From dbeb0027f870afe77d1bde55359165c961b8c7ac Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Wed, 6 Sep 2006 13:08:59 +0000 Subject: [PATCH] auto-import mod_fcgid-1.10-6 on branch devel from mod_fcgid-1.10-6.src.rpm --- .cvsignore | 1 + README.Fedora | 129 ++++++++++++++++++++++ README.SELinux | 48 +++++++++ configuration.htm | 111 +++++++++++++++++++ doc.htm | 103 ++++++++++++++++++ fastcgi.fc | 1 + fastcgi.te | 75 +++++++++++++ fcgid.conf | 15 +++ mod_fcgid.1.09-docurls.patch | 21 ++++ mod_fcgid.spec | 204 +++++++++++++++++++++++++++++++++++ sources | 1 + 11 files changed, 709 insertions(+) create mode 100644 README.Fedora create mode 100644 README.SELinux create mode 100644 configuration.htm create mode 100644 doc.htm create mode 100644 fastcgi.fc create mode 100644 fastcgi.te create mode 100644 fcgid.conf create mode 100644 mod_fcgid.1.09-docurls.patch create mode 100644 mod_fcgid.spec diff --git a/.cvsignore b/.cvsignore index e69de29..794ff95 100644 --- a/.cvsignore +++ b/.cvsignore @@ -0,0 +1 @@ +mod_fcgid.1.10.tar.gz diff --git a/README.Fedora b/README.Fedora new file mode 100644 index 0000000..37c7c27 --- /dev/null +++ b/README.Fedora @@ -0,0 +1,129 @@ +Using mod_fcgid in Fedora +========================= + +This mod_fcgid package includes a configuration file +/etc/httpd/conf.d/fcgid.conf that ensures that the module is loaded and +added as the handler for .fcg, .fcgi, and .fpl applications (provided +mod_fastcgi in not already loaded, in which case you will need to decide which +module should handle which types of application). + +So far the module package has only been tested in conjunction with the "moin" +wiki application. Further feedback regarding other applications is welcome. + +Setting up moin with mod_fcgid +============================== + +Setting up moin with mod_fcgid is very similar to setting it up as a regular +CGI application. + + * Create a directory for your wiki instance: + + DESTDIR=/var/www/mywiki + mkdir -p $DESTDIR/cgi-bin + + * Copy in the wiki template data and the application itself: + + cp -a /usr/share/moin/{data,underlay} $DESTDIR + cp -a /usr/share/moin/server/moin.fcg $DESTDIR/cgi-bin + cp -a /usr/share/moin/config/wikiconfig.py $DESTDIR/cgi-bin + + * Fix the directory ownership + + chown -R apache:apache $DESTDIR/{data,underlay} + + * Edit $DESTDIR/cgi-bin/wikiconfig.py to suit your needs + + * Create a httpd configuration file for the wiki, e.g. + /etc/httpd/conf.d/mywiki.conf + + # Wiki application data common to all wiki instances + Alias /wiki/ "/usr/share/moin/htdocs/" + + Options Indexes FollowSymLinks + AllowOverride None + Order allow,deny + Allow from all + + + # Wiki instance with mod_fcgid + + ScriptAlias /mywiki "/var/www/mywiki/cgi-bin/moin.fcg" + + Options Indexes FollowSymLinks ExecCGI + AllowOverride None + Order allow,deny + Allow from all + + + + * If you are using SELinux with Fedora Core 5 or later, install the + mod_fcgid-selinux package and see the README.SELinux file in that package + for details of the file contexts to use + + * Restart the web server to load the new configuration: + + service httpd restart + +That should do it! + +mod_fcgid with SELinux +====================== + +Versions of this package built for Fedora Core 5 or later include an SELinux +policy module to support FastCGI applications. Again, this has only been tested +with moin, so feedback from other applications is welcome. The intention is for +this module to be included in the SELinux reference policy eventually. + +The module source (fastcgi.