import mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611

.gitignore

@@ -0,0 +1 @@
+SOURCES/mod_md-2.0.8.tar.gz

.mod_md.metadata

@@ -0,0 +1 @@
+6cec32070c6fd83701be0874a2d8b4f30d929d03 SOURCES/mod_md-2.0.8.tar.gz

SOURCES/a2md.xml

@@ -0,0 +1,418 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+
+]>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<refentry>
+  <refentryinfo>
+    <title>a2md</title>
+    <productname>mod_md</productname>
+    <author><contrib>Author</contrib><surname>Eissing</surname><firstname>Stefan</firstname><email>stefan.eissing@greenbytes.de</email></author>
+    <author><contrib>Documentation</contrib><surname>Uhliarik</surname><firstname>Lubos</firstname><email>luhliari@redhat.com</email></author>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>a2md</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+  
+  <refnamediv>
+    <refname>a2md</refname>
+    <refpurpose>Show and manipulate Apache Managed Domains</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>a2md</command>
+      <arg choice="opt">options</arg>
+      <group choice="req">
+        <arg choice="plain">acme</arg>
+        <arg choice="plain">add</arg>
+        <arg choice="plain">update</arg>
+        <arg choice="plain">drive</arg>
+        <arg choice="plain">list</arg>
+        <arg choice="plain">store</arg>
+      </group>
+      <arg choice="opt">cmd options</arg>
+      <arg choice="opt">args</arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+  
+  <refsect1>
+    <title>Description</title>
+    <para>
+    The a2md utility can be used to configure and update managed domains with
+    the mod_md module for Apache HTTP Server. Managed Domains are virtual hosts
+    which automatically obtain and renew TLS certificates from an ACME server.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>Options</title>
+    
+    <variablelist>
+       <varlistentry>
+          <term>
+             <option>-a</option> <replaceable>arg</replaceable>, 
+             <option>--acme</option> <replaceable>arg</replaceable>
+          </term>
+          <listitem><simpara>The url of the ACME server directory</simpara></listitem>
+       </varlistentry>
+       
+       <varlistentry>
+          <term>
+             <option>-d</option> <replaceable>arg</replaceable>, 
+             <option>--dir</option> <replaceable>arg</replaceable>
+          </term>
+          <listitem><simpara>Directory for file data</simpara></listitem>
+       </varlistentry>
+       
+       <varlistentry>
+          <term>
+             <option>-h</option>, 
+             <option>--help</option>
+          </term>
+          <listitem><simpara>Print usage information</simpara></listitem>
+       </varlistentry>
+       
+       <varlistentry>
+          <term>
+             <option>-j</option>, 
+             <option>--json</option>
+          </term>
+          <listitem><simpara>Produce JSON output</simpara></listitem>
+       </varlistentry>
+       
+       <varlistentry>
+          <term>
+             <option>-p</option> <replaceable>arg</replaceable>, 
+             <option>--proxy</option> <replaceable>arg</replaceable>
+          </term>
+          <listitem><simpara>Use the HTTP proxy url</simpara></listitem>
+       </varlistentry>
+
+       <varlistentry>
+          <term>
+             <option>-q</option>, 
+             <option>--quiet</option>
+          </term>
+          <listitem><simpara>Produce less output</simpara></listitem>
+       </varlistentry>
+       
+       <varlistentry>
+          <term>
+             <option>-t</option> <replaceable>arg</replaceable>, 
+             <option>--terms</option> <replaceable>arg</replaceable>
+          </term>
+          <listitem><simpara>You agree to the terms of services (url)</simpara></listitem>
+       </varlistentry>
+       
+       <varlistentry>
+          <term>
+             <option>-v</option>, 
+             <option>--verbose</option>
+          </term>
+          <listitem><simpara>Produce more output</simpara></listitem>
+       </varlistentry>
+       
+       <varlistentry>
+          <term>
+             <option>-V</option>, 
+             <option>--version</option>
+          </term>
+          <listitem><simpara>Print version</simpara></listitem>
+       </varlistentry>
+    </variablelist>
+
+  <refsect2>
+    <title>ACME server commands</title>
+    <cmdsynopsis>
+      <command>a2md acme</command>
