Resolves: #2065677 - httpd minimisation for ubi-micro

minimize httpd dependencies (new httpd-core package)
mod_systemd and mod_brotli are now packaged in the main httpd package

00-base.conf

@@ -23,7 +23,6 @@ LoadModule authz_host_module modules/mod_authz_host.so
 LoadModule authz_owner_module modules/mod_authz_owner.so
 LoadModule authz_user_module modules/mod_authz_user.so
 LoadModule autoindex_module modules/mod_autoindex.so
-LoadModule brotli_module modules/mod_brotli.so
 LoadModule cache_module modules/mod_cache.so
 LoadModule cache_disk_module modules/mod_cache_disk.so
 LoadModule cache_socache_module modules/mod_cache_socache.so

00-brotli.conf

@@ -0,0 +1 @@
+LoadModule brotli_module modules/mod_brotli.so

httpd-2.4.53-separate-systemd-fns.patch

@@ -0,0 +1,286 @@
+diff --git a/acinclude.m4 b/acinclude.m4
+index 05abe18..97484c9 100644
+--- a/acinclude.m4
++++ b/acinclude.m4
+@@ -631,7 +631,6 @@ case $host in
+       if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then
+         AC_MSG_WARN([Your system does not support systemd.])
+       else
+-        APR_ADDTO(HTTPD_LIBS, [$SYSTEMD_LIBS])
+         AC_DEFINE(HAVE_SYSTEMD, 1, [Define if systemd is supported])
+       fi
+    fi
+diff --git a/include/ap_listen.h b/include/ap_listen.h
+index 58c2574..d5ed968 100644
+--- a/include/ap_listen.h
++++ b/include/ap_listen.h
+@@ -29,6 +29,7 @@
+ #include "apr_network_io.h"
+ #include "httpd.h"
+ #include "http_config.h"
++#include "apr_optional.h"
+ 
+ #ifdef __cplusplus
+ extern "C" {
+@@ -143,6 +144,15 @@ AP_DECLARE_NONSTD(const char *) ap_set_receive_buffer_size(cmd_parms *cmd,
+                                                            void *dummy,
+                                                            const char *arg);
+ 
++#ifdef HAVE_SYSTEMD
++APR_DECLARE_OPTIONAL_FN(int,
++                        ap_find_systemd_socket, (process_rec *, apr_port_t));
++
++APR_DECLARE_OPTIONAL_FN(int,
++                        ap_systemd_listen_fds, (int));
++#endif
++
++
+ #define LISTEN_COMMANDS \
+ AP_INIT_TAKE1("ListenBacklog", ap_set_listenbacklog, NULL, RSRC_CONF, \
+   "Maximum length of the queue of pending connections, as used by listen(2)"), \
+diff --git a/modules/arch/unix/mod_systemd.c b/modules/arch/unix/mod_systemd.c
+index eda1272..fc059fc 100644
+--- a/modules/arch/unix/mod_systemd.c
++++ b/modules/arch/unix/mod_systemd.c
+@@ -35,6 +35,15 @@
+ #include <unistd.h>
+ #endif
+ 
++APR_DECLARE_OPTIONAL_FN(int,
++                        ap_find_systemd_socket, (process_rec *, apr_port_t));
++
++APR_DECLARE_OPTIONAL_FN(int,
++                        ap_systemd_listen_fds, (int));
++
++APR_DECLARE_OPTIONAL_FN(int,
++                        ap_systemd_journal_stream_fd, (const char *, int, int));
++
+ static char describe_listeners[30];
+ 
+ static int systemd_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
+@@ -145,8 +154,47 @@ static int systemd_monitor(apr_pool_t *p, server_rec *s)
+     return DECLINED;
+ }
+ 
++static int ap_find_systemd_socket(process_rec * process, apr_port_t port) {
++    int fdcount, fd;
++    int sdc = sd_listen_fds(0);
++
++    if (sdc < 0) {
++        ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02486)
++                      "find_systemd_socket: Error parsing enviroment, sd_listen_fds returned %d",
++                      sdc);
++        return -1;
++    }
++
++    if (sdc == 0) {
++        ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02487)
++                      "find_systemd_socket: At least one socket must be set.");
++        return -1;
++    }
++
++    fdcount = atoi(getenv("LISTEN_FDS"));
++    for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + fdcount; fd++) {
++        if (sd_is_socket_inet(fd, 0, 0, -1, port) > 0) {
++            return fd;
++        }
++    }
++
++    return -1;
++}
++
++static int ap_systemd_listen_fds(int unset_environment){
++    return sd_listen_fds(unset_environment);
++}
++
++static int ap_systemd_journal_stream_fd(const char *identifier, int priority, int level_prefix){
++    return sd_journal_stream_fd("httpd", priority, 0);
++}
++
+ static void systemd_register_hooks(apr_pool_t *p)
+ {
++    APR_REGISTER_OPTIONAL_FN(ap_systemd_listen_fds);
++    APR_REGISTER_OPTIONAL_FN(ap_find_systemd_socket);
++    APR_REGISTER_OPTIONAL_FN(ap_systemd_journal_stream_fd);
++
+     /* Enable ap_extended_status. */
+     ap_hook_pre_config(systemd_pre_config, NULL, NULL, APR_HOOK_LAST);
+     /* Signal service is ready. */
+diff --git a/modules/loggers/config.m4 b/modules/loggers/config.m4
+index 0848d2e..8af2299 100644
+--- a/modules/loggers/config.m4
++++ b/modules/loggers/config.m4
+@@ -5,7 +5,6 @@ dnl APACHE_MODULE(name, helptext[, objects[, structname[, default[, config]]]])
+ APACHE_MODPATH_INIT(loggers)
+ 	
+ APACHE_MODULE(log_config, logging configuration.  You won't be able to log requests to the server without this module., , , yes)
+-APR_ADDTO(MOD_LOG_CONFIG_LDADD, [$SYSTEMD_LIBS])
+ 
+ APACHE_MODULE(log_debug, configurable debug logging, , , most)
+ APACHE_MODULE(log_forensic, forensic logging)
+diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c
+index 0b11f60..c3f0a51 100644
+--- a/modules/loggers/mod_log_config.c
++++ b/modules/loggers/mod_log_config.c
+@@ -172,10 +172,6 @@
+ #include <limits.h>
+ #endif
