1bdc30bdb1
* io: make file descriptors non-inheritable by default This prevents file descriptors/handles leakage to child processes that might cause issues like running out of file descriptors, or potential security issues like leaking a file descriptor to a restricted file. While this breaks backward compatibility, I'm rather certain that not many programs (if any) actually make use of this implementation detail. A new API `setInheritable` is provided for the few that actually want to use this functionality. * io: disable inheritance at file creation time for supported platforms Some platforms provide extension to fopen-family of functions to allow for disabling descriptor inheritance atomically during File creation. This guards against possible leaks when a child process is spawned before we managed to disable the file descriptor inheritance (ie. in a multi-threaded program). * net, nativesockets: make sockets non inheritable by default With this commit, sockets will no longer leak to child processes when you don't want it to. Should solves a lot of "address in use" that might occur when your server has just restarted. All APIs that create sockets in these modules now expose a `inheritable` flag that allow users to toggle inheritance for the resulting sockets. An implementation of `setInheritance()` is also provided for SocketHandle. While atomically disabling inheritance at creation time is supported on Windows, it's only implemented by native winsock2, which is too much for now. This support can be implemented in a future patch. * posix: add F_DUPFD_CLOEXEC This command duplicates file descriptor with close-on-exec flag set. Defined in POSIX.1-2008. * ioselectors_kqueue: don't leak file descriptors File descriptors internally used by ioselectors on BSD/OSX are now shielded from leakage. * posix: add O_CLOEXEC This flag allows file descriptors to be open() with close-on-exec flag set atomically. This flag is specified in POSIX.1-2008 * tfdleak: test for selectors leakage Also simplified the test by using handle-type agnostic APIs to test for validity. * ioselectors_epoll: mark all fd created close-on-exec File descriptors from ioselectors should no longer leaks on Linux. * tfdleak: don't check for selector leakage on Windows The getFd proc for ioselectors_select returns a hardcoded -1 * io: add NoInheritFlag at compile time * io: add support for ioctl-based close-on-exec This allows for the flag to be set/unset in one syscall. While the performance gains might be negliable, we have one less failure point to deal with. * tfdleak: add a test for setInheritable * stdlib: add nimInheritHandles to restore old behaviors * memfiles: make file handle not inheritable by default for posix * io: setInheritable now operates on OS file handle On Windows, the native handle is the only thing that's inheritable, thus we can assume that users of this function will already have the handle available to them. This also allows users to pass down file descriptors from memfiles on Windows with ease, should that be desired. With this, nativesockets.setInheritable can be made much simpler. * changelog: clarify * nativesockets: document setInheritable return value * posix_utils: atomically disable fd inheritance for mkstemp
Nim 
This repository contains the Nim compiler, Nim's stdlib, tools and documentation. For more information about Nim, including downloads and documentation for the latest release, check out Nim's website or bleeding edge docs.
Community
- The forum - the best place to ask questions and to discuss Nim.
- #nim IRC Channel (Freenode) - a place to discuss Nim in real-time. Also where most development decisions get made.
- Gitter - an additional place to discuss Nim in real-time. There is a bridge between Gitter and the IRC channel.
- Telegram - an additional place to discuss Nim in real-time. There is the official Telegram channel.
- Stack Overflow - a popular Q/A site for programming related topics that includes posts about Nim.
- Github Wiki - Misc user-contributed content.
Compiling
The compiler currently officially supports the following platform and architecture combinations:
- Windows (Windows XP or greater) - x86 and x86_64
- Linux (most, if not all, distributions) - x86, x86_64, ppc64 and armv6l
- Mac OS X (10.04 or greater) - x86, x86_64 and ppc64
More platforms are supported, however they are not tested regularly and they may not be as stable as the above-listed platforms.
Compiling the Nim compiler is quite straightforward if you follow these steps:
First, the C source of an older version of the Nim compiler is needed to
bootstrap the latest version because the Nim compiler itself is written in the
Nim programming language. Those C sources are available within the
nim-lang/csources repository.
