Forum OpenACS Q&A: Re: Help with openacs installing

Collapse
Posted by Lester Temmink on
aolserver4.tcl

array set debian_config {
HOSTNAME localhost
ADDRESS 10.10.10.23
HTTP_PORT 8000
HTTPS_PORT 443
}

/openacs/config.tcl

set database postgres

set db_name openacs

if { $database eq "oracle" } {
set db_password "*****"
} else {
## Debconf changes (DO NOT EDIT BYHAND) ##
set db_host localhost
set db_password "*****"
set db_port "5432"
set db_user www-data

openacs.sh

AOL_USER=www-data
AOL_GROUP=www-data
AOL_ADDRESS=10.10.10.23
AOL_PORT=8000
RUN_DAEMON=no

Everything is set on port 8000, but when i restart aolserver4 (service aolserver4 restart) i still get:

[13/Aug/2013:11:59:54][1987.18446744072190662400][-main-] Notice: prebind: bound: 127.0.0.1:80

Collapse
Posted by Lester Temmink on
set server "openacs"
set servername "localhost"

set serverroot "/usr/share/openacs"
set pidfile /var/run/aolserver4/${server}.pid

Collapse
Posted by Gustaf Neumann on
you wrote "service aolserver4 restart". i have no ubuntu, but maybe ubuntu provides you with the option to run aolserver without openacs, and calls the service "aolserver4". Try:

service aolserver4 stop
service openacs start

Collapse
Posted by Lester Temmink on
Already tried this to, which OS is most suitable for openacs.
Collapse
Posted by Gustaf Neumann on
"already tried" does not help. When you do a

service openacs start

What you get in the error.log?

Collapse
Posted by Lester Temmink on
Service openacs start doenst work with me?
I use /etc/service/openacs/run

[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: nsmain: AOLserver/4.5.1 starting
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: nsmain: security info: uid=33, euid=33, gid=33, egid=33
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: nsmain: max files: FD_SETSIZE = 1024, rl_cur = 4096, rl_max = 4096
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Warning: nsmain: rl_max > FD_SETSIZE
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Error: pidfile: failed to open pid file '/var/run/aolserver4/openacs.pid': 'No such file or directory'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: encoding: loaded: utf-8
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: fastpath[openacs]: mapped GET /
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: fastpath[openacs]: mapped HEAD /
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: fastpath[openacs]: mapped POST /
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: adp[openacs]: mapped GET /*.adp
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: adp[openacs]: mapped HEAD /*.adp
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: adp[openacs]: mapped POST /*.adp
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: modload: loading '/usr/lib/aolserver4/bin/nssock.so'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: modload: loading '/usr/lib/aolserver4/bin/nslog.so'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: nslog: opened '/usr/share/openacs/log/openacs.log'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: modload: loading '/usr/lib/aolserver4/bin/nssha1.so'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: modload: loading '/usr/lib/aolserver4/bin/nsdb.so'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: modload: loading '/usr/lib/aolserver4/bin/nspostgres.so'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Warning: modload: could not find Ns_DbDriverInit in /usr/lib/aolserver4/bin/nspostgres.so
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Error: dbdrv: failed to load driver 'postgres'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Error: dbinit: no such default pool 'pool1'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: modload: loading '/usr/lib/tcltk/thread2.6.6/libthread2.6.6-aolserver.so'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: conf: [ns/server/openacs]enabletclpages = 0
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: default thread pool: minthreads 5 maxthreads 10 idle 0 current 0 maxconns 100 queued 0 timeout 120 spread 20
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: XOTcl version 1.6.7 loaded
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: Loading OpenACS, rooted at /usr/share/openacs
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: Sourcing /usr/share/openacs/packages/acs-bootstrap-installer/bootstrap.tcl
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: Bootstrap: sourcing /usr/share/openacs/packages/acs-bootstrap-installer/tcl/00-proc-procs.tcl
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: Bootstrap: sourcing /usr/share/openacs/packages/acs-bootstrap-installer/tcl/10-utilities-procs.tcl
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: Bootstrap: sourcing /usr/share/openacs/packages/acs-bootstrap-installer/tcl/20-db-bootstrap-procs.tcl
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: Bootstrap: sourcing /usr/share/openacs/packages/acs-bootstrap-installer/tcl/30-apm-load-procs.tcl
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: Bootstrap: sourcing /usr/share/openacs/packages/acs-bootstrap-installer/tcl/40-db-query-dispatcher-procs.tcl
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: Database API: Default database (dbn) is: 'default'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: Database API: Using ALL database pools for OpenACS.
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: Database API: The following pools are available for OpenACS:
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Error: Database API: RDBMS type could not be determined for any pool.
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: Bootstrap: Loading acs-tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/00-database-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/10-charset-compat-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/30-xml-utils-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/acs-kernel-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/acs-permissions-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/acs-private-data-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/ad-functional-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/admin-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/adp-parser-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/aolserver-3-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/apm-file-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/apm-install-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/apm-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/apm-xml-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/application-data-link-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/application-link-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/callback-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/community-core-2-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/community-core-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/defs-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/deprecated-utilities-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/document-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/ds-stub-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/exception-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/form-processing-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/html-email-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/http-auth-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/image-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/install-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/membership-rel-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/memoize-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/navigation-callback-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/navigation-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/object-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/object-type-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/openacs-kernel-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/parameter-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/pdf-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/proxy-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/request-processor-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/rollout-email-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/security-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/server-cluster-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/set-operation-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/site-node-apm-integration-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/site-node-object-map-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/site-nodes-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/sql-statement-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/stack-trace-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/table-display-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/tcl-documentation-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/tdom-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/text-html-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/user-extensions-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/util-diff-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/utilities-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/whos-online-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/widgets-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/xml-0-sgml-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/xml-1-dom-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Loading acs-tcl/tcl/xml-2-procs.tcl
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Error: Bootstrap: RDBMS type could not be determined for any pool.
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Bootstrap: database problem found; Sourcing the installer.
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Sourcing files for postload...
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Done.
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: Executing initialization code blocks...
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: nsmain: AOLserver/4.5.1 running
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: nsmain: security info: uid=33, euid=33, gid=33, egid=33
[13/Aug/2013:12:13:03][2156.18446744071657826048][-sched-] Notice: sched: starting
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Notice: driver: starting: nssock
[13/Aug/2013:12:13:03][2156.2130671360][-nssock:driver-] Notice: starting
[13/Aug/2013:12:13:03][2156.2130671360][-nssock:driver-] Error: nssock: failed to listen on 10.10.10.23:8000: Address already in use
[13/Aug/2013:12:13:03][2156.2130671360][-nssock:driver-] Notice: exiting
[13/Aug/2013:12:13:03][2156.18446744071707723520][-main-] Fatal: could not start drivers

