Hello, Seems the www/rubygem-passenger package is missing the inclusion of passenger_native_support.so. As a result it will try to download it from the internet(!) which is a grave security concern: App 94175 stderr: [passenger_native_support.so] finding downloads for the current Ruby interpreter... App 94175 stderr: App 94175 stderr: (set PASSENGER_DOWNLOAD_NATIVE_SUPPORT_BINARY=0 to disable) App 94175 stderr: App 94175 stderr: Could not download https://oss-binaries.phusionpassenger.com/binaries/passenger/by_release/5.2.1/rubyext-ruby-2.4.4-x86_64-freebsd.tar.gz: no download tool found (curl or wget required) App 94175 stderr: Trying next mirror... App 94175 stderr: Could not download https://s3.amazonaws.com/phusion-passenger/binaries/passenger/by_release/5.2.1/rubyext-ruby-2.4.4-x86_64-freebsd.tar.gz: no download tool found (curl or wget required) App 94175 stderr: [passenger_native_support.so] will not be used (can't compile or download) App 94175 stderr: App 94175 stderr: --> Passenger will still operate normally. If someone happens to have wget or curl on their system they may not be seeing this issue as the download could be working, but it is unclear how the download is validated and if it is strict about requiring a trusted certificate authority.
Hi Mark, thanks for the report. I've just tried to reproduce the issue, so I built and installed www/rubygem-passenger port with nginx flavor, found the shared object in place: % ls -la /usr/local/lib/ruby/gems/2.4/gems/passenger/buildout/ruby/ruby-2.4.4-x86_64-freebsd/passenger_native_support.so -rw-r--r-- 1 root wheel 17616 8 мая 20:18 /usr/local/lib/ruby/gems/2.4/gems/passenger/buildout/ruby/ruby-2.4.4-x86_64-freebsd/passenger_native_support.so Could you provide more details how can I reproduce the issue. Thanks.
I've just built and installed the port with default apache flavor, everything looks fine as well: % ls -la /usr/local/lib/ruby/gems/2.4/gems/passenger/buildout/ruby/ruby-2.4.4-x86_64-freebsd/passenger_native_support.so -rw-r--r-- 1 root wheel 17616 8 мая 20:29 /usr/local/lib/ruby/gems/2.4/gems/passenger/buildout/ruby/ruby-2.4.4-x86_64-freebsd/passenger_native_support.so Any glue?
Note the 2.4.3 in Mark's post and the 2.4.4 mentioned in the tests above.
I looked at the plist for the port and forgot to check if it was a rubygem which would additionally have its own automatic plist. > pkg info -l rubygem-passenger-apache | grep passenger_native_support.so /usr/local/lib/ruby/gems/2.4/gems/passenger-5.2.1/buildout/ruby/ruby-2.4.3-x86_64-freebsd/passenger_native_support.so hmm so now I wonder why this is refusing to be used. Is the /buildout/ directory the right place for this file? Have you ever seen this error? I will check packages for other OSes to see if they differ.
Here is the layout of the debian package. It has the library in a different place: /usr/lib/x86_64-linux-gnu/ruby/vendor_ruby/2.1.0/passenger_native_support.so https://packages.debian.org/jessie/amd64/ruby-passenger/filelist I think packaging the contents of the buildout directory is a mistake. Those files are not meant to be in the package, and the passenger_native_support.so library is not in a location that Ruby/Passenger will find.
I wonder if we should be doing something closer to the way Gentoo is handling the packaging of Passenger? They seem to be able to avoid any custom installation of files/directories. It seems you can make rake do all the work for you. https://github.com/gentoo/gentoo/blob/f96acfec9b38eb6fc822d42cd5fe820adbcfd676/www-apache/passenger/passenger-5.2.3.ebuild I'll keep investigating...
Ok, I think the Gentoo way is the right way to handle this. Here's the crux of the solution: https://github.com/gentoo/gentoo/blob/f96acfec9b38eb6fc822d42cd5fe820adbcfd676/www-apache/passenger/files/passenger-5.1.11-gentoo.patch Patch fakeroot similar to how they do it here, but make it point to STAGEDIR. Then we run do-build with "${RUBY} -S rake fakeroot" and it will build and install all of the files into the right locations. You end up with a layout like this, but we will have fakeroot be STAGEDIR: root@111R-dev:/wrkdirs/usr/ports/www/rubygem-passenger/work-apache/passenger-5.2.3/pkg/fakeroot # find . -name passenger_native_support.so ./usr/lib/ruby/2.4/amd64-freebsd11/passenger_native_support.so This looks correct and matching other platforms. Of course we need to make sure it's doing this into /usr/local, but that should be trivial. This should simplify post-install. Sergey I'm not an expert on ruby/passenger, so please let me know if I'm overlooking anything.
