unicorn-camilo 4.8.2.5.19 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (65) hide show
  1. checksums.yaml +4 -4
  2. data/.document +0 -1
  3. data/.gitignore +2 -2
  4. data/{.wrongdoc.yml → .olddoc.yml} +7 -2
  5. data/Documentation/unicorn.1.txt +9 -2
  6. data/Documentation/unicorn_rails.1.txt +2 -2
  7. data/FAQ +9 -1
  8. data/GIT-VERSION-GEN +1 -1
  9. data/GNUmakefile +31 -46
  10. data/HACKING +13 -27
  11. data/ISSUES +80 -16
  12. data/KNOWN_ISSUES +10 -10
  13. data/Links +10 -7
  14. data/PHILOSOPHY +1 -1
  15. data/README +8 -13
  16. data/Rakefile +0 -44
  17. data/Sandbox +1 -1
  18. data/TUNING +6 -3
  19. data/archive/.gitignore +3 -0
  20. data/archive/slrnpull.conf +4 -0
  21. data/bin/unicorn +1 -1
  22. data/bin/unicorn_rails +1 -1
  23. data/examples/unicorn.conf.rb +11 -0
  24. data/ext/unicorn_http/httpdate.c +1 -1
  25. data/ext/unicorn_http/unicorn_http.rl +48 -150
  26. data/lib/unicorn.rb +9 -15
  27. data/lib/unicorn/configurator.rb +3 -20
  28. data/lib/unicorn/const.rb +2 -25
  29. data/lib/unicorn/http_request.rb +4 -1
  30. data/lib/unicorn/http_response.rb +1 -3
  31. data/lib/unicorn/http_server.rb +85 -86
  32. data/lib/unicorn/socket_helper.rb +33 -67
  33. data/lib/unicorn/tee_input.rb +8 -1
  34. data/lib/unicorn/tmpio.rb +2 -4
  35. data/lib/unicorn/util.rb +1 -0
  36. data/lib/unicorn/worker.rb +1 -13
  37. data/t/GNUmakefile +1 -5
  38. data/t/README +1 -1
  39. data/t/t0002-parser-error.sh +3 -3
  40. data/test/exec/test_exec.rb +1 -1
  41. data/test/test_helper.rb +2 -2
  42. data/test/unit/test_http_parser.rb +3 -3
  43. data/test/unit/test_http_parser_ng.rb +8 -117
  44. data/test/unit/test_request.rb +1 -1
  45. data/test/unit/test_response.rb +3 -9
  46. data/test/unit/test_server.rb +3 -3
  47. data/test/unit/test_signals.rb +1 -1
  48. data/test/unit/test_socket_helper.rb +5 -5
  49. data/test/unit/test_tee_input.rb +10 -0
  50. data/test/unit/test_upload.rb +1 -1
  51. data/test/unit/test_util.rb +1 -1
  52. data/unicorn.gemspec +7 -10
  53. metadata +15 -33
  54. data/examples/git.ru +0 -13
  55. data/lib/unicorn/app/exec_cgi.rb +0 -154
  56. data/lib/unicorn/app/inetd.rb +0 -109
  57. data/lib/unicorn/ssl_client.rb +0 -11
  58. data/lib/unicorn/ssl_configurator.rb +0 -104
  59. data/lib/unicorn/ssl_server.rb +0 -42
  60. data/local.mk.sample +0 -59
  61. data/script/isolate_for_tests +0 -31
  62. data/t/t0016-trust-x-forwarded-false.sh +0 -30
  63. data/t/t0017-trust-x-forwarded-true.sh +0 -30
  64. data/test/unit/test_http_parser_xftrust.rb +0 -38
  65. data/test/unit/test_sni_hostnames.rb +0 -47
@@ -1,109 +0,0 @@
1
- # -*- encoding: binary -*-
2
- # :enddoc:
3
- # Copyright (c) 2009 Eric Wong
4
- # You can redistribute it and/or modify it under the same terms as Ruby 1.8 or
5
- # the GPLv2+ (GPLv3+ preferred)
6
-
7
- # this class *must* be used with Rack::Chunked
8
- module Unicorn::App
9
- class Inetd < Struct.new(:cmd)
10
-
11
