From: Alberto Leiva Popper Date: Wed, 8 Jan 2025 19:57:02 +0000 (-0600) Subject: Tentatively add new logging level: "clutter" X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5024707204c64760c3a5ee4532d4b53aaf4906d0;p=thirdparty%2FFORT-validator.git Tentatively add new logging level: "clutter" It's below "debug." Meant to hide several debugging messages that inflate the log but haven't been useful for many years. It's hardcoded to disabled for now, and I've half a mind to commit to this. --- diff --git a/src/asn1/signed_data.c b/src/asn1/signed_data.c index d7637910..8da3c72a 100644 --- a/src/asn1/signed_data.c +++ b/src/asn1/signed_data.c @@ -59,7 +59,7 @@ handle_sdata_certificate(ANY_t *cert_encoded, struct rpki_certificate *ee, if (tmp != otmp + cert_encoded->size) return val_crypto_err("Signed object's 'certificate' element contains trailing garbage"); - x509_name_pr_debug("Issuer", X509_get_issuer_name(ee->x509)); + x509_name_pr_clutter("Issuer", X509_get_issuer_name(ee->x509)); error = certificate_validate_chain(ee); if (error) diff --git a/src/daemon.c b/src/daemon.c index e23f252a..a7532789 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -70,6 +70,7 @@ daemonize(daemon_log_cb log_cb) * Ignore SIGHUP. SIGCHLD isn't ignored since we still do a fork to * execute rsync; when that's not the case then: * signal(SIGCHLD, SIG_IGN); + * XXX unsafe on multithreaded */ signal(SIGHUP, SIG_IGN); diff --git a/src/hash.c b/src/hash.c index 21e5d837..1dbaae95 100644 --- a/src/hash.c +++ b/src/hash.c @@ -160,7 +160,7 @@ hash_validate_file(struct hash_algorithm const *algorithm, char const *path, size_t actual_len; int error; - pr_val_debug("Validating file hash: %s", path); + pr_clutter("Validating file hash: %s", path); if (expected_len != hash_get_size(algorithm)) return pr_val_err("%s string has bogus size: %zu", diff --git a/src/log.c b/src/log.c index 9e3f6c7f..4b6c3f19 100644 --- a/src/log.c +++ b/src/log.c @@ -212,13 +212,13 @@ log_teardown(void) } bool -log_val_enabled(unsigned int level) +pr_val_enabled(unsigned int level) { return val_config.level >= level; } bool -log_op_enabled(unsigned int level) +pr_op_enabled(unsigned int level) { return op_config.level >= level; } diff --git a/src/log.h b/src/log.h index 8fb10aa0..a4203481 100644 --- a/src/log.h +++ b/src/log.h @@ -63,8 +63,11 @@ void log_teardown(void); * Check if corresponding logging is enabled. You can use these to short-circuit * out of heavy logging code. */ -bool log_val_enabled(unsigned int level); -bool log_op_enabled(unsigned int level); +bool pr_val_enabled(unsigned int level); +bool pr_op_enabled(unsigned int level); + +#define pr_clutter_enabled() false +#define pr_clutter(...) /* == Operation logs == */ @@ -81,7 +84,6 @@ int pr_op_err_st(const char *format, ...) CHECK_FORMAT(1, 2); /* Like pr_op_err(), except it prints libcrypto's error stack as well. */ int op_crypto_err(const char *, ...) CHECK_FORMAT(1, 2); - /* == Validation logs == */ /* Status reports of no interest to the user. */ diff --git a/src/object/certificate.c b/src/object/certificate.c index 2a1b810b..a783eb5c 100644 --- a/src/object/certificate.c +++ b/src/object/certificate.c @@ -122,7 +122,7 @@ validate_issuer(struct rpki_certificate *cert) error = x509_name_decode(issuer, "issuer", &name); if (error) return error; - pr_val_debug("Issuer: %s", x509_name_commonName(name)); + pr_clutter("Issuer: %s", x509_name_commonName(name)); x509_name_put(name); return 0; @@ -181,7 +181,7 @@ validate_subject(X509 *cert) error = x509_name_decode(X509_get_subject_name(cert), "subject", &name); if (error) return error; - pr_val_debug("Subject: %s", x509_name_commonName(name)); + pr_clutter("Subject: %s", x509_name_commonName(name)); x509_name_put(name); return error; @@ -890,14 +890,14 @@ build_crl_stack(struct rpki_certificate *cert) } static void -pr_debug_x509_dates(X509 *x509) +pr_clutter_x509_dates(X509 *x509) { char *nb, *na; nb = asn1time2str(X509_get0_notBefore(x509)); na = asn1time2str(X509_get0_notAfter(x509)); - pr_val_debug("Valid range: [%s, %s]", nb, na); + pr_clutter("Valid range: [%s, %s]", nb, na); free(nb); free(na); @@ -978,8 +978,8 @@ certificate_validate_chain(struct rpki_certificate *cert) } X509_STORE_CTX_set0_crls(ctx, crls); - if (log_val_enabled(LOG_DEBUG)) - pr_debug_x509_dates(cert->x509); + if (pr_clutter_enabled()) + pr_clutter_x509_dates(cert->x509); /* * HERE'S THE MEAT OF LIBCRYPTO'S VALIDATION. @@ -1191,7 +1191,7 @@ handle_rpkiManifest(char *uri, void *arg) { struct sia_uris *uris = arg; - pr_val_debug("rpkiManifest: %s", uri); + pr_clutter("rpkiManifest: %s", uri); if (uris->rpkiManifest != NULL) { pr_val_warn("Ignoring additional rpkiManifest: %s", uri); @@ -1206,7 +1206,7 @@ handle_caRepository(char *uri, void *arg) { struct sia_uris *uris = arg; - pr_val_debug("caRepository: %s", uri); + pr_clutter("caRepository: %s", uri); if (uris->caRepository != NULL) { pr_val_warn("Ignoring additional caRepository: %s", uri); @@ -1221,7 +1221,7 @@ handle_rpkiNotify(char *uri, void *arg) { struct sia_uris *uris = arg; - pr_val_debug("rpkiNotify: %s", uri); + pr_clutter("rpkiNotify: %s", uri); if (uris->rpkiNotify != NULL) { pr_val_warn("Ignoring additional rpkiNotify: %s", uri); @@ -1235,7 +1235,7 @@ static void handle_signedObject(char *uri, void *arg) { struct sia_uris *sias = arg; - pr_val_debug("signedObject: %s", uri); + pr_clutter("signedObject: %s", uri); sias->signedObject = uri; } @@ -1860,13 +1860,13 @@ certificate_validate(struct rpki_certificate *cert) switch (cert->type) { case CERTYPE_TA: - pr_val_debug("Type: TA"); + pr_clutter("Type: TA"); break; case CERTYPE_CA: - pr_val_debug("Type: CA"); + pr_clutter("Type: CA"); break; case CERTYPE_BGPSEC: - pr_val_debug("Type: BGPsec EE. Ignoring..."); + pr_clutter("Type: BGPsec EE. Ignoring..."); // error = handle_bgpsec(cert, x509stack_peek_resources( // validation_certstack(state)), rpp_parent); goto end; diff --git a/src/object/crl.c b/src/object/crl.c index dd12bdad..98e49f3b 100644 --- a/src/object/crl.c +++ b/src/object/crl.c @@ -40,7 +40,7 @@ end: } static void -debug_revoked(ASN1_INTEGER const *serial_int) +pr_clutter_revoked(ASN1_INTEGER const *serial_int) { BIGNUM *serial_bn; char *serial_str; @@ -57,7 +57,7 @@ debug_revoked(ASN1_INTEGER const *serial_int) goto end; } - pr_val_debug("Revoked: %s", serial_str); + pr_clutter("Revoked: %s", serial_str); free(serial_str); end: BN_free(serial_bn); @@ -84,8 +84,8 @@ validate_revoked(X509_CRL *crl) i + 1); } - if (log_val_enabled(LOG_DEBUG)) - debug_revoked(serial_int); + if (pr_clutter_enabled()) + pr_clutter_revoked(serial_int); if (X509_REVOKED_get0_revocationDate(revoked) == NULL) { return pr_val_err("CRL's revoked entry #%d lacks a revocation date.", diff --git a/src/object/roa.c b/src/object/roa.c index 5b2c487a..e2ea6dbf 100644 --- a/src/object/roa.c +++ b/src/object/roa.c @@ -31,7 +31,7 @@ ____handle_roa_v4(struct resources *parent, unsigned long asn, if (error) return error; - pr_val_debug("address: %s/%u", addr2str4(&pfx.addr, buf), pfx.len); + pr_clutter("address: %s/%u", addr2str4(&pfx.addr, buf), pfx.len); if (roa_addr->maxLength != NULL) { error = asn_INTEGER2ulong(roa_addr->maxLength, &maxlen); @@ -42,7 +42,7 @@ ____handle_roa_v4(struct resources *parent, unsigned long asn, } return pr_val_err("The ROA's IPv4 maxLength isn't a valid unsigned long"); } - pr_val_debug("maxLength: %lu", maxlen); + pr_clutter("maxLength: %lu", maxlen); if (maxlen > 32) { return pr_val_err("maxLength (%lu) is out of bounds (0-32).", @@ -79,7 +79,7 @@ ____handle_roa_v6(struct resources *parent, unsigned long asn, if (error) return error; - pr_val_debug("address: %s/%u", addr2str6(&pfx.addr, buf), pfx.len); + pr_clutter("address: %s/%u", addr2str6(&pfx.addr, buf), pfx.len); if (roa_addr->maxLength != NULL) { error = asn_INTEGER2ulong(roa_addr->maxLength, &maxlen); @@ -90,7 +90,7 @@ ____handle_roa_v6(struct resources *parent, unsigned long asn, } return pr_val_err("The ROA's IPv6 maxLength isn't a valid unsigned long"); } - pr_val_debug("maxLength: %lu", maxlen); + pr_clutter("maxLength: %lu", maxlen); if (maxlen > 128) { return pr_val_err("maxLength (%lu) is out of bounds (0-128).", diff --git a/src/resource.c b/src/resource.c index 980ae8fc..fec61c08 100644 --- a/src/resource.c +++ b/src/resource.c @@ -94,7 +94,7 @@ inherit_aors(struct resources *resources, struct resources *parent, int family) resources->ip4s = parent->ip4s; if (resources->ip4s != NULL) res4_get(resources->ip4s); - pr_val_debug(""); + pr_clutter(""); return 0; case AF_INET6: @@ -103,7 +103,7 @@ inherit_aors(struct resources *resources, struct resources *parent, int family) resources->ip6s = parent->ip6s; if (resources->ip6s != NULL) res6_get(resources->ip6s); - pr_val_debug(""); + pr_clutter(""); return 0; } @@ -148,7 +148,7 @@ add_prefix4(struct resources *resources, struct resources *parent, return error; } - pr_val_debug("Prefix: %s/%u", addr2str4(&prefix.addr, buf), prefix.len); + pr_clutter("Prefix: %s/%u", addr2str4(&prefix.addr, buf), prefix.len); return 0; } @@ -189,7 +189,7 @@ add_prefix6(struct resources *resources, struct resources *parent, return error; } - pr_val_debug("Prefix: %s/%u", addr2str6(&prefix.addr, buf), prefix.len); + pr_clutter("Prefix: %s/%u", addr2str6(&prefix.addr, buf), prefix.len); return 0; } @@ -249,7 +249,7 @@ add_range4(struct resources *resources, struct resources *parent, return error; } - pr_val_debug("Range: %s-%s", + pr_clutter("Range: %s-%s", addr2str4(&range.min, buf1), addr2str4(&range.max, buf2)); return 0; @@ -296,7 +296,7 @@ add_range6(struct resources *resources, struct resources *parent, return error; } - pr_val_debug("Range: %s-%s", + pr_clutter("Range: %s-%s", addr2str6(&range.min, buf1), addr2str6(&range.max, buf2)); return 0; @@ -392,7 +392,7 @@ inherit_asiors(struct resources *resources, struct resources *parent) resources->asns = parent->asns; if (resources->asns != NULL) rasn_get(resources->asns); - pr_val_debug(""); + pr_clutter(""); return 0; } @@ -454,9 +454,9 @@ add_asn(struct resources *resources, struct asn_range const *asns, } if (asns->min == asns->max) - pr_val_debug("ASN: %u", asns->min); + pr_clutter("ASN: %u", asns->min); else - pr_val_debug("ASN: %u-%u", asns->min, asns->max); + pr_clutter("ASN: %u-%u", asns->min, asns->max); return 0; } diff --git a/src/rrdp.c b/src/rrdp.c index cd8aa7db..d5588ca2 100644 --- a/src/rrdp.c +++ b/src/rrdp.c @@ -532,7 +532,7 @@ handle_publish(xmlTextReaderPtr reader, struct parser_args *args) if (error) goto end; - pr_val_debug("Publish %s", logv_filename(tag.meta.uri)); + pr_clutter("Publish %s", logv_filename(tag.meta.uri)); len = strlen(tag.meta.uri); file = state_find_file(args->state, tag.meta.uri, len); @@ -607,7 +607,7 @@ handle_withdraw(xmlTextReaderPtr reader, struct parser_args *args) if (error) goto end; - pr_val_debug("Withdraw %s", logv_filename(tag.meta.uri)); + pr_clutter("Withdraw %s", logv_filename(tag.meta.uri)); len = strlen(tag.meta.uri); file = state_find_file(args->state, tag.meta.uri, len); diff --git a/src/sig.c b/src/sig.c index 9df78b18..cd59b028 100644 --- a/src/sig.c +++ b/src/sig.c @@ -59,6 +59,7 @@ do_cleanup(int signum) output_atexit(); /* Trigger default handler */ + /* XXX unsafe on multithreaded */ signal(signum, SIG_DFL); kill(getpid(), signum); } diff --git a/src/types/name.c b/src/types/name.c index 556b553b..7aa3aca3 100644 --- a/src/types/name.c +++ b/src/types/name.c @@ -160,7 +160,7 @@ validate_issuer_name(X509_NAME *issuer, X509 *parent) error = x509_name_decode(issuer, "issuer", &child_issuer); if (error) goto end; - pr_val_debug("Issuer: %s", child_issuer->commonName); + pr_clutter("Issuer: %s", child_issuer->commonName); if (!x509_name_equals(parent_subject, child_issuer)) { char const *parent_serial; @@ -184,21 +184,21 @@ end: x509_name_put(parent_subject); } void -x509_name_pr_debug(const char *prefix, X509_NAME *name) +x509_name_pr_clutter(const char *prefix, X509_NAME *name) { - if (!log_val_enabled(LOG_DEBUG)) + if (!pr_clutter_enabled()) return; struct rfc5280_name *printable; if (name == NULL) { - pr_val_debug("%s: (null)", prefix); + pr_clutter("%s: (null)", prefix); return; } if (x509_name_decode(name, prefix, &printable) != 0) return; /* Error message already printed */ - pr_val_debug("%s: %s", prefix, printable->commonName); + pr_clutter("%s: %s", prefix, printable->commonName); x509_name_put(printable); } diff --git a/src/types/name.h b/src/types/name.h index ca2d84d0..0ab7d642 100644 --- a/src/types/name.h +++ b/src/types/name.h @@ -22,6 +22,6 @@ bool x509_name_equals(struct rfc5280_name *, struct rfc5280_name *); /* X509_NAME utils */ int validate_issuer_name(X509_NAME *, X509 *); -void x509_name_pr_debug(char const *, X509_NAME *); +void x509_name_pr_clutter(char const *, X509_NAME *); #endif /* SRC_TYPES_NAME_H_ */ diff --git a/test/mock.c b/test/mock.c index 9ea4d2cc..744b1400 100644 --- a/test/mock.c +++ b/test/mock.c @@ -9,9 +9,6 @@ /* Some core functions, as linked from unit tests. */ -MOCK_TRUE(log_val_enabled, unsigned int l) -MOCK_TRUE(log_op_enabled, unsigned int l) - /* CFLAGS=-DPRINT_PRS make check */ #ifdef PRINT_PRS #define MOCK_PRINT(color) \