Bug#860024: apache2-bin: jessie-backports available

2017-04-13 Thread Tom Geissler 
* Luca Capello  [13-04-17 14:54]:
> On Tue, 11 Apr 2017 11:58:40 +0200, L.P.H. van Belle wrote:
> > > Thank you for the notice, that is because the debian/control is wrong,
> > > it does not declare such dependency:
> > > 
> > >    > > apache/apache2.git/tree/debian/control?h=debian/2.4.25-
> > > 3=4f79d48a8a5458eb0186a5a992c73a0699924900#n8>
> > > 
> > >   Build-Depends: debhelper (>= 9.20131213~), lsb-release, dpkg-dev (>=
> > > 1.16.1~),
> > >libaprutil1-dev (>= 1.5.0), libapr1-dev (>= 1.5.0), libpcre3-dev,
> > > zlib1g-dev,
> > >libnghttp2-dev, libssl1.0-dev | libssl-dev (<< 1.1), perl,
> > >liblua5.2-dev, libxml2-dev, autotools-dev, gawk | awk,
> > >dh-systemd
> First of all, this is because stretch has libssl1.0-dev, thus the
> 
>   Build-Depends: libssl1.0-dev | libssl-dev

Hi,

I've backported apache >= 2.4.18 and the last package depends on openssl
from jessie-backports. 

> Unfortunately, we do not have a test bed for HTTP/2 right now, could
> someone please confirm this?

HTTP2 works good.

My repo is here:

https://www.d7031.de/content/debian-apache-and-http2/

I could include this backport into debian backports, if someone sponsor
this. :-)

-- 
regrads 

Tom

-- 
best regards

Tom


pgpQwGqbor6pj.pgp
Description: PGP signature

Bug#860024: apache2-bin: jessie-backports available

2017-04-13 Thread Luca Capello 
Hi there,

On Tue, 11 Apr 2017 11:58:40 +0200, L.P.H. van Belle wrote:
> > Thank you for the notice, that is because the debian/control is wrong,
> > it does not declare such dependency:
> > 
> >    > apache/apache2.git/tree/debian/control?h=debian/2.4.25-
> > 3=4f79d48a8a5458eb0186a5a992c73a0699924900#n8>
> > 
> >   Build-Depends: debhelper (>= 9.20131213~), lsb-release, dpkg-dev (>=
> > 1.16.1~),
> >libaprutil1-dev (>= 1.5.0), libapr1-dev (>= 1.5.0), libpcre3-dev,
> > zlib1g-dev,
> >libnghttp2-dev, libssl1.0-dev | libssl-dev (<< 1.1), perl,
> >liblua5.2-dev, libxml2-dev, autotools-dev, gawk | awk,
> >dh-systemd
>
> Hmm, strange yes the stretch package it does. 
> https://packages.debian.org/stretch/apache2-bin 
> dep: libssl1.0.2 (>= 1.0.2d)

First of all, this is because stretch has libssl1.0-dev, thus the

  Build-Depends: libssl1.0-dev | libssl-dev

is satisfied by the first option and the Depends: (i.e. those for the
compiled .deb binary package) is automatically filled in by
dpkg-buildpackage according to the debpkg installed during the build.

OTOH, jessie[-backports] has libssl-dev only, so the Build-Depends:
would be satisfied by the second option.  However, sbuild does not honor
alternative dependencies, thus AFAIK the only way to compile apache2.4
with sbuild on jessie[-backports] is to remove the first option.

After some digging, it seems that the problem is not linked to ALPN, but
to the support of the mod_ssl's SSLOpenSSLConfCmd option itself, which
according to upstream needs at least OpenSSL version 1.0.2:

  

Thus, the Build-Depends: should be split in two:

  libssl1.0-dev (>= 1.0.2) | libssl-dev (>= 1.0.2)
  libssl1.0-dev (>= 1.0.2) | libssl-dev (<< 1.1)

Funny enough, there is no notice in the ./configure output:

