diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /www-apache/mod_nss |
reinit the tree, so we can have metadata
Diffstat (limited to 'www-apache/mod_nss')
-rw-r--r-- | www-apache/mod_nss/Manifest | 6 | ||||
-rw-r--r-- | www-apache/mod_nss/files/47_mod_nss.conf | 224 | ||||
-rw-r--r-- | www-apache/mod_nss/metadata.xml | 8 | ||||
-rw-r--r-- | www-apache/mod_nss/mod_nss-1.0.12-r1.ebuild | 62 |
4 files changed, 300 insertions, 0 deletions
diff --git a/www-apache/mod_nss/Manifest b/www-apache/mod_nss/Manifest new file mode 100644 index 000000000000..436ed7ab593a --- /dev/null +++ b/www-apache/mod_nss/Manifest @@ -0,0 +1,6 @@ +AUX 47_mod_nss.conf 8849 SHA256 78f48475b21bd8a5b1304c8bd14437a0e92e9a8b6ffbe7ecd243f83d37da8342 SHA512 d3ff614e17afea1cb0c5e451ba53cf5bb1c0d5c0ee6017fdecba0e976262376e36b5556b2d08cb131ebfdd795cfe4a6736dabda99059fc40aeff63a1c4d37a23 WHIRLPOOL 6e9e4fbc61620aa98d8817e1b3b3c5d2b972f19d6e9ad9ecdf34e4ffe503839f532094d120c872a1eff49e2daa3d5f1e7f4756daa26c7561d7ca694b676d93e4 +DIST mod_nss-1.0.12.tar.gz 171657 SHA256 6a206d85c8c772eb9f424aaf5774b69c235af869d54cc8f45018ec82e1b89404 SHA512 f3217f34a20818aea571e17529130290082933b32386a868c8c7f24eb3166bbace4f64d7d73a850c944e54f74342179fff6b9d8af824e0225feeb993aea1d99a WHIRLPOOL df692da1478c86feab7005498b3f0cf24136b210bef3ea25790e4fc6613690e61f9a9485ce11f5f2ec0f931702a9db08a4fafa286bf37fa0f0df6c1df224270b +EBUILD mod_nss-1.0.12-r1.ebuild 1265 SHA256 a25d61743068c8f054e1a0e60ab2f0b1b5caaf67c036992134f53f3b746f310d SHA512 a6bb433412f9e2149899516143af205b302c4e6f66c9273122275926f728d9b9bb0b77fa3e1f8d9796a221e568766514c05c15262477e54c45e992a17b15f341 WHIRLPOOL 3e8d0ff6baa3c161a7c2b984f1ff4414f6a4cd1fd7410f0cdf0b6d3376315b4708dc36ec85b5081f1257f325ca3fd66d0ee1f6fc288ff8b3b815ae3a638c015c +MISC ChangeLog 3118 SHA256 338ec89b09af79b3f1424cf61c5262ab2aa4eaaa74d1e4214fdd20576f7efd8e SHA512 860a1d9ece12d7ec949674e410448b353d4374894d09424fc390018603062afa87ee7f7c5598e4ee391a4dcb261ee7a8543379b14ceb48e60905777f17d58a88 WHIRLPOOL c015d3d59086a7c1ff5206cc6aa3a174410455808734b9d559af2d6c1041b49e459cd41fbc6c80dfaaba940f91f0e44ffec980d4caf68990aefd13c952c5495e +MISC ChangeLog-2015 1398 SHA256 9cac80aa71d93ddf40030c5ff992553fbb48eeaad5c6730f84ede2db36cf2561 SHA512 1d7744a8e013d42b62561fda6b3815d831e45621bef0c4f347f029550d2ac2a3821a317585a58ae65c3c67d0efeeab2795b7e72afc706f4f3a5cabdf6e790c1e WHIRLPOOL d4a624e2fcc3d3d5679e662429cfb57a5a6cc213b0043ec5351899d9ef23680f02841a1dc4751b5cfddb37aea452e0b50b0e38ef6840004e8c5bbcc8f4b4159c +MISC metadata.xml 240 SHA256 f996bc17094f612e659dcbe2d91be2d7fe5c7cfbf3b5ee7060d6adf3aff22cdd SHA512 12bc0c58114b3c377663bdbfadf973193f074b46bfa51fad44b6ace89c757e07a7bfa1e41cbc1904151e7fd35c7ffe63b7a2083e11f313de136ba58017d21b86 WHIRLPOOL afe38be63cfac552eb3662d4a555dd43bf0ed3fb421a7b5bd53abf0228b7c18ec1d347f4e12d2d085dfbbf5d19e7a0ace0373980c420b2ba3a7f9bc3ce93b934 diff --git a/www-apache/mod_nss/files/47_mod_nss.conf b/www-apache/mod_nss/files/47_mod_nss.conf new file mode 100644 index 000000000000..731f61c03b35 --- /dev/null +++ b/www-apache/mod_nss/files/47_mod_nss.conf @@ -0,0 +1,224 @@ +# +# This is the Apache server configuration file providing SSL support using. +# the mod_nss plugin. It contains the configuration directives to instruct +# the server how to serve pages over an https connection. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# + +<IfDefine NSS> + LoadModule nss_module modules/mod_nss.so +</IfDefine> + +<IfModule mod_nss.c> +# +# When we also provide SSL we have to listen to the +# standard HTTP port (see above) and to the HTTPS port +# +# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two +# Listen directives: "Listen [::]:8443" and "Listen 0.0.0.0:8443" +# +Listen 8443 + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# +# Some MIME-types for downloading Certificates and CRLs +# +AddType application/x-x509-ca-cert .crt +AddType application/x-pkcs7-crl .crl + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +NSSPassPhraseDialog builtin + + +# Pass Phrase Helper: +# This helper program stores the token password pins between +# restarts of Apache. +NSSPassPhraseHelper /usr/sbin/nss_pcache + +# Configure the SSL Session Cache. +# NSSSessionCacheSize is the number of entries in the cache. +# NSSSessionCacheTimeout is the SSL2 session timeout (in seconds). +# NSSSession3CacheTimeout is the SSL3/TLS session timeout (in seconds). +NSSSessionCacheSize 10000 +NSSSessionCacheTimeout 100 +NSSSession3CacheTimeout 86400 + +# +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the SSL library. +# The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. Those platforms usually also provide a non-blocking +# device, /dev/urandom, which may be used instead. +# +# This does not support seeding the RNG with each connection. + +NSSRandomSeed startup builtin +#NSSRandomSeed startup file:/dev/random 512 +#NSSRandomSeed startup file:/dev/urandom 512 + +</IfModule> + + +#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1 +# include -D NSS_EXAMPLE if you have +#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1 + + +<IfDefine NSS_EXAMPLE> + +## +## SSL Virtual Host Context +## + +<VirtualHost _default_:8443> + +# General setup for the virtual host +DocumentRoot "/var/www/localhost/htdocs" +ServerName localhost:8443 +ServerAdmin you@example.com> + + +# Include vhosts.d/default_vhost.include + + + +# mod_nss can log to separate log files, you can choose to do that if you'd like +# LogLevel is not inherited from httpd.conf. +ErrorLog /var/log/apache2/nss_error_log +TransferLog var/log/apache2/access_log +LogLevel debug + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +NSSEngine on + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_nss documentation for a complete list. + +# SSL 3 ciphers. SSL 2 is disabled by default. +#NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha + +# SSL 3 ciphers + ECC ciphers. SSL 2 is disabled by default. +# +# Comment out the NSSCipherSuite line above and use the one below if you have +# ECC enabled NSS and mod_nss and want to use Elliptical Curve Cryptography +NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha + +NSSProtocol SSLv3,TLSv1 + +# SSL Certificate Nickname: +# The nickname of the RSA server certificate you are going to use. +NSSNickname Server-Cert + +# SSL Certificate Nickname: +# The nickname of the ECC server certificate you are going to use, if you +# have an ECC-enabled version of NSS and mod_nss +#NSSECCNickname Server-Cert-ecc + +# Server Certificate Database: +# The NSS security database directory that holds the certificates and +# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. +# Provide the directory that these files exist. +NSSCertificateDatabase /etc/apache2/nss/ + +# Database Prefix: +# In order to be able to store multiple NSS databases in one