- class CatBody < Struct.new(:errors, :err_rd, :out_rd, :pid_map)
12
- def initialize(env, cmd)
13
- self.errors = env['rack.errors']
14
- in_rd, in_wr = IO.pipe
15
- self.err_rd, err_wr = IO.pipe
16
- self.out_rd, out_wr = IO.pipe
17
-
18
- cmd_pid = fork {
19
- inp, out, err = (0..2).map { |i| IO.new(i) }
20
- inp.reopen(in_rd)
21
- out.reopen(out_wr)
22
- err.reopen(err_wr)
23
- [ in_rd, in_wr, err_rd, err_wr, out_rd, out_wr ].each { |i| i.close }
24
- exec(*cmd)
25
- }
26
- [ in_rd, err_wr, out_wr ].each { |io| io.close }
27
- [ in_wr, err_rd, out_rd ].each { |io| io.binmode }
28
- in_wr.sync = true
29
-
30
- # Unfortunately, input here must be processed inside a seperate
31
- # thread/process using blocking I/O since env['rack.input'] is not
32
- # IO.select-able and attempting to make it so would trip Rack::Lint
33
- inp_pid = fork {
34
- input = env['rack.input']
35
- [ err_rd, out_rd ].each { |io| io.close }
36
-
37
- # this is dependent on input.read having readpartial semantics:
38
- buf = input.read(16384)
39
- begin
40
- in_wr.write(buf)
41
- end while input.read(16384, buf)
42
- }
43
- in_wr.close
44
- self.pid_map = {
45
- inp_pid => 'input streamer',
46
- cmd_pid => cmd.inspect,
47
- }
48
- end
49
-
50
- def each
51
- begin
52
- rd, = IO.select([err_rd, out_rd])
53
- rd && rd.first or next
54
-
55
- if rd.include?(err_rd)
56
- begin
57
- errors.write(err_rd.read_nonblock(16384))
58
- rescue Errno::EINTR
59
- rescue Errno::EAGAIN
60
- break
61
- end while true
62
- end
63
-
64
- rd.include?(out_rd) or next
65
-
66
- begin
67
- yield out_rd.read_nonblock(16384)
68
- rescue Errno::EINTR
69
- rescue Errno::EAGAIN
70
- break
71
- end while true
72
- rescue EOFError,Errno::EPIPE,Errno::EBADF,Errno::EINVAL
73
- break
74
- end while true
75
-
76
- self
77
- end
78
-
79
- def close
80
- pid_map.each { |pid, str|
81
- begin
82
- pid, status = Process.waitpid2(pid)
83
- status.success? or
84
- errors.write("#{str}: #{status.inspect} (PID:#{pid})\n")
85
- rescue Errno::ECHILD
86
- errors.write("Failed to reap #{str} (PID:#{pid})\n")
87
- end
88
- }
89
- out_rd.close
90
- err_rd.close
91
- end
92
-
93
- end
94
-
95
- def initialize(*cmd)
96
- self.cmd = cmd
97
- end
98
-
99
- def call(env)
100
- /\A100-continue\z/i =~ env[Unicorn::Const::HTTP_EXPECT] and
101
- return [ 100, {} , [] ]
102
-
103
- [ 200, { 'Content-Type' => 'application/octet-stream' },
104
- CatBody.new(env, cmd) ]
105
- end
106
-
107
- end
108
-
109
- end
@@ -1,11 +0,0 @@
1
- # -*- encoding: binary -*-
2
- # :stopdoc:
3
- class Unicorn::SSLClient < Kgio::SSL
4
- alias write kgio_write
5
- alias close kgio_close
6
-
7
- # this is no-op for now, to be fixed in kgio-monkey if people care
8
- # about SSL support...
9
- def shutdown(how = nil)
10
- end
11
- end
@@ -1,104 +0,0 @@
1
- # -*- encoding: binary -*-
2
- # :stopdoc:
3
- # This module is included in Unicorn::Configurator
4
- # :startdoc:
5
- #
6
- module Unicorn::SSLConfigurator
7
- def ssl(&block)
8
- ssl_require!
