Removing web server dependencies from web apps

classic Classic list List threaded Threaded
47 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Removing web server dependencies from web apps

Thomas Goirand
Hi,

It's been a long time I'm thinking about writing a message like this one
to -devel. I hope I can convince others.

In many large installations, web servers are providing spaces in a chroot.

Myself, I use sbox (which I rewrote for a big part) to provide this to
my customers, so that each site that runs scripts (Perl, Python, Ruby or
PHP) can do so in a safe, secure, chroot environment. Since it would
otherwise take too much space to have a full debian chroot for each
site, I use AUFS to provide it. So I have a template operating system,
on which there is PHP, Ruby, Python and Perl support, all running as CGI.

I know others are using tools like php-fpm to achieve the same thing.

Running sites in a chroot environment is increasingly important
considering how much security issues are regularly discovered.

The issue is that most PHP packages in Debian have dependencies on web
servers, most of the time with something like this:

Depends: apache2 | httpd, libapache2-mod-php5 | php5-cgi

Also, it's very surprising to see that we have dependencies for web
servers, but most of the time *not* for mysql-server, which is as much
needed in order to run these applications. I really don't understand the
logic behind this.

But since I would install these packages in the chroot template, I *do
not* want to install apache there. The result is that I can't install
popuplar packages like wordpress, gallery, phpbb3 and so on, unless I
rebuild them and remove the "apache2 | httpd" dependency. I suspect that
I wouldn't be the only one with the issue.

Remember that a strong dependency is *forcing* users to install things,
and when, like here, it's going the wrong way for what one would do,
it's just *bad* (tm).

So, my suggestion would be to actually *remove* the dependency to the
web server (and move it as a Recommends: if you see fit...). I would
strongly advocate for this as being written in our beloved policy.

What do others think about this?

Cheers,

Thomas Goirand (zigo)


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/4F06A935.6040509@...

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Neil Williams-4
On Fri, 06 Jan 2012 15:56:37 +0800
Thomas Goirand <[hidden email]> wrote:

> The issue is that most PHP packages in Debian have dependencies on web
> servers, most of the time with something like this:
>
> Depends: apache2 | httpd, libapache2-mod-php5 | php5-cgi

Sounds like the situation for which equivs was designed.

> Remember that a strong dependency is *forcing* users to install things,

Not quite. A strong dependency requires that something with that name
is installed - it can just as easily be an empty package which just
matches the name. Put that package into your chroots and the problems
disappear.

> So, my suggestion would be to actually *remove* the dependency to the
> web server (and move it as a Recommends: if you see fit...). I would
> strongly advocate for this as being written in our beloved policy.

It depends which is more common - complex installations with a web
server available over IP but not visible to dpkg or simple
installations where the admin installing the application is also
responsible for setting up the virtual hosts etc.

How many of these packages do clever things upon installation like
setup their own virtual hosts or similar?

One reason why the database is not included in dependencies is dbconfig.
Whether that's a good thing or a bad thing is left as an exercise for
the reader.

--


Neil Williams
=============
http://www.linux.codehelp.co.uk/


attachment0 (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Aron Xu-2
On Fri, Jan 6, 2012 at 16:34, Neil Williams <[hidden email]> wrote:

> On Fri, 06 Jan 2012 15:56:37 +0800
> Thomas Goirand <[hidden email]> wrote:
>
>> The issue is that most PHP packages in Debian have dependencies on web
>> servers, most of the time with something like this:
>>
>> Depends: apache2 | httpd, libapache2-mod-php5 | php5-cgi
>
> Sounds like the situation for which equivs was designed.
>
>> Remember that a strong dependency is *forcing* users to install things,
>
> Not quite. A strong dependency requires that something with that name
> is installed - it can just as easily be an empty package which just
> matches the name. Put that package into your chroots and the problems
> disappear.
>

Disagrees. Debian can't require all users/administrators of a package
to learn how to
*make your own empty package* when the dependency is actually
unnecessary. It that
were me, I'll rebuild the webapp package and remove whatever I don't
like, which is
not reasonable for common users either.

