The use of lighttpd in Rails 1.1.2 is optional, but it is the default setup for the internal server script in script/server. The lighttpd config file that Rails copies into a new Rails setup contains features (in particular CWD) which older lighttpd versions don't understand. This leads to an error which gives no indication that a newer version of lighttpd is needed. Upgrading to lighttpd 1.4.10-r2 works fine.
1.4.11 has been asked to be marked stable
(In reply to comment #1) > 1.4.11 has been asked to be marked stable 1.4.11 has been marked stable (x86, amd64, ppc64, sparc) for a while now. Can we close this?
The fact that lighttpd has been marked stable does not fix the bug, it just makes it less likely that people run into it. I guess the right way to fix it is to add a lighttpd USE flag to the rails ebuild and depend on >=lighttpd-0.4.10 in this case.
perhaps adding something like if has_version www-servers/lighttpd && has_version <=www-servers/lighttpd-1.4.10 ewarn "you need at least www-servers/lighttpd-1.4.10 if you want" ewarn "to use lighttpd with rails!" fi in pkg_setup and/or pkg_config would suffice. the ebuild should possibly even die at that point... i don't know of a reason why one would like to stick to a version below 1.4.10... the big problem of course is, if you have rails and lighttpd installed you have to have lighttpd-1.4.10 or higher... there is nothing to choose. AFAICT this can't currently be modeled within an ebuild - so its just a matter of which hack we choose... the last alternative would be to fix the rails server script to, depending on a use flag, use either webrick or lighttpd... tough call
I'd rather hack commands/server.rb to ignore lighttpd older than 1.4.10 (along with a warning maybe). However patching a gem is not very fun. Anyway, upstream should know about this and should fix this. They've already used `lighttpd -version` to check for lighttpd's existence. With a proper regexp, they can determine if the installed lighttpd can be used. Hans, did you inform upstream?
No, I did not inform upstream at the time because I thought we could handle this with a simple dependency. Looking through the Trac database it looks like this was reported twice, but upstream does not appear to see this as a problem. They just say to use 4.1.11 or higher. This is also their recommendation due to older versions being buggy. See: http://dev.rubyonrails.org/ticket/4344 http://dev.rubyonrails.org/ticket/4451
Created attachment 98599 [details] rails-1.1.6-r1.ebuild
Created attachment 98600 [details, diff] files/1.1.6-deprecate-old-lighttpd.patch
I intend to patch rails 1.1.6 only. Any reason I should patch older versions? If you can test the attached ebuild, it would be highly appreciated. I'll add it to portage some next days if there is no response.
All the versions of rails < 1.1.6 contain a significant security leak, so they should not be patched but instead removed from portage. I patch seems to work fine on my system.
InCVS
