libnginx-mod-http-lua 0.10.11 not compatible with NGINX 1.18/1.17

Bug #1893753 reported by Sönke Huster on 2020-09-01
44
This bug affects 6 people
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
High
Unassigned
Focal
Undecided
Unassigned
Groovy
Undecided
Unassigned

Bug Description

Ubuntu Release:
Description: Ubuntu 20.04.1 LTS
Release: 20.04

libnginx-mod-http-lua 0.10.11 is distributed with current nginx versions 1.17/1.18 on Ubuntu 20.04.
This version was just tested with nginx 1.13 [1] and does not seem to work with the distributed nginx versions [2] [3]. The current version at least claims to be tested with nginx 1.17 [4].

[1] https://github.com/openresty/lua-nginx-module/tree/v0.10.11#nginx-compatibility
[2] https://github.com/openresty/lua-nginx-module/issues/1714
[3] https://github.com/knyar/nginx-lua-prometheus/issues/105#issuecomment-683458757
[4] https://github.com/openresty/lua-nginx-module/tree/v0.10.17#nginx-compatibility

Related branches

summary: - libnginx-mod-http-lua 0.10.11 not tested with NGINX 1.18/1.17
+ libnginx-mod-http-lua 0.10.11 not compatible with NGINX 1.18/1.17
description: updated
Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

I'm flagging this as server-next so it gets our attention for Groovy. This could mean likely a FFe (Feature Freeze Exception) for Groovy as the fix is updating libnginx-mod-http-lua to a new version (debian/modules)). With that said, this would also be an exception for SRUing to Focal (thus the tag server-triage-discuss).

Changed in nginx (Ubuntu):
status: New → Triaged
tags: added: server-next
Changed in nginx (Ubuntu):
importance: Undecided → High
tags: added: server-triage-discuss
Revision history for this message
Anton Tolchanov (knyar) wrote :

Because of this issue libnginx-mod-http-lua is completely broken in several versions of Ubuntu.

Upgrading lua-nginx-module to 0.10.15 fixes the issue, and I have suggested two patches that would make libnginx-mod-http-lua usable again:
- hirsuite: https://code.launchpad.net/~knyar/ubuntu/+source/nginx/+git/nginx/+merge/393789
- focal: https://code.launchpad.net/~knyar/ubuntu/+source/nginx/+git/nginx/+merge/393790

Note that the latest version of lua-nginx-module is 0.10.19, however upgrading to it is more tricky than upgrading to 0.10.15. Beginning at version 0.10.16, lua-nginx-module requires the lua-resty-core library (https://github.com/openresty/lua-resty-core) to be available, and I have not been able to find it packaged in Ubuntu. There are several options on how to package that lua library (either as a separate Ubuntu package, or together with libnginx-mod-http-lua), which is probably something that Ubuntu nginx maintainers should decide.

Thomas Ward (teward) on 2020-11-15
Changed in nginx (Ubuntu):
assignee: nobody → Thomas Ward (teward)
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi Thomas,

In the source I still see debian/modules/control:
 23 Module: http-lua
 24 Homepage: https://github.com/openresty/lua-nginx-module
 25 Version: 0.10.13
 26 Patch:
 27 openssl-1.1.0.patch
 28 discover-luajit-2.1.patch
 29 Files-Excluded: .gitignore .gitattributes .travis.yml .github

Since the request was to bump to 0.10.15 I wanted to ask if there are there any updates planned/prepared for Hirsute?

Revision history for this message
Thomas Ward (teward) wrote :

Christian:

This comes with a second caveat: it requires https://github.com/openresty/lua-resty-core to be packaged in the package as well now. If the Lua module cannot operate without OpenResty's core functions, then this is something I would like Debian to review and consider - I don't have the cycles at the moment to handle this due to January 2021 tasks at $FullTimePaidJob right now.

Changed in nginx (Ubuntu):
assignee: Thomas Ward (teward) → nobody
Robie Basak (racb) on 2021-01-20
tags: removed: server-triage-discuss
Revision history for this message
Anton Tolchanov (knyar) wrote :

Thomas, I believe lua-resty-core is required by lua-nginx-module 0.10.16 or later. The patches I proposed for hirsuite and focal in my previous comment upgrade the module to 0.10.15 which is the latest version that does *not* require lua-resty-core, but is fresh enough to work with the packaged version of NGINX (unlike the currently shipped 0.10.11).

While we wait for a longer term plan with respect to lua-resty-core, is there any reason not to upgrade to 0.10.15 to fix what seems completely broken now?