I support to downgrade those Depends to Recommends.


--
Regards,
Aron Xu


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/CAMr=8w4pCnUUUCw+13aJHLtQ-ceut=QTzz7VK9nBQ+3Hud1LOA@...

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Miroslav Suchý-2
In reply to this post by Thomas Goirand
On 01/06/2012 08:56 AM, Thomas Goirand wrote:
> The issue is that most PHP packages in Debian have dependencies on web
> servers, most of the time with something like this:
>
> Depends: apache2 | httpd, libapache2-mod-php5 | php5-cgi

I would not say that your chroot setup is typical. Or common.
I would suggest creating your own empty apache2 package with version
9999, which you will install in this chrooted environment.

> Also, it's very surprising to see that we have dependencies for web
> servers, but most of the time*not*  for mysql-server, which is as much
> needed in order to run these applications. I really don't understand the
> logic behind this.

Because mysql-server can (and actually very often) is located on
different machine.

Mirek


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/4F06BAEF.5070209@...

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Tanguy Ortolo-5
In reply to this post by Thomas Goirand
Thomas Goirand, 2012-01-06 08:56+0100:
> Also, it's very surprising to see that we have dependencies for web
> servers, but most of the time *not* for mysql-server, which is as much
> needed in order to run these applications. I really don't understand the
> logic behind this.

The database server used by a given piece of software can be installed
on another system. The Web server cannot.

> But since I would install these packages in the chroot template, I *do
> not* want to install apache there. The result is that I can't install
> popuplar packages like wordpress, gallery, phpbb3 and so on, unless I
> rebuild them and remove the "apache2 | httpd" dependency. I suspect that
> I wouldn't be the only one with the issue.

This sounds like you are using your own crafted stuff to provide the
needs of your software stuff. Just like someone that would for instance
compile his own version of Python from sources. Well, in such a case I
see it as a will not to use the package manager, and thus your
responsibility to do whatever is needed to fool it. This is usually done
by creating fake empty packages, I guess.

> Remember that a strong dependency is *forcing* users to install things,
> and when, like here, it's going the wrong way for what one would do,
> it's just *bad* (tm).

No it is not. Using a package-based distribution that could take care of
dependencies and not using that feature is, however.

> So, my suggestion would be to actually *remove* the dependency to the
> web server (and move it as a Recommends: if you see fit...). I would
> strongly advocate for this as being written in our beloved policy.
>
> What do others think about this?

That it would be a very bad thing to do. Most users want to install
software so that it works without further questions. You are in a very
specific, specialized case, so you should be able to deal with it.

--
 ,--.
: /` )   Tanguy Ortolo <xmpp:[hidden email]> <irc://irc.oftc.net/Tanguy>
| `-'    Debian Developer
 \_


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/je6due$rqk$2@...

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Thomas Goirand-3
In reply to this post by Neil Williams-4
On 01/06/2012 04:34 PM, Neil Williams wrote:
> It depends which is more common

I don't see why we would steer on the direction of the most common
thing only. What we want is something that works all the time, no?
If we remote the web server dependency, it works all the time.

Don't you think that someone who can setup a PHP app, also knows
that it will need apache, and that apt-get install apache2 is quite an
easy thing to do?

If someone is can setup a PHP app, I think we can assume that he
also knows how to install apache.

> How many of these packages do clever things upon installation like
> setup their own virtual hosts or similar?
>  

None, because that's forbidden by the Debian policy.

> One reason why the database is not included in dependencies is dbconfig.
>  
Could you elaborate?

Thomas


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/4F06C5AE.1030505@...

