Date: Thu, 03 Jan 2013 23:09:52 +0100 From: olli hauer <ohauer@gmx.de> To: freebsd-ports@freebsd.org Cc: Scot Hetzel <swhetzel@gmail.com>, Miroslav Lachman <000.fbsd@quip.cz> Subject: Re: What is policy about auto-editing config files on port install / deinstall? Message-ID: <50E601B0.9040008@gmx.de> In-Reply-To: <50E5FCDA.80906@quip.cz> References: <50E49A73.2070008@quip.cz> <CACdU%2Bf9WKAsLZHqHMZKtgGoBRL%2BR9do0qfTL0d_c_8_e6Tb4bw@mail.gmail.com> <50E5FCDA.80906@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2013-01-03 22:49, Miroslav Lachman wrote: > Scot Hetzel wrote: >> On Wed, Jan 2, 2013 at 2:37 PM, Miroslav Lachman<000.fbsd@quip.cz> wrote: >>> Is somewhere written policy or portmgr recommendation about ports behavior >>> on install / deinstall? >>> I am talking about some ports doing "nasty" things. >>> >>> Some ports are stopping services on deinstall, some not. >> >> I prefer that when a port is uninstalled, that the service is stopped. >> If it isn't stopped, it could pose a security risk to the system at a >> later time. > > Only if it will be optional. I am "the god in my world (my system)" and I should know better than anybody else if I need to stop the daemon at any time. > > The maintainer of any port can't know all the dependencies on my system and my workflow with updating ports. > Somebody can consider stopping (or restarting) Apache on upgrade as "good thing", but it can be just a small piece of bigger upgrade process with lot of dependencies like Apache modules, PHP, PHP extensions and libraries used by both Apache and PHP extensions. So if for example Apache is upgraded and it will made upgrade of PCRE with different library version number, then restart of Apache will fail on PHP not loading missing old PCRE library. > So the Apache should be restarted after upgrade of all the modules and libraries, not after upgrade of it self. > >> We still need to come up with a way of restarting the service after >> the upgrade. Currently, it has to be done manually to start the >> service. >> >>> Some ports are editing "my config files" on deinstall, so even on upgrade >>> procedure I must check if port did some changes before I can restart target >>> daemon. >>> >> Most ports don't edit the config files as they install the original >> config file to a different name. >> >>> For example some Apache modules (mod_bw, mod_xsendfile...) are commenting >>> out load_module lines in httpd.conf so I got syntax error on Apache restart >>> after upgrade of mentioned module and Apache failed to start. >>> >> Apache 2.x is an exception, as the installation of a Apache module >> requires apachectl to add/re-enable the module in the httpd.conf file. >> Upon deinstallation, apachectl is used to disable the module in the >> httpd.conf file. It doesn't remove the LoadModule directive, it just >> adds a '#" sign in front of it. When the port is re-installed, all >> apachectl has to do is remove the '#' sign. A restart of Apache >> should then load the module again. >> >> What errors are you getting when re-installing an Apache module? > > Apache modules are not enabled by default. I am talking about 3rd party modules. In some cases, they do nothing with httpd.conf, in other cases, they are adding commented line and I must manualy uncomment this line, so it is my will to have this module loaded / enabled. > > But upgrade or reinstall or deinstall of this module causes commenting this line out. It is undesirable. > If I enable this module and this module will be updated 10 times a year, why am I forced to re-enable it 10 times again? > > Real world example follows: > > root@spare ~/# uname -srmi > FreeBSD 8.3-RC2 amd64 GENERIC > > ___________________________________________________ > Only Apache is installed, no 3rd party modules > > root@spare ~/# pkg_info -E ap22\* apache22-\* > apache22-2.2.23_4 > > ___________________________________________________ > Copy the config file for later comparision > > root@spare ~/# cp -P /usr/local/etc/apache22/httpd.conf httpd.conf.orig > > ___________________________________________________ > Install mod_xsendfile > > root@spare ~/# portmaster www/mod_xsendfile > > ===>>> Installation of www/mod_xsendfile (ap22-mod_xsendfile-0.12_2) complete > > ___________________________________________________ > There is commented LoadModule line after install added to httpd.conf > > root@spare ~/# diff -U 2 httpd.conf.orig /usr/local/etc/apache22/httpd.conf > --- httpd.conf.orig 2013-01-03 12:56:22.000000000 +0100 > +++ /usr/local/etc/apache22/httpd.conf 2013-01-03 21:25:03.000000000 +0100 > @@ -75,4 +75,5 @@ > LoadModule rewrite_module libexec/apache22/mod_rewrite.so > LoadModule php5_module libexec/apache22/libphp5.so > +#LoadModule xsendfile_module libexec/apache22/mod_xsendfile.so > > ___________________________________________________ > I must manually uncomment the line (which is OK, I don't need to modules be auto enabled as services are not enabled in rc.conf) > > root@spare ~/# vi /usr/local/etc/apache22/httpd.conf > > LoadModule xsendfile_module libexec/apache22/mod_xsendfile.so > > ___________________________________________________ > Then I added some configuration to VirtualHost > > root@spare ~/# vi /usr/local/etc/apache22/vhosts/available/www.example.com.conf > > XSendFile on > XSendFilePath /vol0/web/test > > ___________________________________________________ > Diff shows that module is enabled > > root@spare ~/# diff -U 2 httpd.conf.orig /usr/local/etc/apache22/httpd.conf > --- httpd.conf.orig 2013-01-03 12:56:22.000000000 +0100 > +++ /usr/local/etc/apache22/httpd.conf 2013-01-03 21:26:46.000000000 +0100 > @@ -75,4 +75,5 @@ > LoadModule rewrite_module libexec/apache22/mod_rewrite.so > LoadModule php5_module libexec/apache22/libphp5.so > +LoadModule xsendfile_module libexec/apache22/mod_xsendfile.so > > ___________________________________________________ > Syntax check > > root@spare ~/# httpd -t > Syntax OK > > ___________________________________________________ > Reinstallation of the module (same as upgrading) > > root@spare ~/# portmaster ap22-mod_xsendfile-0.12_2 > > ===>>> Creating a backup package for old version ap22-mod_xsendfile-0.12_2 > ===>>> Package saved to /usr/ports/packages/portmaster-backup > > Don't forget to remove all mod_xsendfile-related directives in your httpd.conf > > ===> Installing for ap22-mod_xsendfile-0.12_2 > ===> Generating temporary packing list > ===> Checking if www/mod_xsendfile already installed > /usr/local/share/apache22/build/instdso.sh SH_LIBTOOL='/usr/local/share/apr/build-1/libtool' /usr/ports/www/mod_xsendfile/work/mod_xsendfile-0.12/mod_xsendfile.la /usr/local/libexec/apache22 > /usr/local/share/apr/build-1/libtool --mode=install cp /usr/ports/www/mod_xsendfile/work/mod_xsendfile-0.12/mod_xsendfile.la /usr/local/libexec/apache22/ > libtool: install: cp /usr/ports/www/mod_xsendfile/work/mod_xsendfile-0.12/.libs/mod_xsendfile.so /usr/local/libexec/apache22/mod_xsendfile.so > libtool: install: cp /usr/ports/www/mod_xsendfile/work/mod_xsendfile-0.12/.libs/mod_xsendfile.lai /usr/local/libexec/apache22/mod_xsendfile.la > libtool: install: cp /usr/ports/www/mod_xsendfile/work/mod_xsendfile-0.12/.libs/mod_xsendfile.a /usr/local/libexec/apache22/mod_xsendfile.a > libtool: install: chmod 644 /usr/local/libexec/apache22/mod_xsendfile.a > libtool: install: ranlib /usr/local/libexec/apache22/mod_xsendfile.a > chmod 755 /usr/local/libexec/apache22/mod_xsendfile.so > [preparing module `xsendfile' in /usr/local/etc/apache22/httpd.conf] > ===> Registering installation for ap22-mod_xsendfile-0.12_2 > > ===>>> Creating a package for new version ap22-mod_xsendfile-0.12_2 > ===>>> Package saved to /usr/ports/packages/All > > ===>>> Re-installation of ap22-mod_xsendfile-0.12_2 complete > > > ___________________________________________________ > And there is a problem - syntax error, because module was disabled (commented out on deinstall) and some directives remained in VirtualHost definition - Apache will not start! > > root@spare ~/# httpd -t > Syntax error on line 57 of /usr/local/etc/apache22/vhosts/available/www.example.com.conf: > Invalid command 'XSendFile', perhaps misspelled or defined by a module not included in the server configuration > > ___________________________________________________ > Diff shows commented out line > > root@spare ~/# diff -U 2 httpd.conf.orig /usr/local/etc/apache22/httpd.conf > --- httpd.conf.orig 2013-01-03 12:56:22.000000000 +0100 > +++ /usr/local/etc/apache22/httpd.conf 2013-01-03 21:32:26.000000000 +0100 > @@ -75,4 +75,5 @@ > LoadModule rewrite_module libexec/apache22/mod_rewrite.so > LoadModule php5_module libexec/apache22/libphp5.so > +#LoadModule xsendfile_module libexec/apache22/mod_xsendfile.so > > ___________________________________________________ > > I think this behavior is wrong. > > Why am I forced to manualy re-enable all 3rd party modules on each upgrade? > > Modules should not disable something that is explicitly enabled by user / system administrator. > > > Miroslav Lachman > > PS: I know about deinstall message "Don't forget to remove all mod_xsendfile-related directives in your httpd.conf" but it can be considered as maintainer's "joke" in case of module upgrade The point is at the moment the port is uninstalled the port has no knowledge about the reason (uninstall permanent / reinstall / upgrade ) so the assumption is permanent. What I really don't get is users complaining about critical machines, special workflow and then thy do builds on that *critical* system with a script that can be interrupted by < fill in several reasons >. Have you ever thought about a tinderbox, poudriere or simmilar which builds customized packages all the time in a clean environment? If the build is finished you have all the sort of buildlogs and can do an package upgrade in seconds on a prod machine ( it takes me 10min to update a hand full of machines ). After the upgrade all I have to do is for services like apache an "svn diff" and maybe an "svn revert httpd.conf" then fire my daemon_restart scrip and go to the next machine. Sample restart script for local services. http://people.freebsd.org/~ohauer/scripts/daemon_status
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50E601B0.9040008>