1 |
commit: bf620fd588cd625269e3b9fb604b18655bca2722 |
2 |
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Oct 5 20:42:19 2021 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Oct 5 20:42:19 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf620fd5 |
7 |
|
8 |
www-servers/apache: Security cleanup |
9 |
|
10 |
Bug: https://bugs.gentoo.org/816399 |
11 |
Bug: https://bugs.gentoo.org/813429 |
12 |
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> |
13 |
|
14 |
www-servers/apache/Manifest | 2 - |
15 |
www-servers/apache/apache-2.4.48-r3.ebuild | 262 ----------------------------- |
16 |
www-servers/apache/apache-2.4.49.ebuild | 262 ----------------------------- |
17 |
3 files changed, 526 deletions(-) |
18 |
|
19 |
diff --git a/www-servers/apache/Manifest b/www-servers/apache/Manifest |
20 |
index 9415316d4f0..8fca05fbe7d 100644 |
21 |
--- a/www-servers/apache/Manifest |
22 |
+++ b/www-servers/apache/Manifest |
23 |
@@ -1,4 +1,2 @@ |
24 |
DIST gentoo-apache-2.4.46-r6-20210212.tar.bz2 25854 BLAKE2B 001f16c1beac8c90fd407bb2f77417f886296baf02acf0f6d81dc0f10c209270db7005f58d845d309dec8332773556da88db41a57c6ecc86f24b8a5141ba07d0 SHA512 976dde952277542efca70831b67da32b8bf636a346adeeb6e0bc5a65b3543a7ca4fb182bc01204f747b583dd753607d184d91ef46a93d5e2f3ab55ed787860a2 |
25 |
-DIST httpd-2.4.48.tar.bz2 7194385 BLAKE2B 5006535dc15b703b4388d90d57559bd882f16210c2f38f4d773312ed8322803629deee18709ca4446000c20c94ff8b0037acbe4dddab9cdbe45417079f708039 SHA512 6c250626f1e7d10428a92d984fd48ff841effcc8705f7816ab71b681bbd51d0012ad158dcd13763fe7d630311f2de258b27574603140d648be42796ab8326724 |
26 |
-DIST httpd-2.4.49.tar.bz2 7199599 BLAKE2B 78614647335a2351ce3ffb67f79bffd4aa0f42080a46de1f8d8a75c2ccae24998f5d505e60e9d4a710ff763e6a8cb3abee3da34ff6a7f2e18b68029a8abe80b7 SHA512 418e277232cf30a81d02b8554e31aaae6433bbea842bdb81e47a609469395cc4891183fb6ee02bd669edb2392c2007869b19da29f5998b8fd5c7d3142db310dd |
27 |
DIST httpd-2.4.50.tar.bz2 7653174 BLAKE2B 6bdb26bc03347b9643e973d22726ef283b8d92b675f81e85f4e0470bedf8510bac60cd043fe966bc786d5ae47827ac1bb31da88a0e510f4bb6c665e2075c3beb SHA512 b1afbaf44e503b822ff2b443881dcb44a93aa55d496f88ae399a2e7def05f78590f266a16da1f2c0aac88e463b76fba20843b1e20a102e76c8269de6fae3e158 |
28 |
|
29 |
diff --git a/www-servers/apache/apache-2.4.48-r3.ebuild b/www-servers/apache/apache-2.4.48-r3.ebuild |
30 |
deleted file mode 100644 |
31 |
index 86f6bcd3ee9..00000000000 |
32 |
--- a/www-servers/apache/apache-2.4.48-r3.ebuild |
33 |
+++ /dev/null |
34 |
@@ -1,262 +0,0 @@ |
35 |
-# Copyright 1999-2021 Gentoo Authors |
36 |
-# Distributed under the terms of the GNU General Public License v2 |
37 |
- |
38 |
-EAPI=7 |
39 |
- |
40 |
-# latest gentoo apache files |
41 |
-GENTOO_PATCHSTAMP="20210212" |
42 |
-GENTOO_DEVELOPER="polynomial-c" |
43 |
-GENTOO_PATCHNAME="gentoo-apache-2.4.46-r6" |
44 |
- |
45 |
-# IUSE/USE_EXPAND magic |
46 |
-IUSE_MPMS_FORK="prefork" |
47 |
-IUSE_MPMS_THREAD="event worker" |
48 |
- |
49 |
-# << obsolete modules: |
50 |
-# authn_default authz_default mem_cache |
51 |
-# mem_cache is replaced by cache_disk |
52 |
-# ?? buggy modules |
53 |
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found |
54 |
-# >> added modules for reason: |
55 |
-# compat: compatibility with 2.2 access control |
56 |
