Date: Mon, 2 Jun 2014 12:25:17 -0500 From: Mark Felder <feld@FreeBSD.org> To: freebsd-apache@freebsd.org Subject: Mass cleansing of Apache module POLA violations Message-ID: <cc98dc4842b81154e98740ffb43d60bc@mail.feld.me>
index | next in thread | raw e-mail
Hi all, Thanks for maintaining Apache and friends. I have a request. With my sysadmin hat on, I find maintaining Apache on FreeBSD to be the most frustrating Apache experience on the planet. Some Apache modules insert LoadModule into your httpd.conf automatically, some insert with it commented out (#LoadModule), and some tell you in pkg-message what you need to do to activate the module. The inconsistency here is embarrassing. Can we please stop trying to outsmart the sysadmin? - I do *NOT* want every installed Apache module automatically activated on every server. That's bloat and potential security hole. I might not actually need it activated. - I do *NOT* want pkg automatically manipulating my httpd.conf. It puts entries in the wrong spot, sometimes under custom comment sections where other LoadModules live. - I do *NOT* want pkg and Apache to outsmart me and break my systems. - I *do* want kind, helpful instructions in pkg-message or perhaps samples that aren't loaded by default waiting for me in %%ETCDIR%%/modules.d/ As of today you can expect the following: Upgrade or reinstall mod_perl. Restart Apache. Your Apache is broken. Why, you ask? Because mod_perl installs this: #LoadModule perl_module libexec/apache22/mod_perl.so And helpfully *DELETES* my uncommented version of the line upon deinstall for upgrade, and re-inserts it commented again! There are several other offenders like this; I do not have a complete list. But the point is: this behavior makes it impossible to reliably administer large numbers of servers. Why should I have to deploy updates and then fix my httpd.conf every single time? This is just bizarre behavior. A port or package should never automatically modify a production configuration file. Let the sysadmin handle the insertion or removal of configuration. If we can come up with a standardized mechanism I will *gladly* assist in testing and fixing all ... 101 or so Apache modules so we have some sort of consistency here. Thank you for your time.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cc98dc4842b81154e98740ffb43d60bc>