--8<---cut here---start->8---
checking whether to enable mod_ssl... checking dependencies
checking for OpenSSL... checking for user-provided OpenSSL base directory... 
none
  setting MOD_CFLAGS to ""
  setting ab_CFLAGS to ""
  setting MOD_LDFLAGS to ""
  setting MOD_LDFLAGS to ""
checking for OpenSSL version >= 0.9.8a... OK
  setting MOD_LDFLAGS to "-lssl -lcrypto   "
  setting LIBS to "-lssl -lcrypto   "
  forcing ab_LDFLAGS to "-lssl -lcrypto   "
checking openssl/engine.h usability... yes
checking openssl/engine.h presence... yes
checking for openssl/engine.h... yes
checking for SSLeay_version... yes
checking for SSL_CTX_new... yes
checking for ENGINE_init... yes
checking for ENGINE_load_builtin_engines... yes
checking for RAND_egd... yes
yes
  setting MOD_CFLAGS to ""
  setting MOD_SSL_LDADD to "-export-symbols-regex ssl_module"
checking whether to enable mod_ssl... shared (all)
  adding "-I$(top_srcdir)/modules/ssl" to INCLUDES
[...]
checking whether to enable mod_http2... checking dependencies
checking for OpenSSL... (cached) yes
  setting MOD_LDFLAGS to "-lssl -lcrypto   "
  setting MOD_CFLAGS to ""
  setting MOD_CPPFLAGS to "-DH2_OPENSSL"
checking for nghttp2... checking for user-provided nghttp2 base directory... 
none
checking for pkg-config along ...   setting MOD_CFLAGS to ""
checking for nghttp2 version >= 1.2.1... OK
  adding "-lnghttp2" to MOD_LDFLAGS
  setting LIBS to "-lnghttp2   "
checking nghttp2/nghttp2.h usability... yes
checking nghttp2/nghttp2.h presence... yes
checking for nghttp2/nghttp2.h... yes
checking for nghttp2_session_server_new2... yes
checking for nghttp2_stream_get_weight... yes
checking for nghttp2_session_change_stream_priority... yes
  adding "-DH2_NG2_CHANGE_PRIO" to MOD_CPPFLAGS
checking for nghttp2_session_callbacks_set_on_invalid_header_callback... yes
  adding "-DH2_NG2_INVALID_HEADER_CB" to MOD_CPPFLAGS
yes
  setting MOD_HTTP2_LDADD to "-export-symbols-regex http2_module"
checking whether to enable mod_http2... shared (all)
checking whether to enable mod_proxy_http2... checking dependencies
checking for nghttp2... (cached) yes
  setting MOD_PROXY_HTTP2_LDADD to "-export-symbols-regex proxy_http2_module"
checking whether to enable mod_proxy_http2... shared

--8<---cut here---end--->8---

To go back to ALPN, from what I could find out, it was at first required
by Chrome to support HTTP/2, at least until it was decided to still
support NPN (thus HTTP/2 is feasible with OpenSSL <= 1.0.2f):

  
  
  

And I could not find why ALPN would require OpenSSL >= 1.0.2f (despite a
lot of search results stating that), since ALPN is officially supported
by OpenSSL 1.0.2:

  

Nevertheless, jessie-backports has OpenSSL 1.0.2k, thus simply
installing openssl from jessie-backports should be enough to add
mod_ssl's

Bug#860024: apache2-bin: jessie-backports available

2017-04-11 Thread L . P . H . van Belle 
Is reply to 

> Thank you for the notice, that is because the debian/control is wrong,
> it does not declare such dependency:
> 
>    apache/apache2.git/tree/debian/control?h=debian/2.4.25-
> 3=4f79d48a8a5458eb0186a5a992c73a0699924900#n8>
> 
>   Build-Depends: debhelper (>= 9.20131213~), lsb-release, dpkg-dev (>=
> 1.16.1~),
>libaprutil1-dev (>= 1.5.0), libapr1-dev (>= 1.5.0), libpcre3-dev,
> zlib1g-dev,
>libnghttp2-dev, libssl1.0-dev | libssl-dev (<< 1.1), perl,
>liblua5.2-dev, libxml2-dev, autotools-dev, gawk | awk,
>dh-systemd
> 
Hmm, strange yes the stretch package it does. 
https://packages.debian.org/stretch/apache2-bin 
dep: libssl1.0.2 (>= 1.0.2d)


Greetz, 

Louis

Bug#860024: apache2-bin: jessie-backports available

2017-04-11 Thread L . P . H . van Belle 
Hi Luca, 

Yes, sorry about that, i'll post to the bug report. 
> You mean, Apache or OpenSSL?

I've had a 2.4.18 apache2 with http2 ( and ssl 1.0.2f) , fully tested. 

You need to compile apache with openssl 1.0.2f+ libs. 
So get the debian stretch openssl source, compile that, install the needed 
packages and then apache. 


Best regards, 

Louis van Belle
GPG KeyID: EB7A89CF


> -Oorspronkelijk bericht-
> Van: Luca Capello [mailto:luca.cape...@infomaniak.com]
> Verzonden: dinsdag 11 april 2017 10:59
> Aan: L.P.H. van Belle
> Onderwerp: Re: Bug#860024: apache2-bin: jessie-backports available
> 
> Hi Louis,
> 
> On Mon, 10 Apr 2017 14:57:19 +0200, L.P.H. van Belle wrote:
> > You missed the update of ssl to 1.0.2f.
> >
> > > ii  libssl1.0.0  1.0.1t-1+deb8u6
> >
> > You need minimal 1.0.2f+ for ALPN to work and now the option:
> SSLOpenSSLConfCmd  wont work.
> 
> Thank you for the notice, that is because the debian/control is wrong,
> it does not declare such dependency:
> 
>   <https://anonscm.debian.org/git/pkg-
> apache/apache2.git/tree/debian/control?h=debian/2.4.25-
> 3=4f79d48a8a5458eb0186a5a992c73a0699924900#n8>
> 
>   Build-Depends: debhelper (>= 9.20131213~), lsb-release, dpkg-dev (>=
> 1.16.1~),
>libaprutil1-dev (>= 1.5.0), libapr1-dev (>= 1.5.0), libpcre3-dev,
> zlib1g-dev,
>libnghttp2-dev, libssl1.0-dev | libssl-dev (<< 1.1), perl,
>liblua5.2-dev, libxml2-dev, autotools-dev, gawk | awk,
>dh-systemd
> 
> Would you mind posting the same to the BTS, so we can continue in
> public?
> 
> > At least thats the last i know, i did this with 2.4.18 already.
> > But nobody wanted the upload to BPO.
> 
> You mean, Apache or OpenSSL?
> 
> I would like to avoid to keep backports "hidden", the more we use them
> the more we are sure they work correctly.
> 
> Best,
> Luca
> 
> --
> Luca Capello
> Administrateur GNU/Linux
> 
> Infomaniak Network SA

