reinit the tree, so we can have metadata

4 files changed, 300 insertions, 0 deletions

diff --git a/www-apache/mod_nss/Manifest b/www-apache/mod_nss/Manifest
new file mode 100644
index 000000000000..436ed7ab593a
--- /dev/null
+++ b/www-apache/mod_nss/Manifest
@@ -0,0 +1,6 @@
+AUX 47_mod_nss.conf 8849 SHA256 78f48475b21bd8a5b1304c8bd14437a0e92e9a8b6ffbe7ecd243f83d37da8342 SHA512 d3ff614e17afea1cb0c5e451ba53cf5bb1c0d5c0ee6017fdecba0e976262376e36b5556b2d08cb131ebfdd795cfe4a6736dabda99059fc40aeff63a1c4d37a23 WHIRLPOOL 6e9e4fbc61620aa98d8817e1b3b3c5d2b972f19d6e9ad9ecdf34e4ffe503839f532094d120c872a1eff49e2daa3d5f1e7f4756daa26c7561d7ca694b676d93e4
+DIST mod_nss-1.0.12.tar.gz 171657 SHA256 6a206d85c8c772eb9f424aaf5774b69c235af869d54cc8f45018ec82e1b89404 SHA512 f3217f34a20818aea571e17529130290082933b32386a868c8c7f24eb3166bbace4f64d7d73a850c944e54f74342179fff6b9d8af824e0225feeb993aea1d99a WHIRLPOOL df692da1478c86feab7005498b3f0cf24136b210bef3ea25790e4fc6613690e61f9a9485ce11f5f2ec0f931702a9db08a4fafa286bf37fa0f0df6c1df224270b
+EBUILD mod_nss-1.0.12-r1.ebuild 1265 SHA256 a25d61743068c8f054e1a0e60ab2f0b1b5caaf67c036992134f53f3b746f310d SHA512 a6bb433412f9e2149899516143af205b302c4e6f66c9273122275926f728d9b9bb0b77fa3e1f8d9796a221e568766514c05c15262477e54c45e992a17b15f341 WHIRLPOOL 3e8d0ff6baa3c161a7c2b984f1ff4414f6a4cd1fd7410f0cdf0b6d3376315b4708dc36ec85b5081f1257f325ca3fd66d0ee1f6fc288ff8b3b815ae3a638c015c
+MISC ChangeLog 3118 SHA256 338ec89b09af79b3f1424cf61c5262ab2aa4eaaa74d1e4214fdd20576f7efd8e SHA512 860a1d9ece12d7ec949674e410448b353d4374894d09424fc390018603062afa87ee7f7c5598e4ee391a4dcb261ee7a8543379b14ceb48e60905777f17d58a88 WHIRLPOOL c015d3d59086a7c1ff5206cc6aa3a174410455808734b9d559af2d6c1041b49e459cd41fbc6c80dfaaba940f91f0e44ffec980d4caf68990aefd13c952c5495e
+MISC ChangeLog-2015 1398 SHA256 9cac80aa71d93ddf40030c5ff992553fbb48eeaad5c6730f84ede2db36cf2561 SHA512 1d7744a8e013d42b62561fda6b3815d831e45621bef0c4f347f029550d2ac2a3821a317585a58ae65c3c67d0efeeab2795b7e72afc706f4f3a5cabdf6e790c1e WHIRLPOOL d4a624e2fcc3d3d5679e662429cfb57a5a6cc213b0043ec5351899d9ef23680f02841a1dc4751b5cfddb37aea452e0b50b0e38ef6840004e8c5bbcc8f4b4159c
+MISC metadata.xml 240 SHA256 f996bc17094f612e659dcbe2d91be2d7fe5c7cfbf3b5ee7060d6adf3aff22cdd SHA512 12bc0c58114b3c377663bdbfadf973193f074b46bfa51fad44b6ace89c757e07a7bfa1e41cbc1904151e7fd35c7ffe63b7a2083e11f313de136ba58017d21b86 WHIRLPOOL afe38be63cfac552eb3662d4a555dd43bf0ed3fb421a7b5bd53abf0228b7c18ec1d347f4e12d2d085dfbbf5d19e7a0ace0373980c420b2ba3a7f9bc3ce93b934
diff --git a/www-apache/mod_nss/files/47_mod_nss.conf b/www-apache/mod_nss/files/47_mod_nss.conf
new file mode 100644
index 000000000000..731f61c03b35
--- /dev/null
+++ b/www-apache/mod_nss/files/47_mod_nss.conf
@@ -0,0 +1,224 @@
+#
+# This is the Apache server configuration file providing SSL support using.