+ 
+-#ifdef HAVE_SYSTEMD
+-#include <systemd/sd-journal.h>
+-#endif
+-
+ #define DEFAULT_LOG_FORMAT "%h %l %u %t \"%r\" %>s %b"
+ 
+ module AP_MODULE_DECLARE_DATA log_config_module;
+@@ -1640,8 +1636,15 @@ static apr_status_t wrap_journal_stream(apr_pool_t *p, apr_file_t **outfd,
+ {
+ #ifdef HAVE_SYSTEMD
+     int fd;
++    APR_OPTIONAL_FN_TYPE(ap_systemd_journal_stream_fd) *systemd_journal_stream_fd;
++    
++    systemd_journal_stream_fd = APR_RETRIEVE_OPTIONAL_FN(ap_systemd_journal_stream_fd);
++    if (systemd_journal_stream_fd == NULL) {
++        return APR_ENOTIMPL;
++    }
+ 
+-    fd = sd_journal_stream_fd("httpd", priority, 0);
++    fd = systemd_journal_stream_fd("httpd", priority, 0);
++    
+     if (fd < 0) return fd;
+ 
+     /* This is an AF_UNIX socket fd so is more pipe-like than
+diff --git a/modules/loggers/mod_log_config.h b/modules/loggers/mod_log_config.h
+index 877a593..bd52a98 100644
+--- a/modules/loggers/mod_log_config.h
++++ b/modules/loggers/mod_log_config.h
+@@ -69,6 +69,10 @@ APR_DECLARE_OPTIONAL_FN(ap_log_writer_init*, ap_log_set_writer_init,(ap_log_writ
+  */
+ APR_DECLARE_OPTIONAL_FN(ap_log_writer*, ap_log_set_writer, (ap_log_writer* func));
+ 
++#ifdef HAVE_SYSTEMD
++APR_DECLARE_OPTIONAL_FN(int, ap_systemd_journal_stream_fd, (const char *, int, int));
++#endif
++
+ #endif /* MOD_LOG_CONFIG */
+ /** @} */
+ 
+diff --git a/server/listen.c b/server/listen.c
+index e2e028a..5d1c0e1 100644
+--- a/server/listen.c
++++ b/server/listen.c
+@@ -34,10 +34,6 @@
+ #include <unistd.h>
+ #endif
+ 
+-#ifdef HAVE_SYSTEMD
+-#include <systemd/sd-daemon.h>
+-#endif
+-
+ /* we know core's module_index is 0 */
+ #undef APLOG_MODULE_INDEX
+ #define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX
+@@ -325,34 +321,6 @@ static int find_listeners(ap_listen_rec **from, ap_listen_rec **to,
+ }
+ 
+ #ifdef HAVE_SYSTEMD
+-
+-static int find_systemd_socket(process_rec * process, apr_port_t port) {
+-    int fdcount, fd;
+-    int sdc = sd_listen_fds(0);
+-
+-    if (sdc < 0) {
+-        ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02486)
+-                      "find_systemd_socket: Error parsing enviroment, sd_listen_fds returned %d",
+-                      sdc);
+-        return -1;
+-    }
+-
+-    if (sdc == 0) {
+-        ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02487)
+-                      "find_systemd_socket: At least one socket must be set.");
+-        return -1;
+-    }
+-
+-    fdcount = atoi(getenv("LISTEN_FDS"));
+-    for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + fdcount; fd++) {
+-        if (sd_is_socket_inet(fd, 0, 0, -1, port) > 0) {
+-            return fd;
+-        }
+-    }
+-
+-    return -1;
+-}
+-
+ static apr_status_t alloc_systemd_listener(process_rec * process,
+                                            int fd, const char *proto,
+                                            ap_listen_rec **out_rec)
+@@ -412,6 +380,14 @@ static const char *set_systemd_listener(process_rec *process, apr_port_t port,
+ {
+     ap_listen_rec *last, *new;
+     apr_status_t rv;
++    APR_OPTIONAL_FN_TYPE(ap_find_systemd_socket) *find_systemd_socket;
++
++    find_systemd_socket = APR_RETRIEVE_OPTIONAL_FN(ap_find_systemd_socket);
++
++    if (!find_systemd_socket)
++       return "Systemd socket activation is used, but mod_systemd is probably "
++               "not loaded";
++
+     int fd = find_systemd_socket(process, port);
+     if (fd < 0) {
+         return "Systemd socket activation is used, but this port is not "
+@@ -438,7 +414,6 @@ static const char *set_systemd_listener(process_rec *process, apr_port_t port,
+ 
+     return NULL;
+ }
+-
+ #endif /* HAVE_SYSTEMD */
+ 
+ static const char *alloc_listener(process_rec *process, const char *addr,
+@@ -707,6 +682,9 @@ AP_DECLARE(int) ap_setup_listeners(server_rec *s)
+     int num_listeners = 0;
+     const char* proto;
+     int found;
++#ifdef HAVE_SYSTEMD
++    APR_OPTIONAL_FN_TYPE(ap_systemd_listen_fds) *systemd_listen_fds;
++#endif
+ 
+     for (ls = s; ls; ls = ls->next) {
+         proto = ap_get_server_protocol(ls);
+@@ -746,7 +724,10 @@ AP_DECLARE(int) ap_setup_listeners(server_rec *s)
+                                 apr_pool_cleanup_null, s->process->pool);
+         }
+         else {
+-            sd_listen_fds(1);
++            systemd_listen_fds = APR_RETRIEVE_OPTIONAL_FN(ap_systemd_listen_fds);
++            if (systemd_listen_fds != NULL) {
++                systemd_listen_fds(1);
++            }
+         }
+     }
+     else
+@@ -963,6 +944,9 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
+     apr_port_t port;
+     apr_status_t rv;
+     const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
++#ifdef HAVE_SYSTEMD
++    APR_OPTIONAL_FN_TYPE(ap_systemd_listen_fds) *systemd_listen_fds;
++#endif
+ 
+     if (err != NULL) {
+         return err;
+@@ -973,7 +957,12 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
+     }
+ #ifdef HAVE_SYSTEMD
+     if (use_systemd == -1) {
+-        use_systemd = sd_listen_fds(0) > 0;
++        systemd_listen_fds = APR_RETRIEVE_OPTIONAL_FN(ap_systemd_listen_fds);
++        if (systemd_listen_fds != NULL) {
++            use_systemd = systemd_listen_fds(0) > 0;
++        } else {
++            use_systemd = 0;
++        }
+     }
+ #endif
+ 

