This repository has been archived by the owner on Sep 23, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathhttpd24u.spec
1515 lines (1211 loc) · 51.9 KB
/
httpd24u.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
%global apr apr15u
%global apu apu15u
%global apr_config %{apr}-1-config
%global apu_config %{apu}-1-config
%define contentdir %{_datadir}/httpd
%define docroot /var/www
%define suexec_caller apache
%define mmn 20120211
%define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
%define vstring IUS
%if 0%{?rhel} >= 7
%bcond_without systemd
%bcond_without brotli
%else
%bcond_with systemd
%bcond_with brotli
%endif
# Drop automatic provides for module DSOs
%{?filter_provides_in:%filter_provides_in %{_libdir}/httpd/modules/.*\.so$}
%{?filter_setup}
Summary: Apache HTTP Server
Name: httpd24u
Version: 2.4.58
Release: 1%{?dist}
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source2: httpd.logrotate
Source4: httpd-ssl-pass-dialog
Source5: httpd.tmpfiles
Source6: httpd.service
Source7: action-graceful.sh
Source8: action-configtest.sh
Source10: httpd.conf
Source11: 00-base.conf
Source12: 00-mpm.conf
Source13: 00-lua.conf
Source14: 01-cgi.conf
Source15: 00-dav.conf
Source16: 00-proxy.conf
Source17: 00-ssl.conf
Source18: 01-ldap.conf
Source19: 00-proxyhtml.conf
Source20: userdir.conf
Source21: ssl.conf
Source22: welcome.conf
Source23: manual.conf
Source24: 00-systemd.conf
Source25: 01-session.conf
Source26: 10-listen443.conf
Source27: httpd.socket
Source28: 00-optional.conf
# Documentation
Source30: README.confd
Source31: README.confmod
Source32: httpd.service.xml
Source40: htcacheclean.service
Source41: htcacheclean.sysconf
# Compatibility
Source50: httpd.sysconf
Source51: httpd.init
Source52: htcacheclean.init
Source53: httpd.logrotate-legacy
# build/scripts patches
Patch1: httpd-2.4.1-apctl.patch
Patch2: httpd-2.4.43-apxs.patch
Patch3: httpd-2.4.43-deplibs.patch
Patch6: httpd-2.4.3-apctl-systemd.patch
#Patch8: httpd-2.4.35-layout-legacy.patch
# Needed for socket activation and mod_systemd patch
Patch19: httpd-2.4.53-detect-systemd.patch
# Features/functional changes
Patch23: httpd-2.4.53-export.patch
Patch24: httpd-2.4.43-corelimit.patch
Patch25: httpd-2.4.54-selinux.patch
Patch26: httpd-2.4.43-gettid.patch
Patch27: httpd-2.4.54-icons.patch
Patch30: httpd-2.4.43-cachehardmax.patch
Patch34: httpd-2.4.43-socket-activation.patch
Patch41: httpd-2.4.43-r1861793+.patch
Patch65: httpd-2.4.51-r1894152.patch
# Security fixes
License: ASL 2.0
Group: System Environment/Daemons
BuildRequires: autoconf, perl, pkgconfig, findutils, xmlto
BuildRequires: zlib-devel, libselinux-devel, lua-devel
%if %{with brotli}
BuildRequires: brotli-devel
%endif
BuildRequires: %{apr}-devel >= 1.5.0, %{apr}-util-devel >= 1.5.0, pcre-devel >= 5.0
BuildRequires: libnghttp2-devel
%{?with_systemd:BuildRequires: systemd-devel}
Requires: /etc/mime.types, system-logos >= 7.92.1-1
Provides: webserver
Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
Requires: %{name}-tools = %{version}-%{release}
Requires: %{name}-filesystem = %{version}-%{release}
Requires(pre): %{name}-filesystem = %{version}-%{release}
%if %{with systemd}
Requires(preun): systemd-units
Requires(postun): systemd-units
Requires(post): systemd-units
%else
Requires: initscripts >= 8.36
Requires(post): chkconfig
%endif
# mod_proxy_uwsgi merged into httpd
# https://github.com/unbit/uwsgi/issues/1636
Provides: %{name}-mod_proxy_uwsgi = %{version}-%{release}
Obsoletes: %{name}-mod_proxy_uwsgi < 2.0.16-2.ius
# safe replacement
Provides: httpd = %{version}-%{release}
Provides: httpd%{?_isa} = %{version}-%{release}
Conflicts: httpd < %{version}-%{release}
%description
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
%package devel
Group: Development/Libraries
Summary: Development interfaces for the Apache HTTP Server
Requires: %{apr}-devel >= 1.5.0, %{apr}-util-devel >= 1.5.0, pkgconfig
Requires: %{name} = %{version}-%{release}
# safe replacement
Provides: httpd-devel = %{version}-%{release}
Provides: httpd-devel%{?_isa} = %{version}-%{release}
Conflicts: httpd-devel < %{version}-%{release}
%description devel
The %{name}-devel package contains the APXS binary and other files
that you need to build Dynamic Shared Objects (DSOs) for the
Apache HTTP Server.
