diff options
author | Paul Eggleton <paul.eggleton@linux.intel.com> | 2012-07-17 11:27:39 +0100 |
---|---|---|
committer | Paul Eggleton <paul.eggleton@linux.intel.com> | 2012-10-03 14:36:16 +0100 |
commit | 25ba859ab6ca18fb0391802a39300c408ab13420 (patch) | |
tree | 3d6b419afc8fffb8142b71ec943da9a312c39859 /meta-webserver/recipes-httpd/apache2 | |
parent | 520d3a14c999c52f30bb4e25c8f68e75a49663a7 (diff) | |
download | meta-openembedded-25ba859ab6ca18fb0391802a39300c408ab13420.tar.gz |
apache2: add from OE-Classic, update to version 2.4.2 and fix
* Enable threading for PHP
* Backport a number of patches
* Use apachectl in init script
* Install modules into a sane location
* Ensure apxs script is installed into sysroot in crossscripts directory
and modified so that it works for building PHP
* Install httpd executable for native version so that PHP configure
script can call it
* Rename server-makefile-patch to server-makefile.patch and drop
apply=yes
* Add LIC_FILES_CHKSUM
* Fix packaging QA warnings
* Add LSB headers to init script
* Clean out some cruft and move packaging stuff after do_install
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Diffstat (limited to 'meta-webserver/recipes-httpd/apache2')
16 files changed, 1405 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-configure_perlbin.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-configure_perlbin.patch new file mode 100644 index 000000000..baa739fd4 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-configure_perlbin.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | # Author: echo <fei.geng@windriver.com> | ||
2 | # Date: April 28 2009 | ||
3 | # Summary:Fix perl install directory to /usr/bin | ||
4 | # | ||
5 | # Upstream-Status: Inappropriate [configuration] | ||
6 | |||
7 | --- a/configure | ||
8 | +++ b/configure | ||
9 | @@ -22365,13 +22365,7 @@ | ||
10 | #define APACHE_MPM_DIR "$MPM_DIR" | ||
11 | _ACEOF | ||
12 | |||
13 | - | ||
14 | -perlbin=`$ac_aux_dir/PrintPath perl` | ||
15 | -if test "x$perlbin" = "x"; then | ||
16 | - perlbin="/replace/with/path/to/perl/interpreter" | ||
17 | -fi | ||
18 | - | ||
19 | - | ||
20 | +perlbin='/usr/bin/perl' | ||
21 | |||
22 | BSD_MAKEFILE=no | ||
23 | ap_make_include=include | ||
24 | --- a/configure.in | ||
25 | +++ b/configure.in | ||
26 | @@ -638,10 +638,7 @@ | ||
27 | AC_DEFINE_UNQUOTED(APACHE_MPM_DIR, "$MPM_DIR", | ||
28 | [Location of the source for the current MPM]) | ||
29 | |||
30 | -perlbin=`$ac_aux_dir/PrintPath perl` | ||
31 | -if test "x$perlbin" = "x"; then | ||
32 | - perlbin="/replace/with/path/to/perl/interpreter" | ||
33 | -fi | ||
34 | +perlbin='/usr/bin/perl' | ||
35 | AC_SUBST(perlbin) | ||
36 | |||
37 | dnl If we are running on BSD/OS, we need to use the BSD .include syntax. | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-ssl-ltmain-rpath.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-ssl-ltmain-rpath.patch new file mode 100644 index 000000000..3a59fb079 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/apache-ssl-ltmain-rpath.patch | |||
@@ -0,0 +1,76 @@ | |||
1 | --- httpd-2.2.8.orig/build/ltmain.sh | ||
2 | +++ httpd-2.2.8/build/ltmain.sh | ||
3 | @@ -1515,7 +1515,7 @@ EOF | ||
4 | dir=`$echo "X$arg" | $Xsed -e 's/^-L//'` | ||
5 | # We need an absolute path. | ||
6 | case $dir in | ||
7 | - [\\/]* | [A-Za-z]:[\\/]*) ;; | ||
8 | + =* | [\\/]* | [A-Za-z]:[\\/]*) ;; | ||
9 | *) | ||
10 | absdir=`cd "$dir" && pwd` | ||
11 | if test -z "$absdir"; then | ||
12 | @@ -2558,7 +2558,7 @@ EOF | ||
13 | $echo "*** $linklib is not portable!" | ||
14 | fi | ||
15 | if test "$linkmode" = lib && | ||
16 | - test "$hardcode_into_libs" = yes; then | ||
17 | + test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then | ||
18 | # Hardcode the library path. | ||
19 | # Skip directories that are in the system default run-time | ||
20 | # search path. | ||
21 | @@ -2832,7 +2832,7 @@ EOF | ||
22 | |||
23 | if test "$linkmode" = lib; then | ||
24 | if test -n "$dependency_libs" && | ||
25 | - { test "$hardcode_into_libs" != yes || | ||
26 | + { test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" || | ||
27 | test "$build_old_libs" = yes || | ||
28 | test "$link_static" = yes; }; then | ||
29 | # Extract -R from dependency_libs | ||
30 | @@ -3426,7 +3426,8 @@ EOF | ||
31 | *) finalize_rpath="$finalize_rpath $libdir" ;; | ||
32 | esac | ||
33 | done | ||
34 | - if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then | ||
35 | + if test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" || | ||
36 | + test "$build_old_libs" = yes; then | ||
37 | dependency_libs="$temp_xrpath $dependency_libs" | ||
38 | fi | ||
39 | fi | ||
40 | @@ -3843,7 +3844,7 @@ EOF | ||
41 | case $archive_cmds in | ||
42 | *\$LD\ *) wl= ;; | ||
43 | esac | ||
44 | - if test "$hardcode_into_libs" = yes; then | ||
45 | + if test "$hardcode_into_libs" = yes && test "x$wrs_use_rpaths" = "xyes" ; then | ||
46 | # Hardcode the library paths | ||
47 | hardcode_libdirs= | ||
48 | dep_rpath= | ||
49 | @@ -4397,6 +4398,27 @@ EOF | ||
50 | # Now hardcode the library paths | ||
51 | rpath= | ||
52 | hardcode_libdirs= | ||
53 | + | ||
54 | + # short circuit putting rpaths in executables | ||
55 | + # | ||
56 | + if test "x$wrs_use_rpaths" != "xyes" ; then | ||
57 | + flag= | ||
58 | + for libdir in $compile_rpath; do | ||
59 | + case $(echo $libdir | ${SED} 's,/[/]*,/,g') in | ||
60 | + /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; | ||
61 | + esac | ||