9
- before = @set[:listeners].dup
10
- opts = @set[:ssl_opts] = {}
11
- yield
12
- (@set[:listeners] - before).each do |address|
13
- (@set[:listener_opts][address] ||= {})[:ssl_opts] = opts
14
- end
15
- ensure
16
- @set.delete(:ssl_opts)
17
- end
18
-
19
- def ssl_certificate(file)
20
- ssl_set(:ssl_certificate, file)
21
- end
22
-
23
- def ssl_certificate_key(file)
24
- ssl_set(:ssl_certificate_key, file)
25
- end
26
-
27
- def ssl_client_certificate(file)
28
- ssl_set(:ssl_client_certificate, file)
29
- end
30
-
31
- def ssl_dhparam(file)
32
- ssl_set(:ssl_dhparam, file)
33
- end
34
-
35
- def ssl_ciphers(openssl_cipherlist_spec)
36
- ssl_set(:ssl_ciphers, openssl_cipherlist_spec)
37
- end
38
-
39
- def ssl_crl(file)
40
- ssl_set(:ssl_crl, file)
41
- end
42
-
43
- def ssl_prefer_server_ciphers(bool)
44
- ssl_set(:ssl_prefer_server_ciphers, check_bool(bool))
45
- end
46
-
47
- def ssl_protocols(list)
48
- ssl_set(:ssl_protocols, list)
49
- end
50
-
51
- def ssl_verify_client(on_off_optional)
52
- ssl_set(:ssl_verify_client, on_off_optional)
53
- end
54
-
55
- def ssl_session_timeout(seconds)
56
- ssl_set(:ssl_session_timeout, seconds)
57
- end
58
-
59
- def ssl_verify_depth(depth)
60
- ssl_set(:ssl_verify_depth, depth)
61
- end
62
-
63
- # Allows specifying an engine for OpenSSL to use. We have not been
64
- # able to successfully test this feature due to a lack of hardware,
65
- # Reports of success or patches to mongrel-unicorn@rubyforge.org is
66
- # greatly appreciated.
67
- def ssl_engine(engine)
68
- ssl_warn_global(:ssl_engine)
69
- ssl_require!
70
- OpenSSL::Engine.load
71
- OpenSSL::Engine.by_id(engine)
72
- @set[:ssl_engine] = engine
73
- end
74
-
75
- def ssl_compression(bool)
76
- # OpenSSL uses the SSL_OP_NO_COMPRESSION flag, Flipper follows suit
77
- # with :ssl_no_compression, but we negate it to avoid exposing double
78
- # negatives to the user.
79
- ssl_set(:ssl_no_compression, check_bool(:ssl_compression, ! bool))
80
- end
81
-
82
- private
83
-
84
- def ssl_warn_global(func) # :nodoc:
85
- Hash === @set[:ssl_opts] or return
86
- warn("`#{func}' affects all SSL contexts in this process, " \
87
- "not just this block")
88
- end
89
-
90
- def ssl_set(key, value) # :nodoc:
91
- cur = @set[:ssl_opts]
92
- Hash === cur or
93
- raise ArgumentError, "#{key} must be called inside an `ssl' block"
94
- cur[key] = value
95
- end
96
-
97
- def ssl_require! # :nodoc:
98
- require "flipper"
99
- require "unicorn/ssl_client"
100
- rescue LoadError
101
- warn "install 'kgio-monkey' for SSL support"
102
- raise
103
- end
104
- end
@@ -1,42 +0,0 @@
1
- # -*- encoding: binary -*-
2
- # :stopdoc:
3
- # this module is meant to be included in Unicorn::HttpServer
4
- # It is an implementation detail and NOT meant for users.
5
- module Unicorn::SSLServer
6
- attr_accessor :ssl_engine
7
-
8
- def ssl_enable!
9
- sni_hostnames = rack_sni_hostnames(@app)
10
- seen = {} # we map a single SSLContext to multiple listeners
11
- listener_ctx = {}
12
- @listener_opts.each do |address, address_opts|
13
- ssl_opts = address_opts[:ssl_opts] or next
14
- listener_ctx[address] = seen[ssl_opts.object_id] ||= begin
15
- unless sni_hostnames.empty?
16
- ssl_opts = ssl_opts.dup
17
- ssl_opts[:sni_hostnames] = sni_hostnames
18
- end
19
- ctx = Flipper.ssl_context(ssl_opts)
20
- # FIXME: make configurable
21
- ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_OFF
22
- ctx
23
- end
24
- end
25
- Unicorn::HttpServer::LISTENERS.each do |listener|
26
- ctx = listener_ctx[sock_name(listener)] or next
27
- listener.extend(Kgio::SSLServer)
28
- listener.ssl_ctx = ctx
29
- listener.kgio_ssl_class = Unicorn::SSLClient
30
- end
31
- end
32
-
33
- # ugh, this depends on Rack internals...