-# authz_host: new module for access control |
57 |
-# authn_core: functionality provided by authn_alias in previous versions |
58 |
-# authz_core: new module, provides core authorization capabilities |
59 |
-# cache_disk: replacement for mem_cache |
60 |
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3 |
61 |
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3 |
62 |
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3 |
63 |
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3 |
64 |
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests). |
65 |
-# socache_shmcb: shared object cache provider. Default config with ssl needs it |
66 |
-# unixd: fixes startup error: Invalid command 'User' |
67 |
-IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest auth_form |
68 |
-authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authn_socache authz_core |
69 |
-authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex |
70 |
-brotli cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock |
71 |
-dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2 |
72 |
-ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness |
73 |
-lbmethod_heartbeat log_config log_forensic logio lua macro md mime mime_magic negotiation |
74 |
-proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_html proxy_http proxy_scgi |
75 |
-proxy_http2 proxy_fcgi proxy_uwsgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout |
76 |
-session session_cookie session_crypto session_dbd setenvif slotmem_shm speling |
77 |
-socache_memcache socache_shmcb status substitute unique_id userdir usertrack |
78 |
-unixd version vhost_alias watchdog xml2enc" |
79 |
-# The following are also in the source as of this version, but are not available |
80 |
-# for user selection: |
81 |
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export |
82 |
-# optional_fn_import optional_hook_export optional_hook_import |
83 |
- |
84 |
-# inter-module dependencies |
85 |
-# TODO: this may still be incomplete |
86 |
-MODULE_DEPENDS=" |
87 |
- auth_form:session |
88 |
- brotli:filter |
89 |
- dav_fs:dav |
90 |
- dav_lock:dav |
91 |
- deflate:filter |
92 |
- cache_disk:cache |
93 |
- ext_filter:filter |
94 |
- file_cache:cache |
95 |
- lbmethod_byrequests:proxy_balancer |
96 |
- lbmethod_byrequests:slotmem_shm |
97 |
- lbmethod_bytraffic:proxy_balancer |
98 |
- lbmethod_bybusyness:proxy_balancer |
99 |
- lbmethod_heartbeat:proxy_balancer |
100 |
- log_forensic:log_config |
101 |
- logio:log_config |
102 |
- cache_disk:cache |
103 |
- cache_socache:cache |
104 |
- md:watchdog |
105 |
- mime_magic:mime |
106 |
- proxy_ajp:proxy |
107 |
- proxy_balancer:proxy |
108 |
- proxy_balancer:slotmem_shm |
109 |
- proxy_connect:proxy |
110 |
- proxy_ftp:proxy |
111 |
- proxy_html:proxy |
112 |
- proxy_html:xml2enc |
113 |
- proxy_http:proxy |
114 |
- proxy_http2:proxy |
115 |
- proxy_scgi:proxy |
116 |
- proxy_uwsgi:proxy |
117 |
- proxy_fcgi:proxy |
118 |
- proxy_wstunnel:proxy |
119 |
- session_cookie:session |
120 |
- session_dbd:dbd |
121 |
- session_dbd:session |
122 |
- socache_memcache:cache |
123 |
- substitute:filter |
124 |
-" |
125 |
- |
126 |
-# module<->define mappings |
127 |
-MODULE_DEFINES=" |
128 |
- auth_digest:AUTH_DIGEST |
129 |
- authnz_ldap:AUTHNZ_LDAP |
130 |
- cache:CACHE |