+      <group choice="req">
+        <arg choice="plain">newreg</arg>
+        <arg choice="plain">delreg</arg>
+        <arg choice="plain">agree</arg>
+        <arg choice="plain">authz</arg>
+        <arg choice="plain">validate</arg>
+      </group>
+      <arg choice="opt">opts</arg>
+      <arg choice="opt">args</arg>
+    </cmdsynopsis>
+
+    <para>
+    Play with the ACME server. For most of the commands you need to specify 
+    the url of the ACME server directory.
+    </para>
+    
+    <refsect3>
+      <title>newreg</title>
+      <cmdsynopsis>
+          <command>newreg</command>
+	  <arg choice="plain"><replaceable>contact-uri</replaceable></arg>
+	  <arg choice="opt">contact-uri...</arg> 
+      </cmdsynopsis>
+      <para>Register a new account at ACME server with given <replaceable>contact-uri</replaceable> (email)</para>
+    </refsect3>
+ 
+    <refsect3>
+      <title>delreg</title>
+      <cmdsynopsis>
+          <command>delreg</command>
+	  <arg choice="plain"><replaceable>account</replaceable></arg>
+      </cmdsynopsis>
+      <para>Delete an existing ACME <replaceable>account</replaceable></para>
+    </refsect3>
+
+    <refsect3>
+      <title>agree</title>
+      <cmdsynopsis>
+          <command>agree</command>
+          <arg choice="plain"><replaceable>account</replaceable></arg>
+      </cmdsynopsis>
+      <para>Agree to ACME terms of service</para>
+    </refsect3>
+    
+    <refsect3>
+      <title>authz</title>
+      <cmdsynopsis>
+          <command>authz</command>
+          <arg choice="plain"><replaceable>account</replaceable></arg>
+          <arg choice="plain"><replaceable>domain</replaceable></arg>
+      </cmdsynopsis>
+      <para>Request a new authorization for an <replaceable>account</replaceable> and 
+      <replaceable>domain</replaceable></para>
+    </refsect3>
+    
+    <refsect3>
+      <title>validate</title>
+      <cmdsynopsis>
+          <command>validate</command>
+          <arg choice="plain"><replaceable>account</replaceable></arg>
+      </cmdsynopsis>
+      <para>Validate <replaceable>account</replaceable> existence</para>
+    </refsect3>
+  </refsect2>
+
+  <refsect2>
+    <title>Managed domain addition</title>
+    <cmdsynopsis>
+      <command>a2md add</command>
+      <arg choice="opt">opts</arg>
+      <arg choice="plain"><replaceable>domain</replaceable></arg>
+      <arg choice="opt">domain...</arg>
+    </cmdsynopsis>
+
+    <para>
+    Adds a new managed domain. Must not overlap with existing domains.
+    </para>
+  </refsect2>
+
+  <refsect2>
+    <title>Updating managed domain</title>
+    <cmdsynopsis>
+      <command>a2md update</command>
+      <arg choice="plain"><replaceable>name</replaceable></arg>
+      <arg choice="opt">opts</arg>
+      <group choice="req">
+        <arg choice="plain">domains</arg>
+        <arg choice="plain">ca</arg>
+        <arg choice="plain">account</arg>
+        <arg choice="plain">contacts</arg>
+        <arg choice="plain">agreement</arg>
+      </group>
+    </cmdsynopsis>
+
+    <para>
+    Update a managed domain's properties, where <replaceable>name</replaceable> belongs to managed domain which
+    will be updated.
+    </para>
+
+    <para>URL of ACME server can be also updated if <option>-a</option>|
+    <option>--acme</option> option is present.</para>
+
+    <refsect3>
+      <title>domains</title>
+      <cmdsynopsis>
+          <command>domains</command>
+	  <arg choice="plain"><replaceable>dname</replaceable></arg>
+	  <arg choice="opt">dname...</arg> 
+      </cmdsynopsis>
+      <para>Update domain where <replaceable>dname</replaceable> is domain name which will be updated.</para>
+    </refsect3>
+ 
+    <refsect3>
+      <title>ca</title>
+      <cmdsynopsis>
+          <command>ca</command>
+	  <arg choice="plain"><replaceable>url</replaceable></arg>
+          <arg choice="opt">proto</arg>
+      </cmdsynopsis>
+      <para>The <replaceable>URL</replaceable> where the CA offers its service.</para>
+      <para>Currently only ACME (LetsEncrypt) <replaceable>proto</replaceable> is implemented.</para>
+    </refsect3>
+
+    <refsect3>
+      <title>account</title>
+      <cmdsynopsis>
+          <command>account</command>
+      </cmdsynopsis>
+      <para>Account name on corresponding ACME server.</para>
+    </refsect3>
+
+    <refsect3>
+      <title>contacts</title>
+      <cmdsynopsis>
+          <command>contacts</command>
