Eric Wong [Wed, 28 Jan 2026 02:10:07 +0000 (02:10 +0000)]
www: fix cross-inbox scan errors using extindex
For users of extindex and public-inbox-httpd, cross-inbox
scanning would hang forever and leave an open socket lingering
in two cases:
1) ignoring short (<14 character) Message-IDs
2) Xapian indices deleted while -httpd is running
In the first case (reported by Konstantin), we stop processing
short partial Message-IDs immediately and finalize response
handling to avoid wasting cycles on requests which are likely to
cause too many hits.
In the second case, we skip (inboxes|extindices) where search
has become unavailable and attempt to continue onto any other
possible (inboxes|extindices) before giving up with a 404.
Eric Wong [Thu, 15 Jan 2026 02:18:36 +0000 (02:18 +0000)]
lg2 cat_oid: call Perl %SIG handlers on EINTR
For all of our C code running within a Perl interpreter,
we need to call PERL_ASYNC_CHECK() after seeing EINTR to
ensure Perl dispatches %SIG handlers after a process
receives a signal.
Eric Wong [Tue, 13 Jan 2026 10:51:25 +0000 (10:51 +0000)]
support inotify on FreeBSD 15+
FreeBSD 15+ introduces a Linux-compatible inotify API. The
inotify API is superior to EVFILT_VNODE with kqueue(2) since
kqueue requires file descriptors remain open. Inotify watch
descriptors should use less kernel memory than file descriptors
and is governed by platform-specific limits rather than
RLIMIT_NOFILE.
Eric Wong [Tue, 13 Jan 2026 10:46:24 +0000 (10:46 +0000)]
ipc: fix FreeBSD 15.0 incompatibility
Our use of AF_LOCAL (AF_UNIX) SOCK_SEQPACKET sockets is
incompatible with FreeBSD 15.0[1][2].
To fix the problem, reinstate MSG_EOR to set correct message
boundaries and cap the msg.msg_iov data limit to 64K. We need
to cap the data limit since FreeBSD 15 appears to tear reads of
over 64K into multiple recvmsg(2) calls even if the
corresponding sendmsg(2) call was successful in writing a
larger buffer atomically.
MSG_EOR was used in our past, but removed to be compatible with
the buggy of OpenBSD 7.3. Reinstating it now seems compatible
with OpenBSD 7.8 (earlier versions untested).
It could be the case that Linux and all current *BSDs before
FreeBSD 15.0 were all implementing SOCK_SEQPACKET incorrectly
(or in a way we expected), but FreeBSD 15.0 is the only one
which gets it right...
Eric Wong [Tue, 23 Dec 2025 01:24:52 +0000 (01:24 +0000)]
xapcmd: ensure SIGPIPE fails in children
The parent process may've ignored SIGPIPE, but we need to ensure
the children fail properly on SIGPIPE since `warn' (and any
writes to stderr) may fail.
Eric Wong [Mon, 22 Dec 2025 20:16:23 +0000 (20:16 +0000)]
doc/common: rely on autodie + wrappers to detect errors
common.perl already depends on PublicInbox::Search, so it's fine
to also depend on autodie and PublicInbox::IO for error checking.
The only place autodie isn't acceptable is probably Makefile.PL,
since some RH-based distros package it independently of Perl.
Eric Wong [Wed, 17 Dec 2025 23:39:15 +0000 (23:39 +0000)]
www: disable leak detector in existing code paths
At the moment, nothing else in our test suite appears to be
leaking due the lack of leftover $TMPDIR/pi-leak-* files
after running `make check-run'. So don't waste resources
checking for leaks in codepaths which aren't affected by
known Perl bugs.
PublicInbox::Leak remains available in tree for future use
should we need it.
Eric Wong [Wed, 17 Dec 2025 23:39:14 +0000 (23:39 +0000)]
add and use a DESTROY-oriented leak detector
This leak detector writes the current Perl backtrace to a
temporary file which will be unlinked on exit. If there's a
leak, the temporary file won't be unlinked and will contain a
backtrace to the leak source.
Relying on existing cycle detectors isn't suitable for this goal
since the cause of the leaks I'm targeting is due to a bug in
Perl v5.40.x[1] which is fixed in v5.42.0.
Modifications to existing .pm files in this commit will be
reverted in the next.
Eric Wong [Tue, 16 Dec 2025 10:10:25 +0000 (10:10 +0000)]
viewvcs: workaround leak in Perl v5.40.x series
The Perl v5.40.x series introduced a leak in some instances of
anonymous subs (aka `closures'). While Perl v5.42.0 fixes this
leak, distros like Debian 13 will use and support v5.40.x for
many more years and we won't ever encourage users to run a
non-distro Perl installation.
This fixes t/solver_git.t stalling in tests on Debian 13, but
there may be other leaks which are not currently fixed. More
work will be necessary to ensure other parts of our code don't
leak. This bug was only noticed since my coding style has
evolved towards making flow control dependent on proper memory
management (via ->DESTROY callbacks and our on_destroy helper).
I really want to eliminating anonymous subs entirely and made
another attempt towards that end. However, I haven't been able
to figure out how to preserve compatibility with various Plack
(PSGI) middlewares in current use.
Eric Wong [Thu, 11 Dec 2025 23:06:05 +0000 (23:06 +0000)]
fix closing gzipped mboxrd from curl w/o IO::KQueue
While the `waitpid' perlop retries on EINTR, it preserves the
`errno == EINTR' value after eventual success of the underlying
wait4/waitpid syscall. Preserving `$!' confuses
IO::Uncompress::Base::close into saving `$!' in the
IO::Uncompress::Base::saveErrorString call. Saving `$!' there
caused the `$mbfh->close' call to fail in
PublicInbox::MboxReader::_mbox_from in t/solver_git.t when
accessing remote URLs (`lei blob --no-mail 69df7d5 -I $rurl').
So now we always clobber `$!' after successful `waitpid' perlops
to ensure subsequent calls don't misreport errors.
Only noticed when testing on FreeBSD 13.5 without IO::KQueue
while chasing t/solver_git.t regression I noticed on Debian 13.x
Eric Wong [Tue, 9 Dec 2025 11:08:09 +0000 (11:08 +0000)]
daemon: set FD_CLOEXEC on per-port out= and err= paths
Neither xap_helper nor git(1) subprocesses we spawn use the the
per-port log files we can assign to the daemon processes. So
ensure these per-port standard err= and out= log files do not
stay open and run servers out-of-space.
Furthermore, we can rely on autodie::fnctl throughout Daemon.pm
to detect errors and remove explicit error checking.
Eric Wong [Tue, 9 Dec 2025 10:58:46 +0000 (10:58 +0000)]
syscall: croak on epoll_pwait errors
Aside from ignoring EINTR, we need to catch EINVAL in case
$Config{sig_count} is wrong due to perl-cross interpreting
`64 + 1' as `641'. This may catch similar problems in
non-standard build systems used for configuring/building
Perl.
Eric Wong [Fri, 5 Dec 2025 07:44:26 +0000 (07:44 +0000)]
xcpdb: preserve has_threadid+skip_docdata across reshards
Neither the `has_threadid' nor `skip_docdata' metadata elements
ever got preserved properly across -xcpdb reshards. This is a
long-standing bug which has existed since v1.6.
While omitting `skip_docdata' only wasted spacefor v2, omitting
`has_threadid' in copies causes missing search functionality as
part of the problem reported for the lore.k.o upgrade to v2.0.0.
Working around this bug after-the-fact requires the use of
xapian-metadata(1) on shard 0 of v2 inboxes and extindices:
xapian-metadata set /path/to/v2inbox/xap15/0 has_threadid 1
xapian-metadata set /path/to/extindex/ei15/0 has_threadid 1
Eric Wong [Fri, 28 Nov 2025 10:09:45 +0000 (10:09 +0000)]
*.h: reduce variable scopes
Reducing scopes of local variables improves readability and
should help the compiler make better decisions about register
allocation and reporting possible errors.
