diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /www-servers/apache |
reinit the tree, so we can have metadata
Diffstat (limited to 'www-servers/apache')
-rw-r--r-- | www-servers/apache/Manifest | 22 | ||||
-rw-r--r-- | www-servers/apache/apache-2.2.31-r1.ebuild | 118 | ||||
-rw-r--r-- | www-servers/apache/apache-2.2.34.ebuild | 114 | ||||
-rw-r--r-- | www-servers/apache/apache-2.4.27-r1.ebuild | 238 | ||||
-rw-r--r-- | www-servers/apache/apache-2.4.27.ebuild | 238 | ||||
-rw-r--r-- | www-servers/apache/apache-2.4.28.ebuild | 238 | ||||
-rw-r--r-- | www-servers/apache/files/41_mod_http2.conf | 9 | ||||
-rw-r--r-- | www-servers/apache/files/apache-asf-httpoxy.patch | 20 | ||||
-rw-r--r-- | www-servers/apache/files/apache.conf | 2 | ||||
-rw-r--r-- | www-servers/apache/files/apache2.2-hardened.service | 27 | ||||
-rw-r--r-- | www-servers/apache/files/apache2.2.service | 19 | ||||
-rw-r--r-- | www-servers/apache/metadata.xml | 39 |
12 files changed, 1084 insertions, 0 deletions
diff --git a/www-servers/apache/Manifest b/www-servers/apache/Manifest new file mode 100644 index 000000000000..e670d46a07d4 --- /dev/null +++ b/www-servers/apache/Manifest @@ -0,0 +1,22 @@ +AUX 41_mod_http2.conf 189 SHA256 cd047b552a2d336a31316ca60472591992d6b2eac7bab4d8e6b50c3afa0b785e SHA512 3d56a24ea98bc3188e5d6f8e2e0148e4b718e04f23452e77750bca984c44fc7c3acd4521a945b4c415284d0a5dac0f7e846bb60daf70fe61ce2632e8fa201ed6 WHIRLPOOL 4ae759dca0656c61f737c6beaf752677377da90938754ad1b585df38f67f613aa6b68de2460a3be6e1d7ad3200f3b03ac9156b54f8ef607a96b758ff23c3893b +AUX apache-asf-httpoxy.patch 830 SHA256 5ea2bf7f64dfde9c8141578208fa9eb17702769a18eb5eb5e875bb1f44c425e8 SHA512 efa44896c55cb9a0c87d5c2fff3684e9d0bb949b3e9ca8cf15b1bffa1cafe1d4f85cff8bd949129c0b4e7123940cfe7fba06121a948b6938eef054bec4c5fb94 WHIRLPOOL 2fce1d8dc9dc0ea2e7afa4c93edd97e53c30e2a2d6d1faf2eb658ef86ccfb7260568ec1fcb10c11fc2921795cf4efa7aa2b98aab09642839441c2ade368c414a +AUX apache.conf 55 SHA256 ea616c5cc37979a006d69c51bda43fca15a4327d33175762652b29f5cdea1c7b SHA512 3a53beb7a283d17c14383f16ad14c0602681ac1b193cce8f5aca50ae9d9af3a71054ce4a9ab11cbcb72fe913459e1b306fd54660154e66afe10272f8c0f149f3 WHIRLPOOL fa348414f320a9f70001386dfb77d57ca4836c3ef3d251976077b7ad545d7f6752e534efadbf28c7dcb777388e3d844eba84b939dcf48881983388daf6ac23f0 +AUX apache2.2-hardened.service 970 SHA256 aaddbfb3953ad24b3714c54769df625d990833a24a075cfc0a10976c60dfa774 SHA512 c206e7103d592dcf4f2d62979a20f7ab3cc7ce357ffe3c06ae8137064c812b9727e01a53fd602a0a55a64ed609664061de680ff42329381db787e2dae9310c48 WHIRLPOOL 0dbec118e471363e84e00b6163ee6e7f7d9062d486523171da9c9df1f9eb3a7733bbc7262daa7f1ac9d47c1d4155d94ffd2f4b8d7905fa9372c1e275ea111b95 +AUX apache2.2.service 716 SHA256 e850ad73585fbba52ade58a39ca91adbfd52f56a0bbd426ebcadb340a7dcb62b SHA512 5f736c803772077598248bbb41f76dff396dfd2f11a60d1ba929a619275efb8c1b4c0dab78cbcdf83b9ec94db67b958b3333b01f67d71eb3b2e07dba4bca2a7c WHIRLPOOL 776a928422b8f37a12099111a1503674ca901934b60dca8596dc8bc287390be9a0e912d7ba6226dcb22eb7c669fa298ddc20fd7bf5c275b0cf019bae0d594839 +DIST gentoo-apache-2.2.29-20140922.tar.bz2 64135 SHA256 8c69c36c2f40fb81ee905b4dd72ab74aab4563c75149d302f372a451498e2678 SHA512 1d9aa12aa3ab79b5f80ee3fda020b33ff6798e5b1abbcbc138acea06a1ab9968ad240d2bdf9c5dbb9640fa9fb6718eec7175df7cc0fb8574cc4d7d5cdfb5bcc4 WHIRLPOOL f655300f0dcd2f4503cbdb25983fed902e4b717ff57e06f66486bebd0ed7cb8df56387be74b4259bfffad949bb446c5ec28f89065b6d5239585324b610be7b88 +DIST gentoo-apache-2.2.34-20170918.tar.bz2 64390 SHA256 27a1755e3cee4bf4976fd3ed7aeb55db7ad3c0076ae2081ae626d4133c91aac2 SHA512 10b42e50dcc196f60bcaefe90c382d62a61339dd8a56e899d6afb6998be4acdd376e2c3509791f22a0acf99d06add497e32703b6d523f640306a6db5e05f358a WHIRLPOOL 4480bc9ff7a7291eacdc4a8c77e12e58c48f8e1c87ed164a4af42dbdaceebd554343384291723310cbf20d8d0660817f59aa72e7cf541283a142d9f1b3fa58c2 +DIST gentoo-apache-2.4.18-r1-20160303.tar.bz2 24505 SHA256 d81e32d876594b48a7ff6d9123bf776c5bea5453eddd2fe40f4a9b79c11537aa SHA512 68f0c4de38ae05c45839fe692cbb7de641e331ca133b8aaaf69f3659dec15833cda95e6e074edb3a5b6b6d59b3fc5a4ee3589fff810707fe27417a25cd8a4c4d WHIRLPOOL fb61224b2104e611237e1d09eb4dfb3d2b8f023348c9622f7f19434b6b77d63786c41af17a300d994c14d983676f3753ab6fa52f7a7fcd07b9cea3d7eeacc9b9 +DIST gentoo-apache-2.4.27-20170918.tar.bz2 24850 SHA256 10c7404707508ce91ce59974f55fe4368ee153b299f697441f703dab1aefd17a SHA512 c58a9a0b171188ff163f6b45c47f243797d4050cf461ba1a642115350285879005be6496cee2031bffaccc0d8beda4c27de87afa2ded17cbe559f792eb7c00e8 WHIRLPOOL 143092df671320d353bb8221fe62351f5f70262fa5e83cad6904633bcbbd177810717f297081d59e3e3a37e2cb42a004c0575fb55d52e0d1ae7197768b96aef8 +DIST httpd-2.2.31.tar.bz2 5610489 SHA256 f32f9d19f535dac63b06cb55dfc023b40dcd28196b785f79f9346779e22f26ac SHA512 5aa47d4b76f692bbd8b309135ff99152df98cf69b505b9daf3f13f7f2a31443eaf4995161adfbc47a133b4d0e091fda2d95fc6b87a956f0ada18d7466ee28e74 WHIRLPOOL a2e3e53c51719cb6f7e641b41788cd89ce7b4d2ea105b403bfa3b3d4479b69c5604228269062f66722594e105e91121d05b1c9f27ca7dc4ecfcf339da8b8375c +DIST httpd-2.2.34.tar.bz2 5779739 SHA256 e53183d5dfac5740d768b4c9bea193b1099f4b06b57e5f28d7caaf9ea7498160 SHA512 e6dac5865a48533c025fe17523ee74d68c3a23f9512c9441b78a140e33cfb6835573eb049b0ad424eb5c5ca78a1915778c54e8a409da95fbdd3890cb99e08240 WHIRLPOOL 0bd86b3644fae79c74928c0cd8bc3e4b7d821544a760dbe6459df43210f690d3c4dc74168e029b0b5bbaba6fcd0433aeb4312794455d91b00b7c36c537dfdefd +DIST httpd-2.4.27.tar.bz2 6527394 SHA256 71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a SHA512 7e7e8070715b74cb6890096a74e194f4c6a49c14bda685b1ad832e84312f1ac4316ea03a430e679502bfd8e1853aefa544ee002a20d0f7e994b9a590c74bc42c WHIRLPOOL 