Re: Integration tests running on Docker
Some updates: - We have support for httpd in travis - https://travis-ci.org/apache/httpd - In order to configure automatic builds, a travis.yaml file is needed in the base path of the repository, in every branch that needs to be tested IIUC. - My idea is currently to add in trunk a travis.yaml initial configuration file, that builds a Docker image like [1] and runs the perl test suite. - Building the Docker image in [1] takes quite a while now (between 9 and 13 mins on my laptop, depending also on network bandwidth etc..) so it will need more time before it could be as fast as we need, but we have to start from somewhere :) - In the travis.yaml file we'd need to put config options about what Docker image to build and with what parameters. Ideally I'd like to store the Docker images in the httpd-framework repository, and reference them in the Travis config of the httpd branches, but not sure if it will be possible. Worst case scenario we'll need to add the Docker image in each httpd branch that we want to test (possibly in a dedicated dir, like "docker" or "testing". If you are strongly against the above or have more suggestions and knowledge about Travis please let me know! Luca [1] https://github.com/elukey/httpd_integration_testing/blob/master/docker/code-testing/debian/Dockerfile Il giorno mar 22 ott 2019 alle ore 22:04 Luca Toscano ha scritto: > > Opened an issue to Infra to enable Travis support in github: > https://issues.apache.org/jira/browse/INFRA-19325 > > Luca > > Il giorno sab 28 set 2019 alle ore 09:39 Luca Toscano > ha scritto: > > > > Follow up after some work in > > https://github.com/elukey/httpd_integration_testing: > > > > * Use only one Docker image for ubuntu/debian > > * Created two use cases: code snapshot testing (latest trunk and > > 2.4.x) vs release candidate testing > > * Still some issues in installing perl deps on older Debian distro > > (like Stretch), but the perl suite seems to run fine in both use cases > > for Debian Buster. > > * Some issues while running the HTTP/2 test suite, will follow up with > > Stefan. > > * I'll try to add a Docker image for CentOS. > > > > Please open pull requests if you have ideas/comments/suggestions/etc.. :) > > > > Thanks! > > > > Luca > > > > Il giorno mer 25 set 2019 alle ore 11:52 Luca Toscano > > ha scritto: > > > > > > Hi everybody, > > > > > > I spent some time reading the previous discussions around the concept > > > of "CI" and from what I gather, it seems that we didn't reach an > > > agreement about how to proceed and who is working on it (but I might > > > be wrong, in case apologies!). From what I can see, there are two > > > possible working fronts: > > > > > > 1) Simplify the usage of the current perl testing suite, adding > > > docs/tests/etc.. Some people expressed the desire for a more friendly > > > framework, especially when adding new tests. > > > 2) Run the testing framework automatically on different environments > > > to spot anomalies/bugs/etc.. in a timely manner. > > > > > > I am a bit ignorant about how to run a proper CI but I created a > > > little prototype of a Dockerfile able to bootstrap a testing > > > environment on Debian 10 (Buster) and run the perl test suite: > > > > > > https://github.com/elukey/httpd_integration_testing/blob/master/docker/Dockerfile > > > > > > The above is only an example, it is missing a lot of things and some > > > follow up work is needed. But with the following commands, on my > > > laptop I was able to create a docker image and run the test suite: > > > > > > docker build . > > > docker run $id-of-the-image make check > > > > > > Some thoughts: > > > > > > 1) The above Dockerfile is really handy since I can easily switch > > > between Debian versions (Jessie/Stretch/Buster to name the last three) > > > and run the test suite with different package versions (openssl, > > > nghttp2, etc..). It should be also easy to create Dockerfiles for > > > other OS/environments, and run make check in a similar way. > > > 1-bis) Testing on Windows would still need to be solved, Docker > > > probably it is not the right solution but we could find something else > > > to integrate for this specific use case. > > > 2) Docker also offers a way to open a bash shell in interactive mode, > > > so it could be easy to run tests on a certain platform when somebody > > > reports a problem. Or make sure that a new set of tests runs correctly > > > everywhere. > > > 3) Another use case could be to create a Dockerfile that pulls a > > > specific new release of httpd, installing it and running the test > > > suite on multiple platforms. > > > 4) The same Docker image could also run tests suites like > > > https://github.com/icing/mod_h2/tree/master/test/e2e (that is really > > > nice, I suggest to check it if you haven't done it) to run HTTP/2 > > > tests as well. > > > 5) We could even think about having daily docker image builds that > > > take a snapshot of trunk/2.4.x and run the test suites,
Re: Opt in(/out?) for TLS protocol per vhost (was: svn commit: r1868645)
On Fri, Oct 25, 2019 at 4:18 PM Yann Ylavic wrote:
>
> The current status is that, without an opt-in/out, it takes the root
> value if configured, or the base server's otherwise. Not very
> intuitive...
Thinking more about this, I think it's not so bad. If no SSLProtocol
is configured neither globally nor in the non-base NVH then we use the
SSLProtocol of the base VNH, otherwise we use the one configured
(either in the VNH or globally). It looks satisfactory to me for 2.4.x
finally, no opt-in/out.
For trunk I think we should let the usual merging apply, that is, if
no SSLProtocol is defined in the VNH nor globally, use the default
value ("all -SSLv3"), the base vhost is irrelevent in any case.
WDYT?
Spurious difference in http2 between trunk and 2.4.x
Hi,
When comparing http2 between 2.4.x and trunk, they are mostly the same.
However the following hunk look spurious to me.
I think that it is a left over either in trunk or 2.4.x when backporting
or refactoring code.
I don't know if trunk or 2.4.x is correct, so I just report it here.