Bug#860024: apache2-bin: jessie-backports available

2017-04-10 Thread Luca Capello 
Package: apache2-bin
Version: 2.4.25-3~bpo8+1
Severity: wishlist
User: product...@infomaniak.com
Usertag: infomaniak.com-apache

Hi there,

at work, we need HTTP/2 support in Apache, thus we backported the
following packages:

--8<---cut here---start->8---
spdylay (1.3.2-2.1~bpo8+1) jessie-backports; urgency=medium

  * Rebuild for jessie-backports.
  * debian/control:
+ add myself to Uploaders:.

 -- Luca Capello   Fri, 13 Jan 2017 17:02:19 +0100

--8<---cut here---end--->8---

--8<---cut here---start->8---
sphinxcontrib-rubydomain (0.1~dev-20100804-1~bpo8+1) jessie-backports; 
urgency=medium

  * Rebuild for jessie-backports.
  * debian/control:
+ add myself to Uploaders:.
  * debian/gbp.conf:
+ debian-branch=jessie-backports.

 -- Luca Capello   Wed, 01 Feb 2017 09:18:40 +0100

--8<---cut here---end--->8---

--8<---cut here---start->8---
nghttp2 (1.18.1-1~bpo8+1) jessie-backports; urgency=medium

  * Rebuild for jessie-backports.
  * debian/control:
+ add myself to Uploaders:.
+ add python-sphinxcontrib.rubydomain to Build-Depends:.

 -- Luca Capello   Thu, 09 Mar 2017 11:02:26 +0100

--8<---cut here---end--->8---

--8<---cut here---start->8---
apache2 (2.4.25-3~bpo8+1) jessie-backports; urgency=medium

  * Rebuild for jessie-backports.
  * debian/control:
+ add myself to Uploaders:.
+ remove libssl1.0-dev from Build-Depends:.
  * debian/gbp.conf:
+ debian-branch=jessie-backports.

 -- Luca Capello   Thu, 09 Mar 2017 11:41:18 +0100

--8<---cut here---end--->8---

We have not deployed them in production, yet, but they work with the
default php5 package in jessie.

Would someone (maintainers of the packages above X-Debbugs-Cc:ed) mind
if I upload them to the official Debian archive?

All the modifications have been made to a Git checkout of the official
Debian repositories, with signed commits and tags.  And I can provide
read-only access to such repositories, if someone would like to
integrate the modifications.

Thx, bye,
Gismo / Luca

-- Package-specific info:

-- System Information:
Debian Release: 8.7
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apache2-bin depends on:
ii  libapr1  1.5.1-3
ii  libaprutil1  1.5.4-1
ii  libaprutil1-dbd-sqlite3  1.5.4-1
ii  libaprutil1-ldap 1.5.4-1
ii  libc62.19-18+deb8u7
ii  libldap-2.4-22.4.40+dfsg-1+deb8u2
ii  liblua5.2-0  5.2.3-1.1
ii  libnghttp2-141.18.1-1~bpo8+1
ii  libpcre3 2:8.35-3.3+deb8u4
ii  libssl1.0.0  1.0.1t-1+deb8u6
ii  libxml2  2.9.1+dfsg1-5+deb8u4
ii  perl 5.20.2-3+deb8u6
ii  zlib1g   1:1.2.8.dfsg-2+b1

apache2-bin recommends no packages.

Versions of packages apache2-bin suggests:
pn  apache2-doc  
pn  apache2-suexec-pristine | apache2-suexec-custom  
ii  w3m [www-browser]0.5.3-19+deb8u1

Versions of packages apache2 depends on:
ii  apache2-data 2.4.25-3~bpo8+1
ii  apache2-utils2.4.25-3~bpo8+1
ii  dpkg 1.17.27
ii  init-system-helpers  1.22
ii  lsb-base 4.1+Debian13+nmu1
ii  mime-support 3.58
ii  perl 5.20.2-3+deb8u6
ii  procps   2:3.3.9-9

Versions of packages apache2 recommends:
ii  ssl-cert  1.0.35

Versions of packages apache2 suggests:
pn  apache2-doc  
pn  apache2-suexec-pristine | apache2-suexec-custom  
ii  w3m [www-browser]0.5.3-19+deb8u1

Versions of packages apache2-bin is related to:
ii  apache2  2.4.25-3~bpo8+1
ii  apache2-bin  2.4.25-3~bpo8+1

-- no debconf information

-- 
Luca Capello
Administrateur GNU/Linux

Infomaniak Network SA


signature.asc
Description: Digital signature