General questions about install order and variants (Apache2, PHP5,
PostgreSQL, mySQL)
Bill Hernandez
ms at mac-specialist.com
Fri May 18 10:57:55 PDT 2007
[LENGTHY INCOHERENT RANT]
Some observations on my OSX software upgrade/install experience.
Wonder if I am alone in these thoughts or anyone else has had similar
nightmares...
Over time I've installed so many different versions software (mostly
Apache, php, pgsql, and a myriad of dependencies) in the form of
binaries & source installs on my workstation, and on the servers that
after a while I began to feel that I had no clue what's what, or what
was where, a big unruly mix and match...
Over time there have been a number of binaries, some better than
others. At first I tried binaries from marc liyanage, and others, and
the problem for me with the binaries was :
( 1 ) that you were always from moderately behind, to far behind the
current versions.
( 2 ) by their nature there's no choice on where, what options,
versions, etc are installed.
Some people put a great deal of effort into creating these binaries,
and for the most part grateful as you were that someone took the
time, they never quite solved the problem.
I began installing from source and found that to be an excercise in
total frustration. If you did a simple
./configure (with maybe a couple of simple options)
./make
./sudo make install
things might install as advertised, but even then you might get
failures because you are missing some dependency, or you don't have
the correct version of openssl, or libxml, or some other such thing
and the install requires a later version. Not to even mention all the
warnings the compiler doles out about unsigned variables, etc.
Sometimes when you get involved in what you feel is going to be a 30
minute deal, and three days later at 3:15 am you've installed a boat-
load of dependent software, you're on the last leg and the last one
just refuses to compile with some cryptic message. You begin to feel
like you're inside a huge snowball rolling down the mountain totally
out of control, and there's a big giant Sequoia at the bottom, and
you just know it's got you name on it. Now you have all this stuff
installed that won't work and the only choice is to re-format/erase
the drive and restore from the latest backup to try to get back to
where you were 72 hours prior. Get that started and go to bed, and
hope the next day you'll feel better...
I have had success installing from source, but sometimes the cryptic
errors were too much, and I just gave up. The pain was too great!
I would spend a couple of days trying to install something like gd2
in order to have support for graphics buttons on the fly in php only
to find the dependencies and cryptic errors to be an excercise in
total frustration. After a while there are umpteen instances of php
and the associated support files installed by the OS, FINK, MAMP,
entropy, Zend, and others. It is absolutely mind-blowing when you
search your entire drive for httpd.conf, or php.ini the number of
items found.
Even when I installed what should have been a simple install of "rpl"
which does a simple unix replace string, I had to go back and forth
with the author overcoming some error messages until I finally got it
to install correctly. One of the huge problems is that unless you
have the discipline to write excellent notes, and file them
appropriately, so that the next time you need to do this again on a
new machine a year down the road, you're going to be in for the same
problem all over again...
And there's always the broken links to dilyib.a.this and diliyb.that,
that you can never figure out what they are for, why there are so
many links, which ones are still valid, what's garbage and can be
cleaned out?. What needs to be configured for access to shared
libraries and what doesn't. Every now and then you get lucky and do
an $ "ln -s /real_here /alias_there" and you manage to get broken
links working.
The funny part is that I consider myself a reasonably intelligent
guy, have a degree in Aerospace Engineering with Honors from the
University of Florida, worked as an Engineer/Scientist on the Saturn/
Apollo Program (Apollo VIII thru Apollo XII) during the late 60's whe
we trying to get to the Moon, I learned to fly, got every flight
rating imaginable including an ATR, flight instructed and went on to
become an Airline Pilot for Eastern Airlines for many years. I have
been programming the Mac almost fulltime since 1987 in about a dozen
languages including Motorola 6800 Assembly, Pascal, C, C++, etc. So I
tend to think that I am not the average user, and I still run into
huge problems. Which makes me feel bad for the average person trying
to deal with this crap. That having been said, life should not be
this overly complicated in the year 2007, which brings me back to the
cryptic messages. This is absurdity, as long as computers have been
around we should be at a point where upgrades to OS installed
software do not represent a major crisis in the life and self esteem
of an average person...