Collapse
Posted by Gustaf Neumann on
That's quite useful and shows the real problem:

could not find Ns_DbDriverInit in /usr/lib/aolserver4/bin/nspostgres.so

...
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: nslog: opened '/usr/share/openacs/log/openacs.log'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: modload: loading '/usr/lib/aolserver4/bin/nssha1.so'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: modload: loading '/usr/lib/aolserver4/bin/nsdb.so'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: modload: loading '/usr/lib/aolserver4/bin/nspostgres.so'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Warning: modload: could not find Ns_DbDriverInit in /usr/lib/aolserver4/bin/nspostgres.so
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Error: dbdrv: failed to load driver 'postgres'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Error: dbinit: no such default pool 'pool1'
[13/Aug/2013:12:13:02][2156.18446744071707723520][-main-] Notice: modload: loading '/usr/lib/tcltk/thread2.6.6/libthread2.6.6-aolserver.so'

This is apparently the the bug from https://bugs.launchpad.net/ubuntu/+source/aolserver4-nspostgres/+bug/1182817
which is not fixed yet.

Options:
- use an earlier version of ubuntu
apparently, one can use these .so files from lucid:
https://bugs.launchpad.net/ubuntu/+source/openacs/+bug/1204497
- compile aolserver+modules yourself

Collapse
Posted by Lester Temmink on
Thanks for helping me with this problem.
Id rather not use an earlier version of ubuntu, is there another stable OS which is suitable with OpenACS?
Collapse
Posted by Gustaf Neumann on
Well, i got access to a machine running ubuntu 12.04, installed OpenACS via apt-get, and got similar problems (strangely one more including missing symbol in aolserver4-nssha1, that juri has reported earlier).

The situation is bad, but not hopeless. One can relatively easy fix the problem with the debian/ubuntu packages by (1) obtaining the pkg sources and (2) adding the missing compile flag to the CGLAGS and (3) regenerate the package and install it.

In detail, you need the following steps (assuming an 64bit installation)

  cd /usr/local/src
  sudo bash

  apt-get source aolserver4-nssha1
  apt-get build-dep aolserver4-nssha1
  cd aolserver4-nssha1-0.1/
  # edit debian/Makefile.debian
    -------------------------- Change 
    CFLAGS   =  -DACS
    -------------------------- TO
    CFLAGS   =  -DACS -Wl,--no-as-needed
    --------------------------
  dpkg-buildpackage -rfakeroot -uc -b
  cd ..
  dpkg -i aolserver4-nssha1_0.1-3build1_amd64.deb


  apt-get source aolserver4-nspostgres
  apt-get build-dep aolserver4-nspostgres
  cd aolserver4-nspostgres-4.5/
  # edit debian/Makefile.debian
    -------------------------- Change 
    CFLAGS   += -DBIND_EMULATION -I$(PGINC)
    -------------------------- TO
    CFLAGS   += -DBIND_EMULATION -I$(PGINC) -Wl,--no-as-needed
    --------------------------
  dpkg-buildpackage -rfakeroot -uc -b
  cd ..
  dpkg -i aolserver4-nspostgres_4.5-3build1_amd64.deb

  service aolserver4 stop
  service aolserver4 start 
after the "service aolserver4 start", openacs starts correctly.

All the best
-gustaf neumann

Collapse
Posted by Gustaf Neumann on
Small update. The same problem exists in 13.04 "Raring Ringtail" as well, and the same correction measures help there as well.

Just in case, the following packages are needed to perform the update:

apt-get install dpkg-dev
apt-get install debhelper
apt-get install aolserver4-dev 
All the best
-gustaf neumann
Collapse
Posted by Lester Temmink on
When: dpkg-buildpackage -rfakeroot -uc -b

root@ubuntu:/usr/local/src/aolserver4-nssha1-0.1/debian# dpkg-buildpackage -rfak eroot -uc -b
dpkg-buildpackage: warning: using a gain-root-command while being root
dpkg-buildpackage: export CFLAGS from dpkg-buildflags (origin: vendor): -g -O2 - fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security
dpkg-buildpackage: export CPPFLAGS from dpkg-buildflags (origin: vendor): -D_FOR TIFY_SOURCE=2
dpkg-buildpackage: export CXXFLAGS from dpkg-buildflags (origin: vendor): -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security
dpkg-buildpackage: export FFLAGS from dpkg-buildflags (origin: vendor): -g -O2
dpkg-buildpackage: export LDFLAGS from dpkg-buildflags (origin: vendor): -Wl,-Bs ymbolic-functions -Wl,-z,relro
tail: cannot open `debian/changelog' for reading: No such file or directory
dpkg-buildpackage: error: tail of debian/changelog gave error exit status 1

Collapse
Posted by Gustaf Neumann on
You have to execute "dpkg-buildpackage" from the package source directory, not from the debian subdirectory.
Collapse
Posted by Jim Lynch on
What Gustaf said.

