apache with noip and sni patch
Hanno Böck

Hanno Böck commited on 2007-10-22 18:57:16
Zeige 5 geänderte Dateien mit 734 Einfügungen und 0 Löschungen.

... ...
@@ -0,0 +1,17 @@
1
+AUX apache-noip.diff 417 RMD160 8e16f7ff130cea52449a25aafbbdeb78919d9eae SHA1 7c19a0236e4eff23bee6e69ee6708a24529a974c SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc
2
+MD5 a3ccaa61507918e64dc5fd378e14a5e7 files/apache-noip.diff 417
3
+RMD160 8e16f7ff130cea52449a25aafbbdeb78919d9eae files/apache-noip.diff 417
4
+SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc files/apache-noip.diff 417
5
+AUX httpd-2.2.x-sni.patch 6814 RMD160 6b0d89967041e1e8440559e35d369bd5e6be7d78 SHA1 c9ae8da2b43b2c9101bb2dda5f49f7f322b5f264 SHA256 b7db9f582891e138cec18b5a79c91b9e108fa34f92d63f2c6f31b64282d219d6
6
+MD5 2c3073c4fd1543a40064dcbd192ef8ce files/httpd-2.2.x-sni.patch 6814
7
+RMD160 6b0d89967041e1e8440559e35d369bd5e6be7d78 files/httpd-2.2.x-sni.patch 6814
8
+SHA256 b7db9f582891e138cec18b5a79c91b9e108fa34f92d63f2c6f31b64282d219d6 files/httpd-2.2.x-sni.patch 6814
9
+DIST gentoo-apache-2.2.6-20070907.tar.bz2 58121 RMD160 d0e5f55a8985f97fcdf646e04d92f6519f968104 SHA1 f9fd830bfb8e6c6e3cbac9d8342cc981032d20c5 SHA256 56f809f93fdcba204e6be271f195095d8ad033aa61447dab607af91d95cde8e6
10
+DIST httpd-2.2.6.tar.bz2 4717066 RMD160 5ae895c6898213e1e3b7e7b02cdfcbe5b36a108f SHA1 e6ef926ecd1f9a412af8c266239f0a6f58c63854 SHA256 f27cd9df50a2acd9df8f37520f62f6ce51758689d425ead5883e75ff5ed6548c
11
+EBUILD apache-2.2.6.ebuild 15453 RMD160 e91b37aa8c558d3ae0c3ca46a6e0523576ecdfed SHA1 6cff894f8e0279cd0be5085c19cf5d86ea581325 SHA256 c6b19e9f316371469c892cd6b29f09d510429337fabff6101487ebbadc6633a8
12
+MD5 27eb2562520dc87271850accd3afe649 apache-2.2.6.ebuild 15453
13
+RMD160 e91b37aa8c558d3ae0c3ca46a6e0523576ecdfed apache-2.2.6.ebuild 15453
14
+SHA256 c6b19e9f316371469c892cd6b29f09d510429337fabff6101487ebbadc6633a8 apache-2.2.6.ebuild 15453
15
+MD5 bf89379d611a34d10b6e0a55eee69f9b files/digest-apache-2.2.6 527
16
+RMD160 77f2fce54301244724ec61c4a3e0b96dc7106b33 files/digest-apache-2.2.6 527
17
+SHA256 69de15f758686c7f7977e0b75dd988e247162fb97fb394be4efe40997a53e308 files/digest-apache-2.2.6 527
... ...
@@ -0,0 +1,483 @@
1
+# Copyright 1999-2007 Gentoo Foundation
2
+# Distributed under the terms of the GNU General Public License v2
3
+# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.6.ebuild,v 1.11 2007/09/25 14:31:47 armin76 Exp $
4
+
5
+inherit eutils flag-o-matic multilib autotools
6
+
7
+# latest gentoo apache files
8
+GENTOO_PATCHNAME="gentoo-${PF}"
9
+GENTOO_PATCHSTAMP="20070907"
10
+GENTOO_DEVSPACE="hollow"
11
+GENTOO_PATCHDIR="${WORKDIR}/${GENTOO_PATCHNAME}"
12
+
13
+DESCRIPTION="The Apache Web Server."
