Hanno Böck commited on 2007-10-22 18:57:16
Zeige 5 geänderte Dateien mit 734 Einfügungen und 0 Löschungen.
... | ... |
@@ -0,0 +1,17 @@ |
1 |
+AUX apache-noip.diff 417 RMD160 8e16f7ff130cea52449a25aafbbdeb78919d9eae SHA1 7c19a0236e4eff23bee6e69ee6708a24529a974c SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc |
|
2 |
+MD5 a3ccaa61507918e64dc5fd378e14a5e7 files/apache-noip.diff 417 |
|
3 |
+RMD160 8e16f7ff130cea52449a25aafbbdeb78919d9eae files/apache-noip.diff 417 |
|
4 |
+SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc files/apache-noip.diff 417 |
|
5 |
+AUX httpd-2.2.x-sni.patch 6814 RMD160 6b0d89967041e1e8440559e35d369bd5e6be7d78 SHA1 c9ae8da2b43b2c9101bb2dda5f49f7f322b5f264 SHA256 b7db9f582891e138cec18b5a79c91b9e108fa34f92d63f2c6f31b64282d219d6 |
|
6 |
+MD5 2c3073c4fd1543a40064dcbd192ef8ce files/httpd-2.2.x-sni.patch 6814 |
|
7 |
+RMD160 6b0d89967041e1e8440559e35d369bd5e6be7d78 files/httpd-2.2.x-sni.patch 6814 |
|
8 |
+SHA256 b7db9f582891e138cec18b5a79c91b9e108fa34f92d63f2c6f31b64282d219d6 files/httpd-2.2.x-sni.patch 6814 |
|
9 |
+DIST gentoo-apache-2.2.6-20070907.tar.bz2 58121 RMD160 d0e5f55a8985f97fcdf646e04d92f6519f968104 SHA1 f9fd830bfb8e6c6e3cbac9d8342cc981032d20c5 SHA256 56f809f93fdcba204e6be271f195095d8ad033aa61447dab607af91d95cde8e6 |
|
10 |
+DIST httpd-2.2.6.tar.bz2 4717066 RMD160 5ae895c6898213e1e3b7e7b02cdfcbe5b36a108f SHA1 e6ef926ecd1f9a412af8c266239f0a6f58c63854 SHA256 f27cd9df50a2acd9df8f37520f62f6ce51758689d425ead5883e75ff5ed6548c |
|
11 |
+EBUILD apache-2.2.6.ebuild 15453 RMD160 e91b37aa8c558d3ae0c3ca46a6e0523576ecdfed SHA1 6cff894f8e0279cd0be5085c19cf5d86ea581325 SHA256 c6b19e9f316371469c892cd6b29f09d510429337fabff6101487ebbadc6633a8 |
|
12 |
+MD5 27eb2562520dc87271850accd3afe649 apache-2.2.6.ebuild 15453 |
|
13 |
+RMD160 e91b37aa8c558d3ae0c3ca46a6e0523576ecdfed apache-2.2.6.ebuild 15453 |
|
14 |
+SHA256 c6b19e9f316371469c892cd6b29f09d510429337fabff6101487ebbadc6633a8 apache-2.2.6.ebuild 15453 |
|
15 |
+MD5 bf89379d611a34d10b6e0a55eee69f9b files/digest-apache-2.2.6 527 |
|
16 |
+RMD160 77f2fce54301244724ec61c4a3e0b96dc7106b33 files/digest-apache-2.2.6 527 |
|
17 |
+SHA256 69de15f758686c7f7977e0b75dd988e247162fb97fb394be4efe40997a53e308 files/digest-apache-2.2.6 527 |
... | ... |
@@ -0,0 +1,483 @@ |
1 |
+# Copyright 1999-2007 Gentoo Foundation |
|
2 |
+# Distributed under the terms of the GNU General Public License v2 |
|
3 |
+# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.6.ebuild,v 1.11 2007/09/25 14:31:47 armin76 Exp $ |
|
4 |
+ |
|
5 |
+inherit eutils flag-o-matic multilib autotools |
|
6 |
+ |
|
7 |
+# latest gentoo apache files |
|
8 |
+GENTOO_PATCHNAME="gentoo-${PF}" |
|
9 |
+GENTOO_PATCHSTAMP="20070907" |
|
10 |
+GENTOO_DEVSPACE="hollow" |
|
11 |
+GENTOO_PATCHDIR="${WORKDIR}/${GENTOO_PATCHNAME}" |
|
12 |
+ |
|
13 |
+DESCRIPTION="The Apache Web Server." |
|
14 |
+HOMEPAGE="http://httpd.apache.org/" |
|
15 |
+SRC_URI="mirror://apache/httpd/httpd-${PV}.tar.bz2 |
|
16 |
+ http://dev.gentoo.org/~${GENTOO_DEVSPACE}/dist/apache/${GENTOO_PATCHNAME}-${GENTOO_PATCHSTAMP}.tar.bz2" |
|
17 |
+ |
|
18 |
+# some helper scripts are apache-1.1, thus both are here |
|
19 |
+LICENSE="Apache-2.0 Apache-1.1" |
|
20 |
+SLOT="2" |
|
21 |
+KEYWORDS="alpha amd64 ~arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd" |
|
22 |
+IUSE="debug doc ldap mpm-event mpm-itk mpm-peruser mpm-prefork mpm-worker no-suexec selinux ssl static-modules threads" |
|
23 |
+ |
|
24 |
+DEPEND="dev-lang/perl |
|
25 |
+ =dev-libs/apr-1* |
|
26 |
+ =dev-libs/apr-util-1* |
|
27 |
+ dev-libs/expat |
|
28 |
+ dev-libs/libpcre |
|
29 |
+ sys-libs/zlib |
|
30 |
+ ldap? ( =net-nds/openldap-2* ) |
|
31 |
+ selinux? ( sec-policy/selinux-apache ) |
|
32 |
+ ssl? ( dev-libs/openssl ) |
|
33 |
+ !=www-servers/apache-1* |
|
34 |
+ !=app-admin/apache-tools-2.2.4-r2" |
|
35 |
+ |
|
36 |
+RDEPEND="${DEPEND} |
|
37 |
+ app-misc/mime-types" |
|
38 |
+ |
|
39 |
+PDEPEND="~app-admin/apache-tools-${PV}" |
|
40 |
+ |
|
41 |
+S="${WORKDIR}/httpd-${PV}" |
