What is policy about auto-editing config files on port install / deinstall?

Miroslav Lachman 000.fbsd at quip.cz
Thu Jan 3 21:49:24 UTC 2013 

Scot Hetzel wrote:
> On Wed, Jan 2, 2013 at 2:37 PM, Miroslav Lachman<000.fbsd at quip.cz>  wrote:
>> Is somewhere written policy or portmgr recommendation about ports behavior
>> on install / deinstall?
>> I am talking about some ports doing "nasty" things.
>>
>> Some ports are stopping services on deinstall, some not.
>
> I prefer that when a port is uninstalled, that the service is stopped.
> If it isn't stopped, it could pose a security risk to the system at a
> later time.

Only if it will be optional. I am "the god in my world (my system)" and 
I should know better than anybody else if I need to stop the daemon at 
any time.

The maintainer of any port can't know all the dependencies on my system 
and my workflow with updating ports.
Somebody can consider stopping (or restarting) Apache on upgrade as 
"good thing", but it can be just a small piece of bigger upgrade process 
with lot of dependencies like Apache modules, PHP, PHP extensions and 
libraries used by both Apache and PHP extensions. So if for example 
Apache is upgraded and it will made upgrade of PCRE with different 
library version number, then restart of Apache will fail on PHP not 
loading missing old PCRE library.
So the Apache should be restarted after upgrade of all the modules and 
libraries, not after upgrade of it self.

> We still need to come up with a way of restarting the service after
> the upgrade.  Currently, it has to be done manually to start the
> service.
>
>> Some ports are editing "my config files" on deinstall, so even on upgrade
>> procedure I must check if port did some changes before I can restart target
>> daemon.
>>
> Most ports don't edit the config files as they install the original
> config file to a different name.
>
>> For example some Apache modules (mod_bw, mod_xsendfile...) are commenting
>> out load_module lines in httpd.conf so I got syntax error on Apache restart
>> after upgrade of mentioned module and Apache failed to start.
>>
> Apache 2.x is an exception, as the installation of a Apache module
> requires apachectl to add/re-enable the module in the httpd.conf file.
>   Upon deinstallation, apachectl is used to disable the module in the
> httpd.conf file.  It doesn't remove the LoadModule directive, it just
> adds a '#" sign in front of it.  When the port is re-installed, all
> apachectl has to do is remove the '#' sign.  A restart of Apache
> should then load the module again.
>
> What errors are you getting when re-installing an Apache module?

Apache modules are not enabled by default. I am talking about 3rd party 
modules. In some cases, they do nothing with httpd.conf, in other cases, 
they are adding commented line and I must manualy uncomment this line, 
so it is my will to have this module loaded / enabled.

But upgrade or reinstall or deinstall of this module causes commenting 
this line out. It is undesirable.
If I enable this module and this module will be updated 10 times a year, 
why am I forced to re-enable it 10 times again?

Real world example follows:

root at spare ~/# uname -srmi
FreeBSD 8.3-RC2 amd64 GENERIC

___________________________________________________
Only Apache is installed, no 3rd party modules

root at spare ~/# pkg_info -E ap22\* apache22-\*
apache22-2.2.23_4

___________________________________________________
Copy the config file for later comparision

root at spare ~/# cp -P /usr/local/etc/apache22/httpd.conf httpd.conf.orig

___________________________________________________
Install mod_xsendfile

root at spare ~/# portmaster www/mod_xsendfile

===>>> Installation of www/mod_xsendfile (ap22-mod_xsendfile-0.12_2) 
complete

___________________________________________________
There is commented LoadModule line after install added to httpd.conf

root at spare ~/# diff -U 2 httpd.conf.orig /usr/local/etc/apache22/httpd.conf
--- httpd.conf.orig     2013-01-03 12:56:22.000000000 +0100
+++ /usr/local/etc/apache22/httpd.conf  2013-01-03 21:25:03.000000000 +0100
@@ -75,4 +75,5 @@
  LoadModule rewrite_module libexec/apache22/mod_rewrite.so
  LoadModule php5_module        libexec/apache22/libphp5.so
+#LoadModule xsendfile_module   libexec/apache22/mod_xsendfile.so

___________________________________________________
I must manually uncomment the line (which is OK, I don't need to modules 
be auto enabled as services are not enabled in rc.conf)

root at spare ~/# vi /usr/local/etc/apache22/httpd.conf

LoadModule xsendfile_module   libexec/apache22/mod_xsendfile.so

___________________________________________________
Then I added some configuration to VirtualHost

root at spare ~/# vi 
/usr/local/etc/apache22/vhosts/available/www.example.com.conf

