Bug 1042037 - Apache upgrade runs /usr/share/apache2/apache-22-24-upgrade and issues a2enmod: command not found
Apache upgrade runs /usr/share/apache2/apache-22-24-upgrade and issues a2enmo...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Apache
Leap 42.2
x86-64 openSUSE 42.2
: P5 - None : Normal (vote)
: ---
Assigned To: Petr Gajdos
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-05-31 17:33 UTC by Dario Savella
Modified: 2018-01-31 07:41 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dario Savella 2017-05-31 17:33:49 UTC
Whilst trying to find an explanation for a strange Apapche behaviour on my localhost, I checked /var/log/zypp/history because I suspected a recent upgrade changed something.
I noticed the last upgrade showed the following messages:

2017-03-31 13:02:42|install|apache2-prefork|2.4.16-18.1|x86_64||repo-update|9c5fe817b809c573ee218a4115d9b77f74a5c6188f87dc65964a44e89438c7ff|
# 2017-03-31 13:02:42 Output of apache2-2.4.16-18.1.x86_64.rpm %posttrans script:
#     /usr/share/apache2/apache-22-24-upgrade: line 6: a2enmod: command not found
#     /usr/share/apache2/apache-22-24-upgrade: line 6: a2enmod: command not found
#     /usr/share/apache2/apache-22-24-upgrade: line 6: a2enmod: command not found
#     /usr/share/apache2/apache-22-24-upgrade: line 6: a2enmod: command not found
#     /usr/share/apache2/apache-22-24-upgrade: line 6: a2enmod: command not found
#     /usr/share/apache2/apache-22-24-upgrade: line 6: a2enmod: command not found
#     /usr/share/apache2/apache-22-24-upgrade: line 12: a2enmod: command not found
#     /usr/share/apache2/apache-22-24-upgrade: line 13: a2enmod: command not found
#     /usr/share/apache2/apache-22-24-upgrade: line 16: a2enmod: command not found
#     /usr/share/apache2/apache-22-24-upgrade: line 17: a2enmod: command not found
#     /usr/share/apache2/apache-22-24-upgrade: line 20: a2enmod: command not found
#     /usr/share/apache2/apache-22-24-upgrade: line 21: a2enmod: command not found
# 2017-03-31 13:02:42 apache2-2.4.16-18.1.x86_64.rpm %posttrans script failed (returned 127)

I am not 100% sure, but since the first ever logged entry in the file is dated 2015-10-29 20:39:33, I suspect that apache2-2.4.* was the first version ever installed on this machine, so:
- the update script should not be executed at all
- I can run a2enmod from root, so the script must be using the wrong user or path
Comment 1 Petr Gajdos 2017-06-07 09:37:38 UTC
(In reply to Dario Savella from comment #0)
> - the update script should not be executed at all

I cannot be sure from which age the sysconfig file content is. Anyway, I do not plan to implement some additional logic wrt this script as it will be dropped soon.

> - I can run a2enmod from root, so the script must be using the wrong user or
> path

Hmm, the package is installed as root, so the script is run as root, too (from %posttrans). You have not /usr/sbin in the path?
Comment 2 Petr Gajdos 2017-06-07 09:40:11 UTC
(In reply to Petr Gajdos from comment #1)
> (In reply to Dario Savella from comment #0)
> > - the update script should not be executed at all
> 
> I cannot be sure from which age the sysconfig file content is. Anyway, I do
> not plan to implement some additional logic wrt this script as it will be
> dropped soon.

(And, if you do not have any 2.2 specific module in sysconfig file, this simple script does just nothing.)
Comment 3 Petr Gajdos 2017-06-07 09:42:27 UTC
(In reply to Dario Savella from comment #0)
> # 2017-03-31 13:02:42 Output of apache2-2.4.16-18.1.x86_64.rpm %posttrans
> script:
> #     /usr/share/apache2/apache-22-24-upgrade: line 6: a2enmod: command not
> found

I do not have such errors in my zypp log (Tumbleweed though).
Comment 4 Dario Savella 2017-06-07 19:51:10 UTC
This error is not related with the issue (now fixed) that made me look at the zypp log in the first place.
I reported it only because it seems strange (to me) that (apparently) every update of the apache2 package runs it again.

I understand that if the modules to be removed are not there there's 'nothing to do', but that script also enables some modules (authn_core, authz_core, log_config) and that may alter an otherwise working configuration.

My logged-in root user has the following: PATH=/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games:/opt/bin:/opt/kde3/bin
Comment 5 Petr Gajdos 2017-06-09 08:25:21 UTC
(In reply to Dario Savella from comment #4)
> This error is not related with the issue (now fixed) that made me look at
> the zypp log in the first place.