131 |
- cache_disk:CACHE |
132 |
- cache_socache:CACHE |
133 |
- dav:DAV |
134 |
- dav_fs:DAV |
135 |
- dav_lock:DAV |
136 |
- file_cache:CACHE |
137 |
- http2:HTTP2 |
138 |
- info:INFO |
139 |
- ldap:LDAP |
140 |
- lua:LUA |
141 |
- md:SSL |
142 |
- proxy:PROXY |
143 |
- proxy_ajp:PROXY |
144 |
- proxy_balancer:PROXY |
145 |
- proxy_connect:PROXY |
146 |
- proxy_ftp:PROXY |
147 |
- proxy_html:PROXY |
148 |
- proxy_http:PROXY |
149 |
- proxy_fcgi:PROXY |
150 |
- proxy_scgi:PROXY |
151 |
- proxy_wstunnel:PROXY |
152 |
- socache_shmcb:SSL |
153 |
- socache_memcache:CACHE |
154 |
- ssl:SSL |
155 |
- status:STATUS |
156 |
- suexec:SUEXEC |
157 |
- userdir:USERDIR |
158 |
-" |
159 |
- |
160 |
-# critical modules for the default config |
161 |
-MODULE_CRITICAL=" |
162 |
- authn_core |
163 |
- authz_core |
164 |
- authz_host |
165 |
- dir |
166 |
- mime |
167 |
- unixd |
168 |
-" |
169 |
-inherit apache-2 systemd tmpfiles toolchain-funcs |
170 |
- |
171 |
-DESCRIPTION="The Apache Web Server" |
172 |
-HOMEPAGE="https://httpd.apache.org/" |
173 |
- |
174 |
-# some helper scripts are Apache-1.1, thus both are here |
175 |
-LICENSE="Apache-2.0 Apache-1.1" |
176 |
-SLOT="2" |
177 |
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x64-macos ~sparc64-solaris ~x64-solaris" |
178 |
- |
179 |
-# FIXME! Move this to eclass once all ebuilds are EAPI-7 |
180 |
-RDEPEND+=" apache2_modules_lua? ( ${LUA_DEPS} )" |
181 |
-REQUIRED_USE+=" apache2_modules_lua? ( ${LUA_REQUIRED_USE} )" |
182 |
- |
183 |
-pkg_setup() { |
184 |
- # dependend critical modules which are not allowed in global scope due |
185 |
- # to USE flag conditionals (bug #499260) |
186 |
- use ssl && MODULE_CRITICAL+=" socache_shmcb" |
187 |
- use doc && MODULE_CRITICAL+=" alias negotiation setenvif" |
188 |
- apache-2_pkg_setup |
189 |
-} |
190 |
- |
191 |
-src_configure() { |
192 |
- # Brain dead check. |
193 |
- tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no" |
194 |
- |
195 |
- apache-2_src_configure |
196 |
-} |
197 |
- |
198 |
-src_compile() { |
199 |
- if tc-is-cross-compiler; then |
200 |
- # This header is the same across targets, so use the build compiler. |
201 |
- pushd server >/dev/null |
202 |
- emake gen_test_char |
203 |
- tc-export_build_env BUILD_CC |
204 |
- ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \ |
205 |
- gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die |
206 |
- popd >/dev/null |
207 |
- fi |
208 |
- |
209 |
- default |
210 |
-} |
211 |
- |
212 |
-src_install() { |
213 |
- apache-2_src_install |
214 |
- local i |
215 |
- local apache_tools_prune_list=( |
216 |
- /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm} |
217 |
- /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs} |
218 |
- /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1} |
219 |
- /usr/share/man/man8/{rotatelogs.8,htcacheclean.8} |
220 |
- ) |
221 |
- for i in ${apache_tools_prune_list[@]} ; do |
222 |
- rm "${ED}"/${i} || die "Failed to prune apache-tools bits" |
223 |
- done |
224 |
- |
225 |
- # install apxs in /usr/bin (bug #502384) and put a symlink into the |
226 |
- # old location until all ebuilds and eclasses have been modified to |
227 |
- # use the new location. |
228 |
- dobin support/apxs |
229 |
- use split-usr && dosym ../bin/apxs /usr/sbin/apxs |