You were in /usr/local/src/aolserver4-nssha1-0.1/debian when you ran the buildpackage command, you need to be one dir out, so instead in /usr/local/src/aolserver4-nssha1-0.1

-Jim

Collapse
Posted by Lester Temmink on
Sorry, stupid mistake. Will try this and let you know.
Collapse
Posted by Lester Temmink on
This is going fine:

  apt-get source aolserver4-nssha1
  apt-get build-dep aolserver4-nssha1
  cd aolserver4-nssha1-0.1/
  # edit debian/Makefile.debian
    -------------------------- Change
    CFLAGS  =  -DACS
    -------------------------- TO
    CFLAGS  =  -DACS -Wl,--no-as-needed
    --------------------------
  dpkg-buildpackage -rfakeroot -uc -b
  cd ..
  dpkg -i aolserver4-nssha1_0.1-3build1_amd64.de

But when i use:

  dpkg-buildpackage -rfakeroot -uc -b

I get this error:

root@ubuntu:/usr/local/src/aolserver4-nspostgres-4.5#  dpkg-buildpackage -rfake                                                                                        root -uc -b
dpkg-buildpackage: warning: using a gain-root-command while being root
dpkg-buildpackage: export CFLAGS from dpkg-buildflags (origin: vendor): -g -O2 -                                                                                        fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security
dpkg-buildpackage: export CPPFLAGS from dpkg-buildflags (origin: vendor): -D_FOR                                                                                        TIFY_SOURCE=2
dpkg-buildpackage: export CXXFLAGS from dpkg-buildflags (origin: vendor): -g -O2                                                                                        -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security
dpkg-buildpackage: export FFLAGS from dpkg-buildflags (origin: vendor): -g -O2
dpkg-buildpackage: export LDFLAGS from dpkg-buildflags (origin: vendor): -Wl,-Bs                                                                                        ymbolic-functions -Wl,-z,relro
dpkg-buildpackage: source package aolserver4-nspostgres
dpkg-buildpackage: source version 4.5-3build1
dpkg-buildpackage: source changed by Ilya Barygin <mailto:randomaction@ubuntu.com>
dpkg-buildpackage: host architecture amd64
dpkg-source --before-build aolserver4-nspostgres-4.5
fakeroot debian/rules clean
dh_testdir
dh_testroot
/usr/bin/make -f debian/Makefile.debian clean
make[1]: Entering directory `/usr/local/src/aolserver4-nspostgres-4.5'
/usr/bin/tclsh /usr/share/aolserver4/nsremove.tcl nspostgres.so
/usr/bin/tclsh /usr/share/aolserver4/nsremove.tcl libnspostgres.so libnspostgres                                                                                        .a nspostgres.o
make[1]: Leaving directory `/usr/local/src/aolserver4-nspostgres-4.5'
dh_clean
debian/rules build
dh_testdir
touch configure-stamp
dh_testdir
/usr/bin/make -f debian/Makefile.debian POSTGRES=PG_CONFIG PG_CONFIG=/usr/bin/pg                                                                                        _config ACS=1
make[1]: Entering directory `/usr/local/src/aolserver4-nspostgres-4.5'
x86_64-linux-gnu-gcc -Wall -g -O2 -DBIND_EMULATION -I/usr/include/postgresql-Wl,                                                                                        --no-as-needed -DFOR_ACS_USE -O2 -Wall -fPIC -g -O2 -fno-unit-at-a-time -pipe  -                                                                                        I/usr/include/aolserver4 -I/usr/include/tcl8.5  -DNO_CONST -DPACKAGE_NAME=\"tcl\                                                                                        " -DPACKAGE_TARNAME=\"tcl\" -DPACKAGE_VERSION=\"8.5\" -DPACKAGE_STRING=\"tcl\ 8.                                                                                        5\" -DPACKAGE_BUGREPORT=\"\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_ST                                                                                        AT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1                                                                                        -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_LIMITS_H=1 -DHAVE                                                                                        _SYS_PARAM_H=1 -DUSE_THREAD_ALLOC=1 -D_REENTRANT=1 -D_THREAD_SAFE=1 -DHAVE_PTHRE                                                                                        AD_ATTR_SETSTACKSIZE=1 -DHAVE_PTHREAD_GETATTR_NP=1 -DGETATTRNP_NOT_DECLARED=1 -D                                                                                        TCL_THREADS=1 -DTCL_CFGVAL_ENCODING=\"iso8859-1\" -DMODULE_SCOPE=extern\ __attri                                                                                        bute__\(\(__visibility__\(\"hidden\"\)\)\) -DTCL_SHLIB_EXT=\".so\" -DTCL_CFG_OPT                                                                                        IMIZED=1 -DTCL_CFG_DEBUG=1 -DTCL_TOMMATH=1 -DMP_PREC=4 -D_LARGEFILE64_SOURCE=1 -                                                                                        DTCL_WIDE_INT_IS_LONG=1 -DHAVE_GETCWD=1 -DHAVE_OPENDIR=1 -DHAVE_STRTOL=1 -DHAVE_                                                                                        WAITPID=1 -DHAVE_GETADDRINFO=1 -DHAVE_GETPWUID_R_5=1 -DHAVE_GETPWUID_R=1 -DHAVE_                                                                                        GETPWNAM_R_5=1 -DHAVE_GETPWNAM_R=1 -DHAVE_GETGRGID_R_5=1 -DHAVE_GETGRGID_R=1 -DH                                                                                        AVE_GETGRNAM_R_5=1 -DHAVE_GETGRNAM_R=1 -DHAVE_GETHOSTBYNAME_R_6=1 -DHAVE_GETHOST                                                                                        BYNAME_R=1 -DHAVE_GETHOSTBYADDR_R_8=1 -DHAVE_GETHOSTBYADDR_R=1 -DUSE_TERMIOS=1 -                                                                                        DHAVE_SYS_TIME_H=1 -DTIME_WITH_SYS_TIME=1 -DHAVE_GMTIME_R=1 -DHAVE_LOCALTIME_R=1                                                                                        -DHAVE_MKTIME=1 -DHAVE_TM_GMTOFF=1 -DHAVE_TIMEZONE_VAR=1 -DHAVE_STRUCT_STAT_ST_                                                                                        BLOCKS=1 -DHAVE_STRUCT_STAT_ST_BLKSIZE=1 -DHAVE_BLKCNT_T=1 -DHAVE_INTPTR_T=1 -DH                                                                                        AVE_UINTPTR_T=1 -DHAVE_SIGNED_CHAR=1 -DHAVE_LANGINFO=1 -DHAVE_SYS_IOCTL_H=1 -DTC                                                                                        L_UNLOAD_DLLS=1  -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"                                                                                        \" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DTCL_CFG_OPTIMIZED=1 -DTCL_CF                                                                                        G_DEBUG=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLI                                                                                        B_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1                                                                                        -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_TIMEGM=1 -DHAVE_                                                                                        DRAND48=1 -DHAVE_RANDOM=1 -DHAVE_POLL=1 -DHAVE_GETADDRINFO=1 -DHAVE_GETNAMEINFO=                                                                                        1  -D_FORTIFY_SOURCE=2  -c -o nspostgres.o nspostgres.c
<command-line>:0:0: warning: "PACKAGE_NAME" redefined [enabled by default]
<command-line>:0:0: note: this is the location of the previous definition
<command-line>:0:0: warning: "PACKAGE_TARNAME" redefined [enabled by default]
<command-line>:0:0: note: this is the location of the previous definition
<command-line>:0:0: warning: "PACKAGE_VERSION" redefined [enabled by default]
<command-line>:0:0: note: this is the location of the previous definition
<command-line>:0:0: warning: "PACKAGE_STRING" redefined [enabled by default]
<command-line>:0:0: note: this is the location of the previous definition
In file included from nspostgres.c:32:0:
nspostgres.h:48:22: fatal error: libpq-fe.h: No such file or directory
compilation terminated.
make[1]: *** [nspostgres.o] Error 1
make[1]: Leaving directory `/usr/local/src/aolserver4-nspostgres-4.5'
make: *** [build-stamp] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2

