debian/0000755000000000000000000000000012302376004007163 5ustar debian/gunicorn.examples0000644000000000000000000000001312167600742012551 0ustar examples/* debian/manpages/0000755000000000000000000000000012167600742010766 5ustar debian/manpages/gunicorn.pod0000644000000000000000000000665612167600742013333 0ustar =encoding utf8 =head1 NAME gunicorn - Event-based HTTP/WSGI server =head1 SYNOPSIS gunicorn [OPTIONS] APP_MODULE =head1 OPTIONS =over 2 =item B<-c> I, B<--config>=I Config file. [none] =item B<-b> I, B<--bind>=I Address to listen on. Ex. 127.0.0.1:8000 or unix:/tmp/gunicorn.sock =item B<-w> I, B<--workers>=I Number of workers to spawn. [1] =item B<-a> I, B<--arbiter>=I gunicorn arbiter entry point or module [egg:gunicorn#main] =item B<-p> I, B<--pid>=I Set the background PID FILE =item B<-D>, B<--daemon> Run daemonized in the background. =item B<-m> I, B<--umask>=I Define umask of daemon process =item B<-u> I, B<--user>=I Change worker user =item B<-g> I, B<--group>=I Change worker group =item B<-n> I, B<--name>=I Process name =item B<--log-level>=I Log level below which to silence messages. [info] =item B<--log-file>=I Log to a file. - equals stdout. [-] =item B, B<--debug> Debug mode. only 1 worker. =item B<--version> Show program's version number and exit =item B<-h>, B<--help> show this help message and exit =back =head1 DESCRIPTION Green Unicorn (gunicorn) is an HTTP/WSGI server designed to serve fast clients or sleepy applications. That is to say; behind a buffering front-end server such as nginx or lighttpd. * Optional support for Eventlet and Gevent to provide asynchronous long-polling ("Comet") connections. * Process management: Gunicorn reaps and restarts workers that die. * Easy integration with Django and Paster compatible applications (Pylons, TurboGears 2, etc. * Load balancing via pre-fork and a shared socket * Graceful worker process restarts * Upgrading without losing connections * Decode chunked transfers on-the-fly, allowing upload progress notifications or stream-based protocols over HTTP =head1 TUNING =head2 KERNEL PARAMETERS There are various kernel parameters that you might want to tune in order to deal with a large number of simultaneous connections. Generally these should only affect sites with a large number of concurrent requests and apply to any sort of network server you may be running. They're listed here for ease of reference. The commands listed are tested under Mac OS X 10.6. Your flavor of Unix may use slightly different flags. Always reference the appropriate man pages if uncertain. =head2 INCREASING THE FILE DESCRIPTOR LIMIT One of the first settings that usually needs to be bumped is the maximum number of open file descriptors for a given process. For the confused out there, remember that Unices treat sockets as files. $ sudo ulimit -n 1024 =head2 INCREASING THE LISTEN QUEUE SIZE Listening sockets have an associated queue of incoming connections that are waiting to be accepted. If you happen to have a stampede of clients that fill up this queue new connections will eventually start getting dropped. $ sudo sysctl -w kern.ipc.somaxconn="1024" =head2 WIDENING THE EPHEMERAL PORT RANGE After a socket is closed it eventually enters the TIME_WAIT state. This can become an issue after a prolonged burst of client activity. Eventually the ephemeral port range is used up which can cause new connections to stall while they wait for a valid port. This setting is generally only required on machines that are being used to test a network server. =head1 SEE ALSO L