passenger 5.1.10 → 5.1.11

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of passenger might be problematic. Click here for more details.

Files changed (200) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +18 -0
  3. data/Rakefile +20 -17
  4. data/bin/passenger-install-apache2-module +14 -11
  5. data/build/agent.rb +45 -18
  6. data/build/apache2.rb +32 -16
  7. data/build/basics.rb +29 -40
  8. data/build/common_library.rb +70 -54
  9. data/build/cxx_tests.rb +34 -43
  10. data/build/integration_tests.rb +10 -10
  11. data/build/misc.rb +6 -6
  12. data/build/node_tests.rb +1 -2
  13. data/build/oxt_tests.rb +7 -5
  14. data/build/packaging.rb +11 -441
  15. data/build/ruby_extension.rb +1 -1
  16. data/build/ruby_tests.rb +1 -2
  17. data/build/support/cplusplus.rb +6 -5
  18. data/build/support/cxx_dependency_map.rb +357 -833
  19. data/build/support/general.rb +23 -1
  20. data/build/test_basics.rb +3 -28
  21. data/dev/ci/tests/rpm/Jenkinsfile +68 -0
  22. data/dev/ci/tests/rpm/run +63 -0
  23. data/dev/ci/tests/source-packaging/run +1 -1
  24. data/dev/ci/tests/source-packaging/setup +1 -1
  25. data/doc/{Packaging.txt.md → Packaging.md} +0 -0
  26. data/resources/templates/apache2/deployment_example.txt.erb +2 -2
  27. data/resources/templates/apache2/multiple_apache_installations_detected.txt.erb +2 -2
  28. data/resources/templates/nginx/deployment_example.txt.erb +1 -1
  29. data/resources/templates/standalone/mass_deployment_default_server.erb +2 -2
  30. data/resources/templates/standalone/server.erb +2 -2
  31. data/src/agent/AgentMain.cpp +0 -4
  32. data/src/agent/Core/CoreMain.cpp +88 -5
  33. data/src/agent/Core/SpawningKit/Spawner.h +2 -1
  34. data/src/agent/Shared/Fundamentals/AbortHandler.cpp +1109 -0
  35. data/src/agent/Shared/Fundamentals/AbortHandler.h +63 -0
  36. data/src/agent/Shared/Fundamentals/Implementation.cpp +7 -0
  37. data/src/agent/Shared/Fundamentals/Initialization.cpp +614 -0
  38. data/src/agent/Shared/{Base.h → Fundamentals/Initialization.h} +23 -14
  39. data/src/agent/Shared/Fundamentals/Utils.cpp +127 -0
  40. data/src/agent/Shared/Fundamentals/Utils.h +46 -0
  41. data/src/agent/TempDirToucher/TempDirToucherMain.cpp +1 -1
  42. data/src/agent/Watchdog/CoreWatcher.cpp +3 -1
  43. data/src/agent/Watchdog/InstanceDirToucher.cpp +90 -53
  44. data/src/agent/Watchdog/WatchdogMain.cpp +13 -29
  45. data/src/apache2_module/Hooks.cpp +4 -1
  46. data/src/cxx_supportlib/ConfigKit/Store.h +32 -5
  47. data/src/cxx_supportlib/Constants.h +1 -2
  48. data/src/cxx_supportlib/Crypto.cpp +2 -1
  49. data/src/cxx_supportlib/Hooks.h +16 -37
  50. data/src/cxx_supportlib/LoggingKit/Context.h +22 -0
  51. data/src/cxx_supportlib/LoggingKit/Forward.h +1 -0
  52. data/src/cxx_supportlib/LoggingKit/Implementation.cpp +106 -22
  53. data/src/cxx_supportlib/ProcessManagement/Ruby.cpp +106 -0
  54. data/src/{agent/UstRouter/FileSink.h → cxx_supportlib/ProcessManagement/Ruby.h} +23 -47
  55. data/src/cxx_supportlib/ProcessManagement/Spawn.cpp +199 -0
  56. data/src/cxx_supportlib/ProcessManagement/Spawn.h +150 -0
  57. data/src/cxx_supportlib/ProcessManagement/Utils.cpp +459 -0
  58. data/src/cxx_supportlib/ProcessManagement/Utils.h +107 -0
  59. data/src/cxx_supportlib/Utils.cpp +41 -561
  60. data/src/cxx_supportlib/Utils.h +0 -68
  61. data/src/cxx_supportlib/Utils/AsyncSignalSafeUtils.h +187 -0
  62. data/src/cxx_supportlib/Utils/ProcessMetricsCollector.h +14 -2
  63. data/src/cxx_supportlib/WatchdogLauncher.h +2 -12
  64. data/src/cxx_supportlib/oxt/dynamic_thread_group.hpp +2 -2
  65. data/src/cxx_supportlib/vendor-modified/jsoncpp/json-forwards.h +4 -0
  66. data/src/cxx_supportlib/vendor-modified/jsoncpp/json.h +16 -1
  67. data/src/cxx_supportlib/vendor-modified/jsoncpp/jsoncpp.cpp +12 -9
  68. data/src/cxx_supportlib/vendor-modified/libev/ev++.h +4 -4
  69. data/src/cxx_supportlib/vendor-modified/libev/ev.h +3 -3
  70. data/src/nginx_module/CacheLocationConfig.c +0 -75
  71. data/src/nginx_module/CacheLocationConfig.c.cxxcodebuilder +1 -0
  72. data/src/nginx_module/Configuration.c +0 -1
  73. data/src/nginx_module/Configuration.h +0 -1
  74. data/src/nginx_module/ConfigurationCommands.c +1 -1
  75. data/src/nginx_module/ContentHandler.c +0 -1
  76. data/src/nginx_module/ContentHandler.h +0 -1
  77. data/src/nginx_module/CreateLocationConfig.c +0 -5
