Browse code

remove apache with ocsp patch, now upstream

Hanno Böck authored on07/10/2021 18:33:47
Showing9 changed files
1 1
deleted file mode 100644
... ...
@@ -1,11 +0,0 @@
1
-AUX 41_mod_http2.conf 189 BLAKE2B 70f006ead657b250bb4c30a332484baf698541d44d922453bae6133e2458a7009035156f47c1dbba42bd6830ab5bef8c56d151821b0b56e9b41ef9b3db885411 SHA512 3d56a24ea98bc3188e5d6f8e2e0148e4b718e04f23452e77750bca984c44fc7c3acd4521a945b4c415284d0a5dac0f7e846bb60daf70fe61ce2632e8fa201ed6
2
-AUX apache-2.4.49-fix-ocsp.diff 5702 BLAKE2B 108da1e90e205a8d7661dbfb1afdc25630b83e36912a3000d36ba685db5bc3b49288bb53a1bbff56dd7874821d3caee242757a8f4b28948a67aee624d8e9472c SHA512 13c2ec72ec4611dcfdb73d0070ae2ecdee071f3eabfa413397a0082ab125701091deb7820b38234a89e81a9af9b9e120f1fea9728b28cbbe59f2561a02c5512d
3
-AUX apache-fix-ocsp.diff 3739 BLAKE2B 9ed68ebdf89b7e7001c80b6a94656e113d46129001042bb7eefcb850fbf909935bfec46e536a29cedbc15e4697acf636f4f787f2c749163b64ed058644b20100 SHA512 b388206d6ab01ad783f800448a5a8ebf7ff5de3d3c931c7c9696e96c84d31525f965fd7da00c45441b1adee8a63af400289559bf709dd9ab29cb3bf275cf204f
4
-AUX apache.conf 55 BLAKE2B 05ab58ac12e51c7aa548a71a2da43bbf80e53ef8ebe7d143f698b118621f2af1498a1362e7f30b82dc12a96485652cb0c34248c290f6a1aab6a3f378d9843c2a SHA512 3a53beb7a283d17c14383f16ad14c0602681ac1b193cce8f5aca50ae9d9af3a71054ce4a9ab11cbcb72fe913459e1b306fd54660154e66afe10272f8c0f149f3
5
-AUX apache2.2-hardened.service 970 BLAKE2B 77bf52cd0e5793aa81ad2b16267c1339e10fc4875704add053fd9ec67db60d2e175cb7a271c8d36b5e675a9cddd431062a6c31730510a921357b472383b502e4 SHA512 c206e7103d592dcf4f2d62979a20f7ab3cc7ce357ffe3c06ae8137064c812b9727e01a53fd602a0a55a64ed609664061de680ff42329381db787e2dae9310c48
6
-DIST gentoo-apache-2.4.46-r6-20210212.tar.bz2 25854 BLAKE2B 001f16c1beac8c90fd407bb2f77417f886296baf02acf0f6d81dc0f10c209270db7005f58d845d309dec8332773556da88db41a57c6ecc86f24b8a5141ba07d0 SHA512 976dde952277542efca70831b67da32b8bf636a346adeeb6e0bc5a65b3543a7ca4fb182bc01204f747b583dd753607d184d91ef46a93d5e2f3ab55ed787860a2
7
-DIST httpd-2.4.48.tar.bz2 7194385 BLAKE2B 5006535dc15b703b4388d90d57559bd882f16210c2f38f4d773312ed8322803629deee18709ca4446000c20c94ff8b0037acbe4dddab9cdbe45417079f708039 SHA512 6c250626f1e7d10428a92d984fd48ff841effcc8705f7816ab71b681bbd51d0012ad158dcd13763fe7d630311f2de258b27574603140d648be42796ab8326724
8
-DIST httpd-2.4.49.tar.bz2 7199599 BLAKE2B 78614647335a2351ce3ffb67f79bffd4aa0f42080a46de1f8d8a75c2ccae24998f5d505e60e9d4a710ff763e6a8cb3abee3da34ff6a7f2e18b68029a8abe80b7 SHA512 418e277232cf30a81d02b8554e31aaae6433bbea842bdb81e47a609469395cc4891183fb6ee02bd669edb2392c2007869b19da29f5998b8fd5c7d3142db310dd
9
-EBUILD apache-2.4.48-r3.ebuild 8404 BLAKE2B 234a64240b18730ec93e32e88a9ba2dad2181216d9c507da07f8298e514795464ac2c961e30250541c4bf69475eb2ccd1816bd5a4444146d7a61090e90effc8f SHA512 eecaacd6decc9b6b83d4cbb0b54c730b3c0d657c23a3f58e474c4e595a3c79201f96fbb97f275f9990f1f5a426918c34da6e62dd34d178c8b6b76c43e1d088d8
10
-EBUILD apache-2.4.49.ebuild 8421 BLAKE2B 62a861f1f4677aec2c969050492d0cc5ac31209880b1d79e07835b41238311dabcd9f425169c04eac9d5f785a432d99d8353ab456e4b81a9d33d3b4568532677 SHA512 c30773c61de2d20c1d1e1945c9c0a4a5a2ad22b8193133eaa4b1648599249fa83203d5697d62ba1cefaa9184b7b59c7a1a630c05aeabe7522b4a85d05d223deb
11
-MISC metadata.xml 900 BLAKE2B bc278df7a16090cb248b55179c0228b3c9ab846d918799e7b74b21d55f6410556909016ba6960cc77909fd4f8f85b8ebf25ba261553b8c5d42803d750a462cac SHA512 f98af69b59e4403ff194387781e92fe825df71a5d2f8d1c8a960b222eb548e1723335e13479b6e225e62b92b9af09cbd418fa95ddb676a5f039445945d5ae686
12 0
deleted file mode 100644
... ...