Eric Wong [Mon, 24 Nov 2025 20:04:34 +0000 (20:04 +0000)]
searchidx: fix --split-shards with SWIG Xapian.pm
SWIG Xapian.pm is stricter about types and won't automatically
stringify integer scalars whereas the old XS Search::Xapian
supported more Perl-like behavior. So we'll stringify manually
to appease the SWIG binding.
Reported-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org> Tested-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Eric Wong [Fri, 21 Nov 2025 19:35:25 +0000 (19:35 +0000)]
xcpdb: use DB_DANGEROUS for temporary Xapian DBs
New Xapian database shards are ideal candidates for the
DB_DANGEROUS flag since these shards aren't visible to
reader processes while they're being written to.
Eric Wong [Wed, 19 Nov 2025 20:45:54 +0000 (20:45 +0000)]
t/psgi_rproxy: try to improve reliability + debuggability
This test occasionally seems to get stuck while attempting to
open a FIFO on the backend. Add `--max-time 30' to limit
curl(1) invocation time and use a different FIFO for every test
to ensure lingering effects (if any) of previous failure(s)
don't propagate into subsequent tests.
Eric Wong [Mon, 17 Nov 2025 21:53:49 +0000 (21:53 +0000)]
treewide: use closedir after readdir for error checking
Hopefully...
Neither Perl's readdir nor readdir(3posix) documents EIO as a
possible error, nor does Linux getdents(3). So relying on
readdir to detect errors via autodie(3perl) is not supported
nor possible, it seems.
Perl's closedir is supported by autodie and uses
closedir(3posix), which doesn't document EIO, either. However,
closedir(3posix) will use close(3posix). Thus in theory, EIO
can still be detected if a previous readdir failed.
Eric Wong [Mon, 10 Nov 2025 03:47:08 +0000 (03:47 +0000)]
t/pop3d: try fixing "APOP UUID\@$mailbox w/ STLS" test
I would've thought the ping-ponging of making a new POP3
connection and enabling STARTTLS was enough to trigger the
previous connection to close and unlock the maildrop. In most
test runs, that appeared sufficient, but occasional failures
still happened.
The diagnostics added a few weeks ago reveals a
"[IN-USE] unable to lock maildrop" message seen by Net::POP3,
so lets try calling Net::POP3->quit on the client to explicitly
trigger ->unlock_mailbox on the server side and hope these
occasional test failures go away.
Followup-to: f4216637 (t/pop3d: add diagnostics on APOP after STLS failure, 2025-10-22)
Eric Wong [Mon, 10 Nov 2025 02:18:06 +0000 (02:18 +0000)]
Makefile.PL: put v2.0.0 release notes in NEWS
Oops, this missed the release. While we're at it, we'll ensure
we don't make this mistake again by requiring the release
version to appear in `@RELEASES'.
Eric Wong [Thu, 6 Nov 2025 00:08:01 +0000 (00:08 +0000)]
public-inbox 2.0.0
See Documentation/RelNotes/v2.0.0.eml for release notes.
I also don't know why the Subject was stating `2.2.0' instead
of `2.0.0'
We'll clarify Xapian development `files' rather than `headers'
we need to include libxapian.so and xapian-core.pc files,
at least.
The TODO is trimmed down again since MH support exists in 2.0+
and the combination of `lei import +L:$LABEL' and
`lei q -o v2://... L:$LABEL' already works.
Eric Wong [Mon, 3 Nov 2025 02:50:10 +0000 (02:50 +0000)]
cindex: clarify yet-to-be-documented switches
We need to clarify --all, --include=, --only= switches were only
intended for inboxes, especially since the --exclude= switch
exists for excluding coderepo pathames. So suffix them
appropriately with `-inbox(es)'.
I'm not sure if these switches are even useful, so we'll leave
them undocumented for now.
Eric Wong [Mon, 3 Nov 2025 02:50:07 +0000 (02:50 +0000)]
cindex: use `--project-list=' default with empty string
Matching public-inbox-clone(1) behavior, using `--project-list='
with an empty argument to mean the same thing as
`--project-list=projects.list' allows users to reduce typing and
visual noise on their displays.
