Re: [Mageia-dev] lighttpd and others now require apache
Guillaume Rousse wrote: Le 22/03/2012 02:51, David Walser a écrit : Guillaume Rousse wrote: Le 17/03/2012 03:22, Anssi Hannula a écrit : Hence I suggest a single user id to be used. (I'm fine with any other solution which works as well) My main concern is the fuzziness of the current situation where we have - one virtual package 'webserver' corresponding to four implementations (apache, lightpd, nginx, cherooke) - one common base (webserver-base) only used by the two first ones - all our web applications packages using 'apache' as mandatory dependency If the main concern is file ownership, I'd propose for the next release to have each of these servers use a distinct uid, document root and index page, but use a shared 'webserver' or 'www' gid, and ensure all of those applications use group-based permission, instead of user-based. I'd find this setup a bit clearer. I also noticed two of the php subpackages adding the apache user in %post. Should they be doing this, should they Requires(post): webserver-base, or should this be handled some other way? Sure, that's wrong. Either they need apache itself, in this case this dependency is already ensured. Either they can be used without a web server, in this case they shouldn't use apache server anyway. Well a dependency on apache wouldn't be ensured unless they required apache-mod_php, so for now I added Requires(pre): webserver-base and removed their manually adding (and deleting!) of the apache user. One of the packages puts a log file with the httpd logs, so it should probably require apache. I'm not sure the exact semantics of those two (php-fpm and php-session if you're interested). There's another problem, however, since the expat update. Since libexpat.la was removed, php won't rebuild.
Re: [Mageia-dev] lighttpd and others now require apache
David Walser wrote: There's another problem, however, since the expat update. Since libexpat.la was removed, php won't rebuild. Pascal Terjan has fixed this problem.
Re: [Mageia-dev] lighttpd and others now require apache
Le 22/03/2012 21:42, Anssi Hannula a écrit : 20.03.2012 18:48, Guillaume Rousse kirjoitti: Le 17/03/2012 03:22, Anssi Hannula a écrit : Hence I suggest a single user id to be used. (I'm fine with any other solution which works as well) My main concern is the fuzziness of the current situation where we have - one virtual package 'webserver' corresponding to four implementations (apache, lightpd, nginx, cherooke) - one common base (webserver-base) only used by the two first ones - all our web applications packages using 'apache' as mandatory dependency If the main concern is file ownership, I'd propose for the next release to have each of these servers use a distinct uid, document root and index page, but use a shared 'webserver' or 'www' gid, and ensure all of those applications use group-based permission, instead of user-based. I'd find this setup a bit clearer. I'd rather they all use the traditional document root /var/www/html, but I don't really care much as long as the webapps are usable with both apache and lighttpd. I'm not sure if all webapps can easily work with group-based permissions, but maybe they do (I don't know much about them)... We will test group-based file permissions in next release. However, I'm suggesting right now remove 'webserver' virtual package from nginx and cherooke, and to keep it only for those relying on 'webserver-base' base, aka apache and lighttpd. This would make this virtual package sounds more like a minimal interface, implemented by a subset of our web server packages, rather than just a label without meaning. Is that OK for everyone ? -- BOFH excuse #349: Stray Alpha Particles from memory packaging caused Hard Memory Error on Server.
