%define contentdir %{_datadir}/httpd %define docroot /var/www %define suexec_caller apache %define mmn 20120211 %define mmnisa %{mmn}-%{__isa_name}-%{__isa_bits} %define vstring Fedora Summary: Apache HTTP Server Name: httpd Version: 2.4.1 Release: 2%{?dist} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html Source3: httpd.logrotate Source5: httpd.sysconf Source6: httpd-ssl-pass-dialog Source7: httpd.tmpfiles Source8: httpd.service Source10: httpd.conf Source11: 00-base.conf Source12: 00-mpm.conf Source13: 00-lua.conf Source14: 01-cgi.conf Source15: 00-dav.conf Source16: 00-proxy.conf Source17: 00-ssl.conf Source18: 00-ldap.conf Source19: userdir.conf Source20: ssl.conf Source21: welcome.conf Source22: manual.conf # Documentation Source33: README.confd # build/scripts patches Patch1: httpd-2.4.1-apctl.patch Patch2: httpd-2.4.1-apxs.patch Patch3: httpd-2.4.1-deplibs.patch Patch5: httpd-2.4.1-layout.patch Patch6: httpd-2.4.1-apr14.patch # Features/functional changes Patch20: httpd-2.0.48-release.patch Patch23: httpd-2.4.1-export.patch Patch24: httpd-2.4.1-corelimit.patch Patch25: httpd-2.4.1-selinux.patch Patch26: httpd-2.4.1-suenable.patch License: ASL 2.0 Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: autoconf, perl, pkgconfig, findutils, xmlto BuildRequires: zlib-devel, libselinux-devel, lua-devel BuildRequires: apr-devel >= 1.2.0, apr-util-devel >= 1.2.0, pcre-devel >= 5.0 Requires: /etc/mime.types, system-logos >= 7.92.1-1 Obsoletes: httpd-suexec Provides: webserver Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release} Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa} Requires: httpd-tools = %{version}-%{release}, apr-util-ldap Requires(pre): /usr/sbin/useradd Requires(preun): systemd-units Requires(postun): systemd-units Requires(post): systemd-units %description The Apache HTTP Server is a powerful, efficient, and extensible web server. %package devel Group: Development/Libraries Summary: Development interfaces for the Apache HTTP server Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel Requires: apr-devel, apr-util-devel, pkgconfig Requires: httpd = %{version}-%{release} %description devel The httpd-devel package contains the APXS binary and other files that you need to build Dynamic Shared Objects (DSOs) for the Apache HTTP Server. If you are installing the Apache HTTP server and you want to be able to compile or develop additional modules for Apache, you need to install this package. %package manual Group: Documentation Summary: Documentation for the Apache HTTP server Requires: httpd = %{version}-%{release} Obsoletes: secureweb-manual, apache-manual BuildArch: noarch %description manual The httpd-manual package contains the complete manual and reference guide for the Apache HTTP server. The information can also be found at http://httpd.apache.org/docs/2.2/. %package tools Group: System Environment/Daemons Summary: Tools for use with the Apache HTTP Server %description tools The httpd-tools package contains tools which can be used with the Apache HTTP Server. %package -n mod_ssl Group: System Environment/Daemons Summary: SSL/TLS module for the Apache HTTP Server Epoch: 1 BuildRequires: openssl-devel Requires(post): openssl, /bin/cat Requires(pre): httpd Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} Obsoletes: stronghold-mod_ssl %description -n mod_ssl The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. %prep %setup -q %patch1 -p1 -b .apctl %patch2 -p1 -b .apxs %patch3 -p1 -b .deplibs %patch5 -p1 -b .layout %patch6 -p1 -b .apr14 %patch23 -p1 -b .export %patch24 -p1 -b .corelimit %patch25 -p1 -b .selinux %patch26 -p1 -b .suenable # Patch in vendor/release string sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1 # Safety check: prevent build if defined MMN does not equal upstream MMN. vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'` if test "x${vmmn}" != "x%{mmn}"; then : Error: Upstream MMN is now ${vmmn}, packaged MMN is %{mmn} : Update the mmn macro and rebuild. exit 1 fi : Building with MMN %{mmn}, MMN-ISA %{mmnisa} and vendor string '%{vstring}' %build # forcibly prevent use of bundled apr, apr-util, pcre rm -rf srclib/{apr,apr-util,pcre} # regenerate configure