Next, to build from source you will need:
- A C compiler such as
gcc3.x/later or an alternative such asclang,Visual C++orIntel C++. It is recommended to usegcc3.x or later. - Either
gitorwgetto download the needed source repositories. - The
build-essentialpackage when usinggccon Ubuntu (and likely other distros as well).
Then, if you are on a *nix system or Windows, the following steps should compile
Nim from source using gcc, git and the koch build tool.
Note: The following commands are for the development version of the compiler. For most users, installing the latest stable version is enough. Check out the installation instructions on the website to do so: https://nim-lang.org/install.html.
For package maintainers: see packaging guidelines.
First get Nim from github:
git clone https://github.com/nim-lang/Nim.git
cd Nim
Next run the appropriate build shell script for your platform:
build_all.sh(Linux, Mac)build_all.bat(Windows)
Finally, once you have finished the build steps (on Windows, Mac or Linux) you
should add the bin directory to your PATH.
Koch
koch is the build tool used to build various parts of Nim and to generate
documentation and the website, among other things. The koch tool can also
be used to run the Nim test suite.
Assuming that you added Nim's bin directory to your PATH, you may execute
the tests using ./koch tests. The tests take a while to run, but you
can run a subset of tests by specifying a category (for example
./koch tests cat async).
For more information on the koch build tool please see the documentation
within the doc/koch.rst file.
Nimble
nimble is Nim's package manager. To learn more about it, see the
nim-lang/nimble repository.
Contributors
This project exists thanks to all the people who contribute.
Contributing
See detailed contributing guidelines. We welcome all contributions to Nim regardless of how small or large they are. Everything from spelling fixes to new modules to be included in the standard library are welcomed and appreciated. Before you start contributing, you should familiarize yourself with the following repository structure:
bin/,build/- these directories are empty, but are used when Nim is built.compiler/- the compiler source code. Also includes nimfix, and plugins withincompiler/nimfixandcompiler/pluginsrespectively.nimsuggest- the nimsuggest tool that previously lived in thenim-lang/nimsuggestrepository.config/- the configuration for the compiler and documentation generator.doc/- the documentation files in reStructuredText format.lib/- the standard library, including:pure/- modules in the standard library written in pure Nim.impure/- modules in the standard library written in pure Nim with dependencies written in other languages.wrappers/- modules which wrap dependencies written in other languages.
tests/- contains categorized tests for the compiler and standard library.tools/- the tools includingniminstandnimweb(mostly invoked viakoch).koch.nim- tool used to bootstrap Nim, generate C sources, build the website, and generate the documentation.
If you are not familiar with making a pull request using GitHub and/or git, please read this guide.
Ideally you should make sure that all tests pass before submitting a pull request.
However, if you are short on time, you can just run the tests specific to your
changes by only running the corresponding categories of tests. Travis CI verifies
that all tests pass before allowing the pull request to be accepted, so only
running specific tests should be harmless.
Integration tests should go in tests/untestable.
If you're looking for ways to contribute, please look at our issue tracker.
There are always plenty of issues labelled Easy; these should
be a good starting point for an initial contribution to Nim.
You can also help with the development of Nim by making donations. Donations can be made using:
If you have any questions feel free to submit a question on the Nim forum, or via IRC on the #nim channel.
Backers
Thank you to all our backers! [Become a backer]
Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]
You can also see a list of all our sponsors/backers from various payment services on the sponsors page of our website.
License
The compiler and the standard library are licensed under the MIT license, except for some modules which explicitly state otherwise. As a result you may use any compatible license (essentially any license) for your own programs developed with Nim. You are explicitly permitted to develop commercial applications using Nim.
Please read the copying.txt file for more details.
Copyright © 2006-2020 Andreas Rumpf, all rights reserved.