14
+HOMEPAGE="http://httpd.apache.org/"
15
+SRC_URI="mirror://apache/httpd/httpd-${PV}.tar.bz2
16
+		http://dev.gentoo.org/~${GENTOO_DEVSPACE}/dist/apache/${GENTOO_PATCHNAME}-${GENTOO_PATCHSTAMP}.tar.bz2"
17
+
18
+# some helper scripts are apache-1.1, thus both are here
19
+LICENSE="Apache-2.0 Apache-1.1"
20
+SLOT="2"
21
+KEYWORDS="alpha amd64 ~arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd"
22
+IUSE="debug doc ldap mpm-event mpm-itk mpm-peruser mpm-prefork mpm-worker no-suexec selinux ssl static-modules threads"
23
+
24
+DEPEND="dev-lang/perl
25
+	=dev-libs/apr-1*
26
+	=dev-libs/apr-util-1*
27
+	dev-libs/expat
28
+	dev-libs/libpcre
29
+	sys-libs/zlib
30
+	ldap? ( =net-nds/openldap-2* )
31
+	selinux? ( sec-policy/selinux-apache )
32
+	ssl? ( dev-libs/openssl )
33
+	!=www-servers/apache-1*
34
+	!=app-admin/apache-tools-2.2.4-r2"
35
+
36
+RDEPEND="${DEPEND}
37
+	app-misc/mime-types"
38
+
39
+PDEPEND="~app-admin/apache-tools-${PV}"
40
+
41
+S="${WORKDIR}/httpd-${PV}"
42
+
43
+pkg_setup() {
44
+	if use ldap && ! built_with_use 'dev-libs/apr-util' ldap ; then
45
+		eerror "dev-libs/apr-util is missing LDAP support. For apache to have"
46
+		eerror "ldap support, apr-util must be built with the ldap USE-flag"
47
+		eerror "enabled."
48
+		die "ldap USE-flag enabled while not supported in apr-util"
49
+	fi
50
+
51
+	# Select the default MPM module
52
+	MPM_LIST="event itk peruser prefork worker"
53
+	for x in ${MPM_LIST} ; do
54
+		if use mpm-${x} ; then
55
+			if [[ "x${mpm}" == "x" ]] ; then
56
+				mpm=${x}
57
+				elog
58
+				elog "Selected MPM: ${mpm}"
59
+				elog
60
+			else
61
+				eerror "You have selected more then one mpm USE-flag."
62
+				eerror "Only one MPM is supported."
63
+				die "more then one mpm was specified"
64
+			fi
65
+		fi
66
+	done
67
+
68
+	if [[ "x${mpm}" == "x" ]] ; then
69
+		if use threads ; then
70
+			mpm=worker
71
+			elog
72
+			elog "Selected default threaded MPM: ${mpm}";
73
+			elog
74
+		else
75
+			mpm=prefork
76
+			elog
77
+			elog "Selected default MPM: ${mpm}";
78
+			elog
79
+		fi
80
+	fi
81
+
82
+	# setup apache user and group
83
+	enewgroup apache 81
84
+	enewuser apache 81 -1 /var/www apache
85
+
86
+	if ! use no-suexec ; then
87
+		elog
88
+		elog "You can manipulate several configure options of suexec"
89
+		elog "through the following environment variables:"
90
+		elog
91
+		elog " SUEXEC_SAFEPATH: Default PATH for suexec (default: /usr/local/bin:/usr/bin:/bin)"
92
+		elog "  SUEXEC_LOGFILE: Path to the suexec logfile (default: /var/log/apache2/suexec_log)"
93
+		elog "   SUEXEC_CALLER: Name of the user Apache is running as (default: apache)"
94
+		elog "  SUEXEC_DOCROOT: Directory in which suexec will run scripts (default: /var/www)"
95
+		elog "   SUEXEC_MINUID: Minimum UID, which is allowed to run scripts via suexec (default: 1000)"
96
+		elog "   SUEXEC_MINGID: Minimum GID, which is allowed to run scripts via suexec (default: 100)"
97
+		elog "  SUEXEC_USERDIR: User subdirectories (like /home/user/html) (default: public_html)"
98
+		elog "    SUEXEC_UMASK: Umask for the suexec process (default: 077)"
99
+		elog
100
+	fi
101
+}
102
+
103
+src_unpack() {
104
+	unpack ${A}
105
+	cd "${S}"
106
+	epatch "${FILESDIR}/apache-noip.diff"
107
+	epatch "${FILESDIR}/httpd-2.2.x-sni.patch"
108
+
109
+	# Use correct multilib libdir in gentoo patches
110
+	sed -i -e "s:/usr/lib:/usr/$(get_libdir):g" \
111
+		"${GENTOO_PATCHDIR}"/{conf/httpd.conf,init/*,patches/config.layout} \
112
+		|| die "libdir sed failed"
113
+
114
+	#### Patch Organization
115
+	# 00-19 Gentoo specific  (00_all_some-title.patch)
116
+	# 20-39 Additional MPMs  (20_all_${MPM}_some-title.patch)
117
+	# 40-59 USE-flag based   (40_all_${USE}_some-title.patch)
118
+	# 60-79 Version specific (60_all_${PV}_some-title.patch)
119
+	# 80-99 Security patches (80_all_${PV}_cve-####-####.patch)
120
+
121
+	epatch "${GENTOO_PATCHDIR}"/patches/*.patch
122
+
123
+	# setup the filesystem layout config
124
+	cat "${GENTOO_PATCHDIR}"/patches/config.layout >> "${S}"/config.layout || \
125
+		die "Failed preparing config.layout!"
