Re: Resolving apr dependencies while generating httpd rpm build compiled from source
Hi, Further to my previous mail, I have generated apr rpm build and successfully installed after installing the dependency packages (autoconf, libtool, doxygen). After this I tried installing apr-util 1.5.3 version and it has the following dependencies, [root@localhost apr-util]# rpmbuild -ba apr-util.spec error: Failed build dependencies: libuuid-devel is needed by apr-util-1.5.3-1.i386 postgresql-devel is needed by apr-util-1.5.3-1.i386 mysql-devel is needed by apr-util-1.5.3-1.i386 sqlite-devel = 3.0.0 is needed by apr-util-1.5.3-1.i386 freetds-devel is needed by apr-util-1.5.3-1.i386 unixODBC-devel is needed by apr-util-1.5.3-1.i386 nss-devel is needed by apr-util-1.5.3-1.i386 I just commented out all the above dependencies and this time I am getting segmentation fault while doing rpmbuild as below, make[1]: Leaving directory `/usr/src/redhat/BUILD/apr-util-1.5.3/test' + make check teststatus=0; \ progfailed=; \ for prog in dbd testall; do \ if test $prog = 'dbd'; then \ for driver in none ; do \ if test $driver != 'none'; then \ LD_LIBRARY_PATH=`echo ../crypto/.libs:../dbm/.libs:../dbd/.libs:../ldap/.libs:$LD_LIBRARY_PATH | sed -e 's/::*$//'` \ ./$prog $driver; \ status=$?; \ if test $status != 0; then \ teststatus=$status; \ progfailed=$progfailed '$prog $driver'; \ fi; \ fi; \ done; \ else \ LD_LIBRARY_PATH=`echo ../crypto/.libs:../dbm/.libs:../dbd/.libs:../ldap/.libs:$LD_LIBRARY_PATH | sed -e 's/::*$//'` \ ./$prog; \ status=$?; \ if test $status != 0; then \ teststatus=$status; \ progfailed=$progfailed $prog; \ fi; \ fi; \ done; \ if test $teststatus != 0; then \ echo Programs failed:$progfailed; \ fi; \ exit $teststatus teststrmatch: SUCCESS testuri : SUCCESS testuuid: SUCCESS testbuckets : SUCCESS testpass: SUCCESS testmd4 : SUCCESS testmd5 : SUCCESS testcrypto : SUCCESS testldap: SUCCESS testdbd : SUCCESS testdate: SUCCESS testmemcache: SUCCESS testxml : |/bin/sh: line 1: 7518 Segmentation fault LD_LIBRARY_PATH=`echo ../crypto/.libs:../dbm/.libs:../dbd/.libs:../ldap/.libs:$LD_LIBRARY_PATH | sed -e 's/::*$//'` ./$prog Programs failed: testall make: *** [check] Error 139 + exit 1 error: Bad exit status from /var/tmp/rpm-tmp.90029 (%check) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.90029 (%check) [root@localhost apr-util]# Please let me know what is wrong here. To avoid these issues, I tried to make use of bundled apr and apr-util. But I don't know the exact steps to make use of those. Regards, Venkatesh On Mon, Mar 3, 2014 at 10:20 AM, Venkatesh Prabu Narayanan venkateshprab...@gmail.com wrote: @Reindl Harald, If I remove that apr files from 'BuildPrereq', it is still showing some 'undeclared errors' related to apr-util modules. @Graham, In the httpd SPEC file, I could see this line in %build section, #forcibly prevent use of bundled apr, apr-util, pcre rm -rf srclib/{apr,apr-util,pcre} So it seems I can't make use of the bundled apr and apr-util sources. From SPEC file, it seems httpd needs apr = 1.4.2, apr-util = 1.3.10. So I tried compiling apr from this link, http://archive.apache.org/dist/apr/and it is failing with this error, [root@localhost apr]# rpmbuild -tb apr-1.4.2.tar.bz2 error: Failed build dependencies: autoconf is needed by apr-1.4.2-1.i386 libtool is needed by apr-1.4.2-1.i386 doxygen is needed by apr-1.4.2-1.i386 FYI, My SPEC file configure section has these lines, --with-apr=/usr/bin/apr-1-config --with-apr-util=/usr/bin/apu-1-config I am trying all these for my linux OS RHEL 4. Please note that OS upgrade is not an option as of now. Please let me know how to fix these errors. Regards, Venkatesh On Sun, Mar 2, 2014 at 6:32 PM, Graham Leggett minf...@sharp.fm wrote: On 2 Mar 2014, at 07:00, Venkatesh Prabu Narayanan venkateshprab...@gmail.com wrote: I am new to this list. I am trying to compile httpd 2.2.24 rpm build from source tar ball and it is failing with apr, apr-util dependencies. [root@localhost httpd]# rpmbuild -ba httpd-2.2.24.spec error: Failed build dependencies: /usr/bin/apr-1-config is needed by httpd-2.2.24-1.i386 /usr/bin/apu-1-config is needed by httpd-2.2.24-1.i386 I don't want to install apr, apr-util using externally compiled one. Instead I want to use the inbuilt source
Re: Resolving apr dependencies while generating httpd rpm build compiled from source
On 3 Mar 2014, at 08:05, Venkatesh Prabu Narayanan venkateshprab...@gmail.com wrote: Further to my previous mail, I have generated apr rpm build and successfully installed after installing the dependency packages (autoconf, libtool, doxygen). After this I tried installing apr-util 1.5.3 version and it has the following dependencies, [root@localhost apr-util]# rpmbuild -ba apr-util.spec error: Failed build dependencies: libuuid-devel is needed by apr-util-1.5.3-1.i386 postgresql-devel is needed by apr-util-1.5.3-1.i386 mysql-devel is needed by apr-util-1.5.3-1.i386 sqlite-devel = 3.0.0 is needed by apr-util-1.5.3-1.i386 freetds-devel is needed by apr-util-1.5.3-1.i386 unixODBC-devel is needed by apr-util-1.5.3-1.i386 nss-devel is needed by apr-util-1.5.3-1.i386 I just commented out all the above dependencies and this time I am getting segmentation fault while doing rpmbuild as below, Don't comment out the dependencies, install them with yum install. Regards, Graham --
Re: Resolving apr dependencies while generating httpd rpm build compiled from source
@Graham, Most of these dependencies are not available for RHEL 4 via yum and that is why I have commented it out. Meanwhile I get apr-util to work with this below package even after commenting out the devel dependencies from cent OS, http://vault.centos.org/6.5/os/Source/SPackages/apr-util-1.3.9-3.el6_0.1.src.rpm I have already compiled apr of version 1.4.8 and now I have created apr-util of version 1.3.9. Now I can create httpd rpm of version 2.2.24 using these create rpms. Going to test installing them.. Do you think it is good to proceed with this ? Or Do you want me to try using latest apr-util ? Thanks, Venkatesh On Mon, Mar 3, 2014 at 2:28 PM, Graham Leggett minf...@sharp.fm wrote: On 3 Mar 2014, at 08:05, Venkatesh Prabu Narayanan venkateshprab...@gmail.com wrote: Further to my previous mail, I have generated apr rpm build and successfully installed after installing the dependency packages (autoconf, libtool, doxygen). After this I tried installing apr-util 1.5.3 version and it has the following dependencies, [root@localhost apr-util]# rpmbuild -ba apr-util.spec error: Failed build dependencies: libuuid-devel is needed by apr-util-1.5.3-1.i386 postgresql-devel is needed by apr-util-1.5.3-1.i386 mysql-devel is needed by apr-util-1.5.3-1.i386 sqlite-devel = 3.0.0 is needed by apr-util-1.5.3-1.i386 freetds-devel is needed by apr-util-1.5.3-1.i386 unixODBC-devel is needed by apr-util-1.5.3-1.i386 nss-devel is needed by apr-util-1.5.3-1.i386 I just commented out all the above dependencies and this time I am getting segmentation fault while doing rpmbuild as below, Don't comment out the dependencies, install them with yum install. Regards, Graham -- -- Thanks and Regards N.Venkatesh Prabu
Re: Resolving apr dependencies while generating httpd rpm build compiled from source
Am 03.03.2014 09:05, schrieb Venkatesh Prabu Narayanan: Further to my previous mail, I have generated apr rpm build and successfully installed after installing the dependency packages (autoconf, libtool, doxygen). After this I tried installing apr-util 1.5.3 version and it has the following dependencies, [root@localhost apr-util]# rpmbuild -ba apr-util.spec error: Failed build dependencies: libuuid-devel is needed by apr-util-1.5.3-1.i386 postgresql-devel is needed by apr-util-1.5.3-1.i386 mysql-devel is needed by apr-util-1.5.3-1.i386 sqlite-devel = 3.0.0 is needed by apr-util-1.5.3-1.i386 freetds-devel is needed by apr-util-1.5.3-1.i386 unixODBC-devel is needed by apr-util-1.5.3-1.i386 nss-devel is needed by apr-util-1.5.3-1.i386 I just commented out all the above dependencies stop this, you have no clue what are you doing and that thread belongs not to http-ddevl at all - really @Reindl Harald, If I remove that apr files from 'BuildPrereq', it is still showing some 'undeclared errors' related to apr-util modules the intention to remove the build-deps in httpd.spec was for the case you manage build both from the httpd-source if that is not possible you just need the build dependencies because APR is *mandatory* and not optional signature.asc Description: OpenPGP digital signature
Re: Resolving apr dependencies while generating httpd rpm build compiled from source
Am 03.03.2014 11:07, schrieb Venkatesh Prabu Narayanan: @Graham, Most of these dependencies are not available for RHEL 4 via yum why do you waste others time not stating at the begin that you are use a unsupported and outdated OS? you can't have recent software on such a system so please stop waste others time especially on devel-lists End of Production 3 (End of Production Phase) February 29, 2012 signature.asc Description: OpenPGP digital signature
Re: Resolving apr dependencies while generating httpd rpm build compiled from source
On 3 Mar 2014, at 10:07, Venkatesh Prabu Narayanan venkateshprab...@gmail.com wrote: Most of these dependencies are not available for RHEL 4 via yum and that is why I have commented it out. If you comment out a dependency, you need to comment out the parameter to ./configure that enables that dependency, and then if necessary comment out the files generated by that dependency that will no longer be included. Regards, Graham --
Re: Resolving apr dependencies while generating httpd rpm build compiled from source
@Reindl, why do you waste others time not stating at the begin that you are use a unsupported and outdated OS? you can't have recent software on such a system so please stop waste others time especially on devel-lists End of Production 3 (End of Production Phase) February 29, 2012 In my second thread itself I have mentioned my OS. Please read this, *I am trying all these for my linux OS RHEL 4. Please note that OS upgrade is not an option as of now* Also to avoid such issues with apr and apr-util I tried make use of bundled source with this option '--with-included-apr'. But still not working atleast for me. Also I didn't find any link stating the reason why default bundled sources are not encouraged to use. I have already discussed this thread with 'users' list. As I didn't get response from users list, I have posted to 'dev' list. @Graham, Thanks for your comment. I have already removed the same in 'Require' and '%files' section. I will also try removing the same from configure section. Thanks, Venkatesh On Mon, Mar 3, 2014 at 4:05 PM, Graham Leggett minf...@sharp.fm wrote: On 3 Mar 2014, at 10:07, Venkatesh Prabu Narayanan venkateshprab...@gmail.com wrote: Most of these dependencies are not available for RHEL 4 via yum and that is why I have commented it out. If you comment out a dependency, you need to comment out the parameter to ./configure that enables that dependency, and then if necessary comment out the files generated by that dependency that will no longer be included. Regards, Graham -- -- Thanks and Regards N.Venkatesh Prabu
mod_proxy: ProxyPass, Location and regex check