directory +# they need unique names. This option sets the database prefix used for +# cert8.db and key3.db. +#NSSDBPrefix my-prefix- + +# Client Authentication (Type): +# Client certificate verification type. Types are none, optional and +# require. +NSSVerifyClient none + +# +# Online Certificate Status Protocol (OCSP). +# Verify that certificates have not been revoked before accepting them. +NSSOCSP off + +# +# Use a default OCSP responder. If enabled this will be used regardless +# of whether one is included in a client certificate. Note that the +# server certificate is verified during startup. +# +# NSSOCSPDefaultURL defines the service URL of the OCSP responder +# NSSOCSPDefaultName is the nickname of the certificate to trust to +# sign the OCSP responses. +#NSSOCSPDefaultResponder on +#NSSOCSPDefaultURL http://example.com/ocsp/status +#NSSOCSPDefaultName ocsp-nickname + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_nss documentation +# for more details. +#<Location /> +#NSSRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +#</Location> + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "NSSRequireSSL" or "NSSRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#NSSOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire +<Files ~ "\.(cgi|shtml|phtml|php3?)$"> + NSSOptions +StdEnvVars +</Files> +<Directory "/usr/cgi-bin"> + NSSOptions +StdEnvVars +</Directory> + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +#CustomLog /home/rcrit/redhat/apache/logs/ssl_request_log \ +# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + +</VirtualHost> + +</IfDefine> diff --git a/www-apache/mod_nss/metadata.xml b/www-apache/mod_nss/metadata.xml new file mode 100644 index 000000000000..e88185d1d141 --- /dev/null +++ b/www-apache/mod_nss/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<!-- maintainer-needed --> +<use> + <flag name="ecc">enable Elliptical Curve Cyptography</flag> +</use> +</pkgmetadata> diff --git a/www-apache/mod_nss/mod_nss-1.0.12-r1.ebuild b/www-apache/mod_nss/mod_nss-1.0.12-r1.ebuild new file mode 100644 index 000000000000..551b08179f36 --- /dev/null +++ b/www-apache/mod_nss/mod_nss-1.0.12-r1.ebuild @@ -0,0 +1,62 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit autotools apache-module eutils + +DESCRIPTION="SSL/TLS module for the Apache HTTP server" +HOMEPAGE="https://fedorahosted.org/mod_nss/" +SRC_URI="https://fedorahosted.org/released/mod_nss/${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+ecc" + +DEPEND=" + >=dev-libs/nspr-4.6.4 + >=dev-libs/nss-3.11.4 + sys-apps/sed + virtual/pkgconfig +" +RDEPEND=" + >=dev-libs/nspr-4.6.4 + >=dev-libs/nss-3.11.4 + net-dns/bind-tools +" + +APACHE2_MOD_CONF="47_${PN}" +APACHE2_MOD_DEFINE="NSS" + +DOCFILES="NOTICE README" + +need_apache2 + +src_prepare() { + default + + # setup proper exec name + sed -i -e 's/certutil/nsscertutil/' gencert.in || die "sed failed" + eautoreconf +} + +src_configure() { + econf $(use_enable ecc) --with-apxs=${APXS} +} + +src_compile() { + # default src_compile fails: + # In file included from mod_nss.c:16:0: + # mod_nss.h:51:18: fatal error: nspr.h: No such file or directory + emake +} + +src_install() { + # override broken build system + mv .libs/libmodnss.so .libs/"${PN}".so || die "cannot move lib" + dosbin gencert nss_pcache + dodoc docs/mod_nss.html + newbin migrate.pl nss_migrate + dodir /etc/apache2/nss + apache-module_src_install +} |