+          <arg choice="plain"><replaceable>email</replaceable></arg>
+	  <arg choice="opt">email...</arg> 
+      </cmdsynopsis>
+      <para>Contact address which will be used by ACME server to inform about renewals or changed terms of service.</para>
+    </refsect3>
+
+    <refsect3>
+      <title>agreement</title>
+      <cmdsynopsis>
+          <command>agreement</command>
+          <arg choice="plain"><replaceable>URI</replaceable></arg>
+      </cmdsynopsis>
+      <para>URI pointing to terms of service of ACME server.</para>
+    </refsect3>
+  </refsect2>
+
+  <refsect2>
+    <title>Drive managed domains</title>
+    <cmdsynopsis>
+      <command>a2md drive</command>
+      <arg choice="opt">md...</arg>
+      <arg choice="opt">options...</arg>
+    </cmdsynopsis>
+
+    <para>
+    Drive all or the mentioned managed domains toward completeness
+    </para>
+    <refsect3>
+      <title>Options</title>
+      <variablelist>
+       <varlistentry>
+          <term>
+             <option>-c</option> <replaceable>arg</replaceable>, 
+             <option>--challenge</option> <replaceable>arg</replaceable>
+          </term>
+          <listitem><simpara>Which challenge type to use</simpara></listitem>
+       </varlistentry>
+       <varlistentry>
+          <term>
+             <option>-f</option>, 
+             <option>--force</option>
+          </term>
+          <listitem><simpara>Force driving the managed domain, even when it seems valid</simpara></listitem>
+       </varlistentry>
+       <varlistentry>
+          <term>
+             <option>-r</option>, 
+             <option>--reset</option>
+          </term>
+          <listitem><simpara>Reset any staging data for the managed domain</simpara></listitem>
+       </varlistentry>
+    </variablelist>
+    </refsect3>
+  </refsect2>
+
+  <refsect2>
+    <title>List managed domamins</title>
+    <cmdsynopsis>
+      <command>a2md list</command>
+    </cmdsynopsis>
+
+    <para>
+    List all managed domains
+    </para>
+  </refsect2>
+
+  <refsect2>
+    <title>Manipulating MD store</title>
+    <cmdsynopsis>
+      <command>a2md store</command>
+      <group choice="req">
+        <arg choice="plain">add</arg>
+        <arg choice="plain">remove</arg>
+        <arg choice="plain">list</arg>
+        <arg choice="plain">update</arg>
+      </group>
+      <arg choice="opt">opts</arg>
+      <arg choice="opt">args</arg>
+    </cmdsynopsis>
+
+    <para>
+    Manipulate the MD store
+    </para>
+    
+    <refsect3>
+      <title>add</title>
+      <cmdsynopsis>
+          <command>add</command>
+          <arg choice="plain"><replaceable>dns</replaceable></arg>
+	  <arg choice="opt">dns2...</arg>
+      </cmdsynopsis>
+      <para>Add a new managed domain <replaceable>dns</replaceable> with all the additional domain names</para>
+    </refsect3>
+
+    <refsect3>
+      <title>remove</title>
+      <cmdsynopsis>
+          <command>remove</command>
+          <arg choice="opt">-f | --force</arg>
+          <arg choice="plain"><replaceable>name</replaceable></arg>
+          <arg choice="opt"><replaceable>name...</replaceable></arg>
+      </cmdsynopsis>
+      <para>Remove the managed domains <replaceable>name</replaceable> from the store</para>
+      <para>When <option>-f</option> or <option>--force</option> option is specified, force managed domain removal - be silent about missing domains</para>
+    </refsect3>
+    <refsect3>
+      <title>list</title>
+      <cmdsynopsis>
+          <command>list</command>
+      </cmdsynopsis>
+      <para>List all managed domains in the store</para>
+    </refsect3>
+    <refsect3>
+      <title>update</title>
+      <cmdsynopsis>
+          <command>update</command>
+          <arg choice="plain"><replaceable>name</replaceable></arg>
+          <arg choice="opt">
+          <arg choice="plain">domains</arg>
+          <arg choice="plain"><replaceable>dname</replaceable></arg>
+          <arg choice="opt"><replaceable>dname...</replaceable></arg>
+          </arg>
+      </cmdsynopsis>
+      <para>If <option>domains</option> cmd is specified followed by one or 
+      more domains, MD store will be updated with those domains.</para>
+      <para>URL of ACME server can be also updated if <option>-a</option>|
+      <option>--acme</option> option is present.</para>
+    </refsect3>
+  </refsect2>
+ </refsect1>
+
+</refentry>
+
+<!-- LocalWords:  a2md
+-->