scripts autoheader && autoconf || exit 1 # Before configure; fix location of build dir in generated apxs %{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \ support/apxs.in export CFLAGS=$RPM_OPT_FLAGS export LDFLAGS="-Wl,-z,relro,-z,now" # Hard-code path to links to avoid unnecessary builddep export LYNX_PATH=/usr/bin/links # Build the daemon ./configure \ --prefix=%{_sysconfdir}/httpd \ --exec-prefix=%{_prefix} \ --bindir=%{_bindir} \ --sbindir=%{_sbindir} \ --mandir=%{_mandir} \ --libdir=%{_libdir} \ --sysconfdir=%{_sysconfdir}/httpd/conf \ --includedir=%{_includedir}/httpd \ --libexecdir=%{_libdir}/httpd/modules \ --datadir=%{contentdir} \ --enable-layout=Fedora \ --with-installbuilddir=%{_libdir}/httpd/build \ --enable-mpms-shared=all \ --with-apr=%{_prefix} --with-apr-util=%{_prefix} \ --enable-suexec --with-suexec \ --with-suexec-caller=%{suexec_caller} \ --with-suexec-docroot=%{docroot} \ --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \ --with-suexec-bin=%{_sbindir}/suexec \ --with-suexec-uidmin=500 --with-suexec-gidmin=100 \ --enable-pie \ --with-pcre \ --enable-mods-shared=all \ --enable-ssl --with-ssl --disable-distcache \ --enable-proxy \ --enable-cache \ --enable-disk-cache \ --enable-ldap --enable-authnz-ldap \ --enable-cgid --enable-cgi \ --enable-authn-anon --enable-authn-alias \ --disable-imagemap \ --disable-proxy-html \ --disable-xml2enc \ --disable-session $* make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT make DESTDIR=$RPM_BUILD_ROOT install # Install systemd service files mkdir -p $RPM_BUILD_ROOT/lib/systemd/system install -p -m 644 $RPM_SOURCE_DIR/httpd.service \ $RPM_BUILD_ROOT/lib/systemd/system/httpd.service # install conf file/directory mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d install -m 644 $RPM_SOURCE_DIR/README.confd \ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \ 00-proxy.conf 00-ssl.conf 00-ldap.conf; do install -m 644 -p $RPM_SOURCE_DIR/$f \ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f done for f in welcome.conf manual.conf ssl.conf userdir.conf; do install -m 644 -p $RPM_SOURCE_DIR/$f \ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/$f done rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/*.conf install -m 644 -p $RPM_SOURCE_DIR/httpd.conf \ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/httpd.conf mkdir $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig install -m 644 -p $RPM_SOURCE_DIR/httpd.sysconf \ $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/httpd # tmpfiles.d configuration mkdir $RPM_BUILD_ROOT%{_sysconfdir}/tmpfiles.d install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \ $RPM_BUILD_ROOT%{_sysconfdir}/tmpfiles.d/httpd.conf # for holding mod_dav lock database mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav # Create cache directory mkdir $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd \ $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/proxy \ $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/ssl # Make the MMN accessible to module packages echo %{mmnisa} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rpm cat > $RPM_BUILD_ROOT%{_sysconfdir}/rpm/macros.httpd < $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8 # Make ap_config_layout.h libdir-agnostic sed -i '/.*DEFAULT_..._LIBEXECDIR/d;/DEFAULT_..._INSTALLBUILDDIR/d' \ $RPM_BUILD_ROOT%{_includedir}/httpd/ap_config_layout.h # Fix path to instdso in special.mk sed -i '/instdso/s,top_srcdir,top_builddir,' \ $RPM_BUILD_ROOT%{_libdir}/httpd/build/special.mk # Remove unpackaged files rm -vf \ $RPM_BUILD_ROOT%{_libdir}/*.exp \ $RPM_BUILD_ROOT/etc/httpd/conf/mime.types \ $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.exp \ $RPM_BUILD_ROOT%{_libdir}/httpd/build/config.nice \ $RPM_BUILD_ROOT%{_bindir}/ap?-config \ $RPM_BUILD_ROOT%{_sbindir}/{checkgid,dbmmanage,envvars*} \ $RPM_BUILD_ROOT%{contentdir}/htdocs/* \ $RPM_BUILD_ROOT%{_mandir}/man1/dbmmanage.