34
- def rack_sni_hostnames(rack_app) # :nodoc:
35
- hostnames = {}
36
- if Rack::URLMap === rack_app
37
- mapping = rack_app.instance_variable_get(:@mapping)
38
- mapping.each { |hostname,_,_,_| hostnames[hostname] = true }
39
- end
40
- hostnames.keys
41
- end
42
- end
data/local.mk.sample DELETED
@@ -1,59 +0,0 @@
1
- # this is the local.mk file used by Eric Wong on his dev boxes.
2
- # GNUmakefile will source local.mk in the top-level source tree
3
- # if it is present.
4
- #
5
- # This is depends on a bunch of GNU-isms from bash, sed, touch.
6
-
7
- DLEXT := so
8
-
9
- # Avoid loading rubygems to speed up tests because gmake is
10
- # fork+exec heavy with Ruby.
11
- prefix = $(HOME)
12
-
13
- # XXX clean this up
14
- ifeq ($(r192),)
15
- ifeq ($(r19),)
16
- ifeq ($(rbx),)
17
- ifeq ($(r186),)
18
- RUBY := $(prefix)/bin/ruby
19
- else
20
- prefix := $(prefix)/r186-p114
21
- export PATH := $(prefix)/bin:$(PATH)
22
- RUBY := $(prefix)/bin/ruby
23
- endif
24
- else
25
- prefix := $(prefix)/rbx
26
- export PATH := $(prefix)/bin:$(PATH)
27
- RUBY := $(prefix)/bin/rbx
28
- endif
29
- else
30
- prefix := $(prefix)/ruby-1.9
31
- export PATH := $(prefix)/bin:$(PATH)
32
- RUBY := $(prefix)/bin/ruby --disable-gems
33
- endif
34
- else
35
- prefix := $(prefix)/ruby-1.9.2
36
- export PATH := $(prefix)/bin:$(PATH)
37
- RUBY := $(prefix)/bin/ruby --disable-gems
38
- endif
39
-
40
- # pipefail is THE reason to use bash (v3+) or never revisions of ksh93
41
- # SHELL := /bin/bash -e -o pipefail
42
- SHELL := /bin/ksh93 -e -o pipefail
43
-
44
- full-test: test-18 test-191 test-192 test-rbx test-186
45
-
46
- # FIXME: keep eye on Rubinius activity and wait for fixes from upstream
47
- # so we don't need RBX_SKIP anymore
48
- test-rbx: export RBX_SKIP := 1
49
- test-rbx: export RUBY := $(RUBY)
50
- test-rbx:
51
- $(MAKE) test test-integration rbx=T 2>&1 |sed -e 's!^!rbx !'
52
- test-186:
53
- $(MAKE) test-all r186=1 2>&1 |sed 's!^!1.8.6 !'
54
- test-18:
55
- $(MAKE) test-all 2>&1 |sed 's!^!1.8 !'
56
- test-191:
57
- $(MAKE) test-all r19=1 2>&1 |sed 's!^!1.9.1 !'
58
- test-192:
59
- $(MAKE) test-all r192=1 2>&1 |sed 's!^!1.9.2 !'
