Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 642688

Summary: www-servers/apache apache2_modules_authn_dbd require apr-util [sqlite||mysql||postgres]
Product: Gentoo Linux Reporter: Francesco Riosa <vivo75>
Component: Current packagesAssignee: Apache Team - Bugzilla Reports <apache-bugs>
Status: UNCONFIRMED ---    
Severity: normal CC: vivo75
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Francesco Riosa 2017-12-29 23:58:02 UTC
two small bugs will be discussed but they are closely related and should be fixed toghether.

1)
the first one is a runtime dependancy bug:
any "*dbd" module, for example "authn_dbd" is broken if dev-libs/apr-util has no database use flag.

the following configuration snippet for example _require_ USE=mysql  dev-libs/apr-util which will install "/usr/lib64/apr-util-1/apr_dbd_mysql.so".
apr_dbd_mysql.so is then dinamically loaded by /usr/lib64/apache2/modules/mod_authn_dbd.so.

DocumentRoot "/srv/www/example.com/public/"
<Directory "/srv/www/example.com/public/">
  Options +Indexes +FollowSymLinks
  AllowOverride All
  AuthDBDUserPWQuery "SELECT passwd FROM users WHERE username=%s LIMIT 1"
  <RequireAll>
    AuthType Basic
    AuthName "auth-example.com"
    AuthBasicProvider socache dbd
    AuthnCacheProvideFor dbd
    Require valid-user
  </RequireAll>
</Directory>

One, possibly both the following action should be taken by apache ebuild when *dbd is enabled.
a) the user should be einfo-rmed that *dbd apache2_modules require apr-util with database support
b) pkg_pretend() should check that apr-util has at least one database client library enabled and die() if it has not.

2)
The second one is related to "socache" module, it's a totally different module but very often used together with dbd auth (see previous snippet).

Problem is it's missing from /etc/httpd.conf, a section like the following should be added

<IfDefine CACHE>
LoadModule authn_socache_module modules/mod_authn_socache.so
</IfDefine>
Comment 1 Francesco Riosa 2017-12-30 00:15:07 UTC
http-01 /etc/apache2 # emerge --info apache
Portage 2.3.13 (python 3.6.3-final-0, features/compress, gcc-7.2.0, glibc-2.25-r9, 4.14.8 x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-4.14.8-x86_64-Intel-R-_Core-TM-_i7-3770_CPU_@_3.40GHz-with-gentoo-2.4.1
KiB Mem:    32628836 total,  10840408 free
KiB Swap:          0 total,         0 free
Timestamp of repository gentoo: Fri, 29 Dec 2017 17:15:01 +0000
Head commit of repository gentoo: 7343e29e1eab916e78d914d9e7758d9bc6aa2836
Timestamp of repository vivovl: Sun, 17 Dec 2017 16:38:06 +0000
Head commit of repository vivovl: d504fed0e3671137e37d7a1fabcf7ec22a1ef511
sh bash 4.3_p48-r1
ld GNU ld (Gentoo 2.29.1 p3) 2.29.1
app-shells/bash:          4.3_p48-r1::gentoo
dev-lang/perl:            5.24.3::gentoo
dev-lang/python:          2.7.14-r1::gentoo, 3.6.3-r1::gentoo
dev-util/cmake:           3.8.2::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.4.1-r2::gentoo
sys-apps/openrc:          0.34.11::gentoo
sys-apps/sandbox:         2.10-r4::gentoo
sys-devel/autoconf:       2.69::gentoo
sys-devel/automake:       1.15.1-r1::gentoo
sys-devel/binutils:       2.29.1-r1::gentoo
sys-devel/gcc:            7.2.0::gentoo
sys-devel/gcc-config:     1.8-r1::gentoo
sys-devel/libtool:        2.4.6-r3::gentoo
sys-devel/make:           4.2.1::gentoo
sys-kernel/linux-headers: 4.4::gentoo (virtual/os-headers)
sys-libs/glibc:           2.25-r9::gentoo
Repositories:

gentoo
    location: /var/portage/repos/gentoo
    sync-type: rsync
    sync-uri: rsync://transfer/gentoo-repos/gentoo
    priority: -1000
    sync-rsync-extra-opts:

vivovl
    location: /var/portage/repos/vivovl
    sync-type: rsync
    sync-uri: rsync://transfer/gentoo-repos/vivovl
    masters: gentoo
    sync-rsync-extra-opts:

