Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rethink logging #133

Merged
merged 2 commits into from
Feb 6, 2024
Merged

Rethink logging #133

merged 2 commits into from
Feb 6, 2024

Conversation

ltratt
Copy link
Member

@ltratt ltratt commented Feb 5, 2024

In 45666ba we moved to the log crate and friends --- but that's just bitten us with atty as a dependency which has a security advisory.

This PR removes log and back to our own (small) custom logging (that deals with stderr and syslog) (a61aec7). As a bonus I finally added the ability to see which requests are coming in (with -vv) (eba8bac). Both commits contain a bit more detail. Lightly tested on b13 and my main server and working fine.

@ltratt
Move away from the log crate.
a61aec7 
In retrospect, moving to this was a mistake: it adds lots of dependencies
(including one that has a security advisory), but we can easily replicate
its features locally, and do so in a way that doesn't rely on implicit
global variables.

This commit therefore is a sort-of manual reversion of 45666ba (an actual
revert is impossible as too much has changed since then), but also very
slightly improves the situation that pertained before 45666ba.
@ltratt
Add info debugging.
eba8bac 
It is useful, particularly when something seems to be going wrong with
snare or github settings, to have a verbosity level that tells you when
a request has been received.
@vext01
Copy link
Member

vext01 commented Feb 5, 2024

Are you sure you want to do this? The log crate is pervasive across the rust ecosystem. Someone must be working on a fix?

@ltratt
Copy link
Member Author

ltratt commented Feb 5, 2024

Maybe they are --- but this change also reduces the binary size by almost 10%, so it's a win in other ways.

@vext01
Copy link
Member

vext01 commented Feb 5, 2024

It's up to you. I'm not sure I'd have gone my own way if it were mine. People know how log works, disk is cheap and you wouldn't have to have all that extra code.

By the way, your vuln doesn't come from log at all, it comes from stderrlog:

atty 0.2.14
└── stderrlog 0.5.4
    └── snare 0.4.9

You could still use one of the standard logging libs if you wanted, for example env_logger which has no known vulns.

If you say merge, I will, but I'd just use env_logger and be done with it :P

@ltratt
Copy link
Member Author

ltratt commented Feb 5, 2024

Honestly, for a daemon, I think the lightweight logging in this PR is probably for the best. I should have stuck with it in the first place!

@vext01 vext01 added this pull request to the merge queue Feb 6, 2024
Merged via the queue into softdevteam:master with commit aed2eda Feb 6, 2024
2 checks passed
@ltratt ltratt deleted the rethink_logging branch April 2, 2024 11:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@vext01 vext01

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ltratt @vext01