{fc,te}) is included for reference as documentation +in the package. + +The module introduces a new set of SELinux types for FastCGI applications, +comparable with the types described in "man httpd_selinux" for regular CGI +scripts (or "system scripts" as they are known in SELinux): + + * httpd_fastcgi_content_t (equivalent to httpd_sys_content_t) + - Set files with httpd_fastcgi_content_t for content that is available + from all FastCGI scripts and the daemon. + + * httpd_fastcgi_script_exec_t (equivalent to httpd_sys_script_exec_t) + - Set FastCGI scripts with httpd_fastcgi_script_exec_t to allow them to run + with access to all fastcgi types. + + * httpd_fastcgi_script_ro_t (equivalent to httpd_sys_script_ro_t) + - Set files with httpd_fastcgi_script_ro_t if you want + httpd_fastcgi_script_exec_t scripts to read the data, and disallow other + non-fastcgi scripts from access. + + * httpd_fastcgi_script_rw_t (equivalent to httpd_sys_script_rw_t) + - Set files with httpd_fastcgi_script_rw_t if you want + httpd_fastcgi_script_exec_t scripts to read/write the data, and disallow + other non-fastcgi scripts from access. + + * httpd_fastcgi_script_ra_t (equivalent to httpd_sys_script_ra_t) + - Set files with httpd_fastcgi_script_ra_t if you want + httpd_fastcgi_script_exec_t scripts to read/append to the file, and + disallow other non-fastcgi scripts from access. + +So for the moin wiki layout described above, the contexts would be set as +follows: + + cd /var/www/mywiki + chcon -t httpd_fastcgi_content_t . + chcon -R -t httpd_fastcgi_script_exec_t cgi-bin + chcon -R -t httpd_fastcgi_script_rw_t data underlay + +It is necessary to turn on the httpd_enable_cgi boolean to run either regular +or FastCGI scripts: + + setsebool -P httpd_enable_cgi 1 + +If the httpd_unified boolean is set, "sys" and "fastcgi" scripts can access +each other's data. This means that you only need to set the actual FastCGI +scripts themselves to httpd_fastcgi_script_exec_t and can leave the file +contexts for everything else set to the "sys" types if you prefer. This is +useful if you have a mixture of CGI and FastCGI applications accessing the +same data. + +If you have any questions or issues regarding FastCGI and SELinux, please don't +hesitate to bring them up on fedora-selinux-list. + diff --git a/README.SELinux b/README.SELinux new file mode 100644 index 0000000..29d03b1 --- /dev/null +++ b/README.SELinux @@ -0,0 +1,48 @@ +CONFIGURING SELINUX FOR CONTAGGED +================================= + +The contagged RPM package for Fedora Core 5 and later includes a policy module +that ensures that all files required by the application get the correct +SELinux file contexts. + +However, there are a few SELinux booleans you need to set in order to use +contagged: + +# setsebool -P httpd_builtin_scripting 1 +# setsebool -P httpd_enable_cgi 1 +# setsebool -P httpd_unified 1 + +It is necessary to set these booleans because contagged is a PHP application. +It is not necessary to set the httpd_can_network_connect boolean because the +web server is allowed to connect to LDAP servers by default. + +If you are using an older distribution that does not support SELinux policy +modules, you will need to set the file contexts manually: + +# chcon -R -t httpd_cache_t /var/cache/contagged + +You will need to repeat this step if the filesystem is relabelled. + +Once the configuration is set up as required, restart httpd: + +# service httpd restart + +ABOUT THE PACKAGE +================= + +One of the reasons for building this package was to provide an example of how +to include a custom SELinux policy module with an RPM package. It's unfortunate +that the kludge of having to use restorecon in the post-install script is +required but updates to rpm will be necessary before that can be avoided - see: +http://www.redhat.com/archives/fedora-selinux-list/2006-May/msg00098.html + +An alternative approach (instead of using a loadable policy module) that some +people have taken, particularly where the only required policy customisation is +for file contexts, is to use semanage to add additional fcontext objects to the +running policy. A significant disadvantage of this approach is that it's harder +to manage future changes to policy, since all later versions of a package must +be able to "undo" the policy fixes (e.g. remove fcontext objects) set up by all +earlier versions of the package if there are changes to policy in later +versions. Using policy modules makes this very easy, since semodule handles the +upgrades very neatly (modules have version numbers). + diff --git a/configuration.htm b/configuration.htm new file mode 100644 index 0000000..4a6e4ad --- /dev/null +++ b/configuration.htm @@ -0,0 +1,111 @@ + + + + + + +The mod_fcgid Home Page + + + + +

