[Bug 235572] www/mod_cloudflare: LoadModule line removed during pkg upgrade
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Feb 7 11:21:07 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235572
Bug ID: 235572
Summary: www/mod_cloudflare: LoadModule line removed during pkg
upgrade
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: joneum at FreeBSD.org
Reporter: jdc at koitsu.org
Assignee: joneum at FreeBSD.org
Flags: maintainer-feedback?(joneum at FreeBSD.org)
Description:
Any time the www/mod_cloudflare port/pkg is upgraded via "pkg upgrade",
httpd.conf is modified incorrectly -- the LoadModule module_cloudflare line
goes completely missing from the config.
In other words: something about the pkg upgrade (deinstall old/install new)
process is modifying httpd.conf and being naughty.
I've seen this at least twice now, but most recently today when upgrading from
ap24-mod_cloudflare-0.0.2016.6.0 to ap24-mod_cloudflare-2016.10.0.
Impact:
This has dire consequences for servers behind CloudFlare, as Apache logs and
relevant Apache-level access rules suddenly stop working because the module is
no longer loaded thus $REMOTE_ADDR and related internal Apache bits show
CloudFlare's servers, not the real client IP.
I do not have this problem with other pkg'd Apache modules (ex. mod_php72) (see
below).
Reproduction:
1. sudo pkg install ap24-mod_cloudflare-0.0.2016.6.0
2. Make sure the proper LoadModule line for module_cloudflare is enabled
(present and uncommented) in httpd.conf.
3. sudo pkg update
4. sudo pkg upgrade (should show ap24-mod_cloudflare-2016.10.0, pick yes,
etc.)
5. Find httpd.conf to be missing the LoadModule line
Debugging:
I dug into this minimally and found the following:
$ pkg info -R ap24-mod_cloudflare-2016.10.0
...
scripts {
post-install = "/usr/local/sbin/apxs -e -A -n cloudflare
/usr/local/libexec/apache24/mod_cloudflare.so";
post-deinstall = <<EOD
/usr/bin/sed -i '' -E '/LoadModule[[:blank:]]+cloudflare_module/d'
/usr/local/etc/apache24/httpd.conf
echo "Don't forget to remove all mod_cloudflare-related directives in your
httpd.conf"
EOD;
}
Note:
1. post-install using apxs -A, not -a (see below)
2. post-deinstall deletes the LoadModule line from httpd.conf via a sed inline
modify
apxs -a and -A flags:
-a This activates the module by automatically adding a
corresponding LoadModule line to Apache's httpd.conf
configuration file, or by enabling it if it already exists.
-A Same as option -a but the created LoadModule directive is
prefixed with a hash sign (#), i.e., the module is just prepared
for later activation but initially disabled.
Compare this to mod_php72, which has:
scripts {
post-install = "/usr/local/sbin/apxs -e -a -n php7 libphp7.so";
pre-deinstall = "/usr/local/sbin/apxs -e -A -n php7 libphp7.so";
}
Note:
1. post-install is using apxs -a (not -A) to activate the module
2. pre-deinstall is used, not post-deinstall
3. pre-deinstall is using apxs -A (to deactivate the module/comment out the
line in httpd.conf)
Workaround:
As a kludge/hack to to catch and deal with this problem, I've been using the
following in a separate file in /usr/local/etc/apache24/Includes:
<IfModule !cloudflare_module>
LoadModule cloudflare_module libexec/apache24/mod_cloudflare.so
</IfModule>
Solution:
Strongly suggest using the same method that mod_php72 uses. AP_FAST_BUILD and
AP_GENPLIST are probably involved, but I do not understand why this particular
port behaves so incorrectly on deinstall/reinstall.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list