rpms/mod_fcgid
5
0
Fork 0
Code Issues Pull Requests Releases Activity

auto-import mod_fcgid-1.10-6 on branch devel from mod_fcgid-1.10-6.src.rpm

Browse Source
This commit is contained in:
Paul Howarth 2006-09-06 13:08:59 +00:00
parent 80eb24fa33
commit dbeb0027f8
11 changed files with 709 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -0,0 +1 @@
mod_fcgid.1.10.tar.gz

129
README.Fedora Normal file
View File

@ -0,0 +1,129 @@
Using mod_fcgid in Fedora
=========================
This mod_fcgid package includes a configuration file
/etc/httpd/conf.d/fcgid.conf that ensures that the module is loaded and
added as the handler for .fcg, .fcgi, and .fpl applications (provided
mod_fastcgi in not already loaded, in which case you will need to decide which
module should handle which types of application).
So far the module package has only been tested in conjunction with the "moin"
wiki application. Further feedback regarding other applications is welcome.
Setting up moin with mod_fcgid
==============================
Setting up moin with mod_fcgid is very similar to setting it up as a regular
CGI application.
* Create a directory for your wiki instance:
DESTDIR=/var/www/mywiki
mkdir -p $DESTDIR/cgi-bin
* Copy in the wiki template data and the application itself:
cp -a /usr/share/moin/{data,underlay} $DESTDIR
cp -a /usr/share/moin/server/moin.fcg $DESTDIR/cgi-bin
cp -a /usr/share/moin/config/wikiconfig.py $DESTDIR/cgi-bin
* Fix the directory ownership
chown -R apache:apache $DESTDIR/{data,underlay}
* Edit $DESTDIR/cgi-bin/wikiconfig.py to suit your needs
* Create a httpd configuration file for the wiki, e.g.
/etc/httpd/conf.d/mywiki.conf
# Wiki application data common to all wiki instances
Alias /wiki/ "/usr/share/moin/htdocs/"
<Directory "/usr/share/moin/htdocs/">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
# Wiki instance with mod_fcgid
<IfModule mod_fcgid.c>
ScriptAlias /mywiki "/var/www/mywiki/cgi-bin/moin.fcg"
<Directory "/var/www/mywiki/cgi-bin/">
Options Indexes FollowSymLinks ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</IfModule>
* If you are using SELinux with Fedora Core 5 or later, install the
mod_fcgid-selinux package and see the README.SELinux file in that package
for details of the file contexts to use
* Restart the web server to load the new configuration:
service httpd restart
That should do it!
mod_fcgid with SELinux
======================
Versions of this package built for Fedora Core 5 or later include an SELinux
policy module to support FastCGI applications. Again, this has only been tested
with moin, so feedback from other applications is welcome. The intention is for
this module to be included in the SELinux reference policy eventually.
The module source (fastcgi.{fc,te}) is included for reference as documentation
in the package.
The module introduces a new set of SELinux types for FastCGI applications,
comparable with the types described in "man httpd_selinux" for regular CGI
scripts (or "system scripts" as they are known in SELinux):
* httpd_fastcgi_content_t (equivalent to httpd_sys_content_t)
- Set files with httpd_fastcgi_content_t for content that is available
from all FastCGI scripts and the daemon.
* httpd_fastcgi_script_exec_t (equivalent to httpd_sys_script_exec_t)
- Set FastCGI scripts with httpd_fastcgi_script_exec_t to allow them to run
with access to all fastcgi types.
* httpd_fastcgi_script_ro_t (equivalent to httpd_sys_script_ro_t)
- Set files with httpd_fastcgi_script_ro_t if you want
httpd_fastcgi_script_exec_t scripts to read the data, and disallow other
non-fastcgi scripts from access.
* httpd_fastcgi_script_rw_t (equivalent to httpd_sys_script_rw_t)
- Set files with httpd_fastcgi_script_rw_t if you want
httpd_fastcgi_script_exec_t scripts to read/write the data, and disallow
other non-fastcgi scripts from access.
* httpd_fastcgi_script_ra_t (equivalent to httpd_sys_script_ra_t)
- Set files with httpd_fastcgi_script_ra_t if you want
httpd_fastcgi_script_exec_t scripts to read/append to the file, and
disallow other non-fastcgi scripts from access.
So for the moin wiki layout described above, the contexts would be set as
follows:
cd /var/www/mywiki
chcon -t httpd_fastcgi_content_t .
chcon -R -t httpd_fastcgi_script_exec_t cgi-bin
chcon -R -t httpd_fastcgi_script_rw_t data underlay
It is necessary to turn on the httpd_enable_cgi boolean to run either regular
or FastCGI scripts:
setsebool -P httpd_enable_cgi 1
If the httpd_unified boolean is set, "sys" and "fastcgi" scripts can access
each other's data. This means that you only need to set the actual FastCGI
scripts themselves to httpd_fastcgi_script_exec_t and can leave the file
contexts for everything else set to the "sys" types if you prefer. This is
useful if you have a mixture of CGI and FastCGI applications accessing the
same data.
If you have any questions or issues regarding FastCGI and SELinux, please don't
hesitate to bring them up on fedora-selinux-list.