This is a for regular fastcgi. 

LoadModule fcgid_module +modules/mod_fcgid.so

+<Location /fcgid>
+    SetHandler fcgid-script
+    Options ExecCGI
+    allow from all
+</Location>

+  +

+

This is for suEXEC. Please get more information about suEXEC here

LoadModule fcgid_module +modules/mod_fcgid.so

+<Location /fcgid>
+    SetHandler fcgid-script
+    Options ExecCGI
+    allow from all
+</Location>

+<VirtualHost 192.168.1.89>
+    ServerAdmin webmaster@host.foo.com
+    DocumentRoot /usr/local/apache2/htdocs/
+    ServerName host.foo.com
+    SuexecUserGroup pqf pqf
+</VirtualHost>

+  +

+

This is for fastcgi-mode PHP (UNIX)

LoadModule fcgid_module modules/mod_fcgid.so

+<Directory /usr/local/apache2/htdocs/php>
+    SetHandler fcgid-script
+    FCGIWrapper /usr/local/bin/php .php
+    Options ExecCGI
+    allow from all
+</Directory>

This works too:

LoadModule fcgid_module +modules/mod_fcgid.so 

+AddHandler fcgid-script .php
+<Directory /usr/local/apache2/htdocs/php>
+    FCGIWrapper /usr/local/bin/php .php
+    Options ExecCGI
+    allow from all
+</Directory>

# Please make sure:
+# php is configured with --enable-fastcgi option
+# check error_log(with debug level), if +any thing goes wrong +

+

This is for suPHP  ( UNIX ) +

LoadModule fcgid_module modules/mod_fcgid.so
+
+<VirtualHost *:80>
+    ServerName test2.example.com
+    DocumentRoot /usr/local/apache2/htdocs/test2.example.com/
+    SuexecUserGroup pqf pqf
+</VirtualHost>
+
+<Directory /usr/local/apache2/htdocs/test2.example.com/>
+    AddHandler fcgid-script .php
+    Options ExecCGI
+    allow from all
+    FCGIWrapper /usr/local/apache2/htdocs/test2.example.com/php .php
+</Directory>

+

+ +# Please make sure:
+# php is configured with --enable-fastcgi option
+# copy php execution to /usr/local/apache2/htdocs/test2.example.com/ directory
+# make sure all files in /usr/local/apache2/htdocs/test2.example.com/ with right +owner and group
+# check error_log(with debug level) and suexec_log, if +any thing goes wrong +
+ +

+


+This is for fastcgi-mode PHP ( Windows )

LoadModule fcgid_module modules/mod_fcgid.so

+<Directory "C:/Apache2/htdocs/php/">
+    SetHandler fcgid-script
+    Options execCGI
+    AllowOverride None
+    Order allow,deny
+    Allow from all
+    FCGIWrapper "c:/php/php.exe" .php
+</Directory>

This works too:

LoadModule fcgid_module modules/mod_fcgid.so 

+AddHandler fcgid-script .php
+<Directory "C:/Apache2/htdocs/php/">
+    FCGIWrapper "c:/php/php.exe" .php
+    Options ExecCGI
+    allow from all
+</Directory>
+ +

+

 

+

 

+

 

+

 

+

 

+

 

+

 

+

 

+

 

+ + + + diff --git a/doc.htm b/doc.htm new file mode 100644 index 0000000..056a4eb --- /dev/null +++ b/doc.htm @@ -0,0 +1,103 @@ + + + + + + +The mod_fcgid Home Page + + + + + + + + + + + + + + + + + +
+ +  + + + + + +
+ +Home
+Chinese Info
+Download (source)
+Documentations
+ + +Feedback + + +
+ +
    +
  • + +

    Here are some examples of configuration

    +
    • +
+ +

Configuration for Regular fastcgi +(non-PHP, non-Ruby, non-Python) 

Configuration +for suEXEC fastcgi

Configuration for PHP +(UNIX)

Configuration for suPHP (UNIX)

Configuration +for PHP (Windows)

  +

+
    +

  • There are +some other configurations you can set

    +
    • +
+

IdleTimeout n (300 +seconds)

An idle fastcgi application will be terminated after IdleTimeout +seconds.

