Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 08 Jan 2018 16:59:14 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 225005] Apache modules are touching user modified config file httpd.conf
Message-ID:  <bug-225005-13@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D225005

            Bug ID: 225005
           Summary: Apache modules are touching user modified config file
                    httpd.conf
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Ports Framework
          Assignee: portmgr@FreeBSD.org
          Reporter: 000.fbsd@quip.cz
                CC: freebsd-ports-bugs@FreeBSD.org

There are mess in 3rd party Apache modules from ports tree. They are messing
with user edited config file httpd.conf. They use inconsistent way to
manipulate this file.
As I already wrote
https://lists.freebsd.org/pipermail/freebsd-ports/2017-October/110725.html =
some
of them uses pre-deinstall, some post-deinstall.
But the main problem is they override users settings on each pkg upgrade.
If user decided to install AND manually enable some module (for example
mod_xsendfile) this module should not modify httpd.conf on upgrade (deinsta=
ll)
because it leaves Apache in broken state after each upgrade.

I think installation of module should not enable it it-self, the same way as
services are not enabled in rc.conf on installation.
And if user did enable some module, deinstallation must not disable this mo=
dule
on upgrade.

There are tens of Apache modules in the ports tree and I think all of them =
must
use the same way of install / deinstall.

For example - mod_php71 is enabled in httpd.conf on install, removed on
deinstall.
But mod_xsendfile is added to httpd.conf commented, user uncomment this line
and then pkg upgrade (deinstall phase) will remove this line, install will =
add
it back commented out. It's a real pain to maintain Apache + modules if each
are behaving different.

The root cause partialy lies in ports/Mk/bsd.apache.mk which is responsible=
 for
manipulating httpd.conf but some ports are using own way to edit httpd.conf.


There are two ways (at least) to handle this properly:

1) do not manipulate httpd.conf in any way and just print pkg-message with
information what should be added in to httpd.conf manually be user (or we c=
an
show the right command "apxs -e -a -n php5 libphp5.so" or "apxs -e -a -n
xsendfile=20
mod_xsendfile.so" so the user can simply run one command to enable the modu=
le)

2) install *.sample file for each module in to apache24/modules.d/ and if u=
ser
decides to enable module (copy or rename mod_xsendfile.conf.sample to
mod_xsendfile.conf) then pkg upgrade / pkg delete should not touch this conf
file


How-to-reproduce:

1) install Apache 2.4
2) make a copy of directory apache24
  # cp -Rp apache24 apache24.1

3) # pkg install ap24-mod_xsendfile

4) # diff -r -u apache24.1 apache24
+#LoadModule xsendfile_module   libexec/apache24/mod_xsendfile.so

5) Manually enable this module
# sed -i '' -E 's/#(LoadModule.*mod_xsendfile.so)/\1/' apache24/httpd.conf

6) # diff -r -u apache24.1 apache24
+LoadModule xsendfile_module   libexec/apache24/mod_xsendfile.so

7) Try to upgrade it:
# pkg upgrade -f ap24-mod_xsendfile

8) Here comes the chaos, config file does not have xsendfile at all
# diff -r -u apache24.1 apache24
# grep xsendfile apache24/httpd.conf

If you use pkg delete + pkg install instead of pkg upgrade -f, then you will
have commented LoadModule (disabled xsendfile) in httpd.conf


The second example with mod_php is different, mod_php is enabled again even=
 if
user wants module installed (and then upgraded) but keep module disabled:

1) # pkg install mod_php71
2) # diff -r -u apache24.1 apache24
+LoadModule php7_module        libexec/apache24/libphp7.so

3) Manually disable the module
# sed -i '' -E 's/#?(LoadModule.*libphp7.so)/#\1/' apache24/httpd.conf

# grep php7 apache24/httpd.conf
#LoadModule php7_module        libexec/apache24/libphp7.s

4) run upgrade after some time
# pkg upgrade -f mod_php71

5) module is accidentally enabled again
# grep php7 apache24/httpd.conf
LoadModule php7_module        libexec/apache24/libphp7.so

6) and removed in deinstall
# pkg delete mod_php71

7) # grep php7 apache24/httpd.conf


If there is written policy on how to (not) handle Apache module install /
upgrade / deinstall then it should be strictly followed by all modules from
ports tree.

If policy does not exists then I think it should be created and followed be=
 all
maintainers and committers.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-225005-13>