Eric Wong [Fri, 31 Oct 2025 20:35:06 +0000 (20:35 +0000)]
http: skip and improve warning on undef header values
In case we see undefined header values again, add some
additional information about the request to help track down the
problem. This ought to help admins (such as myself) who lack
space for more verbose access logs but keep syslog (stderr) logs
around longer.
Eric Wong [Fri, 31 Oct 2025 20:35:05 +0000 (20:35 +0000)]
www: reduce likelyhood of undefined HTTP header values
I'm not seeing how it's possible, but it appears HTTP.pm
occasionally warns on undefined HTTP headers in its responses
and is generating invalid HTTP headers.
Eric Wong [Fri, 31 Oct 2025 02:45:02 +0000 (02:45 +0000)]
xap_helper: drop unnecessary check on split2argv result
Our split2argv will already abort on excessive or zero
arguments, and it's impossible to for a `size_t' to evaluate to
a negative value, anyways. While we're at it, explain it's
safe to cast its return value to a signed int (typically
32-bit) since `req.argv' is a relatively small fixed value.
Eric Wong [Thu, 30 Oct 2025 04:26:58 +0000 (04:26 +0000)]
searchview: fix uninitialized var on bogus `o='
When somebody enters an out-of-bounds `o=' (offset) query parameter
for a query which otherwise returns some results, we should avoid
triggering uninitialized variable warnings since we were unable
to extract min/max relevance percentages. So just make up some
{min,max}_pct numbers for now if somebody tries that.
Aside from causing noise in stderr (often syslog), these were
otherwise harmless warning. AFAIK, this could only be triggered
by someone entering URL parameters manually to view HTML, and
not in any generated URLs.
Eric Wong [Mon, 27 Oct 2025 17:56:14 +0000 (17:56 +0000)]
searchidx: split shards at 100000 docs by default
Testing on a busy btrfs system with indexlevel=medium reveals
another ~15% speedup compared to the previous 450000 value since
shards are smaller and less prone to slowdown. The smaller
splits should also work better with indexlevel=full (the
default) since full indexing with positions takes up the bulk of
the space.
Eric Wong [Sun, 26 Oct 2025 20:59:00 +0000 (20:59 +0000)]
t/cindex: fix broken size checks
Xapian size checks aren't accurate unless the shards are compacted.
Unfortunately, I commented out the -compact calls while working on
--split-shards but forgot to re-add them :x So re-enable the
-compact calls and add an extra flag so we can skip size checks
when xapian-compact(1) is missing.
Fixes: 622e8c89 (*search: introduce open.lock for reader safety, 2025-10-08)
Eric Wong [Sun, 26 Oct 2025 00:16:44 +0000 (00:16 +0000)]
t/xap_helper: avoid confusing skip messages
Stop misleading users about not having C++ even if we're
explicitly testing C++ and Perl+(XS|SWIG) implementations
separately. The previous message was especially confusing
since it was one of the last diagnostics messages printed
and most likely to be seen by those running the test.
Eric Wong [Sun, 26 Oct 2025 00:16:43 +0000 (00:16 +0000)]
xh_cidx: include khashl.h to placate cppcheck(1)
cppcheck(1) will complain about things normal compilers don't.
While this #include is unnecessary to us since we only have a
single compilation unit and don't intend to reuse this header
elsewhere, it seems mostly harmless since GNU and clang
preprocessors should be able to optimize out redundant headers,
anyways, even w/o `#pragma once'.
Eric Wong [Sun, 26 Oct 2025 00:04:12 +0000 (00:04 +0000)]
rproxy: remove line context on backend disconnects
It's worthless, especially when using `die' instead of `croak'.
In any case, there's not much we can do if upstream decides to
shut down a partially written stream for whatever reason (e.g.
OOM) so stop giving line information about it. Adding request
information may be helpful at some point, but that's for another
time.