+# the mod_nss plugin.  It contains the configuration directives to instruct
+# the server how to serve pages over an https connection.
+# 
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+
+<IfDefine NSS>
+        LoadModule nss_module  modules/mod_nss.so
+</IfDefine>
+
+<IfModule mod_nss.c>
+#
+# When we also provide SSL we have to listen to the 
+# standard HTTP port (see above) and to the HTTPS port
+#
+# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
+#       Listen directives: "Listen [::]:8443" and "Listen 0.0.0.0:8443"
+#
+Listen 8443
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#
+#   Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl    .crl
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+NSSPassPhraseDialog  builtin
+
+
+#   Pass Phrase Helper:
+#   This helper program stores the token password pins between
+#   restarts of Apache.
+NSSPassPhraseHelper /usr/sbin/nss_pcache
+
+#   Configure the SSL Session Cache. 
+#   NSSSessionCacheSize is the number of entries in the cache.
+#   NSSSessionCacheTimeout is the SSL2 session timeout (in seconds).
+#   NSSSession3CacheTimeout is the SSL3/TLS session timeout (in seconds).
+NSSSessionCacheSize 10000
+NSSSessionCacheTimeout 100
+NSSSession3CacheTimeout 86400
+
+#
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. Those platforms usually also provide a non-blocking
+# device, /dev/urandom, which may be used instead.
+#
+# This does not support seeding the RNG with each connection.
+
+NSSRandomSeed startup builtin
+#NSSRandomSeed startup file:/dev/random  512
+#NSSRandomSeed startup file:/dev/urandom 512
+
+</IfModule>
+
+
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1
+#	include -D NSS_EXAMPLE if you have
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1
+
+
+<IfDefine NSS_EXAMPLE>
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:8443>
+
+#   General setup for the virtual host
+DocumentRoot "/var/www/localhost/htdocs"
+ServerName localhost:8443
+ServerAdmin you@example.com>
+
+
+# Include vhosts.d/default_vhost.include
+
+
+
+# mod_nss can log to separate log files, you can choose to do that if you'd like
+# LogLevel is not inherited from httpd.conf.
+ErrorLog /var/log/apache2/nss_error_log
+TransferLog var/log/apache2/access_log
+LogLevel debug
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+NSSEngine on
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_nss documentation for a complete list.
+
+# SSL 3 ciphers. SSL 2 is disabled by default.
+#NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
+
+# SSL 3 ciphers + ECC ciphers. SSL 2 is disabled by default.
+#
+# Comment out the NSSCipherSuite line above and use the one below if you have
+# ECC enabled NSS and mod_nss and want to use Elliptical Curve Cryptography
+NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha
+
+NSSProtocol SSLv3,TLSv1
+
+#   SSL Certificate Nickname:
+#   The nickname of the RSA server certificate you are going to use.
+NSSNickname Server-Cert
+
+#   SSL Certificate Nickname:
+#   The nickname of the ECC server certificate you are going to use, if you
+#   have an ECC-enabled version of NSS and mod_nss
+#NSSECCNickname Server-Cert-ecc
+
+#   Server Certificate Database:
+#   The NSS security database directory that holds the certificates and
+#   keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
+#   Provide the directory that these files exist.