|
42 |
+ |
|
43 |
+pkg_setup() { |
|
44 |
+ if use ldap && ! built_with_use 'dev-libs/apr-util' ldap ; then |
|
45 |
+ eerror "dev-libs/apr-util is missing LDAP support. For apache to have" |
|
46 |
+ eerror "ldap support, apr-util must be built with the ldap USE-flag" |
|
47 |
+ eerror "enabled." |
|
48 |
+ die "ldap USE-flag enabled while not supported in apr-util" |
|
49 |
+ fi |
|
50 |
+ |
|
51 |
+ # Select the default MPM module |
|
52 |
+ MPM_LIST="event itk peruser prefork worker" |
|
53 |
+ for x in ${MPM_LIST} ; do |
|
54 |
+ if use mpm-${x} ; then |
|
55 |
+ if [[ "x${mpm}" == "x" ]] ; then |
|
56 |
+ mpm=${x} |
|
57 |
+ elog |
|
58 |
+ elog "Selected MPM: ${mpm}" |
|
59 |
+ elog |
|
60 |
+ else |
|
61 |
+ eerror "You have selected more then one mpm USE-flag." |
|
62 |
+ eerror "Only one MPM is supported." |
|
63 |
+ die "more then one mpm was specified" |
|
64 |
+ fi |
|
65 |
+ fi |
|
66 |
+ done |
|
67 |
+ |
|
68 |
+ if [[ "x${mpm}" == "x" ]] ; then |
|
69 |
+ if use threads ; then |
|
70 |
+ mpm=worker |
|
71 |
+ elog |
|
72 |
+ elog "Selected default threaded MPM: ${mpm}"; |
|
73 |
+ elog |
|
74 |
+ else |
|
75 |
+ mpm=prefork |
|
76 |
+ elog |
|
77 |
+ elog "Selected default MPM: ${mpm}"; |
|
78 |
+ elog |
|
79 |
+ fi |
|
80 |
+ fi |
|
81 |
+ |
|
82 |
+ # setup apache user and group |
|
83 |
+ enewgroup apache 81 |
|
84 |
+ enewuser apache 81 -1 /var/www apache |
|
85 |
+ |
|
86 |
+ if ! use no-suexec ; then |
|
87 |
+ elog |
|
88 |
+ elog "You can manipulate several configure options of suexec" |
|
89 |
+ elog "through the following environment variables:" |
|
90 |
+ elog |
|
91 |
+ elog " SUEXEC_SAFEPATH: Default PATH for suexec (default: /usr/local/bin:/usr/bin:/bin)" |
|
92 |
+ elog " SUEXEC_LOGFILE: Path to the suexec logfile (default: /var/log/apache2/suexec_log)" |
|
93 |
+ elog " SUEXEC_CALLER: Name of the user Apache is running as (default: apache)" |
|
94 |
+ elog " SUEXEC_DOCROOT: Directory in which suexec will run scripts (default: /var/www)" |
|
95 |
+ elog " SUEXEC_MINUID: Minimum UID, which is allowed to run scripts via suexec (default: 1000)" |
|
96 |
+ elog " SUEXEC_MINGID: Minimum GID, which is allowed to run scripts via suexec (default: 100)" |
|
97 |
+ elog " SUEXEC_USERDIR: User subdirectories (like /home/user/html) (default: public_html)" |
|
98 |
+ elog " SUEXEC_UMASK: Umask for the suexec process (default: 077)" |
|
99 |
+ elog |
|
100 |
+ fi |
|
101 |
+} |
|
102 |
+ |
|
103 |
+src_unpack() { |
|
104 |
+ unpack ${A} |
|
105 |
+ cd "${S}" |
|
106 |
+ epatch "${FILESDIR}/apache-noip.diff" |
|
107 |
+ epatch "${FILESDIR}/httpd-2.2.x-sni.patch" |
|
108 |
+ |
|
109 |
+ # Use correct multilib libdir in gentoo patches |
|
110 |
+ sed -i -e "s:/usr/lib:/usr/$(get_libdir):g" \ |
|
111 |
+ "${GENTOO_PATCHDIR}"/{conf/httpd.conf,init/*,patches/config.layout} \ |
|
112 |
+ || die "libdir sed failed" |
|
113 |
+ |
|
114 |
+ #### Patch Organization |
|
115 |
+ # 00-19 Gentoo specific (00_all_some-title.patch) |
|
116 |
+ # 20-39 Additional MPMs (20_all_${MPM}_some-title.patch) |
|
117 |
+ # 40-59 USE-flag based (40_all_${USE}_some-title.patch) |
|
118 |
+ # 60-79 Version specific (60_all_${PV}_some-title.patch) |
|
119 |
+ # 80-99 Security patches (80_all_${PV}_cve-####-####.patch) |
|
120 |
+ |
|
121 |
+ epatch "${GENTOO_PATCHDIR}"/patches/*.patch |
|
122 |
+ |
|
123 |
+ # setup the filesystem layout config |
|
124 |
+ cat "${GENTOO_PATCHDIR}"/patches/config.layout >> "${S}"/config.layout || \ |
|
125 |
+ die "Failed preparing config.layout!" |
|
126 |
+ sed -i -e "s:version:${PF}:g" "${S}"/config.layout |
|
127 |
+ |
|
128 |
+ # patched-in MPMs need the build environment rebuilt |
|
129 |
+ sed -i -e '/sinclude/d' configure.in |
|
130 |
+ AT_GNUCONF_UPDATE=yes AT_M4DIR=build eautoreconf |
|
131 |
+} |
|
132 |
+ |
|
133 |
+src_compile() { |
|
134 |
+ local modtype="shared" myconf="" |
|
135 |
+ cd "${S}" |
|
136 |
+ |
|
137 |
+ # Instead of filtering --as-needed (bug #128505), append --no-as-needed |