Collapse
Posted by Gustaf Neumann on
The error tells you that the needed include file from postgres (a build-dependency) is missing. Have you issued "apt-get build-dep aolserver4-nspostgres" before running "dpkg-buildpackage" in aolserver4-nspostgres-4.5?
Collapse
Posted by Lester Temmink on
root@ubuntu:~# apt-get build-dep aolserver4-nspostgres
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 9 not upgraded.
Collapse
Posted by Gustaf Neumann on
Strange, that i did not see the problem on the two system i tried. Get the following package. that should include the missing .h file

apt-get install libpq-dev
Collapse
Posted by Lester Temmink on
No.. already got this package.

root@ubuntu:/# apt-get install libpq-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
libpq-dev is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 9 not upgraded.
root@ubuntu:/#

Collapse
Posted by Gustaf Neumann on
ok. now is see, what the problem is: you missed the space before "-Wl,--no-as-needed" when you updated Makefile.debian
Collapse
Posted by Lester Temmink on
Tnx, that worked out for me:

But then.. next problem..

Thank you for installing the Open Architecture Community System (OpenACS), a suite of fully-integrated enterprise-class solutions for collaborative commerce. This is the OpenACS Installer which performs all the steps necessary to get the OpenACS Community System running on your server.
Please read the Release Notes before proceeding to better understand what is contained in this release.

Your PostgreSQL driver is correctly installed and configured.

The OpenACS data model is already installed. Click Next to scan the available packages

When i click next, i get nothing.

Webpage says, no data received.