     XSendFile  on
     XSendFilePath      /vol0/web/test

___________________________________________________
Diff shows that module is enabled

root at spare ~/# diff -U 2 httpd.conf.orig /usr/local/etc/apache22/httpd.conf
--- httpd.conf.orig     2013-01-03 12:56:22.000000000 +0100
+++ /usr/local/etc/apache22/httpd.conf  2013-01-03 21:26:46.000000000 +0100
@@ -75,4 +75,5 @@
  LoadModule rewrite_module libexec/apache22/mod_rewrite.so
  LoadModule php5_module        libexec/apache22/libphp5.so
+LoadModule xsendfile_module   libexec/apache22/mod_xsendfile.so

___________________________________________________
Syntax check

root at spare ~/# httpd -t
Syntax OK

___________________________________________________
Reinstallation of the module (same as upgrading)

root at spare ~/# portmaster ap22-mod_xsendfile-0.12_2

===>>> Creating a backup package for old version ap22-mod_xsendfile-0.12_2
         ===>>> Package saved to /usr/ports/packages/portmaster-backup

Don't forget to remove all mod_xsendfile-related directives in your 
httpd.conf

===>  Installing for ap22-mod_xsendfile-0.12_2
===>   Generating temporary packing list
===>  Checking if www/mod_xsendfile already installed
/usr/local/share/apache22/build/instdso.sh 
SH_LIBTOOL='/usr/local/share/apr/build-1/libtool' 
/usr/ports/www/mod_xsendfile/work/mod_xsendfile-0.12/mod_xsendfile.la 
/usr/local/libexec/apache22
/usr/local/share/apr/build-1/libtool --mode=install cp 
/usr/ports/www/mod_xsendfile/work/mod_xsendfile-0.12/mod_xsendfile.la 
/usr/local/libexec/apache22/
libtool: install: cp 
/usr/ports/www/mod_xsendfile/work/mod_xsendfile-0.12/.libs/mod_xsendfile.so 
/usr/local/libexec/apache22/mod_xsendfile.so
libtool: install: cp 
/usr/ports/www/mod_xsendfile/work/mod_xsendfile-0.12/.libs/mod_xsendfile.lai 
/usr/local/libexec/apache22/mod_xsendfile.la
libtool: install: cp 
/usr/ports/www/mod_xsendfile/work/mod_xsendfile-0.12/.libs/mod_xsendfile.a 
/usr/local/libexec/apache22/mod_xsendfile.a
libtool: install: chmod 644 /usr/local/libexec/apache22/mod_xsendfile.a
libtool: install: ranlib /usr/local/libexec/apache22/mod_xsendfile.a
chmod 755 /usr/local/libexec/apache22/mod_xsendfile.so
[preparing module `xsendfile' in /usr/local/etc/apache22/httpd.conf]
===>   Registering installation for ap22-mod_xsendfile-0.12_2

===>>> Creating a package for new version ap22-mod_xsendfile-0.12_2
         ===>>> Package saved to /usr/ports/packages/All

===>>> Re-installation of ap22-mod_xsendfile-0.12_2 complete


___________________________________________________
And there is a problem - syntax error, because module was disabled 
(commented out on deinstall) and some directives remained in VirtualHost 
definition - Apache will not start!

root at spare ~/# httpd -t
Syntax error on line 57 of 
/usr/local/etc/apache22/vhosts/available/www.example.com.conf:
Invalid command 'XSendFile', perhaps misspelled or defined by a module 
not included in the server configuration

___________________________________________________
Diff shows commented out line

root at spare ~/# diff -U 2 httpd.conf.orig /usr/local/etc/apache22/httpd.conf
--- httpd.conf.orig     2013-01-03 12:56:22.000000000 +0100
+++ /usr/local/etc/apache22/httpd.conf  2013-01-03 21:32:26.000000000 +0100
@@ -75,4 +75,5 @@
  LoadModule rewrite_module libexec/apache22/mod_rewrite.so
  LoadModule php5_module        libexec/apache22/libphp5.so
+#LoadModule xsendfile_module   libexec/apache22/mod_xsendfile.so

___________________________________________________

I think this behavior is wrong.

Why am I forced to manualy re-enable all 3rd party modules on each upgrade?

Modules should not disable something that is explicitly enabled by user 
/ system administrator.


Miroslav Lachman

PS: I know about deinstall message "Don't forget to remove all 
mod_xsendfile-related directives in your httpd.conf" but it can be 
considered as maintainer's "joke" in case of module upgrade

More information about the freebsd-ports mailing list