IdleScanInterval n (120 seconds)

The scan interval for idle +fastcgi applications.

BusyTimeout n (300 seconds)

a fastcgi +application will be terminated if handing a single request longer than busy +timeout.

BusyScanInterval n (120 seconds)

The scan interval for busy +timeout fastcgi applications.

ErrorScanInterval n (3 seconds)

The +scan interval for exit pending fastcgi applications. fastcgi applications will +be terminated within this scanning.

ZombieScanInterval n (3 seconds)

The +scan interval for zombie process. 

ProcessLifeTime n (3600 seconds)

A +fastcgi application will be terminated if lifetime expired, even no error is +detected.

SocketPath path (logs/fcgidsock)

The directory to put the +UNIX domain socket. (UNIX only)

SpawnScoreUpLimit n (10)

The +spawn-speed control score up water limit. Score increases while a process is spawned or terminated, and decreases +as time progresses; while the score is higher than SpawnScoreUpLimit, the spawning will be +held for a while. The higher this number is, the higher speed of the spawning +can be.

SpawnScore n (1)

The weight of spawning.  This weight +will be plused to the spawn-control score on every spawn. The higher this number +is, the lower speed of spawning can be.

TerminationScore n (2)

The +weight of termination. This weight will be plused to the score while fastcgi +process terminates. The higher this number is, the lower speed of spawning can +be.

MaxProcessCount n (1000)

The max count of total fastcgi process +count.

DefaultMaxClassProcessCount n (100)

The maximum number of +fastcgi application instances allowed to run for any one fastcgi application. 

DefaultMinClassProcessCount n +(3)

The minimum number of +fastcgi application instances for any one fastcgi application. 

DefaultInitEnv  +env_name env_value

The default environment variables before a fastcgi +application is spawned. You can set this configuration more +than once.

IPCConnectTimeout n (3 seconds)

The connect timeout to a +fastcgi application. 

IPCCommTimeout n (20 seconds)

The communication +timeout to a fastcgi application. Please increase this value if your CGI have a +slow initialization or slow respond.

OutputBufferSize n (64k bytes)

CGI +output cache buffer size.

PHP_Fix_Pathinfo_Enable n(n=0/1, default 0)

If +you are using PHP and set cgi.fix_pathinfo=1 in php.ini, set +PHP_Fix_Pathinfo_Enable 1. + +