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O3 -march=corei7 -pipe -frecord-gcc-switches -fdiagnostics-color=never"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/easy-rsa /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/mtab /etc/php/apache2-php7.1/ext-active/ /etc/php/cgi-php7.1/ext-active/ /etc/php/cli-php7.1/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O3 -march=corei7 -pipe -frecord-gcc-switches -fdiagnostics-color=never"
DISTDIR="/var/portage/distfiles"
EMERGE_DEFAULT_OPTS="--autounmask=n --ask-enter-invalid --usepkg --binpkg-respect-use=y --usepkg=y --binpkg-respect-use=y --getbinpkg=y --ask-enter-invalid --load-average=8 --jobs=2"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs buildpkg compress-build-logs compressdebug config-protect-if-modified distlocks ebuild-locks fail-clean fixlafiles merge-sync multilib-strict news noinfo parallel-fetch preserve-libs protect-owned sandbox sfperms split-elog split-log splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
INSTALL_MASK="/usr/share/man         /usr/share/info         /usr/share/doc         /usr/share/bash-completion         /usr/lib64/systemd         /etc/logrotate.d         /etc/xinetd.d"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j1 -l8"
PKGDIR="/var/portage/packages"
PORTAGE_COMPRESS="xz"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="acl acpi amd64 berkdb bzip2 caps cli cracklib crypt cxx dri fortran gdbm iconv ipv6 lxc-container lzma mmx modules ncurses nptl openmp pcre python readline seccomp session snmp sse2 sse3 ssl tcpd threads unicode xattr zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_core authn_dbm authn_file authz_core authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif socache_shmcb speling status unique_id unixd userdir usertrack vhost_alias http2 log_forensic reqtimeout dbd authn_dbd authz_dbd cache_socache asis proxy proxy_ajp proxy_balancer proxy_connect proxy_fcgi ratelimit slotmem_shm" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64 efi-32 pc qemu" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" L10N="en" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-1" POSTGRES_TARGETS="postgres9_5" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python3_6 python2_7" RUBY_TARGETS="ruby22" USERLAND="GNU" VIDEO_CARDS="dummy qxl amdgpu fbdev intel nouveau radeon radeonsi v4l vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

=================================================================
                        Package Settings
=================================================================

www-servers/apache-2.4.27-r1::gentoo was built with the following:
USE="ssl threads -debug -doc -ldap -libressl (-selinux) -static -suexec" APACHE2_MODULES="actions alias asis auth_basic authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authz_core authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cache_socache cgi cgid dav dav_fs dav_lock dbd deflate dir env expires ext_filter file_cache filter headers http2 include info log_config log_forensic logio mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_fcgi ratelimit reqtimeout rewrite setenvif slotmem_shm socache_shmcb speling status unique_id unixd userdir usertrack vhost_alias -access_compat -auth_digest -cache_disk -cern_meta -charset_lite -dumpio -ident -imagemap -lbmethod_bybusyness -lbmethod_byrequests -lbmethod_bytraffic -lbmethod_heartbeat -macro -proxy_ftp -proxy_html -proxy_http -proxy_scgi -proxy_wstunnel -remoteip -substitute -version -xml2enc" APACHE2_MPMS="-event -prefork -worker"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--no-as-needed"
Comment 2 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2018-02-16 12:52:56 UTC
So which apr USE flags related to DBs can be taken into account for the *_dbd apache modules? Right now we have lots of them:

berkdb gdbm mysql postgres sqlite
Comment 3 Francesco Riosa 2018-02-16 15:20:23 UTC
looking into "configure" either one of these would satisfy:
apr_dbd_{oracle,pgsql,mysql,sqlite3,odbc}

The other seem to build a different "interface" apr_dbm

Notice that it's not a test for correctness, but for certain failure.

If the user want to use apache authn_dbd with /mysql/ _and_ build apr-util with support for /postgres/ than there is no way to catch this with dependancies. It's a runtime choice.

However in if apr-util is built with no dbd module then apache authn_dbd will certainly fail.