httpd.spec

@@ -13,7 +13,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.53
-Release: 1%{?dist}
+Release: 2%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@@ -52,6 +52,7 @@ Source31: README.confmod
 Source32: httpd.service.xml
 Source33: htcacheclean.service.xml
 Source34: httpd.conf.xml
+Source35: 00-brotli.conf
 Source40: htcacheclean.service
 Source41: htcacheclean.sysconf
 Source42: httpd-init.service
@@ -95,6 +96,8 @@ Patch50: httpd-2.4.48-r1825120.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2079939
 # backported regression fix
 Patch51: httpd-2.4.53-r1901199.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2065677
+Patch52: httpd-2.4.53-separate-systemd-fns.patch
 
 
 # Bug fixes
@@ -119,25 +122,33 @@ BuildRequires: perl-interpreter, perl-generators, systemd-devel
 BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel
 BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0
 BuildRequires: gnupg2
-Requires: /etc/mime.types, system-logos-httpd
+Requires: system-logos-httpd
 Provides: webserver
-Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
-Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
-Requires: httpd-tools = %{version}-%{release}
-Requires: httpd-filesystem = %{version}-%{release}
+Requires: httpd-core = 0:%{version}-%{release}
 Recommends: mod_http2, mod_lua
-Requires(pre): httpd-filesystem
 Requires(preun): systemd-units
 Requires(postun): systemd-units
 Requires(post): systemd-units
-Conflicts: apr < 1.5.0-1
-Provides: mod_proxy_uwsgi = %{version}-%{release}
-Obsoletes: mod_proxy_uwsgi < 2.0.17.1-2
 
 %description
 The Apache HTTP Server is a powerful, efficient, and extensible
 web server.
 
