Update Passenger to a newer release

OSC / ondemand-packaging

Used to build RPMs for OnDemand and OSC-specific BatchConnect applications

https://osc.github.io/Open-OnDemand/

2 stars 5 forks source link

Update Passenger to a newer release #272

Closed CSC-swesters closed 6 months ago

CSC-swesters commented 6 months ago

We have a Python 3.9 Passenger app in our OOD deployment, which is causing Passenger to print deprecation warnings like this:

App 475 output: /opt/rh/ondemand/root/usr/share/passenger/helper-scripts/wsgi-loader.py:26: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses
App 475 output:   import sys, os, re, imp, threading, signal, traceback, socket, select, struct, logging, errno

This is apparently fixed in a later Passenger release, here: https://github.com/phusion/passenger/commit/a19753cdb1c5f6048e74db109978382f8982f8e1

Would it be possible to bump the version of Passenger that is packaged for OOD? The newest at the time of writing seems to be 6.0.20 (see their Releases page).

In addition to this specific python 3.9 fix, Passenger has bumped a lot of their own dependencies as well, so it might be good to keep up with them just in general.

Thanks in advance!

treydock commented 6 months ago

The only passenger related dependencies managed by OnDemand are passenger itself and NGINX. We build a Passenger RPM and a NGINX RPM. Some related dependencies like Ruby are more tied to OnDemand and currently we depend on what the OS supports so we are limited in what updates can be performed.

CSC-swesters commented 6 months ago

I see, so the Passenger RPM that OnDemand ships is presumably quite standalone, without any downstream dependencies, thanks to the way you are packaging it?

I notice that you've opened a new PR attempting to upgrade. Thanks for the quick action!

treydock commented 6 months ago

I see, so the Passenger RPM that OnDemand ships is presumably quite standalone, without any downstream dependencies, thanks to the way you are packaging it?

Most of the dependencies for Passenger are bundled into the Passenger RPM. I believe there are a few external dependencies like Ruby and Apache which come from the OS. The only dependencies called out with versions in the RPM spec we adopted from upstream is NGINX and boost, both of which are getting updated in #274.

CSC-swesters commented 6 months ago

Thank you for merging the fixes!

Passenger has bumped a lot of their own dependencies as well, so it might be good to keep up with them just in general.

Most of the dependencies for Passenger are bundled into the Passenger RPM.

I think we've arrived at what I tried to say originally.The dependencies that are bundled into the Passenger RPM are also shipped by OOD (since you choose to package it yourselves), and that makes it necessary to keep an eye on them. They are on OOD's software bill of materials (SBOM), if you will.