62 | + done | ||
63 | + compile_rpath="$flag" | ||
64 | + | ||
65 | + flag= | ||
66 | + for libdir in $finalize_rpath; do | ||
67 | + case $(echo $libdir | ${SED} 's,/[/]*,/,g') in | ||
68 | + /usr/lib/* | /usr/lib32/* | /usr/lib64/* ) flag="$flag $libdir" ;; | ||
69 | + esac | ||
70 | + done | ||
71 | + finalize_rpath="$flag" | ||
72 | + fi | ||
73 | + | ||
74 | for libdir in $compile_rpath $finalize_rpath; do | ||
75 | if test -n "$hardcode_libdir_flag_spec"; then | ||
76 | if test -n "$hardcode_libdir_separator"; then | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/fix-libtool-name.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/fix-libtool-name.patch new file mode 100644 index 000000000..027af04c3 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/fix-libtool-name.patch | |||
@@ -0,0 +1,55 @@ | |||
1 | Fix build scripts to use correct libtool filename | ||
2 | |||
3 | Upstream-Status: Inappropriate [configuration] | ||
4 | |||
5 | --- | ||
6 | httpd-2.4.2/build/config_vars.sh.in | 2 +- | ||
7 | httpd-2.4.2/configure | 2 +- | ||
8 | httpd-2.4.2/configure.in | 2 +- | ||
9 | httpd-2.4.2/support/apxs.in | 2 +- | ||
10 | 4 files changed, 4 insertions(+), 4 deletions(-) | ||
11 | |||
12 | --- a/build/config_vars.sh.in | ||
13 | +++ b/build/config_vars.sh.in | ||
14 | @@ -35,7 +35,7 @@ else | ||
15 | APU_CONFIG=@APU_CONFIG@ | ||
16 | fi | ||
17 | |||
18 | -APR_LIBTOOL="`${APR_CONFIG} --apr-libtool`" | ||
19 | +APR_LIBTOOL="`${APR_CONFIG} --apr-libtool | sed -e s,libtool,${host_alias}-libtool,`" | ||
20 | APR_INCLUDEDIR="`${APR_CONFIG} --includedir`" | ||
21 | test -n "@APU_CONFIG@" && APU_INCLUDEDIR="`${APU_CONFIG} --includedir`" | ||
22 | |||
23 | --- a/configure | ||
24 | +++ b/configure | ||
25 | @@ -6205,7 +6205,7 @@ case $host in | ||
26 | if test "x$LTFLAGS" = "x"; then | ||
27 | LTFLAGS='--silent' | ||
28 | fi | ||
29 | - my_libtool=`$apr_config --apr-libtool` | ||
30 | + my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,` | ||
31 | LIBTOOL="$my_libtool \$(LTFLAGS)" | ||
32 | libtoolversion=`$my_libtool --version` | ||
33 | case $libtoolversion in | ||
34 | --- a/configure.in | ||
35 | +++ b/configure.in | ||
36 | @@ -264,7 +264,7 @@ case $host in | ||
37 | if test "x$LTFLAGS" = "x"; then | ||
38 | LTFLAGS='--silent' | ||
39 | fi | ||
40 | - my_libtool=`$apr_config --apr-libtool` | ||
41 | + my_libtool=`$apr_config --apr-libtool | sed -e s,libtool,${host_alias}-libtool,` | ||
42 | LIBTOOL="$my_libtool \$(LTFLAGS)" | ||
43 | libtoolversion=`$my_libtool --version` | ||
44 | case $libtoolversion in | ||
45 | --- a/support/apxs.in | ||
46 | +++ b/support/apxs.in | ||
47 | @@ -352,7 +352,7 @@ if ($apr_major_version < 2) { | ||
48 | } | ||
49 | } | ||
50 | |||
51 | -my $libtool = `$apr_config --apr-libtool`; | ||
52 | +my $libtool = `$apr_config --apr-libtool| sed -e s,libtool,${host_alias}-libtool,`; | ||
53 | chomp($libtool); | ||
54 | |||
55 | my $apr_includedir = `$apr_config --includes`; | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-corelimit.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-corelimit.patch new file mode 100644 index 000000000..18e4107ec --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-corelimit.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | |||
2 | Bump up the core size limit if CoreDumpDirectory is | ||
3 | configured. | ||
4 | |||
5 | Upstream-Status: Pending | ||
6 | |||
7 | Note: upstreaming was discussed but there are competing desires; | ||
8 | there are portability oddities here too. | ||
9 | |||
10 | --- httpd-2.4.1/server/core.c.corelimit | ||
11 | +++ httpd-2.4.1/server/core.c | ||
12 | @@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t * | ||
13 | } | ||
14 | apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper, | ||
15 | apr_pool_cleanup_null); | ||
16 | + | ||
17 | +#ifdef RLIMIT_CORE | ||
18 | + if (ap_coredumpdir_configured) { | ||
19 | + struct rlimit lim; | ||
20 | + | ||
21 | + if (getrlimit(RLIMIT_CORE, &lim) == 0 && lim.rlim_cur == 0) { | ||
22 | + lim.rlim_cur = lim.rlim_max; | ||
23 | + if (setrlimit(RLIMIT_CORE, &lim) == 0) { | ||
24 | + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, | ||
25 | + "core dump file size limit raised to %lu bytes", | ||
26 | + lim.rlim_cur); | ||
27 | + } else { | ||
28 | + ap_log_error(APLOG_MARK, APLOG_NOTICE, errno, NULL, | ||
29 | + "core dump file size is zero, setrlimit failed"); | ||
30 | + } | ||
31 | + } | ||
32 | + } | ||
33 | +#endif | ||
34 | + | ||
35 | return OK; | ||
36 | } | ||
37 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-export.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-export.patch new file mode 100644 index 000000000..ed629bfc8 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-export.patch | |||
@@ -0,0 +1,22 @@ | |||
1 | |||
2 | There is no need to "suck in" the apr/apr-util symbols when using | ||
3 | a shared libapr{,util}, it just bloats the symbol table; so don't. | ||
4 | |||
5 | Upstream-HEAD: needed | ||
6 | Upstream-2.0: omit | ||
7 | Upstream-Status: Pending | ||
8 | |||
9 | Note: EXPORT_DIRS change is conditional on using shared apr | ||
10 | |||
11 | --- httpd-2.4.1/server/Makefile.in.export | ||
12 | +++ httpd-2.4.1/server/Makefile.in | ||
13 | @@ -57,9 +57,6 @@ export_files: | ||
14 | ( for dir in $(EXPORT_DIRS); do \ | ||
15 | ls $$dir/*.h ; \ | ||
16 | done; \ | ||
17 | - for dir in $(EXPORT_DIRS_APR); do \ | ||
18 | - ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \ | ||