+%package core
+Summary: httpd minimal core
+Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
+Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
+Provides: mod_proxy_uwsgi = %{version}-%{release}
+Requires: /etc/mime.types
+Requires: httpd-tools = %{version}-%{release}
+Requires: httpd-filesystem = %{version}-%{release}
+Requires(pre): httpd-filesystem
+Conflicts: apr < 1.5.0-1
+Obsoletes: mod_proxy_uwsgi < 2.0.17.1-2
+
+%description core
+The httpd-core package contains essential httpd binaries.
+
 %package devel
 Summary: Development interfaces for the Apache HTTP Server
 Requires: apr-devel, apr-util-devel, pkgconfig
@@ -260,6 +271,7 @@ written in the Lua programming language.
 %patch49 -p1 -b .ssl-proxy-chains
 %patch50 -p1 -b .r1825120
 %patch51 -p1 -b .r1901199
+%patch52 -p1 -b .separatesystemd
 
 %patch60 -p1 -b .enable-sslv3
 %patch61 -p1 -b .htcacheclean-dont-break
@@ -399,7 +411,8 @@ install -m 644 $RPM_SOURCE_DIR/README.confmod \
     $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/README
 for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
          00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \
-         01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf; do
+         01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf \
+         00-brotli.conf; do
   install -m 644 -p $RPM_SOURCE_DIR/$f \
         $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
 done
@@ -672,6 +685,22 @@ set -x
 exit $rv
 
 %files
+%{_mandir}/man8/*
+%{_mandir}/man5/*
+%exclude %{_mandir}/man8/httpd-init.*
+
+%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-brotli.conf
+%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-systemd.conf
+
+%{_libdir}/httpd/modules/mod_brotli.so
+%{_libdir}/httpd/modules/mod_systemd.so
+
+%{_unitdir}/httpd.service
+%{_unitdir}/httpd@.service
+%{_unitdir}/htcacheclean.service
+%{_unitdir}/*.socket
+
+%files core
 
 %doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE
 %doc docs/conf/extra/*.conf
@@ -693,7 +722,10 @@ exit $rv
 
 %dir %{_sysconfdir}/httpd/conf.modules.d
 %{_sysconfdir}/httpd/conf.modules.d/README
+
 %config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/*.conf
+%exclude %{_sysconfdir}/httpd/conf.modules.d/00-brotli.conf
+%exclude %{_sysconfdir}/httpd/conf.modules.d/00-systemd.conf
 %exclude %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf
 %exclude %{_sysconfdir}/httpd/conf.modules.d/00-proxyhtml.conf
 %exclude %{_sysconfdir}/httpd/conf.modules.d/00-lua.conf
@@ -715,6 +747,8 @@ exit $rv
 %dir %{_libdir}/httpd
 %dir %{_libdir}/httpd/modules
 %{_libdir}/httpd/modules/mod*.so
+%exclude %{_libdir}/httpd/modules/mod_brotli.so
+%exclude %{_libdir}/httpd/modules/mod_systemd.so
 %exclude %{_libdir}/httpd/modules/mod_auth_form.so
 %exclude %{_libdir}/httpd/modules/mod_ssl.so
 %exclude %{_libdir}/httpd/modules/mod_*ldap.so
@@ -741,15 +775,6 @@ exit $rv
 %attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
 %attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
 
-%{_mandir}/man8/*
-%{_mandir}/man5/*
-%exclude %{_mandir}/man8/httpd-init.*
-
-%{_unitdir}/httpd.service
-%{_unitdir}/httpd@.service
-%{_unitdir}/htcacheclean.service
-%{_unitdir}/*.socket
-
 %files filesystem
 %dir %{_sysconfdir}/httpd
 %dir %{_sysconfdir}/httpd/conf.d
@@ -813,6 +838,11 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Wed Jun 01 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-2
+- Resolves: #2065677 - httpd minimisation for ubi-micro
+- minimize httpd dependencies (new httpd-core package)
+- mod_systemd and mod_brotli are now packaged in the main httpd package
+
 * Tue May 31 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-1
 - new version 2.4.53
 - Resolves: #2079939 - httpd rebase to 2.4.53