Eric Wong [Fri, 24 Oct 2025 17:34:09 +0000 (17:34 +0000)]
contrib/reject_bots: drop persistent connection requirement
Like many measures against aggressive scrapers bots which ignore
or insufficiently support robots.txt, requiring persistent
connections no longer seems effective. The
$env->{'pi-httpd.request_nr'} field remains for logging,
but will probably be removed, soon.
Eric Wong [Fri, 24 Oct 2025 19:28:34 +0000 (19:28 +0000)]
doc: tuning: add note about 64-bit OpenSSL speedup
Since switching HTTPS termination to 64-bit, I've noticed a
significant CPU usage reduction on public-inbox.org. IMAPS,
NNTPS, and POP3S remain 32-bit for the moment since that doesn't
go through varnish and I haven't gotten around to dealing with
a 64-bit Xapian (or SQLite) install.
Eric Wong [Thu, 23 Oct 2025 23:23:07 +0000 (23:23 +0000)]
treewide: don't change `use VERSION' in the same scope
Perl v5.40 deprecates and warns about mismatching `use VERSION'
statements until v5.44, at which point it'll become fatal and
unsupported. Multiple `package' statements in the same file are
considered the same scope by Perl, including string `eval' where
packages are declared within the string.
Furthermore, downgrading from v5.11+ to earlier versions is
already fatal in v5.42, at least. It's explained somewhat
unsatisfactorily in perl5360delta(1)...
It appears Perl takes another step towards the path of Python
and Ruby of introducing incompatibilities for minor reasons :<
Eric Wong [Wed, 22 Oct 2025 19:36:13 +0000 (19:36 +0000)]
t/pop3d: add diagnostics on APOP after STLS failure
Calling `APOP' after `STLS' to start TLS seems to fail
occasionally, but I haven't been able to figure out why.
Add some diagnostics to hopefully explain what's going
on...
Eric Wong [Thu, 23 Oct 2025 10:21:00 +0000 (10:21 +0000)]
psgi_rproxy: fix uploads with small output buffers
Attempting to call pass_res_hdr directly fails when the previous
DS->write to the upstream hit EAGAIN. Ensure correct ordering
by relying on DS->write to call the pass_res_hdr subroutine
after the previous DS->write is complete. In other words, we
must not try reading the upstream response until our request is
fully sent to the upstream.
I noticed this after installing HTTP::Parser::XS
(p5-HTTP-Parser-XS) on my FreeBSD machine since our PsgiRproxy
module depends the XS package for parsing HTTP/1.x responses.
Eric Wong [Tue, 21 Oct 2025 03:03:46 +0000 (03:03 +0000)]
extmsg: fix Message-ID search for non-xap_helper users
commit c3d0295bd was intended to avoid head-of-line blocking for
--xapian-helpers (-X) deployments. Unfortunately, that broke
searches for deployments not using --xapian-helpers by causing
the ExtMsg to get queued redundantly into the event loop. So
perform the `requeue' procedure exactly once and simplify
ExtMsg->event_step by eliminating the $sync parameter.
Eric Wong [Wed, 8 Oct 2025 21:24:22 +0000 (21:24 +0000)]
*index: --split-shards to speeds initial indexing
When indexing millions of messages, Xapian has a tendency to
slow down as each shard gets bigger. --split-shards allows
Xapian to work on temporary shards (more akin to "epochs")
and uses xapian-compact(1) to commit the finalized changes
for readers. The result is roughly 2x faster for millions
of messages.
The downside of this switch is temporary space use increases by
2-3x and incremental changes are not visible to readers until
all indexing is complete. It has no useful effect on
--reindex, but --reindex is typically faster than initial
indexing anyways since space is already allocated.
It still takes days to create a new extindex of lore, but
fewer days than before.
Another beneficial side effect of this switch is it also
tends to reduce the effect of fragmentation for --cow users
on btrfs.
Eric Wong [Wed, 8 Oct 2025 21:24:21 +0000 (21:24 +0000)]
*search: introduce open.lock for reader safety
public-inbox-compact and -xcpdb (reshard) both use a series of
rename(2) operations to replace Xapian shard directories quickly
to minimize downtime. While a single rename(2) is atomic,
chaining two or more atomic operations is not.
