Resolves: #2065677 - httpd minimisation for ubi-micro

minimize httpd dependencies (new httpd-core package)
mod_systemd and mod_brotli are now packaged in the main httpd package
This commit is contained in:
Luboš Uhliarik 2022-06-01 16:48:59 +02:00
parent d6fbadf25f
commit ef2b91d363
4 changed files with 337 additions and 21 deletions

View File

@ -23,7 +23,6 @@ LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule brotli_module modules/mod_brotli.so
LoadModule cache_module modules/mod_cache.so
LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule cache_socache_module modules/mod_cache_socache.so

1
00-brotli.conf Normal file
View File

@ -0,0 +1 @@
LoadModule brotli_module modules/mod_brotli.so

View File

@ -0,0 +1,286 @@
diff --git a/acinclude.m4 b/acinclude.m4
index 05abe18..97484c9 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -631,7 +631,6 @@ case $host in
if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then
AC_MSG_WARN([Your system does not support systemd.])
else
- APR_ADDTO(HTTPD_LIBS, [$SYSTEMD_LIBS])
AC_DEFINE(HAVE_SYSTEMD, 1, [Define if systemd is supported])
fi
fi
diff --git a/include/ap_listen.h b/include/ap_listen.h
index 58c2574..d5ed968 100644
--- a/include/ap_listen.h
+++ b/include/ap_listen.h
@@ -29,6 +29,7 @@
#include "apr_network_io.h"
#include "httpd.h"
#include "http_config.h"
+#include "apr_optional.h"
#ifdef __cplusplus
extern "C" {
@@ -143,6 +144,15 @@ AP_DECLARE_NONSTD(const char *) ap_set_receive_buffer_size(cmd_parms *cmd,
void *dummy,
const char *arg);
+#ifdef HAVE_SYSTEMD
+APR_DECLARE_OPTIONAL_FN(int,
+ ap_find_systemd_socket, (process_rec *, apr_port_t));
+
+APR_DECLARE_OPTIONAL_FN(int,
+ ap_systemd_listen_fds, (int));
+#endif
+
+
#define LISTEN_COMMANDS \
AP_INIT_TAKE1("ListenBacklog", ap_set_listenbacklog, NULL, RSRC_CONF, \
"Maximum length of the queue of pending connections, as used by listen(2)"), \
diff --git a/modules/arch/unix/mod_systemd.c b/modules/arch/unix/mod_systemd.c
index eda1272..fc059fc 100644
--- a/modules/arch/unix/mod_systemd.c
+++ b/modules/arch/unix/mod_systemd.c
@@ -35,6 +35,15 @@
#include <unistd.h>
#endif
+APR_DECLARE_OPTIONAL_FN(int,
+ ap_find_systemd_socket, (process_rec *, apr_port_t));
+
+APR_DECLARE_OPTIONAL_FN(int,
+ ap_systemd_listen_fds, (int));
+
+APR_DECLARE_OPTIONAL_FN(int,
+ ap_systemd_journal_stream_fd, (const char *, int, int));
+
static char describe_listeners[30];
static int systemd_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
@@ -145,8 +154,47 @@ static int systemd_monitor(apr_pool_t *p, server_rec *s)
return DECLINED;
}
+static int ap_find_systemd_socket(process_rec * process, apr_port_t port) {
+ int fdcount, fd;
+ int sdc = sd_listen_fds(0);
+
+ if (sdc < 0) {
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02486)
+ "find_systemd_socket: Error parsing enviroment, sd_listen_fds returned %d",
+ sdc);
+ return -1;
+ }
+
+ if (sdc == 0) {
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02487)
+ "find_systemd_socket: At least one socket must be set.");
+ return -1;
+ }
+