I try to get 1 Location /?*[]/ 2 ProxyPass http://backend/?*[]/; 3 ProxyPassReverse http://backend/?*[]/; 4 /Location to work and get the error message AH00526: Syntax error on line 2 of ...: Regular expression could not be compiled. I guess that /?*[]/ is a valid location, right? So it should work, I guess. In mod_proxy.c, add_pass(), there is this snippet to detect a regex in the location (f is cmd-path, which is the location): if (cmd-path) { [...] if (apr_fnmatch_test(f)) { use_regex = 1; } } And later: if (use_regex) { new-regex = ap_pregcomp(cmd-pool, f, AP_REG_EXTENDED); if (new-regex == NULL) return Regular expression could not be compiled.; [...] } I think the reason for this is to handle a regex in a location correctly (either LocationMatch ... or Location ~ ...). Why is apr_fnmatch_test() used to recognize a regex? It only checks for *, ? and [] pairs (the comment of apr_fnmatch_test() is misleading: Determine if the given pattern is a regular expression.). Is there a better way to check the location for a regex? I don't think so because I can configure a valid non-regex location that looks exactly like a regex. Maybe expand struct cmd_parms_struct by a flag that marks path as a regex? Then you wouldn't have to guess. Thoughts? Maybe I'm understanding something wrong?
Re: 2.4.8 This Month
Anyone else willing/able to cast some STATUS votes? On Feb 4, 2014, at 8:58 AM, Jim Jagielski j...@jagunet.com wrote: I'd like to TR and release 2.4.8 this month... Let's all take some time to: 1. See what in trunk should really be backported 2. Test and vote in STATUS backports Let's get people excited again about Apache httpd!
Re: Adding AddHandler support for mod_proxy
From what I can see, it's pretty useful and I'm not detecting any errors or issues which would cause a regression. Final testing will be done by COB today but I expect to fold it into trunk, while adding some doc info. On Feb 27, 2014, at 12:19 PM, ryo takatsuki ryotakats...@gmail.com wrote: Thx for the patch! Let me take a look... I'm assuming that there's no real work-around other than the patch itself, right? If there is, we could not find it :) We have been searching for months and trying different approaches. This is required to work with out of the box installation of many apps without requiring them to modify their htaccess files. Thanks for looking into it! 2014-02-27 14:24 GMT+01:00 Jim Jagielski j...@jagunet.com: Thx for the patch! Let me take a look... I'm assuming that there's no real work-around other than the patch itself, right? On Feb 26, 2014, at 1:47 PM, ryo takatsuki ryotakats...@gmail.com wrote: Hi all, Any other comments about the patch? I believe it is simple enough and could ease the migration from mod_php to PHP-FPM (and make use of the new event mode) with minimal changes to the default configurations. Could you consider adding it? Pretty please :) To give more background, at Bitnami we have 800.000+ monthly *new* installs just for Apache + PHP environments, a growing number of them in the cloud. We have daily requests for switching to nginx as the default, but we believe Apache 2.4 event MPM + PHP-FPM to be equivalent in terms of performance and you get all the other goodness of Apache. This is a small change that would make the transition to the event MPM on our side significantly easier (long story) Best regards, Juanjo. 2014-02-18 15:46 GMT+01:00 ryo takatsuki ryotakats...@gmail.com: AddHandler might be tricky from security point of view, eg. most of cms software usually checks only for last extension before writing uploaded files, but this AddHandler will also pass test.php.jpeg to php which might execute this Yes, It would be probably safer to use something like: FilesMatch \.php$ SetHandler proxy:unix:/path/to/app.sock|fcgi://localhost/ /FilesMatch 2014-02-17 0:11 GMT+01:00 Lazy lazy...@gmail.com: 2014-02-06 ryo takatsuki ryotakats...