19 | - done; \ | ||
20 | ) | sort -u > $@ | ||
21 | |||
22 | exports.c: export_files | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-selinux.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-selinux.patch new file mode 100644 index 000000000..873328d9b --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.1-selinux.patch | |||
@@ -0,0 +1,63 @@ | |||
1 | |||
2 | Log the SELinux context at startup. | ||
3 | |||
4 | Upstream-Status: Inappropriate [other] | ||
5 | |||
6 | Note: unlikely to be any interest in this upstream | ||
7 | |||
8 | --- httpd-2.4.1/configure.in.selinux | ||
9 | +++ httpd-2.4.1/configure.in | ||
10 | @@ -458,6 +458,11 @@ fopen64 | ||
11 | dnl confirm that a void pointer is large enough to store a long integer | ||
12 | APACHE_CHECK_VOID_PTR_LEN | ||
13 | |||
14 | +AC_CHECK_LIB(selinux, is_selinux_enabled, [ | ||
15 | + AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) | ||
16 | + APR_ADDTO(AP_LIBS, [-lselinux]) | ||
17 | +]) | ||
18 | + | ||
19 | AC_CACHE_CHECK([for gettid()], ac_cv_gettid, | ||
20 | [AC_TRY_RUN(#define _GNU_SOURCE | ||
21 | #include <unistd.h> | ||
22 | --- httpd-2.4.1/server/core.c.selinux | ||
23 | +++ httpd-2.4.1/server/core.c | ||
24 | @@ -58,6 +58,10 @@ | ||
25 | #include <unistd.h> | ||
26 | #endif | ||
27 | |||
28 | +#ifdef HAVE_SELINUX | ||
29 | +#include <selinux/selinux.h> | ||
30 | +#endif | ||
31 | + | ||
32 | /* LimitRequestBody handling */ | ||
33 | #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) | ||
34 | #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) | ||
35 | @@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t * | ||
36 | } | ||
37 | #endif | ||
38 | |||
39 | +#ifdef HAVE_SELINUX | ||
40 | + { | ||
41 | + static int already_warned = 0; | ||
42 | + int is_enabled = is_selinux_enabled() > 0; | ||
43 | + | ||
44 | + if (is_enabled && !already_warned) { | ||
45 | + security_context_t con; | ||
46 | + | ||
47 | + if (getcon(&con) == 0) { | ||
48 | + | ||
49 | + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, | ||
50 | + "SELinux policy enabled; " | ||
51 | + "httpd running as context %s", con); | ||
52 | + | ||
53 | + already_warned = 1; | ||
54 | + | ||
55 | + freecon(con); | ||
56 | + } | ||
57 | + } | ||
58 | + } | ||
59 | +#endif | ||
60 | + | ||
61 | return OK; | ||
62 | } | ||
63 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1326980+.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1326980+.patch new file mode 100644 index 000000000..98b226bf9 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1326980+.patch | |||
@@ -0,0 +1,74 @@ | |||
1 | |||
2 | * modules/loggers/mod_log_debug.c: Mark private globals as static. | ||
3 | http://svn.apache.org/viewvc?view=revision&revision=1326980 | ||
4 | |||
5 | * modules/filters/sed1.c: Mark private globals as static const. | ||
6 | (command): Change p3 pointer to const. | ||
7 | http://svn.apache.org/viewvc?view=revision&revision=1326984 | ||
8 | |||
9 | * modules/filters/config.m4: Prevent libsed internals from polluting | ||
10 | the global symbol namespace. | ||
11 | http://svn.apache.org/viewvc?view=revision&revision=1326991 | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | |||
15 | --- httpd-2.4.2/modules/loggers/mod_log_debug.c | ||
16 | +++ httpd-2.4.2/modules/loggers/mod_log_debug.c | ||
17 | @@ -35,8 +35,8 @@ | ||
18 | apr_array_header_t *entries; | ||
19 | } log_debug_dirconf; | ||
20 | |||
21 | -const char *allhooks = "all"; | ||
22 | -const char * const hooks[] = { | ||
23 | +static const char *allhooks = "all"; | ||
24 | +static const char * const hooks[] = { | ||
25 | "log_transaction", /* 0 */ | ||
26 | "quick_handler", /* 1 */ | ||
27 | "handler", /* 2 */ | ||
28 | --- httpd-2.4.2/modules/filters/sed1.c | ||
29 | +++ httpd-2.4.2/modules/filters/sed1.c | ||
30 | @@ -25,7 +25,7 @@ | ||
31 | #include "apr_strings.h" | ||
32 | #include "regexp.h" | ||
33 | |||
34 | -char *trans[040] = { | ||
35 | +static const char *const trans[040] = { | ||
36 | "\\01", | ||
37 | "\\02", | ||
38 | "\\03", | ||
39 | @@ -58,7 +58,7 @@ | ||
40 | "\\36", | ||
41 | "\\37" | ||
42 | }; | ||
43 | -char rub[] = {"\\177"}; | ||
44 | +static const char rub[] = {"\\177"}; | ||
45 | |||
46 | extern int sed_step(char *p1, char *p2, int circf, step_vars_storage *vars); | ||
47 | static int substitute(sed_eval_t *eval, sed_reptr_t *ipc, | ||
48 | @@ -692,7 +692,8 @@ | ||
49 | step_vars_storage *step_vars) | ||
50 | { | ||
51 | int i; | ||
52 | - char *p1, *p2, *p3; | ||
53 | + char *p1, *p2; | ||
54 | + const char *p3; | ||
55 | int length; | ||
56 | char sz[32]; /* 32 bytes enough to store 64 bit integer in decimal */ | ||
57 | apr_status_t rv = APR_SUCCESS; | ||
58 | --- httpd-2.4.2/modules/filters/config.m4 | ||
59 | +++ httpd-2.4.2/modules/filters/config.m4 | ||
60 | @@ -16,7 +16,13 @@ | ||
61 | APACHE_MODULE(substitute, response content rewrite-like filtering, , , most) | ||
62 | |||
63 | sed_obj="mod_sed.lo sed0.lo sed1.lo regexp.lo" | ||
64 | -APACHE_MODULE(sed, filter request and/or response bodies through sed, $sed_obj, , most) | ||
65 | +APACHE_MODULE(sed, filter request and/or response bodies through sed, $sed_obj, , most, [ | ||
66 | + if test "x$enable_sed" = "xshared"; then | ||
67 | + # The only symbol which needs to be exported is the module | ||
68 | + # structure, so ask libtool to hide libsed internals: | ||
69 | + APR_ADDTO(MOD_SED_LDADD, [-export-symbols-regex sed_module]) | ||
70 | + fi | ||
71 | +]) | ||