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Thomas Goirand-3
In reply to this post by Miroslav Suchý-2
On 01/06/2012 05:12 PM, Miroslav Suchy wrote:
> On 01/06/2012 08:56 AM, Thomas Goirand wrote:
>> The issue is that most PHP packages in Debian have dependencies on web
>> servers, most of the time with something like this:
>>
>> Depends: apache2 | httpd, libapache2-mod-php5 | php5-cgi
>
> I would not say that your chroot setup is typical. Or common.

I tend to believe it becomes less and less truth.

> I would suggest creating your own empty apache2 package with version
> 9999, which you will install in this chrooted environment.

Yes, I think I'll do that, but I'm sure such hack isn't what we want to
advise in Debian in general.

>
>> Also, it's very surprising to see that we have dependencies for web
>> servers, but most of the time*not*  for mysql-server, which is as much
>> needed in order to run these applications. I really don't understand the
>> logic behind this.
>
> Because mysql-server can (and actually very often) is located on
> different machine.
>
> Mirek

I was expecting an answer like that (and was waiting for it). THANKS ! :)

That's what I don't get! I think using a remote MySQL is as uncommon as
a chrooted CGI environment. If we push for Apache / $web-server being
pulled so that $web-app would work out of the box with all needed
dependencies, then we should apply the same reasoning to the MySQL
server. There's no logic at all here.

Cheers,

Thomas


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/4F06C7AB.7080204@...

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Thomas Goirand-3
In reply to this post by Tanguy Ortolo-5
On 01/06/2012 05:12 PM, Tanguy Ortolo wrote:

> Thomas Goirand, 2012-01-06 08:56+0100:
>  
>> Also, it's very surprising to see that we have dependencies for web
>> servers, but most of the time *not* for mysql-server, which is as much
>> needed in order to run these applications. I really don't understand the
>> logic behind this.
>>    
> The database server used by a given piece of software can be installed
> on another system. The Web server cannot.
>  

See my reply to Miroslav about this.

>> But since I would install these packages in the chroot template, I *do
>> not* want to install apache there. The result is that I can't install
>> popuplar packages like wordpress, gallery, phpbb3 and so on, unless I
>> rebuild them and remove the "apache2 | httpd" dependency. I suspect that
>> I wouldn't be the only one with the issue.
>>    
> This sounds like you are using your own crafted stuff to provide the
> needs of your software stuff. Just like someone that would for instance
> compile his own version of Python from sources.

Why do you think this is uncommon? Doing shared hosting services isn't, and
if you don't use a good chrooted thing, you don't have security. I don't
need
to compile ANYTHING, I use plain Debian, and all packages that comes with
it. And I would like to keep things this way.

> Well, in such a case I
> see it as a will not to use the package manager, and thus your
> responsibility to do whatever is needed to fool it. This is usually done
> by creating fake empty packages, I guess.
>  

That's exactly what I would like to avoid!

>> Remember that a strong dependency is *forcing* users to install things,
>> and when, like here, it's going the wrong way for what one would do,
>> it's just *bad* (tm).
>>    
> No it is not. Using a package-based distribution that could take care of
> dependencies and not using that feature is, however.
>  

Then please explain to me how I can install let's say wordpress, in a
chroot (and
of course, without apache), without doing some hacks! Yes, wordpress is
FORCING
ME to install a web server package.

> That it would be a very bad thing to do. Most users want to install
> software so that it works without further questions.

Excuse my wording, but that's plain wrong (no aggressiveness intended).
These packages don't depend on a database server, so that's not the case.

> You are in a very
> specific, specialized case, so you should be able to deal with it.
>  

Plain simple: we can support ANY cases (by not depending on a web
server), or we can say that we only want to support SOME of them,
in which case we should also depend on a MySQL server. Otherwise,
there's absolutely no logic at all in what we are doing.

Also again, how hard is it to just do "apt-get install apache2"? Do
you *seriously* think that someone capable of installing a MySQL
server, a php web app, AND configuring the web server to run it,
can't do this? Again, remember that most apps will NOT setup the
virtualhost thing, as this is a task left to the administrator.

