[SRU] Naxsi package lacking Stub Status

Status changed to 'Confirmed' because the bug affects multiple users.

I'm setting this as "Incomplete" because this needs further research.

According to the wiki page (which by the way is INCOMPLETE and UNDER CONSTRUCTION), the version of the software that *has* that software is in squeeze-backports and is 1.2.1-2, not 1.1.19-1, which is in Ubuntu and was in Debian when it was synced to Ubuntu.

I'm poking Debian upstream to see when the Stub Status module was included, but unless you're seeing information related to 1.1.19, we can't utilize the Debian wiki page for a basis of a "Missing Module" in 1.1.19 in Ubuntu.

Well looking at Debian package page (http://packages.debian.org/wheezy/nginx-naxsi) regarding the first version available (1.2.1-2), it is providing Stub Status.

Maybe it can help?

This is why we don't explicitly trust Wikis or Debian.

Let me clarify the issue: The issue isn't what the Debian wiki says. The issue is the 1.1.19 package and what was actually in it.

If 1.1.19 in Debian never had Stub Status, and Debian never intended Stub Status in 1.1.19 then this is an Invalid bug because your research only shows what's in 1.2.1 which isn't going to be included in Precise as Precise is pretty much version fixed to 1.1.19.

If Debian included the stub status code in 1.1.19 and never activated it, that's an easy SRU to fix the issue if it was intended for inclusion but oversight caused it to not be included. But if what I said before this is true, and 1.1.19 never actually had Stub Status and never was supposed to in Debian, then to add the module would require some thorough discussion with the MOTUs to try and get an "Add additional features" patch into Precise without backports, and for that I'd need to know more about why Stub Status is needed, what it does, why it's necessary, etc.

Data on 1.2.1 won't help, ever, as 1.1.19 is what Precise will have from now until it's EOL (excluding backports). We need data about 1.1.19 which I will find tomorrow when I dissect 1.1.19 that was in Debian..

Further clarification: When I say Debian in my prior comments, I mean the Debian maintainers of the nginx package.

Thanks for your answer, I fully get your point!

Then, in case 1.1.9 never had such module, I'd support for having it in Ubuntu. Additionnal features it adds are rather limited and harmless. The main purpose of this module (which has to explicitly be activated through config file) is to provide data about the server (memory pool, number of connections, and so on). Basically, it can be easily interfaced with Munin plugins to provide an overview of the server.
The main purpose of such module is not really providing more features to the end user/web devs, it's just about monitoring.

If you think this could make discussions with the MOTUs eaiser...

I can provide you even more data about its output or its configuration if needed.

The stub status module's code is indeed in 1.1.19-1, however it appears it was just not activated.

Since the code was included but not activated, apparently as either oversight or because of them not activating, I'm going to have to discuss with MOTU whether they'll approve turning on that module during compilation.

There is currently a package in the precise-proposed queue that I want to get through first, before I work on this, though.

As far as I can tell, according to research obtained from Debian packages, 1.2.1-1 and later all have stub status enabled in the nginx-naxsi package.

Quantal (12.10) and later all have versions 1.2.1-1 and later. This only affects Precise, so I am marking this "Fix Released" against the global "nginx (Ubuntu)" umbrella. Any fixes for this will be handled in the Precise series only.

Any potential ETA regarding the fix for Precise?

Pie

Ignore that last post, my browser failed.

Can someone provide testing procedures to test and see whether this is fixed? I also need this for an SRU "test case" if I do actually try and get this fixed.

Dunno what kind of test case you want, but basically try to start nginx with this in your config:
server {
        listen 127.0.0.1;
        server_name localhost;
        location /nginx_status {
            stub_status on;
            access_log off;
            allow 127.0.0.1;
            deny all;
        }
}

If it refuses to start due to stub_status line, then it's not fixed. Otherwise, it will just start.

The attached debdiff contains a fix which will enable the building of the stub status module that is included in the nginx source code. The module is listed as being in the nginx-naxsi package (see debian/control), however it is not actually enabled.

Hi Thomas,

On the surface, changing the build to enable an additional module isn't really a "minimal" patch. The patch to our packaging may itself be minimal, but it has the side effect of adding potentially substantially more code to the finally built product. Loading additional modules could in general cause side effects in terms of the behaviours in other modules (in general because I don't have any nginx-specific knowledge here).

I'd like some review from another uploader, or further analysis of the regression risk from someone more familiar with the code, before sponsoring this.

Sarah Novotny happens to be sitting next to me, so I've just asked her if she could perhaps get an assessment from an upstream developer.

PS. thanks for the debdiff, Thomas! Hopefully we'll be able to get this in.

Robie,

On the one hand, I agree with you, enabling a new feature is maybe not the best idea for an SRU.

On the other hand, the 'stub status' module was already listed in the debian/control package description but not actually enabled. That suggests it was supposed to be enabled but someone failed to do so.

I'll wait for other uploaders' input though. If this is not approved for a feature addition then I have a separate debdiff to remove stub status from the control file description.

Hi Robie and Thomas,

the team says that we also build our .deb packages with the 'stub status' module enabled. we don't expect any issues with regressions after enabling the module for ubuntu.

Uploaded; now awaiting review from the SRU team. Thanks all!

Hello Pierre, or anyone else affected,

Accepted nginx into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/nginx/1.1.19-1ubuntu0.6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hi,

Deployed with success on our infrastructure. Everything is working fine.
Munin is properly reading status. Web server is properly serving data.

Thanks!

Retagged with verification-done because of Pierre's tests showing this fixes the bug.

This bug was fixed in the package nginx - 1.1.19-1ubuntu0.6

---------------
nginx (1.1.19-1ubuntu0.6) precise-proposed; urgency=low

  * Enable building of the http_stub_status_module in nginx-naxsi, which was
    apparently not marked for compiling even though it's listed in the package
    description. (LP: #1170586)
 -- Thomas Ward <email address hidden> Fri, 31 Jan 2014 11:02:23 -0500

The verification of the Stable Release Update for nginx has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.