Python 3.4+: use os.set_inheritable + os.set_blocking in place of unreadable fcntl calls

.github/workflows/bsd.yml

@@ -0,0 +1,67 @@
+name: bsd
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - '*.py'
+      - 'tox.ini'
+      - '.github/workflows/bsd.yml'
+  pull_request:
+    branches:
+      - master
+permissions:
+  # BOLD WARNING: do not add permissions, this workflow executes remote code
+  contents: read
+env:
+  FORCE_COLOR: 1
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+jobs:
+  freebsd:
+    name: freebsd
+    timeout-minutes: 20
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+    steps:
+      - uses: actions/checkout@v4
+      - uses: vmactions/freebsd-vm@v1
+        with:
+          prepare: pkg install -y nginx python311 py311-pip py311-tox py311-sqlite3
+          usesh: true
+          copyback: false
+          # not a typo: "openssl --version" != "openssl version"
+          run: |
+            uname -a \
+            && python3.11 --version \
+            && python3.11 -m tox --version \
+            && openssl version \
+            && pkg info nginx \
+            && python3.11 -m tox -e run-module \
+            && python3.11 -m tox -e run-entrypoint \
+            && python3.11 -m tox -e py
+
+  openbsd:
+    name: openbsd
+    timeout-minutes: 20
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+    steps:
+      - uses: actions/checkout@v4
+      - uses: vmactions/openbsd-vm@v1
+        with:
+          prepare: pkg_add python py3-pip py3-tox py3-sqlite3 nginx
+          usesh: true
+          copyback: false
+          run: |
+            uname -a \
+            && python3 --version \
+            && python3 -m tox --version \
+            && openssl version \
+            && pkg_info nginx \
+            && python3 -m tox -e run-module \
+            && python3 -m tox -e run-entrypoint \
+            && python3 -m tox -e py

.github/workflows/illumos.yml

@@ -0,0 +1,52 @@
+name: illumos
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - '*.py'
+      - 'tox.ini'
+      - '.github/workflows/illumos.yml'
+  pull_request:
+    branches:
+      - master
+permissions:
+  # BOLD WARNING: do not add permissions, this workflow executes remote code
+  contents: read
+env:
+  FORCE_COLOR: 1
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+jobs:
+  omnios:
+    name: illumos
+    timeout-minutes: 20
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+    steps:
+      - uses: actions/checkout@v4
+      - uses: vmactions/omnios-vm@v1
+        with:
+          # need gcc: compile greenlet from source
+          # autoconf must pretend inotify unavail: libev FTBFS
+          # /tmp/.nginx must exist because nginx will not create configured tmp
+          prepare: |
+            pkg install pip-311 python-311 sqlite-3 nginx gcc13
+          usesh: true
+          copyback: false
+          run: |
+            cat /etc/release \
+            && uname -a \
+            && python3 --version \
+            && openssl version \
+            && pkg info nginx \
+            && gcc -dM -E - </dev/null \
+            && ac_cv_header_sys_inotify_h=no ac_cv_func_inotify_init=no python3 -m pip install gevent \
+            && mkdir -p /tmp/.nginx \
+            && python3 -m pip install tox \
+            && python3 -m tox --version \
+            && python3 -m tox -e run-module \
+            && python3 -m tox -e run-entrypoint \
+            && python3 -m tox -e py

.github/workflows/tox.yml

@@ -1,5 +1,11 @@
 name: tox
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
 permissions:
   contents: read # to fetch code (actions/checkout)
 env:
@@ -19,7 +25,7 @@ jobs:
          - ubuntu-latest
          # not defaulting to macos-latest: Python <= 3.9 was missing from macos-14 @ arm64
          - macos-13
-         # Not testing Windows, because tests need Unix-only fcntl, grp, pwd, etc.
+         # Not testing Windows, because tests need Unix-only non-blocking pipes, grp, pwd, etc.
         python-version:
          # CPython <= 3.7 is EoL since 2023-06-27
          - "3.7"
@@ -54,6 +60,11 @@ jobs:
           cache-dependency-path: requirements_test.txt
           check-latest: true
           allow-prereleases: ${{ matrix.unsupported }}
+      - name: Add test utils
+        if: matrix.os == 'ubuntu-latest'
+        run: |
+          sudo systemctl mask nginx.service
+          sudo apt install nginx openssl
       - name: Install Dependencies
         run: |
           python -m pip install --upgrade pip

appveyor.yml

@@ -13,7 +13,7 @@ environment:
     #- TOXENV: run-entrypoint
     #  PYTHON: "C:\\Python38-x64"
     # Windows is not ready for testing!!!
-    # Python's fcntl, grp, pwd, os.geteuid(), and socket.AF_UNIX are all Unix-only.
+    # Python's non-blocking pipes, grp, pwd, os.geteuid(), and socket.AF_UNIX are all Unix-only.
     #- TOXENV: py35
     #  PYTHON: "C:\\Python35-x64"
     #- TOXENV: py36

gunicorn/util.py

@@ -4,7 +4,6 @@
 import ast
 import email.utils
 import errno
-import fcntl
 import html
 import importlib
 import inspect
@@ -251,14 +250,17 @@ def parse_address(netloc, default_port='8000'):
 
 
 def close_on_exec(fd):
-    flags = fcntl.fcntl(fd, fcntl.F_GETFD)
-    flags |= fcntl.FD_CLOEXEC
-    fcntl.fcntl(fd, fcntl.F_SETFD, flags)
+    # available since Python 3.4, equivalent to either:
+    # ioctl(fd, FIOCLEX)
+    # fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC)
+    os.set_inheritable(fd, False)
 
 
 def set_non_blocking(fd):
-    flags = fcntl.fcntl(fd, fcntl.F_GETFL) | os.O_NONBLOCK
-    fcntl.fcntl(fd, fcntl.F_SETFL, flags)
+    # available since Python 3.5, equivalent to either:
+    # ioctl(fd, FIONBIO)
+    # fcntl(fd, fcntl.F_SETFL, fcntl(fd, F_GETFL) | O_NONBLOCK)
+    os.set_blocking(fd, False)
 
 
 def close(sock):

gunicorn/workers/base.py

@@ -109,7 +109,7 @@ def init_process(self):
 
         # Prevent fd inheritance
         for s in self.sockets:
-            util.close_on_exec(s)
+            util.close_on_exec(s.fileno())
         util.close_on_exec(self.tmp.fileno())
 
         self.wait_fds = self.sockets + [self.PIPE[0]]

gunicorn/workers/sync.py

@@ -27,7 +27,7 @@ class SyncWorker(base.Worker):
     def accept(self, listener):
         client, addr = listener.accept()
         client.setblocking(1)
-        util.close_on_exec(client)
+        util.close_on_exec(client.fileno())
         self.handle(listener, client, addr)
 
     def wait(self, timeout):