[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#916750: marked as done (lighttpd: reorganize lighttpd binary packages to reduce dependencies (ldap/mysql) and package count)

Your message dated Mon, 7 Jan 2019 09:37:21 +0100
with message-id <20190107083721.aarzz7lhwapyirzj@laureti-dev>
and subject line Re: Bug#916750: lighttpd: reorganize lighttpd binary packages to reduce dependencies (ldap/mysql) and package count
has caused the Debian Bug report #916750,
regarding lighttpd: reorganize lighttpd binary packages to reduce dependencies (ldap/mysql) and package count
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
916750: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916750
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: lighttpd
Version: 1.4.52-1

It has come up that lighttpd's binary packages are organized
suboptimally. I'm creating this bug report to discuss a better
organization and have X-Debbugs-Cced some interested parties. Please
forward the bug to other interested parties that you may know of.

Problem #1:

Some upload since stretch added the mod_vhostdb_* modules including
mod_vhostdb_ldap.so and mod_vhostdb_mysql.so. Therefore lighttpd now
depends on libldap and libmariadbclient. That produces an unreasonable
installation size for embedded uses. Multiple people (including Stefan
Bühler, Glenn Strauss and myself) have requested to shrink this.

Problem #2:

lighttpd presently produces 11 binary packages. That's quite many for an
otherwise small package. Adding binary packages has a metadata cost to
the Debian archive that affects everyone (not just lighttpd users). We
should seek to reduce the package count.

Are there more problems?

Fixing the first problem likely involves making the second problem
worse. We should seek to avoid that.

With regard to fixing this my first proposal builds on the existing
practise to put mod_foo.so into lighttpd-mod-foo: Let every binary
package build from src:lighttpd have Provides for the modules that it
ships. For the present lighttpd-mod-* packages, no Provides are needed.
Only the main lighttpd package needs a pile of provides. A README.Debian
should explain that you should use these virtual packages in Depends
rather than e.g. "Depends: lighttpd (>=
$version_that_introduced_mod_foo)".

Given that lighttpd modules are comparatively small (some tens of KB), I
suggest that grouping them by their main dependency would make sense.
The fairly obvious consequences would be:
 * lighttpd-modules-mysql: mod_authn_mysql, mod_mysql_vhost,
   mod_vhostdb_mysql
 * lighttpd-modules-ldap: mod_authn_ldap, mod_vhostdb_ldap
 * lighttpd (base package): mod_access, mod_accesslog, mod_alias,
   mod_auth, mod_authn_file, mod_cgi, mod_dirlisting, mod_evasive,
   mod_evhost, mod_expire, mod_extforward, mod_fastcgi,
   mod_flv_streaming, mod_indexfile, mod_proxy, mod_redirect,
   mod_rewrite, mod_rrdtool, mod_scgi, mod_secdownload, mod_setenv,
   mod_simple_vhost, mod_sockproxy, mod_ssi, mod_staticfile, mod_status,
   mod_uploadprogress, mod_userdir, mod_usertrack, mod_vhostdb,
   mod_wstunnel
 * The modules mod_authn_gssapi, mod_cml, mod_geoip, mod_magnet,
   mod_trigger_b4_dl and mod_webdav presently have their own binary
   packages and they each have significant library piles. Maybe it is
   best to leave these as is.
 * The remaining modules are mod_compress, mod_deflate and mod_openssl.
   These pull zlib1g, libbz2-1.0 and libssl1.1. At least the first two
   are transitively essential already and mod_openssl seems to be very
   popular, so it likely is best to leave them with the main binary
   package.

Resulting changes:
 * Merge lighttpd-mod-authn-mysql and lighttpd-mod-mysql-vhost together
   into lighttpd-modules-mysql.
 * Rename lighttpd-mod-auth-ldap to lighttpd-modules-ldap.
 * Add 3 transitional dummy packages for the removed/renamed packages.
 * Move mod_vhostdb_mysql and mod_vhostdb_ldap to the new packages.

-> mysql and ldap depends removed from lighttpd
-> +2 binary packages for buster
-> -3 binary packages for bullseye
-> Due to Provides (see above), rdeps don't have to change.

Then Stefan and Glenn proposed adding new modules:
 * mod_vhostdb_dbi
 * mod_vhostdb_pgsql
 * mod_authn_pam
 * mod_authn_sasl

Here it is less clear how to organize them. mod_cml and
mod_trigger_b4_dl each use libsasl2 (via libmemcached).
mod_vhostdb_pgsql is likely the only module that links postgres, so
likely it'll deserve a binary package.

How bad would it be to simply not ship these four packages in buster (as
is presently the case) and add them for bullseye? Which ones do we
really need for buster? Did I miss anything?

Please reply in a timely manner to allow implementing as much of the
changes as possible before the buster release.

Helmut

--- End Message ---
--- Begin Message --- 
Version: 1.4.52-2+exp2

On Fri, Jan 04, 2019 at 08:36:53AM +0100, Helmut Grohne wrote:
> a copyright update seems prudent. So we need two further changes. Unless
> I hear something, I'll go ahead with an upload to experimental soon.

That went faster than expected. We've got the reorganization in
experimental now.

Helmut

--- End Message ---
Reply to: