puma 5.0.4 → 5.6.4

data/lib/puma/launcher.rb

@@ -15,6 +15,7 @@ module Puma
   # It is responsible for either launching a cluster of Puma workers or a single
   # puma server.
   class Launcher
+    # @deprecated 6.0.0
     KEYS_NOT_TO_PERSIST_IN_STATE = [
        :logger, :lowlevel_error_handler,
        :before_worker_shutdown, :before_worker_boot, :before_worker_fork,
@@ -58,6 +59,13 @@ module Puma
 
       @config.load
 
+      if @config.options[:bind_to_activated_sockets]
+        @config.options[:binds] = @binder.synthesize_binds_from_activated_fs(
+          @config.options[:binds],
+          @config.options[:bind_to_activated_sockets] == 'only'
+        )
+      end
+
       @options = @config.options
       @config.clamp
 
@@ -66,7 +74,7 @@ module Puma
 
       generate_restart_data
 
-      if clustered? && !Process.respond_to?(:fork)
+      if clustered? && !Puma.forkable?
         unsupported "worker mode not supported on #{RUBY_ENGINE} on this platform"
       end
 
@@ -87,6 +95,8 @@ module Puma
       Puma.stats_object = @runner
 
       @status = :run
+
+      log_config if ENV['PUMA_LOG_CONFIG']
     end
 
     attr_reader :binder, :events, :config, :options, :restart_dir
@@ -168,6 +178,7 @@ module Puma
 
       setup_signals
       set_process_title
+      integrate_with_systemd
       @runner.run
 
       case @status
@@ -207,6 +218,10 @@ module Puma
     def close_binder_listeners
       @runner.close_control_listeners
       @binder.close_listeners
+      unless @status == :restart
+        log "=== puma shutdown: #{Time.now} ==="
+        log "- Goodbye!"
+      end
     end
 
     # @!attribute [r] thread_status
@@ -229,11 +244,10 @@ module Puma
     def write_pid
       path = @options[:pidfile]
       return unless path
-
-      File.open(path, 'w') { |f| f.puts Process.pid }
-      cur = Process.pid
+      cur_pid = Process.pid
+      File.write path, cur_pid, mode: 'wb:UTF-8'
       at_exit do
-        delete_pidfile if cur == Process.pid
+        delete_pidfile if cur_pid == Process.pid
       end
     end
 
@@ -242,6 +256,7 @@ module Puma
     end
 
     def restart!
+      @events.fire_on_restart!
       @config.run_hooks :on_restart, self, @events
 
       if Puma.jruby?
@@ -305,10 +320,12 @@ module Puma
       log '* Pruning Bundler environment'
       home = ENV['GEM_HOME']
       bundle_gemfile = Bundler.original_env['BUNDLE_GEMFILE']
+      bundle_app_config = Bundler.original_env['BUNDLE_APP_CONFIG']
       with_unbundled_env do
         ENV['GEM_HOME'] = home
         ENV['BUNDLE_GEMFILE'] = bundle_gemfile
         ENV['PUMA_BUNDLER_PRUNED'] = '1'
+        ENV["BUNDLE_APP_CONFIG"] = bundle_app_config
         args = [Gem.ruby, puma_wild_location, '-I', dirs.join(':')] + @original_argv
         # Ruby 2.0+ defaults to true which breaks socket activation
         args += [{:close_others => false}]
@@ -316,6 +333,30 @@ module Puma
       end
     end
 
+    #
+    # Puma's systemd integration allows Puma to inform systemd:
+    #  1. when it has successfully started
+    #  2. when it is starting shutdown
+    #  3. periodically for a liveness check with a watchdog thread
+    #
+
+    def integrate_with_systemd
+      return unless ENV["NOTIFY_SOCKET"]
+
+      begin
+        require 'puma/systemd'
+      rescue LoadError
+        log "Systemd integration failed. It looks like you're trying to use systemd notify but don't have sd_notify gem installed"
+        return
+      end
+
+      log "* Enabling systemd notification integration"
+
+      systemd = Systemd.new(@events)
+      systemd.hook_events
+      systemd.start_watchdog
+    end
+
     def spec_for_gem(gem_name)
       Bundler.rubygems.loaded_specs(gem_name)
     end
@@ -338,9 +379,8 @@ module Puma
     end
 