Also, if we have the web server dependency downgraded as a
Recommends:, then BY DEFAULT, it will be pulled. So what's the
big deal here?

Cheers,

Thomas


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/4F06C9C8.3050502@...

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Arno Töll-4
In reply to this post by Tanguy Ortolo-5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

On 06.01.2012 10:12, Tanguy Ortolo wrote:
> The database server used by a given piece of software can be installed
> on another system. The Web server cannot.

Actually it can. Many modern webservers, including one I am maintaining
support CGI offloading and load balancing [1].

However I'd yet disagree with Thomas. Yes, his scenario is feasible and
a perfect use case for equivs, but I do not think, we should generally
drop dependencies to web servers because of that.

I personally do not get, why we do need packages of web applications at
all, but apparently other people do. Yet I do think, users of such
packages expect us to setup a working instance, just like we do for
almost every other package. We just can't provide a scenario which fits
all and generally I think, people using advanced setups like chroots and
CGI offloading are expected to know how to workaround such problems then.


>> But since I would install these packages in the chroot template, I *do
>> not* want to install apache there. The result is that I can't install
>> popuplar packages like wordpress, gallery, phpbb3 and so on, unless I
>> rebuild them and remove the "apache2 | httpd" dependency. I suspect that
>> I wouldn't be the only one with the issue.

It has been said before: Provide a httpd-cgi and a httpd package in your
chroot, and all is good.

>> Remember that a strong dependency is *forcing* users to install things,
>> and when, like here, it's going the wrong way for what one would do,
>> it's just *bad* (tm).
>
> No it is not. Using a package-based distribution that could take care of
> dependencies and not using that feature is, however.

Agreed. My bottom line is, the overall benefit of depending on a web
server for a web apllication is higher than working in special case
scenarios we - as a distribution - do not support just because we can't.
That has already been said before, so this argument is a bit redundant.

>> So, my suggestion would be to actually *remove* the dependency to the
>> web server (and move it as a Recommends: if you see fit...). I would
>> strongly advocate for this as being written in our beloved policy.

Why would web applications be the only exception of the rule? I'm sure
there are many more special case scenarios where a weaker dependency
would be better, but the overall benefit is more valuable. In fact, we
do have "Depends" at all then? I'm sure there is a special use case for
almost every dependency where it would be better not to have it at all.


[1] http://redmine.lighttpd.net/wiki/lighttpd/Docs%3AModFastCGI

- --
with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPBtBCAAoJEMcrUe6dgPNt0DwQAMCeqP8dnYO+etDDhTDadln2
GwS55LsRhvL9J3oyQ4/adVPdEwTqJTqtkOibe9OknWymBVW30+bEZApT93XGnBhT
0mJga486QXRKHM2xiS1W5M8a7SegMKjU83gtSaetgs8hccWwjnnsZV7D/1XGYxam
qmwfg3H/Qk9gROdBjpnKNSO3YJK9CZzb4ZFZ9kF+VJDsh8T3k4ajX0mwlf2fws19
D495jrCZhNmDG0+F+k+3UvQfDO48xOw7aD6QJs2taHxGrD8zg6/J10/8m15aKjLV
u6GXfbXA3WVIxrSnvWyNWupGGjaF3dm7IaUncI0NpCRrFocFCu553PHBud5tofYB
wZYOC6fr5ZtfomX7jcD+LNWUBjcTAgTl6MHwHtIwCwsoxxC/duARqzdJBh1lBJUE
KX6SQQ/vVT5NO5wbwuNYb+4R77YxYwpxps0mzfuckJJZfzmn9Lm48B5uFjfqJA5u
inJL1+NVCdIjqlODSmQQPFJacAQ5mI0K7r8IaxckOnFm6V1fhJtyh50muTHnMcdT
B96MRDJi00tnd0iJMGxIrTwB2+ibWPnFy1ig9nLE69EVex/PrmJkvY9/h66NY1dO
Ht37Th5idbrFgBouCtGXVO+oyHzZUmqkvYguJ7ni3V2L/mII9yA5EUXDL5Tt5A/Q
ilIisPkeSRKsQVr/7PKb
=IL3m
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/4F06D042.9080800@...