48
README.SELinux Normal file
View File

@ -0,0 +1,48 @@
CONFIGURING SELINUX FOR CONTAGGED
=================================
The contagged RPM package for Fedora Core 5 and later includes a policy module
that ensures that all files required by the application get the correct
SELinux file contexts.
However, there are a few SELinux booleans you need to set in order to use
contagged:
# setsebool -P httpd_builtin_scripting 1
# setsebool -P httpd_enable_cgi 1
# setsebool -P httpd_unified 1
It is necessary to set these booleans because contagged is a PHP application.
It is not necessary to set the httpd_can_network_connect boolean because the
web server is allowed to connect to LDAP servers by default.
If you are using an older distribution that does not support SELinux policy
modules, you will need to set the file contexts manually:
# chcon -R -t httpd_cache_t /var/cache/contagged
You will need to repeat this step if the filesystem is relabelled.
Once the configuration is set up as required, restart httpd:
# service httpd restart
ABOUT THE PACKAGE
=================
One of the reasons for building this package was to provide an example of how
to include a custom SELinux policy module with an RPM package. It's unfortunate
that the kludge of having to use restorecon in the post-install script is
required but updates to rpm will be necessary before that can be avoided - see:
http://www.redhat.com/archives/fedora-selinux-list/2006-May/msg00098.html
An alternative approach (instead of using a loadable policy module) that some
people have taken, particularly where the only required policy customisation is
for file contexts, is to use semanage to add additional fcontext objects to the
running policy. A significant disadvantage of this approach is that it's harder
to manage future changes to policy, since all later versions of a package must
be able to "undo" the policy fixes (e.g. remove fcontext objects) set up by all
earlier versions of the package if there are changes to policy in later
versions. Using policy modules makes this very easy, since semodule handles the
upgrades very neatly (modules have version numbers).

