Control: retitle -1 libapache2-mod-gnutls: apache will not start if mod_authnz_ldap is loaded before mod_gnutls
On Fri 2014-03-14 12:29:35 -0400, Clint Adams wrote:
> On Thu, Mar 13, 2014 at 10:53:31PM -0400, Daniel Kahn Gillmor wrote:
>> I'm not able to replicate this:
>
> Sorry, authnz_ldap also needs to be loaded.
indeed:
root@sid:~# a2enmod authnz_ldap
Considering dependency ldap for authnz_ldap:
Enabling module ldap.
Enabling module authnz_ldap.
To activate the new configuration, you need to run:
service apache2 restart
root@sid:~# service apache2 restart
[FAIL] Restarting web server: apache2 failed!
[warn] The apache2 configtest failed. ... (warning).
Output of config test was:
[Fri Mar 14 14:46:41.352172 2014] [:emerg] [pid 2813:tid 3074697024]
gnutls_check_version() failed. Required: gnutls-3.2.11 Found: gnutls-2.12.23
AH00013: Pre-configuration failed
Action 'configtest' failed.
The Apache error log may have more information.
root@sid:~#
however, if i sneakily rearrange the order of module loading, apache at
least can start up:
root@sid:~# mv /etc/apache2/mods-enabled/{,zz.}authnz_ldap.load
root@sid:~# service apache2 restart
[ ok ] Restarting web server: apache2.
root@sid:~#
(this breaks "a2dismod authnz_ldap", of course)
(i note that mod_ldap.so also links to libgnutls26.so, but doesn't
trigger the problem because ldap.load sorts lexicographically after
gnutls.load)
So, should we go ahead and have the same conversation about
libgnutls28-dev vs libgnutls-dev with the ldap folks? or should we ask
the apache folks about sorting modules differently? or should we nudge
the gmp folks to release a new version sooner rather than later? or all
of the above?
in a twisty maze of licenses, in danger of being eaten by a grue,
--dkg
pgpKWvHqHQpF9.pgp
Description: PGP signature