|
138 |
+ # Thanks to Harald van Dijk |
|
139 |
+ append-ldflags -Wl,--no-as-needed |
|
140 |
+ |
|
141 |
+ # peruser MPM debugging with -X is nearly impossible |
|
142 |
+ use mpm-peruser && use debug && append-flags -DMPM_PERUSER_DEBUG |
|
143 |
+ |
|
144 |
+ use static-modules && modtype="static" |
|
145 |
+ select_modules_config || die "determining modules failed" |
|
146 |
+ |
|
147 |
+ if use ldap ; then |
|
148 |
+ mods="${mods} ldap authnz_ldap" |
|
149 |
+ myconf="${myconf} --enable-authnz-ldap=${modtype} --enable-ldap=${modtype}" |
|
150 |
+ fi |
|
151 |
+ |
|
152 |
+ if use threads || use mpm-worker || use mpm-event; then |
|
153 |
+ mods="${mods} cgid" |
|
154 |
+ myconf="${myconf} --enable-cgid=${modtype}" |
|
155 |
+ else |
|
156 |
+ mods="${mods} cgi" |
|
157 |
+ myconf="${myconf} --enable-cgi=${modtype}" |
|
158 |
+ fi |
|
159 |
+ |
|
160 |
+ if use ssl; then |
|
161 |
+ mods="${mods} ssl" |
|
162 |
+ myconf="${myconf} --with-ssl=/usr --enable-ssl=${modtype}" |
|
163 |
+ fi |
|
164 |
+ |
|
165 |
+ # Only build suexec with USE=-no-suexec |
|
166 |
+ if use no-suexec ; then |
|
167 |
+ myconf="${myconf} --disable-suexec" |
|
168 |
+ else |
|
169 |
+ myconf="${myconf} --with-suexec-safepath=${SUEXEC_SAFEPATH:-/usr/local/bin:/usr/bin:/bin}" |
|
170 |
+ myconf="${myconf} --with-suexec-logfile=${SUEXEC_LOGFILE:-/var/log/apache2/suexec_log}" |
|
171 |
+ myconf="${myconf} --with-suexec-bin=/usr/sbin/suexec" |
|
172 |
+ myconf="${myconf} --with-suexec-userdir=${SUEXEC_USERDIR:-public_html}" |
|
173 |
+ myconf="${myconf} --with-suexec-caller=${SUEXEC_CALLER:-apache}" |
|
174 |
+ myconf="${myconf} --with-suexec-docroot=${SUEXEC_DOCROOT:-/var/www}" |
|
175 |
+ myconf="${myconf} --with-suexec-uidmin=${SUEXEC_MINUID:-1000}" |
|
176 |
+ myconf="${myconf} --with-suexec-gidmin=${SUEXEC_MINGID:-100}" |
|
177 |
+ myconf="${myconf} --with-suexec-umask=${SUEXEC_UMASK:-077}" |
|
178 |
+ myconf="${myconf} --enable-suexec=${modtype}" |
|
179 |
+ mods="${mods} suexec" |
|
180 |
+ fi |
|
181 |
+ |
|
182 |
+ # econf overwrites the stuff from config.layout, so we have to put them into |
|
183 |
+ # our myconf line too |
|
184 |
+ |
|
185 |
+ econf \ |
|
186 |
+ --includedir=/usr/include/apache2 \ |
|
187 |
+ --libexecdir=/usr/$(get_libdir)/apache2/modules \ |
|
188 |
+ --datadir=/var/www/localhost \ |
|
189 |
+ --sysconfdir=/etc/apache2 \ |
|
190 |
+ --localstatedir=/var \ |
|
191 |
+ --with-mpm=${mpm} \ |
|
192 |
+ --with-perl=/usr/bin/perl \ |
|
193 |
+ --with-expat=/usr \ |
|
194 |
+ --with-z=/usr \ |
|
195 |
+ --with-apr=/usr \ |
|
196 |
+ --with-apr-util=/usr \ |
|
197 |
+ --with-pcre=/usr \ |
|
198 |
+ --with-port=80 \ |
|
199 |
+ --with-program-name=apache2 \ |
|
200 |
+ --enable-layout=Gentoo \ |
|
201 |
+ $(use_enable debug maintainer-mode) \ |
|
202 |
+ $(use_enable debug exception-hook) \ |
|
203 |
+ ${myconf} ${MY_BUILTINS} || die "econf failed!" |
|
204 |
+ |
|
205 |
+ sed -i -e 's:apache2\.conf:httpd.conf:' include/ap_config_auto.h |
|
206 |
+ |
|
207 |
+ emake || die "emake failed" |
|
208 |
+} |
|
209 |
+ |
|
210 |
+src_install () { |
|
211 |
+ emake DESTDIR="${D}" install || die "emake install failed" |
|
212 |
+ |
|
213 |
+ # This is a mapping of module names to the -D options in APACHE2_OPTS |
|
214 |
+ # Used for creating optional LoadModule lines |
|
215 |
+ mod_defines=" |
|
216 |
+ authnz_ldap:AUTH_LDAP |
|
217 |
+ cache:CACHE |
|
218 |
+ dav:DAV |
|
219 |
+ dav_fs:DAV |
|
220 |
+ dav_lock:DAV |
|
221 |
+ disk_cache:CACHE |
|
222 |
+ file_cache:CACHE |
|
223 |
+ info:INFO |
|
224 |
+ ldap:LDAP |
|
225 |
+ mem_cache:CACHE |
|
226 |
+ proxy:PROXY |
|
227 |
+ proxy_ajp:PROXY |
|
228 |
+ proxy_balancer:PROXY |
|
229 |
+ proxy_connect:PROXY |
|
230 |
+ proxy_http:PROXY |
|
231 |
+ ssl:SSL |
|
232 |
+ status:INFO |
|
233 |
+ suexec:SUEXEC |
|
234 |
+ userdir:USERDIR |
|
235 |
+ " |
|
236 |
+ |
|
237 |
+ # create our LoadModule lines |
|
238 |
+ if ! use static-modules ; then |
|
239 |
+ load_module="" |
|