+ fdcount = atoi(getenv("LISTEN_FDS"));
+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + fdcount; fd++) {
+ if (sd_is_socket_inet(fd, 0, 0, -1, port) > 0) {
+ return fd;
+ }
+ }
+
+ return -1;
+}
+
+static int ap_systemd_listen_fds(int unset_environment){
+ return sd_listen_fds(unset_environment);
+}
+
+static int ap_systemd_journal_stream_fd(const char *identifier, int priority, int level_prefix){
+ return sd_journal_stream_fd("httpd", priority, 0);
+}
+
static void systemd_register_hooks(apr_pool_t *p)
{
+ APR_REGISTER_OPTIONAL_FN(ap_systemd_listen_fds);
+ APR_REGISTER_OPTIONAL_FN(ap_find_systemd_socket);
+ APR_REGISTER_OPTIONAL_FN(ap_systemd_journal_stream_fd);
+
/* Enable ap_extended_status. */
ap_hook_pre_config(systemd_pre_config, NULL, NULL, APR_HOOK_LAST);
/* Signal service is ready. */
diff --git a/modules/loggers/config.m4 b/modules/loggers/config.m4
index 0848d2e..8af2299 100644
--- a/modules/loggers/config.m4
+++ b/modules/loggers/config.m4
@@ -5,7 +5,6 @@ dnl APACHE_MODULE(name, helptext[, objects[, structname[, default[, config]]]])
APACHE_MODPATH_INIT(loggers)
APACHE_MODULE(log_config, logging configuration. You won't be able to log requests to the server without this module., , , yes)
-APR_ADDTO(MOD_LOG_CONFIG_LDADD, [$SYSTEMD_LIBS])
APACHE_MODULE(log_debug, configurable debug logging, , , most)
APACHE_MODULE(log_forensic, forensic logging)
diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c
index 0b11f60..c3f0a51 100644
--- a/modules/loggers/mod_log_config.c
+++ b/modules/loggers/mod_log_config.c
@@ -172,10 +172,6 @@
#include <limits.h>
#endif
-#ifdef HAVE_SYSTEMD
-#include <systemd/sd-journal.h>
-#endif
-
#define DEFAULT_LOG_FORMAT "%h %l %u %t \"%r\" %>s %b"
module AP_MODULE_DECLARE_DATA log_config_module;
@@ -1640,8 +1636,15 @@ static apr_status_t wrap_journal_stream(apr_pool_t *p, apr_file_t **outfd,
{
#ifdef HAVE_SYSTEMD
int fd;
+ APR_OPTIONAL_FN_TYPE(ap_systemd_journal_stream_fd) *systemd_journal_stream_fd;
+
+ systemd_journal_stream_fd = APR_RETRIEVE_OPTIONAL_FN(ap_systemd_journal_stream_fd);
+ if (systemd_journal_stream_fd == NULL) {
+ return APR_ENOTIMPL;
+ }
- fd = sd_journal_stream_fd("httpd", priority, 0);
+ fd = systemd_journal_stream_fd("httpd", priority, 0);
+
if (fd < 0) return fd;
/* This is an AF_UNIX socket fd so is more pipe-like than
diff --git a/modules/loggers/mod_log_config.h b/modules/loggers/mod_log_config.h
index 877a593..bd52a98 100644
--- a/modules/loggers/mod_log_config.h
+++ b/modules/loggers/mod_log_config.h
@@ -69,6 +69,10 @@ APR_DECLARE_OPTIONAL_FN(ap_log_writer_init*, ap_log_set_writer_init,(ap_log_writ
*/
APR_DECLARE_OPTIONAL_FN(ap_log_writer*, ap_log_set_writer, (ap_log_writer* func));
+#ifdef HAVE_SYSTEMD
+APR_DECLARE_OPTIONAL_FN(int, ap_systemd_journal_stream_fd, (const char *, int, int));
+#endif
+
#endif /* MOD_LOG_CONFIG */
/** @} */
diff --git a/server/listen.c b/server/listen.c
index e2e028a..5d1c0e1 100644
--- a/server/listen.c
+++ b/server/listen.c
@@ -34,10 +34,6 @@
#include <unistd.h>
#endif
-#ifdef HAVE_SYSTEMD