Created attachment 193223 [details] ruby-passenger rework This is my suggested change to the port. - Don't use the gem as the distfile; ignore this being a gem completely. This is how it is handled on Debian/RHEL/Gentoo - Build similar to how Gentoo does it - Install the Apache module correctly into the Apache module dir - Automate the pkg-plist - Rename the port/package to ruby-passenger instead of rubygem-passenger This produces a result that seems more consistent with other projects packaging. I still need to do some runtime tests with this.
Created attachment 193244 [details] ruby-passenger rework Patch in last comment was missing a new file
Hi Mark, looks good for me. I'm not totally sure about new `ruby-passenger' name for the port. Probably I missied something, so you can guide me. My question here is do we have a naming convention to use `ruby-' prefix for such ports? Can we use just `passenger' name for the port? Thanks.
I will be testing this at work with the system which first highlighted the problem. This might take a few days, depending on the folks using said server.
(In reply to Sergey A. Osokin from comment #10) I don't have a strong opinion here. "passenger" would be fine as well.
I am having problems with the binary package. This is on FreeBSD 12.0/ruby2.4.5/nginx1.14.2/passenger6.0.0 (quarterly branch) I keep getting "ngx_modules" failed (Undefined symbol "ngx_modules") in /usr/local/etc/nginx/nginx.conf:20 The module is properly pointed to in the nginx.conf load_module /usr/local/lib/ruby/gems/2.4/gems/passenger-6.0.0/builout/ruby/ruby-2.4.5-x86_64-freebsd/passenger_native_support.so; However when I build the module from the port everything works fine. However, then the module is locate here: /usr/local/libexec/nginx/ngx_passenger.so First of all, there still seems to be a bug in the rubygem-passenger-nginx package. Second, why do the file locations for the binaries vary between binary package and port?
I just ran into the same problem. Did you find a solution?
(In reply to Sergey A. Osokin from comment #10) We do have a history of naming ports with a "ruby-" prefix when they are not rubygem- based. This is the list I see currently: audio/ruby-smf audio/ruby-taglib biology/ruby-bio databases/ruby-bdb databases/ruby-gdbm databases/ruby-odbc databases/ruby-qdbm databases/ruby-tokyocabinet databases/ruby-xapian devel/ruby-bsearch devel/ruby-build devel/ruby-gems devel/ruby-rbprof devel/ruby-sdl devel/ruby-setup.rb devel/ruby-subversion graphics/ruby-gd japanese/ruby-romkan japanese/ruby-uconv security/ruby-camellia textproc/ruby-escape textproc/ruby-format textproc/ruby-htree textproc/ruby-rd-mode.el textproc/ruby-rdtool textproc/ruby-rttool textproc/ruby-xmlparser So, I think having ruby-passenger-apache and ruby-passenger-nginx packages would be fine.
I reproduced the problem with version 6.0.2: # service nginx configtest Performing sanity check on nginx configuration: nginx: [emerg] dlsym() "/usr/local/lib/ruby/gems/2.4/gems/passenger-6.0.2/buildout/ruby/ruby-2.4.5-x86_64-freebsd/passenger_native_support.so", "ngx_modules" failed (Undefined symbol "ngx_modules") in /usr/local/etc/nginx/nginx.conf:4 nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed
(In reply to Dan Langille from comment #11) I can confirm this works for use on Apache 2.4 on FreeBSD 11.2: LoadModule passenger_module /usr/local/libexec/apache24/mod_passenger.so Previously, we had to use this, which needed to be updated with newer releases: LoadModule passenger_module /usr/local/lib/ruby/gems/2.5/gems/passenger-6.0.0/buildout/apache2/mod_passenger.so My nextgoal, can we get a static link for PassengerRoot: PassengerRoot /usr/local/lib/ruby/gems/2.5/gems/passenger-6.0.0/ Again, with the goal of not having to update the Apache configuration with each new release.
(In reply to Jan Bramkamp from comment #14) Nope, sorry.
(In reply to Michael Kastner from comment #13) I am facing the same issues.
I know the static link is still an issue for us with each upgrade.
Hello, could you please upgrade to the recent version to make sure this is still an issue. Thank you.
(In reply to Sergey A. Osokin from comment #21) thanks for getting back to me on the module issue. Unfortunately I am currently busy with a project, but I will try to give you a qualified response ASAP. I might take a few days though. I am using in Passenger on FreeBSD a lot and on critical web sites. Thus I'd be really glad, if this issue was solved. Please allow for a few days of delay, so I can check on this.
Hi, could you please provide an update. Thank you.
(In reply to Sergey A. Osokin from comment #23) I'm sure this wasn't directed at me, however, I can check this in early January.
I'm sorry this went unanswered. www/rubygem-passenger does not build at present. Once 276201 is resolved, I will try again. Thank you.