240 |
+ moddir="${D}/usr/$(get_libdir)/apache2/modules" |
|
241 |
+ for m in $(echo ${mods}|tr ' ' '\n'|sort -u) ; do |
|
242 |
+ endid="no" |
|
243 |
+ |
|
244 |
+ if [[ -e "${moddir}/mod_${m}.so" ]] ; then |
|
245 |
+ for def in ${mod_defines} ; do |
|
246 |
+ if [[ "${m}" == "${def%:*}" ]] ; then |
|
247 |
+ load_module="${load_module}\n<IfDefine ${def#*:}>" |
|
248 |
+ endid="yes" |
|
249 |
+ fi |
|
250 |
+ done |
|
251 |
+ load_module="${load_module}\nLoadModule ${m}_module modules/mod_${m}.so" |
|
252 |
+ if [[ "${endid}" == "yes" ]] ; then |
|
253 |
+ load_module="${load_module}\n</IfDefine>" |
|
254 |
+ fi |
|
255 |
+ fi |
|
256 |
+ done |
|
257 |
+ fi |
|
258 |
+ sed -i -e "s:%%LOAD_MODULE%%:${load_module}:" \ |
|
259 |
+ "${GENTOO_PATCHDIR}"/conf/httpd.conf || die "sed failed" |
|
260 |
+ |
|
261 |
+ # Install our configuration files |
|
262 |
+ insinto /etc/apache2 |
|
263 |
+ doins docs/conf/magic |
|
264 |
+ doins -r "${GENTOO_PATCHDIR}"/conf/* |
|
265 |
+ insinto /etc/logrotate.d |
|
266 |
+ newins "${GENTOO_PATCHDIR}"/scripts/apache2-logrotate apache2 |
|
267 |
+ |
|
268 |
+ # generate a sane default APACHE2_OPTS |
|
269 |
+ APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D LANGUAGE" |
|
270 |
+ use doc && APACHE2_OPTS="${APACHE2_OPTS} -D MANUAL" |
|
271 |
+ use ssl && APACHE2_OPTS="${APACHE2_OPTS} -D SSL -D SSL_DEFAULT_VHOST" |
|
272 |
+ use no-suexec || APACHE2_OPTS="${APACHE2_OPTS} -D SUEXEC" |
|
273 |
+ |
|
274 |
+ sed -i -e "s:APACHE2_OPTS=\".*\":APACHE2_OPTS=\"${APACHE2_OPTS}\":" \ |
|
275 |
+ "${GENTOO_PATCHDIR}"/init/apache2.confd || die "sed failed" |
|
276 |
+ |
|
277 |
+ newconfd "${GENTOO_PATCHDIR}"/init/apache2.confd apache2 |
|
278 |
+ newinitd "${GENTOO_PATCHDIR}"/init/apache2.initd apache2 |
|
279 |
+ |
|
280 |
+ # Link apache2ctl to the init script |
|
281 |
+ dosym /etc/init.d/apache2 /usr/sbin/apache2ctl |
|
282 |
+ |
|
283 |
+ # provide symlinks for all the stuff we no longer rename, bug 177697 |
|
284 |
+ for i in suexec apxs; do |
|
285 |
+ dosym /usr/sbin/${i} /usr/sbin/${i}2 |
|
286 |
+ done |
|
287 |
+ |
|
288 |
+ # Install some thirdparty scripts |
|
289 |
+ exeinto /usr/sbin |
|
290 |
+ for i in apache2logserverstatus apache2splitlogfile ; do |
|
291 |
+ doexe "${GENTOO_PATCHDIR}"/scripts/${i} |
|
292 |
+ done |
|
293 |
+ use ssl && doexe "${GENTOO_PATCHDIR}"/scripts/gentestcrt.sh |
|
294 |
+ |
|
295 |
+ # Install some documentation |
|
296 |
+ dodoc ABOUT_APACHE CHANGES LAYOUT README README.platforms VERSIONING |
|
297 |
+ dodoc "${GENTOO_PATCHDIR}"/docs/* |
|
298 |
+ |
|
299 |
+ # drop in a convenient link to the manual |
|
300 |
+ if use doc ; then |
|
301 |
+ sed -i -e "s:VERSION:${PVR}:" "${D}/etc/apache2/modules.d/00_apache_manual.conf" |
|
302 |
+ else |
|
303 |
+ rm -f "${D}/etc/apache2/modules.d/00_apache_manual.conf" |
|
304 |
+ rm -Rf "${D}/usr/share/doc/${PF}/manual" |
|
305 |
+ fi |
|
306 |
+ |
|
307 |
+ # the default webroot gets stored in /usr/share/doc |
|
308 |
+ ebegin "Installing default webroot to /usr/share/doc/${PF}" |
|
309 |
+ mv -f "${D}/var/www/localhost" "${D}/usr/share/doc/${PF}/webroot" |
|
310 |
+ eend $? |
|
311 |
+ keepdir /var/www/localhost/htdocs |
|
312 |
+ |
|
313 |
+ if ! use no-suexec ; then |
|
314 |
+ # Set some sane permissions for suexec |
|
315 |
+ fowners 0:apache /usr/sbin/suexec |
|
316 |
+ fperms 4710 /usr/sbin/suexec |
|
317 |
+ fi |
|
318 |
+ |
|
319 |
+ keepdir /etc/apache2/vhosts.d |
|
320 |
+ keepdir /etc/apache2/modules.d |
|
321 |
+ |
|
322 |
+ # empty dirs |
|
323 |
+ for i in /var/lib/dav /var/log/apache2 /var/cache/apache2 ; do |
|
324 |
+ keepdir ${i} |
|
325 |
+ fowners apache:apache ${i} |
|
326 |
+ fperms 0755 ${i} |
|
327 |
+ done |
|
328 |
+ |
|
329 |
+ # We'll be needing /etc/apache2/ssl if USE=ssl |
|
330 |
+ use ssl && keepdir /etc/apache2/ssl |
|
331 |
+} |
|
332 |
+ |
|
333 |
+pkg_postinst() { |
|
334 |
+ # Automatically generate test certificates if ssl USE flag is being set |
|
335 |