Collapse
Posted by Lester Temmink on
error.log

[15/Aug/2013:16:35:45][21171.18446744073082287872][-nssock:driver-] Notice: starting
[15/Aug/2013:16:35:45][21171.18446744073082287872][-nssock:driver-] Notice: nssock: listening on 10.10.10.17:8000
[15/Aug/2013:16:35:47][21171.18446744073090692864][-default:1-] Warning: tclfilter: install_handler return invalid result:
[15/Aug/2013:16:35:48][21171.18446744073099097856][-default:3-] Error: Unable to source /usr/share/openacs/packages/acs-bootstrap-installer/installer/packages-install.$
[15/Aug/2013:16:35:49][21171.18446744073103300352][-default:4-] Error: Unable to source /usr/share/openacs/packages/acs-bootstrap-installer/installer/packages-install.$
[15/Aug/2013:16:35:51][21171.18446744073086490368][-default:0-] Error: Unable to source /usr/share/openacs/packages/acs-bootstrap-installer/installer/packages-install.$
[15/Aug/2013:16:35:55][21171.18446744073321154304][-main-] Notice: nsmain: AOLserver/4.5.1 stopping
[15/Aug/2013:16:35:55][21171.18446744073321154304][-main-] Notice: driver: stopping: nssock
[15/Aug/2013:16:35:55][21171.18446744073321154304][-main-] Notice: sched: shutdown pending
[15/Aug/2013:16:35:55][21171.18446744073090692864][-default:1-] Notice: exiting: shutdown pending
[15/Aug/2013:16:35:55][21171.18446744073271260928][-sched-] Notice: sched: shutdown started
[15/Aug/2013:16:35:55][21171.18446744073271260928][-sched-] Notice: sched: shutdown complete
[15/Aug/2013:16:35:55][21171.18446744073094895360][-default:2-] Notice: exiting: shutdown pending
[15/Aug/2013:16:35:55][21171.18446744073099097856][-default:3-] Notice: exiting: shutdown pending
[15/Aug/2013:16:35:55][21171.18446744073321154304][-main-] Notice: driver: stopped: nssock
[15/Aug/2013:16:35:55][21171.18446744073082287872][-nssock:driver-] Notice: exiting
[15/Aug/2013:16:35:55][21171.18446744073086490368][-default:0-] Notice: exiting: shutdown pending
[15/Aug/2013:16:35:55][21171.18446744073103300352][-default:4-] Notice: exiting: shutdown pending
[15/Aug/2013:16:35:55][21171.18446744073082287872][-shutdown-] Notice: nslog: closing '/usr/share/openacs/log/openacs.log'
[15/Aug/2013:16:35:55][21171.18446744073321154304][-main-] Notice: nsmain: AOLserver/4.5.1 exiting

Collapse
Posted by Gustaf Neumann on
sigh. The Debian/Ubuntu packages for OpenACS are in a worse state than i thought:

- There are the two bugs with the compiler flags fixed by the steps above; but fixing these is apparently not enough.

- OpenACS as packaged by the Debian packages is not compatible with PostgreSQL 9.*. Ubuntu 12.04 ships per default with PostgreSQL 9.1. Sooner or later, one runs either into the problem of Iuri Sampaio (syntax error [1]) or the problem of Chris Edwards (unrecognized configuration parameter "regex_flavor", [2]). The only option is to use PostgreSQL 8.4 instead with this release. But downgrading is not enough either.

- The newer aolserver as shipped with Ubuntu is apparently more picky about a incorrect return value from a filter (tclfilter: install_handler return invalid result; see above). This bug is fixed as well in the head version of OpenACS. This problem can be fixed by a two line modification in the OpenACS tree.

The OpenACS packages for debian require a new release. Dealing with the brokenness is already more work than installing from scratch. The whole thing happened, as a working verision of OpenACS was kept stable in the distribution, but the components around it changed (C-compiler flags, PostgreSQL, Aolserver). Hope, that the packager of the Debian OpenACS packages read this and can push our a working verison.

Incentivated by this malaise, i have just now put together two scripts that let you install the newest version of OpenACS on a wider range of systems; this version e.g. compatible with PostgreSQL 9.*. See: https://openacs.org/xowiki/naviserver-openacs

This should let you install OpenACS on your system.

Hope this helps finally
-gustaf neumann

[1] https://openacs.org/forums/message-view?message_id=4048828
[2] https://openacs.org/forums/message-view?message_id=4051830

Collapse
Posted by Lester Temmink on
Well, not very lucky with that though:

bash install-ns.sh
bash install-ns.sh build

checking whether to use symlinks for manpages... no
checking whether to compress the manpages... no
checking whether to add a package name suffix for the manpages... no
checking for gcc... no
checking for cc... no
checking for cc... no
checking for cl... no
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details.

So.. fresh install ubuntu 12.04.
On what OS is OpenACS running fine? So I can use that one?

Collapse
Posted by Gustaf Neumann on
The scripts checked the current OS compatibility with "/etc/debian-version" instead of "/etc/debian_version". sigh, i need better glasses. Please re-fetch the scripts and run it again.

Just now, i have installed OpenACS with the updated scripts on 2 fresh VMs, one with Ubuntu 12.0 and one with Ubuntu 13.04, both went through fine.

The question is actually not, on which OS OpenACS is running fine, but on which OS is it the easiest to install. We are running on our large production system under RHEL 6.4, the OpenACS installation on alice.wu.ac.at:8000 under Fedora 18, on openacs.org on Ubuntu 10.04, and on my notebook under Mac OS X 10.8. On all these OSes, OpenACS runs fine.

From my experiences with the VMs, i would recommend to use Ubuntu 13.04 instead of 12.04, since at least under my host OS, 12.04 made much troubles (no graphics support after installing from the iso, one has to upgrade from the rescue menu, then problems with the shared folders and "guest additions" under vbox) furthermore, the upgrades from apt-get are much faster in 13.04.

Collapse
Posted by Héctor Romojaro on
Dear Gustaf and all,

I'm no longer using OpenACS at work, but I still maintain both openacs and dotlrn debian packages in my spare time, and your post hurted my feelings :)

Not responsible for the aolserver packages though, but i guess their maintainer reads this forum.

