Hexagon
Hexagon2y ago

IPC solution for a process manager

👋 I'm at day 7 of working on Pup (https://github.com/hexagon/pup) - a universal process manager run by Deno. Next step towards 1.0.0 is to allow one instance of pup to restart a process of another instance. Something like pup - Boots up the process ecosystem defined in pup.json of the current directory then pup --restart --id task-1 - Restart process named task-1 in the main process, print results, and exit. What are the options on this in Deno, while keeping everything nice and secure. Is there a stable IPC solution ready for Deno yet? Security considerations? The first that comes to mind is to use unix sockets, with maybe a common secret key defined in pup.json, that way, even if a evil process have access to the unix socket, it won't be able to command processes without the secret key. This would make the actual file permissions (read) to pup.json control who can control the process manager. Of cours normal unix socket permissions would be handled in some way. Good or bad? Cross platform considerations? Is the secret totally useless?
8 Replies
ioB
ioB2y ago
I’m not fully up to speed on how pup works (though I’ve been following its development!). Could you give a rundown of how you would see IPC being used with your current architecture?
Hexagon
HexagonOP2y ago
So, this is how IPC comminucation is supposed to work Docs: https://hexagon.github.io/pup/usage.html#controlling-running-instances "Client instance" is invoked with --restart task-1 as a cli parameter, client process locates an existing instance of pup using the same configuration, and sends a message { restart: 'task-1' } https://github.com/Hexagon/pup/blob/main/lib/main.ts#L118 "Main instance" have a watchdog function that, every 2 seconds, checks that all processes have the desired status, and acts if something needs to be done. A new step here is to poll the ipc-bus for new messages, and act on them. For example restarting a process, or terminate the entire application. https://github.com/Hexagon/pup/blob/e8ac7663553675ae6681eca87ad25d8bb9cf34b2/lib/core/pup.ts#L110 Currently, i've implemented a custom file based IPC mechanism, that is supposed to be replaced with a more secure alternative. https://github.com/Hexagon/pup/blob/e8ac7663553675ae6681eca87ad25d8bb9cf34b2/lib/core/ipc.ts#L1
ioB
ioB2y ago
Have you considered unix domain sockets? windows 10 has support for it
Hexagon
HexagonOP2y ago
Have considered it, but i did not think that were supported on windows Interesting Hmm, cant get it to work 
const listener = Deno.listen({ 
    path: "c:\\temp\\my.sock",
    transport: "unix"
});

listener.close()
const listener = Deno.listen({ 
    path: "c:\\temp\\my.sock",
    transport: "unix"
});

listener.close()
error: Uncaught TypeError: ops.op_net_listen_unix is not a function 
> deno --version
deno 1.31.3 (release, x86_64-pc-windows-msvc)
> deno --version
deno 1.31.3 (release, x86_64-pc-windows-msvc)
ioB
ioB2y ago
That seems like a Deno bug and not a windows bug unfortunately maybe worth creating an issue? op_net_listen_unix looks suspect to me
Hexagon
HexagonOP2y ago
ioB
ioB2y ago
👍
Leokuma
Leokuma2y ago
Man, this is looking so promising! Keep up the great work 🙌