Revision history for this message
Thomas Ward (teward) wrote : Re: [Bug 1893753] Re: libnginx-mod-http-lua 0.10.11 not compatible with NGINX 1.18/1.17

We are discussing this at the server team level for best approach to this, but as it is the weekend you need some patience because the Server Team is usually not available to discuss this type of thing on the weekends.  ;)

-------- Original Message --------
From: Anton Tolchanov <email address hidden>
Sent: Sat Jan 30 12:23:19 EST 2021
To: <email address hidden>
Subject: [Bug 1893753] Re: libnginx-mod-http-lua 0.10.11 not compatible with NGINX 1.18/1.17

Thomas, I believe lua-resty-core is required by lua-nginx-module 0.10.16
or later. The patches I proposed for hirsuite and focal in my previous
comment upgrade the module to 0.10.15 which is the latest version that
does *not* require lua-resty-core, but is fresh enough to work with the
packaged version of NGINX (unlike the currently shipped 0.10.11).

While we wait for a longer term plan with respect to lua-resty-core, is
there any reason not to upgrade to 0.10.15 to fix what seems completely
broken now?

--
You received this bug notification because you are subscribed to nginx
in Ubuntu.
Matching subscriptions: nginx
https://bugs.launchpad.net/bugs/1893753

Title:
  libnginx-mod-http-lua 0.10.11 not compatible with NGINX 1.18/1.17

Status in nginx package in Ubuntu:
  Triaged

Bug description:
  Ubuntu Release:
  Description: Ubuntu 20.04.1 LTS
  Release: 20.04

  libnginx-mod-http-lua 0.10.11 is distributed with current nginx versions 1.17/1.18 on Ubuntu 20.04.
  This version was just tested with nginx 1.13 [1] and does not seem to work with the distributed nginx versions [2] [3]. The current version at least claims to be tested with nginx 1.17 [4].

  [1] https://github.com/openresty/lua-nginx-module/tree/v0.10.11#nginx-compatibility
  [2] https://github.com/openresty/lua-nginx-module/issues/1714
  [3] https://github.com/knyar/nginx-lua-prometheus/issues/105#issuecomment-683458757
  [4] https://github.com/openresty/lua-nginx-module/tree/v0.10.17#nginx-compatibility

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1893753/+subscriptions

Launchpad-Notification-Type: bug
Launchpad-Bug: distribution=ubuntu; sourcepackage=nginx; component=main; status=Triaged; importance=High; assignee=None;
Launchpad-Bug-Tags: server-next
Launchpad-Bug-Information-Type: Public
Launchpad-Bug-Private: no
Launchpad-Bug-Security-Vulnerability: no
Launchpad-Bug-Commenters: knyar me-ngeefk4xay8 paelzer rafaeldtinoco teward
Launchpad-Bug-Reporter: Sönke Huster (me-ngeefk4xay8)
Launchpad-Bug-Modifier: Anton Tolchanov (knyar)
Launchpad-Message-Rationale: Subscriber (nginx in Ubuntu)
Launchpad-Message-For: teward
Launchpad-Subscription: nginx

Revision history for this message
Robie Basak (racb) wrote :

> While we wait for a longer term plan with respect to lua-resty-core, is there any reason not to upgrade to 0.10.15 to fix what seems completely broken now?

I think we need to separate discussion of what to do in Focal and Groovy vs. what to do for Hirsute and future Ubuntu releases.

For future releases, I think we're going to end up dropping the libnginx-mod-http-lua package because I understand that the newer versions require lua-resty-core and this is not packaged in Debian or Ubuntu.

For Focal and Groovy, we can fix the package in the normal way, subject to the normal policy. See https://wiki.ubuntu.com/StableReleaseUpdates for details.

However, in Focal and Groovy, the libnginx-mod-http-lua is in universe, and depends on community support. I therefore don't expect it to be prioritised by the Ubuntu Server Team. If you need this package fixed and can volunteer to provide the necessary fix in line with Ubuntu policy and drive it through Ubuntu's QA process, then we'd welcome your help. Please see the above link for details on what to do.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

As outlined by Thomas this was totally broken, so going forward it was removed from nginx to avoid the trouble. Not sure if there is a better option for the older releases, but I'm tagging the tasks here accordingly to reflect what
https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu5
https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu8
changed.

Changed in nginx (Ubuntu):
status: Triaged → Fix Released
Changed in nginx (Ubuntu Focal):
status: New → Triaged
Changed in nginx (Ubuntu Groovy):
status: New → Triaged
Bryce Harrington (bryce) on 2021-03-25
tags: removed: server-next
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.