126
+	sed -i -e "s:version:${PF}:g" "${S}"/config.layout
127
+
128
+	# patched-in MPMs need the build environment rebuilt
129
+	sed -i -e '/sinclude/d' configure.in
130
+	AT_GNUCONF_UPDATE=yes AT_M4DIR=build eautoreconf
131
+}
132
+
133
+src_compile() {
134
+	local modtype="shared" myconf=""
135
+	cd "${S}"
136
+
137
+	# Instead of filtering --as-needed (bug #128505), append --no-as-needed
138
+	# Thanks to Harald van Dijk
139
+	append-ldflags -Wl,--no-as-needed
140
+
141
+	# peruser MPM debugging with -X is nearly impossible
142
+	use mpm-peruser && use debug && append-flags -DMPM_PERUSER_DEBUG
143
+
144
+	use static-modules && modtype="static"
145
+	select_modules_config || die "determining modules failed"
146
+
147
+	if use ldap ; then
148
+		mods="${mods} ldap authnz_ldap"
149
+		myconf="${myconf} --enable-authnz-ldap=${modtype} --enable-ldap=${modtype}"
150
+	fi
151
+
152
+	if use threads || use mpm-worker || use mpm-event; then
153
+		mods="${mods} cgid"
154
+		myconf="${myconf} --enable-cgid=${modtype}"
155
+	else
156
+		mods="${mods} cgi"
157
+		myconf="${myconf} --enable-cgi=${modtype}"
158
+	fi
159
+
160
+	if use ssl; then
161
+		mods="${mods} ssl"
162
+		myconf="${myconf} --with-ssl=/usr --enable-ssl=${modtype}"
163
+	fi
164
+
165
+	# Only build suexec with USE=-no-suexec
166
+	if use no-suexec ; then
167
+		myconf="${myconf} --disable-suexec"
168
+	else
169
+		myconf="${myconf} --with-suexec-safepath=${SUEXEC_SAFEPATH:-/usr/local/bin:/usr/bin:/bin}"
170
+		myconf="${myconf} --with-suexec-logfile=${SUEXEC_LOGFILE:-/var/log/apache2/suexec_log}"
171
+		myconf="${myconf} --with-suexec-bin=/usr/sbin/suexec"
172
+		myconf="${myconf} --with-suexec-userdir=${SUEXEC_USERDIR:-public_html}"
173
+		myconf="${myconf} --with-suexec-caller=${SUEXEC_CALLER:-apache}"
174
+		myconf="${myconf} --with-suexec-docroot=${SUEXEC_DOCROOT:-/var/www}"
175
+		myconf="${myconf} --with-suexec-uidmin=${SUEXEC_MINUID:-1000}"
176
+		myconf="${myconf} --with-suexec-gidmin=${SUEXEC_MINGID:-100}"
177
+		myconf="${myconf} --with-suexec-umask=${SUEXEC_UMASK:-077}"
178
+		myconf="${myconf} --enable-suexec=${modtype}"
179
+		mods="${mods} suexec"
180
+	fi
181
+
182
+	# econf overwrites the stuff from config.layout, so we have to put them into
183
+	# our myconf line too
184
+
185
+	econf \
186
+		--includedir=/usr/include/apache2 \
187
+		--libexecdir=/usr/$(get_libdir)/apache2/modules \
188
+		--datadir=/var/www/localhost \
189
+		--sysconfdir=/etc/apache2 \
190
+		--localstatedir=/var \
191
+		--with-mpm=${mpm} \
192
+		--with-perl=/usr/bin/perl \
193
+		--with-expat=/usr \
194
+		--with-z=/usr \
195
+		--with-apr=/usr \
196
+		--with-apr-util=/usr \
197
+		--with-pcre=/usr \
198
+		--with-port=80 \
199
+		--with-program-name=apache2 \
200
+		--enable-layout=Gentoo \
201
+		$(use_enable debug maintainer-mode) \
202
+		$(use_enable debug exception-hook) \
203
+		${myconf} ${MY_BUILTINS} || die "econf failed!"