@@ -1,266 +0,0 @@
1
-# Copyright 1999-2021 Gentoo Authors
2
-# Distributed under the terms of the GNU General Public License v2
3
-
4
-EAPI=7
5
-
6
-# Bug in OCSP stapling, should be fixed with 2.4.49
7
-# https://bz.apache.org/bugzilla/show_bug.cgi?id=65567
8
-PATCHES="${FILESDIR}/apache-fix-ocsp.diff"
9
-
10
-# latest gentoo apache files
11
-GENTOO_PATCHSTAMP="20210212"
12
-GENTOO_DEVELOPER="polynomial-c"
13
-GENTOO_PATCHNAME="gentoo-apache-2.4.46-r6"
14
-
15
-# IUSE/USE_EXPAND magic
16
-IUSE_MPMS_FORK="prefork"
17
-IUSE_MPMS_THREAD="event worker"
18
-
19
-# << obsolete modules:
20
-# authn_default authz_default mem_cache
21
-# mem_cache is replaced by cache_disk
22
-# ?? buggy modules
23
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
24
-# >> added modules for reason:
25
-# compat: compatibility with 2.2 access control
26
-# authz_host: new module for access control
27
-# authn_core: functionality provided by authn_alias in previous versions
28
-# authz_core: new module, provides core authorization capabilities
29
-# cache_disk: replacement for mem_cache
30
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
31
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
32
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
33
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
34
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
35
-# socache_shmcb: shared object cache provider. Default config with ssl needs it
36
-# unixd: fixes startup error: Invalid command 'User'
37
-IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest auth_form
38
-authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authn_socache authz_core
39
-authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex
40
-brotli cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock
41
-dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2
42
-ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness
43
-lbmethod_heartbeat log_config log_forensic logio lua macro md mime mime_magic negotiation
44
-proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_html proxy_http proxy_scgi
45
-proxy_http2 proxy_fcgi proxy_uwsgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout
46
-session session_cookie session_crypto session_dbd setenvif slotmem_shm speling
47
-socache_memcache socache_shmcb status substitute unique_id userdir usertrack
48
-unixd version vhost_alias watchdog xml2enc"
49
-# The following are also in the source as of this version, but are not available
50
-# for user selection:
51
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
52
-# optional_fn_import optional_hook_export optional_hook_import
53
-
54
-# inter-module dependencies
55
-# TODO: this may still be incomplete
56
-MODULE_DEPENDS="
57
-	auth_form:session
58
-	brotli:filter
59
-	dav_fs:dav
60
-	dav_lock:dav
61
-	deflate:filter
62
-	cache_disk:cache
63
-	ext_filter:filter
64
-	file_cache:cache
65
-	lbmethod_byrequests:proxy_balancer
66
-	lbmethod_byrequests:slotmem_shm
67
-	lbmethod_bytraffic:proxy_balancer
68
-	lbmethod_bybusyness:proxy_balancer
69
-	lbmethod_heartbeat:proxy_balancer
70
-	log_forensic:log_config
71
-	logio:log_config
72
-	cache_disk:cache
73
-	cache_socache:cache
74
-	md:watchdog
75
-	mime_magic:mime
76
-	proxy_ajp:proxy
77
-	proxy_balancer:proxy
78
-	proxy_balancer:slotmem_shm
79
-	proxy_connect:proxy
80
-	proxy_ftp:proxy
81
-	proxy_html:proxy
82
-	proxy_html:xml2enc
83
-	proxy_http:proxy
84
-	proxy_http2:proxy
85
-	proxy_scgi:proxy
86
-	proxy_uwsgi:proxy
87
-	proxy_fcgi:proxy
88
-	proxy_wstunnel:proxy
89
-	session_cookie:session
90
-	session_dbd:dbd
91
-	session_dbd:session
92
-	socache_memcache:cache
93
-	substitute:filter
94
-"
95
-
96
-# module<->define mappings
97
-MODULE_DEFINES="
98
-	auth_digest:AUTH_DIGEST
99
-	authnz_ldap:AUTHNZ_LDAP
100
-	cache:CACHE
101
-	cache_disk:CACHE
102
-	cache_socache:CACHE
103
-	dav:DAV
104
-	dav_fs:DAV
105
-	dav_lock:DAV
106
-	file_cache:CACHE
107
-	http2:HTTP2
108
-	info:INFO
109
-	ldap:LDAP
110
-	lua:LUA
111
-	md:SSL
112
-	proxy:PROXY
113
-	proxy_ajp:PROXY
114
-	proxy_balancer:PROXY
115
-	proxy_connect:PROXY
116
-	proxy_ftp:PROXY
117
