* [ANN] unicorn 3.6.0 - small fixes, PRNG workarounds
@ 2011-04-21 6:56 Eric Wong
2011-04-26 22:38 ` ghazel
2011-04-26 23:17 ` Eric Wong
0 siblings, 2 replies; 4+ messages in thread
From: Eric Wong @ 2011-04-21 6:56 UTC (permalink / raw)
To: mongrel-unicorn
Changes:
Mainly small fixes, improvements, and workarounds for fork() issues
with pseudo-random number generators shipped with Ruby (Kernel#rand,
OpenSSL::Random (used by SecureRandom and also by Rails).
The PRNG issues are documented in depth here (and links to Ruby Redmine):
http://bogomips.org/unicorn.git/commit?id=1107ede7
http://bogomips.org/unicorn.git/commit?id=b3241621
If you're too lazy to upgrade, you can just do this in your after_fork
hooks:
after_fork do |server,worker|
tmp = srand
OpenSSL::Random.seed(tmp.to_s) if defined?(OpenSSL::Random)
end
There are also small log reopening (SIGUSR1) improvements:
* relative paths may also be reopened, there's a small chance this
will break with a handful of setups, but unlikely. This should
make configuration easier especially since the "working_directory"
configurator directive exists. Brought up by Matthew Kocher:
http://thread.gmane.org/gmane.comp.lang.ruby.unicorn.general/900
* workers will just die (and restart) if log reopening fails for
any reason (including user error). This is to workaround the issue
reported by Emmanuel Gomez:
http://thread.gmane.org/gmane.comp.lang.ruby.unicorn.general/906
* http://unicorn.bogomips.org/
* mongrel-unicorn@rubyforge.org
* git://bogomips.org/unicorn.git
--
Eric Wong
_______________________________________________
Unicorn mailing list - mongrel-unicorn@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-unicorn
Do not quote signatures (like this one) or top post when replying
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [ANN] unicorn 3.6.0 - small fixes, PRNG workarounds
2011-04-21 6:56 [ANN] unicorn 3.6.0 - small fixes, PRNG workarounds Eric Wong
@ 2011-04-26 22:38 ` ghazel
2011-04-26 23:01 ` Eric Wong
2011-04-26 23:17 ` Eric Wong
1 sibling, 1 reply; 4+ messages in thread
From: ghazel @ 2011-04-26 22:38 UTC (permalink / raw)
To: unicorn list
Is it possible there is a problem with this change? Since I upgraded
to 3.6.0 I have encountered two collisions on
ActiveSupport::SecureRandom.hex(64), which seems very unlikely, since
it has never happened in the history of my app otherwise.
-Greg
On Wednesday, April 20, 2011, Eric Wong <normalperson@yhbt.net> wrote:
> Changes:
>
> Mainly small fixes, improvements, and workarounds for fork() issues
> with pseudo-random number generators shipped with Ruby (Kernel#rand,
> OpenSSL::Random (used by SecureRandom and also by Rails).
>
> The PRNG issues are documented in depth here (and links to Ruby Redmine):
>
> http://bogomips.org/unicorn.git/commit?id=1107ede7
> http://bogomips.org/unicorn.git/commit?id=b3241621
>
> If you're too lazy to upgrade, you can just do this in your after_fork
> hooks:
>
> after_fork do |server,worker|
> tmp = srand
> OpenSSL::Random.seed(tmp.to_s) if defined?(OpenSSL::Random)
> end
>
> There are also small log reopening (SIGUSR1) improvements:
>
> * relative paths may also be reopened, there's a small chance this
> will break with a handful of setups, but unlikely. This should
> make configuration easier especially since the "working_directory"
> configurator directive exists. Brought up by Matthew Kocher:
> http://thread.gmane.org/gmane.comp.lang.ruby.unicorn.general/900
>
> * workers will just die (and restart) if log reopening fails for
> any reason (including user error). This is to workaround the issue
> reported by Emmanuel Gomez:
> http://thread.gmane.org/gmane.comp.lang.ruby.unicorn.general/906
>
>
> * http://unicorn.bogomips.org/
> * mongrel-unicorn@rubyforge.org
> * git://bogomips.org/unicorn.git
>
> --
> Eric Wong
> _______________________________________________
> Unicorn mailing list - mongrel-unicorn@rubyforge.org
> http://rubyforge.org/mailman/listinfo/mongrel-unicorn
> Do not quote signatures (like this one) or top post when replying
>
_______________________________________________
Unicorn mailing list - mongrel-unicorn@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-unicorn
Do not quote signatures (like this one) or top post when replying
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [ANN] unicorn 3.6.0 - small fixes, PRNG workarounds
2011-04-26 22:38 ` ghazel
@ 2011-04-26 23:01 ` Eric Wong
0 siblings, 0 replies; 4+ messages in thread
From: Eric Wong @ 2011-04-26 23:01 UTC (permalink / raw)
To: unicorn list
ghazel@gmail.com wrote:
> On Wednesday, April 20, 2011, Eric Wong <normalperson@yhbt.net> wrote:
> > Changes:
> >
> > Mainly small fixes, improvements, and workarounds for fork() issues
> > with pseudo-random number generators shipped with Ruby (Kernel#rand,
> > OpenSSL::Random (used by SecureRandom and also by Rails).