35aeaa01b2bf5772ad21d1011e619befd75fdaade5aa0ca7c61367e7b7a66af28dccf8729a53418f2598199721b68aac7d8c575797ed218150d00af4e8dd4dba +DIST httpd-2.4.28.tar.bz2 6553163 SHA256 c1197a3a62a4ab5c584ab89b249af38cf28b4adee9c0106b62999fd29f920666 SHA512 8de8e32b87e6de220e492e74db9df0882fae11c3b9732f3d3316da048c04767ac4429c0433c36f87d8705263e3376f97a7e1f66a9d7a518632a67b6fe617590a WHIRLPOOL a4c8be522d5e900e01cefc0fc6d196e3e49e45e2daffa9ec22b2dc44deace506da5a4cf68afd04b0062b87ffcd27b6e59d0b8ae71cc2304d5080d066174e95ed +EBUILD apache-2.2.31-r1.ebuild 3046 SHA256 24ce15f98c4a7aa7e095aedf4aed23f763a3b540bce5976523961c9a96440ca2 SHA512 d3f5c471783365f53a9fd0678ae806d69d6ea3b872cb5ccfe5abdc5e7ad548402a5bac11ebcd1e6100c4245f220663b956ec8b22c1d3963d7ef45b9256def3d7 WHIRLPOOL 638a1978bd526a7e0d1e3c0c77c49a2e82d8869c69a5434c3a84ae83bf5cad18fb294d53c50dd0b5acc1e0e22ad787808b336c1d0b1a31b073fba0693c0092e5 +EBUILD apache-2.2.34.ebuild 2990 SHA256 be262e41891a3fdb2096de2174fd70a027ebdb60e5b84c18afabcfa25a7d6e50 SHA512 41e284116118d0e0a354fe5fb7ec9751a9b913d6d3fdb5663dcf26dda8d715c63bfd4be8029b7ac8be06639e8baf7fe22aad9adf1cfb621f272d4a2f7b25b2e0 WHIRLPOOL d3585090f386833b207935bf133761a3c8eee335ef8a4a4af8da1ae6bec058543cca4c3fb1fbb02eb005643bc6aa0dc8a621164a620fa14e47c6b116131f0a3f +EBUILD apache-2.4.27-r1.ebuild 7751 SHA256 d40f1ec93debfd1807f6a8480584836fea988684220eb8ba5eec8065cf09c241 SHA512 aa93a1a4d18fca111289b47cc4cc81371c75ba578746e8c5c3078f3a7cb824e229ec90d1ba81bc6f81eb66e53d45665a50c273f3c4c528c365b4a3e49b9e0973 WHIRLPOOL 2c2011e1d1bd6eb497a507ff4a9a7f11e24bfa1b9344ec9eca7ee19925b7f6821c45ffbfda8012e2217ce34ffba71a1b86a4664708ac8f516f6ca634972be850 +EBUILD apache-2.4.27.ebuild 7761 SHA256 02a0e6b6d8150ee9766e9e1462ccff5036e00f97cda6540daa4bde08d356bca9 SHA512 efb043984a186acfa87e5cdbef60a65b16d33e870010d2c55ace8e7c9356202bdaec8c6c89586a1664967f27b57f0baaaf62da217c2168d9db0381ed564c1083 WHIRLPOOL 16b20195bede9c2c70451a58ba8fd8b85294a66f24a022feb683cd49719dd6cfc2dc43d451a50539727a6ba1fe5bb0a066cdb5a62fe8c4516b0b342bfe49536f +EBUILD apache-2.4.28.ebuild 7767 SHA256 e3ac8d458f9a64c1e20b31428ffe2586215a5a61387be9585a8a5cf10e02d7df SHA512 18d72e8d5d107cb127a29752ae507df58b2c2c5c2a01cce9fc85efd18fb75fd2121d2511793036144883425ef2f0054e66f09df2d728f29fda92d13a803918f0 WHIRLPOOL 496f1e3320beaa065b1a9057d507f9a51c2809500f7c39839466dc1d3fb68832ed9041719ab8229819f9d23a9b08060e2287d5fbbf36c89707e4d247f5232d70 +MISC ChangeLog 13802 SHA256 23fdf1fc5c8aedb3511251cc41d097c99895ab24e50f48377fe91a39c17b9ddc SHA512 1b92ff6422e0db92f25546ffc37b1d2200060959cb7f1af91159e08b181d66df45baae15df31586a3333877e78cc49e2fa3621a950f52193e43e861fc03babf0 WHIRLPOOL 42e008d07b470d3620d2bfd02049f97463f4dfffe9756bbcde277eb4c1b6ce21f6b2a0f8853226166510012316e22ca3a4b730180c18aa692a929041dc127830 +MISC ChangeLog-2008 105137 SHA256 4afec18ad3c76df40314edb37b5512f81ca6223c38a899534d9d15342481accf SHA512 92dfd339b1c4ddec29222076a597220dc7faa504e2ee770339892f155febbf34004e60395f9eb21b43d3b1feb5f362c2946b69cc65151b5ba00fb53b35ccb9c6 WHIRLPOOL 89d77300aafb53ae0632904118064de19313fe51f635512314471e845574e7a624a770ae4ca4e335cff67d4fee92e062d28ef985a54c577a1b8b3ea0f621c0f8 +MISC ChangeLog-2015 30572 SHA256 2608174e0cdfe351d5c8d25d21cbe9c6b7b98c6de9ee6d04da23c3de9fb95d6b SHA512 b76aaa5b8bc20f2fb45346e5d6f1f094e9f6b6f740054755bdc0399f581c78fd0c087f183ca756a63a08e8d96eedb292ffc4d2f6ddc00c8374435866e15fac9b WHIRLPOOL 8dd5292ae8fa15422c6d663420e7655cb13247380831d2f147dfdd0deaa51d6899e1c7f3b8ae9ae111074c8464e0bd94a38d491981ce84fc6268ab83c0af9396 +MISC metadata.xml 3360 SHA256 0a01a693df933e8ffeaf0795636a135cfd140dca0681b107cbde13920b516f86 SHA512 acbaf64bdaf376e4e1be9134878faf0d000d77138fe9b20f93d3c69d43d65c5e6817522f52b95028e47d1d9a2448c4ae8c1961acd90a31d6515c5e158db3364f WHIRLPOOL 1ee3e882c38d777a67ce4eb5cba9fd8a269f2feecb8b17ace06485179effd7e123b7e3235da5f40e0ea7840dbe1ea14d5eef2199a535c4661fe6105bcf156ef3 diff --git a/www-servers/apache/apache-2.2.31-r1.ebuild b/www-servers/apache/apache-2.2.31-r1.ebuild new file mode 100644 index 000000000000..7aa6f4ad3c01 --- /dev/null +++ b/www-servers/apache/apache-2.2.31-r1.ebuild @@ -0,0 +1,118 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +# latest gentoo apache files +GENTOO_PATCHSTAMP="20140922" +GENTOO_DEVELOPER="polynomial-c" +GENTOO_PATCHNAME="gentoo-apache-2.2.29" + +# IUSE/USE_EXPAND magic +IUSE_MPMS_FORK="itk peruser prefork" +IUSE_MPMS_THREAD="event worker" + +IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon +authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default +authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta +charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio +env expires ext_filter file_cache filter headers ident imagemap include info +log_config log_forensic logio mem_cache mime mime_magic negotiation proxy +proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite +reqtimeout setenvif speling status substitute unique_id userdir usertrack +version vhost_alias" +# The following are also in the source as of this version, but are not available +# for user selection: +# bucketeer case_filter case_filter_in echo http isapi optional_fn_export +# optional_fn_import optional_hook_export optional_hook_import + +# inter-module dependencies +# TODO: this may still be incomplete +MODULE_DEPENDS=" + dav_fs:dav + dav_lock:dav + deflate:filter + disk_cache:cache + ext_filter:filter + file_cache:cache + log_forensic:log_config + logio:log_config + mem_cache:cache + mime_magic:mime + proxy_ajp:proxy + proxy_balancer:proxy + proxy_connect:proxy + proxy_ftp:proxy + proxy_http:proxy + proxy_scgi:proxy + substitute:filter +" + +# module<->define mappings +MODULE_DEFINES=" + auth_digest:AUTH_DIGEST + authnz_ldap:AUTHNZ_LDAP + cache:CACHE + dav:DAV + dav_fs:DAV + dav_lock:DAV + disk_cache:CACHE + file_cache:CACHE + info:INFO + ldap:LDAP + mem_cache:CACHE + proxy:PROXY + proxy_ajp:PROXY + proxy_balancer:PROXY + proxy_connect:PROXY + proxy_ftp:PROXY + proxy_http:PROXY + ssl:SSL + status:STATUS + suexec:SUEXEC + userdir:USERDIR +" + +# critical modules for the default config +MODULE_CRITICAL=" + authz_host + dir + mime +" + +inherit apache-2 systemd toolchain-funcs + +DESCRIPTION="The Apache Web Server" +HOMEPAGE="https://httpd.apache.org/" + +# some helper scripts are Apache-1.1, thus both are here +LICENSE="Apache-2.0 Apache-1.1" +SLOT="2" +KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" +IUSE="" + +PATCHES=( + "${FILESDIR}/${PN}-asf-httpoxy.patch" +) + +src_configure() { + # Brain dead check. + tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no" + + apache-2_src_configure +} + +src_install() { + apache-2_src_install + + # install apxs in /usr/bin (bug #502384) and put a symlink into the + # old location until all ebuilds and eclasses have been modified to + # use the new location. + local apxs_dir="/usr/bin" + dodir ${apxs_dir} + mv "${D}"/usr/sbin/apxs "${D}"${apxs_dir} || die + ln -s ../bin/apxs "${D}"/usr/sbin/apxs || die + + systemd_newunit "${FILESDIR}/apache2.2.service" "apache2.service" + systemd_dotmpfilesd "${FILESDIR}/apache.conf" +} diff --git a/www-servers/apache/apache-2.2.34.ebuild b/www-servers/apache/apache-2.2.34.ebuild new file mode 100644 index 000000000000..0aad98f00777 --- /dev/null +++ b/www-servers/apache/apache-2.2.34.ebuild @@ -0,0 +1,114 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +# latest gentoo apache files +GENTOO_PATCHSTAMP="20170918" +GENTOO_DEVELOPER="whissi" +GENTOO_PATCHNAME="gentoo-apache-2.2.34" + +# IUSE/USE_EXPAND magic +IUSE_MPMS_FORK="itk peruser prefork" +IUSE_MPMS_THREAD="event worker" + +IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon +authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default +authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta +charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio +env expires ext_filter file_cache filter headers ident imagemap include info +log_config log_forensic logio mem_cache mime mime_magic negotiation proxy +proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite +reqtimeout setenvif speling status substitute unique_id userdir usertrack +version vhost_alias" +# The following are also in the source as of this version, but are not available +# for user selection: +# bucketeer case_filter case_filter_in echo http isapi optional_fn_export +# optional_fn_import optional_hook_export optional_hook_import + +# inter-module dependencies +# TODO: this may still be incomplete +MODULE_DEPENDS=" + dav_fs:dav + dav_lock:dav + deflate:filter + disk_cache:cache + ext_filter:filter + file_cache:cache + log_forensic:log_config + logio:log_config + mem_cache:cache + mime_magic:mime + proxy_ajp:proxy + proxy_balancer:proxy + proxy_connect:proxy + proxy_ftp:proxy + proxy_http:proxy + proxy_scgi:proxy + substitute:filter +" + +# module<->define mappings +MODULE_DEFINES=" + auth_digest:AUTH_DIGEST + authnz_ldap:AUTHNZ_LDAP + cache:CACHE + dav:DAV + dav_fs:DAV + dav_lock:DAV + disk_cache:CACHE + file_cache:CACHE + info:INFO + ldap:LDAP + mem_cache:CACHE + proxy:PROXY + proxy_ajp:PROXY + proxy_balancer:PROXY + proxy_connect:PROXY + proxy_ftp:PROXY + proxy_http:PROXY + ssl:SSL + status:STATUS + suexec:SUEXEC + userdir:USERDIR +" + +# critical modules for the default config +MODULE_CRITICAL=" + authz_host + dir + mime +" + +inherit apache-2 systemd toolchain-funcs + +DESCRIPTION="The Apache Web Server" +HOMEPAGE="https://httpd.apache.org/" + +# some helper scripts are Apache-1.1, thus both are here +LICENSE="Apache-2.0 Apache-1.1" +SLOT="2" +KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" +IUSE="" + +src_configure() { + # Brain dead check. + tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no" + + apache-2_src_configure +} + +src_install() { + apache-2_src_install + + # install apxs in /usr/bin (bug #502384) and put a symlink into the + # old location until all ebuilds and eclasses have been modified to + # use the new location. + local apxs_dir="/usr/bin" + dodir ${apxs_dir} + mv "${D}"/usr/sbin/apxs "${D}"${apxs_dir} || die + ln -s ../bin/apxs "${D}"/usr/sbin/apxs || die + + systemd_newunit "${FILESDIR}/apache2.2.service" "apache2.service" + systemd_dotmpfilesd "${FILESDIR}/apache.conf" +} diff --git a/www-servers/apache/apache-2.4.27-r1.ebuild b/www-servers/apache/apache-2.4.27-r1.ebuild new file mode 100644 index 000000000000..960206e6c476 --- /dev/null +++ b/www-servers/apache/apache-2.4.27-r1.ebuild @@ -0,0 +1,238 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +# latest gentoo apache files +GENTOO_PATCHSTAMP="20170918" +GENTOO_DEVELOPER="whissi" +GENTOO_PATCHNAME="gentoo-apache-2.4.27" + +# IUSE/USE_EXPAND magic +IUSE_MPMS_FORK="prefork" +IUSE_MPMS_THREAD="event worker" + +# << obsolete modules: +# authn_default authz_default mem_cache +# mem_cache is replaced by cache_disk +# ?? buggy modules +# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found +# >> added modules for reason: +# compat: compatibility with 2.2 access control +# authz_host: new module for access control +# authn_core: functionality provided by authn_alias in previous versions +# authz_core: new module, provides core authorization capabilities +# cache_disk: replacement for mem_cache +# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3 +# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3 +# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests). +# socache_shmcb: shared object cache provider. Default config with ssl needs it +# unixd: fixes startup error: Invalid command 'User' +IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest +authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authz_core +authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex +cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock +dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2 +ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness +lbmethod_heartbeat log_config log_forensic logio macro mime mime_magic negotiation +proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_html proxy_http proxy_scgi +proxy_fcgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout setenvif +slotmem_shm speling socache_shmcb status substitute unique_id userdir usertrack +unixd version vhost_alias xml2enc" +# The following are also in the source as of this version, but are not available +# for user selection: +# bucketeer case_filter case_filter_in echo http isapi optional_fn_export +# optional_fn_import optional_hook_export optional_hook_import + +# inter-module dependencies +# TODO: this may still be incomplete +MODULE_DEPENDS=" + dav_fs:dav + dav_lock:dav + deflate:filter + cache_disk:cache + ext_filter:filter + file_cache:cache + lbmethod_byrequests:proxy_balancer + lbmethod_byrequests:slotmem_shm + lbmethod_bytraffic:proxy_balancer + lbmethod_bybusyness:proxy_balancer + lbmethod_heartbeat:proxy_balancer + log_forensic:log_config + logio:log_config + cache_disk:cache + cache_socache:cache + mime_magic:mime + proxy_ajp:proxy + proxy_balancer:proxy + proxy_balancer:slotmem_shm + proxy_connect:proxy + proxy_ftp:proxy + proxy_html:proxy + proxy_html:xml2enc + proxy_http:proxy + proxy_scgi:proxy + proxy_fcgi:proxy + proxy_wstunnel:proxy + substitute:filter +" + +# module<->define mappings +MODULE_DEFINES=" + auth_digest:AUTH_DIGEST + authnz_ldap:AUTHNZ_LDAP + cache:CACHE + cache_disk:CACHE + cache_socache:CACHE + dav:DAV + dav_fs:DAV + dav_lock:DAV + file_cache:CACHE + http2:HTTP2 + info:INFO + ldap:LDAP + proxy:PROXY + proxy_ajp:PROXY + proxy_balancer:PROXY + proxy_connect:PROXY + proxy_ftp:PROXY + proxy_html:PROXY + proxy_http:PROXY + proxy_fcgi:PROXY + proxy_scgi:PROXY + proxy_wstunnel:PROXY + socache_shmcb:SSL + ssl:SSL + status:STATUS + suexec:SUEXEC + userdir:USERDIR +" + +# critical modules for the default config +MODULE_CRITICAL=" + authn_core + authz_core + authz_host + dir + mime + unixd +" +inherit eutils apache-2 systemd toolchain-funcs + +DESCRIPTION="The Apache Web Server" +HOMEPAGE="https://httpd.apache.org/" + +# some helper scripts are Apache-1.1, thus both are here +LICENSE="Apache-2.0 Apache-1.1" +SLOT="2" +KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris" + +DEPEND+="apache2_modules_http2? ( >=net-libs/nghttp2-1.2.1 )" + +REQUIRED_USE="apache2_modules_http2? ( ssl )" + +pkg_setup() { + # dependend critical modules which are not allowed in global scope due + # to USE flag conditionals (bug #499260) + use ssl && MODULE_CRITICAL+=" socache_shmcb" + use doc && MODULE_CRITICAL+=" alias negotiation setenvif" + apache-2_pkg_setup +} + +src_configure() { + # Brain dead check. + tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no" + + apache-2_src_configure +} + +src_compile() { + if tc-is-cross-compiler; then + # This header is the same across targets, so use the build compiler. + pushd server >/dev/null + emake gen_test_char + tc-export_build_env BUILD_CC + ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \ + gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die + popd >/dev/null + fi + + default +} + +src_install() { + apache-2_src_install + for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do + rm "${ED}"/$i || die "Failed to prune apache-tools bits" + done + for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do + rm "${ED}"/$i || die "Failed to prune apache-tools bits" + done + for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do + rm "${ED}"/$i || die "Failed to prune apache-tools bits" + done + for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do + rm "${ED}/"$i || die "Failed to prune apache-tools bits" + done + + # install apxs in /usr/bin (bug #502384) and put a symlink into the + # old location until all ebuilds and eclasses have been modified to + # use the new location. + local apxs="/usr/bin/apxs" + cp "${S}"/support/apxs "${ED%/}/${apxs}" || die "Failed to install apxs" + ln -s ../bin/apxs "${ED%/}/usr/sbin/apxs" || die + chmod 0755 "${ED%/}${apxs}" || die + + # Note: wait for mod_systemd to be included in some forthcoming release, + # Then apache2.4.service can be used and systemd support controlled + # through --enable-systemd + systemd_newunit "${FILESDIR}/apache2.2-hardened.service" "apache2.service" + systemd_dotmpfilesd "${FILESDIR}/apache.conf" + #insinto /etc/apache2/modules.d + #doins "${FILESDIR}/00_systemd.conf" + + # Install http2 module config + insinto /etc/apache2/modules.d + doins "${FILESDIR}"/41_mod_http2.conf +} + +pkg_postinst() { + apache-2_pkg_postinst || die "apache-2_pkg_postinst failed" + # warnings that default config might not work out of the box + for mod in $MODULE_CRITICAL; do + if ! use "apache2_modules_${mod}"; then + echo + ewarn "Warning: Critical module not installed!" + ewarn "Modules 'authn_core', 'authz_core' and 'unixd'" + ewarn "are highly recomended but might not be in the base profile yet." + ewarn "Default config for ssl needs module 'socache_shmcb'." + ewarn "Enabling the following flags is highly recommended:" + for cmod in $MODULE_CRITICAL; do + use "apache2_modules_${cmod}" || \ + ewarn "+ apache2_modules_${cmod}" + done + echo + break + fi + done + # warning for proxy_balancer and missing load balancing scheduler + if use apache2_modules_proxy_balancer; then + local lbset= + for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do + if use "apache2_modules_${mod}"; then + lbset=1 && break + fi + done + if [ ! ${lbset} ] ; then + echo + ewarn "Info: Missing load balancing scheduler algorithm module" + ewarn "(They were split off from proxy_balancer in 2.3)" + ewarn "In order to get the ability of load balancing, at least" + ewarn "one of these modules has to be present:" + ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" + echo + fi + fi +} diff --git a/www-servers/apache/apache-2.4.27.ebuild b/www-servers/apache/apache-2.4.27.ebuild new file mode 100644 index 000000000000..90b38c3e0a0b --- /dev/null +++ b/www-servers/apache/apache-2.4.27.ebuild @@ -0,0 +1,238 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +# latest gentoo apache files +GENTOO_PATCHSTAMP="20160303" +GENTOO_DEVELOPER="polynomial-c" +GENTOO_PATCHNAME="gentoo-apache-2.4.18-r1" + +# IUSE/USE_EXPAND magic +IUSE_MPMS_FORK="prefork" +IUSE_MPMS_THREAD="event worker" + +# << obsolete modules: +# authn_default authz_default mem_cache +# mem_cache is replaced by cache_disk +# ?? buggy modules +# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found +# >> added modules for reason: +# compat: compatibility with 2.2 access control +# authz_host: new module for access control +# authn_core: functionality provided by authn_alias in previous versions +# authz_core: new module, provides core authorization capabilities +# cache_disk: replacement for mem_cache +# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3 +# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3 +# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests). +# socache_shmcb: shared object cache provider. Default config with ssl needs it +# unixd: fixes startup error: Invalid command 'User' +IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest +authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authz_core +authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex +cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock +dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2 +ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness +lbmethod_heartbeat log_config log_forensic logio macro mime mime_magic negotiation +proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_html proxy_http proxy_scgi +proxy_fcgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout setenvif +slotmem_shm speling socache_shmcb status substitute unique_id userdir usertrack +unixd version vhost_alias xml2enc" +# The following are also in the source as of this version, but are not available +# for user selection: +# bucketeer case_filter case_filter_in echo http isapi optional_fn_export +# optional_fn_import optional_hook_export optional_hook_import + +# inter-module dependencies +# TODO: this may still be incomplete +MODULE_DEPENDS=" + dav_fs:dav + dav_lock:dav + deflate:filter + cache_disk:cache + ext_filter:filter + file_cache:cache + lbmethod_byrequests:proxy_balancer + lbmethod_byrequests:slotmem_shm + lbmethod_bytraffic:proxy_balancer + lbmethod_bybusyness:proxy_balancer + lbmethod_heartbeat:proxy_balancer + log_forensic:log_config + logio:log_config + cache_disk:cache + cache_socache:cache + mime_magic:mime + proxy_ajp:proxy + proxy_balancer:proxy + proxy_balancer:slotmem_shm + proxy_connect:proxy + proxy_ftp:proxy + proxy_html:proxy + proxy_html:xml2enc + proxy_http:proxy + proxy_scgi:proxy + proxy_fcgi:proxy + proxy_wstunnel:proxy + substitute:filter +" + +# module<->define mappings +MODULE_DEFINES=" + auth_digest:AUTH_DIGEST + authnz_ldap:AUTHNZ_LDAP + cache:CACHE + cache_disk:CACHE + cache_socache:CACHE + dav:DAV + dav_fs:DAV + dav_lock:DAV + file_cache:CACHE + http2:HTTP2 + info:INFO + ldap:LDAP + proxy:PROXY + proxy_ajp:PROXY + proxy_balancer:PROXY + proxy_connect:PROXY + proxy_ftp:PROXY + proxy_html:PROXY + proxy_http:PROXY + proxy_fcgi:PROXY + proxy_scgi:PROXY + proxy_wstunnel:PROXY + socache_shmcb:SSL + ssl:SSL + status:STATUS + suexec:SUEXEC + userdir:USERDIR +" + +# critical modules for the default config +MODULE_CRITICAL=" + authn_core + authz_core + authz_host + dir + mime + unixd +" +inherit eutils apache-2 systemd toolchain-funcs + +DESCRIPTION="The Apache Web Server" +HOMEPAGE="https://httpd.apache.org/" + +# some helper scripts are Apache-1.1, thus both are here +LICENSE="Apache-2.0 Apache-1.1" +SLOT="2" +KEYWORDS="alpha amd64 arm ~arm64 ~hppa ia64 ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris" + +DEPEND+="apache2_modules_http2? ( >=net-libs/nghttp2-1.2.1 )" + +REQUIRED_USE="apache2_modules_http2? ( ssl )" + +pkg_setup() { + # dependend critical modules which are not allowed in global scope due + # to USE flag conditionals (bug #499260) + use ssl && MODULE_CRITICAL+=" socache_shmcb" + use doc && MODULE_CRITICAL+=" alias negotiation setenvif" + apache-2_pkg_setup +} + +src_configure() { + # Brain dead check. + tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no" + + apache-2_src_configure +} + +src_compile() { + if tc-is-cross-compiler; then + # This header is the same across targets, so use the build compiler. + pushd server >/dev/null + emake gen_test_char + tc-export_build_env BUILD_CC + ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \ + gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die + popd >/dev/null + fi + + default +} + +src_install() { + apache-2_src_install + for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do + rm "${ED}"/$i || die "Failed to prune apache-tools bits" + done + for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do + rm "${ED}"/$i || die "Failed to prune apache-tools bits" + done + for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do + rm "${ED}"/$i || die "Failed to prune apache-tools bits" + done + for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do + rm "${ED}/"$i || die "Failed to prune apache-tools bits" + done + + # install apxs in /usr/bin (bug #502384) and put a symlink into the + # old location until all ebuilds and eclasses have been modified to + # use the new location. + local apxs="/usr/bin/apxs" + cp "${S}"/support/apxs "${ED%/}/${apxs}" || die "Failed to install apxs" + ln -s ../bin/apxs "${ED%/}/usr/sbin/apxs" || die + chmod 0755 "${ED%/}${apxs}" || die + + # Note: wait for mod_systemd to be included in some forthcoming release, + # Then apache2.4.service can be used and systemd support controlled + # through --enable-systemd + systemd_newunit "${FILESDIR}/apache2.2-hardened.service" "apache2.service" + systemd_dotmpfilesd "${FILESDIR}/apache.conf" + #insinto /etc/apache2/modules.d + #doins "${FILESDIR}/00_systemd.conf" + + # Install http2 module config + insinto /etc/apache2/modules.d + doins "${FILESDIR}"/41_mod_http2.conf +} + +pkg_postinst() { + apache-2_pkg_postinst || die "apache-2_pkg_postinst failed" + # warnings that default config might not work out of the box + for mod in $MODULE_CRITICAL; do + if ! use "apache2_modules_${mod}"; then + echo + ewarn "Warning: Critical module not installed!" + ewarn "Modules 'authn_core', 'authz_core' and 'unixd'" + ewarn "are highly recomended but might not be in the base profile yet." + ewarn "Default config for ssl needs module 'socache_shmcb'." + ewarn "Enabling the following flags is highly recommended:" + for cmod in $MODULE_CRITICAL; do + use "apache2_modules_${cmod}" || \ + ewarn "+ apache2_modules_${cmod}" + done + echo + break + fi + done + # warning for proxy_balancer and missing load balancing scheduler + if use apache2_modules_proxy_balancer; then + local lbset= + for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do + if use "apache2_modules_${mod}"; then + lbset=1 && break + fi + done + if [ ! ${lbset} ] ; then + echo + ewarn "Info: Missing load balancing scheduler algorithm module" + ewarn "(They were split off from proxy_balancer in 2.3)" + ewarn "In order to get the ability of load balancing, at least" + ewarn "one of these modules has to be present:" + ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" + echo + fi + fi +} diff --git a/www-servers/apache/apache-2.4.28.ebuild b/www-servers/apache/apache-2.4.28.ebuild new file mode 100644 index 000000000000..33dec2f1025a --- /dev/null +++ b/www-servers/apache/apache-2.4.28.ebuild @@ -0,0 +1,238 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +# latest gentoo apache files +GENTOO_PATCHSTAMP="20160303" +GENTOO_DEVELOPER="polynomial-c" +GENTOO_PATCHNAME="gentoo-apache-2.4.18-r1" + +# IUSE/USE_EXPAND magic +IUSE_MPMS_FORK="prefork" +IUSE_MPMS_THREAD="event worker" + +# << obsolete modules: +# authn_default authz_default mem_cache +# mem_cache is replaced by cache_disk +# ?? buggy modules +# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found +# >> added modules for reason: +# compat: compatibility with 2.2 access control +# authz_host: new module for access control +# authn_core: functionality provided by authn_alias in previous versions +# authz_core: new module, provides core authorization capabilities +# cache_disk: replacement for mem_cache +# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3 +# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3 +# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests). +# socache_shmcb: shared object cache provider. Default config with ssl needs it +# unixd: fixes startup error: Invalid command 'User' +IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest +authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authz_core +authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex +cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock +dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2 +ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness +lbmethod_heartbeat log_config log_forensic logio macro mime mime_magic negotiation +proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_html proxy_http proxy_scgi +proxy_fcgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout setenvif +slotmem_shm speling socache_shmcb status substitute unique_id userdir usertrack +unixd version vhost_alias xml2enc" +# The following are also in the source as of this version, but are not available +# for user selection: +# bucketeer case_filter case_filter_in echo http isapi optional_fn_export +# optional_fn_import optional_hook_export optional_hook_import + +# inter-module dependencies +# TODO: this may still be incomplete +MODULE_DEPENDS=" + dav_fs:dav + dav_lock:dav + deflate:filter + cache_disk:cache + ext_filter:filter + file_cache:cache + lbmethod_byrequests:proxy_balancer + lbmethod_byrequests:slotmem_shm + lbmethod_bytraffic:proxy_balancer + lbmethod_bybusyness:proxy_balancer + lbmethod_heartbeat:proxy_balancer + log_forensic:log_config + logio:log_config + cache_disk:cache + cache_socache:cache + mime_magic:mime + proxy_ajp:proxy + proxy_balancer:proxy + proxy_balancer:slotmem_shm + proxy_connect:proxy + proxy_ftp:proxy + proxy_html:proxy + proxy_html:xml2enc + proxy_http:proxy + proxy_scgi:proxy + proxy_fcgi:proxy + proxy_wstunnel:proxy + substitute:filter +" + +# module<->define mappings +MODULE_DEFINES=" + auth_digest:AUTH_DIGEST + authnz_ldap:AUTHNZ_LDAP + cache:CACHE + cache_disk:CACHE + cache_socache:CACHE + dav:DAV + dav_fs:DAV + dav_lock:DAV + file_cache:CACHE + http2:HTTP2 + info:INFO + ldap:LDAP + proxy:PROXY + proxy_ajp:PROXY + proxy_balancer:PROXY + proxy_connect:PROXY + proxy_ftp:PROXY + proxy_html:PROXY + proxy_http:PROXY + proxy_fcgi:PROXY + proxy_scgi:PROXY + proxy_wstunnel:PROXY + socache_shmcb:SSL + ssl:SSL + status:STATUS + suexec:SUEXEC + userdir:USERDIR +" + +# critical modules for the default config +MODULE_CRITICAL=" + authn_core + authz_core + authz_host + dir + mime + unixd +" +inherit eutils apache-2 systemd toolchain-funcs + +DESCRIPTION="The Apache Web Server" +HOMEPAGE="https://httpd.apache.org/" + +# some helper scripts are Apache-1.1, thus both are here +LICENSE="Apache-2.0 Apache-1.1" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris" + +DEPEND+="apache2_modules_http2? ( >=net-libs/nghttp2-1.2.1 )" + +REQUIRED_USE="apache2_modules_http2? ( ssl )" + +pkg_setup() { + # dependend critical modules which are not allowed in global scope due + # to USE flag conditionals (bug #499260) + use ssl && MODULE_CRITICAL+=" socache_shmcb" + use doc && MODULE_CRITICAL+=" alias negotiation setenvif" + apache-2_pkg_setup +} + +src_configure() { + # Brain dead check. + tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no" + + apache-2_src_configure +} + +src_compile() { + if tc-is-cross-compiler; then + # This header is the same across targets, so use the build compiler. + pushd server >/dev/null + emake gen_test_char + tc-export_build_env BUILD_CC + ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \ + gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die + popd >/dev/null + fi + + default +} + +src_install() { + apache-2_src_install + for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do + rm "${ED}"/$i || die "Failed to prune apache-tools bits" + done + for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do + rm "${ED}"/$i || die "Failed to prune apache-tools bits" + done + for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do + rm "${ED}"/$i || die "Failed to prune apache-tools bits" + done + for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do + rm "${ED}/"$i || die "Failed to prune apache-tools bits" + done + + # install apxs in /usr/bin (bug #502384) and put a symlink into the + # old location until all ebuilds and eclasses have been modified to + # use the new location. + local apxs="/usr/bin/apxs" + cp "${S}"/support/apxs "${ED%/}/${apxs}" || die "Failed to install apxs" + ln -s ../bin/apxs "${ED%/}/usr/sbin/apxs" || die + chmod 0755 "${ED%/}${apxs}" || die + + # Note: wait for mod_systemd to be included in some forthcoming release, + # Then apache2.4.service can be used and systemd support controlled + # through --enable-systemd + systemd_newunit "${FILESDIR}/apache2.2-hardened.service" "apache2.service" + systemd_dotmpfilesd "${FILESDIR}/apache.conf" + #insinto /etc/apache2/modules.d + #doins "${FILESDIR}/00_systemd.conf" + + # Install http2 module config + insinto /etc/apache2/modules.d + doins "${FILESDIR}"/41_mod_http2.conf +} + +pkg_postinst() { + apache-2_pkg_postinst || die "apache-2_pkg_postinst failed" + # warnings that default config might not work out of the box + for mod in $MODULE_CRITICAL; do + if ! use "apache2_modules_${mod}"; then + echo + ewarn "Warning: Critical module not installed!" + ewarn "Modules 'authn_core', 'authz_core' and 'unixd'" + ewarn "are highly recomended but might not be in the base profile yet." + ewarn "Default config for ssl needs module 'socache_shmcb'." + ewarn "Enabling the following flags is highly recommended:" + for cmod in $MODULE_CRITICAL; do + use "apache2_modules_${cmod}" || \ + ewarn "+ apache2_modules_${cmod}" + done + echo + break + fi + done + # warning for proxy_balancer and missing load balancing scheduler + if use apache2_modules_proxy_balancer; then + local lbset= + for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do + if use "apache2_modules_${mod}"; then + lbset=1 && break + fi + done + if [ ! ${lbset} ] ; then + echo + ewarn "Info: Missing load balancing scheduler algorithm module" + ewarn "(They were split off from proxy_balancer in 2.3)" + ewarn "In order to get the ability of load balancing, at least" + ewarn "one of these modules has to be present:" + ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" + echo + fi + fi +} diff --git a/www-servers/apache/files/41_mod_http2.conf b/www-servers/apache/files/41_mod_http2.conf new file mode 100644 index 000000000000..e4c9454e0127 --- /dev/null +++ b/www-servers/apache/files/41_mod_http2.conf @@ -0,0 +1,9 @@ +<IfDefine SSL> + <IfModule http2_module> + # enable debugging for this module + #LogLevel http2:info + + #Enable HTTP/2 support + Protocols h2 h2c http/1.1 + </IfModule> +</IfDefine> diff --git a/www-servers/apache/files/apache-asf-httpoxy.patch b/www-servers/apache/files/apache-asf-httpoxy.patch new file mode 100644 index 000000000000..68e3d869a77e --- /dev/null +++ b/www-servers/apache/files/apache-asf-httpoxy.patch @@ -0,0 +1,20 @@ +https://bugs.gentoo.org/589226 +https://www.apache.org/security/asf-httpoxy-response.txt + +--- server/util_script.c (revision 1752426) ++++ server/util_script.c (working copy) +@@ -186,6 +186,14 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r + else if (!strcasecmp(hdrs[i].key, "Content-length")) { + apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val); + } ++ /* HTTP_PROXY collides with a popular envvar used to configure ++ * proxies, don't let clients set/override it. But, if you must... ++ */ ++#ifndef SECURITY_HOLE_PASS_PROXY ++ else if (!strcasecmp(hdrs[i].key, "Proxy")) { ++ ; ++ } ++#endif + /* + * You really don't want to disable this check, since it leaves you + * wide open to CGIs stealing passwords and people viewing them diff --git a/www-servers/apache/files/apache.conf b/www-servers/apache/files/apache.conf new file mode 100644 index 000000000000..56e23aefaf8e --- /dev/null +++ b/www-servers/apache/files/apache.conf @@ -0,0 +1,2 @@ +d /run/apache2 710 root apache +d /run/apache_ssl_mutex diff --git a/www-servers/apache/files/apache2.2-hardened.service b/www-servers/apache/files/apache2.2-hardened.service new file mode 100644 index 000000000000..7a512a733e72 --- /dev/null +++ b/www-servers/apache/files/apache2.2-hardened.service @@ -0,0 +1,27 @@ +[Unit] +Description=The Apache HTTP Server +After=network.target remote-fs.target nss-lookup.target + +[Service] +EnvironmentFile=/etc/conf.d/apache2 +ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND +ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful +ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop +# We want systemd to give httpd some time to finish gracefully, but still want +# it to kill httpd after TimeoutStopSec if something went wrong during the +# graceful stop. Normally, Systemd sends SIGTERM signal right after the +# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give +# httpd time to finish. +KillSignal=SIGCONT +PrivateTmp=true +#Hardening +PrivateTmp=true +CapabilityBoundingSet=CAP_CHOWN CAP_SETGID CAP_SETUID CAP_DAC_OVERRIDE CAP_KILL CAP_NET_BIND_SERVICE CAP_IPC_LOCK +SecureBits=noroot-locked +ProtectSystem=full +NoNewPrivileges=true +PrivateDevices=true +MemoryDenyWriteExecute=true + +[Install] +WantedBy=multi-user.target diff --git a/www-servers/apache/files/apache2.2.service b/www-servers/apache/files/apache2.2.service new file mode 100644 index 000000000000..76f783a423b9 --- /dev/null +++ b/www-servers/apache/files/apache2.2.service @@ -0,0 +1,19 @@ +[Unit] +Description=The Apache HTTP Server +After=network.target remote-fs.target nss-lookup.target + +[Service] +EnvironmentFile=/etc/conf.d/apache2 +ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND +ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful +ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop +# We want systemd to give httpd some time to finish gracefully, but still want +# it to kill httpd after TimeoutStopSec if something went wrong during the +# graceful stop. Normally, Systemd sends SIGTERM signal right after the +# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give +# httpd time to finish. +KillSignal=SIGCONT +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/www-servers/apache/metadata.xml b/www-servers/apache/metadata.xml new file mode 100644 index 000000000000..631209d0e12f --- /dev/null +++ b/www-servers/apache/metadata.xml @@ -0,0 +1,39 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>polynomial-c@gentoo.org</email> + <name>Lars Wendler</name> + </maintainer> + <longdescription> + The Apache HTTP Server Project is an effort to develop and maintain an + open-source HTTP server for modern operating systems. The goal of this + project is to provide a secure, efficient and extensible server that + provides HTTP services in sync with the current HTTP standards. + </longdescription> + <use> + <flag name="suexec">Install suexec with apache</flag> + <flag name="static">Link in apache2 modules statically rather then plugins</flag> + <flag name="apache2_modules_access_compat">Group authorizations based on host (name or IP address). Available as a compatibility module with previous versions.</flag> + <flag name="apache2_modules_authn_core">Provides core authentication capabilities common to all authentication providers (functionality provided by authn_alias in previous versions).</flag> + <flag name="apache2_modules_authz_core">Provides core authorization capabilities to various authorization/authorization modules, such as authn_file and authz_user.</flag> + <flag name="apache2_modules_authz_dbd">Provides authorization capabilities via SQL database so that authenticated users can be allowed or denied access to portions of the web site by group membership.</flag> + <flag name="apache2_modules_cache_disk">Disk based storage module for the HTTP caching filter (similar to mem_cache in previous versions).</flag> + <flag name="apache2_modules_cache_socache">Shared object cache (socache) based storage module for the HTTP caching filter.</flag> + <flag name="apache2_modules_proxy_html">Module to rewrite links in html pages behind a reverse proxy</flag> + <flag name="apache2_modules_http2">Enable http2/alpn module</flag> + <flag name="apache2_modules_lbmethod_byrequests">Request counting load balancer scheduler algorithm for proxy_balancer.</flag> + <flag name="apache2_modules_lbmethod_bytraffic">Weighted traffic counting load balancer scheduler algorithm for proxy_balancer.</flag> + <flag name="apache2_modules_lbmethod_bybusyness">Pending request counting load balancer scheduler algorithm for proxy_balancer.</flag> + <flag name="apache2_modules_lbmethod_heartbeat">Heartbeat traffic counting load balancer scheduler algorithm for proxy_balancer.</flag> + <flag name="apache2_modules_macro">Macros for the Apache config file.</flag> + <flag name="apache2_modules_slotmem_shm">Slot-based shared memory provider.</flag> + <flag name="apache2_modules_socache_shmcb">A shared object cache provider using a high-performance cyclic buffer inside a shared memory segment.</flag> + <flag name="apache2_modules_unixd">Basic (required) security for Unix-family platforms.</flag> + <flag name="apache2_modules_proxy_fcgi">FCGI support module for mod_proxy.</flag> + <flag name="apache2_modules_proxy_wstunnel">Provides support for the tunnelling of web socket connections to a backend websockets server.</flag> + <flag name="apache2_modules_ratelimit">Ratelimit module for transfer rate management</flag> + <flag name="apache2_modules_remoteip">Remotip module for logging</flag> + <flag name="apache2_modules_xml2enc">Enable xml2 encoding module</flag> + </use> +</pkgmetadata> |