I hate it when that happens...

I had a bit of free time – and a half-day at work yesterday to boot – so I thought I’d modernise my set of hacked-up shell scripts (calling mock/createrepo/rsync+ssh) and install the all-singing & dancing Koji suite.

Now I’ve done this at work (1.2 under RHEL 5) with a fair amount of success. No problems on my slightly venerable but functional Fedora 9 server – or so I thought

(The fun that is Kerberos I’ll not go into, I do have a working KDC and other services are fine. I’d also be keen to see a day where Koji is database-independent :-P)

Packages installed OK, configuration looks good, principals look sane and added to keytabs. PostgreSQL database looks spiffy. All is well?

No such luck! Fired up kojiweb and Firefox gives me nothing. Checking the error log, it appears that httpd is an unhappy camper – it’s segfaulted.

So I tell Apache to generate some coredumps (CoreDumpDirectory) and run some gdb magic. I obtain the following enlightenment:

  • I have far too much hooked into Apache and could really do with some cleaning (auth modules in particular lightly used)
  • Something httpd did has tripped up a call to lua libraries. “bt” stops at this gem: block = (*g->frealloc)(g->ud, block, osize, nsize);
  • The only Apache module that uses lua is mod_security, which is too useful to disable. Crap – might have a chat to the fine gents @ Breach about that if I can’t find anything useful.

If anyone else has had a successful crack at Koji+ModSecurity+SELinux (if you’re running a server you do have it turned on and Enforcing, yes!?) or some insight into my problem, I’d be very keen to hear from you ? I have core dumps but they’re 50mb apiece, so I’m not going to post it here (or the backtrace, it’s quite long)

To top things off, my otherwise very useful Blackberry Storm[1] crashes occasionally with an “Error 534”. C’mon Research In Motion, make your error messages useful! Making me pine for the elegance[2] of Windows error messages is bad indeed, k?

I think I’ll avoid production equipment for a little while, I seem jinxed. *sigh*

[1] I’m not enough of a conformo to go with an iPhone and the local telco (not Telstra!) gives free BB/RIM traffic on their plans, which is an Epic Win in my book.
[2] Detect Obvious Sarcasm (y/n/duh)