72 | |||
73 | if test "$ac_cv_ebcdic" = "yes"; then | ||
74 | # mod_charset_lite can be very useful on an ebcdic system, | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch new file mode 100644 index 000000000..57b5155c3 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch | |||
@@ -0,0 +1,87 @@ | |||
1 | |||
2 | * server/mpm_unix.c (dummy_connection): Use a TLS 1.0 close_notify | ||
3 | alert if the chosen listener is configured for https; not perfect | ||
4 | but better than sending an HTTP request. Adjust comments. | ||
5 | http://svn.apache.org/viewvc?view=revision&revision=1327036 | ||
6 | |||
7 | * server/mpm_unix.c (dummy_connection): Fix spello. | ||
8 | http://svn.apache.org/viewvc?view=revision&revision=1327080 | ||
9 | |||
10 | Upstream-Status: Backport | ||
11 | |||
12 | --- httpd-2.4.2/server/mpm_unix.c | ||
13 | +++ httpd-2.4.2/server/mpm_unix.c | ||
14 | @@ -501,14 +501,14 @@ | ||
15 | return rv; | ||
16 | } | ||
17 | |||
18 | -/* This function connects to the server, then immediately closes the connection. | ||
19 | - * This permits the MPM to skip the poll when there is only one listening | ||
20 | - * socket, because it provides a alternate way to unblock an accept() when | ||
21 | - * the pod is used. | ||
22 | - */ | ||
23 | +/* This function connects to the server and sends enough data to | ||
24 | + * ensure the child wakes up and processes a new connection. This | ||
25 | + * permits the MPM to skip the poll when there is only one listening | ||
26 | + * socket, because it provides a alternate way to unblock an accept() | ||
27 | + * when the pod is used. */ | ||
28 | static apr_status_t dummy_connection(ap_pod_t *pod) | ||
29 | { | ||
30 | - char *srequest; | ||
31 | + const char *data; | ||
32 | apr_status_t rv; | ||
33 | apr_socket_t *sock; | ||
34 | apr_pool_t *p; | ||
35 | @@ -574,24 +574,37 @@ | ||
36 | return rv; | ||
37 | } | ||
38 | |||
39 | - /* Create the request string. We include a User-Agent so that | ||
40 | - * adminstrators can track down the cause of the odd-looking | ||
41 | - * requests in their logs. | ||
42 | - */ | ||
43 | - srequest = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ", | ||
44 | + if (lp->protocol && strcasecmp(lp->protocol, "https") == 0) { | ||
45 | + /* Send a TLS 1.0 close_notify alert. This is perhaps the | ||
46 | + * "least wrong" way to open and cleanly terminate an SSL | ||
47 | + * connection. It should "work" without noisy error logs if | ||
48 | + * the server actually expects SSLv3/TLSv1. With | ||
49 | + * SSLv23_server_method() OpenSSL's SSL_accept() fails | ||
50 | + * ungracefully on receipt of this message, since it requires | ||
51 | + * an 11-byte ClientHello message and this is too short. */ | ||
52 | + static const unsigned char tls10_close_notify[7] = { | ||
53 | + '\x15', /* TLSPlainText.type = Alert (21) */ | ||
54 | + '\x03', '\x01', /* TLSPlainText.version = {3, 1} */ | ||
55 | + '\x00', '\x02', /* TLSPlainText.length = 2 */ | ||
56 | + '\x01', /* Alert.level = warning (1) */ | ||
57 | + '\x00' /* Alert.description = close_notify (0) */ | ||
58 | + }; | ||
59 | + data = (const char *)tls10_close_notify; | ||
60 | + len = sizeof(tls10_close_notify); | ||
61 | + } | ||
62 | + else /* ... XXX other request types here? */ { | ||
63 | + /* Create an HTTP request string. We include a User-Agent so | ||
64 | + * that adminstrators can track down the cause of the | ||
65 | + * odd-looking requests in their logs. A complete request is | ||
66 | + * used since kernel-level filtering may require that much | ||
67 | + * data before returning from accept(). */ | ||
68 | + data = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ", | ||
69 | ap_get_server_description(), | ||
70 | " (internal dummy connection)\r\n\r\n", NULL); | ||
71 | + len = strlen(data); | ||
72 | + } | ||
73 | |||
74 | - /* Since some operating systems support buffering of data or entire | ||
75 | - * requests in the kernel, we send a simple request, to make sure | ||
76 | - * the server pops out of a blocking accept(). | ||
77 | - */ | ||
78 | - /* XXX: This is HTTP specific. We should look at the Protocol for each | ||
79 | - * listener, and send the correct type of request to trigger any Accept | ||
80 | - * Filters. | ||
81 | - */ | ||
82 | - len = strlen(srequest); | ||
83 | - apr_socket_send(sock, srequest, &len); | ||
84 | + apr_socket_send(sock, data, &len); | ||
85 | apr_socket_close(sock); | ||
86 | apr_pool_destroy(p); | ||
87 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1332643.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1332643.patch new file mode 100644 index 000000000..16fd7d75b --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1332643.patch | |||
@@ -0,0 +1,260 @@ | |||
1 | Add support for TLS Next Protocol Negotiation: | ||
2 | |||
3 | * modules/ssl/mod_ssl.c, modules/ssl/mod_ssl.h: Add and implement new | ||
4 | hooks for next protocol advertisement/discovery. | ||
5 | |||
6 | * modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Enable | ||
7 | NPN advertisement callback in handshake. | ||
8 | |||
9 | * modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Invoke | ||
10 | next-protocol discovery hook. | ||
11 | |||
12 | * modules/ssl/ssl_engine_kernel.c (ssl_callback_AdvertiseNextProtos): | ||
13 | New callback. | ||
14 | |||
15 | * modules/ssl/ssl_private.h: Add prototype. | ||
16 | |||
17 | Submitted by: Matthew Steele <mdsteele google.com> | ||