If you are installing the Apache HTTP Server and you want to be
able to compile or develop additional modules for Apache, you need
to install this package.
%package manual
Group: Documentation
Summary: Documentation for the Apache HTTP Server
Requires: %{name} = %{version}-%{release}
BuildArch: noarch
# safe replacement
Provides: httpd-manual = %{version}-%{release}
Provides: httpd-manual%{?_isa} = %{version}-%{release}
Conflicts: httpd-manual < %{version}-%{release}
%description manual
The %{name}-manual package contains the complete manual and
reference guide for the Apache HTTP Server. The information can
also be found at https://httpd.apache.org/docs/2.4/.
%package filesystem
Group: System Environment/Daemons
Summary: The basic directory layout for the Apache HTTP Server
BuildArch: noarch
Requires(pre): /usr/sbin/useradd
Requires(pre): /usr/sbin/groupadd
# safe replacement
Provides: httpd-filesystem = %{version}-%{release}
Provides: httpd-filesystem%{?_isa} = %{version}-%{release}
Conflicts: httpd-filesystem < %{version}-%{release}
%description filesystem
The %{name}-filesystem package contains the basic directory layout
for the Apache HTTP Server including the correct permissions
for the directories.
%package tools
Group: System Environment/Daemons
Summary: Tools for use with the Apache HTTP Server
# safe replacement
Provides: httpd-tools = %{version}-%{release}
Provides: httpd-tools%{?_isa} = %{version}-%{release}
Conflicts: httpd-tools < %{version}-%{release}
%description tools
The %{name}-tools package contains tools which can be used with
the Apache HTTP Server.
%package mod_ssl
Group: System Environment/Daemons
Summary: SSL/TLS module for the Apache HTTP Server
Epoch: 1
BuildRequires: openssl-devel
Requires(post): openssl, /bin/cat, /bin/hostname
Requires(pre): %{name}-filesystem
Requires: %{name} = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
# rename from mod24u_ssl
Provides: mod24u_ssl = 1:%{version}-%{release}
Provides: mod24u_ssl%{?_isa} = 1:%{version}-%{release}
Obsoletes: mod24u_ssl < 1:2.4.20-2.ius
# safe replacement
Provides: mod_ssl = 1:%{version}-%{release}
Provides: mod_ssl%{?_isa} = 1:%{version}-%{release}
Conflicts: mod_ssl < 1:%{version}-%{release}
%description mod_ssl
The mod_ssl module provides strong cryptography for the Apache Web
server via the Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols.
%package mod_proxy_html
Group: System Environment/Daemons
Summary: HTML and XML content filters for the Apache HTTP Server
Requires: %{name} = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
BuildRequires: libxml2-devel
Epoch: 1
# rename from mod24u_proxy_html
Provides: mod24u_proxy_html = 1:%{version}-%{release}
Provides: mod24u_proxy_html%{?_isa} = 1:%{version}-%{release}
Obsoletes: mod24u_proxy_html < 1:2.4.20-2.ius
# safe replacement
Provides: mod_proxy_html = 1:%{version}-%{release}
Provides: mod_proxy_html%{?_isa} = 1:%{version}-%{release}
Conflicts: mod_proxy_html < 1:%{version}-%{release}
%description mod_proxy_html
The mod_proxy_html and mod_xml2enc modules provide filters which can
transform and modify HTML and XML content.
%package mod_ldap
Group: System Environment/Daemons
Summary: LDAP authentication modules for the Apache HTTP Server
Requires: %{name} = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
Requires: %{apr}-util-ldap >= 1.5.0
# rename from mod24u_ldap
Provides: mod24u_ldap = %{version}-%{release}
Provides: mod24u_ldap%{?_isa} = %{version}-%{release}
Obsoletes: mod24u_ldap < 2.4.20-2.ius
# safe replacement
Provides: mod_ldap = %{version}-%{release}
Provides: mod_ldap%{?_isa} = %{version}-%{release}
Conflicts: mod_ldap < %{version}-%{release}
%description mod_ldap
The mod_ldap and mod_authnz_ldap modules add support for LDAP
authentication to the Apache HTTP Server.
