Re: Reworking the Apache package (with patches)
first of all, thank you very much for your help. I won't have time to
look at your patches in detail before next week-end, but here are some
On Monday 05 December 2011, Arno Töll wrote:
> This is a list of major changes:
> * I changes the source package type from 1.0 to 3.0. Thus, I
> dropped the dpatch dependency. While doing so I refreshed all
> patches and sorted out the dpatch
> "patches-which-are-actually-scripts" thingies. The branding patch
> was removed by me. Instead I'm doing the branding in the rules
> file. The suexec stuff happens in a rules target now, similar to
> the itk patch.
> * I dropped build hardening flags, they are injected by
> dpkg-buildflags now.
> * Since the 3.0 source format supports binaries, the uuencoded
> images are now shipped (and copied) as is in the Debian package.
> This also solves #649888 partially
> * I reworked the rules file entirely. It is now using the short
> dh(1) syntax and (a lot of) overrides. Much magic still happens in
> custom targets which are filed as dependencies to some targets.
> Knowing the older rules you will recognize many fragments of it.
> Some parts have also been moved to package.debhelper.files where
> possible. I also removed most DEB_BUILD_OPTIONS processing as dh
> mostly takes care.
Not sure about this one. Last time I talked to Joey H. about this, he
recommended using the traditional debhelper style and not dh for
packages that rebuild the source several times. But that was quite
some time ago and dh has evolved a lot since then. I will have to look
at the result in more detail.
Have you tried building with -j8? This gives a huge speed-up with the
old package because all 4 configure runs are done in parallel.
> I didn't find any regressions and the new rules file seems to
> produce the very same binary package, but you still might want to
> double-check that.
> * I cleaned up the convert_docs Perl script. It does not rely on
> any Makefile magic anymore and creates the expected output by
> passing it a single untouched directory. Also it does not use any
> shell calls anymore.
> * I fixed #590096 by adding a run-parts hook as suggested. A quick
> survey discloses: nginx did so as well, at Lighttpd we rejected
> that patch (though I wasn't involved in that decision). I won't
> mind if you prefer to reject that patch. Then I would close the
> bug with wontfix.
I have no problems in principle. But are you sure that logrotate won't
get confused about a sub-directory in /etc/logrotate.d/? It interprets
all files in that dir as config files and in my experience, you can't
assume that logrotate handles its config in a sane way. We could use a
subdir in /etc/apache2 instead.
> * I fixed #440058 by changing the DefaultType. That change seems
Not sure. Upstream leaves this untouched in 2.2.x but changes it in
2.4. Maybe we should do the same.
> * I made some cosmetic changes. For example I removed redundant
> priorities in debian/control and removed Lintian overrides not
> needed anymore.
> Note I didn't commit anything to the VCS (I couldn't either - I am
> not member of the packaging team on Alioth yet. According to
> Stefan's policy, he said he won't do so until I made a few
> contributions) nor did I add myself to Uploaders. That makes the
> patch formally a NMU but I didn't version it that way.
I will add you. Please apply to the alioth project.
> Moreover, I took a look at several bugs. I'll do as indicated
> unless someone opposes:
> #557612 During package upgrade, apache2 is stopped, but not started
> * dh_installinit already has --no-restart-on-upgrade (I made
> that more clear) this avoids the problem entirely
> * fixed already, thus close
I don't think that it is fixed. IIRC the --no-restart-on-upgrade is
because the restarting is done in a different package than the one
that contains the init script. Therefore debhelper's auto-generated
scriptlets wouldn't work.
But I am not sure that we should fix it, either. I would prefer a
Debian global solution or at least policy. Do you know if there are
any other daemons that do this?
> #589638 apache2: Generally useful options currently set in
> sites-available/default should be moved to included file
> * undecided, probably wontfix?
Leave that open for now. We will probably rework the vhost configs
with 2.4, and who knows what we will come up with.
> #426426 SetEnv PERL5LIB ... cleaned by suEXEC
> * wontfix (aka: This is by design)
> #391290 please ship sample rewrite.conf w/ examples
> * wontfix
> * better alternatives exist
> #341022 default apache2.conf file should deny access to /
> * Lenny was a while ago, do that now, possibly file bugs on
> reverse dependencies?
Not yet. All reverse deps will need to be changed with 2.4, anyway,
and we should try that they only need to be changed once. Besides,
with 2.2 and non-trivial auth configuration, having access denied on /
by default either does not do much good or is a PITA. 2.4's auth/authz
handling is way more flexible.
BTW, I had TODO lists in the wiki for Lenny and Squeeze . Do you
think it would make sense to have that for Wheezy again?