230 |
- |
231 |
- # Note: wait for mod_systemd to be included in some forthcoming release, |
232 |
- # Then apache2.4.service can be used and systemd support controlled |
233 |
- # through --enable-systemd |
234 |
- systemd_newunit "${FILESDIR}/apache2.2-hardened.service" "apache2.service" |
235 |
- dotmpfiles "${FILESDIR}/apache.conf" |
236 |
- #insinto /etc/apache2/modules.d |
237 |
- #doins "${FILESDIR}/00_systemd.conf" |
238 |
- |
239 |
- # Install http2 module config |
240 |
- insinto /etc/apache2/modules.d |
241 |
- doins "${FILESDIR}"/41_mod_http2.conf |
242 |
- |
243 |
- # Fix path to apache libdir |
244 |
- sed "s|@LIBDIR@|$(get_libdir)|" -i "${ED}"/usr/sbin/apache2ctl || die |
245 |
-} |
246 |
- |
247 |
-pkg_postinst() { |
248 |
- echo |
249 |
- ewarn "Downgrading to pre-GLEP 81 user for now." |
250 |
- ewarn "See bug #802495 and bug #803500 for more information." |
251 |
- ewarn "" |
252 |
- ewarn "You will need to run the following command to unlock the user:" |
253 |
- ewarn "usermod -e '' -U apache 2>/dev/null" |
254 |
- echo |
255 |
- |
256 |
- apache-2_pkg_postinst || die "apache-2_pkg_postinst failed" |
257 |
- |
258 |
- tmpfiles_process apache.conf #662544 |
259 |
- |
260 |
- # warnings that default config might not work out of the box |
261 |
- local mod cmod |
262 |
- for mod in ${MODULE_CRITICAL} ; do |
263 |
- if ! use "apache2_modules_${mod}"; then |
264 |
- echo |
265 |
- ewarn "Warning: Critical module not installed!" |
266 |
- ewarn "Modules 'authn_core', 'authz_core' and 'unixd'" |
267 |
- ewarn "are highly recomended but might not be in the base profile yet." |
268 |
- ewarn "Default config for ssl needs module 'socache_shmcb'." |
269 |
- ewarn "Enabling the following flags is highly recommended:" |
270 |
- for cmod in ${MODULE_CRITICAL} ; do |
271 |
- use "apache2_modules_${cmod}" || \ |
272 |
- ewarn "+ apache2_modules_${cmod}" |
273 |
- done |
274 |
- echo |
275 |
- break |
276 |
- fi |
277 |
- done |
278 |
- # warning for proxy_balancer and missing load balancing scheduler |
279 |
- if use apache2_modules_proxy_balancer; then |
280 |
- local lbset= |
281 |
- for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do |
282 |
- if use "apache2_modules_${mod}"; then |
283 |
- lbset=1 && break |
284 |
- fi |
285 |
- done |
286 |
- if [ ! ${lbset} ] ; then |
287 |
- echo |
288 |
- ewarn "Info: Missing load balancing scheduler algorithm module" |
289 |
- ewarn "(They were split off from proxy_balancer in 2.3)" |
290 |
- ewarn "In order to get the ability of load balancing, at least" |
291 |
- ewarn "one of these modules has to be present:" |
292 |
- ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" |
293 |
- echo |
294 |
- fi |
295 |
- fi |
296 |
-} |
297 |
|
298 |
diff --git a/www-servers/apache/apache-2.4.49.ebuild b/www-servers/apache/apache-2.4.49.ebuild |
299 |
deleted file mode 100644 |
300 |
index 1256c94a233..00000000000 |
301 |
--- a/www-servers/apache/apache-2.4.49.ebuild |
302 |
+++ /dev/null |
303 |
@@ -1,262 +0,0 @@ |
304 |
-# Copyright 1999-2021 Gentoo Authors |
305 |
-# Distributed under the terms of the GNU General Public License v2 |
306 |
- |
307 |
-EAPI=7 |
308 |
- |
309 |
-# latest gentoo apache files |
310 |
-GENTOO_PATCHSTAMP="20210212" |
311 |
-GENTOO_DEVELOPER="polynomial-c" |
312 |
-GENTOO_PATCHNAME="gentoo-apache-2.4.46-r6" |
313 |
- |
314 |
-# IUSE/USE_EXPAND magic |
315 |
-IUSE_MPMS_FORK="prefork" |
316 |
-IUSE_MPMS_THREAD="event worker" |
317 |
- |
318 |
-# << obsolete modules: |
319 |
-# authn_default authz_default mem_cache |
320 |
-# mem_cache is replaced by cache_disk |
321 |
-# ?? buggy modules |
322 |
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found |
323 |
-# >> added modules for reason: |
324 |
-# compat: compatibility with 2.2 access control |
325 |
-# authz_host: new module for access control |
326 |
-# authn_core: functionality provided by authn_alias in previous versions |
327 |
-# authz_core: new module, provides core authorization capabilities |
328 |
-# cache_disk: replacement for mem_cache |
329 |
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3 |
330 |
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3 |
331 |
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3 |
332 |
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3 |
333 |
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests). |
334 |
-# socache_shmcb: shared object cache provider. Default config with ssl needs it |
335 |
-# unixd: fixes startup error: Invalid command 'User' |
336 |
-IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest auth_form |
337 |
-authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authn_socache authz_core |
338 |
-authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex |
339 |
-brotli cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock |
340 |
-dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2 |
341 |
-ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness |
342 |
-lbmethod_heartbeat log_config log_forensic logio lua macro md mime mime_magic negotiation |
343 |
-proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_html proxy_http proxy_scgi |
344 |
-proxy_http2 proxy_fcgi proxy_uwsgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout |
345 |
-session session_cookie session_crypto session_dbd setenvif slotmem_shm speling |
346 |
-socache_memcache socache_shmcb status substitute unique_id userdir usertrack |
347 |
-unixd version vhost_alias watchdog xml2enc" |
348 |
-# The following are also in the source as of this version, but are not available |
349 |
-# for user selection: |
350 |
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export |
351 |
-# optional_fn_import optional_hook_export optional_hook_import |
352 |
- |
353 |
-# inter-module dependencies |
354 |
-# TODO: this may still be incomplete |
355 |
-MODULE_DEPENDS=" |
356 |
- auth_form:session |
357 |
- brotli:filter |
358 |
- dav_fs:dav |
359 |
- dav_lock:dav |
360 |
- deflate:filter |
361 |
- cache_disk:cache |
362 |
- ext_filter:filter |
363 |
- file_cache:cache |
364 |
- lbmethod_byrequests:proxy_balancer |
365 |
- lbmethod_byrequests:slotmem_shm |
366 |
- lbmethod_bytraffic:proxy_balancer |
367 |
- lbmethod_bybusyness:proxy_balancer |
368 |
- lbmethod_heartbeat:proxy_balancer |
369 |
- log_forensic:log_config |
370 |
- logio:log_config |
371 |
- cache_disk:cache |
372 |
- cache_socache:cache |
373 |
- md:watchdog |
374 |
- mime_magic:mime |
375 |
- proxy_ajp:proxy |
376 |
- proxy_balancer:proxy |
377 |
- proxy_balancer:slotmem_shm |
378 |
- proxy_connect:proxy |
379 |