+ if use ssl && [[ ! -e "${ROOT}/etc/apache2/ssl/server.crt" ]] ; then |
|
336 |
+ cd "${ROOT}"/etc/apache2/ssl |
|
337 |
+ einfo |
|
338 |
+ einfo "Generating self-signed test certificate in ${ROOT}/etc/apache2/ssl ..." |
|
339 |
+ yes "" 2>/dev/null | \ |
|
340 |
+ "${ROOT}"/usr/sbin/gentestcrt.sh >/dev/null 2>&1 || \ |
|
341 |
+ die "gentestcrt.sh failed" |
|
342 |
+ einfo |
|
343 |
+ fi |
|
344 |
+ |
|
345 |
+ # we do this here because the default webroot is a copy of the files |
|
346 |
+ # that exist elsewhere and we don't want them managed/removed by portage |
|
347 |
+ # when apache is upgraded. |
|
348 |
+ |
|
349 |
+ if [[ -e "${ROOT}/var/www/localhost" ]] ; then |
|
350 |
+ elog "The default webroot has not been installed into" |
|
351 |
+ elog "${ROOT}/var/www/localhost because the directory already exists" |
|
352 |
+ elog "and we do not want to overwrite any files you have put there." |
|
353 |
+ elog |
|
354 |
+ elog "If you would like to install the latest webroot, please run" |
|
355 |
+ elog "emerge --config =${PF}" |
|
356 |
+ else |
|
357 |
+ einfo "Installing default webroot to ${ROOT}/var/www/localhost" |
|
358 |
+ mkdir -p "${ROOT}"/var/www/localhost |
|
359 |
+ cp -R "${ROOT}"/usr/share/doc/${PF}/webroot/* "${ROOT}"/var/www/localhost |
|
360 |
+ chown -R apache:0 "${ROOT}"/var/www/localhost |
|
361 |
+ fi |
|
362 |
+ |
|
363 |
+ # Previous installations of apache-2.2 installed the upstream configuration |
|
364 |
+ # files, which shouldn't even have been installed! |
|
365 |
+ if has_version '>=www-servers/apache-2.2.4' ; then |
|
366 |
+ [ -f "${ROOT}"/etc/apache2/apache2.conf ] && \ |
|
367 |
+ rm -f "${ROOT}"/etc/apache2/apache2.conf >/dev/null 2>&1 |
|
368 |
+ |
|
369 |
+ for i in extra original ; do |
|
370 |
+ [ -d "${ROOT}"/etc/apache2/$i ] && \ |
|
371 |
+ rm -rf "${ROOT}"/etc/apache2/$i >/dev/null 2>&1 |
|
372 |
+ done |
|
373 |
+ fi |
|
374 |
+ |
|
375 |
+ # Note the changes regarding DEFAULT_VHOST and SSL_DEFAULT_VHOST |
|
376 |
+ if has_version '<www-servers/apache-2.2.4-r7' ; then |
|
377 |
+ elog |
|
378 |
+ elog "Listen directives have been moved into the default virtual host" |
|
379 |
+ elog "configuation. At least DEFAULT_VHOST has been enabled for you" |
|
380 |
+ elog "(depending on your USE-flags." |
|
381 |
+ elog |
|
382 |
+ elog "If you disable DEFAULT_VHOST or SSL_DEFAULT_VHOST, there would" |
|
383 |
+ elog "be no listening sockets available." |
|
384 |
+ elog |
|
385 |
+ fi |
|
386 |
+ |
|
387 |
+ # Note the user of the config changes |
|
388 |
+ if has_version '<www-servers/apache-2.2.4-r5' ; then |
|
389 |
+ elog |
|
390 |
+ elog "Please make sure that you update your /etc directory." |
|
391 |
+ elog "Between the versions, we had to changes some config files" |
|
392 |
+ elog "and move some stuff out of the main httpd.conf file to a seperate" |
|
393 |
+ elog "modules.d entry." |
|
394 |
+ elog |
|
395 |
+ elog "Thus please update your /etc directory either via etc-update," |
|
396 |
+ elog "dispatch-conf or conf-update !" |
|
397 |
+ elog |
|
398 |
+ fi |
|
399 |
+ |
|
400 |
+ # Check for dual/upgrade install |
|
401 |
+ if has_version '<www-servers/apache-2.2.0' ; then |
|
402 |
+ elog |
|
403 |
+ elog "When upgrading from versions below 2.2.0 to this version, you" |
|
404 |
+ elog "need to rebuild all your modules. Please do so for your modules" |
|
405 |
+ elog "to continue working correctly." |
|
406 |
+ elog |
|
407 |
+ elog "Also note that some configuration directives have been" |
|
408 |
+ elog "split into their own files under ${ROOT}/etc/apache2/modules.d/" |
|
409 |
+ elog "and that some modules, foremost the authentication related ones," |
|
410 |
+ elog "have been renamed." |
|
411 |
+ elog |
|
412 |
+ elog "Some examples:" |
|
413 |
+ elog " - USERDIR is now configureable in ${ROOT}etc/apache2/modules.d/00_mod_userdir.conf." |
|
414 |
+ elog |
|
415 |
+ elog "For more information on what you may need to change, please" |
|
416 |
+ elog "see the overview of changes at:" |
|
417 |