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Stefano Zacchiroli
In reply to this post by Thomas Goirand-3
On Fri, Jan 06, 2012 at 06:15:36PM +0800, Thomas Goirand wrote:
> Then please explain to me how I can install let's say wordpress, in a
> chroot (and of course, without apache), without doing some hacks! Yes,
> wordpress is FORCING ME to install a web server package.

It has been mentioned to you in this thread already (by Neil): use
"equivs". Can you explain why equivs doesn't match your needs?

Yes, it is a hack, but there is always some sort of spectrum between a
clean solution and a hack, and you have to concede you're surely not in
the most common of the use cases. This discussion has the potential of
being useful, but before proposing to change hundreds of packages, you
need at the very least to explain why the current recommended solution
does not fulfill your needs.

Cheers.
--
Stefano Zacchiroli     zack@{upsilon.cc,pps.jussieu.fr,debian.org} . o .
Maître de conférences   ......   http://upsilon.cc/zack   ......   . . o
Debian Project Leader    .......   @zack on identi.ca   .......    o o o
« the first rule of tautology club is the first rule of tautology club »

signature.asc (845 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Olivier Bonvalet-6
In reply to this post by Thomas Goirand
Le 06/01/2012 08:56, Thomas Goirand a écrit :
>
> The issue is that most PHP packages in Debian have dependencies on web
> servers, most of the time with something like this:
>
> Depends: apache2 | httpd, libapache2-mod-php5 | php5-cgi
>

For info, web apps which are not in PHP like redmine which use Ruby doesn't depend of apache2 or any other http server.
So why should we depends of it for PHP apps only ?


$ LC_ALL=C apt-cache show redmine
Package: redmine
Version: 1.3.0+dfsg1-1
Installed-Size: 10522
Maintainer: Jérémy Lal <[hidden email]>
Architecture: all
Depends: ruby1.8, ruby-rails-2.3 (>= 2.3.14) | rails (>= 2.3.14), dbconfig-common, redmine-sqlite | redmine-mysql | redmine-pgsql, ruby-coderay, ruby-net-ldap, debconf (>= 0.5) | debconf-2.0
Pre-Depends: debconf
Suggests: libsvn-ruby (>= 1.3), ruby-rmagick, libopenid-ruby


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/4F06D5EB.3010701@...

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Roland Mas
In reply to this post by Thomas Goirand-3
Thomas Goirand, 2012-01-06 18:06:35 +0800 :

[...]

> That's what I don't get! I think using a remote MySQL is as uncommon
> as a chrooted CGI environment.

>From what I've seen of various clients' systems, it isn't.  The web
server is often isolated not in a chroot but in a separate host (whether
physical host, VM or LXC); and I've seen several cases of one
consolidated (and adequately-maintained) database server used remotedy
by many applications.

Roland.
--
Roland Mas

'ALL your base? No!! One tiny base continue bravely to resist.'
  -- <wiggy> in #debian-devel


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/87vcop1183.fsf@...

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Arno Töll-4
In reply to this post by Olivier Bonvalet-6
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06.01.2012 12:07, Olivier Bonvalet wrote:
> For info, web apps which are not in PHP like redmine which use Ruby
> doesn't depend of apache2 or any other http server.
> So why should we depends of it for PHP apps only ?

And as a third example: trac is written in Python but recommends
"apache2 | httpd" (albeit not depends).

We better consolidate dependencies of web applications instead of
picking examples for either arguments, as different people sadly solve
the same problem different here.