%package mod_session
Group: System Environment/Daemons
Summary: Session interface for the Apache HTTP Server
Requires: %{name} = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
# rename from mod24u_session
Provides: mod24u_session = %{version}-%{release}
Provides: mod24u_session%{?_isa} = %{version}-%{release}
Obsoletes: mod24u_session < 2.4.20-2.ius
# safe replacement
Provides: mod_session = %{version}-%{release}
Provides: mod_session%{?_isa} = %{version}-%{release}
Conflicts: mod_session < %{version}-%{release}
%description mod_session
The mod_session module and associated backends provide an abstract
interface for storing and accessing per-user session data.
%prep
%setup -q -n httpd-%{version}
%patch1 -p1 -b .apctl
%patch2 -p1 -b .apxs
%patch3 -p1 -b .deplibs
%{?with_systemd:%patch6 -p1 -b .apctlsystemd}
%if 0%{?rhel} && 0%{?rhel} < 7
%patch8 -p1 -b .layout
%endif
%patch19 -p1 -b .detectsystemd
%patch23 -p1 -b .export
%patch24 -p1 -b .corelimit
%patch25 -p1 -b .selinux
%patch26 -p1 -b .gettid
%patch27 -p1 -b .icons
%patch30 -p1 -b .cachehardmax
%{?with_systemd:%patch34 -p1 -b .socketactivation}
%patch41 -p1 -b .r1861793+
%patch65 -p1 -b .r1894152
# Patch in the vendor string
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
# Prevent use of setcap in "install-suexec-caps" target.
sed -i '/suexec/s,setcap ,echo Skipping setcap for ,' Makefile.in
# Use custom IUS apr/apu configuration tools.
sed -i '/APR_CONFIG=/s,apr-.*-config,%{apr_config},' configure.in
sed -i '/APU_CONFIG=/s,apu-.*-config,%{apu_config},' configure.in
# Safety check: prevent build if defined MMN does not equal upstream MMN.
vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
if test "x${vmmn}" != "x%{mmn}"; then
: Error: Upstream MMN is now ${vmmn}, packaged MMN is %{mmn}
: Update the mmn macro and rebuild.
exit 1
fi
xmlto man $RPM_SOURCE_DIR/httpd.service.xml
: Building with MMN %{mmn}, MMN-ISA %{mmnisa} and vendor string '%{vstring}'
%build
# forcibly prevent use of bundled apr, apr-util, pcre
rm -rf srclib/{apr,apr-util,pcre}
# regenerate configure scripts
autoheader && autoconf || exit 1
export CFLAGS=$RPM_OPT_FLAGS
export LDFLAGS="-Wl,-z,relro,-z,now"
# Hard-code path to links to avoid unnecessary builddep
export LYNX_PATH=/usr/bin/links
# Build the daemon
./configure \
--prefix=%{_sysconfdir}/httpd \
--exec-prefix=%{_prefix} \
--bindir=%{_bindir} \
--sbindir=%{_sbindir} \
--mandir=%{_mandir} \
--libdir=%{_libdir} \
--sysconfdir=%{_sysconfdir}/httpd/conf \
--includedir=%{_includedir}/httpd \
--libexecdir=%{_libdir}/httpd/modules \
--datadir=%{contentdir} \
--enable-layout=Fedora \
--with-installbuilddir=%{_libdir}/httpd/build \
--enable-mpms-shared=all \
--with-apr=%{_bindir}/%{apr_config} \
--with-apr-util=%{_bindir}/%{apu_config} \
--enable-suexec --with-suexec \
--enable-suexec-capabilities \
--with-suexec-caller=%{suexec_caller} \
--with-suexec-docroot=%{docroot} \
--without-suexec-logfile \
--with-suexec-syslog \
--with-suexec-bin=%{_sbindir}/suexec \
--with-suexec-uidmin=500 --with-suexec-gidmin=100 \
%if %{with brotli}
--with-brotli \
%endif
--enable-pie \
--with-pcre \
--enable-mods-shared=all \
--enable-ssl --with-ssl --disable-distcache \
--enable-proxy --enable-proxy-fdpass \
--enable-cache \
--enable-disk-cache \
--enable-ldap --enable-authnz-ldap \
--enable-cgid --enable-cgi \
--enable-authn-anon --enable-authn-alias \
--disable-imagemap --disable-file-cache \
%if %{with systemd}
--enable-systemd \
%endif
$*
make %{?_smp_mflags}
%install
make DESTDIR=$RPM_BUILD_ROOT install
%if %{with systemd}
# Install systemd service files
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
for s in httpd.service htcacheclean.service httpd.socket; do
install -p -m 644 $RPM_SOURCE_DIR/${s} \
$RPM_BUILD_ROOT%{_unitdir}/${s}
done
%else
# install SYSV init stuff
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
install -m755 $RPM_SOURCE_DIR/httpd.init \
$RPM_BUILD_ROOT/etc/rc.d/init.d/httpd
install -m755 $RPM_SOURCE_DIR/htcacheclean.init \
$RPM_BUILD_ROOT/etc/rc.d/init.d/htcacheclean
%endif
# install conf file/directory
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d
install -m 644 $RPM_SOURCE_DIR/README.confd \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README
install -m 644 $RPM_SOURCE_DIR/README.confmod \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/README
for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \
01-ldap.conf %{?with_systemd:00-systemd.conf} 01-session.conf 00-optional.conf; do
install -m 644 -p $RPM_SOURCE_DIR/$f \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
done
# remove brotli module config if disabled
%if %{without brotli}
sed -e '/brotli_module/d' -i $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/00-base.conf