111
configuration.htm Normal file
View File

@ -0,0 +1,111 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>The mod_fcgid Home Page</title>
</head>
<body>
<p><b><a name="regular fastcgi"></a>This is a for regular fastcgi.&nbsp;</b><p>LoadModule fcgid_module
modules/mod_fcgid.so<p>
&lt;Location /fcgid><br>
&nbsp;&nbsp;&nbsp; SetHandler fcgid-script<br>
&nbsp;&nbsp;&nbsp; Options ExecCGI<br>
&nbsp;&nbsp;&nbsp; allow from all<br>
&lt;/Location&gt;<p>
&nbsp;
<hr>
<p><b><a name="suEXEC"></a>This is for suEXEC. Please get more information about suEXEC <a href="http://httpd.apache.org/docs-2.0/suexec.html">here</a>.&nbsp;</b><p>LoadModule fcgid_module
modules/mod_fcgid.so<p>
&lt;Location /fcgid&gt;<br>
&nbsp;&nbsp;&nbsp; SetHandler fcgid-script<br>
&nbsp;&nbsp;&nbsp; Options ExecCGI<br>
&nbsp;&nbsp;&nbsp; allow from all<br>
&lt;/Location&gt;<p>
&lt;VirtualHost 192.168.1.89><br>
&nbsp;&nbsp;&nbsp; ServerAdmin <a href="mailto:webmaster@host.foo.com">webmaster@host.foo.com<br>
</a>&nbsp;&nbsp;&nbsp; DocumentRoot /usr/local/apache2/htdocs/<br>
&nbsp;&nbsp;&nbsp; ServerName host.foo.com<br>
&nbsp;&nbsp;&nbsp; SuexecUserGroup pqf pqf<br>
&lt;/VirtualHost&gt;<p>
¡¡
<hr>
<p><b><a name="PHP"></a>This is for fastcgi-mode PHP (UNIX)</b><p>LoadModule fcgid_module modules/mod_fcgid.so<p>
&lt;Directory /usr/local/apache2/htdocs/php><br>
&nbsp;&nbsp;&nbsp; SetHandler fcgid-script<br>
&nbsp;&nbsp;&nbsp; FCGIWrapper /usr/local/bin/php .php<br>
&nbsp;&nbsp;&nbsp; Options ExecCGI<br>
&nbsp;&nbsp;&nbsp; allow from all<br>
&lt;/Directory><p><b>This works too:</b><p>LoadModule fcgid_module
modules/mod_fcgid.so&nbsp;<p>
AddHandler fcgid-script .php<br>
&lt;Directory /usr/local/apache2/htdocs/php&gt;<br>
&nbsp;&nbsp;&nbsp; FCGIWrapper /usr/local/bin/php .php<br>
&nbsp;&nbsp;&nbsp; Options ExecCGI<br>
&nbsp;&nbsp;&nbsp; allow from all<br>
&lt;/Directory&gt;<p><b># Please make sure:<br>
# php is configured with --enable-fastcgi option<br>
# check error_log(with debug level), if
any thing goes wrong</b>
<hr>
<p><b><a name="suPHP"></a>This is for suPHP&nbsp; ( UNIX )</b>
<p>LoadModule fcgid_module modules/mod_fcgid.so<br>
<br>
&lt;VirtualHost *:80><br>
&nbsp;&nbsp;&nbsp; ServerName test2.example.com<br>
&nbsp;&nbsp;&nbsp; DocumentRoot /usr/local/apache2/htdocs/test2.example.com/<br>
&nbsp;&nbsp;&nbsp; SuexecUserGroup pqf pqf<br>
&lt;/VirtualHost><br>
<br>
&lt;Directory /usr/local/apache2/htdocs/test2.example.com/><br>
&nbsp;&nbsp;&nbsp; AddHandler fcgid-script .php<br>
&nbsp;&nbsp;&nbsp; Options ExecCGI<br>
&nbsp;&nbsp;&nbsp; allow from all<br>
&nbsp;&nbsp;&nbsp; FCGIWrapper /usr/local/apache2/htdocs/test2.example.com/php .php<br>
&lt;/Directory></p>
<p>
<b>
# Please make sure:<br>
# php is configured with --enable-fastcgi option<br>
# copy php execution to /usr/local/apache2/htdocs/test2.example.com/ directory<br>
# make sure all files in /usr/local/apache2/htdocs/test2.example.com/ with right
owner and group<br>
# check error_log(with debug level) and suexec_log, if
any thing goes wrong</b>
<br>
<hr>
<p><br>
<b><a name="PHP-Windows"></a>This is for fastcgi-mode PHP ( Windows )</b><p>LoadModule fcgid_module modules/mod_fcgid.so<p>
&lt;Directory &quot;C:/Apache2/htdocs/php/&quot;&gt;<br>
&nbsp;&nbsp;&nbsp; SetHandler fcgid-script<br>
&nbsp;&nbsp;&nbsp; Options execCGI<br>
&nbsp;&nbsp;&nbsp; AllowOverride None<br>
&nbsp;&nbsp;&nbsp; Order allow,deny<br>
&nbsp;&nbsp;&nbsp; Allow from all<br>
&nbsp;&nbsp;&nbsp; FCGIWrapper &quot;c:/php/php.exe&quot; .php<br>
&lt;/Directory><p><b>This works too:</b><p>LoadModule fcgid_module modules/mod_fcgid.so&nbsp;<p>
AddHandler fcgid-script .php<br>
&lt;Directory &quot;C:/Apache2/htdocs/php/&quot;&gt;<br>
&nbsp;&nbsp;&nbsp; FCGIWrapper &quot;c:/php/php.exe&quot; .php<br>
&nbsp;&nbsp;&nbsp; Options ExecCGI<br>
&nbsp;&nbsp;&nbsp; allow from all<br>
&lt;/Directory&gt;<br>
<hr>
<p>¡¡</p>
<p>¡¡</p>
<p>¡¡</p>
<p>¡¡</p>
<p>¡¡</p>
<p>¡¡</p>
<p>¡¡</p>
<p>¡¡</p>
<p>¡¡</p>
</body>
</html>

