.
-
.SH SAFETY AND SECURITY
Systemtap is an administrative tool. It exposes kernel internal data
structures and potentially private user information. See the
manual page for additional information on safety and security.
.PP
-The systemtap server and its related utilities are prototypes only. NO NETWORK
-SECURITY OF ANY KIND IS CURRENTLY PROVIDED. These programs should only be used
-among trusted hosts on a trusted network.
+The systemtap server and its related utilities use the Secure Socket Layer
+(SSL) as implemented by Network Security Services (NSS)
+for network security and the NSS tools
+.B certutil
+and
+.B signtool
+for the generation of certificates and for signing respectively. The related
+certificate databases must be protected in order to maintain the security of
+the system.
+Use of the utilities provided will help to ensure that the proper protection
+is maintained. The systemtap client and server will both check for proper
+access permissions before making use of any certificate database.
.SH SEE ALSO
.IR stap (1),
.IR stapprobes (5),
.IR stapfuncs (5),
.IR stapex (5),
+.IR NSS,
+.IR certutil,
+.IR signtool
.SH BUGS
Use the Bugzilla link off of the project web page or our mailing list.