Date: Mon, 2 Jun 2014 12:25:17 -0500 From: Mark Felder <feld@FreeBSD.org> To: freebsd-apache@freebsd.org Subject: Mass cleansing of Apache module POLA violations Message-ID: <cc98dc4842b81154e98740ffb43d60bc@mail.feld.me>
index | next in thread | raw e-mail
Hi all, Thanks for maintaining Apache and friends. I have a request. With my sysadmin hat on, I find maintaining Apache on FreeBSD to be the most frustrating Apache experience on the planet. Some Apache modules insert LoadModule into your httpd.conf automatically, some insert with it commented out (#LoadModule), and some tell you in pkg-message what you need to do to activate the module. The inconsistency here is embarrassing. Can we please stop trying to outsmart the sysadmin? - I do *NOT* want every installed Apache module automatically activated on every server. That's bloat and potential security hole. I might not actually need it activated. - I do *NOT* want pkg automatically manipulating my httpd.conf. It puts entries in the wrong spot, sometimes under custom comment sections where other LoadModules live. - I do *NOT* want pkg and Apache to outsmart me and break my systems. - I *do* want kind, helpful instructions in pkg-message or perhaps samples that aren't loaded by default waiting for me in %%ETCDIR%%/modules.d/ As of today you can expect the following: Upgrade or reinstall mod_perl. Restart Apache. Your Apache is broken. Why, you ask? Because mod_perl installs this: #LoadModule perl_module libexec/apache22/mod_perl.so And helpfully *DELETES* my uncommented version of the line upon deinstall for upgrade, and re-inserts it commented again! There are several other offenders like this; I do not have a complete list. But the point is: this behavior makes it impossible to reliably administer large numbers of servers. Why should I have to deploy updates and then fix my httpd.conf every single time? This is just bizarre behavior. A port or package should never automatically modify a production configuration file. Let the sysadmin handle the insertion or removal of configuration. If we can come up with a standardized mechanism I will *gladly* assist in testing and fixing all ... 101 or so Apache modules so we have some sort of consistency here. Thank you for your time.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cc98dc4842b81154e98740ffb43d60bc>