-	proxy_html:PROXY
118
-	proxy_http:PROXY
119
-	proxy_fcgi:PROXY
120
-	proxy_scgi:PROXY
121
-	proxy_wstunnel:PROXY
122
-	socache_shmcb:SSL
123
-	socache_memcache:CACHE
124
-	ssl:SSL
125
-	status:STATUS
126
-	suexec:SUEXEC
127
-	userdir:USERDIR
128
-"
129
-
130
-# critical modules for the default config
131
-MODULE_CRITICAL="
132
-	authn_core
133
-	authz_core
134
-	authz_host
135
-	dir
136
-	mime
137
-	unixd
138
-"
139
-inherit apache-2 systemd tmpfiles toolchain-funcs
140
-
141
-DESCRIPTION="The Apache Web Server"
142
-HOMEPAGE="https://httpd.apache.org/"
143
-
144
-# some helper scripts are Apache-1.1, thus both are here
145
-LICENSE="Apache-2.0 Apache-1.1"
146
-SLOT="2"
147
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x64-macos ~sparc64-solaris ~x64-solaris"
148
-
149
-# FIXME! Move this to eclass once all ebuilds are EAPI-7
150
-RDEPEND+=" apache2_modules_lua? ( ${LUA_DEPS} )"
151
-REQUIRED_USE+=" apache2_modules_lua? ( ${LUA_REQUIRED_USE} )"
152
-
153
-pkg_setup() {
154
-	# dependend critical modules which are not allowed in global scope due
155
-	# to USE flag conditionals (bug #499260)
156
-	use ssl && MODULE_CRITICAL+=" socache_shmcb"
157
-	use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
158
-	apache-2_pkg_setup
159
-}
160
-
161
-src_configure() {
162
-	# Brain dead check.
163
-	tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no"
164
-
165
-	apache-2_src_configure
166
-}
167
-
168
-src_compile() {
169
-	if tc-is-cross-compiler; then
170
-		# This header is the same across targets, so use the build compiler.
171
-		pushd server >/dev/null
172
-		emake gen_test_char
173
-		tc-export_build_env BUILD_CC
174
-		${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \
175
-			gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die
176
-		popd >/dev/null
177
-	fi
178
-
179
-	default
180
-}
181
-
182
-src_install() {
183
-	apache-2_src_install
184
-	local i
185
-	local apache_tools_prune_list=(
186
-		/usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}
187
-		/usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}
188
-		/usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}
189
-		/usr/share/man/man8/{rotatelogs.8,htcacheclean.8}
190
-	)
191
-	for i in ${apache_tools_prune_list[@]} ; do
192
-		rm "${ED}"/${i} || die "Failed to prune apache-tools bits"
193
-	done
194
-
195
-	# install apxs in /usr/bin (bug #502384) and put a symlink into the
196
-	# old location until all ebuilds and eclasses have been modified to
197
-	# use the new location.
198
-	dobin support/apxs
199
-	use split-usr && dosym ../bin/apxs /usr/sbin/apxs
200
-
201
-	# Note: wait for mod_systemd to be included in some forthcoming release,
202
-	# Then apache2.4.service can be used and systemd support controlled
203
-	# through --enable-systemd
204
-	systemd_newunit "${FILESDIR}/apache2.2-hardened.service" "apache2.service"
205
-	dotmpfiles "${FILESDIR}/apache.conf"
206
-	#insinto /etc/apache2/modules.d
207
-	#doins "${FILESDIR}/00_systemd.conf"
208
-
209
-	# Install http2 module config
210
-	insinto /etc/apache2/modules.d
211
-	doins "${FILESDIR}"/41_mod_http2.conf
212
-
213
-	# Fix path to apache libdir
214
-	sed "s|@LIBDIR@|$(get_libdir)|" -i "${ED}"/usr/sbin/apache2ctl || die
215
-}
216
-
217
-pkg_postinst() {
218
-	echo
219
-	ewarn "Downgrading to pre-GLEP 81 user for now."
220
-	ewarn "See bug #802495 and bug #803500 for more information."
221
-	ewarn ""
222
-	ewarn "You will need to run the following command to unlock the user:"
223
-	ewarn "usermod -e '' -U apache 2>/dev/null"
224
-	echo
225
-
226
-	apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
227
-
228
-	tmpfiles_process apache.conf #662544
229
-
230
-	# warnings that default config might not work out of the box
231
-	local mod cmod
232
-	for mod in ${MODULE_CRITICAL} ; do
233
-		if ! use "apache2_modules_${mod}"; then
234
-			echo
235
-			ewarn "Warning: Critical module not installed!"
236
-			ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
237
-			ewarn "are highly recomended but might not be in the base profile yet."
238
-			ewarn "Default config for ssl needs module 'socache_shmcb'."
