NetBSD Problem Report #27073

Received: (qmail 14529 invoked by uid 605); 29 Sep 2004 10:16:14 -0000
Message-Id: <200409291014.i8TAEte29126@fang.grunta.com>
Date: Wed, 29 Sep 2004 20:14:55 +1000 (EST)
From: grant@NetBSD.org
Sender: gnats-bugs-owner@NetBSD.org
To: gnats-bugs@gnats.netbsd.org
Subject: www/ap-ssl breaks on Linux without ndbm.h
X-Send-Pr-Version: 3.95

>Number:         27073
>Category:       pkg
>Synopsis:       www/ap-ssl breaks on Linux without ndbm.h
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    linux-pkg-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Sep 29 10:17:00 +0000 2004
>Closed-Date:    
>Last-Modified:  Thu Jan 13 21:12:01 +0000 2005
>Originator:     grant beattie
>Release:        pkgsrc-current
>Organization:
>Environment:
System: Linux beastie 2.4.26 #6 Mon Jun 14 19:07:27 PDT 2004 i686 unknown unknown GNU/Linux
Architecture: i386
Machine: i386
>Description:
www/ap-ssl doesn't build on Linux if ndbm.h is not present, which is the
case on Slackware 10.0.

in the mod_ssl CHANGES file, this is mentioned:

*) Now the default for SSL_SDBM is 'yes' on Linux boxes because it occurrs
   too often that Linux boxes with broken DBM libraries are used and people
   are wondering why their session cache operations segfault the server. If
   you really want to use the vendor DBM library on Linux you now have to
   use --disable-rule=SSL_SDBM. But I recommend you to use SDBM except
   you know what you're doing.

however, SDBM is forced off when building ap-ssl because apache's
configure is called with --disable-module=ssl, so the relevant build
options for ap-ssl are disabled.

calling apache's configure manually with --enable-module=ssl automatically
enables SSL_SDBM:

 + adding selected modules
    o ssl_module uses ConfigStart/End
      + SSL interface: mod_ssl/2.8.19
      + SSL interface build type: DSO
      + SSL interface compatibility: enabled
      + SSL interface experimental code: disabled
      + SSL interface conservative code: disabled
      + SSL interface vendor extensions: disabled
      + SSL interface plugin: Built-in SDBM
      + SSL library path: [SYSTEM]
      + SSL library version: OpenSSL 0.9.7d 17 Mar 2004
      + SSL library type: installed package (system-wide)

but this doesn't work from the pkg Makefile. I suspect that some more
files in Apache need to have the mod_ssl patch applied to make this
work, but I haven't tried that.

>How-To-Repeat:
on Slackware 10.0:

cd www/ap-ssl; make
>Fix:
unknown.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: pkg-manager->linux-pkg-people 
Responsible-Changed-By: wiz 
Responsible-Changed-When: Wed Sep 29 21:18:40 UTC 2004 
Responsible-Changed-Why:  
Linux pkgsrc problem. 
From: David Naughton <naughton@umn.edu>
To: gnats-bugs@NetBSD.org
Cc: grant@NetBSD.org
Subject: Re: pkg/27073: www/ap-ssl breaks on Linux without ndbm.h
Date: Thu, 13 Jan 2005 14:53:49 -0600

 I have an idea for a fix. However, I'm not sure that my idea suggests an ideal fix or even 
 that I understand the underlying problem very well. I'm also unsure whether a fix should 
 be applied only to the pkgsrc ap-ssl package, only to the mod_ssl source, or some
 combination of the two. At least twice I've tried sending a similar message to the
 modssl-users list, but it seems to silently reject my messages. Therefore, I'm trying to
 append to this NetBSD PR instead.

 1. Versions

 mod_ssl/2.8.21-1.3.32 (via pkgsrc package ap-ssl-2.8.21nb1)
 apache/1.3.33 (via pkgsrc package apache-1.3.33)
 Debian GNU/Linux unstable ("sarge")

 2. Problem

 pkgsrc seems to be unusual in that it makes the configure and install of mod_ssl almost 
 completely independent of the configure and install of apache. To do that, it configures
 apache with 'disable-module=ssl' and installs it before doing anything with mod_ssl. It
 then installs mod_ssl as a DSO.

 This seems to be a problem for Linux, because it leaves no way that I can find to configure
 mod_ssl to use SDBM. A comment starting on line 260 of libssl.module says 'force Linux boxes
 to use builtin SDBM per default because of too much broken vendor DBM libraries on this
  platform'. Code to do just that follows, but all this is inside an if block that's executed
 only if we're _not_ using APXS. The only code in libssl.module that does anything with SDBM
 and is executed if we're using APXS is on line 152 of libssl.module:
 'my_rule_SSL_SDBM=$SSL_SDBM'. However, with apache already configured to disable mod_ssl,
 setting this variable seems to accomplish nothing.

 3. Fix Idea

 Replace patch-aa with the following:

 --- pkg.sslmod/libssl.module    2005-01-13 20:22:55.000000000 +0000
 +++ pkg.sslmod/libssl.module.orig       2004-05-11 18:38:56.000000000 +0000
 @@ -149,11 +149,7 @@
      #
      if [ ".$APXS_MODE" = .YES ]; then
          my_rule_SSL_COMPAT=$SSL_COMPAT
 -       if [ ".$APXS_FORCE_SDBM" = .YES ]; then
 -           SSL_CFLAGS="$SSL_CFLAGS -DSSL_USE_SDBM"
 -       else
 -           my_rule_SSL_SDBM=$SSL_SDBM
 -       fi
 +        my_rule_SSL_SDBM=$SSL_SDBM
          my_rule_SSL_EXPERIMENTAL=$SSL_EXPERIMENTAL
          my_rule_SSL_CONSERVATIVE=$SSL_CONSERVATIVE
          my_rule_SSL_VENDOR=$SSL_VENDOR
 @@ -438,7 +434,7 @@
              exit 1
          fi
      fi
 -    SSL_LDFLAGS="$SSL_LDFLAGS -L\$(SSL_LIBDIR) \$(SSL_RPATH_LDFLAGS)"
 +    SSL_LDFLAGS="$SSL_LDFLAGS -L\$(SSL_LIBDIR)"
      SSL_LIBS="$SSL_LIBS -lssl -lcrypto"

      #

 Then modify the pkgsrc Makefile to set APXS_FORCE_SDBM if the platform is Linux, or whatever
 other conditions may warrant that behavior. Of course, this would also allow users to set
 APXS_FORCE_SDBM in the environment.

 I would very much appreciate any feedback.

 Thank you,
 David Naughton

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.