204
+
205
+	sed -i -e 's:apache2\.conf:httpd.conf:' include/ap_config_auto.h
206
+
207
+	emake || die "emake failed"
208
+}
209
+
210
+src_install () {
211
+	emake DESTDIR="${D}" install || die "emake install failed"
212
+
213
+	# This is a mapping of module names to the -D options in APACHE2_OPTS
214
+	# Used for creating optional LoadModule lines
215
+	mod_defines="
216
+		authnz_ldap:AUTH_LDAP
217
+		cache:CACHE
218
+		dav:DAV
219
+		dav_fs:DAV
220
+		dav_lock:DAV
221
+		disk_cache:CACHE
222
+		file_cache:CACHE
223
+		info:INFO
224
+		ldap:LDAP
225
+		mem_cache:CACHE
226
+		proxy:PROXY
227
+		proxy_ajp:PROXY
228
+		proxy_balancer:PROXY
229
+		proxy_connect:PROXY
230
+		proxy_http:PROXY
231
+		ssl:SSL
232
+		status:INFO
233
+		suexec:SUEXEC
234
+		userdir:USERDIR
235
+	"
236
+
237
+	# create our LoadModule lines
238
+	if ! use static-modules ; then
239
+		load_module=""
240
+		moddir="${D}/usr/$(get_libdir)/apache2/modules"
241
+		for m in $(echo ${mods}|tr ' ' '\n'|sort -u) ; do
242
+			endid="no"
243
+
244
+			if [[ -e "${moddir}/mod_${m}.so" ]] ; then
245
+				for def in ${mod_defines} ; do
246
+					if [[ "${m}" == "${def%:*}" ]] ; then
247
+						load_module="${load_module}\n<IfDefine ${def#*:}>"
248
+						endid="yes"
249
+					fi
250
+				done
251
+				load_module="${load_module}\nLoadModule ${m}_module modules/mod_${m}.so"
252
+				if [[ "${endid}" == "yes" ]] ; then
253
+					load_module="${load_module}\n</IfDefine>"
254
+				fi
255
+			fi
256
+		done
257
+	fi
258
+	sed -i -e "s:%%LOAD_MODULE%%:${load_module}:" \
259
+		"${GENTOO_PATCHDIR}"/conf/httpd.conf || die "sed failed"
260
+
261
+	# Install our configuration files
262
+	insinto /etc/apache2
263
+	doins docs/conf/magic
264
+	doins -r "${GENTOO_PATCHDIR}"/conf/*
265
+	insinto /etc/logrotate.d
266
+	newins "${GENTOO_PATCHDIR}"/scripts/apache2-logrotate apache2
267
+
268
+	# generate a sane default APACHE2_OPTS
269
+	APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D LANGUAGE"
270
+	use doc && APACHE2_OPTS="${APACHE2_OPTS} -D MANUAL"
271
+	use ssl && APACHE2_OPTS="${APACHE2_OPTS} -D SSL -D SSL_DEFAULT_VHOST"
272
+	use no-suexec || APACHE2_OPTS="${APACHE2_OPTS} -D SUEXEC"
273
+
274
+	sed -i -e "s:APACHE2_OPTS=\".*\":APACHE2_OPTS=\"${APACHE2_OPTS}\":" \
275
+		"${GENTOO_PATCHDIR}"/init/apache2.confd || die "sed failed"
276
+
277
+	newconfd "${GENTOO_PATCHDIR}"/init/apache2.confd apache2
278
+	newinitd "${GENTOO_PATCHDIR}"/init/apache2.initd apache2
279
+
280
+	# Link apache2ctl to the init script
281
+	dosym /etc/init.d/apache2 /usr/sbin/apache2ctl
282
+
283
+	# provide symlinks for all the stuff we no longer rename, bug 177697
284
+	for i in suexec apxs; do
285
+		dosym /usr/sbin/${i} /usr/sbin/${i}2
286
+	done
287
+
288
+	# Install some thirdparty scripts
289
+	exeinto /usr/sbin
290
+	for i in apache2logserverstatus apache2splitlogfile ; do
291
+		doexe "${GENTOO_PATCHDIR}"/scripts/${i}
292
+	done
293
+	use ssl && doexe "${GENTOO_PATCHDIR}"/scripts/gentestcrt.sh
294
+
295
+	# Install some documentation
296
+	dodoc ABOUT_APACHE CHANGES LAYOUT README README.platforms VERSIONING
297
+	dodoc "${GENTOO_PATCHDIR}"/docs/*
298
+
299
+	# drop in a convenient link to the manual
300
+	if use doc ; then
301
+		sed -i -e "s:VERSION:${PVR}:" "${D}/etc/apache2/modules.d/00_apache_manual.conf"
302
+	else
303
+		rm -f "${D}/etc/apache2/modules.d/00_apache_manual.conf"
304
+		rm -Rf "${D}/usr/share/doc/${PF}/manual"
305
+	fi
306
+
307
+	# the default webroot gets stored in /usr/share/doc
308
+	ebegin "Installing default webroot to /usr/share/doc/${PF}"
309
+	mv -f "${D}/var/www/localhost" "${D}/usr/share/doc/${PF}/webroot"
310
+	eend $?