+ + diff --git a/fastcgi.fc b/fastcgi.fc new file mode 100644 index 0000000..66e0015 --- /dev/null +++ b/fastcgi.fc @@ -0,0 +1 @@ +/var/run/mod_fcgid(/.*)? gen_context(system_u:object_r:httpd_fastcgi_sock_t,s0) diff --git a/fastcgi.te b/fastcgi.te new file mode 100644 index 0000000..e1db9d9 --- /dev/null +++ b/fastcgi.te @@ -0,0 +1,75 @@ +policy_module(fastcgi, 0.1.6) + +type httpd_fastcgi_sock_t; +files_type(httpd_fastcgi_sock_t) + +require { + type devpts_t; + type httpd_t; + type httpd_config_t; + type httpd_log_t; + type httpd_sys_script_exec_t; + type httpd_sys_content_t; +}; + +# ========================================================== +# Create and use httpd_fastcgi_script_t for mod_fcgid apps +# ========================================================== + +apache_content_template(fastcgi) +kernel_read_kernel_sysctls(httpd_fastcgi_script_t) + +# Allow FastCGI applications to do DNS lookups +sysnet_dns_name_resolve(httpd_fastcgi_script_t) + +# Allow FastCGI applications to live alongside regular CGI apps +allow httpd_fastcgi_script_t httpd_sys_script_exec_t:dir { search_dir_perms }; +allow httpd_fastcgi_script_t httpd_sys_content_t:dir { search_dir_perms }; + +# Allow FastCGI applications to read the routing table +allow httpd_fastcgi_script_t self:netlink_route_socket { r_netlink_socket_perms }; + +# Allow httpd to create and use sockets for communicating with mod_fcgid +allow httpd_t httpd_fastcgi_sock_t:dir { rw_dir_perms setattr }; +allow httpd_t httpd_fastcgi_sock_t:sock_file { create_file_perms }; + +# Allow httpd to read httpd_fastcgi_content_t +# (shouldn't this be in the content template?) +allow httpd_t httpd_fastcgi_content_t:dir r_dir_perms; +allow httpd_t httpd_fastcgi_content_t:file r_file_perms; +allow httpd_t httpd_fastcgi_content_t:lnk_file { getattr read }; + +# Allow FastCGI applications to listen for FastCGI requests on their +# sockets and respond to them +allow httpd_fastcgi_script_t httpd_t:unix_stream_socket { rw_stream_socket_perms }; + +# FastCGI application doing something to the httpd error log +dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl; + +# Not sure what this is doing (happens when fastcgi scripts start) +dontaudit httpd_t devpts_t:chr_file ioctl; + +# ====================================================== +# Equivalent policy cribbed from httpd_sys_script_t +# ====================================================== + +dontaudit httpd_fastcgi_script_t httpd_config_t:dir search; + +files_search_var_lib(httpd_fastcgi_script_t) +files_search_spool(httpd_fastcgi_script_t) + +ifdef(`distro_redhat',` + allow httpd_fastcgi_script_t httpd_log_t:file { getattr append }; +') + +ifdef(`targeted_policy',` + tunable_policy(`httpd_enable_homedirs',` + userdom_search_generic_user_home_dirs(httpd_fastcgi_script_t) + ') +') + +optional_policy(` + mysql_stream_connect(httpd_fastcgi_script_t) + mysql_rw_db_sockets(httpd_fastcgi_script_t) +') + diff --git a/fcgid.conf b/fcgid.conf new file mode 100644 index 0000000..8bf626b --- /dev/null +++ b/fcgid.conf @@ -0,0 +1,15 @@ +# This is the Apache server configuration file for providing FastCGI support +# through mod_fcgid +# +# Documentation is available at http://fastcgi.coremail.cn/doc.htm + +LoadModule fcgid_module modules/mod_fcgid.so + +# Use FastCGI to process .fcg .fcgi & .fpl scripts +# Don't do this if mod_fastcgi is present, as it will try to do the same thing + + AddHandler fcgid-script fcg fcgi fpl + + +# Sane place to put sockets +SocketPath run/mod_fcgid diff --git a/mod_fcgid.1.09-docurls.patch b/mod_fcgid.1.09-docurls.patch new file mode 100644 index 0000000..18494a1 --- /dev/null +++ b/mod_fcgid.1.09-docurls.patch @@ -0,0 +1,21 @@ +--- mod_fcgid.1.09/directives.htm 2006-06-18 09:27:53.000000000 +0100 ++++ mod_fcgid.1.09/directives.htm 2006-06-18 09:29:02.000000000 +0100 +@@ -27,13 +27,13 @@ + + + +-Home