%endif
%if %{with systemd}
# install systemd override drop directory
# Web application packages can drop snippets into this location if
# they need ExecStart[pre|post].
mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.service.d
mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d
install -m 644 -p $RPM_SOURCE_DIR/10-listen443.conf \
$RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d/10-listen443.conf
%endif
for f in welcome.conf ssl.conf manual.conf userdir.conf; do
install -m 644 -p $RPM_SOURCE_DIR/$f \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/$f
done
%if %{without systemd}
# el6 should use /var/run, not /run
sed -i '/^SSLSessionCache/s,/run,/var/run,' \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ssl.conf
%endif
# Split-out extra config shipped as default in conf.d:
for f in autoindex; do
install -m 644 docs/conf/extra/httpd-${f}.conf \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/${f}.conf
done
# Extra config trimmed:
rm -v docs/conf/extra/httpd-{ssl,userdir}.conf
rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/*.conf
install -m 644 -p $RPM_SOURCE_DIR/httpd.conf \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/httpd.conf
mkdir $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
for s in httpd htcacheclean; do
install -m 644 -p $RPM_SOURCE_DIR/${s}.sysconf \
$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/${s}
done
%if %{with systemd}
# tmpfiles.d configuration
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d
install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \
$RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/httpd.conf
%endif
# Other directories
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \
$RPM_BUILD_ROOT%{?el6:%{_localstatedir}}/run/httpd/htcacheclean
# Substitute in defaults which are usually done (badly) by "make install"
sed -i \
"s,@@ServerRoot@@/var,%{_localstatedir}/lib/dav,;
s,@@ServerRoot@@/user.passwd,/etc/httpd/conf/user.passwd,;
s,@@ServerRoot@@/docs,%{docroot},;
s,@@ServerRoot@@,%{docroot},;
s,@@Port@@,80,;" \
docs/conf/extra/*.conf
# Create cache directory
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd \
$RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/proxy \
$RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/ssl
# Make the MMN accessible to module packages
echo %{mmnisa} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn
mkdir -p $RPM_BUILD_ROOT%{rpmmacrodir}
cat > $RPM_BUILD_ROOT%{rpmmacrodir}/macros.httpd <<EOF
%%_httpd_mmn %{mmnisa}
%%_httpd_apxs %%{_bindir}/apxs
%%_httpd_modconfdir %%{_sysconfdir}/httpd/conf.modules.d
%%_httpd_confdir %%{_sysconfdir}/httpd/conf.d
%%_httpd_contentdir %{contentdir}
%%_httpd_moddir %%{_libdir}/httpd/modules
EOF
# Handle contentdir
mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
install -m 644 -p docs/docroot/index.html \
$RPM_BUILD_ROOT%{contentdir}/noindex/index.html
rm -rf %{contentdir}/htdocs
# remove manual sources
find $RPM_BUILD_ROOT%{contentdir}/manual \( \
-name \*.xml -o -name \*.xml.* -o -name \*.ent -o -name \*.xsl -o -name \*.dtd \
\) -print0 | xargs -0 rm -f
# Strip the manual down just to English and replace the typemaps with flat files:
set +x
for f in `find $RPM_BUILD_ROOT%{contentdir}/manual -name \*.html -type f`; do
if test -f ${f}.en; then
cp ${f}.en ${f}
rm ${f}.*
fi
done
set -x
# Clean Document Root
rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
$RPM_BUILD_ROOT%{docroot}/cgi-bin/*
# Symlink for the powered-by-$DISTRO image:
ln -s ../../pixmaps/poweredby.png \
$RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
# symlinks for /etc/httpd
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
ln -s %{?el6:%{_localstatedir}}/run/httpd $RPM_BUILD_ROOT/etc/httpd/run
ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules
# install http-ssl-pass-dialog
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
install -m755 $RPM_SOURCE_DIR/httpd-ssl-pass-dialog \
$RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog
%if %{with systemd}
# Install action scripts
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd
for f in graceful configtest; do
install -p -m 755 $RPM_SOURCE_DIR/action-${f}.sh \
$RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd/${f}
done
%endif
# Install logrotate config
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
%if %{with systemd}
install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \
%else
install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate-legacy \
%endif
$RPM_BUILD_ROOT/etc/logrotate.d/httpd
# Install systemd service man pages
install -m 644 -p httpd.service.8 httpd.socket.8 \
$RPM_BUILD_ROOT%{_mandir}/man8
# fix man page paths
sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \
-e "s|/usr/local/apache2/conf/mime.types|/etc/mime.types|" \
-e "s|/usr/local/apache2/conf/magic|/etc/httpd/conf/magic|" \
-e "s|/usr/local/apache2/logs/error_log|/var/log/httpd/error_log|" \
-e "s|/usr/local/apache2/logs/access_log|/var/log/httpd/access_log|" \
-e "s|/usr/local/apache2/logs/httpd.pid|%{?el6:%{_localstatedir}}/run/httpd/httpd.pid|" \
-e "s|/usr/local/apache2|/etc/httpd|" < docs/man/httpd.8 \
> $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8
# Make ap_config_layout.h libdir-agnostic
sed -i '/.*DEFAULT_..._LIBEXECDIR/d;/DEFAULT_..._INSTALLBUILDDIR/d' \
$RPM_BUILD_ROOT%{_includedir}/httpd/ap_config_layout.h
# Fix path to instdso in special.mk
sed -i '/instdso/s,top_srcdir,top_builddir,' \
$RPM_BUILD_ROOT%{_libdir}/httpd/build/special.mk
# Remove unpackaged files
rm -vf \
$RPM_BUILD_ROOT%{_libdir}/*.exp \
$RPM_BUILD_ROOT/etc/httpd/conf/mime.types \
$RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.exp \
$RPM_BUILD_ROOT%{_libdir}/httpd/build/config.nice \
$RPM_BUILD_ROOT%{_bindir}/{ap?-config,dbmmanage} \
$RPM_BUILD_ROOT%{_sbindir}/{checkgid,envvars*} \
$RPM_BUILD_ROOT%{contentdir}/htdocs/* \
$RPM_BUILD_ROOT%{_mandir}/man1/dbmmanage.* \
$RPM_BUILD_ROOT%{contentdir}/cgi-bin/*
rm -rf $RPM_BUILD_ROOT/etc/httpd/conf/{original,extra}
%pre filesystem
getent group apache >/dev/null || groupadd -g 48 -r apache
getent passwd apache >/dev/null || \
useradd -r -u 48 -g apache -s /sbin/nologin \
-d %{contentdir} -c "Apache" apache
exit 0
%post
%if %{with systemd}
%systemd_post httpd.service htcacheclean.service httpd.socket
%else
/sbin/chkconfig --add httpd
/sbin/chkconfig --add htcacheclean
%endif
%preun
%if %{with systemd}
%systemd_preun httpd.service htcacheclean.service httpd.socket
%else
if [ $1 = 0 ]; then
/sbin/service httpd stop > /dev/null 2>&1
/sbin/chkconfig --del httpd
/sbin/service htcacheclean stop > /dev/null 2>&1
/sbin/chkconfig --del htcacheclean
fi
%endif
%if %{with systemd}
%postun
%systemd_postun httpd.service htcacheclean.service httpd.socket
%endif
%posttrans
test -f /etc/sysconfig/httpd-disable-posttrans || \
%if %{with systemd}
/bin/systemctl try-restart httpd.service htcacheclean.service >/dev/null 2>&1 || :
%else
/sbin/service httpd condrestart >/dev/null 2>&1 || :
/sbin/service htcacheclean condrestart >/dev/null 2>&1 || :
%endif
%define sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt
%define sslkey %{_sysconfdir}/pki/tls/private/localhost.key
%post mod_ssl
umask 077
if [ -f %{sslkey} -o -f %{sslcert} ]; then
exit 0
fi
%{_bindir}/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 2048 > %{sslkey} 2> /dev/null
FQDN=`hostname`
# A >59 char FQDN means "root@FQDN" exceeds 64-char max length for emailAddress
if [ "x${FQDN}" = "x" -o ${#FQDN} -gt 59 ]; then
FQDN=localhost.localdomain
fi
cat << EOF | %{_bindir}/openssl req -new -key %{sslkey} \
-x509 -sha256 -days 365 -set_serial $RANDOM -extensions v3_req \
-out %{sslcert} 2>/dev/null
--
SomeState
SomeCity
SomeOrganization
SomeOrganizationalUnit
${FQDN}
root@${FQDN}
EOF
%check
# Check the built modules are all PIC
if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then
: modules contain non-relocatable code
exit 1
fi
set +x
rv=0
# Ensure every mod_* that's built is loaded.
for f in $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so; do
m=${f##*/}
if ! grep -q $m $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/*.conf; then
echo ERROR: Module $m not configured. Disable it, or load it.
rv=1
fi
done
# Ensure every loaded mod_* is actually built
mods=`grep -h ^LoadModule $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/*.conf | sed 's,.*modules/,,'`
for m in $mods; do
f=$RPM_BUILD_ROOT%{_libdir}/httpd/modules/${m}
if ! test -x $f; then
echo ERROR: Module $m is configured but not built.
rv=1
fi
done
set -x
exit $rv
%files
%doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE
%doc docs/conf/extra/*.conf
%{_sysconfdir}/httpd/modules
%{_sysconfdir}/httpd/logs
%{_sysconfdir}/httpd/run
%dir %{_sysconfdir}/httpd/conf
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
%config(noreplace) %{_sysconfdir}/httpd/conf/magic
%config(noreplace) %{_sysconfdir}/logrotate.d/httpd
%config(noreplace) %{_sysconfdir}/httpd/conf.d/*.conf
%exclude %{_sysconfdir}/httpd/conf.d/ssl.conf
%exclude %{_sysconfdir}/httpd/conf.d/manual.conf
%dir %{_sysconfdir}/httpd/conf.modules.d
%{_sysconfdir}/httpd/conf.modules.d/README
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/*.conf
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf
%exclude %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
%config(noreplace) %{_sysconfdir}/sysconfig/httpd
%config(noreplace) %{_sysconfdir}/sysconfig/htcacheclean
%if %{with systemd}
%{_prefix}/lib/tmpfiles.d/httpd.conf
%dir %{_libexecdir}/initscripts/legacy-actions/httpd
%{_libexecdir}/initscripts/legacy-actions/httpd/*
%endif
%{_sbindir}/ht*
%{_sbindir}/fcgistarter
%{_sbindir}/apachectl
%{_sbindir}/rotatelogs
%if 0%{?rhel} >= 7
%caps(cap_setuid,cap_setgid+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
%else
%attr(4510,root,%{suexec_caller}) %{_sbindir}/suexec
%endif
%dir %{_libdir}/httpd
%dir %{_libdir}/httpd/modules
%{_libdir}/httpd/modules/mod*.so
%exclude %{_libdir}/httpd/modules/mod_auth_form.so
%exclude %{_libdir}/httpd/modules/mod_ssl.so
%exclude %{_libdir}/httpd/modules/mod_*ldap.so
%exclude %{_libdir}/httpd/modules/mod_proxy_html.so
%exclude %{_libdir}/httpd/modules/mod_xml2enc.so
%exclude %{_libdir}/httpd/modules/mod_session*.so
%dir %{contentdir}/error
%dir %{contentdir}/error/include
%dir %{contentdir}/noindex
%{contentdir}/icons/*
%{contentdir}/error/README
%{contentdir}/error/*.var
%{contentdir}/error/include/*.html
%{contentdir}/noindex/index.html
%attr(0710,root,apache) %dir %{?el6:%{_localstatedir}}/run/httpd
%attr(0700,apache,apache) %dir %{?el6:%{_localstatedir}}/run/httpd/htcacheclean
%attr(0700,root,root) %dir %{_localstatedir}/log/httpd
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
%{_mandir}/man8/*
%if %{with systemd}
%{_unitdir}/httpd.service
%{_unitdir}/htcacheclean.service
%{_unitdir}/httpd.socket
%else
# sysvinit
%{_sysconfdir}/rc.d/init.d/httpd
%{_sysconfdir}/rc.d/init.d/htcacheclean
%endif
%files filesystem
%dir %{_sysconfdir}/httpd
%dir %{_sysconfdir}/httpd/conf.d
%{_sysconfdir}/httpd/conf.d/README
%dir %{docroot}
%dir %{docroot}/cgi-bin
%dir %{docroot}/html
%dir %{contentdir}
%dir %{contentdir}/icons
%if %{with systemd}
%attr(755,root,root) %dir %{_unitdir}/httpd.service.d
%attr(755,root,root) %dir %{_unitdir}/httpd.socket.d
%endif
%files tools
%{_bindir}/*
%{_mandir}/man1/*
%doc LICENSE NOTICE
%exclude %{_bindir}/apxs
%exclude %{_mandir}/man1/apxs.1*
%files manual
%{contentdir}/manual
%config(noreplace) %{_sysconfdir}/httpd/conf.d/manual.conf
%files mod_ssl
%{_libdir}/httpd/modules/mod_ssl.so
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
%config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf
%attr(0700,apache,root) %dir %{_localstatedir}/cache/httpd/ssl
%{_libexecdir}/httpd-ssl-pass-dialog
%{?with_systemd:%{_unitdir}/httpd.socket.d/10-listen443.conf}
%files mod_proxy_html
%{_libdir}/httpd/modules/mod_proxy_html.so