- proxy_ftp:proxy |
380 |
- proxy_html:proxy |
381 |
- proxy_html:xml2enc |
382 |
- proxy_http:proxy |
383 |
- proxy_http2:proxy |
384 |
- proxy_scgi:proxy |
385 |
- proxy_uwsgi:proxy |
386 |
- proxy_fcgi:proxy |
387 |
- proxy_wstunnel:proxy |
388 |
- session_cookie:session |
389 |
- session_dbd:dbd |
390 |
- session_dbd:session |
391 |
- socache_memcache:cache |
392 |
- substitute:filter |
393 |
-" |
394 |
- |
395 |
-# module<->define mappings |
396 |
-MODULE_DEFINES=" |
397 |
- auth_digest:AUTH_DIGEST |
398 |
- authnz_ldap:AUTHNZ_LDAP |
399 |
- cache:CACHE |
400 |
- cache_disk:CACHE |
401 |
- cache_socache:CACHE |
402 |
- dav:DAV |
403 |
- dav_fs:DAV |
404 |
- dav_lock:DAV |
405 |
- file_cache:CACHE |
406 |
- http2:HTTP2 |
407 |
- info:INFO |
408 |
- ldap:LDAP |
409 |
- lua:LUA |
410 |
- md:SSL |
411 |
- proxy:PROXY |
412 |
- proxy_ajp:PROXY |
413 |
- proxy_balancer:PROXY |
414 |
- proxy_connect:PROXY |
415 |
- proxy_ftp:PROXY |
416 |
- proxy_html:PROXY |
417 |
- proxy_http:PROXY |
418 |
- proxy_fcgi:PROXY |
419 |
- proxy_scgi:PROXY |
420 |
- proxy_wstunnel:PROXY |
421 |
- socache_shmcb:SSL |
422 |
- socache_memcache:CACHE |
423 |
- ssl:SSL |
424 |
- status:STATUS |
425 |
- suexec:SUEXEC |
426 |
- userdir:USERDIR |
427 |
-" |
428 |
- |
429 |
-# critical modules for the default config |
430 |
-MODULE_CRITICAL=" |
431 |
- authn_core |
432 |
- authz_core |
433 |
- authz_host |
434 |
- dir |
435 |
- mime |
436 |
- unixd |
437 |
-" |
438 |
-inherit apache-2 systemd tmpfiles toolchain-funcs |
439 |
- |
440 |
-DESCRIPTION="The Apache Web Server" |
441 |
-HOMEPAGE="https://httpd.apache.org/" |
442 |
- |
443 |
-# some helper scripts are Apache-1.1, thus both are here |
444 |
-LICENSE="Apache-2.0 Apache-1.1" |
445 |
-SLOT="2" |
446 |
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x64-macos ~sparc64-solaris ~x64-solaris" |
447 |
- |
448 |
-# FIXME! Move this to eclass once all ebuilds are EAPI-7 |
449 |
-RDEPEND+=" apache2_modules_lua? ( ${LUA_DEPS} )" |
450 |
-REQUIRED_USE+=" apache2_modules_lua? ( ${LUA_REQUIRED_USE} )" |
451 |
- |
452 |
-pkg_setup() { |
453 |
- # dependend critical modules which are not allowed in global scope due |
454 |
- # to USE flag conditionals (bug #499260) |
455 |
- use ssl && MODULE_CRITICAL+=" socache_shmcb" |
456 |
- use doc && MODULE_CRITICAL+=" alias negotiation setenvif" |
457 |
- apache-2_pkg_setup |
458 |
-} |
459 |
- |
460 |
-src_configure() { |
461 |
- # Brain dead check. |
462 |
- tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no" |
463 |
- |
464 |
- apache-2_src_configure |
465 |
-} |
466 |
- |
467 |
-src_compile() { |
468 |
- if tc-is-cross-compiler; then |
469 |
- # This header is the same across targets, so use the build compiler. |
470 |
- pushd server >/dev/null |
471 |
- emake gen_test_char |
472 |
- tc-export_build_env BUILD_CC |
473 |
- ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \ |
474 |
- gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die |
475 |
- popd >/dev/null |
476 |
- fi |
477 |
- |
478 |
- default |
479 |
-} |
480 |
- |
481 |
-src_install() { |
482 |
- apache-2_src_install |
483 |
- local i |
484 |
- local apache_tools_prune_list=( |
485 |
- /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm} |
486 |
- /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs} |
