[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Solutions for the Apache upgrade hell

On 23.07.2014 01:19, Christian Hofstaedtler wrote:
> Possible radical solution: abandon old apache binary package names
> [of those that ship conffiles], introduce a new set of names,
> Conflict/Break (but not Replace?) the old ones and have all modules
> depend on the new packages.
> 3rdparty module packages will then prevent upgrades or get
> deinstalled, and users get a fresh config that works, but may not do
> anything useful.

That's exactly what we do. The Apache2 (Wheezy) packaging is a bit

- apache2: empty meta package
- apache2.2-common: conffiles, MPM management, executables, init
scripts, maintainer scripts
- apache2.2-bin: modules and executables outside $PATH

Third party packages depend on apache2.2-common as they interact with
a2enmod, .load files etc.

Apache 2.4 packaging (Jessie) is

- apache2: maintainer scripts, conffiles
- apache2-bin: binaries, modules
- apache2-data shared arch:all data

In Wheezy, modules depend on apache2.2-common for historical reasons (I
guess, this predates my involvement into the package). For the upgrade
we need to get rid of those modules, as their ABI is not compatible to
Apache 2.4. At runtime this will fail to run, with Apache erroring out
because of incompatible shared module libraries being loaded into the

Therefore, we must get rid of the apache2.2-common package so that dpkg
forces removal of those module depending on that. If we Provide:
apache2.2-common in apache2, dpkg would consider the dependency
satisfied and we run into the same problem again. Likewise, if we add a
transitional package depending on apache2 [1].

Now, the usual upgrade process is this (consider related transitional
packages are in place to make this happen):

- install apache2{-bin,-data}
- preinst apache2 checks the apache2.2-common conffiles and transitions
them to apache2 by taking them over
- force removal of old modules as there is no apache2.2-common anymore
- postinst apache2 refreshes our stuff, does lots of upgrade handling etc

However, if you call aptitude --purge-unused:

- apt purges apache2.2-common. This calls apache2.2-common's postrm
purge, wiping all our configuration
- install apache2{-bin,-data}
- preinst apache2 detects an upgrade, but has no clue about the previous
state, because apt purged everything before we could look at it
- force removal of old modules as there is no apache2.2-common anymore
- postinst apache2 is a bit helpless and works through, but does not
treat the installation as new and does therefore not set system defaults
as it thinks "we're upgrading"

As soon as we add in addition to all this cruft an apache2.2-common
transitional package, apt does not purge the package anymore, and we can
properly upgrade. However, this comes at the side effect, that all old
and ABI breaking modules aren't forcibly removed causing havoc at
runtime later unless we add lots of versioned breaks [2].

[1] which is in NEW as of today by the way

with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: