passenger icon indicating copy to clipboard operation
passenger copied to clipboard
verified publisher icon phusion

rackup version missing in gemspec

Open aryanrajcoupa opened this issue 1 year ago • 4 comments

Issue report

Question 1: What is the problem? The gemspec file does not specify the rackup version. The build seems to be failing with passenger-6.0.23. Can we have a rackup version specified in the gemspec file?

LoadError: cannot load such file -- /vendor/bundle/ruby/3.3.0/gems/rackup-1.0.0/lib/rackup/handler
/vendor/bundle/ruby/3.3.0/gems/rackup-1.0.0/lib/rackup.rb:6:in `require_relative'
/vendor/bundle/ruby/3.3.0/gems/rackup-1.0.0/lib/rackup.rb:6:in `<top (required)>'
/vendor/bundle/ruby/3.3.0/gems/zeitwerk-2.6.7/lib/zeitwerk/kernel.rb:38:in `require'
/vendor/bundle/ruby/3.3.0/gems/zeitwerk-2.6.7/lib/zeitwerk/kernel.rb:38:in `require'
/vendor/bundle/ruby/3.3.0/gems/passenger-6.0.23/src/ruby_supportlib/phusion_passenger/rack_handler.rb:41:in `<top (required)>'
/vendor/bundle/ruby/3.3.0/gems/zeitwerk-2.6.7/lib/zeitwerk/kernel.rb:38:in `require'
/vendor/bundle/ruby/3.3.0/gems/zeitwerk-2.6.7/lib/zeitwerk/kernel.rb:38:in `require'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler/runtime.rb:60:in `block (2 levels) in require'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler/runtime.rb:55:in `each'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler/runtime.rb:55:in `block in require'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler/runtime.rb:44:in `each'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler/runtime.rb:44:in `require'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler.rb:186:in `require'
/config/application.rb:28:in `<top (required)>'
/Rakefile:4:in `require'
/Rakefile:4:in `<top (required)>'
/vendor/bundle/ruby/3.3.0/gems/rake-13.0.6/exe/rake:27:in `<top (required)>'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler/cli/exec.rb:58:in `load'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler/cli/exec.rb:58:in `kernel_load'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler/cli/exec.rb:23:in `run'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler/cli.rb:486:in `exec'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler/vendor/thor/lib/thor/invocation.rb:127:in `invoke_command'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler/vendor/thor/lib/thor.rb:392:in `dispatch'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler/cli.rb:31:in `dispatch'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler/vendor/thor/lib/thor/base.rb:485:in `start'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler/cli.rb:25:in `start'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/exe/bundle:48:in `block in <top (required)>'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/lib/bundler/friendly_errors.rb:120:in `with_friendly_errors'
/vendor/bundle/ruby/3.3.0/gems/bundler-2.3.26/exe/bundle:36:in `<top (required)>'
/usr/local/bin/bundle:25:in `load'
/usr/local/bin/bundle:25:in `<main>'
(See full trace by running task with --trace)

  • What is the expected behavior? The build should be successful

  • What is the actual behavior? Build is failing

  • How can we reproduce it? Install passenger 6.0.23 gem without specifying rackup version. On my machine, it installs rackup 1.0.0 which is incompatible with this passenger version.

Question 2: Passenger version and integration mode:

Your answer: open source 6.0.23 standalone;

Question 3: OS or Linux distro, platform (including version):

Your answer: platform agnostic

Question 4: Passenger installation method:

Your answer:

  • [x] RubyGems + Gemfile
  • [ ] RubyGems, no Gemfile
  • [ ] Phusion APT repo
  • [ ] Phusion YUM repo
  • [ ] OS X Homebrew
  • [ ] source tarball
  • [ ] Other, please specify:

Question 5: Your app's programming language (including any version managers) and framework (including versions):

Your answer: Ruby 3.3.1, Rails 7;

Question 6: Are you using a PaaS and/or containerization? If so which one?

Your answer: No

Question 7: Anything else about your setup that we should know?

Your answer: Install passenger 6.0.23 without specifying rackup version.

aryanrajcoupa avatar Jul 30 '24 11:07 aryanrajcoupa

Can you please provide a reproduction procedure, I cannot reproduce this problem.

CamJN avatar Aug 08 '24 17:08 CamJN

@CamJN I just hit this issue myself. I haven't confirmed, but it might be as simple to reproduce as installing passenger 6.0.22 and doing

bundle update passenger --patch --conservative

See issue: https://github.com/rack/rackup/issues/13

I also wanted to briefly note: bumping rack to v3.0.0 for the passenger v6.0.23 patch release broke our deployments since it crossed two major release boundaries. I might recommend in the future making these kind of changes a minor release (at least).

Edit: let me clarify my breaking change comment. The rackup gem has a gemspec dependency of rack >= 3 for versions greater than v2.0.0. This means adding rackup as a dependency for the passenger v6.0.23 release transitively makes a hard requirement of rack >= 3. So even though passenger doesn't explicitly add the requirement of rack >= 3 in it's gemspec (it still specifies >= 1.6.13), any consumers of passenger will still be required to install rack >= 3.

cbochs avatar Aug 15 '24 16:08 cbochs

Ok so version 1.0 of rackup has no files, and version 2 fixes that. So Passenger should depend on rackup >= 2.0.0, I can make that change.

CamJN avatar Aug 19 '24 13:08 CamJN

@CamJN Was this resolved in the stable branch with this commit? https://github.com/phusion/passenger/commit/cc5359ce5cd248b51760d9e14f1391251f490d9a

cbochs avatar Aug 21 '24 14:08 cbochs

@CamJN I've been trying to update passenger to address CVE-2025-26803, but with this https://github.com/phusion/passenger/commit/cc5359ce5cd248b51760d9e14f1391251f490d9a commit, since version 6.0.24 Passenger requires rack 3 to work. This is actually a breaking change for Rails 7.2 applications that cannot safely use rack 3 just yet, and were running fine on passenger 6.0.20.

Resolving dependencies...
Could not find compatible versions

Because passenger >= 6.0.24 depends on rackup >= 2.0.0
  and rackup >= 2.0.0 depends on rack >= 3,
  passenger >= 6.0.24 requires rack >= 3.
And because sprockets >= 3.3.5, < 4.2.0 depends on rack > 1, < 3,
  passenger >= 6.0.24 is incompatible with sprockets >= 3.3.5, < 4.2.0.
So, because Gemfile depends on sprockets >= 3.7.2, < 4.A
  and Gemfile depends on passenger = 6.0.26,
  version solving has failed.

Maybe requiring rackup 1.0.1 would fix this issue while maintaining backwards compatibility: https://github.com/rack/rackup/issues/13#issuecomment-2431154234

zzemla avatar Mar 05 '25 14:03 zzemla

Just want to echo comments by @zzemla above. We are in exactly the same situation... app can't support rack 3, therefore we can't upgrade to latest Passenger.

Wiscmapper avatar Apr 04 '25 14:04 Wiscmapper