%{_libdir}/httpd/modules/mod_xml2enc.so
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
%files mod_ldap
%{_libdir}/httpd/modules/mod_*ldap.so
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-ldap.conf
%files mod_session
%{_libdir}/httpd/modules/mod_session*.so
%{_libdir}/httpd/modules/mod_auth_form.so
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
%files devel
%{_includedir}/httpd
%{_bindir}/apxs
%{_mandir}/man1/apxs.1*
%dir %{_libdir}/httpd/build
%{_libdir}/httpd/build/*.mk
%{_libdir}/httpd/build/*.sh
%{rpmmacrodir}/macros.httpd
%changelog
* Thu Oct 19 2023 Reporter4u <[email protected]> - 2.4.58-1
- Update to upstream 2.4.58 (Bugfix and improvements)
- Fixes CVE-2023-45802, CVE-2023-43622, CVE-2023-31122
* Fri Apr 07 2023 Reporter4u <[email protected]> - 2.4.57-1
- Update to upstream 2.4.57 (Bugfix and improvements)
* Thu Mar 09 2023 Reporter4u <[email protected]> - 2.4.56-1
- Update to upstream 2.4.56
- Fixes CVE-2023-27522, CVE-2023-25690
* Tue Jan 17 2023 Jeff Sheltren <[email protected]> - 2.4.55-1
- Update to upstream 2.4.55
- Fixes CVE-2022-37436, CVE-2022-36760, CVE-2006-20001
* Mon Jul 11 2022 Reporter4u <[email protected]> - 2.4.54-2
- Update patch httpd-2.4.54-icons.patch from FC
- Update patch httpd-2.4.54-selinux.patch from FC
* Thu Jun 09 2022 Reporter4u <[email protected]> - 2.4.54-1
- Latest upstream
* Mon Mar 14 2022 Reporter4u <[email protected]> - 2.4.53-1
- Updated to 2.4.53 from Upstream
* Thu Jan 06 2022 Steve Simpson <[email protected]> - 2.4.52-1
- Updated to 2.4.52 from Upstream
- Added patch r1894152 from FC
* Fri Oct 08 2021 Steve Simpson <[email protected]> - 2.4.51-1
- Latest upstream
* Tue Oct 05 2021 Reporter4u <[email protected]> - 2.4.50-1
- Latest upstream
* Fri Jun 04 2021 Steve Simpson <[email protected]> - 2.4.48-1
- Latest upstream
* Tue Sep 01 2020 Steve Simpson <[email protected]> - 2.4.46-1
- Latest upstream
- Synced with Fedora patches
* Tue Jun 09 2020 Steve Simpson <[email protected]> - 2.4.43-1
- Latest upstream
* Tue Aug 20 2019 Andreas Schnederle-Wagner <[email protected]> - 2.4.41-1
- Latest upstream
* Thu Jun 13 2019 Carl George <[email protected]> - 2.4.39-2
- Enable mod_brotli
- Fix systemd_postun usage
* Tue Apr 02 2019 Carl George <[email protected]> - 2.4.39-1.ius
- Latest upstream
* Mon Mar 11 2019 Carl George <[email protected]> - 2.4.38-1.ius
- Latest upstream
* Mon Jan 07 2019 Carl George <[email protected]> - 2.4.37-1.ius
- Latest upstream
* Tue Oct 16 2018 Carl George <[email protected]> - 2.4.35-1.ius
- Latest upstream
* Tue Aug 07 2018 Carl George <[email protected]> - 2.4.34-1.ius
- Latest upstream
- mod_systemd: show bound ports in status and log to journal at startup (Fedora)
* Wed Apr 18 2018 Carl George <[email protected]> - 2.4.33-3.ius
- Fix pid file location on EL6
* Tue Apr 17 2018 Carl George <[email protected]> - 2.4.33-2.ius
- Restore systemd conditional to ship correct files
* Thu Mar 29 2018 Carl George <[email protected]> - 2.4.33-1.ius
- Latest upstream
- Set vstring to IUS
- Reduce suexec uidmin and gidmin to match RHEL
- Drop NPN patch, no longer supported in major browsers
- Obsolete httpd24u-mod_proxy_uwsgi, merged upstream and is now part of this package
- Add patch58 to set worker secret passed to tomcat in mod_proxy_ajp (Fedora)
* Mon Oct 23 2017 Carl George <[email protected]> - 2.4.29-1.ius
- Latest upstream
- Correct link in -manual %%description
* Wed Oct 04 2017 Ben Harper <[email protected]> - 2.4.28-1.ius
- Latest upstream
- Remove Patch57, fixed upsteam
- Update Source29 from Fedora:
https://src.fedoraproject.org/rpms/httpd/c/adcaa3428979e75ed3cc4e3a942842be7b16cfa2
- use https for URL and Source0 from Fedora:
https://src.fedoraproject.org/rpms/httpd/c/ddabcffa42aeee042fbe2af37931158ec539cb80
- move service.d and socket.d folders to -filesystem from Fedora:
https://src.fedoraproject.org/rpms/httpd/c/a7a88382f7efa6154d762b7a7a22fc7e4d057adb
- update Source32 from Fedora:
https://src.fedoraproject.org/rpms/httpd/c/870b71c4f0c8e363d0e46c365f5d85fa76b62803
* Mon Aug 07 2017 Carl George <[email protected]> - 2.4.27-2.ius
- Rebuild for EL7.4's openssl-1.0.2k
* Mon Jul 10 2017 Ben Harper <[email protected]> - 2.4.27-1.ius
- Latest upstream
* Mon Jun 19 2017 Ben Harper <[email protected]> - 2.4.26-1.ius
- Latest upstream
- update Patch19 and Patch25 from Fedora along with tweaks for better separation of systemd and selinux to build on el6
http://pkgs.fedoraproject.org/cgit/rpms/httpd.git/commit/?id=59afc1533e764a1108136ae1aab3671632aa3797
- refresh Patch28
- update Patch57 from Fedora
http://pkgs.fedoraproject.org/cgit/rpms/httpd.git/commit/?id=fd6452a0f2d4aa85e5f8e757be7f0b89511cdf0e
- update Source6 and Source27 and add latest version of Source32 from Fedora
http://pkgs.fedoraproject.org/cgit/rpms/httpd.git/commit/?id=fce414a1c1f39ab4631e9747b212e037276d295d
- remove Patch58, fixed upstream
* Mon May 22 2017 Carl George <[email protected]> - 2.4.25-4.ius
- Disable SSLv3
- Sync ssl.conf with upstream
* Mon Jan 30 2017 Carl George <[email protected]> - 2.4.25-3.ius
- mod_watchdog: restrict thread lifetime (#1410883) (Fedora)
- Re-enable mod_proxy_hcheck
- Remove unneeded oldmmnisa macro
* Fri Jan 06 2017 Carl George <[email protected]> - 2.4.25-2.ius
- Disable mod_proxy_hcheck (rhbz#1410883)
- Remove patch 100, fixed upstream
- Require nghttp2 >= 1.5.0 (Fedora)
- Use correct macros directory via %%rpmmacrodir (from epel-rpm-macros)
- mod_ssl: use "localhost" in the dummy SSL cert if len(FQDN) > 59 chars (Fedora)
* Tue Dec 20 2016 Brandon Tomlinson <[email protected]> - 2.4.25-1.ius
- Latest upstream
- Removing patch 101, it is merged upstream
- Removing patch 55, it is merged upstream
* Wed Dec 07 2016 Carl George <[email protected]> - 2.4.23-4.ius
- Import Patch101 from Fedora to address CVE-2016-8740
* Fri Aug 26 2016 Ben Harper <[email protected]> - 2.4.23-3.ius
- update httpd.service to use /etc/sysconfig/httpd, see #11
* Fri Jul 22 2016 Carl George <[email protected]> - 2.4.23-2.ius
- Restore build of mod_proxy_fdpass (Fedora)
- Improve check tests to catch configured-but-not-built modules (Fedora)
- Load mod_watchdog by default (Fedora)
- Re-enable mod_asis due to popular demand (Fedora)
- Load mod_proxy_hcheck (Fedora)
- Recommend use of "systemctl edit" in httpd.service (Fedora)
- Add security fix for CVE-2016-5387 (Fedora)
- Use redirects for lang-specific /manual/ URLs (Fedora)
* Tue Jul 05 2016 Ben Harper <[email protected]> - 2.4.23-1.ius
- Latest upstream
- update Source28 to include mod_proxy_hcheck
* Mon Jun 06 2016 Carl George <[email protected]> - 2.4.20-3.ius
- Add patch for NPN support from httpd24-httpd SCL
* Wed May 11 2016 Carl George <[email protected]> - 2.4.20-2.ius
- Rename module subpackages from mod24u_* to httpd24u-mod_*
- Remove httpd24u pre script (duplicate of httpd24u-filesystem's) (Fedora)
- In httpd24u-filesystem pre script, create group/user if non-existent (Fedora)
- Check every built mod_* is configured (Fedora)
- Don't build mod_asis, mod_file_cache (Fedora)
- Load mod_cache_socache, mod_proxy_wstunnel by default (Fedora)
- Reference httpd24u explictly in requires and descriptions
- Add epochs to provides/conflicts on mod_ssl and mod_proxy_html subpackages
* Mon Apr 11 2016 Ben Harper <[email protected]> - 2.4.20-1.ius
- Latest upstream