Package: apache2 Version: 2.4.9-2 Severity: important Dear Maintainer,
Upgrading from stable (wheezy) to testing (jessie) permanently breaks certain apache2 modules. This bug has also been filed for Ubuntu: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1333388 but the Ubuntu folks suggested this should be fixed upstream so I am filing the bug report here. This report should be a bit easier to read. When stable is upgraded to testing, apache 2.2 is replaced by apache 2.4. Under apache 2.4, the default set of modules build is different to that under apache 2.2, and certain modules (e.g. mod_ident, which is the one that bit me) are not built, and are not included by default in the apache 2.4 package. Nor are they included in any other package. This is in itself a problem, because any systems relying on these modules will not survive the upgrade. Worse, though is what happens after an upgrade. I rebuilt mod_ident as a separate .deb in the hope it would work and could be contributed back: https://github.com/abligh/libapache-mod-ident However, this exposes a conffile handling issue which is hard to work around in any normal manner. The issue is as follows. When apache2.2-common is installed, it has a conffile for the .load file of the relevant module. In this instance: root@debiantest:~# dpkg-query -W -f='${Conffiles}' apache2.2-common | fgrep ident /etc/apache2/mods-available/ident.load 51ba623a8a2bd71c512f847d02e0934f When this is upgraded to jessie (using fist-upgrade), the conffile is (correctly) removed, but the record of the conffile still exists under the apache2.2-common package. During install we see: Removing apache2.2-common (2.2.22-13+deb7u1) ... (Reading database ... 14345 files and directories currently installed.) Preparing to unpack .../apache2_2.4.9-2_amd64.deb ... Moving obsolete conffile /etc/apache2/mods-available/authz_default.load out of the way... Moving obsolete conffile /etc/apache2/mods-available/authn_default.load out of the way... Moving obsolete conffile /etc/apache2/mods-available/mem_cache.load out of the way... Moving obsolete conffile /etc/apache2/mods-available/mem_cache.conf out of the way... Moving obsolete conffile /etc/apache2/mods-available/authn_alias.load out of the way... Moving obsolete conffile /etc/apache2/mods-available/cern_meta.load out of the way... Moving obsolete conffile /etc/apache2/mods-available/disk_cache.load out of the way... Moving obsolete conffile /etc/apache2/mods-available/disk_cache.conf out of the way... Moving obsolete conffile /etc/apache2/mods-available/ident.load out of the way... Moving obsolete conffile /etc/apache2/mods-available/imagemap.load out of the way... Unpacking apache2 (2.4.9-2) over (2.2.22-13+deb7u1) ... but then afterwards: root@debiantest:~# dpkg --list | fgrep apache ii apache2 2.4.9-2 amd64 Apache HTTP Server ii apache2-bin 2.4.9-2 amd64 Apache HTTP Server (binary files and modules) ii apache2-data 2.4.9-2 all Apache HTTP Server (common files) ii apache2-mpm-worker 2.4.9-2 amd64 transitional worker MPM package for apache2 ii apache2-utils 2.4.9-2 amd64 Apache HTTP Server (utility programs for web servers) ii apache2.2-bin 2.4.9-2 amd64 Transitional package for apache2-bin rc apache2.2-common 2.2.22-13+deb7u1 amd64 Apache HTTP Server common files root@debiantest:~# dpkg-query -W -f='${Conffiles}' apache2.2-common | fgrep ident /etc/apache2/mods-available/ident.load 51ba623a8a2bd71c512f847d02e0934f Now imagine you have another package which depends on mod_ident to work. It can: Depends: apache2, apache2.2-bin | libapache2-mod-ident which means it will pull in another libapache2-mod-ident module for apache 2.4 at the time of the upgrade as apache2.2-bin will be removed. However, this then won't install the conffile above as apache2.2-common owns it. Adding Replaces: Breaks: to the 2.4 module is insufficient as thought this marks apache2.2's entry for the conffile as obsolete, the .load file still doesn't get installed. Commit cb55f139c661cd345f1e1234a977f6c17b653bd1 to the version of mod_ident above works around this in a fairly disgusting manner, i.e. Replaces: Breaks:, plus copying the file in manually in the .postinst if it's not already there. In summary, the change to 2.4 makes it VERY HARD to safely upgrade from wheezy to jessie if a program relies upon the relevant modules. I can see why the auth modules might have been deprecated, but I see no reason why the ident module should have been. I would suggest: * Produce a apache2-mod-extra package containing the non-default modules (i.e. build with the 'reallyall' parameter to configure but put these extra modules in a separate package); or * Build the excised modules into separate packages; or * Reinstate these to the main package The problem with the third option is now any users of these will have worked around the problem by producing their own package, an updated version which reinstates them will break that package. The full list of modules affected is (I think): authn_alias authn_default authz_default cern_meta disk_cache ident imagemap mem_cache version -- Package-specific info: -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.13.0-29-generic (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages apache2 depends on: ii apache2-bin 2.4.9-2 ii apache2-data 2.4.9-2 ii lsb-base 4.1+Debian13 ii mime-support 3.56 ii perl 5.18.2-4 ii procps 1:3.3.9-5 Versions of packages apache2 recommends: ii ssl-cert 1.0.34 Versions of packages apache2 suggests: pn apache2-doc <none> pn apache2-suexec-pristine | apache2-suexec-custom <none> ii apache2-utils 2.4.9-2 pn www-browser <none> Versions of packages apache2-bin depends on: ii libapr1 1.5.1-2 ii libaprutil1 1.5.3-2 ii libaprutil1-dbd-sqlite3 1.5.3-2 ii libaprutil1-ldap 1.5.3-2 ii libc6 2.19-3 ii libldap-2.4-2 2.4.39-1 ii liblua5.1-0 5.1.5-5 ii libpcre3 1:8.31-5 ii libssl1.0.0 1.0.1h-3 ii libxml2 2.9.1+dfsg1-3 ii perl 5.18.2-4 ii zlib1g 1:1.2.8.dfsg-1 Versions of packages apache2-bin suggests: pn apache2-doc <none> pn apache2-suexec-pristine | apache2-suexec-custom <none> pn www-browser <none> Versions of packages apache2 is related to: ii apache2 2.4.9-2 ii apache2-bin 2.4.9-2 -- no debconf information -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140627193539.8389.94345.reportbug@debiantest