     def graceful_stop
+      @events.fire_on_stopped!
       @runner.stop_blocked
-      log "=== puma shutdown: #{Time.now} ==="
-      log "- Goodbye!"
     end
 
     def set_process_title
@@ -493,5 +533,14 @@ module Puma
         Bundler.with_unbundled_env { yield }
       end
     end
+
+    def log_config
+      log "Configuration:"
+
+      @config.final_options
+        .each { |config_key, value| log "- #{config_key}: #{value}" }
+
+      log "\n"
+    end
   end
 end

data/lib/puma/minissl/context_builder.rb

@@ -23,17 +23,19 @@ module Puma
           ctx.keystore_pass = params['keystore-pass']
           ctx.ssl_cipher_list = params['ssl_cipher_list'] if params['ssl_cipher_list']
         else
-          unless params['key']
-            events.error "Please specify the SSL key via 'key='"
+          if params['key'].nil? && params['key_pem'].nil?
+            events.error "Please specify the SSL key via 'key=' or 'key_pem='"
           end
 
-          ctx.key = params['key']
+          ctx.key = params['key'] if params['key']
+          ctx.key_pem = params['key_pem'] if params['key_pem']
 
-          unless params['cert']
-            events.error "Please specify the SSL cert via 'cert='"
+          if params['cert'].nil? && params['cert_pem'].nil?
+            events.error "Please specify the SSL cert via 'cert=' or 'cert_pem='"
           end
 
-          ctx.cert = params['cert']
+          ctx.cert = params['cert'] if params['cert']
+          ctx.cert_pem = params['cert_pem'] if params['cert_pem']
 
           if ['peer', 'force_peer'].include?(params['verify_mode'])
             unless params['ca']
@@ -62,6 +64,12 @@ module Puma
                             end
         end
 
+        if params['verification_flags']
+          ctx.verification_flags = params['verification_flags'].split(',').
+            map { |flag| MiniSSL::VERIFICATION_FLAGS.fetch(flag) }.
+            inject { |sum, flag| sum ? sum | flag : flag }
+        end
+
         ctx
       end
 

data/lib/puma/minissl.rb

@@ -73,7 +73,6 @@ module Puma
 
       def engine_read_all
         output = @engine.read
-        raise SSLError.exception "HTTP connection?" if bad_tlsv1_3?
         while output and additional_output = @engine.read
           output << additional_output
         end
@@ -100,6 +99,7 @@ module Puma
             # ourselves.
             raise IO::EAGAINWaitReadable
           elsif data.nil?
+            raise SSLError.exception "HTTP connection?" if bad_tlsv1_3?
             return nil
           end
 
@@ -117,22 +117,23 @@ module Puma
       def write(data)
         return 0 if data.empty?
 
-        need = data.bytesize
+        data_size = data.bytesize
+        need = data_size
 
         while true
           wrote = @engine.write data
-          enc = @engine.extract
 
-          while enc
-            @socket.write enc
-            enc = @engine.extract
+          enc_wr = ''.dup
+          while (enc = @engine.extract)
+            enc_wr << enc
           end
+          @socket.write enc_wr unless enc_wr.empty?
 
           need -= wrote
 
-          return data.bytesize if need == 0
+          return data_size if need == 0
 
-          data = data[wrote..-1]
+          data = data.byteslice(wrote..-1)
         end
       end
 
@@ -160,30 +161,15 @@ module Puma
         @socket.flush
       end
 
-      def read_and_drop(timeout = 1)
-        return :timeout unless IO.select([@socket], nil, nil, timeout)
-        case @socket.read_nonblock(1024, exception: false)
-        when nil
-          :eof
-        when :wait_readable
-          :eagain
-        else
-          :drop
-        end
-      end
-
-      def should_drop_bytes?
-        @engine.init? || !@engine.shutdown
-      end
-
       def close
         begin
-          # Read any drop any partially initialized sockets and any received bytes during shutdown.
-          # Don't let this socket hold this loop forever.
-          # If it can't send more packets within 1s, then give up.
-          return if [:timeout, :eof].include?(read_and_drop(1)) while should_drop_bytes?
+          unless @engine.shutdown
+            while alert_data = @engine.extract
+              @socket.write alert_data
+            end
+          end
         rescue IOError, SystemCallError
-          Thread.current.purge_interrupt_queue if Thread.current.respond_to? :purge_interrupt_queue
+          Puma::Util.purge_interrupt_queue
           # nothing
         ensure
           @socket.close
@@ -222,6 +208,10 @@ module Puma
       def initialize
         @no_tlsv1   = false
         @no_tlsv1_1 = false
+        @key = nil
+        @cert = nil
+        @key_pem = nil
+        @cert_pem = nil
       end
 
