The Apache HTTP Server perl-framework testsuite needs a number of Perl modules in order to run. You can install those through CPAN, but on some distributions these modules have been made available through the distro packaging scheme.
This is a quick-and-dirty list of Perl-related packages that need to be installed on a vanilla Ubuntu system in order to run the perl-framework:
Ubuntu Package
Perl Module
Remarks
libcrypt-ssleay-perl
Crypt::SSLeay
libdevel-corestack-perl
Devel::CoreStack
libdevel-symdump-perl
Devel::Symdump
libdigest-md5-perl
Digest::MD5
Part of the default load
liburi-perl
URI
Part of the default load
Net::Cmd
Part of perl-modules package
MIME::Base64
Part of perl package
libhtml-tagset-perl
HTML::Tagset
Default load
libhtml-parser-perl
HTML::Parser
Default load
libhtml-parser-perl
HTML::HeadParser
Default load
libwww-perl
LWP
Default load
libipc-run3-perl
IPC::Run3
libhttp-dav-perl
HTTP::DAV
Sucks in the following libxml-dom-perl libxml-perl libxml-regexp-perl
This is how I currently build Apache httpd for development and testing.
Pre-requisites:
The Apache Portable Runtime library. I use trunk from http://svn.apache.org/repos/asf/apr/apr/trunk
The Perl-Compatible Regular Expressions library, either your own build or through your operating system. If you’re on Linux, be sure to install the -dev package as well
Once these are in place, check out the Apache source code from http://svn.apache.org/repos/asf/httpd/httpd/trunk, cd into the checkout and run ./buildconf --with-apr=/path/to/apr/source-code. Then run configure:
make and make install. This module complement is what will be exercised by the test harness. The build system will leave the last ./configure invocation in config.nice, and also install the latter under the build subdirectory when you make install. Isn’t that nice?
To run the test harness, check out http://svn.apache.org/repos/asf/httpd/test/framework/trunk. Underneath the checkout, find in Apache-Test/lib/Bundle/ApacheTest.pm a list of the Perl modules you need. A number of these will already be on your system. Get what you don’t have from CPAN or your package manager. Also, install HTTP::DAV and its dependencies which is not on the list but needed to exercise mod_dav. Then run:
Note your skips and failures. Add Apache modules and Perl modules if you find the list above out of date. Then make your changes to Apache, rebuild and run t/TEST again. If your new build is in a different installation root, run make realclean in the framework and set it up again. When your changes to Apache (no longer) cause any tests to fail, propose the change to dev@httpd.apache.org. If you add new functionality, add new tests. That’s all. Easy.
We’ll be doing a PGP Keysigning Session at ApacheCon. If you would like to participate, check out http://wiki.apache.org/apachecon/PgpKeySigning and make sure to mail me your public key before the end of today, Wednesday.
Get Apache HTTP Server building again on Gump (which involves losing the dependency on the Apache Portable Runtime Utility library, which was folded into APR proper)
Get @pgollucci what he needs on clarus.apache.org, and work on the future of that box
Talk about Apache 2.4, and what is still needed to get that out the door. Then, maybe start talking about figuring out what 3.0 is going to be like
Prepare for the Keysigning — which may mean creating a new PGP key
Prepare for my presentation on Thursday
Do some httpd hacking. Perhaps pull in the ECC patch that has been sitting in Bugzilla
The The Web Hacking Incidents Database 2009: Bi-Annual Report is out. If I recall correctly, the first report Breach did, in 2007, did not mention any bi-annualness. Also, the eventual landing page has as HTML title “<title>The Web Hacking Incidents Database 2008: Annual Report</title>”. Is it possible that they simply didn’t get their act together last year and retroactively declared the report bi-annual?
I went in through the link above, gave up my e-mail, phone number and name of my first born, and downloaded the report. This will probably land me another copy of every marketing e-mail Breach sends out (guess how I learned of this report?), and a phone call from some poor guy in a cube who has to make 75 phone calls a day for a living. Oops, guess I put down a fax number. Sorry dude, hope your headset isn’t too loud.
Anyway, after you go though the lead generation form you land here and can follow a direct link to the PDF. This is fairly standard practice, but from a security company I would expect that they would make some more effort to not inadvertedly expose the goods.
Looks like this was my first message to an Apache mailinglist: a suggestion on how to build a recently enhanced ApacheBench on systems that (unlike Mac OS X) don’t have the Math library linked in together with the C library (or libSystem.dylib, as the case may be).
I run a VMWare Server 2.0 installation so I can test Apache and other things on a wide variety of operating systems. Recently, I’ve been fighting to send Ctrl-Alt-Delete to the remote console of a VM from my Ubuntu workstation… some operating systems work better with Ctrl-Alt-Delete, but the moment you press Ctrl-Alt the console releases input focus. On a Windows client, you use Ctrl-Alt-Insert because the local operating system will catch the real thing.
It turns out you are to press the Del key on the numeric keypad, not on your main keyboard, to send the key combo to the console. I’m blogging this so the LazyWeb learns of it, and when next I forget I can Google for my own post.
VMWare Server rocks: the price is more than right, which allows me to do my Open Source work without paying Closed Source prices. And that in turn benefits VMWare because some of their stuff is clearly based on Apache Software Foundation projects.
At the end of my conference presentations, I usually put a Conference Roadmap slide. This slide shows sessions at the conference that are related to mine, and that attendees may find worth while to check out. For my Hardening Enterprise Apache Installations session this coming Thursday, I would suggest the following related conference content:
Besides the training (which happened on Monday), this means that you can pretty much stay in the same room all Thursday and catch all the Security-related talks. In addition, of course, this track will be streamed live for a modest fee, so you can watch from the comfort of your own office if you find yourself unable to make it to ApacheCon this year.
This is the Next Generation Brass Band in New Orleans, celebrating Barack Obama’s presidential election victory on the corner of Bourbon Street in New Orleans.
This was more fun than all the Bourbon Street craziness combined.
