gracekill 0.1.2

A minimal utility to gracefully terminate processes with graceful escalation of SIGTERM to SIGKILL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230

#![warn(clippy::all, clippy::pedantic, clippy::cargo)]

use std::env;
use std::io::{self, Write};
use std::process;
use std::thread;
use std::time::{Duration, Instant};

use nix::sys::signal::{self, Signal as NixSignal};
use nix::unistd::Pid;

const DEFAULT_GRACE_SECONDS: u64 = 25;

fn main() {
    let args: Vec<String> = env::args().collect();

    if args.len() < 2 {
        print_usage(&args[0]);
        process::exit(1);
    }

    let (pids, grace_period, exit_non_zero_if_sigkill_required) = match parse_args(&args[1..]) {
        Ok(result) => result,
        Err(e) => {
            eprintln!("Error: {e}");
            print_usage(&args[0]);
            process::exit(1);
        }
    };

    if pids.is_empty() {
        eprintln!("Error: No PIDs provided");
        process::exit(1);
    }

    log(&format!(
        "Starting graceful kill for {} process(es) with {}s grace period",
        pids.len(),
        grace_period.as_secs()
    ));

    // Send SIGTERM to all processes
    let active_pids = send_signal_to_all(&pids, Signal::Term);

    if active_pids.is_empty() {
        log("No processes to wait for");
        process::exit(2); // No processes could be signaled
    }

    // Wait for processes to exit gracefully
    let start = Instant::now();
    let mut remaining = active_pids;

    while !remaining.is_empty() && start.elapsed() < grace_period {
        thread::sleep(Duration::from_millis(100));
        remaining.retain(|&pid| {
            if is_process_running(pid) {
                true
            } else {
                log(&format!("Process {pid} exited gracefully"));
                false
            }
        });
    }

    // Send SIGKILL to remaining processes
    if remaining.is_empty() {
        log("All processes exited gracefully");
        process::exit(0);
    } else {
        log(&format!(
            "{} process(es) still running after grace period, sending SIGKILL",
            remaining.len()
        ));

        // Filter to only processes still running, then send SIGKILL
        let still_running: Vec<u32> = remaining
            .into_iter()
            .filter(|&pid| {
                if is_process_running(pid) {
                    true
                } else {
                    log(&format!("Process {pid} exited before SIGKILL"));
                    false
                }
            })
            .collect();

        send_signal_to_all(&still_running, Signal::Kill);
        if exit_non_zero_if_sigkill_required {
            process::exit(3);
        } else {
            process::exit(0);
        }
    }
}

fn print_usage(program: &str) {
    eprintln!("Usage: {program} [options] <pid>[,pid...]");
    eprintln!();
    eprintln!("Arguments:");
    eprintln!("  pid                    Process ID(s) to kill (comma or space separated)");
    eprintln!();
    eprintln!("Options:");
    eprintln!(
        "  -g, --grace-seconds                    Grace period in seconds (default: {DEFAULT_GRACE_SECONDS})"
    );
    eprintln!("  --exit-non-zero-if-sigkill-required   Exit with code 3 if SIGKILL was required");
    eprintln!();
    eprintln!("Examples:");
    eprintln!("  {program} 1234 5678");
    eprintln!("  {program} -g 10 1234 5678");
    eprintln!("  {program} --grace-seconds 30 1234,5678,9012");
}

fn parse_and_validate_pid(pid_str: &str) -> Result<u32, String> {
    let pid = pid_str
        .parse::<u32>()
        .map_err(|_| format!("Invalid PID: '{pid_str}'"))?;
    if pid == 0 {
        return Err("PID 0 not allowed (affects process group)".to_string());
    }
    Ok(pid)
}

fn send_signal_to_all(pids: &[u32], signal: Signal) -> Vec<u32> {
    let signal_name = match signal {
        Signal::Term => "SIGTERM",
        Signal::Kill => "SIGKILL",
    };

    let mut successful_pids = Vec::with_capacity(pids.len());
    for &pid in pids {
        match send_signal(pid, signal) {
            Ok(()) => {
                log(&format!("Sent {signal_name} to PID {pid}"));
                successful_pids.push(pid);
            }
            Err(e) => {
                log(&format!("Failed to send {signal_name} to PID {pid}: {e}"));
            }
        }
    }
    successful_pids
}

fn parse_args(args: &[String]) -> Result<(Vec<u32>, Duration, bool), String> {
    let mut pids = Vec::new();
    let mut grace_seconds = DEFAULT_GRACE_SECONDS;
    let mut exit_non_zero_if_sigkill_required = false;
    let mut i = 0;

    while i < args.len() {
        let arg = &args[i];

        if arg == "-g" || arg == "--grace-seconds" {
            i += 1;
            if i >= args.len() {
                return Err("Missing value for grace-seconds".to_string());
            }
            grace_seconds = args[i]
                .parse::<u64>()
                .map_err(|_| format!("Invalid grace-seconds value: '{}'", args[i]))?;
        } else if arg.starts_with("--grace-seconds=") {
            let value = arg.strip_prefix("--grace-seconds=").unwrap();
            grace_seconds = value
                .parse::<u64>()
                .map_err(|_| format!("Invalid grace-seconds value: '{value}'"))?;
        } else if arg == "--exit-non-zero-if-sigkill-required" {
            exit_non_zero_if_sigkill_required = true;
        } else if arg.starts_with('-') {
            return Err(format!("Unknown option: '{arg}'"));
        } else {
            // Parse PIDs (comma or space separated)
            let pid_strings = if arg.contains(',') {
                arg.split(',').map(str::trim).collect::<Vec<_>>()
            } else {
                vec![arg.as_str()]
            };

            for pid_str in pid_strings {
                let pid = parse_and_validate_pid(pid_str)?;
                pids.push(pid);
            }
        }

        i += 1;
    }

    Ok((
        pids,
        Duration::from_secs(grace_seconds),
        exit_non_zero_if_sigkill_required,
    ))
}

#[derive(Copy, Clone)]
enum Signal {
    Term,
    Kill,
}

fn send_signal(pid: u32, signal: Signal) -> Result<(), String> {
    let nix_signal = match signal {
        Signal::Term => NixSignal::SIGTERM,
        Signal::Kill => NixSignal::SIGKILL,
    };

    let nix_pid =
        Pid::from_raw(i32::try_from(pid).map_err(|_| "PID too large for system".to_string())?);

    match signal::kill(nix_pid, nix_signal) {
        Ok(()) => Ok(()),
        Err(nix::errno::Errno::ESRCH) => Err("Process not found".to_string()),
        Err(nix::errno::Errno::EPERM) => Err("Permission denied".to_string()),
        Err(e) => Err(format!("Failed to send signal: {e}")),
    }
}

fn is_process_running(pid: u32) -> bool {
    let Ok(nix_pid) = i32::try_from(pid).map(Pid::from_raw) else {
        return false; // PID too large, can't exist
    };
    // Send signal 0 to check if process exists
    signal::kill(nix_pid, None).is_ok()
}

fn log(message: &str) {
    let _ = writeln!(io::stderr(), "[gracekill] {message}");
}