Date: Thu, 07 Feb 2019 11:21:04 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 235572] www/mod_cloudflare: LoadModule line removed during pkg upgrade Message-ID: <bug-235572-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235572 Bug ID: 235572 Summary: www/mod_cloudflare: LoadModule line removed during pkg upgrade Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: joneum@FreeBSD.org Reporter: jdc@koitsu.org Assignee: joneum@FreeBSD.org Flags: maintainer-feedback?(joneum@FreeBSD.org) Description: Any time the www/mod_cloudflare port/pkg is upgraded via "pkg upgrade", httpd.conf is modified incorrectly -- the LoadModule module_cloudflare line goes completely missing from the config. In other words: something about the pkg upgrade (deinstall old/install new) process is modifying httpd.conf and being naughty. I've seen this at least twice now, but most recently today when upgrading f= rom ap24-mod_cloudflare-0.0.2016.6.0 to ap24-mod_cloudflare-2016.10.0. Impact: This has dire consequences for servers behind CloudFlare, as Apache logs and relevant Apache-level access rules suddenly stop working because the module= is no longer loaded thus $REMOTE_ADDR and related internal Apache bits show CloudFlare's servers, not the real client IP. I do not have this problem with other pkg'd Apache modules (ex. mod_php72) = (see below). Reproduction: 1. sudo pkg install ap24-mod_cloudflare-0.0.2016.6.0 2. Make sure the proper LoadModule line for module_cloudflare is enabled (present and uncommented) in httpd.conf. 3. sudo pkg update 4. sudo pkg upgrade (should show ap24-mod_cloudflare-2016.10.0, pick yes, etc.) 5. Find httpd.conf to be missing the LoadModule line Debugging: I dug into this minimally and found the following: $ pkg info -R ap24-mod_cloudflare-2016.10.0 ... scripts { post-install =3D "/usr/local/sbin/apxs -e -A -n cloudflare /usr/local/libexec/apache24/mod_cloudflare.so"; post-deinstall =3D <<EOD /usr/bin/sed -i '' -E '/LoadModule[[:blank:]]+cloudflare_module/d' /usr/local/etc/apache24/httpd.conf echo "Don't forget to remove all mod_cloudflare-related directives in your httpd.conf" EOD; } Note: 1. post-install using apxs -A, not -a (see below) 2. post-deinstall deletes the LoadModule line from httpd.conf via a sed inl= ine modify apxs -a and -A flags: -a This activates the module by automatically adding a corresponding LoadModule line to Apache's httpd.conf configuration file, or by enabling it if it already exists. -A Same as option -a but the created LoadModule directive is prefixed with a hash sign (#), i.e., the module is just prepa= red for later activation but initially disabled. Compare this to mod_php72, which has: scripts { post-install =3D "/usr/local/sbin/apxs -e -a -n php7 libphp7.so"; pre-deinstall =3D "/usr/local/sbin/apxs -e -A -n php7 libphp7.so"; } Note: 1. post-install is using apxs -a (not -A) to activate the module 2. pre-deinstall is used, not post-deinstall 3. pre-deinstall is using apxs -A (to deactivate the module/comment out the line in httpd.conf) Workaround: As a kludge/hack to to catch and deal with this problem, I've been using the following in a separate file in /usr/local/etc/apache24/Includes: <IfModule !cloudflare_module> LoadModule cloudflare_module libexec/apache24/mod_cloudflare.so </IfModule> Solution: Strongly suggest using the same method that mod_php72 uses. AP_FAST_BUILD = and AP_GENPLIST are probably involved, but I do not understand why this particu= lar port behaves so incorrectly on deinstall/reinstall. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-235572-7788>