239
-			ewarn "Enabling the following flags is highly recommended:"
240
-			for cmod in ${MODULE_CRITICAL} ; do
241
-				use "apache2_modules_${cmod}" || \
242
-					ewarn "+ apache2_modules_${cmod}"
243
-			done
244
-			echo
245
-			break
246
-		fi
247
-	done
248
-	# warning for proxy_balancer and missing load balancing scheduler
249
-	if use apache2_modules_proxy_balancer; then
250
-		local lbset=
251
-		for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
252
-			if use "apache2_modules_${mod}"; then
253
-				lbset=1 && break
254
-			fi
255
-		done
256
-		if [ ! ${lbset} ] ; then
257
-			echo
258
-			ewarn "Info: Missing load balancing scheduler algorithm module"
259
-			ewarn "(They were split off from proxy_balancer in 2.3)"
260
-			ewarn "In order to get the ability of load balancing, at least"
261
-			ewarn "one of these modules has to be present:"
262
-			ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
263
-			echo
264
-		fi
265
-	fi
266
-}
267 0
deleted file mode 100644
... ...
@@ -1,266 +0,0 @@
1
-# Copyright 1999-2021 Gentoo Authors
2
-# Distributed under the terms of the GNU General Public License v2
3
-
4
-EAPI=7
5
-
6
-# Bug in OCSP stapling, should be fixed in next version
7
-# https://bz.apache.org/bugzilla/show_bug.cgi?id=65567
8
-PATCHES="${FILESDIR}/apache-2.4.49-fix-ocsp.diff"
9
-
10
-# latest gentoo apache files
11
-GENTOO_PATCHSTAMP="20210212"
12
-GENTOO_DEVELOPER="polynomial-c"
13
-GENTOO_PATCHNAME="gentoo-apache-2.4.46-r6"
14
-
15
-# IUSE/USE_EXPAND magic
16
-IUSE_MPMS_FORK="prefork"
17
-IUSE_MPMS_THREAD="event worker"
18
-
19
-# << obsolete modules:
20
-# authn_default authz_default mem_cache
21
-# mem_cache is replaced by cache_disk
22
-# ?? buggy modules
23
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
24
-# >> added modules for reason:
25
-# compat: compatibility with 2.2 access control
26
-# authz_host: new module for access control
27
-# authn_core: functionality provided by authn_alias in previous versions
28
-# authz_core: new module, provides core authorization capabilities
29
-# cache_disk: replacement for mem_cache
30
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
31
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
32
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
33
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
34
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
35
-# socache_shmcb: shared object cache provider. Default config with ssl needs it
36
-# unixd: fixes startup error: Invalid command 'User'
37
-IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest auth_form
38
-authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authn_socache authz_core
39
-authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex
40
-brotli cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock
41
-dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2
42
-ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness
43
-lbmethod_heartbeat log_config log_forensic logio lua macro md mime mime_magic negotiation
44
-proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_html proxy_http proxy_scgi
45
-proxy_http2 proxy_fcgi proxy_uwsgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout
46
-session session_cookie session_crypto session_dbd setenvif slotmem_shm speling
47
-socache_memcache socache_shmcb status substitute unique_id userdir usertrack
48
-unixd version vhost_alias watchdog xml2enc"
49
-# The following are also in the source as of this version, but are not available
50
-# for user selection:
51
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
52
-# optional_fn_import optional_hook_export optional_hook_import
53
-
54
-# inter-module dependencies
55
-# TODO: this may still be incomplete
56
-MODULE_DEPENDS="
57
-	auth_form:session
58
-	brotli:filter
59
-	dav_fs:dav
60
-	dav_lock:dav
61
-	deflate:filter
62
-	cache_disk:cache
63
-	ext_filter:filter
64
-	file_cache:cache
65
-	lbmethod_byrequests:proxy_balancer
66
-	lbmethod_byrequests:slotmem_shm
67
-	lbmethod_bytraffic:proxy_balancer
68
-	lbmethod_bybusyness:proxy_balancer
69
-	lbmethod_heartbeat:proxy_balancer
70
-	log_forensic:log_config
71
-	logio:log_config
72
-	cache_disk:cache
73
-	cache_socache:cache
74
-	md:watchdog
75
-	mime_magic:mime
76
-	proxy_ajp:proxy
77
-	proxy_balancer:proxy
78
-	proxy_balancer:slotmem_shm
79
-	proxy_connect:proxy
80
-	proxy_ftp:proxy
81
-	proxy_html:proxy
82
-	proxy_html:xml2enc
83
-	proxy_http:proxy
84
-	proxy_http2:proxy
85
-	proxy_scgi:proxy
86
-	proxy_uwsgi:proxy
87
-	proxy_fcgi:proxy