103
doc.htm Normal file
View File

@ -0,0 +1,103 @@
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>The mod_fcgid Home Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body bgcolor="#ffffff">
<table border="0" cellpadding="5" cellspacing="0" width="893">
<tr>
<td align="center" valign="top" width="200">
&nbsp;
<table cellpadding="5" cellspacing="0">
<tr>
<td nowrap bgcolor="#f8eda6" align="left">
<a href="index.htm">Home</a> <br>
<a href="index.cn.htm">Chinese Info</a> <br>
<a href="download.htm">Download (source)</a> <br>
<a href="doc.htm">Documentations</a> <br>
<a href="feedback.htm">Feedback</a>
</td> </tr> </table> </td>
<td valign="top" width="669">
<ul>
<li>
<p><b><font size="4">Here are some examples of configuration</font></b></p>
</li>
</ul>
<p><a href="configuration.htm#regular fastcgi">Configuration for Regular fastcgi
(non-PHP, non-Ruby, non-Python)&nbsp;</a><p><a href="configuration.htm#suEXEC">Configuration
for suEXEC fastcgi</a><p><a href="configuration.htm#PHP">Configuration for PHP
(UNIX)</a><p><a href="configuration.htm#suPHP">Configuration for suPHP (UNIX)</a><p><a href="configuration.htm#PHP-Windows">Configuration
for PHP (Windows)</a><p>&nbsp;
<hr>
<ul>
<li><h2><b><font size="4">There are
some other configurations you can set</font></b></h2>
</li>
</ul>
<p><b>IdleTimeout n (300
seconds)</b><p>An idle fastcgi application will be terminated after IdleTimeout
seconds. <p><b>IdleScanInterval n (120 seconds)</b><p>The scan interval for idle
fastcgi applications. <p><b>BusyTimeout n (300 seconds)</b><p>a fastcgi
application will be terminated if handing a single request longer than busy
timeout.<p><b>BusyScanInterval n (120 seconds)</b><p>The scan interval for busy
timeout fastcgi applications.<p><b>ErrorScanInterval n (3 seconds)</b><p>The
scan interval for exit pending fastcgi applications. fastcgi applications will
be terminated within this scanning.<p><b>ZombieScanInterval n (3 seconds)</b><p>The
scan interval for zombie process.&nbsp;<p><b>ProcessLifeTime n (3600 seconds)</b><p>A
fastcgi application will be terminated if lifetime expired, even no error is
detected.<p><b>SocketPath path (logs/fcgidsock)</b><p>The directory to put the
UNIX domain socket. (UNIX only)<p><b>SpawnScoreUpLimit n (10)</b><p>The
spawn-speed control score up water limit. Score increases while a process is spawned or terminated, and decreases
as time progresses; while the score is higher than <b>SpawnScoreUpLimit</b>, the spawning will be
held for a while. The higher this number is, the higher speed of the spawning
can be.<p><b>SpawnScore n (1)</b><p>The weight of spawning.&nbsp; This weight
will be plused to the spawn-control score on every spawn. The higher this number
is, the lower speed of spawning can be.<p><b>TerminationScore n (2)</b><p>The
weight of termination. This weight will be plused to the score while fastcgi
process terminates. The higher this number is, the lower speed of spawning can
be.<p><b>MaxProcessCount n (1000)</b><p>The max count of total fastcgi process
count.<p><b>DefaultMaxClassProcessCount n (100)</b><p>The maximum number of
fastcgi application instances allowed to run for any one fastcgi application.&nbsp;<p><b>DefaultMinClassProcessCount n
(3)</b><p>The minimum number of
fastcgi application instances for any one fastcgi application.&nbsp;<p><b>DefaultInitEnv&nbsp;
env_name env_value</b><p>The default environment variables before a fastcgi
application is spawned. You can set this configuration more
than once.<p><b>IPCConnectTimeout n (3 seconds)</b><p>The connect timeout to a
fastcgi application.&nbsp;<p><b>IPCCommTimeout n (20 seconds)</b><p>The communication
timeout to a fastcgi application. Please increase this value if your CGI have a
slow initialization or slow respond.<p><b>OutputBufferSize n (64k bytes)</b><p>CGI
output cache buffer size.<p><b>PHP_Fix_Pathinfo_Enable</b><b> n(n=0/1, default 0)</b><p>If
you are using PHP and set cgi.fix_pathinfo=1 in php.ini, set
PHP_Fix_Pathinfo_Enable 1.
</td>
</tr>
</table>
</body></html>