@gmail.com: Hi, I have an improvement request to suggest but I would like to first provide some background to justify it, I apologise for the long email :). I'm actively using mod_proxy to forward PHP files requests to PHP-FPM. My current approach is to use a RewriteRule with the 'P' flag because (in most of the cases) it plays nicely with other rules configured by the applications I'm configuring, as well as allowing per-Directory configurations. To make it properly work I must assure the proxy RewriteRule must be the latest one to be evaluated. The problem is that from time to time I encounter corner cases in which the rules previously executed include a [L] option that abort the next rules evaluation, skipping the proxy one, making Apache serve the PHP text as plain text. This can be solved by tweaking the rules but it is a tedious process and is hard to determine all the scenarios in which the rewrites could go wrong. IMHO this is a good idea, a handler is more compatible with .htacess files created for mod_php and it fits shared hosting env Thinking about my goal with all of this was at the beginning, I realised I only wanted a way of configuring a handler for all my PHP files, that in this case is PHP-FPM, without having to worry about what happens before the resource is going to be served. This made my think about the possibility of adding this functionality to mod_proxy itself, allowing defining a proxy worker as a handler for certain types of files. Something like: AddHandler proxy:unix:/path/to/app.sock|fcgi://localhost/ .php AddHandler might be tricky from security point of view, eg. most of cms software usually checks only for last extension before writing uploaded files, but this AddHandler will also pass test.php.jpeg to php which might execute this I made a quick POC, it is a really small change and for those in my situation it could really simplify the configuration of their apps. Of course, I'm open to criticisms and alternative solutions :). The code that adds the new functionality is inserted at the beginning of mod_proxy's proxy_handler. The conditions are a little weird because I only wanted to check the handler if it is not a proxy request already. diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index 9d7c92f..49f3bdc 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -927,8 +927,20 @@ static int proxy_handler(request_rec *r) struct dirconn_entry *list = (struct dirconn_entry *)conf-dirconn-elts; /* is this for us? */ -if (!r-proxyreq || !r-filename || strncmp(r-filename, proxy:, 6) != 0) +if (!r-filename)
Re: 2.4.8 This Month
i would happily build a RPM for our devel-machines still missing a RC tarball :-( http://httpd.apache.org/dev/dist/ Am 03.03.2014 15:04, schrieb Jim Jagielski: Anyone else willing/able to cast some STATUS votes? On Feb 4, 2014, at 8:58 AM, Jim Jagielski j...@jagunet.com wrote: I'd like to TR and release 2.4.8 this month... Let's all take some time to: 1. See what in trunk should really be backported 2. Test and vote in STATUS backports Let's get people excited again about Apache httpd! signature.asc Description: OpenPGP digital signature
Re: 2.4.8 This Month
On Mon, Mar 3, 2014 at 9:06 AM, Reindl Harald h.rei...@thelounge.net wrote: Anyone else willing/able to cast some STATUS votes? i would happily build a RPM for our devel-machines still missing a RC tarball :-( http://httpd.apache.org/dev/dist/ Jim is referring to votes in the STATUS file for backports to 2.4. That needs to be settled before there can be any kind of release candidate because it determines the contents of the release.
Re: 2.4.8 This Month
DirectoryCheckHandler has got my vote/promotion. On Mon, Mar 3, 2014 at 3:04 PM, Jim Jagielski j...@jagunet.com wrote: Anyone else willing/able to cast some STATUS votes? On Feb 4, 2014, at 8:58 AM, Jim Jagielski j...@jagunet.com wrote: I'd like to TR and release 2.4.8 this month... Let's all take some time to: 1. See what in trunk should really be backported 2. Test and vote in STATUS backports Let's get people excited again about Apache httpd!