> >
> > The PRNG issues are documented in depth here (and links to Ruby Redmine):
> >
> > http://bogomips.org/unicorn.git/commit?id=1107ede7
> > http://bogomips.org/unicorn.git/commit?id=b3241621
(top-posting corrected)
> Is it possible there is a problem with this change? Since I upgraded
> to 3.6.0 I have encountered two collisions on
> ActiveSupport::SecureRandom.hex(64), which seems very unlikely, since
> it has never happened in the history of my app otherwise.
Oops, the return value of srand shouldn't be relied on, I need to call
Kernel#rand instead. My attempt to fix things actually made the problem
worse (which is why I pushed upstream Ruby to fix the problem, first :).
The following should fix it (3.6.1 release coming):
diff --git a/lib/unicorn/http_server.rb b/lib/unicorn/http_server.rb
index d70de45..3077b95 100644
--- a/lib/unicorn/http_server.rb
+++ b/lib/unicorn/http_server.rb
@@ -492,11 +492,11 @@ class Unicorn::HttpServer
def after_fork_internal
@ready_pipe.close if @ready_pipe
self.ready_pipe = nil # XXX Rainbows! compat, change for Unicorn 4.x
- tmp = srand # http://redmine.ruby-lang.org/issues/4338
+ srand # http://redmine.ruby-lang.org/issues/4338
# The OpenSSL PRNG is seeded with only the pid, and apps with frequently
# dying workers can recycle pids
- OpenSSL::Random.seed(tmp.to_s) if defined?(OpenSSL::Random)
+ OpenSSL::Random.seed(rand.to_s) if defined?(OpenSSL::Random)
end
def spawn_missing_workers
--
Eric Wong
_______________________________________________
Unicorn mailing list - mongrel-unicorn@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-unicorn
Do not quote signatures (like this one) or top post when replying
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [ANN] unicorn 3.6.0 - small fixes, PRNG workarounds
2011-04-21 6:56 [ANN] unicorn 3.6.0 - small fixes, PRNG workarounds Eric Wong
2011-04-26 22:38 ` ghazel
@ 2011-04-26 23:17 ` Eric Wong
1 sibling, 0 replies; 4+ messages in thread
From: Eric Wong @ 2011-04-26 23:17 UTC (permalink / raw)
To: mongrel-unicorn
Eric Wong <normalperson@yhbt.net> wrote:
> If you're too lazy to upgrade, you can just do this in your after_fork
> hooks:
>
> after_fork do |server,worker|
> tmp = srand
> OpenSSL::Random.seed(tmp.to_s) if defined?(OpenSSL::Random)
> end
Do this instead if you're too lazy to upgrade:
after_fork do |server,worker|
srand
OpenSSL::Random.seed(rand.to_s) if defined?(OpenSSL::Random)
end
3.6.1 has a similar fix. Thanks to ghazel for reporting the bug.
--
Eric Wong
_______________________________________________
Unicorn mailing list - mongrel-unicorn@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-unicorn
Do not quote signatures (like this one) or top post when replying
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-04-26 23:27 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-04-21 6:56 [ANN] unicorn 3.6.0 - small fixes, PRNG workarounds Eric Wong
2011-04-26 22:38 ` ghazel
2011-04-26 23:01 ` Eric Wong
2011-04-26 23:17 ` Eric Wong
Code repositories for project(s) associated with this public inbox
https://yhbt.net/unicorn.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).