1
fastcgi.fc Normal file
View File

@ -0,0 +1 @@
/var/run/mod_fcgid(/.*)? gen_context(system_u:object_r:httpd_fastcgi_sock_t,s0)

75
fastcgi.te Normal file
View File

@ -0,0 +1,75 @@
policy_module(fastcgi, 0.1.6)
type httpd_fastcgi_sock_t;
files_type(httpd_fastcgi_sock_t)
require {
type devpts_t;
type httpd_t;
type httpd_config_t;
type httpd_log_t;
type httpd_sys_script_exec_t;
type httpd_sys_content_t;
};
# ==========================================================
# Create and use httpd_fastcgi_script_t for mod_fcgid apps
# ==========================================================
apache_content_template(fastcgi)
kernel_read_kernel_sysctls(httpd_fastcgi_script_t)
# Allow FastCGI applications to do DNS lookups
sysnet_dns_name_resolve(httpd_fastcgi_script_t)
# Allow FastCGI applications to live alongside regular CGI apps
allow httpd_fastcgi_script_t httpd_sys_script_exec_t:dir { search_dir_perms };
allow httpd_fastcgi_script_t httpd_sys_content_t:dir { search_dir_perms };
# Allow FastCGI applications to read the routing table
allow httpd_fastcgi_script_t self:netlink_route_socket { r_netlink_socket_perms };
# Allow httpd to create and use sockets for communicating with mod_fcgid
allow httpd_t httpd_fastcgi_sock_t:dir { rw_dir_perms setattr };
allow httpd_t httpd_fastcgi_sock_t:sock_file { create_file_perms };
# Allow httpd to read httpd_fastcgi_content_t
# (shouldn't this be in the content template?)
allow httpd_t httpd_fastcgi_content_t:dir r_dir_perms;
allow httpd_t httpd_fastcgi_content_t:file r_file_perms;
allow httpd_t httpd_fastcgi_content_t:lnk_file { getattr read };
# Allow FastCGI applications to listen for FastCGI requests on their
# sockets and respond to them
allow httpd_fastcgi_script_t httpd_t:unix_stream_socket { rw_stream_socket_perms };
# FastCGI application doing something to the httpd error log
dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl;
# Not sure what this is doing (happens when fastcgi scripts start)
dontaudit httpd_t devpts_t:chr_file ioctl;
# ======================================================
# Equivalent policy cribbed from httpd_sys_script_t
# ======================================================
dontaudit httpd_fastcgi_script_t httpd_config_t:dir search;
files_search_var_lib(httpd_fastcgi_script_t)
files_search_spool(httpd_fastcgi_script_t)
ifdef(`distro_redhat',`
allow httpd_fastcgi_script_t httpd_log_t:file { getattr append };
')
ifdef(`targeted_policy',`
tunable_policy(`httpd_enable_homedirs',`
userdom_search_generic_user_home_dirs(httpd_fastcgi_script_t)
')
')
optional_policy(`
mysql_stream_connect(httpd_fastcgi_script_t)
mysql_rw_db_sockets(httpd_fastcgi_script_t)
')