18 | with slight tweaks by jorton | ||
19 | |||
20 | https://bugzilla.redhat.com//show_bug.cgi?id=809599 | ||
21 | |||
22 | http://svn.apache.org/viewvc?view=revision&revision=1332643 | ||
23 | |||
24 | Upstream-Status: Backport | ||
25 | |||
26 | --- httpd-2.4.2/modules/ssl/ssl_private.h | ||
27 | +++ httpd-2.4.2/modules/ssl/ssl_private.h | ||
28 | @@ -139,6 +139,11 @@ | ||
29 | #define HAVE_FIPS | ||
30 | #endif | ||
31 | |||
32 | +#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \ | ||
33 | + && !defined(OPENSSL_NO_TLSEXT) | ||
34 | +#define HAVE_TLS_NPN | ||
35 | +#endif | ||
36 | + | ||
37 | #if (OPENSSL_VERSION_NUMBER >= 0x10000000) | ||
38 | #define MODSSL_SSL_CIPHER_CONST const | ||
39 | #define MODSSL_SSL_METHOD_CONST const | ||
40 | @@ -811,6 +816,7 @@ | ||
41 | int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, | ||
42 | EVP_CIPHER_CTX *, HMAC_CTX *, int); | ||
43 | #endif | ||
44 | +int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); | ||
45 | |||
46 | /** Session Cache Support */ | ||
47 | void ssl_scache_init(server_rec *, apr_pool_t *); | ||
48 | --- httpd-2.4.2/modules/ssl/mod_ssl.c | ||
49 | +++ httpd-2.4.2/modules/ssl/mod_ssl.c | ||
50 | @@ -260,6 +260,18 @@ | ||
51 | AP_END_CMD | ||
52 | }; | ||
53 | |||
54 | +/* Implement 'modssl_run_npn_advertise_protos_hook'. */ | ||
55 | +APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( | ||
56 | + modssl, AP, int, npn_advertise_protos_hook, | ||
57 | + (conn_rec *connection, apr_array_header_t *protos), | ||
58 | + (connection, protos), OK, DECLINED); | ||
59 | + | ||
60 | +/* Implement 'modssl_run_npn_proto_negotiated_hook'. */ | ||
61 | +APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( | ||
62 | + modssl, AP, int, npn_proto_negotiated_hook, | ||
63 | + (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len), | ||
64 | + (connection, proto_name, proto_name_len), OK, DECLINED); | ||
65 | + | ||
66 | /* | ||
67 | * the various processing hooks | ||
68 | */ | ||
69 | --- httpd-2.4.2/modules/ssl/mod_ssl.h | ||
70 | +++ httpd-2.4.2/modules/ssl/mod_ssl.h | ||
71 | @@ -63,5 +63,26 @@ | ||
72 | |||
73 | APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); | ||
74 | |||
75 | +/** The npn_advertise_protos optional hook allows other modules to add entries | ||
76 | + * to the list of protocol names advertised by the server during the Next | ||
77 | + * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is | ||
78 | + * given the connection and an APR array; it should push one or more char*'s | ||
79 | + * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto | ||
80 | + * the array and return OK, or do nothing and return DECLINED. */ | ||
81 | +APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook, | ||
82 | + (conn_rec *connection, apr_array_header_t *protos)); | ||
83 | + | ||
84 | +/** The npn_proto_negotiated optional hook allows other modules to discover the | ||
85 | + * name of the protocol that was chosen during the Next Protocol Negotiation | ||
86 | + * (NPN) portion of the SSL handshake. Note that this may be the empty string | ||
87 | + * (in which case modules should probably assume HTTP), or it may be a protocol | ||
88 | + * that was never even advertised by the server. The hook callee is given the | ||
89 | + * connection, a non-null-terminated string containing the protocol name, and | ||
90 | + * the length of the string; it should do something appropriate (i.e. insert or | ||
91 | + * remove filters) and return OK, or do nothing and return DECLINED. */ | ||
92 | +APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook, | ||
93 | + (conn_rec *connection, const char *proto_name, | ||
94 | + apr_size_t proto_name_len)); | ||
95 | + | ||
96 | #endif /* __MOD_SSL_H__ */ | ||
97 | /** @} */ | ||
98 | --- httpd-2.4.2/modules/ssl/ssl_engine_init.c | ||
99 | +++ httpd-2.4.2/modules/ssl/ssl_engine_init.c | ||
100 | @@ -681,6 +681,11 @@ | ||
101 | #endif | ||
102 | |||
103 | SSL_CTX_set_info_callback(ctx, ssl_callback_Info); | ||
104 | + | ||
105 | +#ifdef HAVE_TLS_NPN | ||
106 | + SSL_CTX_set_next_protos_advertised_cb( | ||
107 | + ctx, ssl_callback_AdvertiseNextProtos, NULL); | ||
108 | +#endif | ||
109 | } | ||
110 | |||
111 | static void ssl_init_ctx_verify(server_rec *s, | ||
112 | --- httpd-2.4.2/modules/ssl/ssl_engine_io.c | ||
113 | +++ httpd-2.4.2/modules/ssl/ssl_engine_io.c | ||
114 | @@ -28,6 +28,7 @@ | ||
115 | core keeps dumping.'' | ||
116 | -- Unknown */ | ||
117 | #include "ssl_private.h" | ||
118 | +#include "mod_ssl.h" | ||
119 | #include "apr_date.h" | ||
120 | |||
121 | /* _________________________________________________________________ | ||
122 | @@ -297,6 +298,7 @@ | ||
123 | apr_pool_t *pool; | ||
124 | char buffer[AP_IOBUFSIZE]; | ||
125 | ssl_filter_ctx_t *filter_ctx; | ||
126 | + int npn_finished; /* 1 if NPN has finished, 0 otherwise */ | ||
127 | } bio_filter_in_ctx_t; | ||
128 | |||
129 | /* | ||
130 | @@ -1374,6 +1376,27 @@ | ||
131 | APR_BRIGADE_INSERT_TAIL(bb, bucket); | ||
132 | } | ||
133 | |||
134 | +#ifdef HAVE_TLS_NPN | ||
135 | + /* By this point, Next Protocol Negotiation (NPN) should be completed (if | ||
136 | + * our version of OpenSSL supports it). If we haven't already, find out | ||
137 | + * which protocol was decided upon and inform other modules by calling | ||
138 | + * npn_proto_negotiated_hook. */ | ||
139 | + if (!inctx->npn_finished) { | ||
140 | + const unsigned char *next_proto = NULL; | ||
141 | + unsigned next_proto_len = 0; | ||