  78. data/src/nginx_module/CreateLocationConfig.c.cxxcodebuilder +1 -0
  79. data/src/nginx_module/LocationConfig.h +0 -4
  80. data/src/nginx_module/LocationConfig.h.cxxcodebuilder +2 -1
  81. data/src/nginx_module/MergeLocationConfig.c +0 -12
  82. data/src/nginx_module/MergeLocationConfig.c.cxxcodebuilder +1 -0
  83. data/src/nginx_module/ngx_http_passenger_module.h +0 -1
  84. data/src/ruby_supportlib/phusion_passenger.rb +1 -1
  85. data/src/ruby_supportlib/phusion_passenger/common_library.rb +20 -11
  86. data/src/ruby_supportlib/phusion_passenger/config/api_call_command.rb +1 -1
  87. data/src/ruby_supportlib/phusion_passenger/config/reopen_logs_command.rb +0 -1
  88. data/src/ruby_supportlib/phusion_passenger/config/validate_install_command.rb +10 -3
  89. data/src/ruby_supportlib/phusion_passenger/console_text_template.rb +3 -1
  90. data/src/ruby_supportlib/phusion_passenger/constants.rb +0 -1
  91. data/src/ruby_supportlib/phusion_passenger/debug_logging.rb +1 -1
  92. data/src/ruby_supportlib/phusion_passenger/loader_shared_helpers.rb +32 -6
  93. data/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb +0 -1
  94. data/src/ruby_supportlib/phusion_passenger/packaging.rb +2 -4
  95. data/src/ruby_supportlib/phusion_passenger/platform_info/apache.rb +101 -20
  96. data/src/ruby_supportlib/phusion_passenger/platform_info/apache_detector.rb +21 -9
  97. data/src/ruby_supportlib/phusion_passenger/platform_info/compiler.rb +34 -31
  98. data/src/ruby_supportlib/phusion_passenger/platform_info/cxx_portability.rb +3 -1
  99. data/src/ruby_supportlib/phusion_passenger/platform_info/depcheck_specs/apache2.rb +2 -14
  100. data/src/ruby_supportlib/phusion_passenger/platform_info/operating_system.rb +40 -3
  101. data/src/ruby_supportlib/phusion_passenger/standalone/app_finder.rb +15 -14
  102. data/src/ruby_supportlib/phusion_passenger/standalone/config_options_list.rb +1 -1
  103. data/src/ruby_supportlib/phusion_passenger/standalone/config_utils.rb +1 -1
  104. data/src/ruby_supportlib/phusion_passenger/standalone/start_command.rb +8 -3
  105. data/src/ruby_supportlib/phusion_passenger/standalone/start_command/nginx_engine.rb +19 -18
  106. data/src/ruby_supportlib/phusion_passenger/standalone/stop_command.rb +6 -1
  107. data/src/ruby_supportlib/phusion_passenger/vendor/daemon_controller.rb +17 -1
  108. metadata +19 -97
  109. data/build/documentation.rb +0 -70
  110. data/doc/CloudLicensingConfiguration.html +0 -172
  111. data/doc/CloudLicensingConfiguration.txt.md +0 -3
  112. data/doc/Packaging.html +0 -488
  113. data/doc/Security of user switching support.idmap.txt +0 -34
  114. data/doc/Security of user switching support.txt +0 -197
  115. data/doc/ServerOptimizationGuide.html +0 -172
  116. data/doc/ServerOptimizationGuide.txt.md +0 -3
  117. data/doc/images/by_sa.png +0 -0
  118. data/doc/images/cloud_licensing_batch_job.png +0 -0
  119. data/doc/images/code_walkthrough.jpg +0 -0
  120. data/doc/images/direct_spawning.png +0 -0
  121. data/doc/images/direct_spawning.svg +0 -251
  122. data/doc/images/glyphicons-halflings-white.png +0 -0
  123. data/doc/images/glyphicons-halflings.png +0 -0
  124. data/doc/images/icons/README +0 -5
  125. data/doc/images/icons/callouts/1.png +0 -0
  126. data/doc/images/icons/callouts/10.png +0 -0
  127. data/doc/images/icons/callouts/11.png +0 -0
  128. data/doc/images/icons/callouts/12.png +0 -0
  129. data/doc/images/icons/callouts/13.png +0 -0
  130. data/doc/images/icons/callouts/14.png +0 -0
  131. data/doc/images/icons/callouts/15.png +0 -0
  132. data/doc/images/icons/callouts/2.png +0 -0
  133. data/doc/images/icons/callouts/3.png +0 -0
  134. data/doc/images/icons/callouts/4.png +0 -0
  135. data/doc/images/icons/callouts/5.png +0 -0
  136. data/doc/images/icons/callouts/6.png +0 -0
  137. data/doc/images/icons/callouts/7.png +0 -0
  138. data/doc/images/icons/callouts/8.png +0 -0
  139. data/doc/images/icons/callouts/9.png +0 -0
  140. data/doc/images/icons/caution.png +0 -0
  141. data/doc/images/icons/example.png +0 -0
  142. data/doc/images/icons/home.png +0 -0
  143. data/doc/images/icons/important.png +0 -0
  144. data/doc/images/icons/next.png +0 -0
  145. data/doc/images/icons/note.png +0 -0
  146. data/doc/images/icons/prev.png +0 -0
  147. data/doc/images/icons/tip.png +0 -0
  148. data/doc/images/icons/up.png +0 -0
  149. data/doc/images/icons/warning.png +0 -0