15
fcgid.conf Normal file
View File

@ -0,0 +1,15 @@
# This is the Apache server configuration file for providing FastCGI support
# through mod_fcgid
#
# Documentation is available at http://fastcgi.coremail.cn/doc.htm
LoadModule fcgid_module modules/mod_fcgid.so
# Use FastCGI to process .fcg .fcgi & .fpl scripts
# Don't do this if mod_fastcgi is present, as it will try to do the same thing
<IfModule !mod_fastcgi.c>
AddHandler fcgid-script fcg fcgi fpl
</IfModule>
# Sane place to put sockets
SocketPath run/mod_fcgid

21
mod_fcgid.1.09-docurls.patch Normal file
View File

@ -0,0 +1,21 @@
--- mod_fcgid.1.09/directives.htm 2006-06-18 09:27:53.000000000 +0100
+++ mod_fcgid.1.09/directives.htm 2006-06-18 09:29:02.000000000 +0100
@@ -27,13 +27,13 @@
<td nowrap bgcolor="#f8eda6" align="left">
-<a href="index.htm">Home</a> <br>
-<a href="index.cn.htm">Chinese Info</a> <br>
-<a href="download.htm">Download (source)</a> <br>
-<a href="doc.htm">Documentations</a> <br>
+<a href="http://fastcgi.coremail.cn/index.htm">Home</a> <br>
+<a href="http://fastcgi.coremail.cn/index.cn.htm">Chinese Info</a> <br>
+<a href="http://fastcgi.coremail.cn/download.htm">Download (source)</a> <br>
+<a href="http://fastcgi.coremail.cn/doc.htm">Documentations</a> <br>
-<a href="feedback.htm">Feedback</a>
+<a href="http://fastcgi.coremail.cn/feedback.htm">Feedback</a>
</td> </tr> </table> </td>