142 | + | ||
143 | + SSL_get0_next_proto_negotiated( | ||
144 | + inctx->ssl, &next_proto, &next_proto_len); | ||
145 | + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c, | ||
146 | + "SSL NPN negotiated protocol: '%s'", | ||
147 | + apr_pstrmemdup(f->c->pool, (const char*)next_proto, | ||
148 | + next_proto_len)); | ||
149 | + modssl_run_npn_proto_negotiated_hook( | ||
150 | + f->c, (const char*)next_proto, next_proto_len); | ||
151 | + inctx->npn_finished = 1; | ||
152 | + } | ||
153 | +#endif | ||
154 | + | ||
155 | return APR_SUCCESS; | ||
156 | } | ||
157 | |||
158 | @@ -1855,6 +1878,7 @@ | ||
159 | inctx->block = APR_BLOCK_READ; | ||
160 | inctx->pool = c->pool; | ||
161 | inctx->filter_ctx = filter_ctx; | ||
162 | + inctx->npn_finished = 0; | ||
163 | } | ||
164 | |||
165 | /* The request_rec pointer is passed in here only to ensure that the | ||
166 | --- httpd-2.4.2/modules/ssl/ssl_engine_kernel.c | ||
167 | +++ httpd-2.4.2/modules/ssl/ssl_engine_kernel.c | ||
168 | @@ -29,6 +29,7 @@ | ||
169 | time I was too famous.'' | ||
170 | -- Unknown */ | ||
171 | #include "ssl_private.h" | ||
172 | +#include "mod_ssl.h" | ||
173 | #include "util_md5.h" | ||
174 | |||
175 | static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); | ||
176 | @@ -2143,3 +2144,84 @@ | ||
177 | return -1; | ||
178 | } | ||
179 | #endif | ||
180 | + | ||
181 | +#ifdef HAVE_TLS_NPN | ||
182 | +/* | ||
183 | + * This callback function is executed when SSL needs to decide what protocols | ||
184 | + * to advertise during Next Protocol Negotiation (NPN). It must produce a | ||
185 | + * string in wire format -- a sequence of length-prefixed strings -- indicating | ||
186 | + * the advertised protocols. Refer to SSL_CTX_set_next_protos_advertised_cb | ||
187 | + * in OpenSSL for reference. | ||
188 | + */ | ||
189 | +int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out, | ||
190 | + unsigned int *size_out, void *arg) | ||
191 | +{ | ||
192 | + conn_rec *c = (conn_rec*)SSL_get_app_data(ssl); | ||
193 | + apr_array_header_t *protos; | ||
194 | + int num_protos; | ||
195 | + unsigned int size; | ||
196 | + int i; | ||
197 | + unsigned char *data; | ||
198 | + unsigned char *start; | ||
199 | + | ||
200 | + *data_out = NULL; | ||
201 | + *size_out = 0; | ||
202 | + | ||
203 | + /* If the connection object is not available, then there's nothing for us | ||
204 | + * to do. */ | ||
205 | + if (c == NULL) { | ||
206 | + return SSL_TLSEXT_ERR_OK; | ||
207 | + } | ||
208 | + | ||
209 | + /* Invoke our npn_advertise_protos hook, giving other modules a chance to | ||
210 | + * add alternate protocol names to advertise. */ | ||
211 | + protos = apr_array_make(c->pool, 0, sizeof(char*)); | ||
212 | + modssl_run_npn_advertise_protos_hook(c, protos); | ||
213 | + num_protos = protos->nelts; | ||
214 | + | ||
215 | + /* We now have a list of null-terminated strings; we need to concatenate | ||
216 | + * them together into a single string, where each protocol name is prefixed | ||
217 | + * by its length. First, calculate how long that string will be. */ | ||
218 | + size = 0; | ||
219 | + for (i = 0; i < num_protos; ++i) { | ||
220 | + const char *string = APR_ARRAY_IDX(protos, i, const char*); | ||
221 | + unsigned int length = strlen(string); | ||
222 | + /* If the protocol name is too long (the length must fit in one byte), | ||
223 | + * then log an error and skip it. */ | ||
224 | + if (length > 255) { | ||
225 | + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, | ||
226 | + "SSL NPN protocol name too long (length=%u): %s", | ||
227 | + length, string); | ||
228 | + continue; | ||
229 | + } | ||
230 | + /* Leave room for the length prefix (one byte) plus the protocol name | ||
231 | + * itself. */ | ||
232 | + size += 1 + length; | ||
233 | + } | ||
234 | + | ||
235 | + /* If there is nothing to advertise (either because no modules added | ||
236 | + * anything to the protos array, or because all strings added to the array | ||
237 | + * were skipped), then we're done. */ | ||
238 | + if (size == 0) { | ||
239 | + return SSL_TLSEXT_ERR_OK; | ||
240 | + } | ||
241 | + | ||
242 | + /* Now we can build the string. Copy each protocol name string into the | ||
243 | + * larger string, prefixed by its length. */ | ||
244 | + data = apr_palloc(c->pool, size * sizeof(unsigned char)); | ||
245 | + start = data; | ||
246 | + for (i = 0; i < num_protos; ++i) { | ||
247 | + const char *string = APR_ARRAY_IDX(protos, i, const char*); | ||
248 | + apr_size_t length = strlen(string); | ||
249 | + *start = (unsigned char)length; | ||
250 | + ++start; | ||
251 | + memcpy(start, string, length * sizeof(unsigned char)); | ||
252 | + start += length; | ||
253 | + } | ||
254 | + | ||
255 | + /* Success. */ | ||
256 | + *data_out = data; | ||
257 | + *size_out = size; | ||
258 | + return SSL_TLSEXT_ERR_OK; | ||
259 | +} | ||
260 | +#endif | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1337344+.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1337344+.patch new file mode 100644 index 000000000..646976a0f --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1337344+.patch | |||
@@ -0,0 +1,350 @@ | |||
1 | |||
2 | * support/suexec.c: Add gcc format-string attributes to logging | ||
3 | functions. | ||
4 | (main): Always print uid/gid as unsigned long, and cast to avoid | ||
5 | warnings (which somewhat defeats the point of the format string | ||
6 | attrs, but is necessary since the size of gid/uid varies). | ||
