General questions about install order and variants (Apache2,
PHP5, PostgreSQL, mySQL)
Bill Hernandez
ms at mac-specialist.com
Sat May 19 07:55:56 PDT 2007
On May 18, 2007, at 3:42 PM, Ryan Schmidt wrote:
Ryan,
> MacPorts is a great help here, because not only are portfiles
> already written, containing a set of configure options that are
> though to be useful, but MacPorts also keeps track of what each
> software package installed. If you want to just remove one of the
> software packages you installed with MacPorts, that's no problem,
> because it knows what files came with what ports so it can
> uninstall them safely. Also, all (well, most) of MacPorts goes
> into /opt/local, which means if you get totally screwed up, you
> just blast away /opt/local and everything (well, most of it) is
> gone, without having affected your OS in any way.
Great point. I've done this before, where things didn't install as
planned, and I just removed "/sw" and started over.
> This is sort of a side issue, but I want to say that I feel
> completely safe with Mac OS X. I have used it since Public Beta was
> made available 7 years ago, have never had any kind of antivirus
> software on it, and have never had any virus or similar malware
> appear. I'm still not aware of any that's ever been written for Mac
> OS X! Sure, there has been the occasional news article about some
> Mac malware, but you have to actively work to get it installed on
> your machine, which nobody would do. And there have been a few
> issues in Mac OS X that would make it easier for unwanted software
> to end up on your machine, but Apple releases security updates to
> patch these problems.
I became very concerned when I began reading vulnerability reports a
few weeks ago, and since I had no IDS or IPS protection, or even an
Anti-Virus program, I thought to myself "There's nothing that
important on the servers, I'll shut them down until I learn more
about this, and figure out what to do". I figured one of the weakest
links in my system was my wireless routers which I've been using with
WPA2.
A couple of weeks ago I bought a LinkSys Gigabit VPN router, and
after a couple of days decided I didn't like the software, and took
it back. The VPN routers at the store I purchase from were fairly
limited, but I did find a NetGear FVG318 Wireless which only came
with PC VPN client software. I ended up finding http://
www.equinux.com which produces a sofware product called "VPN
Tracker". I am fortunate in that the service I have at home is
Verizon FIOS 15/2 Mb with 5 public IP's, so I was able to get a VPN
connection from my workstation out to the web and back into the FVG318.
I was not able to use something like "Connect to Server..." at apf://
192.168.142.5 to access the server volumes, and ended up talking to a
very knowledgeable support guy at equinux who was most helpful.
During the conversation I mentioned my concerns with using the OSX
Server firewall without some additional dedicated firewall to help
with the defense in depth concept. He had several reasons for not
relying on the OSX firewall, said they liked SonicWall products very
much, used them at their site, and they worked extremely well with
VPN Tracker. Since I had been thinking about buying one anyway, I
went ahead and ordered a TZ 180 Wireless. I got it last night, and
compared to all the other routers I've worked with over the years,
the software is really awesome.
I am glad I spent the money. It may not help all that much more than
what I had, but I will probably sleep a little better, and it's
always fun to fiddle with new gadgets...
> I see the reason Apple does this though. New major versions of
> software frequently break things. Mac OS X 10.4.9 currently has PHP
> 4.4.4, for example, in /usr/bin/php. PHP 5.2.2 is the currently
> recommended version from the PHP group. But if Apple were to
> silently upgrade PHP to 5.2.2, some of the user's PHP scripts,
> which were written to PHP 4 standards, could break, because some
> things did change between PHP 4 and PHP 5. Apple's thought process
> is probably that the user bought the product "Mac OS X Tiger" and
> is now writing or using other software that works with that
> product. If Apple suddenly changes the composition of that product
> midstream, that's not good. It's nice for developers to be able to
> say "My product works with Mac OS X Tiger" and that's all they need
> to say, as opposed to "My product works with Mac OS X Tiger thru
> 10.4.8, but 10.4.9 broke it so please don't update yet." Then users
> would be more wary of installing system updates, and they wouldn't
> benefit from the other fixes included in that or subsequent updates.
This really makes a lot of sense. I think I've been looking at my
little problem without seeing the much bigger picture, where
reliability is king, rather than going for the latest features/bugs
combination.
The later versions of Apache2 allow access to some specific
information via PHP5 that was simply not available via Apache
2.0.52. I could have stayed with Apache 1.3, were it not for those
bits of information that were useful to me and not available in the
Apple shipped version.
I have been very successful installing all the newest versions of
Apache2 in /opt on the server, and also on my workstations. Most of
the problems have been caused by trying to install too many features
in PHP5, features that I will probably never even use. I need to be
more objective about what really needs to be installed, instead of
what I might need someday. I think minimizing all the options would
probably make life much simpler. GD2 was the one that always gave me
the biggest problems because of all the dependencies. There was
always something that wouldn't compile, probably because I was
providing incorrect configuration parameters.
> Rather, Apple seems to have a history of making major updates to
> installed packages only at paid update points, at major OS
> releases, like the upcoming "Mac OS X Leopard." If someone goes to
> the trouble of purchasing this new product and installing it from
> disc, the user can expect that they would also need to upgrade
> other software to versions compatible with this new OS product. I
> have a feeling Leopard will include PHP 5, for example, and maybe
> even Apache 2.
