about summary refs log tree commit homepage
DateCommit message (Collapse)
2011-04-26unicorn 3.6.1 - fix OpenSSL PRNG workaround v3.6.1
Our attempt in 3.6.0 to workaround a problem with the OpenSSL PRNG actually made the problem worse. This release corrects the workaround to properly reseed the OpenSSL PRNG after forking.
2011-04-26properly reseed OpenSSL::Random after forking
Using the return value of Kernel#srand actually made the problem worse. Using the value of Kernel#rand is required to actually get a random value to seed the OpenSSL PRNG. Thanks to ghazel for the bug report!
2011-04-21unicorn 3.6.0 - small fixes, PRNG workarounds v3.6.0
Mainly small fixes, improvements, and workarounds for fork() issues with pseudo-random number generators shipped with Ruby (Kernel#rand, OpenSSL::Random (used by SecureRandom and also by Rails). The PRNG issues are documented in depth here (and links to Ruby Redmine): http://bogomips.org/unicorn.git/commit?id=1107ede7 http://bogomips.org/unicorn.git/commit?id=b3241621 If you're too lazy to upgrade, you can just do this in your after_fork hooks: after_fork do |server,worker| tmp = srand OpenSSL::Random.seed(tmp.to_s) if defined?(OpenSSL::Random) end There are also small log reopening (SIGUSR1) improvements: * relative paths may also be reopened, there's a small chance this will break with a handful of setups, but unlikely. This should make configuration easier especially since the "working_directory" configurator directive exists. Brought up by Matthew Kocher: http://thread.gmane.org/gmane.comp.lang.ruby.unicorn.general/900 * workers will just die (and restart) if log reopening fails for any reason (including user error). This is to workaround the issue reported by Emmanuel Gomez: http://thread.gmane.org/gmane.comp.lang.ruby.unicorn.general/906
2011-04-21http_server: fix Rainbows! compatibility
Older Rainbows! redefines the ready_pipe= accessor method to call internal after_fork hooks.
2011-04-20KNOWN_ISSUES: document PRNG changes in 3.6.0
2011-04-18documentation cleanup/reduction
Don't clutter up our RDoc/website with things that users of Unicorn don't need to see. This should make user-relevant documentation easier to find, especially since Unicorn is NOT intended to be an API.
2011-04-18reseed OpenSSL PRNG upon fork() of workers
OpenSSL seeds its PRNG with the process ID, so if a process ID is recycled, there's a chance of indepedent workers getting repeated PRNG sequences over a long time period iff the same PID is used. This only affects deployments that meet both of the following conditions: 1) OpenSSL::Random.random_bytes is called before forking 2) worker (but not master) processes are die unexpectedly The SecureRandom module in Ruby (and Rails) uses the OpenSSL PRNG if available. SecureRandom is used by Rails and called when the application is loaded, so most Rails apps with frequently dying worker processes are affected. Of course dying worker processes are bad and entirely the fault of bad application/library code, not the fault of Unicorn. Thanks for Alexander Dymo for reporting this. ref: http://redmine.ruby-lang.org/issues/4579
2011-04-18reinitialize PRNG for latest Ruby 1.8.7 releases
The current versions of Ruby 1.8 do not reseed the PRNG after forking, so we'll work around that by calling Kernel#srand. ref: http://redmine.ruby-lang.org/issues/show/4338
2011-04-13fix some 1.9.3dev warnings
2011-04-13configurator: fix broken local variable
Oops, changing a method definition for RDoc means code needs to be updated, too :x
2011-04-13GNUmakefile: s/Config/RbConfig/
"Config" is deprecated and warns under 1.9.3dev
2011-04-13http_server: workers die on log reopen failures
They should then recover and inherit writable descriptors from the master when it respawns.
2011-04-13http_parser: remove RDoc
It's not needed for users, so avoid confusing them. Unicorn itself is not intended to be an API, it just hosts Rack applications.
2011-04-13configurator: miscellaneous RDoc improvements
Mainly formatting and such, but some wording changes.
2011-04-13worker: improve RDoc, point users to Configurator#user
2011-04-13configurator: remove outdated user example in after_fork
Configurator itself supports user at the top-level.
2011-04-12Document "user" directive in example unicorn conf
2011-04-01util: allow relative paths to be rotated
Users keep both pieces if it's broken :)
2011-04-01bump dependencies for testing
No need to use an ancient Rack now that we've dropped Rails 2.3.x tests. We need to remember that Rack 1.1.0 doesn't support input#size.
2011-04-01drop Rails 2.3.x tests
They were transitionary releases and the logic to deal with them and Rack versioning was too much overhead.
2011-03-29add examples/logrotate.conf
logrotate is the de facto tool for logrotation, so an example config for highlighting important parts are in order. Since our USR1 signal handling is part of the crusade against the slow and lossy "copytruncate" option, be sure to emphasize that :)
2011-03-27tmpio: do not redefine size method under 1.9.2+
File#size is available in 1.9.2
2011-03-22DESIGN: fix redundant wording
"P" in HTTP is already "protocol"
2011-03-22README: s/Gemcutter/RubyGems.org/
Gemcutter is the old name
2011-03-15unicorn 3.5.0 - very minor improvements v3.5.0
A small set of small changes but it's been more than a month since our last release. There are minor memory usage and efficiently improvements (for graceful shutdowns). MRI 1.8.7 users on *BSD should be sure they're using the latest patchlevel (or upgrade to 1.9.x) because we no longer workaround their broken stdio (that's MRI's job :)
2011-03-08gemspec: update kgio dependency to 2.3.2
People reinstalling would've pulled it in anyways, but 2.3.2 is the latest and has no known issues.