- --
with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPBuk5AAoJEMcrUe6dgPNt3XcP/1QOdZ0yRRJbmUYIWs+gW7BO
rT9F5ZrkQ4oiQqSXNgncABe+hIBncDSqxDM9DIEIeDjxTkzhuOZBn2hsAqTab7Yq
AIaefM5fH3bbU6G6UPszgzY+VqGHs9QK8Q7ScQMlXrwm/ldjBout3AAExiDmkrcZ
d8NwCEdg0ufE8C7h64C2SqhlsN4njuRdRcM4xgIkKyWMbIRG9hCzUCsDhT01sFMc
8VUimmqAkCBCZe9jpqC1hTJ62xSUuj3aLk3k0EQBp+VQUuWHNb0nDVkJpUYjdvuN
YuO3ANO427j6QVXx7LRcaWTbbQWJpoF8XOynyPWzcE5H//+kbBhZRpHVJaBNyd5k
5sZ9Van/n8iJ7dpgjDJ0vOZIFTkK7L3WX6R1xEak/0BSePGNwpBYW2++oCT8C65/
iC6QhLTB2+ubCOR8NpGzG4E2WYiApU9uKGsBUbgUICzUKCBb8Y91kDEc6URU0xZ3
XBv8+6Bkw06tgWYEE21w1GbNkXtLHPMqvmj/RpWu0HSzVTsyyCrJ1nDBec2IWOZo
5wIpiB+WNd1sHCGzI4e67HKTCmLEYYmSYcYw7Q/dq8DuOUswM1DIydXrk8637x8Y
8PJCQZqz3TozM5z1Ko4b3jge4mWC0d9f9gi43unmso01Eh1NiIS6r7WNKMM+EEu2
AFEvbJMu3to15R3CQ9JL
=atN+
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/4F06E939.3040707@...

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Thomas Goirand-3
In reply to this post by Olivier Bonvalet-6
On 01/06/2012 07:07 PM, Olivier Bonvalet wrote:

> Le 06/01/2012 08:56, Thomas Goirand a écrit :
>>
>> The issue is that most PHP packages in Debian have dependencies on web
>> servers, most of the time with something like this:
>>
>> Depends: apache2 | httpd, libapache2-mod-php5 | php5-cgi
>>
>
> For info, web apps which are not in PHP like redmine which use Ruby
> doesn't depend of apache2 or any other http server.
> So why should we depends of it for PHP apps only ?
Yeah, that's my point as well!

Also, with the dependency set like as above, if you remove
"apache2 | httpd", then apt / dpkg will pickup libapache2-mod-php5,
which depends on apache2 anyway, so apache will be installed
by default unless you explicitly install php5-cgi.

This is why I think the solution of moving apache2 | http as
a Recommends: is a good compromise.

Never mind, it seems there's more people against my idea
than some thinking it was a smart one, so I'll hack with equivs
(which I didn't know) and see how it goes.

Cheers,

Thomas


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/4F06ECCD.4070401@...

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Thomas Goirand-3
In reply to this post by Stefano Zacchiroli
On 01/06/2012 06:47 PM, Stefano Zacchiroli wrote:

> On Fri, Jan 06, 2012 at 06:15:36PM +0800, Thomas Goirand wrote:
>  
>> Then please explain to me how I can install let's say wordpress, in a
>> chroot (and of course, without apache), without doing some hacks! Yes,
>> wordpress is FORCING ME to install a web server package.
>>    
> It has been mentioned to you in this thread already (by Neil): use
> "equivs". Can you explain why equivs doesn't match your needs?
>
> Yes, it is a hack, but there is always some sort of spectrum between a
> clean solution and a hack, and you have to concede you're surely not in
> the most common of the use cases. This discussion has the potential of
> being useful, but before proposing to change hundreds of packages, you
> need at the very least to explain why the current recommended solution
> does not fulfill your needs.
>
> Cheers.
>  

Hi,

I will give that a try, thanks for the tip.

Thomas


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/4F06EDE9.5070703@...