311
+	keepdir /var/www/localhost/htdocs
312
+
313
+	if ! use no-suexec ; then
314
+		# Set some sane permissions for suexec
315
+		fowners 0:apache /usr/sbin/suexec
316
+		fperms 4710 /usr/sbin/suexec
317
+	fi
318
+
319
+	keepdir /etc/apache2/vhosts.d
320
+	keepdir /etc/apache2/modules.d
321
+
322
+	# empty dirs
323
+	for i in /var/lib/dav /var/log/apache2 /var/cache/apache2 ; do
324
+		keepdir ${i}
325
+		fowners apache:apache ${i}
326
+		fperms 0755 ${i}
327
+	done
328
+
329
+	# We'll be needing /etc/apache2/ssl if USE=ssl
330
+	use ssl && keepdir /etc/apache2/ssl
331
+}
332
+
333
+pkg_postinst() {
334
+	# Automatically generate test certificates if ssl USE flag is being set
335
+	if use ssl && [[ ! -e "${ROOT}/etc/apache2/ssl/server.crt" ]] ; then
336
+		cd "${ROOT}"/etc/apache2/ssl
337
+		einfo
338
+		einfo "Generating self-signed test certificate in ${ROOT}/etc/apache2/ssl ..."
339
+		yes "" 2>/dev/null | \
340
+			"${ROOT}"/usr/sbin/gentestcrt.sh >/dev/null 2>&1 || \
341
+			die "gentestcrt.sh failed"
342
+		einfo
343
+	fi
344
+
345
+	# we do this here because the default webroot is a copy of the files
346
+	# that exist elsewhere and we don't want them managed/removed by portage
347
+	# when apache is upgraded.
348
+
349
+	if [[ -e "${ROOT}/var/www/localhost" ]] ; then
350
+		elog "The default webroot has not been installed into"
351
+		elog "${ROOT}/var/www/localhost because the directory already exists"
352
+		elog "and we do not want to overwrite any files you have put there."
353
+		elog
354
+		elog "If you would like to install the latest webroot, please run"
355
+		elog "emerge --config =${PF}"
356
+	else
357
+		einfo "Installing default webroot to ${ROOT}/var/www/localhost"
358
+		mkdir -p "${ROOT}"/var/www/localhost
359
+		cp -R "${ROOT}"/usr/share/doc/${PF}/webroot/* "${ROOT}"/var/www/localhost
360
+		chown -R apache:0 "${ROOT}"/var/www/localhost
361
+	fi
362
+
363
+	# Previous installations of apache-2.2 installed the upstream configuration
364
+	# files, which shouldn't even have been installed!
365
+	if has_version '>=www-servers/apache-2.2.4' ; then
366
+		[ -f "${ROOT}"/etc/apache2/apache2.conf ] && \
367
+			rm -f "${ROOT}"/etc/apache2/apache2.conf >/dev/null 2>&1
368
+
369
+		for i in extra original ; do
370
+			[ -d "${ROOT}"/etc/apache2/$i ] && \
371
+				rm -rf "${ROOT}"/etc/apache2/$i >/dev/null 2>&1
372
+		done
373
+	fi
374
+
375
+	# Note the changes regarding DEFAULT_VHOST and SSL_DEFAULT_VHOST
376
+	if has_version '<www-servers/apache-2.2.4-r7' ; then
377
+		elog
378
+		elog "Listen directives have been moved into the default virtual host"
379
+		elog "configuation. At least DEFAULT_VHOST has been enabled for you"
380
+		elog "(depending on your USE-flags."
381
+		elog
382
+		elog "If you disable DEFAULT_VHOST or SSL_DEFAULT_VHOST, there would"
383
+		elog "be no listening sockets available."
384
+		elog
385
+	fi
386
+
387
+	# Note the user of the config changes
388
+	if has_version '<www-servers/apache-2.2.4-r5' ; then
389
+		elog
390
+		elog "Please make sure that you update your /etc directory."
391
+		elog "Between the versions, we had to changes some config files"
392
+		elog "and move some stuff out of the main httpd.conf file to a seperate"
393
+		elog "modules.d entry."
394
+		elog
395
+		elog "Thus please update your /etc directory either via etc-update,"
396
+		elog "dispatch-conf or conf-update !"
397
+		elog
398
+	fi
399
+
400
+	# Check for dual/upgrade install
401
+	if has_version '<www-servers/apache-2.2.0' ; then
402
+		elog
403
+		elog "When upgrading from versions below 2.2.0 to this version, you"
404
+		elog "need to rebuild all your modules. Please do so for your modules"
405
+		elog "to continue working correctly."
406
+		elog
407
+		elog "Also note that some configuration directives have been"
408
+		elog "split into their own files under ${ROOT}/etc/apache2/modules.d/"
409
+		elog "and that some modules, foremost the authentication related ones,"
410
+		elog "have been renamed."