debian/manpages/gunicorn_paster.pod0000644000000000000000000000673112167600742014703 0ustar =encoding utf8 =head1 NAME gunicorn_paster - Event-based HTTP/WSGI server, Paste application entry-point =head1 SYNOPSIS gunicorn_paster [OPTIONS] [SETTINGS_PATH] =head1 OPTIONS =over 2 =item B<-c> I, B<--config>=I Config file. [none] =item B<-b> I, B<--bind>=I Address to listen on. Ex. 127.0.0.1:8000 or unix:/tmp/gunicorn.sock =item B<-w> I, B<--workers>=I Number of workers to spawn. [1] =item B<-a> I, B<--arbiter>=I gunicorn arbiter entry point or module [egg:gunicorn#main] =item B<-p> I, B<--pid>=I Set the background PID FILE =item B<-D>, B<--daemon> Run daemonized in the background. =item B<-m> I, B<--umask>=I Define umask of daemon process =item B<-u> I, B<--user>=I Change worker user =item B<-g> I, B<--group>=I Change worker group =item B<-n> I, B<--name>=I Process name =item B<--log-level>=I Log level below which to silence messages. [info] =item B<--log-file>=I Log to a file. - equals stdout. [-] =item B, B<--debug> Debug mode. only 1 worker. =item B<--version> Show program's version number and exit =item B<-h>, B<--help> show this help message and exit =back =head1 DESCRIPTION Green Unicorn (gunicorn) is an HTTP/WSGI server designed to serve fast clients or sleepy applications. That is to say; behind a buffering front-end server such as nginx or lighttpd. * Optional support for Eventlet and Gevent to provide asynchronous long-polling ("Comet") connections. * Process management: Gunicorn reaps and restarts workers that die. * Easy integration with Django and Paster compatible applications (Pylons, TurboGears 2, etc. * Load balancing via pre-fork and a shared socket * Graceful worker process restarts * Upgrading without losing connections * Decode chunked transfers on-the-fly, allowing upload progress notifications or stream-based protocols over HTTP =head1 TUNING =head2 KERNEL PARAMETERS There are various kernel parameters that you might want to tune in order to deal with a large number of simultaneous connections. Generally these should only affect sites with a large number of concurrent requests and apply to any sort of network server you may be running. They're listed here for ease of reference. The commands listed are tested under Mac OS X 10.6. Your flavor of Unix may use slightly different flags. Always reference the appropriate man pages if uncertain. =head2 INCREASING THE FILE DESCRIPTOR LIMIT One of the first settings that usually needs to be bumped is the maximum number of open file descriptors for a given process. For the confused out there, remember that Unices treat sockets as files. $ sudo ulimit -n 1024 =head2 INCREASING THE LISTEN QUEUE SIZE Listening sockets have an associated queue of incoming connections that are waiting to be accepted. If you happen to have a stampede of clients that fill up this queue new connections will eventually start getting dropped. $ sudo sysctl -w kern.ipc.somaxconn="1024" =head2 WIDENING THE EPHEMERAL PORT RANGE After a socket is closed it eventually enters the TIME_WAIT state. This can become an issue after a prolonged burst of client activity. Eventually the ephemeral port range is used up which can cause new connections to stall while they wait for a valid port. This setting is generally only required on machines that are being used to test a network server. =head1 SEE ALSO L debian/manpages/gunicorn_django.pod0000644000000000000000000000673212167600742014650 0ustar =encoding utf8 =head1 NAME gunicorn_django - Event-based HTTP/WSGI server, Django application entry-point =head1 SYNOPSIS gunicorn_django [OPTIONS] [SETTINGS_PATH] =head1 OPTIONS =over 2 =item B<-c> I, B<--config>=I Config file. [none] =item B<-b> I, B<--bind>=I Address to listen on. Ex. 127.0.0.1:8000 or unix:/tmp/gunicorn.sock =item B<-w> I, B<--workers>=I Number of workers to spawn. [1] =item B<-a> I, B<--arbiter>=I gunicorn arbiter entry point or module [egg:gunicorn#main] =item B<-p> I, B<--pid>=I Set the background PID FILE =item B<-D>, B<--daemon> Run daemonized in the background. =item B<-m> I, B<--umask>=I Define umask of daemon process =item B<-u> I, B<--user>=I Change worker user =item B<-g> I, B<--group>=I Change worker group =item B<-n> I, B<--name>=I Process name =item B<--log-level>=I Log level below which to silence messages. [info] =item B<--log-file>=I Log to a file. - equals stdout. [-] =item B, B<--debug> Debug mode. only 1 worker. =item B<--version> Show program's version number and exit =item B<-h>, B<--help> show this help message and exit =back =head1 DESCRIPTION Green Unicorn (gunicorn) is an HTTP/WSGI server designed to serve fast clients or sleepy applications. That is to say; behind a buffering front-end server such as nginx or lighttpd. * Optional support for Eventlet and Gevent to provide asynchronous long-polling ("Comet") connections. * Process management: Gunicorn reaps and restarts workers that die. * Easy integration with Django and Paster compatible applications (Pylons, TurboGears 2, etc. * Load balancing via pre-fork and a shared socket * Graceful worker process restarts * Upgrading without losing connections * Decode chunked transfers on-the-fly, allowing upload progress notifications or stream-based protocols over HTTP =head1 TUNING =head2 KERNEL PARAMETERS There are various kernel parameters that you might want to tune in order to deal with a large number of simultaneous connections. Generally these should only affect sites with a large number of concurrent requests and apply to any sort of network server you may be running. They're listed here for ease of reference. The commands listed are tested under Mac OS X 10.6. Your flavor of Unix may use slightly different flags. Always reference the appropriate man pages if uncertain. =head2 INCREASING THE FILE DESCRIPTOR LIMIT One of the first settings that usually needs to be bumped is the maximum number of open file descriptors for a given process. For the confused out there, remember that Unices treat sockets as files. $ sudo ulimit -n 1024 =head2 INCREASING THE LISTEN QUEUE SIZE Listening sockets have an associated queue of incoming connections that are waiting to be accepted. If you happen to have a stampede of clients that fill up this queue new connections will eventually start getting dropped. $ sudo sysctl -w kern.ipc.somaxconn="1024" =head2 WIDENING THE EPHEMERAL PORT RANGE After a socket is closed it eventually enters the TIME_WAIT state. This can become an issue after a prolonged burst of client activity. Eventually the ephemeral port range is used up which can cause new connections to stall while they wait for a valid port. This setting is generally only required on machines that are being used to test a network server. =head1 SEE ALSO L debian/copyright0000644000000000000000000000627112167600742011134 0ustar Authors: Benoît Chesneau Download: http://gunicorn.org/ Files: * Copyright: © 2009, 2010 Benoît Chesneau © 2009, 2010 Paul J. Davis License: MIT Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: . The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Files: tests/t.py Copyright: © 2009 Paul J. Davis License: MIT Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: . The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Files: debian/* Copyright: © 2010 Chris Lamb License: GPL-3+ This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . . On Debian systems, the complete text of the GNU General Public License can be found in the /usr/share/common-licenses/GPL-3 file. debian/gunicorn.install0000644000000000000000000000006612167600742012411 0ustar debian/gunicorn.d etc debian/gunicorn-debian usr/sbin debian/changelog0000644000000000000000000002043612302376004011042 0ustar gunicorn (17.5-2build1) trusty; urgency=medium * Rebuild to drop files installed into /usr/share/pyshared. -- Matthias Klose Sun, 23 Feb 2014 13:47:48 +0000 gunicorn (17.5-2) unstable; urgency=low * Ignore automatic backup files (eg. "filename~") in /etc/gunicorn.d. Thanks to Gael Le Mignot . (Closes: #715032) -- Chris Lamb Thu, 11 Jul 2013 20:05:04 +0100 gunicorn (17.5-1) unstable; urgency=low * New upstream release. * Refresh and alter structure of 0001-drop-supplemental-groups.patch. Thanks to Randall Leeds. -- Chris Lamb Thu, 04 Jul 2013 17:28:14 +0100 gunicorn (0.15.0-1) unstable; urgency=low * New upstream release. -- Chris Lamb Wed, 31 Oct 2012 19:44:54 +0000 gunicorn (0.14.5-5) unstable; urgency=low * Apply patch by Randall Leeds to set log directory permissions correctly. Thanks! -- Chris Lamb Tue, 30 Oct 2012 00:14:18 +0000 gunicorn (0.14.5-4) unstable; urgency=low * Update setgroups patch so that permission errors are non-fatal, allowing gunicorn to be started by a non-root user. Thanks to Matthew Draper (Closes: #690500) * Fix broken pysupport -> dh_python2 conversion. Thanks to Jakub Wilk (jwilk). (Closes: #690079) -- Chris Lamb Tue, 16 Oct 2012 12:06:11 +0100 gunicorn (0.14.5-3) unstable; urgency=medium * Apply security patch from Vangelis Koukis to ensure gunicorn drops supplemental groups. Without this change, gunicorn workers run with the supplemental group of 'root' even though we have specifically requested a switch (eg. to www-data:www-data) -- Chris Lamb Thu, 04 Oct 2012 20:22:08 +0100 gunicorn (0.14.5-2) unstable; urgency=low * Pass through any initscript options to gunicorn-debian. Thanks to Piet Delport . (Closes: #684299) * Drop unsupported 'status' argument. Thanks to Piet Delport . -- Chris Lamb Wed, 08 Aug 2012 13:03:26 -0700 gunicorn (0.14.5-1) unstable; urgency=low * New upstream release. -- Chris Lamb Mon, 02 Jul 2012 10:49:20 +0100 gunicorn (0.14.3-1) unstable; urgency=low * New upstream release. * Don't use the upstream Makefile for building as it uses virtualenv and starts downloading things. * Bump Standards-Version to 3.9.3. -- Chris Lamb Mon, 21 May 2012 22:04:58 +0100 gunicorn (0.14.2-1) unstable; urgency=low * New upstream version. * Add support for "restart" argument to gunicorn-debian. -- Chris Lamb Tue, 17 Apr 2012 12:07:36 +0100 gunicorn (0.13.4-3) unstable; urgency=low * Don't stop *all* configurations when calling "gunicorn-debian stop config". -- Chris Lamb Fri, 10 Feb 2012 12:49:17 +0000 gunicorn (0.13.4-2) unstable; urgency=low * Move /usr/share/gunicorn/initscript-helper.py => /usr/sbin/gunicorn-debian. * Detect dpkg "rc" state in /etc/init.d/gunicorn. * Add shebang to /usr/sbin/gunicorn-debian. * Use optparse to parse command line over unpacking sys.argv. * Use sys.dont_write_bytecode over PYTHONDONTWRITEBYTECODE environment variable. * Ignore .comc files too. * Logging for /usr/sbin/gunicorn-debian. * Better logging of what start-stop-daemon is called with. * "reload" starts unstarted instances (Closes: #642234) * Allow limiting actions to particular configs. Thanks