Readers now acquire a shared lock via LOCK_SH of flock(2)
if it exists, but tolerates ENOENT for backwards compatibility
with indices that haven't been written by the current version.
The open.lock only protects against parallel open(2) calls used
by readers while short rename(2) operations are taking place on
the writers. In other words, it allows parallel readers but
only a single writer process to do renames.
This open.lock will become more important with --split-shards
in the next commit.
Eric Wong [Wed, 8 Oct 2025 21:24:20 +0000 (21:24 +0000)]
codesearchidx: use {topdir} for consistency
There's no reason for the read-only CodeSearch and read-write
CodeSearchIdx to use different field names for referring to the
same thing. Consistently use {topdir} since it's inspired by
ExtSearch{,Idx} and also matches the configuration knob. This
will make sharing methods between CodeSearch and CodeSearchIdx
easier.
Eric Wong [Thu, 2 Oct 2025 19:29:39 +0000 (19:29 +0000)]
imapd|nntpd|pop3d: output IP + port on new connections
Dumping the IP address will help admins use the (standard)
output of these servers to track abusive IMAP and POP3 scanners
looking for private mail. NNTP doesn't seem affected at
the moment, but it's easier to keep the common code
across all three of these stateful protocols.
Eric Wong [Sat, 20 Sep 2025 00:04:50 +0000 (00:04 +0000)]
treewide: disable warning about NoCOW on btrfs
It's too noisy for tests and breaks some tests which check for
warnings when TMPDIR is btrfs. I didn't notice this earlier
since I had TMPDIR pointed at /dev/shm on my btrfs machine.
We'll probably just make CoW the default for btrfs because the
CoW overhead with --split-shards on initial index is "only" 100%
or so...
Eric Wong [Tue, 16 Sep 2025 21:42:58 +0000 (21:42 +0000)]
compact: support --cow/--no-cow switch
Users on btrfs may prefer to sacrifice performance for data
safety with RAID. Allow them to do so by supporting the --cow
switch. I missed this when I added --cow support to the other
commands.
Fixes: db671788 (support --cow switch to preserve CoW on btrfs, 2025-08-26)
Eric Wong [Mon, 15 Sep 2025 21:18:15 +0000 (21:18 +0000)]
view: display small and invalid time ranges
Instead of falling back to displaying the most recent messages
when there are too few (<200) or no messages in a time range,
show the small subset or return a 404 when there's no messages
at all. This ought to be less confusing for users who want to
focus on a small subset of messages within a given timeframe.
Eric Wong [Tue, 16 Sep 2025 10:25:05 +0000 (10:25 +0000)]
extindex: fix --reindex when blobs go missing
Blobs in v2 repos may be purged, ensure we don't try to parse
non-existent blobs for List-IDs to remove from Xapian when they
go missing. The invalid List-IDs will be removed in a later
stage of the reindex process.
Eric Wong [Sat, 13 Sep 2025 07:40:14 +0000 (07:40 +0000)]
searchidxshard: drop unused `echo' sub
We no longer need a separate `echo' command to check the
doneness of a previous ->ipc_do command since we've made
->ipc_do async and introduced ->ipc_wait_all in commit f0b9f90a (*index: propagate exceptions from shard processes, 2025-09-04)
Eric Wong [Sat, 13 Sep 2025 12:21:50 +0000 (12:21 +0000)]
searchidx: use warn for excessively long terms
Filename and linenumber context information from Carp::carp is
unlikely to be useful here on (likely) worthless data from bad
MUAs. carp adds needless noise for users tracking down actual
code bugs with PERL5OPT=-MCarp=verbose, which changes Carp::carp
into Carp::cluck.
Eric Wong [Fri, 12 Sep 2025 21:28:49 +0000 (21:28 +0000)]
t/httpd-corner: fix test on missing curl-config(1)
We were misusing our internal context-dependent `require_cmd',
which requires the caller to call `skip' explicitly when a
return value is desired. So add a new `skip' call for testers
without curl-config(1). Furthermore, the `SKIP' label was
incorrectly placed for Test::More::skip to use, so create an
explicit block for it.