Re: Problems with directive SSLPassPhraseDialog with a piped script
Tom, this code is shared with all the other pipe features in httpd, I believe the docs at http://httpd.apache.org/docs/current/logs.html#piped will explain why the shell was not invoked, and provides an example of how to invoke your pipe script with shell. You can use the docs commentary system to submit feedback on the mod_ssl doc page, if this solves your issue. Bill On Fri, Feb 28, 2014 at 6:33 PM, Tom Browder tom.brow...@gmail.com wrote: On Fri, Feb 28, 2014 at 8:52 AM, Tom Browder tom.brow...@gmail.com wrote: On Fri, Feb 28, 2014 at 8:22 AM, Reindl Harald h.rei...@thelounge.net wrote: Am 28.02.2014 14:18, schrieb Tom Browder: On Fri, Feb 28, 2014 at 8:10 AM, Reindl Harald h.rei...@thelounge.net wrote: Am 28.02.2014 14:01, schrieb Tom Browder: I agree, but even so shouldn't the pipe method work though it may be less strict? i don#t know nor care because i used the exec variant in production in the past, it worked fine and AFAIR with $1 you get the hostname to echo the correct password if there are more than one certificates involved That's the way I read the docs, too. I have just the one cert good for multiple vhosts so it should work. So, shall I file a bug or not? -Tom
Re: Problems with directive SSLPassPhraseDialog with a piped script
On Mon, Mar 3, 2014 at 10:38 AM, William A. Rowe Jr. wmr...@gmail.com wrote: Tom, this code is shared with all the other pipe features in httpd, I believe the docs at http://httpd.apache.org/docs/current/logs.html#piped will explain why the shell was not invoked, and provides an example of how to invoke your pipe script with shell. Ah, that '$' may be the ticket. I'll try that and see if it works. Given that it works, is there any inherent advantage (security-wise or other) of the pipe vs. exec for returning the key passphrase at start up? Also, if it works, I'll comment at the appropriate place in the docs. Thanks, Bill. Best regards, -Tom
Re: Problems with directive SSLPassPhraseDialog with a piped script
On Mon, Mar 3, 2014 at 11:21 AM, Tom Browder tom.brow...@gmail.com wrote: On Mon, Mar 3, 2014 at 10:38 AM, William A. Rowe Jr. wmr...@gmail.com wrote: Tom, this code is shared with all the other pipe features in httpd, I I've tried each of these versions to no avail: SSLPassPhraseDialog |/path/to/passphrase.sh SSLPassPhraseDialog |$/path/to/passphrase.sh SSLPassPhraseDialog |\$/path/to/passphrase.sh SSLPassPhraseDialog |/path/to/passphrase.sh SSLPassPhraseDialog |$/path/to/passphrase.sh SSLPassPhraseDialog |\$/path/to/passphrase.sh I also changed the passphrase.sh script to require an argument (any argument). I must be doing something wrong (my weak understanding of pipes). Someone who can demonstrate the pipe method successfully should document exactly how to do it. In any event, I agree with Reindl Harald: SSLPassPhraseDialog exec:/path/to/passphrase.sh is your friend. Best regards, -Tom
Re: 2.4.8 This Month
Am 03.03.2014 15:44, schrieb Eric Covener: On Mon, Mar 3, 2014 at 9:06 AM, Reindl Harald h.rei...@thelounge.net wrote: Anyone else willing/able to cast some STATUS votes? i would happily build a RPM for our devel-machines still missing a RC tarball :-( http://httpd.apache.org/dev/dist/ Jim is referring to votes in the STATUS file for backports to 2.4. That needs to be settled before there can be any kind of release candidate because it determines the contents of the release thanks for clarification - for that i lack knowledge and will wait for a pre-release to test it on our production configs signature.asc Description: OpenPGP digital signature
test framework
Anyone know how to have the test framework run a script before it starts the tests, then stop the script when the tests are done? I wanted to add some UDS tests to the framework but can't for the life of me figure out how to do the above...
Re: test framework
Note the -start and -stop functionality of the framework. Is this script supposed to live for the duration of a test? Or will this script coexist next to the running server? The server can be started and left there, ready for multiple test invocations even across machines, so it would be helpful to understand the lifetime and location of this script (on the test client machine or the test server host machine.) On Mon, Mar 3, 2014 at 2:02 PM, Jim Jagielski j...@jagunet.com wrote: Anyone know how to have the test framework run a script before it starts the tests, then stop the script when the tests are done? I wanted to add some UDS tests to the framework but can't for the life of me figure out how to do the above...