Questions on how to upgrade Apache

Brian Inglis Brian.Inglis@SystematicSw.ab.ca
Fri Apr 9 14:46:22 GMT 2021


On 2021-04-09 05:59, Brian S. Wilson via Cygwin wrote:
> 
>>> I got a question for you all. Our cyber security team is yelling at us 
> to update Apache from 2.4.39 to 2.4.46.
>> If that website is customer-facing, your cyber security team and your
>> ops team should be yelling at you for running Apache on Cygwin.
>>
>> If you want to run Apache on Windows, you would be much better served
>> by native Apache builds (as others have suggested) -
>> http://httpd.apache.org/docs/current/platform/windows.html#down
>>
>> Csaba
> 
> In the past, I've used the Cygwin Apache instance for local testing when no 
> Linux systems were available (i.e. old Windows hardware was all that was 
> immediately available).  It gave us a good Posix like environment and allowed us 
> to test the effects of various configurations with greater freedom, control, and 
> much faster than we would otherwise have had if we were forced to go through the 
> corporate bureaucracy and wait for web administrators, System Admins, 
> purchaseing, setup, configuration, and networking of a real or virtual system 
> (at that time Docker wasn't available to us either).
> 
> Windows based Apache installations are a good choice when possible, but they are 
> not always the same as their Linux/Posix counterparts and if you are not 
> concerned with the speed of execution (and you have only Windows based hardware 
> available); but just with testing functionality, Cygwin offered a great way to 
> setup a compatible environment with an Apache server.

Sounds like you might as well use another server as try to run Windows Apache, 
as it appears it may be limited, you may have issues getting it to run 
similarly, and you will still have to change the config.

It may be easier for you to migrate your configuration to a WSL, VM, or server 
Linux Apache install than any alternative.

You may want to first try installing cygport and the apache source package, and 
try to build 2.4.39 as is, using cygport from the directory containing the .cygport:

	$ cygport httpd.cygport download all check

then if that succeeds, bump the version in the .cygport to 2.4.46, and rerun.

If you have some local Linux expertise, they can probably help you with any 
difficulties you may encounter, and you can post to this list.

For a new release, you may also have to reconsider the patches to be applied for 
the new version, available like the originals from the Fedora package repo for 
the current version, see:

https://cygwin.com/git-cygwin-packages/?p=git/cygwin-packages/httpd.git;a=blob;f=httpd.cygport

linking to:

https://src.fedoraproject.org/rpms/httpd/tree/main

Get those who are yelling at you to put their effort where their mouths are, by 
explaining and helping you to decide, which patches you need to apply to the new 
version and why, and/or mitigations they or you may want to put in place.

The big mouths are yelling at you as it is easier for them if you do their jobs 
for them by upgrading, than explaining the mitigations they have to put in 
place, and those you have to make, to continue running your current version.

An effective tactic for dealing with such big mouths is to explain to your boss 
what you are using Apache for, why you are using the Cygwin package of it, the 
effort and impact of you working on upgrading Cygwin, or migrating to a 
different web server including Windows Apache, and what that means in terms of 
your group goals.

Then have a meeting with the big mouths and their boss, so your boss can explain 
the impact to their boss, and ask what the big mouths can do to mitigate the 
current situation, and ask what they can do to help you to move the situation 
forward.

If they want you to migrate to their supported web server, ask them to provide 
resources to replicate your current configuration features in their environment, 
so you can limit the time you and your group have to waste on the migration.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]


More information about the Cygwin mailing list