Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 505020 - >=www-servers/apache-2.4 - add USE=apache2_modules_lua
Summary: >=www-servers/apache-2.4 - add USE=apache2_modules_lua
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal enhancement
Assignee: Apache Team - Bugzilla Reports
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-18 21:02 UTC by Sandu Adrian
Modified: 2021-01-26 11:00 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sandu Adrian 2014-03-18 21:02:39 UTC 
An useflag for enabling mod_lua ( --enable-lua or --enable-mods-shared=lua... ) would be nice since it's in the apache archive but there's no way to easily enable it.
I usually manually get the archive for the version I emerge and manually add the module..

Maybe a flag "all_shared" ( which compiles apache with -enable-mods-shared=all. ) for other people that might want other modules that don't have a use flag... 

Reproducible: Always
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2014-04-25 19:23:56 UTC 
To be honest, I have very mixed feelings about adding this module to the apache ebuild. Looking at [1] you can find the following statement I'd like to quote in its entire length:


### BEGIN QUOTE ###
mod_lua is still in experimental state. Until it is declared stable, usage and behavior may change at any time, even between stable releases of the 2.4.x series. Be sure to check the CHANGES file before upgrading.

Warning
This module holds a great deal of power over httpd, which is both a strength and a potential security risk. It is not recommended that you use this module on a server that is shared with users you do not trust, as it can be abused to change the internal workings of httpd.
### END QUOTE ###


[1] http://httpd.apache.org/docs/current/mod/mod_lua.html
Comment 2 Sandu Adrian 2014-06-27 22:56:53 UTC 
True. But it is available in the httpd.tar.gz from the site.

It's the user's responsability to add it or not. Also, it can change the behaviour, true, but it's the user's responsability to update its scripts. It can break/make it unsecure as best as the user's scripts are and depending on who has access to them. Just like php.

I guess a big fat warning about it and links to the official warnings when enabling the mod would suffice to make admins aware of the problems.
Comment 3 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2021-01-26 11:00:05 UTC 
commit b227bff59863010276913a7bfdf0834ceee52a09
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Tue Jan 26 11:46:37 2021

    base/package.use.mask: Masked apache2_modules_lua USE flag

    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

commit 8dfcbd2d7d9065dea01fb259896b433ead86630b
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Tue Jan 26 11:33:47 2021

    www-servers/apache: EAPI-7 revbump

    Added lua module support

    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>