7 | http://svn.apache.org/viewvc?view=revision&revision=1337344 | ||
8 | |||
9 | |||
10 | |||
11 | suexec: Add support for logging to syslog as an alternative to a | ||
12 | logfile. | ||
13 | |||
14 | * support/suexec.c (err_output) [AP_LOG_SYSLOG]: Log to syslog. | ||
15 | (main): Close syslog fd if open, before execv. Add -V output | ||
16 | for AP_LOG_SYSLOG. | ||
17 | |||
18 | * configure.in: Add --with-suexec-syslog argument; allow | ||
19 | --without-suexec-logfile to omit definition of AP_LOG_EXEC. | ||
20 | |||
21 | http://svn.apache.org/viewvc?view=revision&revision=1341905 | ||
22 | |||
23 | |||
24 | |||
25 | suexec: Support use of setgid/setuid capability bits on Linux, a | ||
26 | weaker set of privileges than the full setuid/setgid root binary. | ||
27 | |||
28 | * configure.in: Add --enable-suexec-capabilites flag. | ||
29 | |||
30 | * Makefile.in: If configured, use setcap instead of chmod 7555 on | ||
31 | installed suexec binary. | ||
32 | |||
33 | * modules/arch/unix/mod_unixd.c (unixd_pre_config): Drop test for | ||
34 | setuid bit if capability bits are used. | ||
35 | |||
36 | * docs/manual/: Add docs. | ||
37 | |||
38 | http://svn.apache.org/viewvc?view=revision&revision=1342065 | ||
39 | |||
40 | |||
41 | |||
42 | * docs/manual/suexec.html.en: Update for syslog logging. | ||
43 | |||
44 | http://svn.apache.org/viewvc?view=revision&revision=1341930 | ||
45 | |||
46 | |||
47 | |||
48 | Upstream-Status: Backport | ||
49 | |||
50 | --- httpd-2.4.2/configure.in.r1337344+ | ||
51 | +++ httpd-2.4.2/configure.in | ||
52 | @@ -700,7 +700,24 @@ APACHE_HELP_STRING(--with-suexec-gidmin, | ||
53 | |||
54 | AC_ARG_WITH(suexec-logfile, | ||
55 | APACHE_HELP_STRING(--with-suexec-logfile,Set the logfile),[ | ||
56 | - AC_DEFINE_UNQUOTED(AP_LOG_EXEC, "$withval", [SuExec log file] ) ] ) | ||
57 | + if test "x$withval" = "xyes"; then | ||
58 | + AC_DEFINE_UNQUOTED(AP_LOG_EXEC, "$withval", [SuExec log file]) | ||
59 | + fi | ||
60 | +]) | ||
61 | + | ||
62 | +AC_ARG_WITH(suexec-syslog, | ||
63 | +APACHE_HELP_STRING(--with-suexec-syslog,Set the logfile),[ | ||
64 | + if test $withval = "yes"; then | ||
65 | + if test "x${with_suexec_logfile}" != "xno"; then | ||
66 | + AC_MSG_NOTICE([hint: use "--without-suexec-logfile --with-suexec-syslog"]) | ||
67 | + AC_MSG_ERROR([suexec does not support both logging to file and syslog]) | ||
68 | + fi | ||
69 | + AC_CHECK_FUNCS([vsyslog], [], [ | ||
70 | + AC_MSG_ERROR([cannot support syslog from suexec without vsyslog()])]) | ||
71 | + AC_DEFINE(AP_LOG_SYSLOG, 1, [SuExec log to syslog]) | ||
72 | + fi | ||
73 | +]) | ||
74 | + | ||
75 | |||
76 | AC_ARG_WITH(suexec-safepath, | ||
77 | APACHE_HELP_STRING(--with-suexec-safepath,Set the safepath),[ | ||
78 | @@ -710,6 +727,15 @@ AC_ARG_WITH(suexec-umask, | ||
79 | APACHE_HELP_STRING(--with-suexec-umask,umask for suexec'd process),[ | ||
80 | AC_DEFINE_UNQUOTED(AP_SUEXEC_UMASK, 0$withval, [umask for suexec'd process] ) ] ) | ||
81 | |||
82 | +INSTALL_SUEXEC=setuid | ||
83 | +AC_ARG_ENABLE([suexec-capabilities], | ||
84 | +APACHE_HELP_STRING(--enable-suexec-capabilities,Use Linux capability bits not setuid root suexec), [ | ||
85 | +INSTALL_SUEXEC=caps | ||
86 | +AC_DEFINE(AP_SUEXEC_CAPABILITIES, 1, | ||
87 | + [Enable if suexec is installed with Linux capabilities, not setuid]) | ||
88 | +]) | ||
89 | +APACHE_SUBST(INSTALL_SUEXEC) | ||
90 | + | ||
91 | dnl APR should go after the other libs, so the right symbols can be picked up | ||
92 | if test x${apu_found} != xobsolete; then | ||
93 | AP_LIBS="$AP_LIBS `$apu_config --avoid-ldap --link-libtool`" | ||
94 | --- httpd-2.4.2/docs/manual/suexec.html.en.r1337344+ | ||
95 | +++ httpd-2.4.2/docs/manual/suexec.html.en | ||
96 | @@ -369,6 +369,21 @@ | ||
97 | together with the <code>--enable-suexec</code> option to let | ||
98 | APACI accept your request for using the suEXEC feature.</dd> | ||
99 | |||
100 | + <dt><code>--enable-suexec-capabilities</code></dt> | ||
101 | + | ||
102 | + <dd><strong>Linux specific:</strong> Normally, | ||
103 | + the <code>suexec</code> binary is installed "setuid/setgid | ||
104 | + root", which allows it to run with the full privileges of the | ||
105 | + root user. If this option is used, the <code>suexec</code> | ||
106 | + binary will instead be installed with only the setuid/setgid | ||
107 | + "capability" bits set, which is the subset of full root | ||
108 | + priviliges required for suexec operation. Note that | ||
109 | + the <code>suexec</code> binary may not be able to write to a log | ||
110 | + file in this mode; it is recommended that the | ||
111 | + <code>--with-suexec-syslog --without-suexec-logfile</code> | ||
112 | + options are used in conjunction with this mode, so that syslog | ||
113 | + logging is used instead.</dd> | ||
114 | + | ||
115 | <dt><code>--with-suexec-bin=<em>PATH</em></code></dt> | ||
116 | |||
117 | <dd>The path to the <code>suexec</code> binary must be hard-coded | ||
118 | @@ -430,6 +445,12 @@ | ||
119 | "<code>suexec_log</code>" and located in your standard logfile | ||
120 | directory (<code>--logfiledir</code>).</dd> | ||
121 | |||
122 | + <dt><code>--with-suexec-syslog</code></dt> | ||
123 | + | ||
124 | + <dd>If defined, suexec will log notices and errors to syslog | ||
125 | + instead of a logfile. This option must be combined | ||
126 | + with <code>--without-suexec-logfile</code>.</dd> | ||
127 | + | ||
128 | <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt> | ||