+ elog "http://httpd.apache.org/docs/2.2/new_features_2_2.html" |
|
418 |
+ elog "and the upgrading guide at:" |
|
419 |
+ elog "http://httpd.apache.org/docs/2.2/upgrading.html" |
|
420 |
+ elog |
|
421 |
+ fi |
|
422 |
+ |
|
423 |
+ # Cleanup the vim backup files, placed in /etc/apache2 by the last |
|
424 |
+ # patchtarball (gentoo-apache-2.2.4-r7-20070615) |
|
425 |
+ rm -f "${ROOT}/etc/apache2/modules.d/*.conf~" |
|
426 |
+} |
|
427 |
+ |
|
428 |
+pkg_config() { |
|
429 |
+ einfo "Installing default webroot to ${ROOT}/var/www/localhost" |
|
430 |
+ cp -R "${ROOT}"/usr/share/doc/${PF}/webroot/* "${ROOT}"/var/www/localhost |
|
431 |
+} |
|
432 |
+ |
|
433 |
+parse_modules_config() { |
|
434 |
+ local name="" |
|
435 |
+ local disable="" |
|
436 |
+ local version="undef" |
|
437 |
+ MY_BUILTINS="" |
|
438 |
+ mods="" |
|
439 |
+ [[ -f "${1}" ]] || return 1 |
|
440 |
+ |
|
441 |
+ for i in $(sed 's/#.*//' < $1) ; do |
|
442 |
+ if [[ "$i" == "VERSION:" ]] ; then |
|
443 |
+ version="select" |
|
444 |
+ elif [[ "${version}" == "select" ]] ; then |
|
445 |
+ version="$i" |
|
446 |
+ # start with - option for backwards compatibility only |
|
447 |
+ elif [[ "$i" == "-" ]] ; then |
|
448 |
+ disable="true" |
|
449 |
+ elif [[ -z "${name}" ]] && [[ "$i" != "${i/mod_/}" ]] ; then |
|
450 |
+ name="${i/mod_/}" |
|
451 |
+ elif [[ -n "${disable}" ]] || [[ "$i" == "disabled" ]] ; then |
|
452 |
+ MY_BUILTINS="${MY_BUILTINS} --disable-${name}" |
|
453 |
+ name="" ; disable="" |
|
454 |
+ elif [[ "$i" == "static" ]] || use static-modules ; then |
|
455 |
+ MY_BUILTINS="${MY_BUILTINS} --enable-${name}=static" |
|
456 |
+ name="" ; disable="" |
|
457 |
+ elif [[ "$i" == "shared" ]] ; then |
|
458 |
+ MY_BUILTINS="${MY_BUILTINS} --enable-${name}=shared" |
|
459 |
+ mods="${mods} ${name}" |
|
460 |
+ name="" ; disable="" |
|
461 |
+ else |
|
462 |
+ ewarn "Parse error in ${1} - unknown option: $i" |
|
463 |
+ fi |
|
464 |
+ done |
|
465 |
+ |
|
466 |
+ # reject the file if it's unversioned or doesn't match our |
|
467 |
+ # package major.minor. This is to make upgrading work smoothly. |
|
468 |
+ if [[ "${version}" != "${PV%.*}" ]] ; then |
|
469 |
+ mods="" |
|
470 |
+ MY_BUILTINS="" |
|
471 |
+ return 1 |
|
472 |
+ fi |
|
473 |
+ |
|
474 |
+ einfo "Using ${1}" |
|
475 |
+ einfo "options: ${MY_BUILTINS}" |
|
476 |
+ einfo "LoadModules: ${mods}" |
|
477 |
+} |
|
478 |
+ |
|
479 |
+select_modules_config() { |
|
480 |
+ parse_modules_config "${ROOT}"/etc/apache2/apache2-builtin-mods || \ |
|
481 |
+ parse_modules_config "${GENTOO_PATCHDIR}"/conf/apache2-builtin-mods || \ |
|
482 |
+ return 1 |
|
483 |
+} |
... | ... |
@@ -0,0 +1,11 @@ |
1 |
+--- server/log.c.1 2007-10-04 16:34:00.000000000 +0200 |
|
2 |
++++ server/log.c 2007-10-04 16:35:46.000000000 +0200 |
|
3 |
+@@ -595,7 +595,7 @@ |
|
4 |
+ * first. -djg |
|
5 |
+ */ |
|
6 |
+ len += apr_snprintf(errstr + len, MAX_STRING_LEN - len, |
|
7 |
+- "[client %s] ", c->remote_ip); |
|
8 |
++ "[client 0.0.0.0] "); |
|
9 |
+ } |
|
10 |
+ if (status != 0) { |
|
11 |
+ if (status < APR_OS_START_EAIERR) { |
... | ... |
@@ -0,0 +1,6 @@ |
1 |
+MD5 e7ebbbfdb900ab1550abd5ae5753910b gentoo-apache-2.2.6-20070907.tar.bz2 58121 |
|
2 |
+RMD160 d0e5f55a8985f97fcdf646e04d92f6519f968104 gentoo-apache-2.2.6-20070907.tar.bz2 58121 |
|
3 |
+SHA256 56f809f93fdcba204e6be271f195095d8ad033aa61447dab607af91d95cde8e6 gentoo-apache-2.2.6-20070907.tar.bz2 58121 |
|
4 |
+MD5 203bea91715064f0c787f6499d33a377 httpd-2.2.6.tar.bz2 4717066 |
|
5 |
+RMD160 5ae895c6898213e1e3b7e7b02cdfcbe5b36a108f httpd-2.2.6.tar.bz2 4717066 |
|
6 |
+SHA256 f27cd9df50a2acd9df8f37520f62f6ce51758689d425ead5883e75ff5ed6548c httpd-2.2.6.tar.bz2 4717066 |
... | ... |
@@ -0,0 +1,217 @@ |
1 |
+httpd-2.2.x-sni.patch - server name indication support for Apache 2.2 or later |
|
2 |
+(cf. RFC 4366, "Transport Layer Security (TLS) Extensions") |
|
3 |
+ |
|
4 |
+Based on a patch from the EdelKey project (http://www.edelweb.fr/EdelKey/), |
|
5 |
