From owner-freebsd-ports-bugs@freebsd.org Sun Jan 17 12:41:33 2021 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7BDF54E8033 for ; Sun, 17 Jan 2021 12:41:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4DJZKn2rCgz4sBf for ; Sun, 17 Jan 2021 12:41:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 5F9CB4E821E; Sun, 17 Jan 2021 12:41:33 +0000 (UTC) Delivered-To: ports-bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5F5D64E7E4E for ; Sun, 17 Jan 2021 12:41:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DJZKn29HJz4ryJ for ; Sun, 17 Jan 2021 12:41:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3DCA621A83 for ; Sun, 17 Jan 2021 12:41:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 10HCfX8E028526 for ; Sun, 17 Jan 2021 12:41:33 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 10HCfXko028525 for ports-bugs@FreeBSD.org; Sun, 17 Jan 2021 12:41:33 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 252776] security/py-certbot-apache: Looking in wrong location for Apache ssl_module Date: Sun, 17 Jan 2021 12:41:33 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: dev-freebsd@zxlab.ru X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: python@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Jan 2021 12:41:33 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D252776 Bug ID: 252776 Summary: security/py-certbot-apache: Looking in wrong location for Apache ssl_module Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: python@FreeBSD.org Reporter: dev-freebsd@zxlab.ru Flags: maintainer-feedback?(python@FreeBSD.org) Assignee: python@FreeBSD.org Certbot attempts to=C2=A0read mod_ssl.so (to=C2=A0get OpenSSL version) at= =C2=A0wrong path: attempted: /usr/local/etc/apache24/libexec/apache24/mod_ssl.so real path: /usr/local/libexec/apache24/mod_ssl.so My config in /usr/local/etc/apache24/httpd.conf: ServerRoot "/usr/local" Module ssl_module libexec/apache24/mod_ssl.so That is, the=C2=A0module appears to=C2=A0be searched relative to=C2=A0httpd= .conf =E2=80=94 that is wrong: according to=C2=A0Apache HTTP Server docs, relative paths in=C2=A0Lo= adModule directive should be resolved against ServerRoot rather than the=C2=A0topmost configuration directory. I have reported this bug to=C2=A0https://github.com/certbot/certbot/issues/= 8593 and=C2=A0the=C2=A0upstream developers concluded that the=C2=A0issue is Free= BSD-specific, caused by the=C2=A0following patch: https://svnweb.freebsd.org/ports/head/security/py-certbot-apache/Makefile ?revision=3D491714&view=3Dmarkup which runs sed -e 's|/etc/apache2|${LOCALBASE}/etc/apache24|' ${WRKSRC}/certbot_apache/configurator.py so that OS_DEFAULTS["server_root"] becomes "/usr/local/etc/apache24". In=C2=A0my understanding, this alone is=C2=A0not the=C2=A0root cause for=C2= =A0the=C2=A0problem, because that variable is only used as=C2=A0default for=C2=A0--apache-server= -root to=C2=A0find httpd.conf initially. The=C2=A0real problem, IMHO, is that this OS_DEFAULTS["server_root"] is later used instead of=C2=A0real ServerRoot specified in=C2=A0httpd.conf =E2=80=94 at=C2=A0least I=C2=A0see no=C2=A0att= empt to=C2=A0parse ServerRoot in=C2=A0certbot-apache code, but=C2=A0I=C2=A0am not very confident about th= at, as=C2=A0I=C2=A0just started familiarizing myself with=C2=A0this software. As=C2=A0an=C2=A0alternative, Certbot developers offered creating an=C2=A0ov= errides file, just like override_debian.py, so=C2=A0that no=C2=A0downstream patching is n= eeded. But, again, I see no=C2=A0way how this could fix the=C2=A0original issue. Could someone please share their experience with=C2=A0certbot-apache in=C2= =A0FreeBSD =E2=80=94 how do you configure it, and=C2=A0did you ever check that it actu= ally operates flawlessly? Because for=C2=A0me it in=C2=A0fact succeeds despite this error= , so my=C2=A0guess is that nobody just notices it. --=20 You are receiving this mail because: You are the assignee for the bug.=