411
+		elog
412
+		elog "Some examples:"
413
+		elog "  - USERDIR is now configureable in ${ROOT}etc/apache2/modules.d/00_mod_userdir.conf."
414
+		elog
415
+		elog "For more information on what you may need to change, please"
416
+		elog "see the overview of changes at:"
417
+		elog "http://httpd.apache.org/docs/2.2/new_features_2_2.html"
418
+		elog "and the upgrading guide at:"
419
+		elog "http://httpd.apache.org/docs/2.2/upgrading.html"
420
+		elog
421
+	fi
422
+
423
+	# Cleanup the vim backup files, placed in /etc/apache2 by the last
424
+	# patchtarball (gentoo-apache-2.2.4-r7-20070615)
425
+	rm -f "${ROOT}/etc/apache2/modules.d/*.conf~"
426
+}
427
+
428
+pkg_config() {
429
+	einfo "Installing default webroot to ${ROOT}/var/www/localhost"
430
+	cp -R "${ROOT}"/usr/share/doc/${PF}/webroot/* "${ROOT}"/var/www/localhost
431
+}
432
+
433
+parse_modules_config() {
434
+	local name=""
435
+	local disable=""
436
+	local version="undef"
437
+	MY_BUILTINS=""
438
+	mods=""
439
+	[[ -f "${1}" ]] || return 1
440
+
441
+	for i in $(sed 's/#.*//' < $1) ; do
442
+		if [[ "$i" == "VERSION:" ]] ; then
443
+			version="select"
444
+		elif [[ "${version}" == "select" ]] ; then
445
+			version="$i"
446
+		# start with - option for backwards compatibility only
447
+		elif [[ "$i" == "-" ]] ; then
448
+			disable="true"
449
+		elif [[ -z "${name}" ]] && [[ "$i" != "${i/mod_/}" ]] ; then
450
+			name="${i/mod_/}"
451
+		elif [[ -n "${disable}" ]] || [[ "$i" == "disabled" ]] ; then
452
+			MY_BUILTINS="${MY_BUILTINS} --disable-${name}"
453
+			name="" ; disable=""
454
+		elif [[ "$i" == "static" ]] || use static-modules ; then
455
+			MY_BUILTINS="${MY_BUILTINS} --enable-${name}=static"
456
+			name="" ; disable=""
457
+		elif [[ "$i" == "shared" ]] ; then
458
+			MY_BUILTINS="${MY_BUILTINS} --enable-${name}=shared"
459
+			mods="${mods} ${name}"
460
+			name="" ; disable=""
461
+		else
462
+			ewarn "Parse error in ${1} - unknown option: $i"
463
+		fi
464
+	done
465
+
466
+	# reject the file if it's unversioned or doesn't match our
467
+	# package major.minor. This is to make upgrading work smoothly.
468
+	if [[ "${version}" != "${PV%.*}" ]] ; then
469
+		mods=""
470
+		MY_BUILTINS=""
471
+		return 1
472
+	fi
473
+
474
+	einfo "Using ${1}"
475
+	einfo "options: ${MY_BUILTINS}"
476
+	einfo "LoadModules: ${mods}"
477
+}
478
+
479
+select_modules_config() {
480
+	parse_modules_config "${ROOT}"/etc/apache2/apache2-builtin-mods || \
481
+	parse_modules_config "${GENTOO_PATCHDIR}"/conf/apache2-builtin-mods || \
482
+	return 1
483
+}
... ...
@@ -0,0 +1,11 @@
1
+--- server/log.c.1	2007-10-04 16:34:00.000000000 +0200
2
++++ server/log.c	2007-10-04 16:35:46.000000000 +0200
3
+@@ -595,7 +595,7 @@
4
+          * first. -djg
5
+          */
6
+         len += apr_snprintf(errstr + len, MAX_STRING_LEN - len,
7
+-                            "[client %s] ", c->remote_ip);
8
++                            "[client 0.0.0.0] ");
9
+     }
10
+     if (status != 0) {
11
+         if (status < APR_OS_START_EAIERR) {
... ...
@@ -0,0 +1,6 @@
1
+MD5 e7ebbbfdb900ab1550abd5ae5753910b gentoo-apache-2.2.6-20070907.tar.bz2 58121
2
+RMD160 d0e5f55a8985f97fcdf646e04d92f6519f968104 gentoo-apache-2.2.6-20070907.tar.bz2 58121
3
+SHA256 56f809f93fdcba204e6be271f195095d8ad033aa61447dab607af91d95cde8e6 gentoo-apache-2.2.6-20070907.tar.bz2 58121
4
+MD5 203bea91715064f0c787f6499d33a377 httpd-2.2.6.tar.bz2 4717066
5
+RMD160 5ae895c6898213e1e3b7e7b02cdfcbe5b36a108f httpd-2.2.6.tar.bz2 4717066
6
+SHA256 f27cd9df50a2acd9df8f37520f62f6ce51758689d425ead5883e75ff5ed6548c httpd-2.2.6.tar.bz2 4717066
... ...