88
-	proxy_wstunnel:proxy
89
-	session_cookie:session
90
-	session_dbd:dbd
91
-	session_dbd:session
92
-	socache_memcache:cache
93
-	substitute:filter
94
-"
95
-
96
-# module<->define mappings
97
-MODULE_DEFINES="
98
-	auth_digest:AUTH_DIGEST
99
-	authnz_ldap:AUTHNZ_LDAP
100
-	cache:CACHE
101
-	cache_disk:CACHE
102
-	cache_socache:CACHE
103
-	dav:DAV
104
-	dav_fs:DAV
105
-	dav_lock:DAV
106
-	file_cache:CACHE
107
-	http2:HTTP2
108
-	info:INFO
109
-	ldap:LDAP
110
-	lua:LUA
111
-	md:SSL
112
-	proxy:PROXY
113
-	proxy_ajp:PROXY
114
-	proxy_balancer:PROXY
115
-	proxy_connect:PROXY
116
-	proxy_ftp:PROXY
117
-	proxy_html:PROXY
118
-	proxy_http:PROXY
119
-	proxy_fcgi:PROXY
120
-	proxy_scgi:PROXY
121
-	proxy_wstunnel:PROXY
122
-	socache_shmcb:SSL
123
-	socache_memcache:CACHE
124
-	ssl:SSL
125
-	status:STATUS
126
-	suexec:SUEXEC
127
-	userdir:USERDIR
128
-"
129
-
130
-# critical modules for the default config
131
-MODULE_CRITICAL="
132
-	authn_core
133
-	authz_core
134
-	authz_host
135
-	dir
136
-	mime
137
-	unixd
138
-"
139
-inherit apache-2 systemd tmpfiles toolchain-funcs
140
-
141
-DESCRIPTION="The Apache Web Server"
142
-HOMEPAGE="https://httpd.apache.org/"
143
-
144
-# some helper scripts are Apache-1.1, thus both are here
145
-LICENSE="Apache-2.0 Apache-1.1"
146
-SLOT="2"
147
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x64-macos ~sparc64-solaris ~x64-solaris"
148
-
149
-# FIXME! Move this to eclass once all ebuilds are EAPI-7
150
-RDEPEND+=" apache2_modules_lua? ( ${LUA_DEPS} )"
151
-REQUIRED_USE+=" apache2_modules_lua? ( ${LUA_REQUIRED_USE} )"
152
-
153
-pkg_setup() {
154
-	# dependend critical modules which are not allowed in global scope due
155
-	# to USE flag conditionals (bug #499260)
156
-	use ssl && MODULE_CRITICAL+=" socache_shmcb"
157
-	use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
158
-	apache-2_pkg_setup
159
-}
160
-
161
-src_configure() {
162
-	# Brain dead check.
163
-	tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no"
164
-
165
-	apache-2_src_configure
166
-}
167
-
168
-src_compile() {
169
-	if tc-is-cross-compiler; then
170
-		# This header is the same across targets, so use the build compiler.
171
-		pushd server >/dev/null
172
-		emake gen_test_char
173
-		tc-export_build_env BUILD_CC
174
-		${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \
175
-			gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die
176
-		popd >/dev/null
177
-	fi
178
-
179
-	default
180
-}
181
-
182
-src_install() {
183
-	apache-2_src_install
184
-	local i
185
-	local apache_tools_prune_list=(
186
-		/usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}
187
-		/usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}
188
-		/usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}
189
-		/usr/share/man/man8/{rotatelogs.8,htcacheclean.8}
190
-	)
191
-	for i in ${apache_tools_prune_list[@]} ; do
192
-		rm "${ED}"/${i} || die "Failed to prune apache-tools bits"
193
-	done
194
-
195
-	# install apxs in /usr/bin (bug #502384) and put a symlink into the
196
-	# old location until all ebuilds and eclasses have been modified to
197
-	# use the new location.
198
-	dobin support/apxs
199
-	use split-usr && dosym ../bin/apxs /usr/sbin/apxs
200
-
201
-	# Note: wait for mod_systemd to be included in some forthcoming release,
202
-	# Then apache2.4.service can be used and systemd support controlled
203
-	# through --enable-systemd
204
-	systemd_newunit "${FILESDIR}/apache2.2-hardened.service" "apache2.service"
205
-	dotmpfiles "${FILESDIR}/apache.conf"
206
-	#insinto /etc/apache2/modules.d
207
-	#doins "${FILESDIR}/00_systemd.conf"
208
-
209
-	# Install http2 module config
210
-	insinto /etc/apache2/modules.d
211
-	doins "${FILESDIR}"/41_mod_http2.conf
212
-
213
-	# Fix path to apache libdir
214
-	sed "s|@LIBDIR@|$(get_libdir)|" -i "${ED}"/usr/sbin/apache2ctl || die
215
-}
216
-
217
-pkg_postinst() {
218
-	echo
219
-	ewarn "Downgrading to pre-GLEP 81 user for now."
220
-	ewarn "See bug #802495 and bug #803500 for more information."
221
-	ewarn ""
222
-	ewarn "You will need to run the following command to unlock the user:"
223
-	ewarn "usermod -e '' -U apache 2>/dev/null"
224
-	echo
225
-
226
-	apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
227
-
228
-	tmpfiles_process apache.conf #662544
229
-
230
-	# warnings that default config might not work out of the box
231
-	local mod cmod
232
-	for mod in ${MODULE_CRITICAL} ; do
233
-		if ! use "apache2_modules_${mod}"; then
234
-			echo
235
-			ewarn "Warning: Critical module not installed!"