487 |
- /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1} |
488 |
- /usr/share/man/man8/{rotatelogs.8,htcacheclean.8} |
489 |
- ) |
490 |
- for i in ${apache_tools_prune_list[@]} ; do |
491 |
- rm "${ED}"/${i} || die "Failed to prune apache-tools bits" |
492 |
- done |
493 |
- |
494 |
- # install apxs in /usr/bin (bug #502384) and put a symlink into the |
495 |
- # old location until all ebuilds and eclasses have been modified to |
496 |
- # use the new location. |
497 |
- dobin support/apxs |
498 |
- use split-usr && dosym ../bin/apxs /usr/sbin/apxs |
499 |
- |
500 |
- # Note: wait for mod_systemd to be included in some forthcoming release, |
501 |
- # Then apache2.4.service can be used and systemd support controlled |
502 |
- # through --enable-systemd |
503 |
- systemd_newunit "${FILESDIR}/apache2.2-hardened.service" "apache2.service" |
504 |
- dotmpfiles "${FILESDIR}/apache.conf" |
505 |
- #insinto /etc/apache2/modules.d |
506 |
- #doins "${FILESDIR}/00_systemd.conf" |
507 |
- |
508 |
- # Install http2 module config |
509 |
- insinto /etc/apache2/modules.d |
510 |
- doins "${FILESDIR}"/41_mod_http2.conf |
511 |
- |
512 |
- # Fix path to apache libdir |
513 |
- sed "s|@LIBDIR@|$(get_libdir)|" -i "${ED}"/usr/sbin/apache2ctl || die |
514 |
-} |
515 |
- |
516 |
-pkg_postinst() { |
517 |
- echo |
518 |
- ewarn "Downgrading to pre-GLEP 81 user for now." |
519 |
- ewarn "See bug #802495 and bug #803500 for more information." |
520 |
- ewarn "" |
521 |
- ewarn "You will need to run the following command to unlock the user:" |
522 |
- ewarn "usermod -e '' -U apache 2>/dev/null" |
523 |
- echo |
524 |
- |
525 |
- apache-2_pkg_postinst || die "apache-2_pkg_postinst failed" |
526 |
- |
527 |
- tmpfiles_process apache.conf #662544 |
528 |
- |
529 |
- # warnings that default config might not work out of the box |
530 |
- local mod cmod |
531 |
- for mod in ${MODULE_CRITICAL} ; do |
532 |
- if ! use "apache2_modules_${mod}"; then |
533 |
- echo |
534 |
- ewarn "Warning: Critical module not installed!" |
535 |
- ewarn "Modules 'authn_core', 'authz_core' and 'unixd'" |
536 |
- ewarn "are highly recomended but might not be in the base profile yet." |
537 |
- ewarn "Default config for ssl needs module 'socache_shmcb'." |
538 |
- ewarn "Enabling the following flags is highly recommended:" |
539 |
- for cmod in ${MODULE_CRITICAL} ; do |
540 |
- use "apache2_modules_${cmod}" || \ |
541 |
- ewarn "+ apache2_modules_${cmod}" |
542 |
- done |
543 |
- echo |
544 |
- break |
545 |
- fi |
546 |
- done |
547 |
- # warning for proxy_balancer and missing load balancing scheduler |
548 |
- if use apache2_modules_proxy_balancer; then |
549 |
- local lbset= |
550 |
- for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do |
551 |
- if use "apache2_modules_${mod}"; then |
552 |
- lbset=1 && break |
553 |
- fi |
554 |
- done |
555 |
- if [ ! ${lbset} ] ; then |
556 |
- echo |
557 |
- ewarn "Info: Missing load balancing scheduler algorithm module" |
558 |
- ewarn "(They were split off from proxy_balancer in 2.3)" |
559 |
- ewarn "In order to get the ability of load balancing, at least" |
560 |
- ewarn "one of these modules has to be present:" |
561 |
- ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" |
562 |
- echo |
563 |
- fi |
564 |
- fi |
565 |
-} |