From owner-freebsd-apache@FreeBSD.ORG  Thu Sep  5 06:24:59 2013
Return-Path: <owner-freebsd-apache@FreeBSD.ORG>
Delivered-To: apache@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 20CE127F;
 Thu,  5 Sep 2013 06:24:59 +0000 (UTC) (envelope-from avg@FreeBSD.org)
Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140])
 by mx1.freebsd.org (Postfix) with ESMTP id 242852DE9;
 Thu,  5 Sep 2013 06:24:57 +0000 (UTC)
Received: from porto.starpoint.kiev.ua (porto-e.starpoint.kiev.ua
 [212.40.38.100])
 by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id JAA09449;
 Thu, 05 Sep 2013 09:24:54 +0300 (EEST)
 (envelope-from avg@FreeBSD.org)
Received: from localhost ([127.0.0.1])
 by porto.starpoint.kiev.ua with esmtp (Exim 4.34 (FreeBSD))
 id 1VHSzt-000B86-U3; Thu, 05 Sep 2013 09:24:54 +0300
Message-ID: <5228237C.4090807@FreeBSD.org>
Date: Thu, 05 Sep 2013 09:23:56 +0300
From: Andriy Gapon <avg@FreeBSD.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:17.0) Gecko/20130810 Thunderbird/17.0.8
MIME-Version: 1.0
To: olli hauer <ohauer@gmx.de>
Subject: Re: www/apache22/files/patch-support__apachectl.in change in r322368
References: <522757BF.60300@FreeBSD.org> <52277B92.40508@gmx.de>
In-Reply-To: <52277B92.40508@gmx.de>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset=x-viet-vps
Content-Transfer-Encoding: 7bit
Cc: apache@FreeBSD.org
X-BeenThere: freebsd-apache@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Support of apache-related ports  <freebsd-apache.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-apache>,
 <mailto:freebsd-apache-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-apache>
List-Post: <mailto:freebsd-apache@freebsd.org>
List-Help: <mailto:freebsd-apache-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-apache>,
 <mailto:freebsd-apache-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Sep 2013 06:24:59 -0000

on 04/09/2013 21:27 olli hauer said the following:
> On 2013-09-04 17:54, Andriy Gapon wrote:
>>
>> http://svnweb.freebsd.org/ports?view=revision&revision=322368
>> Commit message says:
>> 	- add fix for CVE-2013-1862
>> 	- adjust vuxml
>>
>> At the same time there is the following change to patch-support__apachectl.in:
>> +-case $ARGV in
>> +-start|stop|restart|graceful|graceful-stop)
>> +-    $HTTPD -k $ARGV
>> ++case $ACMD in
>> ++start|stop|restart|rcvar|reload|graceful|gracefulstop|graceful-stop)
>> ++#    $HTTPD -k $ARGV
>> ++    $SERVICE $( echo $ACMD | tr -d '-' )
>> +     ERROR=$?
>> +     ;;
>>
>> Of particular interest to me is this change from direct start of httpd to
>> starting via service(8) command.
>> There is no rationale for this change in commit message...
>>
>> Now I will describe a problem that this changes causes for us.
>> Among other things we use piped loggers with apache.  Our filter commands need
>> custom PATH to be specified for them.  Basically they start with:
>> #!/usr/bin/env blah-blah
>> And finding blah depends on the proper PATH.
>> We are careful to set PATH before running apachectl.  Everything used to work
>> without any glitch.
>>
>> Now, service(8) does the following:
>> exec env -i HOME=/ PATH=/sbin:/bin:/usr/sbin:/usr/bin $dir/$script $*
>> This obviously nullifies any effects of our PATH customization.
>> Our configuration became broken.
>>
>> Do you have any suggestions on how we can work around the problem?
>>
>> Another minor consequence of this change is that now apache22_enable="YES" must
>> be set to start httpd even via apachectl.  Previously it didn't have to be
>> specified.
>> And unlike rc.d/apache22 which accepts onestart/forcestart as all rc scripts do,
>> apachectl rejects these commands.
>>
>> So, I think that the change:
>> - was not appropriately committed but rather sneaked into another change
>> - is a POLA violation
>> - is a PITA
>>
>> So, perhaps you could consider reverting it?
>>
>> Thank you very much for all the hard work on apache ports.
>> Hope that you will be able to help to resolve the reported issues.
>>
> 
> Hm, starting apache with a clean environment was one of the intention behind this
> change. In any case you don't want apache to sucks in the environment from the user
> starting the server via apachectl.
> 
> The clean way will be to place the custom vars in apache22/24/envars.d this way
> 
> cat apache22/envvars.d/foo.env
> export FOO=BAR
> export ILOVE=FreeBSD
> ...
> 
> The name of the file doesn't matter as long as it ends with '.env', then
> it will be processed by the $LOCALBASE/sbin/envvars script.
> 
> Hope this helps.

Thank you very much for the suggestion!
Indeed, it does fix the problem and it looks much nicer than what we used before.

How about the other problem?
For various reasons we don't want to put apache22_enable="YES" into rc.conf, but
we still need apachectl to work without asking any questions.

And yet another problem.  For various reasons our apache stores its pid in a
custom location.  But rc.d/apache22 seems to know only about /var/run/httpd.pid
and I couldn't find a way to override that location.  So, for example, apachectl
stop doesn't work for us, because it now operates via the rc script and it
doesn't know about our pid file.

-- 
Andriy Gapon