236
-			ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
237
-			ewarn "are highly recomended but might not be in the base profile yet."
238
-			ewarn "Default config for ssl needs module 'socache_shmcb'."
239
-			ewarn "Enabling the following flags is highly recommended:"
240
-			for cmod in ${MODULE_CRITICAL} ; do
241
-				use "apache2_modules_${cmod}" || \
242
-					ewarn "+ apache2_modules_${cmod}"
243
-			done
244
-			echo
245
-			break
246
-		fi
247
-	done
248
-	# warning for proxy_balancer and missing load balancing scheduler
249
-	if use apache2_modules_proxy_balancer; then
250
-		local lbset=
251
-		for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
252
-			if use "apache2_modules_${mod}"; then
253
-				lbset=1 && break
254
-			fi
255
-		done
256
-		if [ ! ${lbset} ] ; then
257
-			echo
258
-			ewarn "Info: Missing load balancing scheduler algorithm module"
259
-			ewarn "(They were split off from proxy_balancer in 2.3)"
260
-			ewarn "In order to get the ability of load balancing, at least"
261
-			ewarn "one of these modules has to be present:"
262
-			ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
263
-			echo
264
-		fi
265
-	fi
266
-}
267 0
deleted file mode 100644
... ...
@@ -1,9 +0,0 @@
1
-<IfDefine SSL>
2
-  <IfModule http2_module>
3
-    # enable debugging for this module
4
-    #LogLevel http2:info
5
-
6
-    #Enable HTTP/2 support
7
-    Protocols h2 h2c http/1.1
8
-  </IfModule>
9
-</IfDefine>
10 0
deleted file mode 100644
... ...
@@ -1,133 +0,0 @@
1
-diff -Naur a/modules/md/md_curl.c b/modules/md/md_curl.c
2
-+++ b/modules/md/md_curl.c	2021-09-19 19:14:35.987795057 +0200
3
-@@ -491,7 +491,7 @@
4
-             else if (APR_STATUS_IS_ENOENT(rv)) {
5
-                 md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, 0, p, 
6
-                               "multi_perform[%d reqs]: no more requests", requests->nelts);
7
--                if (!running) {
8
-+                if (!requests->nelts) {
9
-                     goto leave;
10
-                 }
11
-                 break;
12
-@@ -524,13 +524,13 @@
13
-         }
14
- 
15
-         /* process status messages, e.g. that a request is done */
16
--        while (1) {
17
-+        while (running < requests->nelts) {
18
-             curlmsg = curl_multi_info_read(curlm, &msgcount);
19
-             if (!curlmsg) break;
20
-             if (curlmsg->msg == CURLMSG_DONE) {
21
-                 req = find_curl_request(requests, curlmsg->easy_handle);
22
-                 if (req) {
23
--                    md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, 0, p, 
24
-+                    md_log_perror(MD_LOG_MARK, MD_LOG_TRACE2, 0, p,
25
-                                   "multi_perform[%d reqs]: req[%d] done", 
26
-                                   requests->nelts, req->id);
27
-                     update_status(req);
28
-@@ -546,7 +546,6 @@
29
-                 }
30
-             }
31
-         }
32
--        assert(running == requests->nelts);
33
-     };
34
- 
35
- leave:
36
-diff -Naur a/modules/md/md_ocsp.c b/modules/md/md_ocsp.c
37
-+++ b/modules/md/md_ocsp.c	2021-09-19 19:14:35.987795057 +0200
38
-@@ -339,7 +339,7 @@
39
-     rv = md_cert_get_ocsp_responder_url(&ostat->responder_url, reg->p, cert);
40
-     if (APR_SUCCESS != rv) {
41
-         md_log_perror(MD_LOG_MARK, MD_LOG_ERR, rv, reg->p,
42
--                      "md[%s]: certificate with serial %s has not OCSP responder URL",
43
-+                      "md[%s]: certificate with serial %s has no OCSP responder URL",
44
-                       name, md_cert_get_serial_number(cert, reg->p));
45
-         goto cleanup;
46
-     }
47
-@@ -609,7 +609,11 @@
48
-     if (NULL == (ocsp_resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char**)&der.data, 
49
-                                                (long)der.len))) {
50
-         rv = APR_EINVAL;
51
--        md_result_set(update->result, rv, "response body does not parse as OCSP response");
52
-+
53
-+        md_result_set(update->result, rv,
54
-+                      apr_psprintf(req->pool, "req[%d] response body does not parse as "
55
-+                                   "OCSP response, status=%d, body brigade length=%ld",
56
-+                                   resp->req->id, resp->status, (long)der.len));
57
-         md_result_log(update->result, MD_LOG_DEBUG);
58
-         goto cleanup;
59
-     }
60
-@@ -635,7 +639,7 @@
61
-      * to accept it. */
62
-     switch ((n = OCSP_check_nonce(ostat->ocsp_req, basic_resp))) {
63
-         case 1:
64
--            md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, req->pool, 