SOURCES/mod_md-2.0.8-duptrim-seg.patch

@@ -0,0 +1,13 @@
+diff --git a/src/md_result.c b/src/md_result.c
+index 4076d5b..0e0b688 100644
+--- a/src/md_result.c
++++ b/src/md_result.c
+@@ -32,7 +32,7 @@
+ static const char *dup_trim(apr_pool_t *p, const char *s)
+ {
+     char *d = apr_pstrdup(p, s);
+-    apr_collapse_spaces(d, d);
++    if (d) apr_collapse_spaces(d, d);
+     return d;
+ }
+ 

SOURCES/mod_md-2.0.8-state_dir.patch

@@ -0,0 +1,23 @@
+
+Enable state_dir support for 2.4.x.
+
+--- mod_md-2.0.8/src/mod_md_config.c.state_dir
++++ mod_md-2.0.8/src/mod_md_config.c
+@@ -44,7 +44,7 @@
+ /* Default settings for the global conf */
+ static md_mod_conf_t defmc = {
+     NULL,                      /* list of mds */
+-#if AP_MODULE_MAGIC_AT_LEAST(20180906, 2)
++#if 1
+     NULL,                      /* base dir by default state-dir-relative */
+ #else
+     MD_DEFAULT_BASE_DIR,
+@@ -898,7 +898,7 @@
+         mc->hsts_header = apr_psprintf(p, "max-age=%d", mc->hsts_max_age);
+     }
+     
+-#if AP_MODULE_MAGIC_AT_LEAST(20180906, 2)
++#if 1
+     if (mc->base_dir == NULL) {
+         mc->base_dir = ap_state_dir_relative(p, MD_DEFAULT_BASE_DIR);
+     }

SOURCES/mod_md-2.0.8-tolerate-missing-res.patch

@@ -0,0 +1,22 @@
+diff --git a/src/md_acme.c b/src/md_acme.c
+index d2cc00a..005a387 100644
+--- a/src/md_acme.c
++++ b/src/md_acme.c
+@@ -728,8 +728,15 @@ static apr_status_t update_directory(const md_http_response_t *res)
+         acme->api.v2.revoke_cert = md_json_dups(acme->p, json, "revokeCert", NULL);
+         acme->api.v2.key_change = md_json_dups(acme->p, json, "keyChange", NULL);
+         acme->api.v2.new_nonce = md_json_dups(acme->p, json, "newNonce", NULL);
+-        if (acme->api.v2.new_account && acme->api.v2.new_order 
+-            && acme->api.v2.revoke_cert && acme->api.v2.key_change
++        /* RFC 8555 only requires "directory" and "newNonce" resources.
++         * mod_md uses "newAccount" and "newOrder" so check for them.
++         * But mod_md does not use the "revokeCert" or "keyChange"
++         * resources, so tolerate the absense of those keys.  In the
++         * future if mod_md implements revocation or key rollover then
++         * the use of those features should be predicated on the
++         * server's advertised capabilities. */
++        if (acme->api.v2.new_account
++            && acme->api.v2.new_order
+             && acme->api.v2.new_nonce) {
+             acme->version = MD_ACME_VERSION_2;
+         }