  150. data/doc/images/many_web_framework_protocols.png +0 -0
  151. data/doc/images/passenger_architecture.png +0 -0
  152. data/doc/images/passenger_architecture.svg +0 -385
  153. data/doc/images/passenger_architecture_overview.png +0 -0
  154. data/doc/images/passenger_core_architecture.png +0 -0
  155. data/doc/images/passenger_nodejs_architecture.svg +0 -558
  156. data/doc/images/phusion_banner.png +0 -0
  157. data/doc/images/rack.png +0 -0
  158. data/doc/images/smart_spawning.png +0 -0
  159. data/doc/images/smart_spawning.svg +0 -323
  160. data/doc/images/spawn_server_architecture.png +0 -0
  161. data/doc/images/spawn_server_architecture.svg +0 -655
  162. data/doc/images/spawning_preparation_work.png +0 -0
  163. data/doc/images/startup_sequence.png +0 -0
  164. data/doc/images/typical_isolated_web_application.png +0 -0
  165. data/doc/images/typical_isolated_web_application.svg +0 -213
  166. data/doc/users_guide_snippets/alternative_for_flying_passenger.txt +0 -1
  167. data/doc/users_guide_snippets/analysis_and_system_maintenance.txt +0 -61
  168. data/doc/users_guide_snippets/appendix_a_about.txt +0 -13
  169. data/doc/users_guide_snippets/appendix_b_terminology.txt +0 -71
  170. data/doc/users_guide_snippets/appendix_c_spawning_methods.txt +0 -36
  171. data/doc/users_guide_snippets/deployment_basics.txt +0 -37
  172. data/doc/users_guide_snippets/enterprise_only.txt +0 -1
  173. data/doc/users_guide_snippets/environment_variables.txt +0 -44
  174. data/doc/users_guide_snippets/global_queueing_explained.txt +0 -74
  175. data/doc/users_guide_snippets/installation.txt +0 -228
  176. data/doc/users_guide_snippets/installation/run_installer.txt +0 -58
  177. data/doc/users_guide_snippets/installation/verify_running_epilogue.txt +0 -6
  178. data/doc/users_guide_snippets/passenger_spawn_method.txt +0 -37
  179. data/doc/users_guide_snippets/rackup_specifications.txt +0 -1
  180. data/doc/users_guide_snippets/rvm_helper_tool.txt +0 -44
  181. data/doc/users_guide_snippets/since_version.txt +0 -1
  182. data/doc/users_guide_snippets/support_information.txt +0 -8
  183. data/doc/users_guide_snippets/tips.txt +0 -302
  184. data/doc/users_guide_snippets/troubleshooting/default.txt +0 -48
  185. data/doc/users_guide_snippets/troubleshooting/rails.txt +0 -59
  186. data/doc/users_guide_snippets/under_the_hood/page_caching_support.txt +0 -24
  187. data/doc/users_guide_snippets/under_the_hood/relationship_with_ruby.txt +0 -10
  188. data/doc/users_guide_snippets/where_to_get_support.txt +0 -9
  189. data/src/agent/Shared/Base.cpp +0 -1678
  190. data/src/agent/UstRouter/ApiServer.h +0 -292
  191. data/src/agent/UstRouter/Client.h +0 -112
  192. data/src/agent/UstRouter/Controller.h +0 -1309
  193. data/src/agent/UstRouter/LogSink.h +0 -145
  194. data/src/agent/UstRouter/OptionParser.h +0 -180
  195. data/src/agent/UstRouter/RemoteSender.h +0 -853
  196. data/src/agent/UstRouter/RemoteSink.h +0 -145
  197. data/src/agent/UstRouter/Transaction.h +0 -278
  198. data/src/agent/UstRouter/UstRouterMain.cpp +0 -681
  199. data/src/agent/Watchdog/UstRouterWatcher.cpp +0 -80
  200. data/src/ruby_supportlib/phusion_passenger/platform_info/macos.rb +0 -45
@@ -25,7 +25,7 @@
25
25
  class CxxCodeTemplateRenderer
26
26
  def initialize(filename)
27
27
  if !defined?(CxxCodeBuilder)
28
- require 'build/support/vendor/cxxcodebuilder/lib/cxxcodebuilder'
28
+ require_build_system_file('support/vendor/cxxcodebuilder/lib/cxxcodebuilder')
29
29
  end
30
30
  code = File.open(filename, 'rb') do |f|
31
31
  f.read
@@ -117,3 +117,25 @@ end
117
117
  def shesc(path)
118
118
  Shellwords.escape(path)
119
119
  end
120
+
121
+ LET_CACHE = {}
122
+
123
+ def let(name)
124
+ name = name.to_sym
125
+ Kernel.send(:define_method, name) do
126
+ if LET_CACHE.key?(name)
127
+ LET_CACHE[name]
128
+ else
129
+ LET_CACHE[name] = yield
130
+ end
131
+ end
132
+ end
133
+
134
+ def maybe_eval_lambda(lambda_or_value)
135
+ if lambda_or_value.respond_to?(:call)
136
+ lambda_or_value.call
137
+ else
138
+ lambda_or_value
139
+ end
140
+ end
141
+
@@ -48,10 +48,9 @@ task 'test:install_deps' do
48
48
  gem_install = "#{PlatformInfo.ruby_sudo_command} #{gem_install}" if boolean_option('SUDO')
49
49
  default = boolean_option('DEVDEPS_DEFAULT', true)
50
50
  install_base_deps = boolean_option('BASE_DEPS', default)
51
- install_doctools = boolean_option('DOCTOOLS', default)
52
51
 