2011-03-08gemspec: no need for require_paths
2011-02-25tee_input: remove old *BSD stdio workaround
Ruby 1.8.* users should get the latest Ruby 1.8.7 anyways since they contain critical bugfixes. We don't keep workarounds forever since the root problem is fixed/worked-around in upstream and people have had more than a year to upgrade Ruby.
2011-02-18clear listeners array on SIGQUIT
We don't want to repeatedly reclose the same IOs and keep raising exceptions this way.
2011-02-16README: clarify the versions of "Ruby license"
Ruby 1.9.3dev is now using the 2-clause BSD License, not the GPLv2. Do not mislead people into thinking we will switch to any BSD License, we won't.
2011-02-10Revert "test_helper: simplify random port binding"
This causes conflicts with ports clients may use in the ephemeral range since those do not hold FS locks. This reverts commit e597e594ad88dc02d70f7d3521d0d3bdc23739bb. Conflicts: test/test_helper.rb
2011-02-10remove unnecessary &block usage
They needlessly allocate Proc objects
2011-02-07test_helper: avoid FD leakage/waste
No need to unnecessarily leave file descriptor open.
2011-02-04unicorn 3.4.0 - for people with very big LANs v3.4.0
* IPv6 support in the HTTP hostname parser and configuration language. Configurator syntax for "listen" addresses should be the same as nginx. Even though we support IPv6, we will never support non-LAN/localhost clients connecting to Unicorn. * TCP_NOPUSH/TCP_CORK is enabled by default to optimize for bandwidth usage and avoid unnecessary wakeups in nginx. * Updated KNOWN_ISSUES document for bugs in recent Ruby 1.8.7 (RNG needs reset after fork) and nginx+sendfile()+FreeBSD 8. * examples/nginx.conf updated for modern stable versions of nginx. * "Status" in headers no longer ignored in the response, Rack::Lint already enforces this so we don't duplicate the work. * All tests pass under Ruby 1.9.3dev * various bugfixes in the (mostly unused) ExecCGI class that powers http://bogomips.org/unicorn.git
2011-02-04bump dependency on kgio
This is needed for IPv6 support, and 2.2.0 is nicer all around for Rainbows! users. Updates wrongdoc while we're at it, too.
2011-02-03test/unit: fix tests under Ruby 1.9.3dev
Ugh, one day I'll clean them up, one day...
2011-02-02Fix Ruby 1.9.3dev warnings
for i in `git ls-files '*.rb'`; do ruby -w -c $i; done
2011-02-02test_helper: simplify random port binding
2011-02-02socket_helper: cleanup leftover debugging statement
Oops! Ugh, not my day...
2011-02-02socket_helper: export tcp_name as a module_function
2011-02-02allow binding on IPv6 sockets with listen "[#{addr}]:#{port}"
This is much like how nginx does it, except we always require a port when explicitly binding to IPv6 using the "listen" directive. This also adds support to listen with an address-only, which can be useful to Rainbows! users.
2011-02-02http: parser handles IPv6 bracketed IP hostnames
Just in case we have people that don't use DNS, we can support folks who enter ugly IPv6 addresses... IPv6 uses brackets around the address to avoid confusing the colons used in the address with the colon used to denote the TCP port number in URIs.
2011-01-31force socket options to defaults if unspecified
This reduces surprise when people (correctly) believe removing an option from the config file will return things back to our internal defaults.
2011-01-31enable TCP_NOPUSH/TCP_CORK by default
It's actually harmless since Unicorn only supports "fast" applications that do not trickle, and we don't do keepalive so we'll always flush-on-close. This should reduce wakeups on the nginx proxy server if nginx is over TCP. Mongrel 1.x had TCP_CORK enabled by default, too.
2011-01-31test_upload: check size in server
The client may not get a proper response with TCP_CORK enabled
2011-01-28KNOWN_ISSUES: document broken RNG+fork in newer Ruby 1.8
Reported by: ghazel@gmail.com ref: <AANLkTimTpPATTpkoD2EYA2eM1+5OzCN=WxnCygQmJdhn@mail.gmail.com>
2011-01-25examples/nginx.conf: use try_files directive
This feature is in nginx 0.7.x and 0.8.x and optimized better than the "if" directive in nginx.conf ref: http://wiki.nginx.org/Pitfalls ref: http://wiki.nginx.org/IfIsEvil
2011-01-25examples/nginx: avoid unnecessary listen directive
There's no need to use listen unless you use non-default port or can enable "deferred" or "httpready" (which you usually want).
2011-01-25KNOWN_ISSUES: split old stuff into its own section
Ruby 1.9.1, Sinatra 0.3.x, and Rails 2.3.2 are not in common use anymore (at least we don't think).
2011-01-25KNOWN_ISSUES: FreeBSD 8 and sendfile can be buggy
Reported by Alexey Bondar.