Re: [Mageia-dev] lighttpd and others now require apache
Le 22/03/2012 02:51, David Walser a écrit : Guillaume Rousse wrote: Le 17/03/2012 03:22, Anssi Hannula a écrit : Hence I suggest a single user id to be used. (I'm fine with any other solution which works as well) My main concern is the fuzziness of the current situation where we have - one virtual package 'webserver' corresponding to four implementations (apache, lightpd, nginx, cherooke) - one common base (webserver-base) only used by the two first ones - all our web applications packages using 'apache' as mandatory dependency If the main concern is file ownership, I'd propose for the next release to have each of these servers use a distinct uid, document root and index page, but use a shared 'webserver' or 'www' gid, and ensure all of those applications use group-based permission, instead of user-based. I'd find this setup a bit clearer. I also noticed two of the php subpackages adding the apache user in %post. Should they be doing this, should they Requires(post): webserver-base, or should this be handled some other way? Sure, that's wrong. Either they need apache itself, in this case this dependency is already ensured. Either they can be used without a web server, in this case they shouldn't use apache server anyway. -- BOFH excuse #161: monitor VLF leakage
Re: [Mageia-dev] lighttpd and others now require apache
20.03.2012 18:48, Guillaume Rousse kirjoitti: Le 17/03/2012 03:22, Anssi Hannula a écrit : Hence I suggest a single user id to be used. (I'm fine with any other solution which works as well) My main concern is the fuzziness of the current situation where we have - one virtual package 'webserver' corresponding to four implementations (apache, lightpd, nginx, cherooke) - one common base (webserver-base) only used by the two first ones - all our web applications packages using 'apache' as mandatory dependency If the main concern is file ownership, I'd propose for the next release to have each of these servers use a distinct uid, document root and index page, but use a shared 'webserver' or 'www' gid, and ensure all of those applications use group-based permission, instead of user-based. I'd find this setup a bit clearer. I'd rather they all use the traditional document root /var/www/html, but I don't really care much as long as the webapps are usable with both apache and lighttpd. I'm not sure if all webapps can easily work with group-based permissions, but maybe they do (I don't know much about them)... -- Anssi Hannula
Re: [Mageia-dev] lighttpd and others now require apache
Guillaume Rousse wrote: Le 17/03/2012 03:22, Anssi Hannula a écrit : Hence I suggest a single user id to be used. (I'm fine with any other solution which works as well) My main concern is the fuzziness of the current situation where we have - one virtual package 'webserver' corresponding to four implementations (apache, lightpd, nginx, cherooke) - one common base (webserver-base) only used by the two first ones - all our web applications packages using 'apache' as mandatory dependency If the main concern is file ownership, I'd propose for the next release to have each of these servers use a distinct uid, document root and index page, but use a shared 'webserver' or 'www' gid, and ensure all of those applications use group-based permission, instead of user-based. I'd find this setup a bit clearer. I also noticed two of the php subpackages adding the apache user in %post. Should they be doing this, should they Requires(post): webserver-base, or should this be handled some other way?
Re: [Mageia-dev] lighttpd and others now require apache
Le 17/03/2012 03:22, Anssi Hannula a écrit : Hence I suggest a single user id to be used. (I'm fine with any other solution which works as well) My main concern is the fuzziness of the current situation where we have - one virtual package 'webserver' corresponding to four implementations (apache, lightpd, nginx, cherooke) - one common base (webserver-base) only used by the two first ones - all our web applications packages using 'apache' as mandatory dependency If the main concern is file ownership, I'd propose for the next release to have each of these servers use a distinct uid, document root and index page, but use a shared 'webserver' or 'www' gid, and ensure all of those applications use group-based permission, instead of user-based. I'd find this setup a bit clearer. -- BOFH excuse #339: manager in the cable duct
Re: [Mageia-dev] lighttpd and others now require apache
Le 16/03/2012 03:01, Anssi Hannula a écrit : So I'd rather revert the change, and make lighttpd autonomous also. Unless someone can convince me there is an advantage having lighttpd executing as 'apache' :) The web applications policy has files being owned by 'apache' user, and I don't see how that could work if lighttpd used a different user: https://wiki.mageia.org/en/Web_applications_policy This policy was crafted with apache in mind only, not all available web servers. And its explicitely refers to apache integration, not generic webserver compatibility. For instance, the configuration file provided is apache-specific. Even if we have compatible file permissions, and if we asked packagers to also provide a default lighttpd configuration file (slighly more work), that would still be mostly theorical compatibility without actual testing from the packagers (many more work). So, rather than a potential compatibility, without documented limits, should we rather not make clear than adapting our web applications package to any other web server than apache is fully up to the end user ? -- BOFH excuse #202: kernel panic: write-only-memory (/dev/wom0) capacity exceeded.
Re: [Mageia-dev] lighttpd and others now require apache
On 16/03/12 09:02, Guillaume Rousse wrote: Le 16/03/2012 03:01, Anssi Hannula a écrit : So I'd rather revert the change, and make lighttpd autonomous also. Unless someone can convince me there is an advantage having lighttpd executing as 'apache' :) The web applications policy has files being owned by 'apache' user, and I don't see how that could work if lighttpd used a different user: https://wiki.mageia.org/en/Web_applications_policy This policy was crafted with apache in mind only, not all available web servers. And its explicitely refers to apache integration, not generic webserver compatibility. For instance, the configuration file provided is apache-specific. Even if we have compatible file permissions, and if we asked packagers to also provide a default lighttpd configuration file (slighly more work), that would still be mostly theorical compatibility without actual testing from the packagers (many more work). So, rather than a potential compatibility, without documented limits, should we rather not make clear than adapting our web applications package to any other web server than apache is fully up to the end user ? I agree with Guillaume on that. Some web applications might work with lighttpd and apache, but the other web servers might be incompatible. It's better for now to say that web apps are packaged for apache, and maybe, in the wiki, people can write how to adapt to other web servers. Best, -- Malo
Re: [Mageia-dev] lighttpd and others now require apache
16.03.2012 11:02, Guillaume Rousse kirjoitti: Le 16/03/2012 03:01, Anssi Hannula a écrit : So I'd rather revert the change, and make lighttpd autonomous also. Unless someone can convince me there is an advantage having lighttpd executing as 'apache' :) The web applications policy has files being owned by 'apache' user, and I don't see how that could work if lighttpd used a different user: https://wiki.mageia.org/en/Web_applications_policy This policy was crafted with apache in mind only, not all available web servers. And its explicitely refers to apache integration, not generic webserver compatibility. For instance, the configuration file provided is apache-specific. Even if we have compatible file permissions, and if we asked packagers to also provide a default lighttpd configuration file (slighly more work), that would still be mostly theorical compatibility without actual testing from the packagers (many more work). So, rather than a potential compatibility, without documented limits, should we rather not make clear than adapting our web applications package to any other web server than apache is fully up to the end user ? It is rather easy for the user to create a lighttpd configuration file themselves etc, however it is much more difficult for the user to start changing/guessing the needed file permissions for the larger applications. Also, any changes would be overwritten by any upgrade, which is quite bad IMO. (and yes, I do have seen actual users using lighttpd with our webapp packages) -- Anssi Hannula
Re: [Mageia-dev] lighttpd and others now require apache
On 03/16/2012 01:00 PM, Malo wrote: It's better for now to say that web apps are packaged for apache, and maybe, in the wiki, people can write how to adapt to other web servers. Maybe the approach used for the backuppc package is a good compromise: The package contains and installs the apache server definition. But the package also contains a README.MGA file that - among other items - contains a recommendation on how to create a backuppc server for lighttpd. This approach is perfectly in line with the packaged-for-apache concept, and it makes life easy for users who - for whatever reason - need to run lighttpd. The mageia wiki is great, and there is interest to push people to go to the wiki. But a README file that comes with the package is the first place where a user will look for this kind of information; and it is more likely to get updated with a new release of backuppc than a - separate - page in the wiki. Juergem
Re: [Mageia-dev] lighttpd and others now require apache
16.03.2012 19:47, Juergen Harms kirjoitti: On 03/16/2012 01:00 PM, Malo wrote: It's better for now to say that web apps are packaged for apache, and maybe, in the wiki, people can write how to adapt to other web servers. Maybe the approach used for the backuppc package is a good compromise: The package contains and installs the apache server definition. But the package also contains a README.MGA file that - among other items - contains a recommendation on how to create a backuppc server for lighttpd. This approach is perfectly in line with the packaged-for-apache concept, and it makes life easy for users who - for whatever reason - need to run lighttpd. The mageia wiki is great, and there is interest to push people to go to the wiki. But a README file that comes with the package is the first place where a user will look for this kind of information; and it is more likely to get updated with a new release of backuppc than a - separate - page in the wiki. This doesn't work for webapps that need server-writable directories/files that are owned by the server user, since any changes to the ownerships the user makes would be overridden on upgrade. Hence I suggest a single user id to be used. (I'm fine with any other solution which works as well) -- Anssi Hannula