53
52
  if deps_target = string_option('DEPS_TARGET')
54
- bundle_args = "--path #{Shellwords.escape deps_target} #{ENV['BUNDLE_ARGS']}".strip
53
+ bundle_args = "--path #{shesc deps_target} #{ENV['BUNDLE_ARGS']}".strip
55
54
  else
56
55
  bundle_args = ENV['BUNDLE_ARGS'].to_s
57
56
  end
@@ -62,36 +61,12 @@ task 'test:install_deps' do
62
61
  sh "#{gem_install} bundler"
63
62
  end
64
63
 
65
- if install_base_deps && install_doctools
64
+ if install_base_deps
66
65
  sh "bundle install #{bundle_args} --without="
67
66
  else
68
- if install_base_deps
69
- sh "bundle install #{bundle_args} --without doc release"
70
- end
71
- if install_doctools
72
- sh "bundle install #{bundle_args} --without base"
73
- end
67
+ sh "bundle install #{bundle_args} --without base"
74
68
  end
75
69
 
76
- if install_doctools
77
- # workaround for issue "bluecloth not found" when using 1.12.x
78
- sh "#{gem_install} bundler --version 1.11.2"
79
- sh "rvm list"
80
- end
81
-
82
- if boolean_option('USH_BUNDLES', default)
83
- # see what is available for Submodule tests just in case Travis CI environment changes
84
- # || true to avoid missing rvm command triggering a failure on Jenkins CI
85
- sh "rvm list || true"
86
-
87
- sh "cd src/ruby_supportlib/phusion_passenger/vendor/union_station_hooks_core" \
88
- " && bundle install #{bundle_args} --with travis --without doc notravis"
89
- sh "cd src/ruby_supportlib/phusion_passenger/vendor/union_station_hooks_rails" \
90
- " && bundle install #{bundle_args} --without doc notravis"
91
- sh "cd src/ruby_supportlib/phusion_passenger/vendor/union_station_hooks_rails" \
92
- " && bundle exec rake install_test_app_bundles" \
93
- " BUNDLE_ARGS='#{bundle_args}'"
94
- end
95
70
  if boolean_option('NODE_MODULES', default)
96
71
  sh "yarn install #{yarn_args}"
97
72
  end
@@ -0,0 +1,68 @@
1
+ def setupTest(enablerFlag, distribution, architecture, block) {
2
+ if (enablerFlag) {
3
+ node('linux') {
4
+ withEnv([
5
+ "CACHE_DIR=${env.JENKINS_HOME}/cache/${env.JOB_NAME}/${distribution}-${architecture}",
6
+ "DISTRIBUTION=${distribution}",
7
+ "ARCHITECTURE=${architecture}"
8
+ ], block)
9
+ }
10
+ } else {
11
+ echo 'Test skipped.'
12
+ }
13
+ }
14
+
15
+ pipeline {
16
+ agent any
17
+
18
+ options {
19
+ buildDiscarder(logRotator(numToKeepStr: '10'))
20
+ timeout(time: 45, unit: 'MINUTES')
21
+ disableConcurrentBuilds()
22
+ timestamps()
23
+ ansiColor('xterm')
24
+ }
25
+
26
+ parameters {
27
+ booleanParam(name: 'EL6', defaultValue: true, description: 'RHEL 6 tests')
28
+ booleanParam(name: 'EL7', defaultValue: true, description: 'RHEL 7 tests')
29
+ }
30
+
31
+ stages {
32
+ stage('Initialize') {