+which is used with permission from its author. |
|
6 |
+ |
|
7 |
+Index: httpd-2.2.x/modules/ssl/ssl_engine_init.c |
|
8 |
+=================================================================== |
|
9 |
+--- httpd-2.2.x/modules/ssl/ssl_engine_init.c (revision 515465) |
|
10 |
++++ httpd-2.2.x/modules/ssl/ssl_engine_init.c (working copy) |
|
11 |
+@@ -156,6 +156,87 @@ static int ssl_tmp_keys_init(server_rec |
|
12 |
+ return OK; |
|
13 |
+ } |
|
14 |
+ |
|
15 |
++#ifndef OPENSSL_NO_TLSEXT |
|
16 |
++static int set_ssl_vhost(void *servername, conn_rec *c, server_rec *s) |
|
17 |
++{ |
|
18 |
++ SSLSrvConfigRec *sc; |
|
19 |
++ SSL *ssl; |
|
20 |
++ BOOL found = FALSE; |
|
21 |
++ apr_array_header_t *names; |
|
22 |
++ int i; |
|
23 |
++ |
|
24 |
++ /* check ServerName */ |
|
25 |
++ if (!strcasecmp(servername, s->server_hostname)) |
|
26 |
++ found = TRUE; |
|
27 |
++ |
|
28 |
++ /* if not matched yet, check ServerAlias entries */ |
|
29 |
++ if (!found) { |
|
30 |
++ names = s->names; |
|
31 |
++ if (names) { |
|
32 |
++ char **name = (char **) names->elts; |
|
33 |
++ for (i = 0; i < names->nelts; ++i) { |
|
34 |
++ if(!name[i]) continue; |
|
35 |
++ if (!strcasecmp(servername, name[i])) { |
|
36 |
++ found = TRUE; |
|
37 |
++ break; |
|
38 |
++ } |
|
39 |
++ } |
|
40 |
++ } |
|
41 |
++ } |
|
42 |
++ |
|
43 |
++ /* if still no match, check ServerAlias entries with wildcards */ |
|
44 |
++ if (!found) { |
|
45 |
++ names = s->wild_names; |
|
46 |
++ if (names) { |
|
47 |
++ char **name = (char **) names->elts; |
|
48 |
++ for (i = 0; i < names->nelts; ++i) { |
|
49 |
++ if(!name[i]) continue; |
|
50 |
++ if (!ap_strcasecmp_match(servername, name[i])) { |
|
51 |
++ found = TRUE; |
|
52 |
++ break; |
|
53 |
++ } |
|
54 |
++ } |
|
55 |
++ } |
|
56 |
++ } |
|
57 |
++ |
|
58 |
++ /* set SSL_CTX (if matched) */ |
|
59 |
++ if (found) { |
|
60 |
++ if ((ssl = ((SSLConnRec *)myConnConfig(c))->ssl) == NULL) |
|
61 |
++ return 0; |
|
62 |
++ if (!(sc = mySrvConfig(s))) |
|
63 |
++ return 0; |
|
64 |
++ SSL_set_SSL_CTX(ssl,sc->server->ssl_ctx); |
|
65 |
++ return 1; |
|
66 |
++ } |
|
67 |
++ return 0; |
|
68 |
++} |
|
69 |
++ |
|
70 |
++int ssl_set_vhost_ctx(SSL *ssl, const char *servername) |
|
71 |
++{ |
|
72 |
++ conn_rec *c; |
|
73 |
++ |
|
74 |
++ if (servername == NULL) /* should not occur. */ |
|
75 |
++ return 0; |
|
76 |
++ |
|
77 |
++ SSL_set_SSL_CTX(ssl,NULL); |
|
78 |
++ |
|
79 |
++ if (!(c = (conn_rec *)SSL_get_app_data(ssl))) |
|
80 |
++ return 0; |
|
81 |
++ |
|
82 |
++ return ap_vhost_iterate_given_conn(c,set_ssl_vhost,servername); |
|
83 |
++} |
|
84 |
++ |
|
85 |
++int ssl_servername_cb(SSL *s, int *al, modssl_ctx_t *mctx) |
|
86 |
++{ |
|
87 |
++ const char *servername = SSL_get_servername(s,TLSEXT_NAMETYPE_host_name); |
|
88 |
++ |
|
89 |
++ if (servername) { |
|
90 |
++ return ssl_set_vhost_ctx(s,servername)?SSL_TLSEXT_ERR_OK:SSL_TLSEXT_ERR_ALERT_FATAL; |
|
91 |
++ } |
|
92 |
++ return SSL_TLSEXT_ERR_NOACK; |
|
93 |
++} |
|
94 |
++#endif |
|
95 |
++ |
|
96 |
+ /* |
|
97 |
+ * Per-module initialization |
|
98 |
+ */ |
|
99 |
+@@ -376,6 +457,29 @@ static void ssl_init_server_check(server |
|
100 |
+ } |
|
101 |
+ } |
|
102 |
+ |
|
103 |
++static void ssl_init_server_extensions(server_rec *s, |
|
104 |
++ apr_pool_t *p, |
|
105 |
++ apr_pool_t *ptemp, |
|
106 |
++ modssl_ctx_t *mctx) |
|
107 |
++{ |
|
108 |
++ /* |
|
109 |
++ * Configure TLS extensions support |
|
110 |
++ */ |
|
111 |
++ |
|
112 |
++#ifndef OPENSSL_NO_TLSEXT |
|
113 |
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, |
|
114 |
++ "Configuring TLS extensions facility"); |
|
115 |
++ |
|
116 |
++ if (!SSL_CTX_set_tlsext_servername_callback(mctx->ssl_ctx, ssl_servername_cb) || |
|
117 |
++ !SSL_CTX_set_tlsext_servername_arg(mctx->ssl_ctx, mctx)) { |
|
118 |
++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, |
|
119 |
++ "Unable to initialize servername callback, bad openssl version."); |
|
120 |
++ ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); |
|