to thomas marquart for the suggestion. -- Chris Lamb Thu, 19 Jan 2012 15:27:53 +0000 gunicorn (0.13.4-1) unstable; urgency=low * New upstream version. * Bump retry time and make it configurable. This is required so that we don't attempt to (re)start gunicorn when the previous instances are still running as the port would still be in use and would then completely fail to start. -- Chris Lamb Wed, 16 Nov 2011 17:05:47 +0000 gunicorn (0.13.1-1) unstable; urgency=low * New upstream release. * Bump Standards-Version to 3.9.2. -- Chris Lamb Sun, 04 Sep 2011 12:20:18 +0100 gunicorn (0.12.2-2) unstable; urgency=low * Source /etc/default/gunicorn so CONF_DIR (etc.) can be overridden. (via https://github.com/lamby/pkg-gunicorn/issues/8). Thanks to cbay for the patch. -- Chris Lamb Thu, 26 May 2011 16:42:38 +0100 gunicorn (0.12.2-1) unstable; urgency=low * New upstream release. * Update Python path under all Python versions, not just 2.6. (via https://github.com/lamby/pkg-gunicorn/issues/6) * Don't require configuration files to define a CONFIG dictionary. Thanks to cbay for the patch. (via https://github.com/lamby/pkg-gunicorn/issues/7) -- Chris Lamb Thu, 19 May 2011 16:22:21 +0100 gunicorn (0.12.1-3) unstable; urgency=low * Update Python path for Python <= 2.6 so that configurations can extend each other. * Correct check for ignoring files beginning with "_". * Also ignore .pyc files. * Fix "reload" action by removing "--retry 10" start-stop-daemon argument which was sending KILL afer 10 seconds. Thanks to cbay. (via https://github.com/lamby/pkg-gunicorn/issues/4) * Delete *.pid files even if start-stop-daemon fails. Thanks to cbay for report and patch. (via https://github.com/lamby/pkg-gunicorn/issues/3) -- Chris Lamb Thu, 19 May 2011 11:28:00 +0100 gunicorn (0.12.1-2) unstable; urgency=low * Add option to specify the Python interpreter to use. (via https://github.com/lamby/pkg-gunicorn/issues/1) * Ignore files that begin with "_" so that we can avoid duplicated code. (via https://github.com/lamby/pkg-gunicorn/issues/2) -- Chris Lamb Mon, 09 May 2011 00:54:18 +0100 gunicorn (0.12.1-1) unstable; urgency=low * New upstream release. * Add Python 2.5 support for /etc/gunicorn.d. -- Chris Lamb Thu, 24 Mar 2011 12:32:40 +0000 gunicorn (0.12.0-2) unstable; urgency=low * Add .d-based config based on an idea by Arthur Furlan. Users (or configuration packages) can now place files in /etc/gunicorn.d which setup different gunicorn configurations. This avoids the need for separate or custom initscripts and generally integrates Gunicorn better with the Debian system. All gunicorn options are configurable. (Closes: #606216) -- Chris Lamb Mon, 21 Mar 2011 00:04:33 +0000 gunicorn (0.12.0-1) unstable; urgency=low * New upstream release. * Update Vcs-{Git,Browser}. -- Chris Lamb Sat, 26 Feb 2011 18:18:47 +0000 gunicorn (0.11.2-1) unstable; urgency=low * New upstream release. * Bump Standards-Version to 3.9.1. -- Chris Lamb Mon, 01 Nov 2010 10:55:04 +0000 gunicorn (0.10.0-1) unstable; urgency=low * New upstream release. * Add python-setproctitle to Suggests. Thanks to Örjan Persson . * Bump Standards-Version to 3.9.0. -- Chris Lamb Fri, 16 Jul 2010 10:44:12 +0100 gunicorn (0.9.1-2) unstable; urgency=low * Add python-setuptools to binary Depends. -- Chris Lamb Tue, 15 Jun 2010 11:02:09 +0100 gunicorn (0.9.1-1) unstable; urgency=low * New upstream release. -- Chris Lamb Thu, 27 May 2010 23:51:25 +0100 gunicorn (0.8.0-3) unstable; urgency=low * Re-enable gunicorn_paster entry point. -- Chris Lamb Fri, 07 May 2010 18:18:37 +0100 gunicorn (0.8.0-2) unstable; urgency=low * Bump minimal Python requirement to 2.5. Thanks to Piotr Ożarowski. (Closes: #580679) * Add python-pkg-resources to Depends. * Add python-gevent and python-tornado to Suggests. * Update long description to reflect Tornado support. -- Chris Lamb Fri, 07 May 2010 17:55:36 +0100 gunicorn (0.8.0-1) unstable; urgency=low * New upstream release. * Update debian/watch to not pick up spurious help.tar.gz. -- Chris Lamb Thu, 22 Apr 2010 21:47:18 +0100 gunicorn (0.7.1-1) unstable; urgency=low * Initial release. (Closes: #577107) - We don't package the "paster" entry point yet as Debian's python-paste is out of date. -- Chris Lamb Sun, 11 Apr 2010 21:05:39 +0100 debian/gunicorn.d/0000755000000000000000000000000012167600742011241 5ustar debian/gunicorn.d/wsgi.example0000644000000000000000000000035212167600742013567 0ustar CONFIG = { # 'mode': 'wsgi', 'working_dir': '/path/to/my/app', # 'python': '/usr/bin/python', 'args': ( # '--bind=127.0.0.1:8000', '--workers=16', '--timeout=60', 'app.module', ), } debian/gunicorn.d/django.example0000644000000000000000000000056212167600742014063 0ustar CONFIG = { 'mode': 'django', 'environment': { 'PYTHONPATH': '/path/to/custom/python/packages', }, # 'working_dir': '/', # 'user': 'www-data', # 'group': 'www-data', 'args': ( # '--bind=127.0.0.1:8000', '--workers=4', # '--worker-class=egg:gunicorn#sync', # '--timeout=30', 'settings', ), } debian/gunicorn.manpages0000644000000000000000000000002412167600742012530 0ustar debian/manpages/*.1 debian/gunicorn.init0000644000000000000000000000224112167600742011703 0ustar #!/bin/sh ### BEGIN INIT INFO # Provides: gunicorn # Required-Start: $all # Required-Stop: $all # Should-Start: $local_fs # Should-Stop: $local_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin NAME=gunicorn DESC="Gunicorn workers" HELPER=/usr/sbin/gunicorn-debian PID_DIR=/var/run/gunicorn LOG_DIR=/var/log/gunicorn CONF_DIR=/etc/gunicorn.d test -x $HELPER || exit 0 [ -r /etc/default/$NAME ] && . /etc/default/$NAME . /lib/lsb/init-functions Action() { mkdir -p $PID_DIR mkdir -p $LOG_DIR chmod 750 $LOG_DIR chown root:adm $LOG_DIR log_daemon_msg "$1" shift if $HELPER \ --conf-dir=$CONF_DIR \ --pid-dir=$PID_DIR \ --log-dir=$LOG_DIR \ "$@" then log_success_msg else log_failure_msg exit 1 fi } action="$1" shift case "$action" in start) Action "Starting $DESC" start "$@" ;; stop) Action "Stopping $DESC" stop "$@" ;; reload) Action "Reloading $DESC" reload "$@" ;; restart|force-reload) $0 stop "$@" $0 start "$@" ;; *) echo "Usage: /etc/init.d/$NAME {start|stop|restart|reload|force-reload} [configs]" >&2 exit 1 ;; esac exit 0 debian/compat0000644000000000000000000000000212167600742010371 0ustar 7 debian/patches/0000755000000000000000000000000012167600742010622 5ustar debian/patches/0001-drop-supplemental-groups.patch0000644000000000000000000000144312167600742017213 0ustar From: Chris Lamb Date: Tue Oct 16 12:05:35 2012 +0100 Subject: 0001-drop-supplemental-groups --- gunicorn/util.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/gunicorn/util.py b/gunicorn/util.py index 9b7529f..6e4e69c 100644 --- a/gunicorn/util.py +++ b/gunicorn/util.py @@ -4,6 +4,7 @@ # See the NOTICE for more information. +import errno import fcntl import os import pkg_resources @@ -147,6 +148,14 @@ def set_owner_process(uid, gid): # groups like on osx or fedora gid = abs(gid) & 0x7FFFFFFF os.setgid(gid) + + # Also drop supplemental groups + try: + os.setgroups([]) + except OSError, e: + if e.errno != errno.EPERM: + raise + if uid: os.setuid(uid) debian/patches/series0000644000000000000000000000004412167600742012035 