>
> Apple does update the installed packages more frequently if
> security concerns demand it. For example, I believe Tiger used to
> ship with PHP 4.3, but 4.4.4 must have addressed some security
> issues, so it was delivered in one of the monthly Security Updates.
They do a great job with the security updates from my vantage point.
They seem to be coming much more frequently in the recent past.
> It's safer, really. This way Fink (in /sw) and MacPorts (in /opt/
> local) are completely (mostly) isolated from the rest of the OS.
> Makes it much easier to disentangle later. If MacPorts (or you,
> manually) were to install on top of things provided by the OS, the
> OS might break in mysterious ways. Apple wouldn't be able to help
> you, because they never tried to do what you're doing. And other
> MacPorts users wouldn't be able to help you, because they don't
> know what else you've installed on your machine. Much better when
> things are cleanly separated as they are.
I think the biggest problem I had was self induced, and it was the
fact that I had tried so many different ways to install mostly via
binaries, then via source, not fully understanding about the "shared,
etc" options in the ./configure files that after a while I had
created a huge mess. Now that I have re-formatted my primary drive,
and re-installed all the standard software and utilities that I've
purchased over time, I took the opportunity to throw a lot of junk away.
I think if I stick to MacPorts most of those issues will go away, and
I can get back to programming instead of trying to manage all this
unix stuff.
I like unix a lot, and writing shell scripts that are useful is
really neat, but that's really as far as I need to get into unix.
There's a huge leap in knowledge and experience required, between
writing simple shell scripts, or doing routine maintenance work using
the terminal, and the stuff that you guys are doing at MacPorts. I
have an incredible amount of respect for those people that are able
to do that, and recognize that it "is" impossible to become an expert
in so many different areas of computing. Unfortunately because we
might quite good in some areas, we feel a deep sense of frustration
when other areas don't fall right into place.
Life is a humbling experience for sure...
> First off, Mac OS X Server has included Apache 2 for many many
> years. Granted, it's not the default, and you can't use their
> pretty GUI to configure it, but it is there and can be used.
I like using the terminal with Apache2 much better than the GUI
anyway, it allows me to troubleshoot virtual host problems, etc and
things like
[09/29/2005](9:57pm) ~ % ps aux | grep httpd
[09/29/2005](9:58pm) ~ % sudo /opt/apache2/bin/apachectl -t -D
DUMP_VHOSTS
which are not available via the GUI.
> As to the support AppleCare provides, it's not really their job to
> help you with UNIXisms. AppleCare's job is to make sure Mom can
> check her email and make a photo book to send out at Christmas,
> Billy can video chat with his friends to talk about the movie
> they're going to make to show off their skateboarding skills, and
> Dad can make an impressive Keynote presentation so he can get
> promoted to Assistant Manager. And if you've paid $1000 for Mac OS
> X Server support, then their job is to help you with server
> management tasks using Apple tools. But that's about it. UNIX
> system administration requires many more additional skills, which
> AppleCare representatives do not receive any training for and are
> therefore in no position to impart to you.
I don't bother AppleCare, except for hardware issues. A few months
ago my ImacG5 began crashing randomly so I did all the normal disk
repair, permission repair things and tried "memtest", but found
nothing wrong. I finally went to the Apple Store and they ran all
their tests, and found nothing wrong.
I eventually got tired of the crashes and put pressure on the
AppleCare Rep to replace my logic board, which they did. When the
CompUSA Tech came to my house and pulled the old logic board he
showed me a bunch of burned diodes. Replacing the logic board solved
the crashes but interestingly enough the tests, thorough as they
were didn't pick up the problems...
> Apple does keep the OS up-to-date with regular software updates,
> and they are very easy to install; just click the Install button.
> However, IMHO in order to maintain software compatibility
> throughout the life of the OS product, they don't make major
> changes to the installed packages until the next major OS release.
I love the way Apple handles all their the updates.
> Ports in MacPorts define what other ports they depend on, but the
> syntax does not at present allow it to specify what *variants* of
> that port would be ideal. So, for example, if you do not yet have
> mysql5 installed, and you install php5 +apache2 +mysql5, MacPorts
> will install apache2 and mysql5 for you first, but with the default
> set of variants. If you want to run a MySQL server, however, you
> will want to install mysql5 +server. So it would behoove you to
> install mysql5 +server first, then install php5 with the desired
> variants. Otherwise you will have to later forcibly uninstall the
> non-server mysql5 and then install mysql5 +server.
All your insights and explanations have been really nice, and you
were graceful enough to not point out that my rant was rather
moronic, and got me one step closer to my PHD in bufoonery.
I obviously was not looking at all the implications involved, and
because of my lack of understanding on how this stuff all ties
together, I made some rather foolish observations, which did not
serve me or anyone else well. In the future I will try to keep silent
and stick to technical questions.
Thanks again for taking the time to enhance my window into the world...
Very Best Regards,
Bill Hernandez
Plano, Texas
More information about the macports-users
mailing list