@@ -1,31 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # scripts/Makefiles can read and eval the output of this script and
3
- # use it as RUBYLIB
4
- require 'rubygems'
5
- require 'isolate'
6
- fp = File.open(__FILE__, "rb")
7
- fp.flock(File::LOCK_EX)
8
-
9
- ruby_engine = defined?(RUBY_ENGINE) ? RUBY_ENGINE : 'ruby'
10
- opts = {
11
- :system => false,
12
- # we want "ruby-1.8.7" and not "ruby-1.8", so disable :multiruby
13
- :multiruby => false,
14
- :path => "tmp/isolate/#{ruby_engine}-#{RUBY_VERSION}",
15
- }
16
-
17
- pid = fork do
18
- Isolate.now!(opts) do
19
- gem 'raindrops', '0.13.0'
20
- gem 'kgio', '2.9.2'
21
- gem 'rack', '1.5.2'
22
- end
23
- end
24
- _, status = Process.waitpid2(pid)
25
- status.success? or abort status.inspect
26
- lib_paths = Dir["#{opts[:path]}/gems/*-*/lib"].map { |x| File.expand_path(x) }
27
- dst = "tmp/isolate/#{ruby_engine}-#{RUBY_VERSION}.mk"
28
- File.open("#{dst}.#$$", "w") do |fp|
29
- fp.puts "ISOLATE_LIBS=#{lib_paths.join(':')}"
30
- end
31
- File.rename("#{dst}.#$$", dst)
@@ -1,30 +0,0 @@
1
- #!/bin/sh
2
- . ./test-lib.sh
3
- t_plan 5 "trust_x_forwarded=false configuration test"
4
-
5
- t_begin "setup and start" && {
6
- unicorn_setup
7
- echo "trust_x_forwarded false" >> $unicorn_config
8
- unicorn -D -c $unicorn_config env.ru
9
- unicorn_wait_start
10
- }
11
-
12
- t_begin "spoofed request with X-Forwarded-Proto does not trigger" && {
13
- curl -H 'X-Forwarded-Proto: https' http://$listen/ | \
14
- grep -F '"rack.url_scheme"=>"http"'
15
- }
16
-
17
- t_begin "spoofed request with X-Forwarded-SSL does not trigger" && {
18
- curl -H 'X-Forwarded-SSL: on' http://$listen/ | \
19
- grep -F '"rack.url_scheme"=>"http"'
20
- }
21
-
22
- t_begin "killing succeeds" && {
23
- kill $unicorn_pid
24
- }
25
-
26
- t_begin "check stderr has no errors" && {
27
- check_stderr
28
- }
29
-
30
- t_done
@@ -1,30 +0,0 @@
1
- #!/bin/sh
2
- . ./test-lib.sh
3
- t_plan 5 "trust_x_forwarded=true configuration test"
4
-
5
- t_begin "setup and start" && {
6
- unicorn_setup
7
- echo "trust_x_forwarded true " >> $unicorn_config
8
- unicorn -D -c $unicorn_config env.ru
9
- unicorn_wait_start
10
- }
11
-
12
- t_begin "spoofed request with X-Forwarded-Proto sets 'https'" && {
13
- curl -H 'X-Forwarded-Proto: https' http://$listen/ | \
14
- grep -F '"rack.url_scheme"=>"https"'
15
- }
16
-
17
- t_begin "spoofed request with X-Forwarded-SSL sets 'https'" && {
18
- curl -H 'X-Forwarded-SSL: on' http://$listen/ | \
19
- grep -F '"rack.url_scheme"=>"https"'
20
- }
21
-
22
- t_begin "killing succeeds" && {
23
- kill $unicorn_pid
24
- }
25
-
26
- t_begin "check stderr has no errors" && {
27
- check_stderr
28
- }
29
-
30
- t_done
@@ -1,38 +0,0 @@
1
- # -*- encoding: binary -*-
2
- require 'test/test_helper'
3
-
4
- include Unicorn
5
-
6
- class HttpParserXFTrustTest < Test::Unit::TestCase
7
- def setup
8
- assert HttpParser.trust_x_forwarded?
9
- end
10
-
11
- def test_xf_trust_false_xfp
12
- HttpParser.trust_x_forwarded = false
13
- parser = HttpParser.new
14
- parser.buf << "GET / HTTP/1.1\r\nHost: foo:\r\n" \
15
- "X-Forwarded-Proto: https\r\n\r\n"
16
- env = parser.parse
17
- assert_kind_of Hash, env
18
- assert_equal 'foo', env['SERVER_NAME']
19
- assert_equal '80', env['SERVER_PORT']
20
- assert_equal 'http', env['rack.url_scheme']
21
- end
22
-
23
- def test_xf_trust_false_xfs
24
- HttpParser.trust_x_forwarded = false
25
- parser = HttpParser.new
26
- parser.buf << "GET / HTTP/1.1\r\nHost: foo:\r\n" \
27
- "X-Forwarded-SSL: on\r\n\r\n"
28
- env = parser.parse
29
- assert_kind_of Hash, env
30
- assert_equal 'foo', env['SERVER_NAME']
31
- assert_equal '80', env['SERVER_PORT']
32
- assert_equal 'http', env['rack.url_scheme']
33
- end
34
-
35
- def teardown
36
- HttpParser.trust_x_forwarded = true
37
- end
38
- end