+NSSCertificateDatabase /etc/apache2/nss/
+
+#   Database Prefix:
+#   In order to be able to store multiple NSS databases in one directory
+#   they need unique names. This option sets the database prefix used for
+#   cert8.db and key3.db.
+#NSSDBPrefix my-prefix-
+
+#   Client Authentication (Type):
+#   Client certificate verification type.  Types are none, optional and
+#   require.
+NSSVerifyClient none
+
+#
+#   Online Certificate Status Protocol (OCSP).
+#   Verify that certificates have not been revoked before accepting them.
+NSSOCSP off
+
+#
+#   Use a default OCSP responder. If enabled this will be used regardless
+#   of whether one is included in a client certificate. Note that the
+#   server certificate is verified during startup.
+#
+#   NSSOCSPDefaultURL defines the service URL of the OCSP responder
+#   NSSOCSPDefaultName is the nickname of the certificate to trust to
+#       sign the OCSP responses.
+#NSSOCSPDefaultResponder on
+#NSSOCSPDefaultURL http://example.com/ocsp/status
+#NSSOCSPDefaultName ocsp-nickname
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_nss documentation
+#   for more details.
+#<Location />
+#NSSRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "NSSRequireSSL" or "NSSRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#NSSOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    NSSOptions +StdEnvVars
+</Files>
+<Directory "/usr/cgi-bin">
+    NSSOptions +StdEnvVars
+</Directory>
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+#CustomLog /home/rcrit/redhat/apache/logs/ssl_request_log \
+#          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>                                  
+
+</IfDefine>
diff --git a/www-apache/mod_nss/metadata.xml b/www-apache/mod_nss/metadata.xml
new file mode 100644
index 000000000000..e88185d1d141
--- /dev/null
+++ b/www-apache/mod_nss/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<!-- maintainer-needed -->
+<use>
+	<flag name="ecc">enable Elliptical Curve Cyptography</flag>
+</use>
+</pkgmetadata>
diff --git a/www-apache/mod_nss/mod_nss-1.0.12-r1.ebuild b/www-apache/mod_nss/mod_nss-1.0.12-r1.ebuild
new file mode 100644
index 000000000000..551b08179f36
--- /dev/null
+++ b/www-apache/mod_nss/mod_nss-1.0.12-r1.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit autotools apache-module eutils
+
+DESCRIPTION="SSL/TLS module for the Apache HTTP server"
+HOMEPAGE="https://fedorahosted.org/mod_nss/"
+SRC_URI="https://fedorahosted.org/released/mod_nss/${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+ecc"
+
+DEPEND="
+	>=dev-libs/nspr-4.6.4
+	>=dev-libs/nss-3.11.4
+	sys-apps/sed
+	virtual/pkgconfig
+"
+RDEPEND="
+	>=dev-libs/nspr-4.6.4
+	>=dev-libs/nss-3.11.4
+	net-dns/bind-tools
+"
+
+APACHE2_MOD_CONF="47_${PN}"
+APACHE2_MOD_DEFINE="NSS"
+
+DOCFILES="NOTICE README"
+
+need_apache2
+
+src_prepare() {
+	default
+
+	# setup proper exec name
+	sed -i -e 's/certutil/nsscertutil/' gencert.in || die "sed failed"
+	eautoreconf
+}
+
+src_configure() {
+	econf $(use_enable ecc) --with-apxs=${APXS}
+}
+
+src_compile() {
+	# default src_compile fails:
+	# In file included from mod_nss.c:16:0:
+	# mod_nss.h:51:18: fatal error: nspr.h: No such file or directory
+	emake
+}
+
+src_install() {
+	# override broken build system
+	mv .libs/libmodnss.so .libs/"${PN}".so || die "cannot move lib"
+	dosbin gencert nss_pcache
+	dodoc docs/mod_nss.html
+	newbin migrate.pl nss_migrate
+	dodir /etc/apache2/nss
+	apache-module_src_install
+}