unicorn Ruby/Rack server user+dev discussion/patches/pulls/bugs/help
 help / color / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
						download: 
* [ANN] unicorn 3.6.0 - small fixes, PRNG workarounds
@ 2011-04-21  6:56 Eric Wong
  2011-04-26 22:38 ` ghazel
  2011-04-26 23:17 ` Eric Wong
  0 siblings, 2 replies; 4+ results
From: Eric Wong @ 2011-04-21  6:56 UTC (permalink / raw)
  To: mongrel-unicorn

Changes:

Mainly small fixes, improvements, and workarounds for fork() issues
with pseudo-random number generators shipped with Ruby (Kernel#rand,
OpenSSL::Random (used by SecureRandom and also by Rails).

The PRNG issues are documented in depth here (and links to Ruby Redmine):

  http://bogomips.org/unicorn.git/commit?id=1107ede7
  http://bogomips.org/unicorn.git/commit?id=b3241621

If you're too lazy to upgrade, you can just do this in your after_fork
hooks:

  after_fork do |server,worker|
    tmp = srand
    OpenSSL::Random.seed(tmp.to_s) if defined?(OpenSSL::Random)
  end

There are also small log reopening (SIGUSR1) improvements:

* relative paths may also be reopened, there's a small chance this
  will break with a handful of setups, but unlikely.  This should
  make configuration easier especially since the "working_directory"
  configurator directive exists.  Brought up by Matthew Kocher:
  http://thread.gmane.org/gmane.comp.lang.ruby.unicorn.general/900

* workers will just die (and restart) if log reopening fails for
  any reason (including user error).  This is to workaround the issue
  reported by Emmanuel Gomez:
  http://thread.gmane.org/gmane.comp.lang.ruby.unicorn.general/906


* http://unicorn.bogomips.org/
* mongrel-unicorn@rubyforge.org
* git://bogomips.org/unicorn.git

-- 
Eric Wong
_______________________________________________
Unicorn mailing list - mongrel-unicorn@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-unicorn
Do not quote signatures (like this one) or top post when replying


^ permalink raw reply	[relevance 6%]

* Re: [ANN] unicorn 3.6.0 - small fixes, PRNG workarounds
  2011-04-21  6:56 [ANN] unicorn 3.6.0 - small fixes, PRNG workarounds Eric Wong
@ 2011-04-26 22:38 ` ghazel
  2011-04-26 23:01   ` Eric Wong
  2011-04-26 23:17 ` Eric Wong
  1 sibling, 1 reply; 4+ results
From: ghazel @ 2011-04-26 22:38 UTC (permalink / raw)
  To: unicorn list

Is it possible there is a problem with this change? Since I upgraded
to 3.6.0 I have encountered two collisions on
ActiveSupport::SecureRandom.hex(64), which seems very unlikely, since
it has never happened in the history of my app otherwise.

-Greg

On Wednesday, April 20, 2011, Eric Wong <normalperson@yhbt.net> wrote:
> Changes:
>
> Mainly small fixes, improvements, and workarounds for fork() issues
> with pseudo-random number generators shipped with Ruby (Kernel#rand,
> OpenSSL::Random (used by SecureRandom and also by Rails).
>
> The PRNG issues are documented in depth here (and links to Ruby Redmine):
>
>   http://bogomips.org/unicorn.git/commit?id=1107ede7
>   http://bogomips.org/unicorn.git/commit?id=b3241621
>
> If you're too lazy to upgrade, you can just do this in your after_fork
> hooks:
>
>   after_fork do |server,worker|
>     tmp = srand
>     OpenSSL::Random.seed(tmp.to_s) if defined?(OpenSSL::Random)
>   end
>
> There are also small log reopening (SIGUSR1) improvements:
>
> * relative paths may also be reopened, there's a small chance this
>   will break with a handful of setups, but unlikely.  This should
>   make configuration easier especially since the "working_directory"
>   configurator directive exists.  Brought up by Matthew Kocher:
>   http://thread.gmane.org/gmane.comp.lang.ruby.unicorn.general/900
>
> * workers will just die (and restart) if log reopening fails for
>   any reason (including user error).  This is to workaround the issue
>   reported by Emmanuel Gomez:
>   http://thread.gmane.org/gmane.comp.lang.ruby.unicorn.general/906
>
>
> * http://unicorn.bogomips.org/
> * mongrel-unicorn@rubyforge.org
> * git://bogomips.org/unicorn.git
>
> --
> Eric Wong
> _______________________________________________
> Unicorn mailing list - mongrel-unicorn@rubyforge.org
> http://rubyforge.org/mailman/listinfo/mongrel-unicorn
> Do not quote signatures (like this one) or top post when replying
>
_______________________________________________
Unicorn mailing list - mongrel-unicorn@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-unicorn
Do not quote signatures (like this one) or top post when replying