       if IS_JRUBY
@@ -244,7 +234,10 @@ module Puma
         attr_reader :key
         attr_reader :cert
         attr_reader :ca
+        attr_reader :cert_pem
+        attr_reader :key_pem
         attr_accessor :ssl_cipher_filter
+        attr_accessor :verification_flags
 
         def key=(key)
           raise ArgumentError, "No such key file '#{key}'" unless File.exist? key
@@ -261,9 +254,19 @@ module Puma
           @ca = ca
         end
 
+        def cert_pem=(cert_pem)
+          raise ArgumentError, "'cert_pem' is not a String" unless cert_pem.is_a? String
+          @cert_pem = cert_pem
+        end
+
+        def key_pem=(key_pem)
+          raise ArgumentError, "'key_pem' is not a String" unless key_pem.is_a? String
+          @key_pem = key_pem
+        end
+
         def check
-          raise "Key not configured" unless @key
-          raise "Cert not configured" unless @cert
+          raise "Key not configured" if @key.nil? && @key_pem.nil?
+          raise "Cert not configured" if @cert.nil? && @cert_pem.nil?
         end
       end
 
@@ -287,33 +290,58 @@ module Puma
     VERIFY_PEER = 1
     VERIFY_FAIL_IF_NO_PEER_CERT = 2
 
+    # https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h.in
+    # /* Certificate verify flags */
+    VERIFICATION_FLAGS = {
+      "USE_CHECK_TIME"       => 0x2,
+      "CRL_CHECK"            => 0x4,
+      "CRL_CHECK_ALL"        => 0x8,
+      "IGNORE_CRITICAL"      => 0x10,
+      "X509_STRICT"          => 0x20,
+      "ALLOW_PROXY_CERTS"    => 0x40,
+      "POLICY_CHECK"         => 0x80,
+      "EXPLICIT_POLICY"      => 0x100,
+      "INHIBIT_ANY"          => 0x200,
+      "INHIBIT_MAP"          => 0x400,
+      "NOTIFY_POLICY"        => 0x800,
+      "EXTENDED_CRL_SUPPORT" => 0x1000,
+      "USE_DELTAS"           => 0x2000,
+      "CHECK_SS_SIGNATURE"   => 0x4000,
+      "TRUSTED_FIRST"        => 0x8000,
+      "SUITEB_128_LOS_ONLY"  => 0x10000,
+      "SUITEB_192_LOS"       => 0x20000,
+      "SUITEB_128_LOS"       => 0x30000,
+      "PARTIAL_CHAIN"        => 0x80000,
+      "NO_ALT_CHAINS"        => 0x100000,
+      "NO_CHECK_TIME"        => 0x200000
+    }.freeze
+
     class Server
       def initialize(socket, ctx)
         @socket = socket
         @ctx = ctx
-      end
-
-      # @!attribute [r] to_io
-      def to_io
-        @socket
+        @eng_ctx = IS_JRUBY ? @ctx : SSLContext.new(ctx)
       end
 
       def accept
         @ctx.check
         io = @socket.accept
-        engine = Engine.server @ctx
-
+        engine = Engine.server @eng_ctx
         Socket.new io, engine
       end
 
       def accept_nonblock
         @ctx.check
         io = @socket.accept_nonblock
-        engine = Engine.server @ctx
-
+        engine = Engine.server @eng_ctx
         Socket.new io, engine
       end
 