0ustar 0001-drop-supplemental-groups.patch debian/control0000644000000000000000000000250112167600742010574 0ustar Source: gunicorn Section: python Priority: optional Maintainer: Chris Lamb Build-Depends: debhelper (>= 7.0.50~), python (>= 2.6.6-3~) Build-Depends-Indep: python-setuptools Standards-Version: 3.9.3 Vcs-Git: git://github.com/lamby/pkg-gunicorn.git Vcs-Browser: https://github.com/lamby/pkg-gunicorn X-Python-Version: >= 2.6 Homepage: http://gunicorn.org/ Package: gunicorn Architecture: all Depends: ${misc:Depends}, ${python:Depends}, python-pkg-resources, python-setuptools Suggests: python-tornado, python-gevent, python-pastedeploy, python-setproctitle Description: Event-based HTTP/WSGI server Green Unicorn (gunicorn) is an HTTP/WSGI server designed to serve fast clients or sleepy applications. That is to say; behind a buffering front-end server such as nginx or lighttpd. . * Optional support for Eventlet, Tornado and Gevent to provide asynchronous long-polling ("Comet") connections. * Process management: Gunicorn reaps and restarts workers that die. * Easy integration with Django and Paster compatible applications (Pylons, TurboGears 2, etc. * Load balancing via pre-fork and a shared socket * Graceful worker process restarts * Upgrading without losing connections * Decode chunked transfers on-the-fly, allowing upload progress notifications or stream-based protocols over HTTP debian/gunicorn-debian0000755000000000000000000001437212167600742012174 0ustar #!/usr/bin/env python import os import re import imp import sys import glob import subprocess import logging from optparse import OptionParser re_ignore = re.compile(r'(~$|^_|\.(dpkg-(old|dist|new|tmp)|example)$|\.pyc|\.comc$)') def main(): parser = OptionParser("usage: %prog [options] start|stop|reload [configs]") parser.add_option('--conf-dir', dest='conf_dir', default='/etc/gunicorn.d') parser.add_option('--pid-dir', dest='pid_dir', default='/var/run/gunicorn') parser.add_option('--log-dir', dest='log_dir', default='/var/log/gunicorn') parser.add_option('-v', '--verbosity', type='int', dest='verbosity', default=2, help='Verbosity level; 0=minimal output, 1=normal output' \ ' 2=verbose output, 3=very verbose output') options, args = parser.parse_args() try: logging.basicConfig( format='%(levelname).1s: %(message)s', level={ 0: logging.ERROR, 1: logging.WARNING, 2: logging.INFO, 3: logging.DEBUG, }[options.verbosity] ) except KeyError: parser.error("Invalid verbosity level") log = logging.getLogger('gunicorn-debian') configs = args[1:] try: action = args[0] except IndexError: parser.error("Missing action") if action not in ('start', 'stop', 'restart', 'reload'): parser.error("Invalid action: %s" % action) files = glob.glob(os.path.join(options.conf_dir, '*')) if not os.path.exists(options.pid_dir): log.info("Creating %s", options.pid_dir) os.makedirs(options.pid_dir) # Update Python path so configurations can extend each other. sys.path.append(options.conf_dir) sys.dont_write_bytecode = True for filename in sorted(files): basename = os.path.basename(filename) if re_ignore.search(basename): log.debug("Ignoring %s", filename) continue if configs and basename not in configs: log.debug("Skipping %s", filename) continue log.debug("Loading %s", filename) if sys.version_info > (2, 6): # We are using a version that understands PYTHONDONTWRITEBYTECODE # so it is safe to use imp.load_source here - otherwise we create # "pyc"-like files in /etc/gunicorn.d which we then try and parse. module = imp.load_source(filename, filename) CONFIG = getattr(module, 'CONFIG', None) else: module = {} execfile(filename, module) CONFIG = module.get('CONFIG') if not CONFIG: continue config = Config(filename, options, CONFIG, log) if options.verbosity < 3: config.print_name() log.debug("Calling .