@@ -0,0 +1,217 @@
1
+httpd-2.2.x-sni.patch - server name indication support for Apache 2.2 or later
2
+(cf. RFC 4366, "Transport Layer Security (TLS) Extensions")
3
+
4
+Based on a patch from the EdelKey project (http://www.edelweb.fr/EdelKey/),
5
+which is used with permission from its author.
6
+
7
+Index: httpd-2.2.x/modules/ssl/ssl_engine_init.c
8
+===================================================================
9
+--- httpd-2.2.x/modules/ssl/ssl_engine_init.c	(revision 515465)
10
++++ httpd-2.2.x/modules/ssl/ssl_engine_init.c	(working copy)
11
+@@ -156,6 +156,87 @@ static int ssl_tmp_keys_init(server_rec 
12
+     return OK;
13
+ }
14
+ 
15
++#ifndef OPENSSL_NO_TLSEXT
16
++static int set_ssl_vhost(void *servername, conn_rec *c, server_rec *s) 
17
++{
18
++    SSLSrvConfigRec *sc;
19
++    SSL *ssl;
20
++    BOOL found = FALSE;
21
++    apr_array_header_t *names;
22
++    int i;
23
++
24
++    /* check ServerName */
25
++    if (!strcasecmp(servername, s->server_hostname))
26
++        found = TRUE;
27
++
28
++    /* if not matched yet, check ServerAlias entries */
29
++    if (!found) {
30
++        names = s->names;
31
++        if (names) {
32
++            char **name = (char **) names->elts;
33
++            for (i = 0; i < names->nelts; ++i) {
34
++                if(!name[i]) continue;
35
++                if (!strcasecmp(servername, name[i])) {
36
++                    found = TRUE;
37
++                    break;
38
++                }
39
++            }
40
++        }
41
++    }
42
++
43
++    /* if still no match, check ServerAlias entries with wildcards */
44
++    if (!found) {
45
++        names = s->wild_names;
46
++        if (names) {
47
++            char **name = (char **) names->elts;
48
++            for (i = 0; i < names->nelts; ++i) {
49
++                if(!name[i]) continue;
50
++                if (!ap_strcasecmp_match(servername, name[i])) {
51
++                    found = TRUE;
52
++                    break;
53
++                }
54
++            }
55
++        }
56
++    }
57
++
58
++    /* set SSL_CTX (if matched) */
59
++    if (found) {
60
++        if ((ssl = ((SSLConnRec *)myConnConfig(c))->ssl) == NULL) 
61
++            return 0;
62
++        if (!(sc = mySrvConfig(s)))
63
++            return 0;	
64
++        SSL_set_SSL_CTX(ssl,sc->server->ssl_ctx);
65
++        return 1;
66
++    }
67
++    return 0;
68
++}
69
++
70
++int ssl_set_vhost_ctx(SSL *ssl, const char *servername) 
71
++{
72
++    conn_rec *c;
73
++
74
++    if (servername == NULL)   /* should not occur. */
75
++        return 0;
76
++
77
++    SSL_set_SSL_CTX(ssl,NULL);
78
++
79
++    if (!(c = (conn_rec *)SSL_get_app_data(ssl))) 
80
++        return 0;
81
++
82
++    return ap_vhost_iterate_given_conn(c,set_ssl_vhost,servername);
83
++}
84
++
85
++int ssl_servername_cb(SSL *s, int *al, modssl_ctx_t *mctx)
86
++{
87
++    const char *servername = SSL_get_servername(s,TLSEXT_NAMETYPE_host_name);
88
++
89
++    if (servername) {
90
++        return ssl_set_vhost_ctx(s,servername)?SSL_TLSEXT_ERR_OK:SSL_TLSEXT_ERR_ALERT_FATAL;
91
++    }
92
++    return SSL_TLSEXT_ERR_NOACK;
93
++}
94
++#endif
95
++
96
+ /*
97
+  *  Per-module initialization
98
+  */
99
+@@ -376,6 +457,29 @@ static void ssl_init_server_check(server
100
+     }
101
+ }
102
+ 
103
++static void ssl_init_server_extensions(server_rec *s,
104
++                             apr_pool_t *p,
105
++                             apr_pool_t *ptemp,
106
++                             modssl_ctx_t *mctx)
107
++{
108
++    /*
109
++     * Configure TLS extensions support
110
++     */
111
++
112
++#ifndef OPENSSL_NO_TLSEXT
113
++    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
114
++                 "Configuring TLS extensions facility");
115
++
116
++    if (!SSL_CTX_set_tlsext_servername_callback(mctx->ssl_ctx, ssl_servername_cb) ||
117
++        !SSL_CTX_set_tlsext_servername_arg(mctx->ssl_ctx, mctx)) {
118