-#include <systemd/sd-daemon.h>
-#endif
-
/* we know core's module_index is 0 */
#undef APLOG_MODULE_INDEX
#define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX
@@ -325,34 +321,6 @@ static int find_listeners(ap_listen_rec **from, ap_listen_rec **to,
}
#ifdef HAVE_SYSTEMD
-
-static int find_systemd_socket(process_rec * process, apr_port_t port) {
- int fdcount, fd;
- int sdc = sd_listen_fds(0);
-
- if (sdc < 0) {
- ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02486)
- "find_systemd_socket: Error parsing enviroment, sd_listen_fds returned %d",
- sdc);
- return -1;
- }
-
- if (sdc == 0) {
- ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02487)
- "find_systemd_socket: At least one socket must be set.");
- return -1;
- }
-
- fdcount = atoi(getenv("LISTEN_FDS"));
- for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + fdcount; fd++) {
- if (sd_is_socket_inet(fd, 0, 0, -1, port) > 0) {
- return fd;
- }
- }
-
- return -1;
-}
-
static apr_status_t alloc_systemd_listener(process_rec * process,
int fd, const char *proto,
ap_listen_rec **out_rec)
@@ -412,6 +380,14 @@ static const char *set_systemd_listener(process_rec *process, apr_port_t port,
{
ap_listen_rec *last, *new;
apr_status_t rv;
+ APR_OPTIONAL_FN_TYPE(ap_find_systemd_socket) *find_systemd_socket;
+
+ find_systemd_socket = APR_RETRIEVE_OPTIONAL_FN(ap_find_systemd_socket);
+
+ if (!find_systemd_socket)
+ return "Systemd socket activation is used, but mod_systemd is probably "
+ "not loaded";
+
int fd = find_systemd_socket(process, port);
if (fd < 0) {
return "Systemd socket activation is used, but this port is not "
@@ -438,7 +414,6 @@ static const char *set_systemd_listener(process_rec *process, apr_port_t port,
return NULL;
}
-
#endif /* HAVE_SYSTEMD */
static const char *alloc_listener(process_rec *process, const char *addr,
@@ -707,6 +682,9 @@ AP_DECLARE(int) ap_setup_listeners(server_rec *s)
int num_listeners = 0;
const char* proto;
int found;
+#ifdef HAVE_SYSTEMD
+ APR_OPTIONAL_FN_TYPE(ap_systemd_listen_fds) *systemd_listen_fds;
+#endif
for (ls = s; ls; ls = ls->next) {
proto = ap_get_server_protocol(ls);
@@ -746,7 +724,10 @@ AP_DECLARE(int) ap_setup_listeners(server_rec *s)
apr_pool_cleanup_null, s->process->pool);
}
else {
- sd_listen_fds(1);
+ systemd_listen_fds = APR_RETRIEVE_OPTIONAL_FN(ap_systemd_listen_fds);
+ if (systemd_listen_fds != NULL) {
+ systemd_listen_fds(1);
+ }
}
}
else
@@ -963,6 +944,9 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
apr_port_t port;
apr_status_t rv;
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+#ifdef HAVE_SYSTEMD
+ APR_OPTIONAL_FN_TYPE(ap_systemd_listen_fds) *systemd_listen_fds;
+#endif
if (err != NULL) {
return err;
@@ -973,7 +957,12 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
}
#ifdef HAVE_SYSTEMD
if (use_systemd == -1) {
- use_systemd = sd_listen_fds(0) > 0;
+ systemd_listen_fds = APR_RETRIEVE_OPTIONAL_FN(ap_systemd_listen_fds);
+ if (systemd_listen_fds != NULL) {
+ use_systemd = systemd_listen_fds(0) > 0;
+ } else {
+ use_systemd = 0;
+ }
}
#endif

