Ubuntu
libnginx-mod-http-lua package

Please re-enable sync of libnginx-mod-http-lua

Bug #2035387 reported by Bryce Harrington
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
libnginx-mod-http-lua (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

The sync-blocklist should drop libnginx-mod-http-lua, and by extension lua-resty-core.

Specifically, these lines can be dropped now:

    # vorlon, 2022-08-17, not supportable due to Lua versioning; LP: #1986853
    libnginx-mod-http-lua
    # vorlon, 2023-07-03, depends on nginx-lua; LP: #2025072
    lua-resty-core

See https://git.launchpad.net/~ubuntu-archive/+git/sync-blocklist/tree/sync-blocklist.txt

[Rationale]
lua is an important programming language that nginx users would like to have available for use in website and web application development, however it currently is available for Debian but not Ubuntu. It is actively supported upstream and thus limits Ubuntu users ability to rely on Ubuntu for their needs.

[Background]
Historically, lua support was dropped from the nginx server's source package due to dependency complications (See LP: #1986853). Most notably, the module has a strong interdependence on lua-resty-core (See LP: #2025072), which is a large software package in universe that we do not wish to maintain in main. A second factor was that it tended to require the latest version of lua, yet Ubuntu targeted older versions of lua due to version dependencies from various main packages such as Apache2, Dovecot, etc. (See LP: #1893753).

Notably, though, with nginx 1.22 Debian re-engineered their packaging of the nginx server to move its modules out into source packages of their own. This resolved the first issue by allowing modules to reside in universe and depend on things (like lua-resty-core) that are themselves only available from universe. This puts us in a better, more flexible situation for handling nginx/lua issues in the future, since they can be localized to this universe package.

The second issue of Lua version dependence has been resolved just recently in Ubuntu mantic (23.10) by MIRing lua5.4. (See LP: #2026608) Note that the version skew situation could arise again with future versions of lua, however at least presently the situation is stabilized, and we can cross that bridge when we come to it.

A small but complicating factor is that the aforementioned interdependence with lua-resty-core has led also to the sync-blocklist of that package (LP: #2025072) since it could be built not not installed without the nginx module. At the time that was handled the interdependence was only between these two packages, none others seem involved. So, to reverse this, perhaps lua-resty-core can be sync'd first and allowed to re-block in migration, then sync libnginx-mod-http-lua and allow it to build against lua-resty-core, and then trigger both packages together.

See original description
Bryce Harrington (bryce)
description: updated
Bryce Harrington (bryce)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libnginx-mod-http-lua (Ubuntu):
status: New → Confirmed
Bryce Harrington (bryce)
description: updated
description: updated
Revision history for this message
Steve Langasek (vorlon) wrote :

> Historically, lua support was dropped from the nginx server's source package due to dependency complications

This wasn't relevant to the blocklisting. The source package that was blocklisted, and against which the referenced bug was filed, was libnginx-mod-http-lua. This is ALREADY not part of the nginx server's source package. nginx was already at 1.22 in kinetic when the bug was filed to drop the lua package.

> The second issue of Lua version dependence has been resolved just recently in Ubuntu mantic (23.10) by MIRing lua5.4.

This is also not relevant. This package was always in universe, an MIR of a particular lua version doesn't matter!

So I don't see how any of the facts have changed since when this was blacklisted. It looks to me like this is more a case of, it was a mistake to blacklist it, or the Server Team have changed their mind.

Which is fine, I just want to be clear if that's what it is. Un-blocking these syncs is not a problem, I just don't want us to be flip-flopping and having to block+remove them again in another cycle.

Changed in libnginx-mod-http-lua (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Bryce Harrington (bryce) wrote :

The hard pushback on this request is puzzling, I'm not sure how to answer this so it will move forward. The original blacklisting was correct, but due to the changed conditions as outlined in the background, the server team has indeed changed position on inclusion of this module.

Changed in libnginx-mod-http-lua (Ubuntu):
status: Incomplete → New
Bryce Harrington (bryce)
Changed in libnginx-mod-http-lua (Ubuntu):
status: New → Fix Released
Revision history for this message
Haw Loeung (hloeung) wrote :

Can we get this into Jammy as well?

Revision history for this message
Bryce Harrington (bryce) wrote :

No, this is not a straightforward backport, it'd likely require backporting nginx itself, probably all other nginx modules, and maybe other depends like Lua.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.