Eric Wong [Fri, 12 Sep 2025 23:28:18 +0000 (23:28 +0000)]
extindex: fix --reindex
`public-inbox-extindex --reindex' deprioritizes itself for
public-inbox-extindex invocations without --reindex by shutting
down shard processes to let other processes acquire the lock and
process new messages, first.
Restarting shard processes during --reindex was causing new
Xapian shards to be written to v2 inboxes instead of the
extindex itself. This bug was introduced with the
simplifications to internal data structures to eliminate the
ad-hoc $sync structure.
The local-ized use of ExtSearchIdx->{ibx} tricked
PublicInbox::SearchIdxShard::new into using the standard v2 code
path. So make SearchIdxShard->new check the `$v2w' object for
the ability to call `eidx_sync' rather than the existence of the
{ibx} field.
I only noticed this bug while working on the --split-shards
feature for performance.
Fixes: 922b765d ((ext)index: move {max_size} and related bits to $self, 2025-01-10)
Eric Wong [Sun, 7 Sep 2025 23:41:44 +0000 (23:41 +0000)]
ipc: improve exception handling
When an exception triggers a teardown of the worker process
(ipc_worker_stop), we need to combine subsequent exceptions and
show the original one, first. In other words, we must not lose
the original exception if new exceptions are thrown during
teardown.
So rely on `wantarray' to grab caller contexts to allow
returning exceptions as a list rather than throwing them
immediately.
Eric Wong [Sun, 7 Sep 2025 23:41:43 +0000 (23:41 +0000)]
ipc: avoid context line in generated exception
The filename and line number of the "aborted" message is
needless noise and confusing when dealing with errors
which already triggered ipc_fail. So add a newline to
ensure Perl doesn't add context information if it needs
to `die' or `warn' on that message.
Eric Wong [Sat, 6 Sep 2025 19:45:06 +0000 (19:45 +0000)]
*index: increase default --commit-interval to 15s
The DBD::SQLite(3pm) sqlite_busy_timeout is 30s and we don't
currently have a way to override this. Thus 15s should be
adequate assuming we can keep SQLite commit times <10s.
Currently, the worst case commit times can exceed even 30s for
Xapian, but that doesn't affect over.sqlite3 which commits
fairly quickly.
Eric Wong [Tue, 2 Sep 2025 20:30:14 +0000 (20:30 +0000)]
reject_bots: avoid download prompts in Firefox
Apparently, some versions of Firefox will open a download prompt
when attempting to open the page without a Content-Type. So set
a Content-Type and keep those installations and users of Firefox
happy.
Eric Wong [Thu, 4 Sep 2025 19:22:27 +0000 (19:22 +0000)]
*index: propagate exceptions from shard processes
We'll introduce a new ->ipc_async internal API and use it for
->ipc_do calls where the return value is ignored. This new
API is modeled after our async API for accessing
`git cat-file --batch*' and remains compatible with synchronous
callers who want the return value of ->ipc_do.
Processes no longer spin and burn CPU after hitting ENOSPC or
dealing with database or FS corruption. Instead, they should
now die properly in most cases. However, hangs and crashes may
still possible since Xapian may abort(3) in some ENOSPC cases
and SQLite's may trigger SIGBUS via mmap(2) (if using WAL or
forcing mmap use).
Eric Wong [Thu, 4 Sep 2025 19:22:26 +0000 (19:22 +0000)]
ipc: add comment on pipe usage (vs socketpair)
Using pipes here isn't ideal for developer ergonomics, but the
increased buffer size for non-privileged processes on Linux is
still worth the extra performance with expensive indexing done
in each shard.
Eric Wong [Fri, 29 Aug 2025 20:38:54 +0000 (20:38 +0000)]
ipc: remove {-ipc_pid} field
The fork generation is already attached to the response pipe,
so there's no need to keep the PID around and do comparisons
against the getpid(2) result.