+-Chinese Info
+-Download (source)
+-Documentations
++Home
++Chinese Info
++Download (source)
++Documentations
+ + +-Feedback ++Feedback + + + diff --git a/mod_fcgid.spec b/mod_fcgid.spec new file mode 100644 index 0000000..e6345d0 --- /dev/null +++ b/mod_fcgid.spec @@ -0,0 +1,204 @@ +# FC5 and later include SELinux policy module packages +%if 0%{?fedora} < 5 +%define selinux_module 0 +%define selinux_variants %{nil} +%define selinux_buildreqs %{nil} +%else +%define selinux_module 1 +%define selinux_variants mls strict targeted +%define selinux_buildreqs checkpolicy, selinux-policy-devel, hardlink +%endif + +Name: mod_fcgid +Version: 1.10 +Release: 6%{?dist} +Summary: Apache2 module for high-performance server-side scripting +Group: System Environment/Daemons +License: GPL +URL: http://fastcgi.coremail.cn/ +Source0: http://fastcgi.coremail.cn/mod_fcgid.%{version}.tar.gz +Source1: fcgid.conf +Source2: fastcgi.te +Source3: fastcgi.fc +Source4: README.Fedora +Source5: http://fastcgi.coremail.cn/doc.htm +Source6: http://fastcgi.coremail.cn/configuration.htm +Source7: README.SELinux +Patch0: mod_fcgid.1.09-docurls.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: httpd-devel >= 2.0 +Requires: httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && %{__cat} %{_includedir}/httpd/.mmn || echo missing) + +%description +mod_fcgid is a binary-compatible alternative to the Apache module mod_fastcgi. +mod_fcgid has a new process management strategy, which concentrates on reducing +the number of fastcgi servers, and kicking out corrupt fastcgi servers as soon +as possible. + +%if %{selinux_module} +%define selinux_policyver %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp) +%package selinux +Summary: SELinux policy module supporting FastCGI applications with mod_fcgid +Group: System Environment/Base +BuildRequires: %{selinux_buildreqs} +# selinux-policy is required for directory ownership of %{_datadir}/selinux/* +# Modules built against one version of a policy may not work with older policy +# versions, as noted on fedora-selinux-list: +# http://www.redhat.com/archives/fedora-selinux-list/2006-May/msg00102.html +# Hence the versioned dependency. The versioning will hopefully be replaced by +# an ABI version requirement or something similar in the future +%if "%{selinux_policyver}" != "" +Requires: selinux-policy >= %{selinux_policyver} +%endif +Requires: %{name} = %{version}-%{release} +Requires(post): /usr/sbin/semodule, /sbin/restorecon +Requires(postun): /usr/sbin/semodule, /sbin/restorecon + +%description selinux +SELinux policy module supporting FastCGI applications with mod_fcgid. +%endif + +%prep +%setup -q -n mod_fcgid.%{version} +%{__cp} -p %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE6} %{SOURCE7} . +%{__cp} -p %{SOURCE5} directives.htm +%patch0 -p1 +%{__sed} -i -e 's/\r$//' directives.htm configuration.htm + +%build +topdir=$(/usr/bin/dirname $(/usr/sbin/apxs -q exp_installbuilddir)) +%{__make} top_dir=${topdir} +%if %{selinux_module} +for selinuxvariant in %{selinux_variants} +do + %{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile + %{__mv} fastcgi.pp fastcgi.pp.${selinuxvariant} + %{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean +done +%endif + +%install +%{__rm} -rf %{buildroot} +topdir=$(/usr/bin/dirname $(/usr/sbin/apxs -q exp_installbuilddir)) +%{__make} \ + top_dir=${topdir} \ + DESTDIR=%{buildroot} \ + MKINSTALLDIRS="%{__mkdir_p}" \ + install +%{__install} -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/httpd/conf.d/fcgid.conf +%{__install} -d -m 755 %{buildroot}%{_localstatedir}/run/mod_fcgid + +# Install SELinux policy modules +%if %{selinux_module} +for selinuxvariant in %{selinux_variants} +do + %{__install} -d %{buildroot}%{_datadir}/selinux/${selinuxvariant} + %{__install} -p -m 644 fastcgi.pp.