++        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
119
++                "Unable to initialize servername callback, bad openssl version.");
120
++        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
121
++        ssl_die();
122
++    }
123
++#endif
124
++}
125
++
126
+ static void ssl_init_ctx_protocol(server_rec *s,
127
+                                   apr_pool_t *p,
128
+                                   apr_pool_t *ptemp,
129
+@@ -709,6 +813,8 @@ static void ssl_init_ctx(server_rec *s,
130
+         /* XXX: proxy support? */
131
+         ssl_init_ctx_cert_chain(s, p, ptemp, mctx);
132
+     }
133
++
134
++    ssl_init_server_extensions(s, p, ptemp, mctx);
135
+ }
136
+ 
137
+ static int ssl_server_import_cert(server_rec *s,
138
+@@ -1035,6 +1141,7 @@ void ssl_init_CheckServers(server_rec *b
139
+         }
140
+     }
141
+ 
142
++#ifdef OPENSSL_NO_TLSEXT
143
+     /*
144
+      * Give out warnings when more than one SSL-aware virtual server uses the
145
+      * same IP:port. This doesn't work because mod_ssl then will always use
146
+@@ -1079,6 +1186,7 @@ void ssl_init_CheckServers(server_rec *b
147
+                      "Init: You should not use name-based "
148
+                      "virtual hosts in conjunction with SSL!!");
149
+     }
150
++#endif
151
+ }
152
+ 
153
+ #ifdef SSLC_VERSION_NUMBER
154
+Index: httpd-2.2.x/modules/ssl/ssl_engine_kernel.c
155
+===================================================================
156
+--- httpd-2.2.x/modules/ssl/ssl_engine_kernel.c	(revision 515465)
157
++++ httpd-2.2.x/modules/ssl/ssl_engine_kernel.c	(working copy)
158
+@@ -231,6 +231,19 @@ int ssl_hook_Access(request_rec *r)
159
+      * the currently active one.
160
+      */
161
+ 
162
++#ifndef OPENSSL_NO_TLSEXT
163
++    /*
164
++     * We will switch to another virtualhost and to its ssl_ctx
165
++     * if changed, we will force a renegotiation.
166
++     */
167
++    if (r->hostname && !SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) {
168
++        SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
169
++        if (ssl_set_vhost_ctx(ssl,(char *)r->hostname) &&
170
++            ctx != SSL_get_SSL_CTX(ssl))
171
++            renegotiate = TRUE;
172
++    }
173
++#endif
174
++
175
+     /*
176
+      * Override of SSLCipherSuite
177
+      *
178
+@@ -997,6 +1010,9 @@ int ssl_hook_Fixup(request_rec *r)
179
+     SSLDirConfigRec *dc = myDirConfig(r);
180
+     apr_table_t *env = r->subprocess_env;
181
+     char *var, *val = "";
182
++#ifndef OPENSSL_NO_TLSEXT
183
++    const char* servername;
184
++#endif
185
+     STACK_OF(X509) *peer_certs;
186
+     SSL *ssl;
187
+     int i;
188
+@@ -1018,6 +1034,12 @@ int ssl_hook_Fixup(request_rec *r)
189
+     /* the always present HTTPS (=HTTP over SSL) flag! */
190
+     apr_table_setn(env, "HTTPS", "on");
191
+ 
192
++#ifndef OPENSSL_NO_TLSEXT
193
++    /* add content of SNI TLS extension (if supplied with ClientHello) */
194
++    if (servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))
195
++	apr_table_set(env, "TLS_SNI", servername);
196
++#endif
197
++
198
+     /* standard SSL environment variables */
199
+     if (dc->nOptions & SSL_OPT_STDENVVARS) {
200
+         for (i = 0; ssl_hook_Fixup_vars[i]; i++) {
201
+Index: httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h
202
+===================================================================
203
+--- httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h	(revision 515465)
204
++++ httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h	(working copy)
205
+@@ -258,6 +258,12 @@ typedef void (*modssl_popfree_fn)(char *
206
+ #define SSL_SESS_CACHE_NO_INTERNAL  SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
207
+ #endif
208
+ 
209
++#ifndef OPENSSL_NO_TLSEXT
210
++#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
211
++#define OPENSSL_NO_TLSEXT
212
++#endif
213
++#endif
214
++
215
+ #endif /* SSL_TOOLKIT_COMPAT_H */
216
+ 
217
+ /** @} */
0 218