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Milan P. Stanic-3
In reply to this post by Thomas Goirand-3
On Fri, 2012-01-06 at 20:45, Thomas Goirand wrote:
[...]
> This is why I think the solution of moving apache2 | http as
> a Recommends: is a good compromise.
>
> Never mind, it seems there's more people against my idea
> than some thinking it was a smart one, so I'll hack with equivs
> (which I didn't know) and see how it goes.

You can't be sure ;-)
Maybe we just tired to repeat our arguments against 'Debian dependency
hell', as I call it.

I just do what you do: rebuild application without unneeded dependencies
and live with the idea that Debian must be usable for everyone in the
world (which is impossible, IMHO) but that's the life.

--
Kind regards,  Milan


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/20120106134615.GB12062@...

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Mathieu Parent
In reply to this post by Olivier Bonvalet-6
2012/1/6 Olivier Bonvalet <[hidden email]>:
> Le 06/01/2012 08:56, Thomas Goirand a écrit :
>
> For info, web apps which are not in PHP like redmine which use Ruby doesn't
> depend of apache2 or any other http server.
> So why should we depends of it for PHP apps only ?

Because ruby has an embedded web server (webrick), so it doesn't
require one (but it is better for performance and more).

Regards

--
Mathieu Parent


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/CAFX5sbwLLb7znfJQ30Q2q+ZTHL9A7FTBdC6nFJ_uSSMy7e�A@...

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Jérémy Lal
On 06/01/2012 15:19, Mathieu Parent wrote:
> 2012/1/6 Olivier Bonvalet <[hidden email]>:
>> Le 06/01/2012 08:56, Thomas Goirand a écrit :
>>
>> For info, web apps which are not in PHP like redmine which use Ruby doesn't
>> depend of apache2 or any other http server.
>> So why should we depends of it for PHP apps only ?
>
> Because ruby has an embedded web server (webrick), so it doesn't
> require one (but it is better for performance and more).

Right, and there have been several discussions concerning webapps :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627213
http://lists.debian.org/debian-webapps/2010/05/msg00001.html

Also consider continuing this dicussion to
[hidden email]
?

Jérémy.


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/4F0706A8.80208@...

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Jonathan Dowland
In reply to this post by Miroslav Suchý-2
On Fri, Jan 06, 2012 at 10:12:15AM +0100, Miroslav Suchy wrote:
> >Depends: apache2 | httpd, libapache2-mod-php5 | php5-cgi
>
> I would not say that your chroot setup is typical. Or common.  I would
> suggest creating your own empty apache2 package with version 9999, which you
> will install in this chrooted environment.

^^ a unique package name that provides: httpd would be safer in the above specific case.


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/20120106153854.GA11343@pris

Reply | Threaded
Open this post in threaded view
|

Re: Removing web server dependencies from web apps

Tollef Fog Heen
In reply to this post by Thomas Goirand-3
]] Thomas Goirand

> On 01/06/2012 04:34 PM, Neil Williams wrote:
> > It depends which is more common
>
> I don't see why we would steer on the direction of the most common
> thing only. What we want is something that works all the time, no?
> If we remote the web server dependency, it works all the time.

No, it then breaks if you don't install the package by hand.

> Don't you think that someone who can setup a PHP app, also knows
> that it will need apache, and that apt-get install apache2 is quite an
> easy thing to do?

That argument can be taken ad absurbum quite easily.  Don't you know
that ssh requires libssl0.9.8g?  Everybody knows that, you should just
grab it by hand.

> > How many of these packages do clever things upon installation like
> > setup their own virtual hosts or similar?
>
> None, because that's forbidden by the Debian policy.

Where is that forbidden?

If the problem is the full overhead of apache2, just install mini-httpd
or monkey or similar and then disable them.  They weigh in at a few
hundred k each, so shouldn't be a problem for you.  Or just use equivs
as other people have suggested.

--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/87mxa0eqoz.fsf@...

123