* You are binding an interface in you virtual hosts. * You must add rc_need="net.FOO" to your /etc/conf.d/apache2 * where FOO is the interface(s) providing the following address(es): * *:8433 [ ok ] *:8433 is in fact 0.0.0.0 or :: so is ANY. Looking at /etc/init.d/apache2: 40 for x in $(virtualhosts 2>/dev/null | grep '^\(\[\|\*:\|\)[[:digit:]]' | sed 's@\(:[[:di git:]]\{1,5\}\)\([[:space:]].*\|$\)@\1@' | sort -u) ; do 41 case "${x}" in 42 \*:80|\*:443) ;; 43 *) warn_addr="${warn_addr} ${x}" ;; 44 esac 45 done Instead of \*:80|\*:443 one could do \*:*, or one could even go a completely different way and replace the entire above setup with: warn_addr="$(virtualhosts 2>/dev/null | sed -nre 's/^([^ *]+:[0-9]+)[[:space:]].*/\1/p' | tr '\n' ' ')" If you prefer to only list the IP addresses, then just move the closing bracket in sed to before the : Reproducible: Always
sorry for the poor wrapping.
I don't mind either way as long as you do a PR ;)
Created attachment 869038 [details] gentoo patches distfile Hi, The init script is supposed to be at https://dev.gentoo.org/~polynomial-c/dist/apache/gentoo-apache-2.4.46-r6-20210212.tar.bz2 if I read the apache-2 eclass correctly, but I get a 404 for that URL. Refer #gentoo-proxy-maint IRC discussion. Please deploy attachment to https://dev.gentoo.org/~sam/dist/apache/. I notice you use ${CAT}/${PN} which I actually like more, if you prefer I can update the PR to adjust the eclass for that since the current URLs here would be 404 anyway, meaning this should not be a problem. I don't have dev spaces as required by the apache eclass, even though I would be happy to host an replacement on https://downloads.uls.co.za/gentoo/... but I don't think that this should happen here. If my maintainer quiz was sorted and I had access I'd make the bump and deploy to devspaces and issue a PR. diff as from git diff in /etc (Yes, /etc is git version controlled :). --- a/init.d/apache2 +++ b/init.d/apache2 @@ -36,13 +36,8 @@ depend() { use dns entropy logger mysql netmount postgresql after sshd if ! echo ${rc_need} | grep -Fq "net." ; then - local x warn_addr - for x in $(virtualhosts 2>/dev/null | grep '^\(\[\|\*:\|\)[[:digit:]]' | sed 's@\(:[[:digit:]]\{1,5\}\)\([[:space:]].*\|$\)@\1@' | sort -u) ; do - case "${x}" in - \*:80|\*:443) ;; - *) warn_addr="${warn_addr} ${x}" ;; - esac - done + local warn_addr + warn_addr="$(virtualhosts 2>/dev/null | sed -nre 's/^([^ *]+:[0-9]+)[[:space:]].*/\1/p' | tr '\n' ' ')" if [ -n "${warn_addr}" ] ; then need net ewarn "You are binding an interface in you virtual hosts." This should be the ONLY change to files in the archive. PR to bump to follow.
https://dev.gentoo.org/~sam/dist/apache/gentoo-apache-2.4.57-20230831.tar.bz2 The PR depends on this exact URL, unless the GENTOO_DEVELOPER line in the new ebuild gets adjusted.
Could you add the patch to /etc/init.d/apache2 as a separate file please? Adding it in the comments does not work due to wrapping, and I'm not sure how to handle the whole tar file you did upload. Having just the patch will make it a lot easier to test it and we'll deal with the dist tarball later. It is also not clear to me what problem you are trying to fix and why the proposed changes are solutions to that problem, so some extra explanation would be helpful.
Created attachment 869069 [details, diff] diff of init script In my apache config I have: Listen 8443 <VirtualHost *:8443> ... </VirtualHost> This causes the old code to warn that I need and explicit rc need for net.something, which is not true.
(In reply to Jaco Kroon from comment #6) > Created attachment 869069 [details, diff] [details, diff] > diff of init script > > In my apache config I have: > > Listen 8443 > > <VirtualHost *:8443> > ... > </VirtualHost> > > This causes the old code to warn that I need and explicit rc need for > net.something, which is not true. Thanks, that helps. So we are fixing two things here: 1) we don't special case ports 80 and 443 (by not warning on a generic bind to "*"), but instead we treat all ports the same. 2) we only show the warning on non-generic binds (i.e. a bind to an IP address) since that requires the specific interface to be up first.
The canonical source for the apache gentoo tarball appears to be in https://gitweb.gentoo.org/proj/apache.git/ I'll see if I can get access to that and work from there.
(In reply to Hans de Graaff from comment #8) > The canonical source for the apache gentoo tarball appears to be in > https://gitweb.gentoo.org/proj/apache.git/ > > I'll see if I can get access to that and work from there. Would be great if we can get that re-rooted into https://github.com/gentoo/, but I suspect gitweb.gentoo.org remains the official git repository for location for gentoo and it's only some repo's that are exposed via github? Any chance we could pitch to have more of them exposed this way? Then I (and others like me) could provide PRs for these directly?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/apache.git/commit/?id=f57b703d2da4f9419b42795e01c748c6e6015bc5 commit f57b703d2da4f9419b42795e01c748c6e6015bc5 Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2023-09-03 07:34:35 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-09-03 07:34:35 +0000 Fix interface binding check in init.d file Fix two issues with the interface binding check: 1) don't special case ports 80 and 443 since the interface requirement also applies to all other ports. 2) on show the warning for non-generic binds (i.e. binding a specific IP address) since that requires the associated interface to be up first. Bug: https://bugs.gentoo.org/913227 Bug: https://github.com/gentoo/gentoo/pull/32529 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Signed-off-by: Hans de Graaff <graaff@gentoo.org> 2.4/init/apache2.initd | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=417af22f0cbdcff21d5e361710432bdae8915200 commit 417af22f0cbdcff21d5e361710432bdae8915200 Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2023-09-03 08:07:20 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-09-03 08:09:29 +0000 www-servers/apache: fix interface warning and update default ssl conf Fix the warning about interfaces for non-default ports and only show it when binding IP addresses. Update the default SSL configuration according to the mozilla intermediate settings. Closes: https://bugs.gentoo.org/913227 Signed-off-by: Hans de Graaff <graaff@gentoo.org> www-servers/apache/Manifest | 1 + www-servers/apache/apache-2.4.57-r2.ebuild | 260 +++++++++++++++++++++++++++++ 2 files changed, 261 insertions(+)
