libnginx-mod-http-lua 0.10.11 not compatible with NGINX 1.18/1.17

Bug #1893753 reported by Sönke Huster
48
This bug affects 7 people
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
High
Unassigned
Focal
Undecided
Unassigned
Groovy
Undecided
Unassigned

Bug Description

Ubuntu Release:
Description: Ubuntu 20.04.1 LTS
Release: 20.04

libnginx-mod-http-lua 0.10.11 is distributed with current nginx versions 1.17/1.18 on Ubuntu 20.04.
This version was just tested with nginx 1.13 [1] and does not seem to work with the distributed nginx versions [2] [3]. The current version at least claims to be tested with nginx 1.17 [4].

[1] https://github.com/openresty/lua-nginx-module/tree/v0.10.11#nginx-compatibility
[2] https://github.com/openresty/lua-nginx-module/issues/1714
[3] https://github.com/knyar/nginx-lua-prometheus/issues/105#issuecomment-683458757
[4] https://github.com/openresty/lua-nginx-module/tree/v0.10.17#nginx-compatibility

Related branches

summary: - libnginx-mod-http-lua 0.10.11 not tested with NGINX 1.18/1.17
+ libnginx-mod-http-lua 0.10.11 not compatible with NGINX 1.18/1.17
description: updated
Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

I'm flagging this as server-next so it gets our attention for Groovy. This could mean likely a FFe (Feature Freeze Exception) for Groovy as the fix is updating libnginx-mod-http-lua to a new version (debian/modules)). With that said, this would also be an exception for SRUing to Focal (thus the tag server-triage-discuss).

Changed in nginx (Ubuntu):
status: New → Triaged
tags: added: server-next
Changed in nginx (Ubuntu):
importance: Undecided → High
tags: added: server-triage-discuss
Revision history for this message
Anton Tolchanov (knyar) wrote :

Because of this issue libnginx-mod-http-lua is completely broken in several versions of Ubuntu.

Upgrading lua-nginx-module to 0.10.15 fixes the issue, and I have suggested two patches that would make libnginx-mod-http-lua usable again:
- hirsuite: https://code.launchpad.net/~knyar/ubuntu/+source/nginx/+git/nginx/+merge/393789
- focal: https://code.launchpad.net/~knyar/ubuntu/+source/nginx/+git/nginx/+merge/393790

Note that the latest version of lua-nginx-module is 0.10.19, however upgrading to it is more tricky than upgrading to 0.10.15. Beginning at version 0.10.16, lua-nginx-module requires the lua-resty-core library (https://github.com/openresty/lua-resty-core) to be available, and I have not been able to find it packaged in Ubuntu. There are several options on how to package that lua library (either as a separate Ubuntu package, or together with libnginx-mod-http-lua), which is probably something that Ubuntu nginx maintainers should decide.

Thomas Ward (teward)
Changed in nginx (Ubuntu):
assignee: nobody → Thomas Ward (teward)
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi Thomas,

In the source I still see debian/modules/control:
 23 Module: http-lua
 24 Homepage: https://github.com/openresty/lua-nginx-module
 25 Version: 0.10.13
 26 Patch:
 27 openssl-1.1.0.patch
 28 discover-luajit-2.1.patch
 29 Files-Excluded: .gitignore .gitattributes .travis.yml .github

Since the request was to bump to 0.10.15 I wanted to ask if there are there any updates planned/prepared for Hirsute?

Revision history for this message
Thomas Ward (teward) wrote :

Christian:

This comes with a second caveat: it requires https://github.com/openresty/lua-resty-core to be packaged in the package as well now. If the Lua module cannot operate without OpenResty's core functions, then this is something I would like Debian to review and consider - I don't have the cycles at the moment to handle this due to January 2021 tasks at $FullTimePaidJob right now.

Changed in nginx (Ubuntu):
assignee: Thomas Ward (teward) → nobody
Robie Basak (racb)
tags: removed: server-triage-discuss
Revision history for this message
Anton Tolchanov (knyar) wrote :

Thomas, I believe lua-resty-core is required by lua-nginx-module 0.10.16 or later. The patches I proposed for hirsuite and focal in my previous comment upgrade the module to 0.10.15 which is the latest version that does *not* require lua-resty-core, but is fresh enough to work with the packaged version of NGINX (unlike the currently shipped 0.10.11).

While we wait for a longer term plan with respect to lua-resty-core, is there any reason not to upgrade to 0.10.15 to fix what seems completely broken now?

Revision history for this message
Thomas Ward (teward) wrote : Re: [Bug 1893753] Re: libnginx-mod-http-lua 0.10.11 not compatible with NGINX 1.18/1.17

We are discussing this at the server team level for best approach to this, but as it is the weekend you need some patience because the Server Team is usually not available to discuss this type of thing on the weekends.  ;)

-------- Original Message --------
From: Anton Tolchanov <email address hidden>
Sent: Sat Jan 30 12:23:19 EST 2021
To: <email address hidden>
Subject: [Bug 1893753] Re: libnginx-mod-http-lua 0.10.11 not compatible with NGINX 1.18/1.17

Thomas, I believe lua-resty-core is required by lua-nginx-module 0.10.16
or later. The patches I proposed for hirsuite and focal in my previous
comment upgrade the module to 0.10.15 which is the latest version that
does *not* require lua-resty-core, but is fresh enough to work with the
packaged version of NGINX (unlike the currently shipped 0.10.11).