65
-+            md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, 0, req->pool,
66
-                           "req[%d]: OCSP respoonse nonce does match", req->id);
67
-             break;
68
-         case 0:
69
-@@ -645,7 +649,7 @@
70
-             goto cleanup;
71
-             
72
-         case -1:
73
--            md_log_perror(MD_LOG_MARK, MD_LOG_TRACE1, 0, req->pool, 
74
-+            md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, 0, req->pool,
75
-                           "req[%d]: OCSP respoonse did not return the nonce", req->id);
76
-             break;
77
-         default:
78
-@@ -832,6 +836,9 @@
79
-             md_http_set_on_status_cb(req, ostat_on_req_status, update);
80
-             md_http_set_on_response_cb(req, ostat_on_resp, update);
81
-             rv = APR_SUCCESS;
82
-+            md_log_perror(MD_LOG_MARK, MD_LOG_TRACE2, 0, req->pool,
83
-+                          "scheduling OCSP request for %s, %d request in flight",
84
-+                          ostat->md_name, in_flight);
85
-         }
86
-     }
87
- cleanup:
88
-diff -Naur a/modules/md/md_reg.c b/modules/md/md_reg.c
89
-+++ b/modules/md/md_reg.c	2021-09-19 19:14:35.988795057 +0200
90
-@@ -549,7 +549,11 @@
91
-         rv = md_pubcert_load(reg->store, group, md->name, spec, &certs, p);
92
-     }
93
-     if (APR_SUCCESS != rv) goto leave;
94
--            
95
-+    if (certs->nelts == 0) {
96
-+        rv = APR_ENOENT;
97
-+        goto leave;
98
-+    }
99
-+
100
-     pubcert = apr_pcalloc(p, sizeof(*pubcert));
101
-     pubcert->certs = certs;
102
-     cert = APR_ARRAY_IDX(certs, 0, const md_cert_t *);
103
-diff -Naur a/modules/md/md_store_fs.c b/modules/md/md_store_fs.c
104
-+++ b/modules/md/md_store_fs.c	2021-09-19 19:14:35.988795057 +0200
105
-@@ -508,19 +508,21 @@
106
- 
107
-     rv = md_util_is_dir(*pdir, p);
108
-     if (APR_STATUS_IS_ENOENT(rv)) {
109
--        md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, p, "not a directory, creating %s", *pdir);
110
-+        md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, rv, p, "not a directory, creating %s", *pdir);
111
-         rv = apr_dir_make_recursive(*pdir, perms->dir, p);
112
-         if (APR_SUCCESS != rv) goto cleanup;
113
-         dispatch(s_fs, MD_S_FS_EV_CREATED, group, *pdir, APR_DIR, p);
114
-     }
115
- 
116
-     rv = apr_file_perms_set(*pdir, perms->dir);
117
--    md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, p, "mk_group_dir %s perm set", *pdir);
118
-+    md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, rv, p, "mk_group_dir %s perm set", *pdir);
119
-     if (APR_STATUS_IS_ENOTIMPL(rv)) {
120
-         rv = APR_SUCCESS;
121
-     }
122
- cleanup:
123
--    md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, p, "mk_group_dir %d %s", group, name);
124
-+    if (APR_SUCCESS != rv) {
125
-+        md_log_perror(MD_LOG_MARK, MD_LOG_ERR, rv, p, "mk_group_dir %d %s", group, name);
126
-+    }
127
-     return rv;
128
- }
129
- 
130 0
deleted file mode 100644
... ...
@@ -1,80 +0,0 @@
1
-diff -Naurp a/modules/md/md_curl.c b/modules/md/md_curl.c
2
-+++ b/modules/md/md_curl.c	2021-09-15 15:37:32.716291831 +0200
3
-@@ -493,7 +493,7 @@ static apr_status_t md_curl_multi_perfor
4
-             else if (APR_STATUS_IS_ENOENT(rv)) {
5
-                 md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, 0, p, 
6
-                               "multi_perform[%d reqs]: no more requests", requests->nelts);
7
--                if (!running) {
8
-+                if (!requests->nelts) {
9
-                     goto leave;
10
-                 }
11
-                 break;
12
-@@ -526,13 +526,13 @@ static apr_status_t md_curl_multi_perfor
13
-         }
14
- 
15
-         /* process status messages, e.g. that a request is done */
16
--        while (1) {
17
-+        while (running < requests->nelts) {
18
-             curlmsg = curl_multi_info_read(curlm, &msgcount);
19
-             if (!curlmsg) break;
20
-             if (curlmsg->msg == CURLMSG_DONE) {
21
-                 req = find_curl_request(requests, curlmsg->easy_handle);
22
-                 if (req) {
23
--                    md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, 0, p, 
24
-+                    md_log_perror(MD_LOG_MARK, MD_LOG_TRACE2, 0, p,
25
-                                   "multi_perform[%d reqs]: req[%d] done", 
26
-                                   requests->nelts, req->id);
27
-                     update_status(req);
28
-@@ -548,7 +548,6 @@ static apr_status_t md_curl_multi_perfor
29
-                 }
30
-             }
31
-         }
32