My wife recently took a weeklong course on security from the SANS
Institute at http://www.sans.org/, and I've been listening to the
"Sans OnDemand" home study portion since her workstation is right
beside mine. The intructor's name is "Stephen Northcutt" who is an
incredibly amazing individual. He's been involved in every aspect of
computer life as we know it today at the foundation rule defining
levels.
I used to think I was reasonably safe behind the routers/firewalls,
and behind the OSX Server Firewalls until I began reading all the
daily vulnerability reports. In fact since I do this as a hobby now,
I shutdown all the servers the other day, and ordered a new SonicWall
TZ 180 Wireless, which supposedly will allow me to encrypt all
wireless access from my workstation or laptop at home. This course
that my wife took, and the "Sans OnDemand" stuff is really worth the
money. I used to think it would be nice to shell out the multi-
thousand dollars for Cisco, only to find out that it doesn't matter
what you have, it's all vulnerable, whether it's Cisco, SonicWall,
etc. the only hope we have is defense in depth. For those of us that
can write shell scripts, but are not in the super-guru category, the
opportunities that wrong flag or something to that effect can produce
is vulnerability issue is far too real.
When I started doing this, if you were a programmer you could make
really good money. Now that so much of the programming has gone
overseas, and everybody and their brother writes some level software,
a course like this really wakes you up to the realization that even
the average user's computer is in great peril of being used as a
parking source to robots, hackers, worms, trojans, etc. from which to
launch their attacks. I used to think my stuff was reasonably safe,
being OSX based, and after this course I can see that I've been in
the land of OZ.
I always feel like my PHD is in bufoonery, in the sense that I've
made every mistake that could possibly be made, and yet I continue
to punish myself. If I had any strength of character at all, I would
pitch the computer out the window, and go fly my little airplane.
Maybe take a short flight to Okahome, and go eat some lunch at one of
the local airports, or fly down to the Bahamas...
What a happy life I had before I bought my first TI 16
something_or_other, before the Commodore 64 and the Aplle II
computers. I can truthfully say that have sucked the very life out of
my soul, they were supposed to make life easier, supposed to help us
have more free time, huh ? OS X has made things a lot better in some
respects, and worse in others. We don't suffer crashes 3 times a day
any more, that's good...
... and cell phones ? People go on vacation, and stick an uggly
contraption in their ear so they can stay in touch with work, while
they are trying to take their kids on a ride at Disney World. Couple
of months ago one of my friends went on a Photo Safari to Africa, and
prior to leaving got a Satellite Phone to stay in touch onboard ship,
and out in the wild, and took their laptop so they could stay
connected. I thought to myself "This is insane! They better be
paying attention to the wildlife so some Lion doesn't have them for a
snack while they are keeping in touch with work.". Anyway, I thought
"Are you crazy, or what ? Why don't you just stay home, forget the
vacation, just go to work and save yourself the trouble ?" Something
is very wrong with this picture, but it's not unusual...
In my lifetime I have seen free time vanish from human existence,
except in France.
Anyway, great as the Mac has been, Apple has done a very poor job in
providing help to upgrade the ancient versions of software that come
with the OS. They install dark age versions of all kinds of things
and never seem to have a path to upgrade any of this stuff. The user
has to resort to things like FINK, etc. which puts stuff in non-
standard locations "/sw".
Even things like installing MacPorts last night. After reading the
intructions about merging the ~/.bash_profile into the ~/.profile
that MacPorts creates, I followed the instructions, merged and
deleted ~/.bash_profile and could not get the bash terminal to use
~/.profile. I restarted it terminal, and even restarted the machine
to see if that would help, and it didn't so I renamed ~/.profile back
to ~/.bash_profile and got that work. The problem is that it is not
clear where MacPorts will then expect ~/.profile to be there.