With that said, let see all the issues in detail:

- PG 9.1: The openacs package (5.7.0) is currently using "standard_conforming_strings = off" as a compatibility option in the openacs database to avoid the errors. It seemed to work fine, and I asked if there was any other change to do in the OCT list. I was told that using a more recent version of nspostgres would make the "standard_conforming_strings = off" unnecesary. IIRC, the nspostgres maintainer was asked about updating it (i think it was Stefan who asked him to), but, as it was never updated, i kept that option hoping it would be enough.

- Changes in head to support newer aolserver: I could include a patch in the package that modifies the openacs tarball and fix this but, at this point, i think the best solution is to package a new version of openacs (5.8) with proper pg9.x and aolserver compatibility.

Is there any estimation of when 5.8 will be *officially* out, with its static tarball in the download page? If the release is no near though, i'll go with the patch, but i think this is a way better solution.

However, we'll have to deal with the nspostgres issues. I'll try to contact its maintainer to see if he's willing to update it.

P.S: not the place to say it, but dotlrn packages has those and worse problems too. 2.5.0 is extremely old and, if no release is made soon, i fear for its continuity in the debian archive.

Kind regards,
Héctor Romojaro

Collapse
Posted by Jim Lynch on
Hector and the group,

openacs-5.7 doesn't like pg-9, it does like pg-8.3 and maybe also 8.4.

openacs-HEAD (which some are calling 5.8) does like pg-9.2. It's not released yet, and so far I can find no information on who's working on it, when it will be released or what its status is.

For your (and other's) convenience, I adjusted the build system of nspostgres so that you can supply the location of pg_config, and have the build use pg_config to find things, which I recommend. I was working with Dossy when I added this feature to the makefile. I carefully documented the build options in the makefile; please read for more info.

One place you can find pg_config is in the debian package postgresql-server-dev-x.y (where x.y is the postgres version), and then you will find pg_config in /usr/lib/postgresql/x.y/bin/pg_config.

I tend to recommend building the whole stack as you have and keep much more control: upgrading debian packages then have no chance of touching your web stack, and the prefix of just about everything can be set to the same place. I do like how the pg packages install and where it puts things, so it's been awhile since I last built pg.

Anyway, hope this helps and I'll probably contribute more to this thread later.

I thought I heard at one of the dotlrn meetings that the last dotlrn was about to be released, as MIT Sloan stopped using it. (can someone confirm this?)

-Jim

Collapse
Posted by Jim Lynch on
One more thing... Victor Guerra had been working on moving openacs to git; any progress here? (in the past, I would occasionally ask him to run a cvs->git import script he wrote.)

-Jim

Collapse
Posted by Lester Temmink on
Got it working on ubuntu 13.04 :) Tnx for all the support.
Collapse
Posted by Lester Temmink on
Im going to use OpenACS to monitor and configure modems, Which application is the best to do this?
Collapse
Posted by Gustaf Neumann on
Lester,

after this endless thread (thanks for keeping up) i got the impression that you got the wrong OpenACS (the community system/web framework, as in http://en.wikipedia.org/wiki/OpenACS), but you are interested in http://sourceforge.net/projects/openacs/ (an implementation of http://en.wikipedia.org/wiki/TR-069, a remote management and configuration server for network devices; ACS stands here for "auto configuration server"). Anyhow, many thanks, you made clear to me, how bad the state of the ubuntu/debian packages really is.

Jim, the scripts i added (see above) install OpenACS on Ubuntu/Fedora systems for PG 9.+ from scratch, including the updated postgres driver, tcl, tdom, xotcl, ..., using OpenACS, xo* and dotlrn from cvs and xowf from git, but using a packaged postgres version (on Ubuntu 9.1, on Fedora 9.2). We (mostly Victor and me) work in Vienna towards a 5.8 release, there is already a oacs-5-8 branch of OpenACS in CVS. Everybody is welcome to test it, and to contribute to the release.

As always, the release of the openacs-core packages comes first, then application packages. It is not clear yet, when and in which form a dotlrn release will come out (most dotlrn applications are substantially tailored sites, developed by busy people with not-so-much benefit from a new release).

Hope this helps
-gustaf neumann

Collapse
Posted by Bjoern Kiesbye on
Hello,

I'm not sure if this is the right place for the post but i hope it will help someone. I just tried to install Aolserver from source (cvs checkout) on Ubuntu 14.04. and 12.04 and ran into the same Problem. Adding -Wl,--no-as-needed to the modules Makefile was just part of the solution. If it still does not fix the Problem, check the output of make, if the Flag '-fvisibility=hidden' is passed to gcc. It will hide all Symbols, unless explicitly specified as public within the source code. The option is "just" an optimization and can be removed from the ns.mak file without greater harm (on Suse it is not set in first place), this is the first solution.
The second and better solution is to patch the source code, and add required attributes to the Function Ns_ModuleInit and the Variable Ns_ModuleVersion (a makro to do that already exists in ns.h), which advise gcc to export this symbols and make them access able from outside the module (public), but this has to be done for each Module. Below you find links to patches for the most common Aolserver modules including a description on how to apply them.

First Solution:
The Flag is set in the File
/usr/local/aolserver-inst-dir/include/ns.mak

The Line
CFLAGS_EXTRA = -fPIC -pipe -fvisibility=hidden
can be changed to
CFLAGS_EXTRA = -fPIC -pipe

Second Solution:
First download the patches to the /tmp directory. Then apply the patches by changing into the modules source directory and run the patch command.

root#> cd /tmp
root#> wget http://www.clever-devel.com/file/35054/nssha1-visibility-0.1.1.patch
root#> cd /usr/local/src/aolserver-src-dir/nssha1/
root#> patch -p0 /tmp/nssha1-visibility-0.1.1.patch

Now compile the Module as usual.
The procedure for the patches below is the same, just the patch name and the source directory needs to be changed for the current module.

http://www.clever-devel.com/file/35054/nssha1-visibility-0.1.1.patch
http://www.clever-devel.com/file/35057/nscache-visibility-0.1.1.patch
http://www.clever-devel.com/file/35048/nsopenssl-visibility-0.1.1.patch

Collapse
Posted by Gustaf Neumann on
Dear Bjoern,

many thanks for the patches! I've applied just now quite similar ones (using NS_EXPORT instead of DllExport) to the version of aolserver on sourceforge, such that other people might have an easier life.