33
+ steps {
34
+ script {
35
+ if (env.JOB_NAME.indexOf('Enterprise') != -1) {
36
+ env.ENTERPRISE = '1'
37
+ } else {
38
+ env.ENTERPRISE = '0'
39
+ }
40
+
41
+ // For debugging purposes
42
+ sh 'env | sort'
43
+ }
44
+ }
45
+ }
46
+
47
+ stage('Test') {
48
+ steps {
49
+ script {
50
+ parallel(
51
+ 'el6 x86_64': {
52
+ setupTest(params.EL6, 'el6', 'x86_64') {
53
+ checkout scm
54
+ sh './dev/ci/tests/rpm/run'
55
+ }
56
+ },
57
+ 'el7 x86_64': {
58
+ setupTest(params.EL7, 'el7', 'x86_64') {
59
+ checkout scm
60
+ sh './dev/ci/tests/rpm/run'
61
+ }
62
+ }
63
+ )
64
+ }
65
+ }
66
+ }
67
+ }
68
+ }
@@ -0,0 +1,63 @@
1
+ #!/bin/bash
2
+ # This script is from the "Passenger RPM packaging test" Jenkins job. It builds
3
+ # packages for a specific distribution and architecture and runs tests on the resulting packages.
4
+ #
5
+ # Required environment variables:
6
+ #
7
+ # WORKSPACE
8
+ # DISTRIBUTION
9
+ # ARCHITECTURE
10
+ #
11
+ # Optional environment variables:
12
+ #
13
+ # PASSENGER_ROOT (defaults to $WORKSPACE)
14
+ # CACHE_DIR (defaults to $WORKSPACE/cache)
15
+ # ENTERPRISE
16
+ # DEBUG_CONSOLE
17
+ #
18
+ # Sample invocation in Vagrant dev environment:
19
+ #
20
+ # env WORKSPACE=$HOME DISTRIBUTION=el7 ARCHITECTURE=x86_64 PASSENGER_ROOT=/passenger ./dev/ci/rpm/run
21
+
22
+ set -e
23
+ SELFDIR=$(dirname "$0")
24
+ cd "$SELFDIR/../../../../packaging/rpm"
25
+ # shellcheck source=../../../../packaging/rpm/internal/lib/library.sh
26
+ source "./internal/lib/library.sh"
27
+ # shellcheck source=../../../../packaging/rpm/internal/lib/distro_info.sh
28
+ source "./internal/lib/distro_info.sh"
29
+
30
+ require_envvar WORKSPACE "$WORKSPACE"
31
+ require_envvar DISTRIBUTION "$DISTRIBUTION"
32
+ require_envvar ARCHITECTURE "$ARCHITECTURE"
33
+
34
+ PASSENGER_ROOT="${PASSENGER_ROOT:-$WORKSPACE}"
35
+ CACHE_DIR="${CACHE_DIR:-$WORKSPACE/cache}"
36
+
37
+ TEST_DISTRO_NAME=$(el_name_to_distro_name "$DISTRIBUTION")
38
+ if [[ "$DEBUG_CONSOLE" = true ]]; then
39
+ EXTRA_TEST_PARAMS=-D
40
+ else
41
+ EXTRA_TEST_PARAMS=
42
+ fi
43
+ if [[ "$ENTERPRISE" = 1 ]]; then
44
+ EXTRA_TEST_PARAMS="$EXTRA_TEST_PARAMS -e /etc/passenger-enterprise-license"
45
+ fi
46
+
47
+ run mkdir -p "$CACHE_DIR"
48
+ run ./build \
49
+ -w "$WORKSPACE/work" \
50
+ -c "$CACHE_DIR" \
51
+ -o "$WORKSPACE/output" \
52
+ -p "$PASSENGER_ROOT" \
53
+ -d "$DISTRIBUTION" \
54
+ -a "$ARCHITECTURE" \
55
+ -R \
56
+ rpm:all
57
+ run ./test \
58
+ -p "$PASSENGER_ROOT" \
59
+ -d "$WORKSPACE/output/$DISTRIBUTION" \
60
+ -c "$CACHE_DIR" \
61
+ -x "$TEST_DISTRO_NAME" \
62
+ -j \
63
+ $EXTRA_TEST_PARAMS
@@ -1,4 +1,4 @@
1
1
  #!/bin/bash
2
2
  set -e
3
3
 
