Date | Commit message (Collapse) |
|
OpenSSL seeds its PRNG with the process ID, so if a process ID
is recycled, there's a chance of indepedent workers getting
repeated PRNG sequences over a long time period iff the same
PID is used.
This only affects deployments that meet both of the following
conditions:
1) OpenSSL::Random.random_bytes is called before forking
2) worker (but not master) processes are die unexpectedly
The SecureRandom module in Ruby (and Rails) uses the OpenSSL
PRNG if available. SecureRandom is used by Rails and called
when the application is loaded, so most Rails apps with
frequently dying worker processes are affected.
Of course dying worker processes are bad and entirely the
fault of bad application/library code, not the fault of
Unicorn.
Thanks for Alexander Dymo for reporting this.
ref: http://redmine.ruby-lang.org/issues/4579
|
|
The current versions of Ruby 1.8 do not reseed the PRNG after
forking, so we'll work around that by calling Kernel#srand.
ref: http://redmine.ruby-lang.org/issues/show/4338
|
|
They should then recover and inherit writable descriptors
from the master when it respawns.
|
|
We don't want to repeatedly reclose the same IOs
and keep raising exceptions this way.
|
|
for i in `git ls-files '*.rb'`; do ruby -w -c $i; done
|
|
Response bodies may capture the block passed to each
and save it for body.close, so don't close the socket
before we have a chance to call body.close
|
|
No need to preserve the response tuplet if we're just
going to unpack it eventually.
|
|
|
|
We can just use a begin block at startup, this also makes life
easier on RDoc.
|
|
More config bloat, sadly this is necessary for Rainbows! :<
|
|
Since modern machines have more memory these days and
clients are sending more data, avoiding potentially slow
filesystem operations for larger uploads can be useful
for some applications.
|
|
"Unicorn" is no longer in the default constant resolution
namespace.
|
|
This allows users to override the current Rack spec and disable
the rewindable input requirement. This can allow applications
to use less I/O to minimize the performance impact when
processing uploads.
|
|
To reduce CPU wakeups and save power during off hours,
we can precalculate a safe amount to sleep before killing
off idle workers.
|
|
If a moronic sysadmin is sending too many signals, just let them
do it. It's likely something is terribly wrong when the server
is overloaded with signals, so don't try to protect users from
it. This will also help in case where TTOU signals are sent too
quickly during shutdown, although sleeping between kill(2)
syscalls is always a good idea because of how non-real-time
signals are delivered.
|
|
This should be easier for Rainbows! to use
|
|
We clobber the accessor methods.
|
|
This also affects some constant scoping rules, but hopefully
makes things easier to follow. Accessing ivars (not via
accessor methods) are also slightly faster, so use them in
the criticial process_client code path.
|