Out of curiosity: Do you have any technical reason for not using NaviServer? It is easier to install from scratch via [1]

all the best
-gustaf neumamn

[1] https://openacs.org/xowiki/naviserver-openacs

Collapse
Posted by Bjoern Kiesbye on
Dear Gustaf,

thanks for applying the patches, I was not sure which makro is the preferred one as both where offered in ns.h.

Until now Aolserver was sufficient, and as there was no real reason, I have not tried NaviServer yet. A while a go I did notice that the nsmemcache module was developed for NaviServer first, and now i stumbled over some recent posts on the Aolserver mailing list, which said that the naviserver-dev mailing list is much more active than the aolserver mailing lists. So I think I will try NaviServer.

If I recall right there was a Licensing issue with Aolserver which was the initial reason for the NaviServer Project, is this it, or is there more? I checked the NaviServer Pages on sourceforge.net and wiki.tcl.tk and their doesn't seem to be a great difference between Aolserver and NaviServer.

Collapse
Posted by Gustaf Neumann on
Dear Bjoern,

The preferred macros start with NS_* (but the one you used work as well, but these are for compatibility).

One reason for the split was a question in "philosophy", since the aolserver fraction was very conservative on changes and the NaviServer needed changes for integration with their products (one case was that aolserver was webserver only, while naviserver went towards multi-protocol server; see [1], thread "Support for non-HTTP protocols")

There is no exhaustive list of differences between aolserver and NaviServer, so i think the best place the check is the changelog summary[2]. The biggest hurdle for a quick check is probably the different config file, but you will find in the NaviServer sources several sample config files, including one modeled for OpenACS.

Most of the differences between aolserver and NaviServer are about extending functionality. Alex Hisen pointed out not long ago in the aolserver mailing list three (actually deprecated) features of aolserver, that might require replacements in legacy code, when one switches from aolserver to NaviServer:

1) Support for optional $conn argument in ns_return*, etc commands
2) ns_share
3) ns_set -persist

The first one is about using ignored arguments, the second and third can be handled via nsv, for (2) Stephen Deasey wrote additionally an extra module.

Recent versions of OpenACS is free of these features since several years. OpenACS.org runs on NaviServer since about one year, the performance gain was significant (see [3]).

All the best
-gustaf neumann

[1] http://news.gmane.org/group/gmane.comp.web.aolserver/last=0/force_load=very/?page=56
[2] https://bitbucket.org/naviserver/naviserver/src/default/NEWS
[3] https://openacs.org/forums/message-view?message_id=4074774

Collapse
Posted by Bjoern Kiesbye on
Dear Gustaf,

thank you for all the information, I did take a look at the config.tcl Description for NaviServer at http://wiki.tcl.tk/22673 and there does not seem to be that many differences in the configuration. The Aolserver features not available in NAviServer 1)-3) wont affect my own code, and as it seems to be that development efforts go more and more into NaviServer, i think i will give it a try.

I have another patch for nsopenssl concerning the Error

tclcmds.c:338:31: error: 'Tcl_Interp' has no member named 'result'

which occurs when compiled for tcl8.6, where the interp object fields cant be accessed directly anymore,

http://www.clever-devel.com/file/35043/nsopenssl-interp-result-0.1.1.patch

Collapse
Posted by Jim Lynch on
Hi...

I would like to tell about my exp getting 8.6tcl to work with some of the aolserver modules...

Before 8.6, the tcl result was available as a string, with some funcs to set and append to that string.

At 8.6, you actually have a choice, you can rebuild it so it works as before (so result is exposed) or you can alter code which accesses the result, as the patch suggests.

What I found out was, if you want numeric result values, you can have tcl set them as ints or maybe longs (or other object types). This is what I preferred to do when I was trying to get 8.6 going.

You want to be very cautious with sprintf, as this func doesn't limit the writing based on length. So, you either want to use things that append to the string result object, or you want to set as cast to a different type, for example int. 8.6 provides calls for doing either.

Almost every time I've seen uses of sprintf (in -anything-), I knew there was the typical "buffer overrun" possibility, and in the cases where I could, I was able to replace each with calls to snprintf (or to use a different alternative that was also safe).

As an aside, many years ago, when looking at aolserver source for my first time, I happened to look at the call Ns_DStringPrintf, which then used sprintf. I wrote an equivalent using snprintf, and aolserver devs eventually took a whole printf func from some stdio lib source, and adapted it so that it "printf"ed to a DString in a safe manner. To Gustaf, if you hadn't done so already, would you be willing to look at it and at naviserv source to see if it's been incorporated already?

If you're going to use sprintf, get the length of the buffer and use snprintf instead, as not doing so could result in a crash if sprintf overwrites a dynamically allocated buffer.

This may sound like hyperbole, but it's my very stong belief that sprintf is never safe, and should always be replaced with snprintf.

I may still have the sources of other aolserver or naviserv (don't remember which at this moment) modules, where I had to rewrite the pieces that set or get the tcl result.