* \ $RPM_BUILD_ROOT%{contentdir}/cgi-bin/* rm -rf $RPM_BUILD_ROOT/etc/httpd/conf/{original,extra} # Make suexec a+rw so it can be stripped. %%files lists real permissions chmod 755 $RPM_BUILD_ROOT%{_sbindir}/suexec %pre # Add the "apache" user /usr/sbin/useradd -c "Apache" -u 48 \ -s /sbin/nologin -r -d %{contentdir} apache 2> /dev/null || : %post # Register the httpd service if [ $1 -eq 1 ] ; then # Initial installation /bin/systemctl daemon-reload >/dev/null 2>&1 || : fi %preun if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable %{all_services} > /dev/null 2>&1 || : /bin/systemctl stop %{all_services} > /dev/null 2>&1 || : fi %postun /bin/systemctl daemon-reload >/dev/null 2>&1 || : # Trigger for conversion from SysV, per guidelines at: # https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd %triggerun -- httpd < 2.2.21-5 # Save the current service runlevel info # User must manually run systemd-sysv-convert --apply httpd # to migrate them to systemd targets /usr/bin/systemd-sysv-convert --save httpd.service >/dev/null 2>&1 ||: # Run these because the SysV package being removed won't do them /sbin/chkconfig --del httpd >/dev/null 2>&1 || : %posttrans /bin/systemctl try-restart httpd.service >/dev/null 2>&1 || : %define sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt %define sslkey %{_sysconfdir}/pki/tls/private/localhost.key %post -n mod_ssl umask 077 if [ -f %{sslkey} -o -f %{sslcert} ]; then exit 0 fi %{_bindir}/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 1024 > %{sslkey} 2> /dev/null FQDN=`hostname` if [ "x${FQDN}" = "x" ]; then FQDN=localhost.localdomain fi cat << EOF | %{_bindir}/openssl req -new -key %{sslkey} \ -x509 -days 365 -set_serial $RANDOM -extensions v3_req \ -out %{sslcert} 2>/dev/null -- SomeState SomeCity SomeOrganization SomeOrganizationalUnit ${FQDN} root@${FQDN} EOF %check # Check the built modules are all PIC if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then : modules contain non-relocatable code exit 1 fi %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) %doc ABOUT_APACHE README CHANGES LICENSE VERSIONING NOTICE %dir %{_sysconfdir}/httpd %{_sysconfdir}/httpd/modules %{_sysconfdir}/httpd/logs %{_sysconfdir}/httpd/run %dir %{_sysconfdir}/httpd/conf %config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf %config(noreplace) %{_sysconfdir}/httpd/conf/magic %config(noreplace) %{_sysconfdir}/logrotate.d/httpd %dir %{_sysconfdir}/httpd/conf.d %{_sysconfdir}/httpd/conf.d/README %config(noreplace) %{_sysconfdir}/httpd/conf.d/welcome.conf %config(noreplace) %{_sysconfdir}/httpd/conf.d/userdir.conf %dir %{_sysconfdir}/httpd/conf.modules.d %config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/*.conf %exclude %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf %config(noreplace) %{_sysconfdir}/sysconfig/httpd %config %{_sysconfdir}/tmpfiles.d/httpd.conf %{_sbindir}/ht* %{_sbindir}/fcgistarter %{_sbindir}/apachectl %{_sbindir}/rotatelogs # cap_dac_override needed to write to /var/log/httpd %caps(cap_setuid,cap_setgid,cap_dac_override+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec %dir %{_libdir}/httpd %dir %{_libdir}/httpd/modules %{_libdir}/httpd/modules/mod*.so %exclude %{_libdir}/httpd/modules/mod_ssl.so %dir %{contentdir} %dir %{contentdir}/icons %dir %{contentdir}/error %dir %{contentdir}/error/include %dir %{contentdir}/noindex %{contentdir}/icons/* %{contentdir}/error/README %{contentdir}/error/*.var %{contentdir}/error/include/*.html %{contentdir}/noindex/index.html %dir %{docroot}/cgi-bin %dir %{docroot}/html %attr(0710,root,apache) %dir %{_localstatedir}/run/httpd %attr(0700,root,root) %dir %{_localstatedir}/log/httpd %attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav %attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd %attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy %{_mandir}/man8/* /lib/systemd/system/*.service %files tools %defattr(-,root,root) %{_bindir}/* %{_mandir}/man1/* %doc LICENSE NOTICE %exclude %{_bindir}/apxs %files manual %defattr(-,root,root) %{contentdir}/manual %config(noreplace) %{_sysconfdir}/httpd/conf.d/manual.conf %files -n mod_ssl %defattr(-,root,root) %{_libdir}/httpd/modules/mod_ssl.so %config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf %config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf %attr(0700,apache,root) %dir %{_localstatedir}/cache/httpd/ssl %{_libexecdir}/httpd-ssl-pass-dialog %files devel %defattr(-,root,root) %{_includedir}/httpd %{_bindir}/apxs %{_mandir}/man1/apxs.1* %dir %{_libdir}/httpd/build %{_libdir}/httpd/build/*.mk %{_libdir}/httpd/build/*.sh %{_sysconfdir}/rpm/macros.httpd %changelog * Tue Mar 13 2012 Joe Orton - 2.4.1-2 - clean docroot better - ship proxy, ssl directories within /var/cache/httpd - default config: * unrestricted access to (only) /var/www * remove (commented) Mutex, MaxRanges, ScriptSock * Tue Mar 6 2012 Joe Orton - 2.4.1-1 - update to 2.4.1 - adopt upstream default httpd.conf (almost verbatim) - split all LoadModules to conf.modules.d/*.conf - include conf.d/*.conf at end of httpd.conf - trim %%changelog * Mon Feb 13 2012 Joe Orton - 2.2.22-2 - fix build against PCRE 8.30 * Mon Feb 13 2012 Joe Orton - 2.2.22-1 - update to 2.2.22 * Fri Feb 10 2012 Petr Pisar - 2.2.21-8 - Rebuild against PCRE 8.30 * Mon Jan 23 2012 Jan Kaluza - 2.2.21-7 - fix #783629 - start httpd after named * Mon Jan 16 2012 Joe Orton - 2.2.21-6 - complete conversion to systemd, drop init script (#770311) - fix comments in /etc/sysconfig/httpd (#771024) - enable PrivateTmp in service file (#781440) - set LANG=C in /etc/sysconfig/httpd * Fri Jan 13 2012 Fedora Release Engineering - 2.2.21-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Tue Dec 06 2011 Jan Kaluza - 2.2.21-4 - fix #751591 - start httpd after remote-fs * Mon Oct 24 2011 Jan Kaluza - 2.2.21-3 - allow change state of BalancerMember in mod_proxy_balancer web interface * Thu Sep 22 2011 Ville Skyttä - 2.2.21-2 - Make mmn available as %%{_httpd_mmn}. - Add .svgz to AddEncoding x-gzip example in httpd.conf. * Tue Sep 13 2011 Joe Orton - 2.2.21-1 - update to 2.2.21 * Mon Sep 5 2011 Joe Orton - 2.2.20-1 - update to 2.2.20 - fix MPM stub man page generation * Wed Aug 10 2011 Jan Kaluza - 2.2.19-5 - fix #707917 - add httpd-ssl-pass-dialog to ask for SSL password using systemd * Fri Jul 22 2011 Iain Arnell 1:2.2.19-4 - rebuild while rpm-4.9.1 is untagged to remove trailing slash in provided directory names * Wed Jul 20 2011 Jan Kaluza - 2.2.19-3 - fix #716621 - suexec now works without setuid bit * Thu Jul 14 2011 Jan Kaluza - 2.2.19-2 - fix #689091 - backported patch from 2.3 branch to support IPv6 in logresolve * Fri Jul 1 2011 Joe Orton - 2.2.19-1 - update to 2.2.19 - enable dbd, authn_dbd in default config * Thu Apr 14 2011 Joe Orton - 2.2.17-13 - fix path expansion in service files * Tue Apr 12 2011 Joe Orton - 2.2.17-12 - add systemd service files (#684175, thanks to Jóhann B. Guðmundsson) * Wed Mar 23 2011 Joe Orton - 2.2.17-11 - minor updates to httpd.conf - drop old patches * Wed Mar 2 2011 Joe Orton - 2.2.17-10 - rebuild * Wed Feb 23 2011 Joe Orton - 2.2.17-9 - use arch-specific mmn * Wed Feb 09 2011 Fedora Release Engineering - 2.2.17-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Jan 31 2011 Joe Orton - 2.2.17-7 - generate dummy mod_ssl cert with CA:FALSE constraint (#667841) - add man page stubs for httpd.event, httpd.worker - drop distcache support - add STOP_TIMEOUT support to init script * Sat Jan 8 2011 Joe Orton - 2.2.17-6 - update default SSLCipherSuite per upstream trunk * Wed Jan 5 2011 Joe Orton - 2.2.17-5 - fix requires (#667397) * Wed Jan 5 2011 Joe Orton - 2.2.17-4 - de-ghost /var/run/httpd * Tue Jan 4 2011 Joe Orton - 2.2.17-3 - add tmpfiles.d configuration, ghost /var/run/httpd (#656600) * Sat Nov 20 2010 Joe Orton - 2.2.17-2 - drop setuid bit, use capabilities for suexec binary * Wed Oct 27 2010 Joe Orton - 2.2.17-1 - update to 2.2.17 * Fri Sep 10 2010 Joe Orton - 2.2.16-2 - link everything using -z relro and -z now * Mon Jul 26 2010 Joe Orton - 2.2.16-1 - update to 2.2.16 * Fri Jul 9 2010 Joe Orton - 2.2.15-3 - default config tweaks: * harden httpd.conf w.r.t. .htaccess restriction (#591293) * load mod_substitute, mod_version by default * drop proxy_ajp.conf, load mod_proxy_ajp in httpd.conf * add commented list of shipped-but-unloaded modules * bump up worker defaults a little * drop KeepAliveTimeout to 5 secs per upstream - fix LSB compliance in init script (#522074) - bundle NOTICE in -tools - use init script in logrotate postrotate to pick up PIDFILE - drop some old Obsoletes/Conflicts * Sun Apr 04 2010 Robert Scheck - 2.2.15-1 - update to 2.2.15 (#572404, #579311)