204
mod_fcgid.spec Normal file
View File

@ -0,0 +1,204 @@
# FC5 and later include SELinux policy module packages
%if 0%{?fedora} < 5
%define selinux_module 0
%define selinux_variants %{nil}
%define selinux_buildreqs %{nil}
%else
%define selinux_module 1
%define selinux_variants mls strict targeted
%define selinux_buildreqs checkpolicy, selinux-policy-devel, hardlink
%endif
Name: mod_fcgid
Version: 1.10
Release: 6%{?dist}
Summary: Apache2 module for high-performance server-side scripting
Group: System Environment/Daemons
License: GPL
URL: http://fastcgi.coremail.cn/
Source0: http://fastcgi.coremail.cn/mod_fcgid.%{version}.tar.gz
Source1: fcgid.conf
Source2: fastcgi.te
Source3: fastcgi.fc
Source4: README.Fedora
Source5: http://fastcgi.coremail.cn/doc.htm
Source6: http://fastcgi.coremail.cn/configuration.htm
Source7: README.SELinux
Patch0: mod_fcgid.1.09-docurls.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: httpd-devel >= 2.0
Requires: httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && %{__cat} %{_includedir}/httpd/.mmn || echo missing)
%description
mod_fcgid is a binary-compatible alternative to the Apache module mod_fastcgi.
mod_fcgid has a new process management strategy, which concentrates on reducing
the number of fastcgi servers, and kicking out corrupt fastcgi servers as soon
as possible.
%if %{selinux_module}
%define selinux_policyver %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp)
%package selinux
Summary: SELinux policy module supporting FastCGI applications with mod_fcgid
Group: System Environment/Base
BuildRequires: %{selinux_buildreqs}
# selinux-policy is required for directory ownership of %{_datadir}/selinux/*
# Modules built against one version of a policy may not work with older policy
# versions, as noted on fedora-selinux-list:
# http://www.redhat.com/archives/fedora-selinux-list/2006-May/msg00102.html
# Hence the versioned dependency. The versioning will hopefully be replaced by
# an ABI version requirement or something similar in the future
%if "%{selinux_policyver}" != ""
Requires: selinux-policy >= %{selinux_policyver}
%endif
Requires: %{name} = %{version}-%{release}
Requires(post): /usr/sbin/semodule, /sbin/restorecon
Requires(postun): /usr/sbin/semodule, /sbin/restorecon
%description selinux
SELinux policy module supporting FastCGI applications with mod_fcgid.
%endif
%prep
%setup -q -n mod_fcgid.%{version}
%{__cp} -p %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE6} %{SOURCE7} .
%{__cp} -p %{SOURCE5} directives.htm
%patch0 -p1
%{__sed} -i -e 's/\r$//' directives.htm configuration.htm
%build
topdir=$(/usr/bin/dirname $(/usr/sbin/apxs -q exp_installbuilddir))
%{__make} top_dir=${topdir}
%if %{selinux_module}
for selinuxvariant in %{selinux_variants}
do
%{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
%{__mv} fastcgi.pp fastcgi.pp.${selinuxvariant}
%{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
done
%endif
%install
%{__rm} -rf %{buildroot}
topdir=$(/usr/bin/dirname $(/usr/sbin/apxs -q exp_installbuilddir))
%{__make} \
top_dir=${topdir} \
DESTDIR=%{buildroot} \
MKINSTALLDIRS="%{__mkdir_p}" \
install
%{__install} -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/httpd/conf.d/fcgid.conf
%{__install} -d -m 755 %{buildroot}%{_localstatedir}/run/mod_fcgid
# Install SELinux policy modules
%if %{selinux_module}
for selinuxvariant in %{selinux_variants}
do
%{__install} -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
%{__install} -p -m 644 fastcgi.pp.${selinuxvariant} \
%{buildroot}%{_datadir}/selinux/${selinuxvariant}/fastcgi.pp
done
# Hardlink identical policy module packages together
/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
