[Bug 1867150] Re: FFe: nginx: demote bin:libnginx-mod-http-geoip

Andreas Hasenack andreas at canonical.com
Thu Mar 12 13:41:38 UTC 2020


debdiff for nginx with the proposed change. The changelog shall be
updated to contain a reference to this bug.

** Patch added: "nginx-nogeoip.debdiff"
   https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1867150/+attachment/5336128/+files/nginx-nogeoip.debdiff

** Description changed:

  In MIR bug #1861101 we want to bring into main the geoip2 library
  src:libmaxminedb. The MIR team agreed to that with some conditions, one
  of which is to demote the geoip1 legacy version of the library
  (src:geoip) in order to not have both in main. bin:libnginx-mod-http-
  geoip is one of the reverse-dependencies of bin:libgeoip1.
  
  The main reason behind the src:libmaxminddb MIR is that bind9 9.16.x no
  longer uses the legacy geoip1 library, and has switched to the supported
  geoip2 one (src:libmaxminddb). Without this change, bind9 will lose the
  geoip features in focal. But it's also an opportunity to switch away
  from the legacy geoip1 library.
  
  For the nginx case, bin:libnginx-mod-http-geoip is pulled in via bin
  :nginx-core which is in main, and bin:nginx-extras and bin:nginx-full
  which are in universe already.
  
  The original plan was to just replace the dependency on libnginx-mod-
  http-geoip in bin:nginx-core with libnginx-mod-http-geoip2, but that
  can't happen immediately because the source code for libnginx-mod-http-
  geoip2 does not come from nginx itself[1][2], and thus is not subject to
  the MIR that brought nginx into main a while ago. We can't pull bin
  :libnginx-mod-http-geoip2 into main without another MIR for just that
  module, which will require a security review. I will file an MIR for
  that anyway, but we expect the security review to not get done in time
  for focal.
  
  We then changed the plan to just demote bin:libnginx-mod-http-geoip to
  universe. This will allow src:geoip (the geoip1 legacy library) to be
  demoted, and the MIR team has agreed to that plan[3].
  
  This means that bin:nginx-core will no longer have a dependency on any
  nginx geoip modules, legacy or otherwise, and thus represents a feature
  change.
  
  I added a release notes task to the MIR bug #1861101 and the following
  scenarios about this change come to mind:
  
  a) Since bin:nginx-core dropped the dependency on bin:libnginx-mod-http-
  geoip, if someone got it by installing bin:nginx-core, an "apt
  autoremove" might suggest that bin:libnginx-mod-http-geoip can be
  removed. If this happens, and there are still geoip configuration
  directives somewhere in /etc/nginx/**, nginx will fail to restart. Note
  that this would also happen had we replaced bin:libnginx-mod-http-geoip
  with bin:libnginx-mod-http-geoip2, as the configuration directives are
  different
  
  b) If someone has just main enabled in < focal, with bin:nginx-core and
  bin:libnginx-mod-http-geoip installed, and release upgrades to focal,
  libnginx-mod-http-geoip won't be upgraded because it's in
  focal/universe.
  
+ Attached is the proposed change to nginx, from
+ https://bugs.launchpad.net/ubuntu/+source/libmaxminddb/+bug/1861101/comments/14
  
- Attached is the proposed change to nginx, from https://bugs.launchpad.net/ubuntu/+source/libmaxminddb/+bug/1861101/comments/14
+ PPA with a test build, together with bind9 already linking with
+ libmaxminddb:
+ 
+ https://launchpad.net/~ahasenack/+archive/ubuntu/bind9-geoip
+ 
  
  
  1. https://bugs.launchpad.net/ubuntu/+source/libmaxminddb/+bug/1861101/comments/10
  2. https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1825895
  3. https://bugs.launchpad.net/ubuntu/+source/libmaxminddb/+bug/1861101/comments/18

-- 
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1867150

Title:
  FFe: nginx: demote bin:libnginx-mod-http-geoip

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1867150/+subscriptions



More information about the Ubuntu-server-bugs mailing list