A while ago I had added as the last line in my ~/.bash_profile the
following:
echo $(curl -s http://checkip.dyndns.org/ | sed -e 's/[^0-9\.]*//
g') ; echo $( ifconfig | grep broadcast | awk '{ print $2 }')
and that was not displaying, so I knew that ~/.profile was not
loading correctly. I tried to find out where ~/.profile was specified
as the startup document and found the Terminal Preferences has a
checkbox and a field : "Open a saved .termfile when Terminal starts :
_______________" and maybe you are supposed to enter ~/.profile there.
In my opinion Apple is in a perfect position to know where
everything, and I mean EVERYTHING (pathwise, and dependency wise) is
located since they shipped it installed. So that even if they are not
going to handle the upgrades from Apache 1.3 on OSX, or Apache 2.0.52
on OSX Server, or openssl .96d, or php 4.x to the current versions,
they should have some really good instructions on how to replace and
upgrade the existing outdated versions. Shamefully they don't do
anything of the sort...
Perhaps if you are a home user with an iMac or a laptop you can get
by with Apache 1.3, (we're talking 4 or 5 years after Apache 2 became
available) but certainly if you are shelling out a bunch of money for
OSX Server, Apple should be more forthcoming. Their policy seems to
be install it and forget. The user won't notice how ancient this
stuff is, and even if they do "We'll just tell them that's not part
of the 90 day support"...
A couple of weeks ago I bought a new Intel iMacG5 and was not
surprised that they still had ancient versions of software right out
of the box...
It's hard for me to believe that Apple is totally unconcerned with
this problem. In my opinion Apple's lack of interest in maintaining
the software packages they pre-install with the OS up to date is
shameful. I do not think they should be responsible for any user
installed stuff, but they should certainly provide a way to keep
software that comes with the OS up to date, such as the software
previously mentioned...
Enough for my thoughts on this issue. I aplogize for repeating
myself, particularly in the use of the word "shameful"...
[GENERAL QUESTIONS]
So far I reformatted my primary drive, installed all the licensed
applications, downloaded MacPorts installed the following :
"SuccessFully, I might add. Yeah for the MacPorts Team"
[2007.18.05](09:08AM) -> [bhernandez] ~ $ port list installed
expat @2.0.0 textproc/expat
fontconfig @2.4.2 graphics/fontconfig
freetype @2.3.4 print/freetype
gd2 @2.0.34 graphics/gd2
jpeg @6b graphics/jpeg
libiconv @1.11 textproc/libiconv
libpng @1.2.18 graphics/libpng
ncurses @5.6 devel/ncurses
ncursesw @5.6 devel/ncursesw
openssl @0.9.8e devel/openssl
readline @5.2.001 devel/readline
rpl @1.4.0 textproc/rpl
zlib @1.2.3 archivers/zlib
[2007.18.05](09:49AM) -> [bhernandez] ~ $
Before I install (Apache2, PHP5, PostgreSQL, mySQL) I wanted to find
out if there was a preferred way of doing this ?
It seems like PHP should be last because of the --with APXS2 that
requires a path to Apache, but in this case where MacPorts knows
where everything is going to be installed anyway maybe it doesn'
matter ?
Anyway MacPorts has handled all the ugly stuff so far, and I don't
want to screw up the remaining installs....
Any ideas what variants I should use, I didn't find where the
information is stored, about what the different variants do, and
which one I should choose ?
( 1 ) iMacG5 workstation - OSX 10.4.9 (Apache 2.0.52, php, postgreSQL)
( 2 ) G4 - OSX Server 10.3.9 (This one runs a 4D WebServer)
( 3 ) G4 - OSX Server 10.4.9 (This one runs Apache 2.0.52, php,
postgreSQL)
When I use the bash terminal to find out about what options are
available for Apache2:
[2007.18.05](07:13AM) -> [bhernandez] ~ $ port variants Apache2
Apache2 has the variants:
universal
darwin
darwin_7
openbsd
openldap
preforkmpm
workermpm
eventmpm
no_startupitem
[2007.18.05](07:17AM) -> [bhernandez] ~ $
I think I've gotten completely burned out beyond help...
Best Regards,
Bill Hernandez
Plano, Texas
More information about the macports-users
mailing list