%endif
%clean
%{__rm} -rf %{buildroot}
%if %{selinux_module}
%post selinux
# Install SELinux policy modules
for selinuxvariant in %{selinux_variants}
do
/usr/sbin/semodule -s ${selinuxvariant} -i \
%{_datadir}/selinux/${selinuxvariant}/fastcgi.pp &> /dev/null || :
done
# Fix up non-standard directory context
/sbin/restorecon %{_localstatedir}/run/mod_fcgid || :
%postun selinux
# Clean up after package removal
if [ $1 -eq 0 ]; then
# Remove SELinux policy modules
for selinuxvariant in %{selinux_variants}
do
/usr/sbin/semodule -s ${selinuxvariant} -r fastcgi &> /dev/null || :
done
# Clean up any remaining file contexts (shouldn't be any really)
[ -d %{_localstatedir}/run/mod_fcgid ] && \
/sbin/restorecon -R %{_localstatedir}/run/mod_fcgid &> /dev/null || :
fi
%endif
%files
%defattr(-,root,root,0755)
%doc ChangeLog AUTHOR COPYING configuration.htm directives.htm
%doc README.Fedora
%{_libdir}/httpd/modules/mod_fcgid.so
%config(noreplace) %{_sysconfdir}/httpd/conf.d/fcgid.conf
%dir %attr(0755,apache,apache) %{_localstatedir}/run/mod_fcgid
%if %{selinux_module}
%files selinux
%defattr(-,root,root,0755)
%doc fastcgi.fc fastcgi.te README.SELinux
%{_datadir}/selinux/*/fastcgi.pp
%endif
%changelog
* Tue Aug 29 2006 Paul Howarth <paul@city-fan.org> 1.10-6
- Buildreqs for FC5 now identical to buildreqs for FC6 onwards
* Fri Jul 28 2006 Paul Howarth <paul@city-fan.org> 1.10-5
- Split off SELinux module into separate subpackage to avoid dependency on
the selinux-policy package for the main package
* Fri Jul 28 2006 Paul Howarth <paul@city-fan.org> 1.10-4
- SELinux policy packages moved from %%{_datadir}/selinux/packages/POLICYNAME
to %%{_datadir}/selinux/POLICYNAME
- hardlink identical policy module packages together to avoid duplicate files
* Thu Jul 20 2006 Paul Howarth <paul@city-fan.org> 1.10-3
- Adjust buildreqs for FC6 onwards
- Figure out where top_dir is dynamically since the /etc/httpd/build
symlink is gone in FC6
* Wed Jul 5 2006 Paul Howarth <paul@city-fan.org> 1.10-2
- SELinux policy update: allow FastCGI apps to do DNS lookups
* Tue Jul 4 2006 Paul Howarth <paul@city-fan.org> 1.10-1
- Update to 1.10
- Expand tabs to shut rpmlint up
* Tue Jul 4 2006 Paul Howarth <paul@city-fan.org> 1.09-10
- SELinux policy update:
* allow httpd to read httpd_fastcgi_content_t without having the
httpd_builtin_scripting boolean set
* allow httpd_fastcgi_script_t to read /etc/resolv.conf without
having the httpd_can_network_connect boolean set
* Sun Jun 18 2006 Paul Howarth <paul@city-fan.org> 1.09-9
- Discard output of semodule in %%postun
- Include some documentation from upstream
* Fri Jun 9 2006 Paul Howarth <paul@city-fan.org> 1.09-8
- Change default context type for socket directory from var_run_t to
httpd_fastcgi_sock_t for better separation
* Thu Jun 8 2006 Paul Howarth <paul@city-fan.org> 1.09-7
- Add SELinux policy module and README.Fedora
- Conflict with selinux-policy versions older than what we're built on
* Mon May 15 2006 Paul Howarth <paul@city-fan.org> 1.09-6
- Instead of conflicting with mod_fastcgi, don't add the handler for .fcg etc.
if mod_fastcgi is present
* Fri May 12 2006 Paul Howarth <paul@city-fan.org> 1.09-5
- Use correct handler name in fcgid.conf
- Conflict with mod_fastcgi
- Create directory %%{_localstatedir}/run/mod_fcgid for sockets
* Thu May 11 2006 Paul Howarth <paul@city-fan.org> 1.09-4
- Cosmetic tweaks (personal preferences)
- Don't include INSTALL.TXT, nothing of use to end users
* Wed May 10 2006 Thomas Antony <thomas@antony.eu> 1.09-3
- Initial release

1
sources
View File

@ -0,0 +1 @@
6c36b18548ca64864ed3dd4cb759062f mod_fcgid.1.10.tar.gz