SPECS/mod_md.spec

@@ -0,0 +1,99 @@
+# Module Magic Numberfa
+%{!?_httpd_mmn: %global _httpd_mmn %(cat %{_includedir}/httpd/.mmn 2>/dev/null || echo 0-0)}
+
+Name:           mod_md
+Version:        2.0.8
+Release:        8%{?dist}
+Summary:        Certificate provisioning using ACME for the Apache HTTP Server
+License:        ASL 2.0
+URL:            https://icing.github.io/mod_md/
+Source0:        https://github.com/icing/mod_md/releases/download/v%{version}/mod_md-%{version}.tar.gz
+# documentation
+Source10:       a2md.xml
+Patch1:         mod_md-2.0.8-state_dir.patch
+Patch2:         mod_md-2.0.8-duptrim-seg.patch
+Patch3:         mod_md-2.0.8-tolerate-missing-res.patch
+BuildRequires:  gcc
+BuildRequires:  pkgconfig, httpd-devel >= 2.4.37, openssl-devel >= 1.1.0, jansson-devel, libcurl-devel
+BuildRequires:  xmlto
+Requires:       httpd-mmn = %{_httpd_mmn}, mod_ssl >= 1:2.4.37-17
+Conflicts:      httpd < 2.4.37-17
+Epoch:          1
+
+%description
+This module manages common properties of domains for one or more
+virtual hosts. Specifically it can use the ACME protocol to automate
+certificate provisioning.  Certificates will be configured for managed
+domains and their virtual hosts automatically, including at renewal.
+
+%prep
+%setup -q
+%patch1 -p1 -b .state_dir
+%patch2 -p1 -b .dup_trim
+%patch3 -p1 -b .tol_missing_res
+
+xmlto man $RPM_SOURCE_DIR/a2md.xml
+
+%build
+%configure
+# remove rpath
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+
+%make_build V=1
+
+%check
+%make_build check
+
+%install
+%make_install
+rm -rf %{buildroot}/etc/httpd/share/doc/
+
+# remove links and rename SO files
+rm -f %{buildroot}%{_httpd_moddir}/mod_md.so
+mv %{buildroot}%{_httpd_moddir}/mod_md.so.0.0.0 %{buildroot}%{_httpd_moddir}/mod_md.so
+
+# create configuration
+mkdir -p %{buildroot}%{_httpd_modconfdir}
+echo "LoadModule md_module modules/mod_md.so" > %{buildroot}%{_httpd_modconfdir}/01-md.conf
+
+# Install man pages
+install -d $RPM_BUILD_ROOT%{_mandir}/man1
+install -m 644 -p a2md.1 $RPM_BUILD_ROOT%{_mandir}/man1
+
+%files
+%doc README.md ChangeLog AUTHORS
+%license LICENSE
+%config(noreplace) %{_httpd_modconfdir}/01-md.conf
+%{_httpd_moddir}/mod_md.so
+%{_bindir}/a2md
+%{_mandir}/man1/*
+
+%changelog
+* Thu May 28 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:2.0.8-8
+- Resolves: #1832844 - mod_md does not work with ACME server that does not
+  provide keyChange or revokeCert resources
+
+* Wed Jan 22 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:2.0.8-7
+- Resolves: #1747912 - add a2md(1) documentation
+
+* Mon Dec 09 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:2.0.8-6
+- Resolves: #1781263 - mod_md ACMEv1 crash
+
+* Thu Oct 03 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:2.0.8-5
+- Resolves: #1747898 - add mod_md package
+
+* Fri Aug 30 2019 Joe Orton <jorton@redhat.com> - 1:2.0.8-4
+- require mod_ssl, update package description
+
+* Fri Aug 30 2019 Joe Orton <jorton@redhat.com> - 1:2.0.8-3
+- rebuild against 2.4.41
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.0.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Jul 12 2019 Joe Orton <jorton@redhat.com> - 1:2.0.8-1
+- update to 2.0.8
+
+* Tue Jun 11 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.0.3-1
+- Initial import (#1719248).