^ permalink raw reply	[relevance 7%]

* Re: [ANN] unicorn 3.6.0 - small fixes, PRNG workarounds
  2011-04-26 22:38 ` ghazel
@ 2011-04-26 23:01   ` Eric Wong
  0 siblings, 0 replies; 4+ results
From: Eric Wong @ 2011-04-26 23:01 UTC (permalink / raw)
  To: unicorn list

ghazel@gmail.com wrote:
> On Wednesday, April 20, 2011, Eric Wong <normalperson@yhbt.net> wrote:
> > Changes:
> >
> > Mainly small fixes, improvements, and workarounds for fork() issues
> > with pseudo-random number generators shipped with Ruby (Kernel#rand,
> > OpenSSL::Random (used by SecureRandom and also by Rails).
> >
> > The PRNG issues are documented in depth here (and links to Ruby Redmine):
> >
> >   http://bogomips.org/unicorn.git/commit?id=1107ede7
> >   http://bogomips.org/unicorn.git/commit?id=b3241621
(top-posting corrected)
> Is it possible there is a problem with this change? Since I upgraded
> to 3.6.0 I have encountered two collisions on
> ActiveSupport::SecureRandom.hex(64), which seems very unlikely, since
> it has never happened in the history of my app otherwise.

Oops, the return value of srand shouldn't be relied on, I need to call
Kernel#rand instead.  My attempt to fix things actually made the problem
worse (which is why I pushed upstream Ruby to fix the problem, first :).
The following should fix it (3.6.1 release coming):

diff --git a/lib/unicorn/http_server.rb b/lib/unicorn/http_server.rb
index d70de45..3077b95 100644
--- a/lib/unicorn/http_server.rb
+++ b/lib/unicorn/http_server.rb
@@ -492,11 +492,11 @@ class Unicorn::HttpServer
   def after_fork_internal
     @ready_pipe.close if @ready_pipe
     self.ready_pipe = nil # XXX Rainbows! compat, change for Unicorn 4.x
-    tmp = srand # http://redmine.ruby-lang.org/issues/4338
+    srand # http://redmine.ruby-lang.org/issues/4338
 
     # The OpenSSL PRNG is seeded with only the pid, and apps with frequently
     # dying workers can recycle pids
-    OpenSSL::Random.seed(tmp.to_s) if defined?(OpenSSL::Random)
+    OpenSSL::Random.seed(rand.to_s) if defined?(OpenSSL::Random)
   end
 
   def spawn_missing_workers
-- 
Eric Wong
_______________________________________________
Unicorn mailing list - mongrel-unicorn@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-unicorn
Do not quote signatures (like this one) or top post when replying

^ permalink raw reply	[relevance 6%]

* Re: [ANN] unicorn 3.6.0 - small fixes, PRNG workarounds
  2011-04-21  6:56 [ANN] unicorn 3.6.0 - small fixes, PRNG workarounds Eric Wong
  2011-04-26 22:38 ` ghazel
@ 2011-04-26 23:17 ` Eric Wong
  1 sibling, 0 replies; 4+ results
From: Eric Wong @ 2011-04-26 23:17 UTC (permalink / raw)
  To: mongrel-unicorn

Eric Wong <normalperson@yhbt.net> wrote:
> If you're too lazy to upgrade, you can just do this in your after_fork
> hooks:
> 
>   after_fork do |server,worker|
>     tmp = srand
>     OpenSSL::Random.seed(tmp.to_s) if defined?(OpenSSL::Random)
>   end

Do this instead if you're too lazy to upgrade:

  after_fork do |server,worker|
    srand
    OpenSSL::Random.seed(rand.to_s) if defined?(OpenSSL::Random)
  end

3.6.1 has a similar fix.  Thanks to ghazel for reporting the bug.

-- 
Eric Wong
_______________________________________________
Unicorn mailing list - mongrel-unicorn@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-unicorn
Do not quote signatures (like this one) or top post when replying


^ permalink raw reply	[relevance 7%]

Results 1-4 of 4 | reverse results
2011-04-21  6:56 [ANN] unicorn 3.6.0 - small fixes, PRNG workarounds Eric Wong
2011-04-26 22:38 ` ghazel
2011-04-26 23:01   ` Eric Wong
2011-04-26 23:17 ` Eric Wong


unicorn Ruby/Rack server user+dev discussion/patches/pulls/bugs/help

Archives are clonable:
	git clone --mirror https://bogomips.org/unicorn-public
	git clone --mirror http://ou63pmih66umazou.onion/unicorn-public

Example config snippet for mirrors

Newsgroups are available over NNTP:
	nntp://news.public-inbox.org/inbox.comp.lang.ruby.unicorn
	nntp://ou63pmih66umazou.onion/inbox.comp.lang.ruby.unicorn

 note: .onion URLs require Tor: https://www.torproject.org/

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git