BTW, what is the preferred way to reports things about mod_http2 and mod_md?
ML and/or update in apache svn repository, or on github directly (and it
will flow later on in svn)?
Stefan, what is the most convenient for you?
CJ
diff -rup a/modules/http2/h2_mplx.c b/modules/http2/h2_mplx.c
--- a/modules/http2/h2_mplx.c 2019-08-08 22:10:36.407665200 +0200
+++ *b***/modules/http2/h2_mplx.c 2019-07-19 23:08:52.463084866 +0200
@@ -306,7 +306,6 @@ static int stream_destroy_iter(void *ctx
&& !task->rst_error);
}
- task->c = NULL;
if (reuse_slave) {
h2_beam_log(task->output.beam, m->c, APLOG_DEBUG,
APLOGNO(03385)
"h2_task_destroy, reuse slave");
Bug report for Apache httpd-2 [2019/10/27]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |10747|New|Maj|2002-07-12|ftp SIZE command and 'smart' ftp servers results i| |11580|Opn|Enh|2002-08-09|generate Content-Location headers | |12033|Opn|Nor|2002-08-26|Graceful restart immediately result in [warn] long| |13661|Ass|Enh|2002-10-15|Apache cannot not handle dynamic IP reallocation | |14104|Opn|Enh|2002-10-30|not documented: must restart server to load new CR| |16811|Ass|Maj|2003-02-05|mod_autoindex always return webpages in UTF-8.| |17244|Ass|Nor|2003-02-20|./configure --help gives false information regardi| |17497|Opn|Nor|2003-02-27|mod_mime_magic generates incorrect response header| |20036|Ass|Nor|2003-05-19|Trailing Dots stripped from PATH_INFO environment | |21260|Opn|Nor|2003-07-02|CacheMaxExpire directive not enforced ! | |21533|Ass|Cri|2003-07-11|Multiple levels of htacces files can cause mod_aut| |22484|Opn|Maj|2003-08-16|semaphore problem takes httpd down| |22686|Opn|Nor|2003-08-25|ab: apr_poll: The timeout specified has expired (7| |22898|Opn|Nor|2003-09-02|nph scripts with two HTTP header | |23911|Opn|Cri|2003-10-18|CGI processes left defunct/zombie under 2.0.54| |24095|Opn|Cri|2003-10-24|ERROR "Parent: child process exited with status 32| |24437|Opn|Nor|2003-11-05|mod_auth_ldap doubly-escapes backslash (\) charact| |24890|Opn|Nor|2003-11-21|Apache config parser should not be local aware ( g| |25469|Opn|Enh|2003-12-12|create AuthRoot for defining paths to auth files | |25484|Ass|Nor|2003-12-12|Non-service Apache cannot be stopped in WinXP | |26153|Opn|Cri|2004-01-15|Apache cygwin directory traversal vulnerability | |27257|Ass|Enh|2004-02-26|rotatelogs with getopt and setuid | |27715|Ass|Enh|2004-03-16|Client sending misformed Range "bytes = 0-100" ins| |28657|Ver|Min|2004-04-28|mod_negotiation should not store Content-Location | |29090|Ass|Enh|2004-05-19|MultiviewsMatch NegotiatedOnly extensions not resp| |29510|Ass|Enh|2004-06-10|ab does not support multiple cookies | |29644|Ver|Nor|2004-06-17|mod_proxy keeps downloading even after the client | |30259|Ass|Enh|2004-07-22|When proxy connects to backend, a DNS lookup is do| |30505|Ass|Enh|2004-08-05|Apache uses 'Error', and not lower level event typ| |31302|Opn|Cri|2004-09-19|suexec doesn't execute commands if they're not in | |31352|Ass|Enh|2004-09-21|RFE, Bind to LDAP server with browser supplier use| |31418|Opn|Nor|2004-09-25|SSLUserName is not usable by other modules| |32328|Opn|Enh|2004-11-19|Make mod_rewrite escaping optional / expose intern| |32750|Ass|Maj|2004-12-17|mod_proxy + Win32DisableAcceptEx = memory leak| |33089|New|Nor|2005-01-13|mod_include: Options +Includes (or IncludesNoExec)| |33207|Opn|Nor|2005-01-23|Results of my suexec.c code audit | |34270|Inf|Nor|2005-04-01|Large POSTs over SSL from Internet Explorer do not| |34519|New|Enh|2005-04-19|Directory index should emit valid XHTML | |35098|Ver|Maj|2005-05-27|Install fails using --prefix | |35652|Opn|Min|2005-07-07|Improve error message: "pcfg_openfile: unable to c| |35768|Ver|Nor|2005-07-17|Missing file logs at far too high of log level| |36636|Opn|Maj|2005-09-13|database write lock taken for PROPFIND operations | |36676|New|Nor|2005-09-15|time() bug in httpd/os/win32/util_win32.c:wait_for| |36710|Opn|Blk|2005-09-19|CGI output not captured | |37290|Opn|Min|2005-10-28|DirectoryIndex don't work in scriptaliased directo| |37355|Opn|Enh|2005-11-04|Allow to specify Proxy-Authorization in ProxyRemot| |37564|New|Enh|2005-11-19|Suggestion: mod_suexec SuexecUserGroup directive i| |38325|Opn|Nor|2006-01-20|impossible to determine AUTH_TYPE of interpreted r| |38571|New|Enh|2006-02-08|CustomLog directive checked by apachectl configtes| |38995|New|Nor|2006-03-16|httpd tries to communicate with the CGI daemon eve| |39275|Opn|Nor|2006-04-11|slow child_init causes MaxClients warning | |39287|
