Hexagon
Hexagon•16mo ago

IPC solution for a process manager

👋 I'm at day 7 of working on Pup (https://github.com/hexagon/pup) - a universal process manager run by Deno. Next step towards 1.0.0 is to allow one instance of pup to restart a process of another instance. Something like pup - Boots up the process ecosystem defined in pup.json of the current directory then pup --restart --id task-1 - Restart process named task-1 in the main process, print results, and exit. What are the options on this in Deno, while keeping everything nice and secure. Is there a stable IPC solution ready for Deno yet? Security considerations? The first that comes to mind is to use unix sockets, with maybe a common secret key defined in pup.json, that way, even if a evil process have access to the unix socket, it won't be able to command processes without the secret key. This would make the actual file permissions (read) to pup.json control who can control the process manager. Of cours normal unix socket permissions would be handled in some way. Good or bad? Cross platform considerations? Is the secret totally useless?
8 Replies
ioB
ioB•16mo ago
I’m not fully up to speed on how pup works (though I’ve been following its development!). Could you give a rundown of how you would see IPC being used with your current architecture?
Hexagon
Hexagon•16mo ago
So, this is how IPC comminucation is supposed to work Docs: https://hexagon.github.io/pup/usage.html#controlling-running-instances "Client instance" is invoked with --restart task-1 as a cli parameter, client process locates an existing instance of pup using the same configuration, and sends a message { restart: 'task-1' } https://github.com/Hexagon/pup/blob/main/lib/main.ts#L118 "Main instance" have a watchdog function that, every 2 seconds, checks that all processes have the desired status, and acts if something needs to be done. A new step here is to poll the ipc-bus for new messages, and act on them. For example restarting a process, or terminate the entire application. https://github.com/Hexagon/pup/blob/e8ac7663553675ae6681eca87ad25d8bb9cf34b2/lib/core/pup.ts#L110 Currently, i've implemented a custom file based IPC mechanism, that is supposed to be replaced with a more secure alternative. https://github.com/Hexagon/pup/blob/e8ac7663553675ae6681eca87ad25d8bb9cf34b2/lib/core/ipc.ts#L1
ioB
ioB•16mo ago
Have you considered unix domain sockets? windows 10 has support for it
Hexagon
Hexagon•16mo ago
Have considered it, but i did not think that were supported on windows Interesting Hmm, cant get it to work
const listener = Deno.listen({
path: "c:\\temp\\my.sock",
transport: "unix"
});

listener.close()
const listener = Deno.listen({
path: "c:\\temp\\my.sock",
transport: "unix"
});

listener.close()
error: Uncaught TypeError: ops.op_net_listen_unix is not a function
> deno --version
deno 1.31.3 (release, x86_64-pc-windows-msvc)
> deno --version
deno 1.31.3 (release, x86_64-pc-windows-msvc)
ioB
ioB•16mo ago
That seems like a Deno bug and not a windows bug unfortunately maybe worth creating an issue? op_net_listen_unix looks suspect to me
ioB
ioB•16mo ago
👍
Leokuma
Leokuma•16mo ago
Man, this is looking so promising! Keep up the great work 🙌
More Posts
Module imported in app successfully, but fails to deploy`etherscan.ts` ```ts import { ethers, BigNumber } from 'npm:ethers@^5' ``` `util.ts` ```ts import { Specifying config remotely or jsx on installI'm struggling quite a lot here. I originally recommended using this command: ```bash deno install -Is it possible to know what version of a dynamically-imported module was just imported?Right now, you can run code like `import('npm:lodash')`, which will get the latest version of lodashWhy am I getting an "Uncaught DOM Exception" in the Deno CLI?To replicate: 1. `deno` in the command line to initialize a Deno REPL ``` // Get an array of random Better way to allow downloading of files besides serving entire fileI'm trying to allow users to download files that are in a private folder which cannot be accessed puShare state between islandsHi. How could I share state between island. E.g. shopping cart. I click on add product and in some oIslands not working with Cloudflare DNS proxyI have deployed Deno on a remote server with nginx-ingress-controller that offers self-signed certifUpdate sub-directory for module already added to deno.land/xThe title pretty much says it all, but the module in question is `hot_mod`, and the current subdir iShould we, or how should we, use Deno as a sandbox for untrusted code?I've been using Deno in this context because of some of the nice security model features. However, ideno_bindgen type error: deno-ts(2345)Anyone else getting this with `deno_bindgen`? > Argument of type 'bigint' is not assignable to param