--        assert(running == requests->nelts);
33
-     };
34
- 
35
- leave:
36
-diff -Naurp a/modules/md/md_ocsp.c b/modules/md/md_ocsp.c
37
-+++ b/modules/md/md_ocsp.c	2021-09-15 15:37:32.717291832 +0200
38
-@@ -633,7 +633,11 @@ static apr_status_t ostat_on_resp(const
39
-     if (NULL == (ocsp_resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char**)&der.data, 
40
-                                                (long)der.len))) {
41
-         rv = APR_EINVAL;
42
--        md_result_set(update->result, rv, "response body does not parse as OCSP response");
43
-+
44
-+        md_result_set(update->result, rv,
45
-+                      apr_psprintf(req->pool, "req[%d] response body does not parse as "
46
-+                                   "OCSP response, status=%d, body brigade length=%ld",
47
-+                                   resp->req->id, resp->status, (long)der.len));
48
-         md_result_log(update->result, MD_LOG_DEBUG);
49
-         goto cleanup;
50
-     }
51
-@@ -659,7 +663,7 @@ static apr_status_t ostat_on_resp(const
52
-      * to accept it. */
53
-     switch ((n = OCSP_check_nonce(ostat->ocsp_req, basic_resp))) {
54
-         case 1:
55
--            md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, req->pool, 
56
-+            md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, 0, req->pool,
57
-                           "req[%d]: OCSP respoonse nonce does match", req->id);
58
-             break;
59
-         case 0:
60
-@@ -669,7 +673,7 @@ static apr_status_t ostat_on_resp(const
61
-             goto cleanup;
62
-             
63
-         case -1:
64
--            md_log_perror(MD_LOG_MARK, MD_LOG_TRACE1, 0, req->pool, 
65
-+            md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, 0, req->pool,
66
-                           "req[%d]: OCSP respoonse did not return the nonce", req->id);
67
-             break;
68
-         default:
69
-@@ -827,6 +831,9 @@ static apr_status_t next_todo(md_http_re
70
-             md_http_set_on_status_cb(req, ostat_on_req_status, update);
71
-             md_http_set_on_response_cb(req, ostat_on_resp, update);
72
-             rv = APR_SUCCESS;
73
-+            md_log_perror(MD_LOG_MARK, MD_LOG_TRACE2, 0, req->pool,
74
-+                          "scheduling OCSP request for %s, %d request in flight",
75
-+                          ostat->md_name, in_flight);
76
-         }
77
-     }
78
- cleanup:
79 0
deleted file mode 100644
... ...
@@ -1,2 +0,0 @@
1
-d /run/apache2 710 root apache
2
-d /run/apache_ssl_mutex
3 0
deleted file mode 100644
... ...
@@ -1,27 +0,0 @@
1
-[Unit]
2
-Description=The Apache HTTP Server
3
-After=network.target remote-fs.target nss-lookup.target
4
-
5
-[Service]
6
-EnvironmentFile=/etc/conf.d/apache2
7
-ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND
8
-ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful
9
-ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop
10
-# We want systemd to give httpd some time to finish gracefully, but still want
11
-# it to kill httpd after TimeoutStopSec if something went wrong during the
12
-# graceful stop. Normally, Systemd sends SIGTERM signal right after the
13
-# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
14
-# httpd time to finish.
15
-KillSignal=SIGCONT
16
-PrivateTmp=true
17
-#Hardening
18
-PrivateTmp=true
19
-CapabilityBoundingSet=CAP_CHOWN CAP_SETGID CAP_SETUID CAP_DAC_OVERRIDE CAP_KILL CAP_NET_BIND_SERVICE CAP_IPC_LOCK
20
-SecureBits=noroot-locked
21
-ProtectSystem=full
22
-NoNewPrivileges=true
23
-PrivateDevices=true
24
-MemoryDenyWriteExecute=true
25
-
26
-[Install]
27
-WantedBy=multi-user.target
28 0
deleted file mode 100644
... ...
@@ -1,20 +0,0 @@
1
-<?xml version="1.0" encoding="UTF-8"?>
2
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
3
-<pkgmetadata>
4
-	<maintainer type="project">
5
-		<email>apache-bugs@gentoo.org</email>
6
-		<name>Apache project</name>
7
-	</maintainer>
8
-	<longdescription>
9
-		The Apache HTTP Server Project is an effort to develop and maintain an
10
-		open-source HTTP server for modern operating systems. The goal of this
11
-		project is to provide a secure, efficient and extensible server that
12
-		provides HTTP services in sync with the current HTTP standards.
13
-	</longdescription>
14
-	<use>
15
-		<flag name="suexec">Install suexec with apache</flag>
16
-		<flag name="suexec-caps">Install suexec with capabilities instead of SUID</flag>
17
-		<flag name="suexec-syslog">Log suexec to syslog instead of to a separate file</flag>
18
-		<flag name="static">Link in apache2 modules statically rather then plugins</flag>
19
-	</use>
20
-</pkgmetadata>