${selinuxvariant} \ + %{buildroot}%{_datadir}/selinux/${selinuxvariant}/fastcgi.pp +done +# Hardlink identical policy module packages together +/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux +%endif + +%clean +%{__rm} -rf %{buildroot} + +%if %{selinux_module} +%post selinux +# Install SELinux policy modules +for selinuxvariant in %{selinux_variants} +do + /usr/sbin/semodule -s ${selinuxvariant} -i \ + %{_datadir}/selinux/${selinuxvariant}/fastcgi.pp &> /dev/null || : +done +# Fix up non-standard directory context +/sbin/restorecon %{_localstatedir}/run/mod_fcgid || : + +%postun selinux +# Clean up after package removal +if [ $1 -eq 0 ]; then + # Remove SELinux policy modules + for selinuxvariant in %{selinux_variants} + do + /usr/sbin/semodule -s ${selinuxvariant} -r fastcgi &> /dev/null || : + done + # Clean up any remaining file contexts (shouldn't be any really) + [ -d %{_localstatedir}/run/mod_fcgid ] && \ + /sbin/restorecon -R %{_localstatedir}/run/mod_fcgid &> /dev/null || : +fi +%endif + +%files +%defattr(-,root,root,0755) +%doc ChangeLog AUTHOR COPYING configuration.htm directives.htm +%doc README.Fedora +%{_libdir}/httpd/modules/mod_fcgid.so +%config(noreplace) %{_sysconfdir}/httpd/conf.d/fcgid.conf +%dir %attr(0755,apache,apache) %{_localstatedir}/run/mod_fcgid + +%if %{selinux_module} +%files selinux +%defattr(-,root,root,0755) +%doc fastcgi.fc fastcgi.te README.SELinux +%{_datadir}/selinux/*/fastcgi.pp +%endif + +%changelog +* Tue Aug 29 2006 Paul Howarth 1.10-6 +- Buildreqs for FC5 now identical to buildreqs for FC6 onwards + +* Fri Jul 28 2006 Paul Howarth 1.10-5 +- Split off SELinux module into separate subpackage to avoid dependency on + the selinux-policy package for the main package + +* Fri Jul 28 2006 Paul Howarth 1.10-4 +- SELinux policy packages moved from %%{_datadir}/selinux/packages/POLICYNAME + to %%{_datadir}/selinux/POLICYNAME +- hardlink identical policy module packages together to avoid duplicate files + +* Thu Jul 20 2006 Paul Howarth 1.10-3 +- Adjust buildreqs for FC6 onwards +- Figure out where top_dir is dynamically since the /etc/httpd/build + symlink is gone in FC6 + +* Wed Jul 5 2006 Paul Howarth 1.10-2 +- SELinux policy update: allow FastCGI apps to do DNS lookups + +* Tue Jul 4 2006 Paul Howarth 1.10-1 +- Update to 1.10 +- Expand tabs to shut rpmlint up + +* Tue Jul 4 2006 Paul Howarth 1.09-10 +- SELinux policy update: + * allow httpd to read httpd_fastcgi_content_t without having the + httpd_builtin_scripting boolean set + * allow httpd_fastcgi_script_t to read /etc/resolv.conf without + having the httpd_can_network_connect boolean set + +* Sun Jun 18 2006 Paul Howarth 1.09-9 +- Discard output of semodule in %%postun +- Include some documentation from upstream + +* Fri Jun 9 2006 Paul Howarth 1.09-8 +- Change default context type for socket directory from var_run_t to + httpd_fastcgi_sock_t for better separation + +* Thu Jun 8 2006 Paul Howarth 1.09-7 +- Add SELinux policy module and README.Fedora +- Conflict with selinux-policy versions older than what we're built on + +* Mon May 15 2006 Paul Howarth 1.09-6 +- Instead of conflicting with mod_fastcgi, don't add the handler for .fcg etc. + if mod_fastcgi is present + +* Fri May 12 2006 Paul Howarth 1.09-5 +- Use correct handler name in fcgid.conf +- Conflict with mod_fastcgi +- Create directory %%{_localstatedir}/run/mod_fcgid for sockets + +* Thu May 11 2006 Paul Howarth 1.09-4 +- Cosmetic tweaks (personal preferences) +- Don't include INSTALL.TXT, nothing of use to end users + +* Wed May 10 2006 Thomas Antony 1.09-3 +- Initial release diff --git a/sources b/sources index e69de29..6c280fd 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +6c36b18548ca64864ed3dd4cb759062f mod_fcgid.1.10.tar.gz