2

I need to upgrade Apache httpd on a legacy Centos 5 32-bit machine that is running on production. Since all the official repo versions are outdated, I am trying to compile it in a docker container; but that seems to fail due to various reasons:

1) It complains about old PCRE version:

util_pcre.c:128: error: 'PCRE_DUPNAMES' undeclared (first use in this function)

I patched it by adding the proper value to the pcre.h just to see where it goes ...

2) Then it complains about some feature in flex that is not present in the installed version:

"/usr/src/httpd-2.4.43/server/util_expr_scan.l", line 32: unrecognized %option: reentrant
"/usr/src/httpd-2.4.43/server/util_expr_scan.l", line 33: unrecognized %option: bison-bridge
flex: could not create

I think I am trying to solve a difficult problem so what alternatives do I have?

Is it fine to statically compile httpd in a Centos 7.x and run it in Centos 5.x machine? Are there any caveats in doing so? The other option is to compile everything from scratch on Centos 5.x, but that seems like some task :)

Upgrading the httpd machine is getting push-back's - can someone please advice a workable solution?

Nishant
  • 265
  • 3
  • 5
  • 11
  • 4
    Anything other than upgrading this to a supported version of the OS is a bad idea. Whatever the fears are for upgrading a system, they should be doubly so for upgrading the service it runs in a completely nonstandard way by hand editing and patching into header files. –  May 27 '20 at 14:29

2 Answers2

3

OS must be upgraded. Doing so once a decade or so is the minimum to maintain these general purpose LTS operating systems. Not doing so is irresponsible, as end of life CentOS 5 has unpatched security vulnerabilities. Adding compensating security controls for vulnerable software is more work than upgrading it.

You need a httpd major upgrade for other reasons. This already is a bit of a project to read the release notes, tweak the configuration, and test.

Compiling from source adds to the work: building, installing, and maintaining. While you of course are free to do so, you are not going to be as quick or as well tested as the EL httpd builds. And your own builds do not improve the technical debt of not upgrading the OS.

So configure a web server on CentOS 8, test, and cut over.

If this cannot work, keep your upgraded host, but confine the legacy software. Such as in a container. And start a project to properly upgrade or replace it.

John Mahowald
  • 30,009
  • 1
  • 17
  • 32
1

You should be aware of security implications over running such outdated version of CentOS, I'm not gonna go over that, if you're doing it out of laziness please follow @John Mahowald's recommendations.

Now, if you compile a static httpd on a newer Linux box it will run on your old CentOS, yet keep in mind that the compiled httpd binary alone is just a part of it, there are plenty of additional files to be anything close to regular, take the apachectl command as an example, or external libs which might be requested from your httpd.conf.

Also when you compile a newer version of apache it usually sets the effective prefix to /usr/local, so unless you've build the PREFIX=/ you brand new binary will expect apache configuration files from /usr/local/etc/httpd instead of /etc/httpd, and so on for all related files.

Possibly the easiest way on your situation would be building the entire static binary, then scp the whole source-code directory onto CentOS 5 and from there run make install from there all files will be installed where they're expected, according to your ./configure's effective prefix.

Carlos Lint
  • 31
  • 1
  • That is a good point. But for such hacky solutions, why do we even need `make install`? Isn't it safe to just `make` and run it from the *path* itself? Corrupting the system is even more dangerous no? – Nishant May 28 '20 at 07:43