121 |
++ ssl_die(); |
|
122 |
++ } |
|
123 |
++#endif |
|
124 |
++} |
|
125 |
++ |
|
126 |
+ static void ssl_init_ctx_protocol(server_rec *s, |
|
127 |
+ apr_pool_t *p, |
|
128 |
+ apr_pool_t *ptemp, |
|
129 |
+@@ -709,6 +813,8 @@ static void ssl_init_ctx(server_rec *s, |
|
130 |
+ /* XXX: proxy support? */ |
|
131 |
+ ssl_init_ctx_cert_chain(s, p, ptemp, mctx); |
|
132 |
+ } |
|
133 |
++ |
|
134 |
++ ssl_init_server_extensions(s, p, ptemp, mctx); |
|
135 |
+ } |
|
136 |
+ |
|
137 |
+ static int ssl_server_import_cert(server_rec *s, |
|
138 |
+@@ -1035,6 +1141,7 @@ void ssl_init_CheckServers(server_rec *b |
|
139 |
+ } |
|
140 |
+ } |
|
141 |
+ |
|
142 |
++#ifdef OPENSSL_NO_TLSEXT |
|
143 |
+ /* |
|
144 |
+ * Give out warnings when more than one SSL-aware virtual server uses the |
|
145 |
+ * same IP:port. This doesn't work because mod_ssl then will always use |
|
146 |
+@@ -1079,6 +1186,7 @@ void ssl_init_CheckServers(server_rec *b |
|
147 |
+ "Init: You should not use name-based " |
|
148 |
+ "virtual hosts in conjunction with SSL!!"); |
|
149 |
+ } |
|
150 |
++#endif |
|
151 |
+ } |
|
152 |
+ |
|
153 |
+ #ifdef SSLC_VERSION_NUMBER |
|
154 |
+Index: httpd-2.2.x/modules/ssl/ssl_engine_kernel.c |
|
155 |
+=================================================================== |
|
156 |
+--- httpd-2.2.x/modules/ssl/ssl_engine_kernel.c (revision 515465) |
|
157 |
++++ httpd-2.2.x/modules/ssl/ssl_engine_kernel.c (working copy) |
|
158 |
+@@ -231,6 +231,19 @@ int ssl_hook_Access(request_rec *r) |
|
159 |
+ * the currently active one. |
|
160 |
+ */ |
|
161 |
+ |
|
162 |
++#ifndef OPENSSL_NO_TLSEXT |
|
163 |
++ /* |
|
164 |
++ * We will switch to another virtualhost and to its ssl_ctx |
|
165 |
++ * if changed, we will force a renegotiation. |
|
166 |
++ */ |
|
167 |
++ if (r->hostname && !SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) { |
|
168 |
++ SSL_CTX *ctx = SSL_get_SSL_CTX(ssl); |
|
169 |
++ if (ssl_set_vhost_ctx(ssl,(char *)r->hostname) && |
|
170 |
++ ctx != SSL_get_SSL_CTX(ssl)) |
|
171 |
++ renegotiate = TRUE; |
|
172 |
++ } |
|
173 |
++#endif |
|
174 |
++ |
|
175 |
+ /* |
|
176 |
+ * Override of SSLCipherSuite |
|
177 |
+ * |
|
178 |
+@@ -997,6 +1010,9 @@ int ssl_hook_Fixup(request_rec *r) |
|
179 |
+ SSLDirConfigRec *dc = myDirConfig(r); |
|
180 |
+ apr_table_t *env = r->subprocess_env; |
|
181 |
+ char *var, *val = ""; |
|
182 |
++#ifndef OPENSSL_NO_TLSEXT |
|
183 |
++ const char* servername; |
|
184 |
++#endif |
|
185 |
+ STACK_OF(X509) *peer_certs; |
|
186 |
+ SSL *ssl; |
|
187 |
+ int i; |
|
188 |
+@@ -1018,6 +1034,12 @@ int ssl_hook_Fixup(request_rec *r) |
|
189 |
+ /* the always present HTTPS (=HTTP over SSL) flag! */ |
|
190 |
+ apr_table_setn(env, "HTTPS", "on"); |
|
191 |
+ |
|
192 |
++#ifndef OPENSSL_NO_TLSEXT |
|
193 |
++ /* add content of SNI TLS extension (if supplied with ClientHello) */ |
|
194 |
++ if (servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) |
|
195 |
++ apr_table_set(env, "TLS_SNI", servername); |
|
196 |
++#endif |
|
197 |
++ |
|
198 |
+ /* standard SSL environment variables */ |
|
199 |
+ if (dc->nOptions & SSL_OPT_STDENVVARS) { |
|
200 |
+ for (i = 0; ssl_hook_Fixup_vars[i]; i++) { |
|
201 |
+Index: httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h |
|
202 |
+=================================================================== |
|
203 |
+--- httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h (revision 515465) |
|
204 |
++++ httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h (working copy) |
|
205 |
+@@ -258,6 +258,12 @@ typedef void (*modssl_popfree_fn)(char * |
|
206 |
+ #define SSL_SESS_CACHE_NO_INTERNAL SSL_SESS_CACHE_NO_INTERNAL_LOOKUP |
|
207 |
+ #endif |
|
208 |
+ |
|
209 |
++#ifndef OPENSSL_NO_TLSEXT |
|
210 |
++#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME |
|
211 |
++#define OPENSSL_NO_TLSEXT |
|
212 |
++#endif |
|
213 |
++#endif |
|
214 |
++ |
|
215 |
+ #endif /* SSL_TOOLKIT_COMPAT_H */ |
|
216 |
+ |
|
217 |
+ /** @} */ |
|
0 | 218 |