Eric Wong [Fri, 29 Aug 2025 19:04:01 +0000 (19:04 +0000)]
*index: support --commit=$SECONDS to adjust the commit interval
The default 5s interval is too low for initial indexing with
gian inboxes or extindices which aren't ready for public
consumption, yet. It's also too low for --wal users since
WAL mode of SQLite (by default) allows readers to proceed
without waiting on a writer.
I'm not sure what the defaults should be, so allow users to
change it, for now.
Eric Wong [Tue, 26 Aug 2025 19:50:52 +0000 (19:50 +0000)]
support --cow switch to preserve CoW on btrfs
We currently unconditionally disable CoW on btrfs to reduce
fragmentation. Unfortunately, disabling CoW may cause data
corruption on all btrfs RAID levels, so provide an option to
keep it enabled. In the future, CoW may become the default on
btrfs (matching the FS default) even if fragmentation is awful.
Eric Wong [Tue, 26 Aug 2025 19:50:49 +0000 (19:50 +0000)]
use Getopt::Long hashref for --no-fsync and --dangerous
We can eliminate the {-no_fsync} and {-dangerous} fields by
using the Getopt::Long hashref directly. This will make it
easier to support additional CLI options (e.g. --cow).
Our internal APIs now defaults to disabling fsync, however the
CLI tools still override that internal default to enable fsync.
Having our internals default to disabling fsync can slightly
improve test performance, since they're the main users of our
unstable internal API.
Eric Wong [Tue, 26 Aug 2025 19:50:48 +0000 (19:50 +0000)]
overidx: take Getopt::Long options hashref directly
Taking the Getopt::Long options hashref directly will allow us
to support future options more easily and avoid copying/mapping
fields (e.g. {-no_fsync}, {journal_mode}) across different
object types).
Eric Wong [Tue, 26 Aug 2025 19:50:47 +0000 (19:50 +0000)]
t/lei_store: ensure over.sqlite3 uses WAL
As lei is a single user store, it's always used WAL since it
should improve parallelism and I/O patterns. An additional test
here will ensure bugs don't slip in where we forget to enable
WAL.
Eric Wong [Tue, 26 Aug 2025 19:50:45 +0000 (19:50 +0000)]
searchidx: take Getopt::Long options hashref on create
Relying more on the hashref populated by Getopt::Long should
reduce cognitive overhead. Future commits will allow us to
eliminate the {-no_fsync} and {-dangerous} fields and allow
us to more easily support new switches for toggling CoW/No_COW,
and other options for SQLite and Xapian tuning.
Eric Wong [Tue, 26 Aug 2025 19:50:44 +0000 (19:50 +0000)]
t/ipc: improve test reliability
->wq_close works asynchronously, nowadays, so processes may
not be completely done writing warnings when the parent process
reads the file. We'll test some untested methods after test_die
to ensure the worker has had time to write the exception to the
warning log. Finally, we'll explain warning contents on failure
in case it happens again.
Eric Wong [Tue, 26 Aug 2025 19:50:43 +0000 (19:50 +0000)]
lei_saved_search: avoid //= on complex hashref assignment
Setting $self->{oidx} via `//=' may be unsafe due to
->lock_for_scope setting $self->{lock_fh}. While this is not
known to cause problems at the moment, it may be problematic in
future as we've had to deal with subtle bugs in similar code in
the past.
Eric Wong [Tue, 26 Aug 2025 19:50:42 +0000 (19:50 +0000)]
init: store Getopt::Long options in hashref
We will pass this options hashref freely across internal
backends, so using a hashref is more consistent with the rest
of our codebase and allows eliminating some local variables.
Eric Wong [Tue, 26 Aug 2025 19:50:41 +0000 (19:50 +0000)]
extindex|v2: defrag SQLite and Xapian DBs on btrfs
Doing periodic defrags ought to improve performance and perhaps
allow CoW to be usable with btrfs. The autodefrag mount option
of btrfs(5) doesn't seem recommended by btrfs developers since
it's too aggressive, defragments too often, and wears out devices.
Performing defrag on our end should allow users to tune a more
ideal defrag interval to maintain performance while avoiding
excessive device wear.
projects / thirdparty / public-inbox.git / log