+      # @!attribute [r] to_io
+      def to_io
+        @socket
+      end
+
       # @!attribute [r] addr
       # @version 5.0.0
       def addr
@@ -323,6 +351,10 @@ module Puma
       def close
         @socket.close unless @socket.closed?       # closed? call is for Windows
       end
+
+      def closed?
+        @socket.closed?
+      end
     end
   end
 end

data/lib/puma/null_io.rb

@@ -9,6 +9,10 @@ module Puma
       nil
     end
 
+    def string
+      ""
+    end
+
     def each
     end
 
@@ -32,6 +36,10 @@ module Puma
       true
     end
 
+    def sync
+      true
+    end
+
     def sync=(v)
     end
 
@@ -40,5 +48,9 @@ module Puma
 
     def write(*ary)
     end
+
+    def flush
+      self
+    end
   end
 end

data/lib/puma/plugin.rb

@@ -64,7 +64,7 @@ module Puma
     def fire_background
       @background.each_with_index do |b, i|
         Thread.new do
-          Puma.set_thread_name "plugin background #{i}"
+          Puma.set_thread_name "plgn bg #{i}"
           b.call
         end
       end
@@ -91,7 +91,7 @@ module Puma
       path = ary.first[CALLER_FILE]
 
       m = %r!puma/plugin/([^/]*)\.rb$!.match(path)
-      return m[1]
+      m[1]
     end
 
     def self.create(&blk)

data/lib/puma/queue_close.rb

@@ -5,22 +5,22 @@ module Puma
   # Add a simple implementation for earlier Ruby versions.
   #
   module QueueClose
-    def initialize
-      @closed = false
-      super
-    end
     def close
+      num_waiting.times {push nil}
       @closed = true
     end
     def closed?
-      @closed
+      @closed ||= false
     end
     def push(object)
-      @closed ||= false
-      raise ClosedQueueError if @closed
+      raise ClosedQueueError if closed?
       super
     end
     alias << push
+    def pop(non_block=false)
+      return nil if !non_block && closed? && empty?
+      super
+    end
   end
   ::Queue.prepend QueueClose
 end

data/lib/puma/rack/builder.rb

@@ -165,7 +165,7 @@ module Puma::Rack
         require config
         app = Object.const_get(::File.basename(config, '.rb').capitalize)
       end
-      return app, options
+      [app, options]
     end
 
     def self.new_from_string(builder_script, file="(rackup)")

data/lib/puma/reactor.rb

@@ -3,6 +3,8 @@
 require 'puma/queue_close' unless ::Queue.instance_methods.include? :close
 
 module Puma
+  class UnsupportedBackend < StandardError; end
+
   # Monitors a collection of IO objects, calling a block whenever
   # any monitored object either receives data or times out, or when the Reactor shuts down.
   #
@@ -18,9 +20,12 @@ module Puma
     # Create a new Reactor to monitor IO objects added by #add.
     # The provided block will be invoked when an IO has data available to read,
     # its timeout elapses, or when the Reactor shuts down.
-    def initialize(&block)
+    def initialize(backend, &block)
       require 'nio'
-      @selector = NIO::Selector.new
+      unless backend == :auto || NIO::Selector.backends.include?(backend)
+        raise "unsupported IO selector backend: #{backend} (available backends: #{NIO::Selector.backends.join(', ')})"
+      end
+      @selector = backend == :auto ? NIO::Selector.new : NIO::Selector.new(backend)
       @input = Queue.new
       @timeouts = []
       @block = block
@@ -38,11 +43,11 @@ module Puma
       end
     end
 
-    # Add a new IO object to monitor.
+    # Add a new client to monitor.
     # The object must respond to #timeout and #timeout_at.
     # Returns false if the reactor is already shut down.
-    def add(io)
-      @input << io
+    def add(client)
+      @input << client
       @selector.wakeup
       true
     rescue ClosedQueueError
@@ -92,17 +97,19 @@ module Puma
     end
 
     # Start monitoring the object.
-    def register(io)
-      @selector.register(io, :r).value = io
-      @timeouts << io
+    def register(client)
+      @selector.register(client.to_io, :r).value = client
+      @timeouts << client
+    rescue ArgumentError
+      # unreadable clients raise error when processed by NIO
     end
 
     # 'Wake up' a monitored object by calling the provided block.
     # Stop monitoring the object if the block returns `true`.
-    def wakeup!(io)
-      if @block.call(io)
-        @selector.deregister(io)
-        @timeouts.delete(io)
+    def wakeup!(client)
+      if @block.call client
+        @selector.deregister client.to_io
+        @timeouts.delete client
       end
     end
   end