4
- run bundle exec rspec -f s -c test/integration_tests/source_packaging_test.rb
4
+ run bundle exec drake "-j$COMPILE_CONCURRENCY" test:source_packaging
@@ -1,4 +1,4 @@
1
1
  #!/bin/bash
2
2
  set -e
3
3
 
4
- retry_run 3 rake test:install_deps BASE_DEPS=yes DOCTOOLS=yes
4
+ retry_run 3 rake test:install_deps BASE_DEPS=yes
File without changes
@@ -5,7 +5,7 @@ guide:
5
5
 
6
6
  <yellow><%= @deployment_guide_url %></yellow>
7
7
 
8
- Enjoy Phusion Passenger, a product of Phusion (<b><%= @phusion_website %></b>) :-)
8
+ Enjoy Phusion Passenger, a product of Phusion® (<b><%= @phusion_website %></b>) :-)
9
9
  <b><%= @passenger_website %></b>
10
10
 
11
- Phusion Passenger is a registered trademark of Hongli Lai & Ninh Bui.
11
+ Passenger® is a registered trademark of Phusion Holding B.V.
@@ -4,12 +4,12 @@ You are about to install <%= PhusionPassenger::PROGRAM_NAME %> against the follo
4
4
  Apache installation:
5
5
 
6
6
  <b>Apache <%= @current.version %></b>
7
- apxs2 : <%= @current.apxs2 %>
7
+ apxs2 : <%= @current.apxs2 || 'N/A (OS-provided install)' %>
8
8
  Executable: <%= @current.httpd %>
9
9
 
10
10
  However, <%= @other_installs.size %> other Apache installation(s) have been found on your system:
11
11
  <% @other_installs.each do |result| %>
12
12
  * Apache <%= result.version %>
13
- apxs2 : <%= result.apxs2 %>
13
+ apxs2 : <%= result.apxs2 || 'N/A (OS-provided install)' %>
14
14
  Executable: <%= result.httpd %>
15
15
  <% end %>
@@ -8,4 +8,4 @@ guide:
8
8
  Enjoy Phusion Passenger, a product of Phusion (<b><%= @phusion_website %></b>) :-)
9
9
  <b><%= @passenger_website %></b>
10
10
 
11
- Phusion Passenger is a registered trademark of Hongli Lai & Ninh Bui.
11
+ Passenger® is a registered trademark of Phusion Holding B.V.
@@ -1,9 +1,9 @@
1
1
  <% if @options[:ssl] %>
2
2
  <% if @options[:ssl_port] %>
3
3
  listen <%= nginx_listen_address %>;
4
- listen <%= nginx_listen_address_with_ssl_port %> ssl;
4
+ listen <%= nginx_listen_address_with_ssl_port %> ssl http2;
5
5
  <% else %>
6
- listen <%= nginx_listen_address %> ssl;
6
+ listen <%= nginx_listen_address %> ssl http2;
7
7
  <% end %>
8
8
  <% else %>
9
9
  listen <%= nginx_listen_address %>;
@@ -2,9 +2,9 @@ server_name <%= app[:server_names].join(' ') %>;
2
2
  <% if app[:ssl] %>
3
3
  <% if app[:ssl_port] %>
4
4
  listen <%= nginx_listen_address(app) %>;
5
- listen <%= nginx_listen_address_with_ssl_port(app) %> ssl;
5
+ listen <%= nginx_listen_address_with_ssl_port(app) %> ssl http2;
6
6
  <% else %>
7
- listen <%= nginx_listen_address(app) %> ssl;
7
+ listen <%= nginx_listen_address(app) %> ssl http2;
8
8
  <% end %>
9
9
  ssl_certificate <%= app[:ssl_certificate] %>;
10
10
  ssl_certificate_key <%= app[:ssl_certificate_key] %>;
@@ -32,7 +32,6 @@ using namespace std;
32
32
 