On request, I'll put something together in the hope it will assist.

-Jim

Collapse
Posted by Gustaf Neumann on
Dear Björn,

The supported ssl driver for NaviServer is nsssl [1] part of the 43 NaviServer modules [2]. Nsssl is up to date in terms of the security features of OpenSSL (e.g. forward secrecy). When using this driver, one gets an A+ rating from SSL labs by following the configuration instructions in the README file. Furthermore, the driver nsssl provides the "ns_ssl" command for https client requests, compatible with "ns_http", which use the same c-level infrastructure.

The compilation problem you faced with nsopenssl are due to the fact, that this driver was not updated for Tcl 8.6. Your fix is partly correct, but setting the interp result has to go through the appropriate tcl-api to set the result (e.g. Tcl_SetResult). I am not eager for fixing this, since we don't use the driver at all.

Actually, we are using on all production environments still Tcl 8.5, also OpenACS recommends still Tcl 8.5. There are no known issues with Tcl 8.6, just a thorough testing is missing.

all the best
-gustaf neumann

[1] https://bitbucket.org/naviserver/nsssl
[2] http://sourceforge.net/projects/naviserver/files/naviserver/4.99.6/naviserver-4.99.6-modules.tar.gz/download

Collapse
Posted by Bjoern Kiesbye on
Hi Jim,

I think the tcl8.6 API (http://www.tcl.tk/man/tcl8.6/TclLib/SetResult.htm). should be used to manipulate the interp result, too. Even so I used the solution from nspostgres where a reference to the interp's result string is requested, using the API, and assigned to a local variable, which is then passed to sprintf instead of passing interp->result directly. I think the way it is currently done, partly defeats the purpose of the API, because the interp objects internal state is manipulated from outside code. I did use it because it was a 'known to work' solution, which i needed, and was not certain that there isn't a good reason why it is done this way.

The use of sprintf is original code from nsopenssl, I just changed the variable which is passed to it. Besides the manipulation of interp->result (assuming they will be replaced by calls to the API), sprintf is used twice more to create the channelName, and once to write to buf.

Collapse
Posted by Bjoern Kiesbye on
Dear Gustaf,

thank you for the information, I was just needing nsopenssl for a Development Server and thought the fix might be help full for others, even so it's not a perfect solution, it's a working one. On live systems i use nginx in front of Aolserver, besides other reasons to handle ssl client requests.

Collapse
Posted by Jim Lynch on
"Use of sprintf is original code" Doesn't make it safe. Yes, as I mentioned, I found that too, and without limiting how many bytes it writes, it has the potential of overwriting the buffer it uses. Assume, for example, that someone changes what's written by some sprintf, without knowing the size of the buffer, this has the potential to overwrite its buffer as well, especially if the sprintf arguments cause it to write more. It doesn't make for good code, it makes for the continued ignorance of an existing bug which should be fixed. I'm just trying to make sure that bugs that could cause security issues are removed and fixed, not kept, and being original code is not a reason to keep a problem.

In the case of writing integers to the tcl result, you don't have to concern yourself with either sprintf or snprintf, you can use other tcl api calls to set the result to the integer directly, and this is what is recommended.

I'll help you in any way I can to make sure these bugs no longer plague us. Would you like me to show the calls that involve writing integers to the tcl result?

Collapse
Posted by Bjoern Kiesbye on
Hello Jim,

you are right, snprintf is the preferred way, i did use that too when i was writing a simple custom gzip_http_post method. With original code I just meant, it's know to work code,and not new code introduced by the patch, which may lead to problems in case the patch is applied.
As well i was uncertain if fixing this is going to be appreciated at all, because development efforts seem to go more into NaviServer rather then Aolserver. Hearing that there is still interest i can make the changes, and would appreciated some guidance.

First Question is there a preferred way to set the interp result, as there are 2 ways Tcl_SetResult/Tcl_SetObjResult and Tcl_AppendResult. Currently the result is set to a single string, to replace it by the new API I would go with.

Example Integer:

sprintf(interp->result, "%d", nread);

is replaced by

Tcl_SetObjResult(interp, Tcl_NewIntObj(nread));




Example String(1):

interp->result = "could not register callback";

is replaced by

Tcl_SetResult(interp, "could not register callback", TCL_STATIC);



Example String(2):

sprintf(interp->result, "%s", Tcl_GetChannelName(chan));

is replaced by

Tcl_SetResult(interp, Tcl_GetChannelName(chan), TCL_VOLATILE);

Thanks Bjoern

Collapse
Posted by Jim Lynch on
Yes, -and- these API calls should work in tcl-8.5 as well.

-Jim

Collapse
Posted by Bjoern Kiesbye on
Hi Jim,

I updated the patch to use the new tcl API, at one point I had to use the Function Tcl_ObjPrintf, which is available in tcl8.5/.6 only, As the function is not available in tcl8.4 I wrapped it in a #if which checks the tcl version, and in case a the tcl version is 8.4 or lower snprintf is used instead.

Example:

+#if (TCL_MAJOR_VERSION >= 8) && (TCL_MINOR_VERSION > 4 )
+ Tcl_SetObjResult(interp, Tcl_ObjPrintf("%lu", peercert == NULL ? 0 : X509_get_version(peercert) + 1));
+#else
+ snprintf(&buf, sizeof(buf), "%lu", peercert == NULL ? 0 : X509_get_version(peercert) + 1);
+ Tcl_SetResult(interp, buf, TCL_VOLATILE);
+#endif

http://www.clever-devel.com/file/35043/nsopenssl-interp-result-0.1.1.patch

-bjoern