View File

@ -13,7 +13,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.53
Release: 1%{?dist}
Release: 2%{?dist}
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@ -52,6 +52,7 @@ Source31: README.confmod
Source32: httpd.service.xml
Source33: htcacheclean.service.xml
Source34: httpd.conf.xml
Source35: 00-brotli.conf
Source40: htcacheclean.service
Source41: htcacheclean.sysconf
Source42: httpd-init.service
@ -95,6 +96,8 @@ Patch50: httpd-2.4.48-r1825120.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2079939
# backported regression fix
Patch51: httpd-2.4.53-r1901199.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2065677
Patch52: httpd-2.4.53-separate-systemd-fns.patch
# Bug fixes
@ -119,25 +122,33 @@ BuildRequires: perl-interpreter, perl-generators, systemd-devel
BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel
BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0
BuildRequires: gnupg2
Requires: /etc/mime.types, system-logos-httpd
Requires: system-logos-httpd
Provides: webserver
Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
Requires: httpd-tools = %{version}-%{release}
Requires: httpd-filesystem = %{version}-%{release}
Requires: httpd-core = 0:%{version}-%{release}
Recommends: mod_http2, mod_lua
Requires(pre): httpd-filesystem
Requires(preun): systemd-units
Requires(postun): systemd-units
Requires(post): systemd-units
Conflicts: apr < 1.5.0-1
Provides: mod_proxy_uwsgi = %{version}-%{release}
Obsoletes: mod_proxy_uwsgi < 2.0.17.1-2
%description
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
%package core
Summary: httpd minimal core
Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
Provides: mod_proxy_uwsgi = %{version}-%{release}
Requires: /etc/mime.types
Requires: httpd-tools = %{version}-%{release}
Requires: httpd-filesystem = %{version}-%{release}
Requires(pre): httpd-filesystem
Conflicts: apr < 1.5.0-1
Obsoletes: mod_proxy_uwsgi < 2.0.17.1-2
%description core
The httpd-core package contains essential httpd binaries.
%package devel
Summary: Development interfaces for the Apache HTTP Server
Requires: apr-devel, apr-util-devel, pkgconfig
@ -260,6 +271,7 @@ written in the Lua programming language.
%patch49 -p1 -b .ssl-proxy-chains
%patch50 -p1 -b .r1825120
%patch51 -p1 -b .r1901199
%patch52 -p1 -b .separatesystemd
%patch60 -p1 -b .enable-sslv3
%patch61 -p1 -b .htcacheclean-dont-break
@ -399,7 +411,8 @@ install -m 644 $RPM_SOURCE_DIR/README.confmod \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/README
for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \
01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf; do
01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf \
00-brotli.conf; do
install -m 644 -p $RPM_SOURCE_DIR/$f \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
done
@ -672,6 +685,22 @@ set -x
exit $rv
%files
%{_mandir}/man8/*
%{_mandir}/man5/*
%exclude %{_mandir}/man8/httpd-init.*
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-brotli.conf
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-systemd.conf
%{_libdir}/httpd/modules/mod_brotli.so
%{_libdir}/httpd/modules/mod_systemd.so
%{_unitdir}/httpd.service
%{_unitdir}/httpd@.service
%{_unitdir}/htcacheclean.service
%{_unitdir}/*.socket
%files core
%doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE
%doc docs/conf/extra/*.conf
@ -693,7 +722,10 @@ exit $rv
%dir %{_sysconfdir}/httpd/conf.modules.d
%{_sysconfdir}/httpd/conf.modules.d/README
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/*.conf
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-brotli.conf
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-systemd.conf
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
%exclude %{_sysconfdir}/httpd/conf.modules.d/00-lua.conf
@ -715,6 +747,8 @@ exit $rv
%dir %{_libdir}/httpd
%dir %{_libdir}/httpd/modules
%{_libdir}/httpd/modules/mod*.so
%exclude %{_libdir}/httpd/modules/mod_brotli.so
%exclude %{_libdir}/httpd/modules/mod_systemd.so
%exclude %{_libdir}/httpd/modules/mod_auth_form.so
%exclude %{_libdir}/httpd/modules/mod_ssl.so
%exclude %{_libdir}/httpd/modules/mod_*ldap.so
@ -741,15 +775,6 @@ exit $rv
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
%{_mandir}/man8/*
%{_mandir}/man5/*
%exclude %{_mandir}/man8/httpd-init.*
%{_unitdir}/httpd.service
%{_unitdir}/httpd@.service
%{_unitdir}/htcacheclean.service
%{_unitdir}/*.socket
%files filesystem
%dir %{_sysconfdir}/httpd
%dir %{_sysconfdir}/httpd/conf.d
@ -813,6 +838,11 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
* Wed Jun 01 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-2
- Resolves: #2065677 - httpd minimisation for ubi-micro
- minimize httpd dependencies (new httpd-core package)
- mod_systemd and mod_brotli are now packaged in the main httpd package
* Tue May 31 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-1
- new version 2.4.53
- Resolves: #2079939 - httpd rebase to 2.4.53