I had understood that this way, yes.

> I reported it only because it seems strange (to me) that (apparently) every
> update of the apache2 package runs it again.

The logic is poor, yes. But it is there for a long time and there was similar one called apache-20-22-upgrade in the past, you can imagine its age. Nevertheless I have little motivation to change it as the script will be dropped soon anyway (after sle15) and I wish to not introduce similar one in the future.

> I understand that if the modules to be removed are not there there's
> 'nothing to do', but that script also enables some modules (authn_core,
> authz_core, log_config) and that may alter an otherwise working
> configuration.

I need to understand how.

> My logged-in root user has the following:
> PATH=/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/
> usr/bin/X11:/usr/games:/opt/bin:/opt/kde3/bin

Can not imagine what went wrong. I have not 42.1 at hand (it is not supported anynmore, by the way) but on 42.2 and I have no such error in zypp/history.
Comment 6 Dario Savella 2017-06-09 10:49:24 UTC
Since you asked, here's the second part of the script:

if ! a2enmod -q authn_core; then
  a2enmod authn_core
fi

if ! a2enmod -q authz_core; then
  a2enmod authz_core
fi

if ! a2enmod -q log_config; then
  a2enmod log_config
fi

If I disable the log_config module from my configuration, every upgrade will enable it again.

Anyway: I will see if I can close this bug, otherwise you will have to do it.

Thanks for the support
Comment 7 Petr Gajdos 2017-06-09 11:08:37 UTC
(In reply to Dario Savella from comment #6)
> if ! a2enmod -q authn_core; then
>   a2enmod authn_core
> fi
> 
> if ! a2enmod -q authz_core; then
>   a2enmod authz_core
> fi
> 
> if ! a2enmod -q log_config; then
>   a2enmod log_config
> fi
> 
> If I disable the log_config module from my configuration, every upgrade will
> enable it again.

I know, but I am just curious how this hits you.
 
> Anyway: I will see if I can close this bug, otherwise you will have to do it.

Feel free to keep it open.

> Thanks for the support

Not at all.
Comment 8 Dario Savella 2017-06-12 14:17:00 UTC
I think I misinterpreted those lines:

> if ! a2enmod -q log_config; then
>   a2enmod log_config
> fi

I see now that if the module is not already enabled, the script won't touch it.
Sorry...<sheepish look>
Comment 9 James Moe 2017-09-27 19:25:26 UTC
3 months later: The "bogus" messages still occur.

Output of apache2-2.4.23-8.12.1.x86_64.rpm %posttrans script:
  /usr/share/apache2/apache-22-24-upgrade: line 6: a2enmod: command not found
        ...more of the same...

a2enmod exists in the system at </usr/sbin/a2enmod>. Both user and root can find the app although the user invocation complains about it being in /usr/sbin/.
Comment 10 Petr Gajdos 2017-10-03 16:23:43 UTC
Tumbleweed:
I have removed apache-22-24-upgrade entirely. If there is someone migrating from 2.2, the configuration with old modules in APACHE_MODULES will just fail. This will force a user to think about there can be another configuration bits to be amended as well. Wrt missing authn_core or authz_core in APACHE_MODULES, we could perhaps implement warning or error-out directly in start_apache2, if demand will arise.

Leap:
Call a2enmod with full path, this should solve the original problem. If not, please reopen the bug.
Comment 11 Bernhard Wiedemann 2017-10-03 18:00:58 UTC
This is an autogenerated message for OBS integration:
This bug (1042037) was mentioned in
https://build.opensuse.org/request/show/530969 Factory / apache2
Comment 15 Swamp Workflow Management 2018-01-29 14:08:39 UTC
SUSE-SU-2018:0261-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1042037,1045160,1048575,1057406
CVE References: CVE-2017-7659,CVE-2017-9789
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    apache2-2.4.23-29.13.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    apache2-2.4.23-29.13.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    apache2-2.4.23-29.13.1
SUSE Linux Enterprise Server 12-SP3 (src):    apache2-2.4.23-29.13.1
SUSE Linux Enterprise Server 12-SP2 (src):    apache2-2.4.23-29.13.1
Comment 16 Swamp Workflow Management 2018-01-30 14:23:37 UTC
openSUSE-SU-2018:0291-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1042037,1045160,1048575,1057406
CVE References: CVE-2017-7659,CVE-2017-9789
Sources used:
openSUSE Leap 42.3 (src):    apache2-2.4.23-19.1