33
33
  int watchdogMain(int argc, char *argv[]);
34
34
  int coreMain(int argc, char *argv[]);
35
- int ustRouterMain(int argc, char *argv[]);
36
35
  int systemMetricsMain(int argc, char *argv[]);
37
36
  int tempDirToucherMain(int argc, char *argv[]);
38
37
  int spawnPreparerMain(int argc, char *argv[]);
@@ -54,7 +53,6 @@ usage(int argc, char *argv[]) {
54
53
  printf("Daemon subcommands:\n");
55
54
  printf(" core\n");
56
55
  printf(" watchdog\n");
57
- printf(" ust-router\n");
58
56
  printf("\n");
59
57
  printf("Utility subcommands:\n");
60
58
  printf(" system-metrics\n");
@@ -82,8 +80,6 @@ dispatchSubcommand(int argc, char *argv[]) {
82
80
  exit(watchdogMain(argc, argv));
83
81
  } else if (strcmp(argv[1], "core") == 0) {
84
82
  exit(coreMain(argc, argv));
85
- } else if (strcmp(argv[1], "ust-router") == 0) {
86
- exit(ustRouterMain(argc, argv));
87
83
  } else if (strcmp(argv[1], "system-metrics") == 0) {
88
84
  exit(systemMetricsMain(argc, argv));
89
85
  } else if (strcmp(argv[1], "temp-dir-toucher") == 0) {
@@ -71,7 +71,7 @@
71
71
  #include <ev++.h>
72
72
  #include <jsoncpp/json.h>
73
73
 
74
- #include <Shared/Base.h>
74
+ #include <Shared/Fundamentals/Initialization.h>
75
75
  #include <Shared/ApiServerUtils.h>
76
76
  #include <Constants.h>
77
77
  #include <ServerKit/Server.h>
@@ -97,6 +97,7 @@
97
97
  using namespace boost;
98
98
  using namespace oxt;
99
99
  using namespace Passenger;
100
+ using namespace Passenger::Agent::Fundamentals;
100
101
  using namespace Passenger::ApplicationPool2;
101
102
 
102
103
 
@@ -823,6 +824,80 @@ prestartWebApps() {
823
824
  );
824
825
  }
825
826
 
827
+ /**
828
+ * See warnIfPassengerRootVulnerable()
829
+ */
830
+ static void
831
+ warnIfPathVulnerable(const char *path, string &warnings) {
832
+ struct stat pathStat;
833
+
834
+ if (stat(path, &pathStat) == -1) {
835
+ P_DEBUG("Vulnerability check skipped: stat error on " << path << " (errno: " << errno << ")");
836
+ return; // fatal: we need that stat for both checks below
837
+ }
838
+
839
+ // Non-root ownership
840
+ struct passwd pathOwner;
841
+ struct passwd *pwdResult;
842
+
843
+ boost::shared_array<char> strings;
844
+ long stringsBufSize = std::max<long>(1024 * 128, sysconf(_SC_GETPW_R_SIZE_MAX));
845
+ strings.reset(new char[stringsBufSize]);
846
+ errno = 0;
847
+ if (getpwuid_r(pathStat.st_uid, &pathOwner, strings.get(), stringsBufSize, &pwdResult) == -1) {
848
+ P_DEBUG("Vulnerability check (owner) skipped: getpwuid_r error on " << path << " (owner UID: " <<
849
+ pathStat.st_uid << ", errno: " << errno << ")");
850
+ } else if (pwdResult == NULL) {
851
+ P_DEBUG("Vulnerability check (owner) skipped: getpwuid_r empty on " << path << " (owner UID: " <<
852
+ pathStat.st_uid << ", errno: " << errno << ")");
853
+ } else if (pathOwner.pw_uid != 0) {
854
+ warnings.append("\nThe path \"");
855
+ warnings.append(path);
856
+ warnings.append("\" can be modified by user \"");
857
+ warnings.append(pathOwner.pw_name);
858
+ warnings.append("\" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.");
859
+ }
860
+
861
+ // World writeable access rights
862
+ if ((pathStat.st_mode & S_IWOTH) != 0) {
863
+ warnings.append("\nThe path \"");
864
+ warnings.append(path);
865
+ warnings.append("\" is writeable by any user (or application). Limit write access on the path to only the root user/group.");
866
+ }
867
+ }
868
+
869
+ /*
870
+ * Emit a warning (log) if the Passenger root dir (and/or its parents) can be modified by non-root users
871
+ * while Passenger was run as root (because non-root users can then tamper with something running as root).
872
+ * It's just a convenience warning, so check failures are only logged at the debug level.
873
+ *
874
+ * N.B. we limit our checking to use cases that can easily (gotcha) lead to this vulnerable setup, such as
875
+ * installing Passenger via gem or tarball in a user dir, and then running it as root (for example by installing
876
+ * it as nginx or apache module). We do not check the entire installation file/dir structure for whether users have
877
+ * changed owner or access rights.
878
+ */
879
+ static void
880
+ warnIfPassengerRootVulnerable(const string &passengerRoot) {
881
+ TRACE_POINT();
882
+
883
+ if (geteuid() != 0) {
884
+ return; // Passenger is not root, so no escalation.
885
+ }
886
+
887
+ string checkPath = absolutizePath(passengerRoot);
888
+ // Check the Passenger root and all dirs above it for ownership and world-writeability
889
+ string warnings;
890
+ while (!checkPath.empty() && checkPath != "/") {
891
+ warnIfPathVulnerable(checkPath.c_str(), warnings);
892
+
893
+ checkPath = extractDirName(checkPath);
894
+ }
895
+ if (!warnings.empty()) {
896
+ P_WARN("WARNING: potential privilege escalation vulnerability. Passenger is running as root, and part(s) of the passenger root path (" <<
897
+ passengerRoot << ") can be changed by non-root user(s):" << warnings);
898
+ }
899
+ }
900
+
826
901
  static void
827
902
  reportInitializationInfo() {
828
903
  TRACE_POINT();
@@ -871,7 +946,9 @@ mainLoop() {
871
946
  && maxCpus <= CPU_SETSIZE;
872
947
  #endif
873
948
 
874
- installDiagnosticsDumper(dumpDiagnosticsOnCrash, NULL);
949
+ Agent::Fundamentals::context->abortHandlerConfig.diagnosticsDumper = dumpDiagnosticsOnCrash;
950
+ Agent::Fundamentals::abortHandlerConfigChanged();
951
+
875
952
  for (unsigned int i = 0; i < wo->threadWorkingObjects.size(); i++) {
876
953
  ThreadWorkingObjects *two = &wo->threadWorkingObjects[i];
877
954
  two->bgloop->start("Main event loop: thread " + toString(i + 1), 0);
@@ -976,7 +1053,8 @@ waitForExitEvent() {
976
1053
  TRACE_POINT();
977
1054
  if (syscalls::select(largestFd + 1, &fds, NULL, NULL, NULL) == -1) {
978
1055
  int e = errno;
979
- installDiagnosticsDumper(NULL, NULL);
1056
+ Agent::Fundamentals::context->abortHandlerConfig.diagnosticsDumper = NULL;
1057
+ Agent::Fundamentals::abortHandlerConfigChanged();
980
1058
  throw SystemException("select() failed", e);
981
1059
  }
982
1060
 
@@ -1020,7 +1098,8 @@ waitForExitEvent() {
1020
1098
  &fds, NULL, NULL, NULL) == -1)
1021
1099
  {
1022
1100
  int e = errno;
1023
- installDiagnosticsDumper(NULL, NULL);
1101
+ Agent::Fundamentals::context->abortHandlerConfig.diagnosticsDumper = NULL;
1102
+ Agent::Fundamentals::abortHandlerConfigChanged();
1024
1103
  throw SystemException("select() failed", e);
1025
1104
  }
1026
1105
 
@@ -1035,7 +1114,10 @@ cleanup() {
1035
1114
 
1036
1115
  P_DEBUG("Shutting down " SHORT_PROGRAM_NAME " core...");
1037
1116
  wo->appPool->destroy();
1038
- installDiagnosticsDumper(NULL, NULL);
1117
+
1118
+ Agent::Fundamentals::context->abortHandlerConfig.diagnosticsDumper = dumpDiagnosticsOnCrash;
1119
+ Agent::Fundamentals::abortHandlerConfigChanged();
1120
+
1039
1121
  for (unsigned i = 0; i < wo->threadWorkingObjects.size(); i++) {
1040
1122
  ThreadWorkingObjects *two = &wo->threadWorkingObjects[i];
1041
1123
  two->bgloop->stop();
@@ -1096,6 +1178,7 @@ runCore() {
1096
1178
  prestartWebApps();
1097
1179
 
1098
1180
  UPDATE_TRACE_POINT();
1181
+ warnIfPassengerRootVulnerable(agentsOptions->get("passenger_root"));
1099
1182
  reportInitializationInfo();
1100
1183
  mainLoop();
1101
1184