Re: [Mageia-dev] lighttpd and others now require apache
Le 08/03/2012 16:47, Guillaume Rousse a écrit : Le 08/03/2012 16:13, Pascal Terjan a écrit : On Thu, Mar 8, 2012 at 14:57, Romain d'Alvernyrdalve...@gmail.com wrote: On Thu, Mar 8, 2012 at 15:02, Guillaume Rousseguillomovi...@gmail.com wrote: Le 08/03/2012 14:38, Pascal Terjan a écrit : And for /var/www/html This should really be a server-neutral thing (with a better name for the user, like www-data) but I never took the time to do it :( What is needed exactly by various web servers ? I really doubt anything else as apache requires apache configuration file. And if it is just a /var/www/html directory, there is no use to have a dependency for something any sysadmin is able to create himself. It helps when it works out of the box. A user may not be aware, at first, that a /var/www/html has to be created + an index.html file put in it, to see its Web server work. It's a good default behaviour confirming the install succeeded and that the server works, it saves a few seconds to everyone trying/doing it first. Now, maybe each web server package should check if this /var/www/html directory exists and create it if needed (or have /var/www/apache, /var/www/lighttpd, etc.)? Or should that be better handled by a separate unique package? I would prefer a package providing a web user and a default webroot. Else we can have such shared user created in each of the packages... It would be annoying to have to chown the writable directories when switching between servers. Fine with me. Well, some days ago I pushed a 'webserver-base' package, with the following elements: - /var/www and /var/www/html directories - 'apache' user - index.html page I've been curious, however, at the exact amount of shared elements our various webservers packages currently use. And actually, only two (apache and lighttpd) do share user and document root, the two others (nginx and cherookee) being totally independant. In Fedora, they are all independant. So I'd rather revert the change, and make lighttpd autonomous also. Unless someone can convince me there is an advantage having lighttpd executing as 'apache' :) -- BOFH excuse #35: working as designed
Re: [Mageia-dev] lighttpd and others now require apache
On Thu, Mar 15, 2012 at 21:51, Guillaume Rousse guillomovi...@gmail.com wrote: So I'd rather revert the change, and make lighttpd autonomous also. Unless someone can convince me there is an advantage having lighttpd executing as 'apache' :) Ah, interesting point. Should two or more different webservers run at the same time (may happen for server static and dynamic contents, for instance, or for different services), shouldn't they run under distinct users?
Re: [Mageia-dev] lighttpd and others now require apache
On 08.03.2012 14:33, Anssi Hannula wrote: 08.03.2012 13:48, kamil kirjoitti: Name: rutorrentRelocations: (not relocatable) Version : 3.4 Vendor: Mageia.Org [...] kamilkamil 3.4-2.mga2: + Revision: 221417 - fix a requirement and use now apache (apache-conf is obsoleted by apache) WTF, so e.g. lighttpd requires apache now? Isn't that a bit strange? (rutorrent only required 'apache-conf' for the apache user, and I guess the same was true for lighttpd) From the Apache .spec: Summary:The most widely used Web server on the Internet Name: apache (...) Obsoletes: apache-conf
Re: [Mageia-dev] lighttpd and others now require apache
On 08.03.2012 14:43, Kamil Rytarowski wrote: On 08.03.2012 14:33, Anssi Hannula wrote: 08.03.2012 13:48, kamil kirjoitti: Name: rutorrentRelocations: (not relocatable) Version : 3.4 Vendor: Mageia.Org [...] kamilkamil 3.4-2.mga2: + Revision: 221417 - fix a requirement and use now apache (apache-conf is obsoleted by apache) WTF, so e.g. lighttpd requires apache now? Isn't that a bit strange? (rutorrent only required 'apache-conf' for the apache user, and I guess the same was true for lighttpd) From the Apache .spec: Summary:The most widely used Web server on the Internet Name: apache (...) Obsoletes: apache-conf * Thu Sep 01 2011 guillomovitch guillomovitch 2.2.20-2.mga2 + Revision: 137745 - merge apache-conf and apache-base, to reduce dependencies hell - rework dependencies to a comprehensive model: apache is an empty package, requiring the configuration, the modules and an engine - rework post/preun scripts to use 'service httpd condrestart' - ensure post/preun dependencies consistency with post/preun scriptlets - simplify macros mess - stop preventing initscript to be localized
Re: [Mageia-dev] lighttpd and others now require apache
Le 08/03/2012 14:38, Pascal Terjan a écrit : On Thu, Mar 8, 2012 at 13:33, Anssi Hannulaan...@mageia.org wrote: 08.03.2012 13:48, kamil kirjoitti: Name: rutorrentRelocations: (not relocatable) Version : 3.4 Vendor: Mageia.Org [...] kamilkamil 3.4-2.mga2: + Revision: 221417 - fix a requirement and use now apache (apache-conf is obsoleted by apache) WTF, so e.g. lighttpd requires apache now? Isn't that a bit strange? (rutorrent only required 'apache-conf' for the apache user, and I guess the same was true for lighttpd) And for /var/www/html This should really be a server-neutral thing (with a better name for the user, like www-data) but I never took the time to do it :( What is needed exactly by various web servers ? I really doubt anything else as apache requires apache configuration file. And if it is just a /var/www/html directory, there is no use to have a dependency for something any sysadmin is able to create himself. -- A dropped nut will seek the least level of accessibility -- Assembly General Shefields Corollaries n°5
Re: [Mageia-dev] lighttpd and others now require apache
On Thu, Mar 8, 2012 at 14:57, Romain d'Alverny rdalve...@gmail.com wrote: On Thu, Mar 8, 2012 at 15:02, Guillaume Rousse guillomovi...@gmail.com wrote: Le 08/03/2012 14:38, Pascal Terjan a écrit : And for /var/www/html This should really be a server-neutral thing (with a better name for the user, like www-data) but I never took the time to do it :( What is needed exactly by various web servers ? I really doubt anything else as apache requires apache configuration file. And if it is just a /var/www/html directory, there is no use to have a dependency for something any sysadmin is able to create himself. It helps when it works out of the box. A user may not be aware, at first, that a /var/www/html has to be created + an index.html file put in it, to see its Web server work. It's a good default behaviour confirming the install succeeded and that the server works, it saves a few seconds to everyone trying/doing it first. Now, maybe each web server package should check if this /var/www/html directory exists and create it if needed (or have /var/www/apache, /var/www/lighttpd, etc.)? Or should that be better handled by a separate unique package? I would prefer a package providing a web user and a default webroot. Else we can have such shared user created in each of the packages... It would be annoying to have to chown the writable directories when switching between servers.
Re: [Mageia-dev] lighttpd and others now require apache
On 08.03.2012 15:57, Romain d'Alverny wrote: It helps when it works out of the box. +1 A user may not be aware, at first, that a /var/www/html has to be created + an index.html file put in it, to see its Web server work. It's a good default behaviour confirming the install succeeded and that the server works, it saves a few seconds to everyone trying/doing it first. It can save hours to less experienced users (who just wonder why there isn't it works page in Mageia). Now, maybe each web server package should check if this /var/www/html directory exists and create it if needed (or have /var/www/apache, /var/www/lighttpd, etc.)? It will be easier to maintain just one single package and add one common requirement then syncing different http services. Or should that be better handled by a separate unique package? +1
Re: [Mageia-dev] lighttpd and others now require apache
Le 08/03/2012 15:57, Romain d'Alverny a écrit : It helps when it works out of the box. A user may not be aware, at first, that a /var/www/html has to be created + an index.html file put in it, to see its Web server work. It's a good default behaviour confirming the install succeeded and that the server works, it saves a few seconds to everyone trying/doing it first. My point was just 'if only a directory is needed, just add it to basesystem, and don't create another package just for this'. -- Every activity takes more time than you have -- Murphy's In Laws n°3
Re: [Mageia-dev] lighttpd and others now require apache
On Thu, Mar 8, 2012 at 16:48, Guillaume Rousse guillomovi...@gmail.com wrote: My point was just 'if only a directory is needed, just add it to basesystem, and don't create another package just for this'. Ah, yes. Why not too. It doesn't take much room.
Re: [Mageia-dev] lighttpd and others now require apache
On 08/03/12 17:19, Romain d'Alverny wrote: On Thu, Mar 8, 2012 at 16:48, Guillaume Rousse guillomovi...@gmail.com wrote: My point was just 'if only a directory is needed, just add it to basesystem, and don't create another package just for this'. Ah, yes. Why not too. It doesn't take much room. +1 And what about user? lighttpd uses apache user, no? -- Malo