Package dependency between virtualmin-base and apache2-doc

On Debian GNU/Linux, the package virtualmin-base has a dependency set to package apache2-doc. As a consequence, it is not possible to remove apache2-doc with standard commands such as apt-get remove apache2-doc (this would uninstall Virtualmin, too).

However, apache-doc is not really required and in our case, it has been reported as a minor issue during a security audit on our server (if I agree with that or not is not relevant) :-)

# dpkg -s virtualmin-base
Package: virtualmin-base
Status: install ok installed
Priority: optional
Section: misc
Installed-Size: 76
Maintainer: Joe Cooper
Architecture: all
Version: 1.0-36.1
Depends: bind9, spamassassin, spamc, procmail, libnet-ssleay-perl, libpg-perl, libdbd-pg-perl, libdbd-mysql-perl, quota, iptables, openssl, python, mailman, subversion, ruby, irb, rdoc, ri, mysql-server, mysql-client, mysql-common, postgresql, postgresql-client, awstats, webalizer, dovecot-common, dovecot-imapd, dovecot-pop3d, proftpd, webmin (>= 1.346), usermin, webmin-virtual-server, libcrypt-ssleay-perl, webmin-virtual-server-theme, webmin-virtualmin-dav, webmin-virtualmin-svn, webmin-virtualmin-awstats, webmin-virtualmin-mailman, webmin-virtualmin-htpasswd, clamav-base, clamav-daemon, clamav, clamav-data, clamav-freshclam, clamav-docs, clamav-testfiles, libapache2-mod-fcgid, scponly, apache2, apache2-doc, libapache2-svn, libsasl2-2, libsasl2-modules, sasl2-bin, usermin-virtual-server-theme, procmail-wrapper, php-pear, php5, php5-cgi, webmin-security-updates, libgd2-xpm
Description: Meta-package that depends on all of the appropriate packages for hosting with Virtualmin.



Howdy -- hmm, I was thinking we were trying to remove most of those dependencies from that package... and the previous version of virtualmin-base does have those removed (1.0.35).

However, for some odd reason, they're in there in the most recent version (1.0.36)

That may be a mistake, I'll talk to Joe about that and figure out why that is.

I can see that in 1.0.37, the dependencies are gone. Fantastic!

One question remains: we have a Debian 8 Jessie server, which has package virtualmin-base version 1.0.37 installed. We also have a Debian 7 Wheezy server, which features version 1.0.36. I suspect it's a stupid question (and even off-topic) - but what is the recommended way of updating 1.0.36 to 1.0.37?

I have assumed, this happens automatically when I run apt-get update ; apt-get upgrade, but this is telling my, no updates are available.

Many Thanks!

Which architecture are you using on Debian 7, i386 or amd64?

And is this Virtualmin Pro or GPL?

The Debian 7 instance is an amd64 machine running Virtualmin GPL. Details as follows:

# cat /etc/debian_version

# uname -a
Linux metis 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u1 x86_64 GNU/Linux

# apt-show-versions virtualmin-base
virtualmin-base/virtualmin-wheezy uptodate 1.0-36.1

# apt-show-versions webmin-virtual-server
webmin-virtual-server/virtualmin-universal uptodate 4.18.gpl

# apt-get upgrade | tail -1
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

# cat /etc/apt/sources.list | grep virtualmin
deb virtualmin-wheezy main
deb virtualmin-universal main

Thanks for your feedback and any advice.

Okay, reviewing that, it does indeed look like virtualmin-base does not exist on Debian 7.

I suspect that's because Joe was concerned that vastly changing the dependencies of virtualmin-base for existing installs risked introducing some troubles.

I think what he did is only roll that new version out for new installations; which, at the time, was Debian 8 and probably Ubuntu 14.04.

If you're really eager to see that on Debian 7, it may work to grab the version for Debian 8, and install that onto Debian 7. However, I'm not sure about that, and you'd definitely want to test it first on a test server.

You'd also want to be sure to never run the apt "autoremove", as it could end up removing quite a bit of important components.

Many thanks for your feedback. It's much appreciated!

I will leave virtualmin-base version 1.0-36 on Debian 7 as it stands and live with the dependencies. The main reason for reporting the dependency issue initially was the fact that apache-docs popped up during a security audit on our server. I decided to disable this in the Apache config:

vi /etc/apache2/conf.d/apache2-doc

This approach is much simpler, more stable and less error-prone than messing around with packages on a production server :-)

Thanks again. I am happy if we change the status of this issue to "closed" if you agree.


I have the same issue. /manual alias is reported as a minor issue by a security report but I can't find the declaration of this alias into apache conf. Do you have any idea how I can remove it ? The folder /etc/apach2/conf.d is not existing on my installation. I'm running Virtualmin 5.05.gpl GPL on Debian Linux 8.6.

Thanks for your help.


What you may want to do is just remove the /manual alias from Apache.

I don't know where that is stored either, but what you can do to find it is run this command:

find /etc/apache2 | xargs grep manual 2>/dev/null

Thanks for the command. This help me to find out the alias was declared into the /etc/apache2/conf-available/apache2-doc.conf file.