While we wait for a longer term plan with respect to lua-resty-core, is
there any reason not to upgrade to 0.10.15 to fix what seems completely
broken now?

--
You received this bug notification because you are subscribed to nginx
in Ubuntu.
Matching subscriptions: nginx
https://bugs.launchpad.net/bugs/1893753

Title:
  libnginx-mod-http-lua 0.10.11 not compatible with NGINX 1.18/1.17

Status in nginx package in Ubuntu:
  Triaged

Bug description:
  Ubuntu Release:
  Description: Ubuntu 20.04.1 LTS
  Release: 20.04

  libnginx-mod-http-lua 0.10.11 is distributed with current nginx versions 1.17/1.18 on Ubuntu 20.04.
  This version was just tested with nginx 1.13 [1] and does not seem to work with the distributed nginx versions [2] [3]. The current version at least claims to be tested with nginx 1.17 [4].

  [1] https://github.com/openresty/lua-nginx-module/tree/v0.10.11#nginx-compatibility
  [2] https://github.com/openresty/lua-nginx-module/issues/1714
  [3] https://github.com/knyar/nginx-lua-prometheus/issues/105#issuecomment-683458757
  [4] https://github.com/openresty/lua-nginx-module/tree/v0.10.17#nginx-compatibility

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1893753/+subscriptions

Launchpad-Notification-Type: bug
Launchpad-Bug: distribution=ubuntu; sourcepackage=nginx; component=main; status=Triaged; importance=High; assignee=None;
Launchpad-Bug-Tags: server-next
Launchpad-Bug-Information-Type: Public
Launchpad-Bug-Private: no
Launchpad-Bug-Security-Vulnerability: no
Launchpad-Bug-Commenters: knyar me-ngeefk4xay8 paelzer rafaeldtinoco teward
Launchpad-Bug-Reporter: Sönke Huster (me-ngeefk4xay8)
Launchpad-Bug-Modifier: Anton Tolchanov (knyar)
Launchpad-Message-Rationale: Subscriber (nginx in Ubuntu)
Launchpad-Message-For: teward
Launchpad-Subscription: nginx

Revision history for this message
Robie Basak (racb) wrote :

> While we wait for a longer term plan with respect to lua-resty-core, is there any reason not to upgrade to 0.10.15 to fix what seems completely broken now?

I think we need to separate discussion of what to do in Focal and Groovy vs. what to do for Hirsute and future Ubuntu releases.

For future releases, I think we're going to end up dropping the libnginx-mod-http-lua package because I understand that the newer versions require lua-resty-core and this is not packaged in Debian or Ubuntu.

For Focal and Groovy, we can fix the package in the normal way, subject to the normal policy. See https://wiki.ubuntu.com/StableReleaseUpdates for details.

However, in Focal and Groovy, the libnginx-mod-http-lua is in universe, and depends on community support. I therefore don't expect it to be prioritised by the Ubuntu Server Team. If you need this package fixed and can volunteer to provide the necessary fix in line with Ubuntu policy and drive it through Ubuntu's QA process, then we'd welcome your help. Please see the above link for details on what to do.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

As outlined by Thomas this was totally broken, so going forward it was removed from nginx to avoid the trouble. Not sure if there is a better option for the older releases, but I'm tagging the tasks here accordingly to reflect what
https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu5
https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu8
changed.

Changed in nginx (Ubuntu):
status: Triaged → Fix Released
Changed in nginx (Ubuntu Focal):
status: New → Triaged
Changed in nginx (Ubuntu Groovy):
status: New → Triaged
Bryce Harrington (bryce)
tags: removed: server-next
Revision history for this message
Viktor (lamalas) wrote :

Hm, interesting fix. Will this mean that all buggy modules will get removed too in the future?
Is there any chance for Anton Tolchanov's change to be merged (or re-created to verify its trustworthy then compared&merged)? Removal of this package caused me a day of headache.
Upgrading it to a newer but not the newest version is better in my opinion than completely removing it.
Also, it was not totally broken, for some use cases it worked fine (my simple use case worked flawlessly).

Revision history for this message
Thomas Ward (teward) wrote :

Viktor:

No, not all buggy modules are going to get removed, especially if there's patches. However, to *fix* the issue with the Lua module, and because it has **future** requisite dependencies on OpenResty Core, the Lua module was removed.

This also was not removed in *older* releases, it was only removed in Hirsute+.

Revision history for this message
Viktor (lamalas) wrote :

Well, there are patches for this module, it's even linked to this issue: 0.10.15. That version does not introduce any additional dependencies.
Is there a reason why this package has to be on the latest release and why version 0.10.15 can't be used?

Sadly I can't use older releases, as ~2 year old hardware (and some 5+) is too new to be supported by older releases.

Revision history for this message
Brian Murray (brian-murray) wrote :

The Groovy Gorilla has reached end of life, so this bug will not be fixed for that release

Changed in nginx (Ubuntu Groovy):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.