%s() on %s", action, config.basename()) getattr(config, action)() # Kill any renaming pidfiles to prevent the case where we remove or # renaming a configuration and it doesn't get stopped or restarted. if action == 'stop' and not configs: for pidfile in glob.glob(os.path.join(options.pid_dir, '*.pid')): log.debug("Stopping extraenous pidfile %s", pidfile) subprocess.call(( 'start-stop-daemon', '--stop', '--oknodo', '--retry', '1', '--quiet', '--pidfile', pidfile, )) try: os.unlink(pidfile) except OSError: pass return 0 class Config(dict): def __init__(self, filename, options, data, log): self.filename = filename self.options = options self.log = log data['args'] = list(data.get('args', [])) data.setdefault('mode', 'wsgi') data.setdefault('user', 'www-data') data.setdefault('group', 'www-data') data.setdefault('retry', '60') data.setdefault('environment', {}) data.setdefault('working_dir', '/') data.setdefault('python', '/usr/bin/python') self.update(data) assert self['mode'] in ('wsgi', 'django', 'paster') def print_name(self): sys.stdout.write(" [%s]" % self.basename()) sys.stdout.flush() def basename(self): return os.path.basename(self.filename) def pidfile(self): return os.path.join(self.options.pid_dir, '%s.pid' % self.basename()) def logfile(self): return os.path.join(self.options.log_dir, '%s.log' % self.basename()) def check_call(self, *args, **kwargs): self.log.debug("Calling subprocess.check_call(*%r, **%r)", args, kwargs) subprocess.check_call(*args, **kwargs) def start(self): daemon = { 'wsgi': '/usr/bin/gunicorn', 'django': '/usr/bin/gunicorn_django', 'paster': '/usr/bin/gunicorn_paster', }[self['mode']] args = [ 'start-stop-daemon', '--start', '--oknodo', '--quiet', '--chdir', self['working_dir'], '--pidfile', self.pidfile(), '--exec', self['python'], '--', daemon, ] gunicorn_args = [ '--pid', self.pidfile(), '--name', self.basename(), '--user', self['user'], '--group', self['group'], '--daemon', '--log-file', self.logfile(), ] env = os.environ.copy() env.update(self['environment']) self.check_call(args + gunicorn_args + self['args'], env=env) def stop(self): self.check_call(( 'start-stop-daemon', '--stop', '--oknodo', '--quiet', '--retry', self['retry'], '--pidfile', self.pidfile(), )) def restart(self): self.stop() self.start() def reload(self): try: self.check_call(( 'start-stop-daemon', '--stop', '--signal', 'HUP', '--quiet', '--pidfile', self.pidfile(), )) except subprocess.CalledProcessError: self.log.debug("Could not reload, so restarting instead") self.restart() if __name__ == '__main__': sys.exit(main()) debian/rules0000755000000000000000000000066112167600742010256 0ustar #!/usr/bin/make -f POD_MANPAGES=$(wildcard debian/manpages/*.pod) MANPAGES=$(patsubst %.pod,%.1, $(POD_MANPAGES)) %: dh --with=python2 $@ %.1: %.pod pod2man $< $@ override_dh_auto_clean: rm -f Makefile dh_auto_clean override_dh_auto_build: $(MANPAGES) dh_auto_build override_dh_installexamples: dh_installexamples find debian/gunicorn/usr/share/doc/gunicorn/examples \ -executable -type f -print0 | xargs -0r chmod -x debian/source/0000755000000000000000000000000012167600742010473 5ustar debian/source/format0000644000000000000000000000001412167600742011701 0ustar 3.0 (quilt) debian/watch0000644000000000000000000000011712167600742010223 0ustar version=3 http://githubredir.debian.net/github/benoitc/gunicorn /(\d.*).tar.gz