129 | |||
130 | <dd>Define a safe PATH environment to pass to CGI | ||
131 | @@ -546,9 +567,12 @@ | ||
132 | |||
133 | <p>The suEXEC wrapper will write log information | ||
134 | to the file defined with the <code>--with-suexec-logfile</code> | ||
135 | - option as indicated above. If you feel you have configured and | ||
136 | - installed the wrapper properly, have a look at this log and the | ||
137 | - error_log for the server to see where you may have gone astray.</p> | ||
138 | + option as indicated above, or to syslog if <code>--with-suexec-syslog</code> | ||
139 | + is used. If you feel you have configured and | ||
140 | + installed the wrapper properly, have a look at the log and the | ||
141 | + error_log for the server to see where you may have gone astray. | ||
142 | + The output of <code>"suexec -V"</code> will show the options | ||
143 | + used to compile suexec, if using a binary distribution.</p> | ||
144 | |||
145 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
146 | <div class="section"> | ||
147 | @@ -615,4 +639,4 @@ | ||
148 | </div><div id="footer"> | ||
149 | <p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> | ||
150 | <p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="./faq/">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p></div> | ||
151 | -</body></html> | ||
152 | \ No newline at end of file | ||
153 | +</body></html> | ||
154 | --- httpd-2.4.2/Makefile.in.r1337344+ | ||
155 | +++ httpd-2.4.2/Makefile.in | ||
156 | @@ -236,11 +236,22 @@ install-man: | ||
157 | cd $(DESTDIR)$(manualdir) && find . -name ".svn" -type d -print | xargs rm -rf 2>/dev/null || true; \ | ||
158 | fi | ||
159 | |||
160 | -install-suexec: | ||
161 | +install-suexec: install-suexec-binary install-suexec-$(INSTALL_SUEXEC) | ||
162 | + | ||
163 | +install-suexec-binary: | ||
164 | @if test -f $(builddir)/support/suexec; then \ | ||
165 | test -d $(DESTDIR)$(sbindir) || $(MKINSTALLDIRS) $(DESTDIR)$(sbindir); \ | ||
166 | $(INSTALL_PROGRAM) $(top_builddir)/support/suexec $(DESTDIR)$(sbindir); \ | ||
167 | - chmod 4755 $(DESTDIR)$(sbindir)/suexec; \ | ||
168 | + fi | ||
169 | + | ||
170 | +install-suexec-setuid: | ||
171 | + @if test -f $(builddir)/support/suexec; then \ | ||
172 | + chmod 4755 $(DESTDIR)$(sbindir)/suexec; \ | ||
173 | + fi | ||
174 | + | ||
175 | +install-suexec-caps: | ||
176 | + @if test -f $(builddir)/support/suexec; then \ | ||
177 | + setcap 'cap_setuid,cap_setgid+pe' $(DESTDIR)$(sbindir)/suexec; \ | ||
178 | fi | ||
179 | |||
180 | suexec: | ||
181 | --- httpd-2.4.2/modules/arch/unix/mod_unixd.c.r1337344+ | ||
182 | +++ httpd-2.4.2/modules/arch/unix/mod_unixd.c | ||
183 | @@ -284,6 +284,13 @@ unixd_set_suexec(cmd_parms *cmd, void *d | ||
184 | return NULL; | ||
185 | } | ||
186 | |||
187 | +#ifdef AP_SUEXEC_CAPABILITIES | ||
188 | +/* If suexec is using capabilities, don't test for the setuid bit. */ | ||
189 | +#define SETUID_TEST(finfo) (1) | ||
190 | +#else | ||
191 | +#define SETUID_TEST(finfo) (finfo.protection & APR_USETID) | ||
192 | +#endif | ||
193 | + | ||
194 | static int | ||
195 | unixd_pre_config(apr_pool_t *pconf, apr_pool_t *plog, | ||
196 | apr_pool_t *ptemp) | ||
197 | @@ -300,7 +307,7 @@ unixd_pre_config(apr_pool_t *pconf, apr_ | ||
198 | ap_unixd_config.suexec_enabled = 0; | ||
199 | if ((apr_stat(&wrapper, SUEXEC_BIN, APR_FINFO_NORM, ptemp)) | ||
200 | == APR_SUCCESS) { | ||
201 | - if ((wrapper.protection & APR_USETID) && wrapper.user == 0 | ||
202 | + if (SETUID_TEST(wrapper) && wrapper.user == 0 | ||
203 | && (access(SUEXEC_BIN, R_OK|X_OK) == 0)) { | ||
204 | ap_unixd_config.suexec_enabled = 1; | ||
205 | ap_unixd_config.suexec_disabled_reason = ""; | ||
206 | --- httpd-2.4.2/support/suexec.c.r1337344+ | ||
207 | +++ httpd-2.4.2/support/suexec.c | ||
208 | @@ -58,6 +58,10 @@ | ||
209 | #include <grp.h> | ||
210 | #endif | ||
211 | |||
212 | +#ifdef AP_LOG_SYSLOG | ||
213 | +#include <syslog.h> | ||
214 | +#endif | ||
215 | + | ||
216 | #if defined(PATH_MAX) | ||
217 | #define AP_MAXPATH PATH_MAX | ||
218 | #elif defined(MAXPATHLEN) | ||
219 | @@ -69,7 +73,12 @@ | ||
220 | #define AP_ENVBUF 256 | ||
221 | |||
222 | extern char **environ; | ||
223 | + | ||
224 | +#ifdef AP_LOG_SYSLOG | ||
225 | +static int log_open; | ||
226 | +#else | ||
227 | static FILE *log = NULL; | ||
228 | +#endif | ||
229 | |||
230 | static const char *const safe_env_lst[] = | ||
231 | { | ||
232 | @@ -128,10 +137,23 @@ static const char *const safe_env_lst[] | ||
233 | NULL | ||
234 | }; | ||
235 | |||
236 | +static void log_err(const char *fmt,...) | ||
237 | + __attribute__((format(printf,1,2))); | ||
238 | +static void log_no_err(const char *fmt,...) | ||
239 | + __attribute__((format(printf,1,2))); | ||
240 | +static void err_output(int is_error, const char *fmt, va_list ap) | ||
241 | + __attribute__((format(printf,2,0))); | ||
242 | |||
243 | static void err_output(int is_error, const char *fmt, va_list ap) | ||
244 | { | ||
245 | -#ifdef AP_LOG_EXEC | ||
246 | +#if defined(AP_LOG_SYSLOG) | ||
247 | + if (!log_open) { | ||
248 | + openlog("suexec", LOG_PID, LOG_DAEMON); | ||
249 | + log_open = 1; | ||
250 | + } | ||
251 | + | ||
252 | + vsyslog(is_error ? LOG_ERR : LOG_INFO, fmt, ap); | ||
253 | +#elif defined(AP_LOG_EXEC) | ||
254 | time_t timevar; | ||
255 | struct tm *lt; | ||
256 | |||
257 | @@ -263,7 +285,7 @@ int main(int argc, char *argv[]) | ||
258 | */ | ||
259 | uid = getuid(); | ||
260 | if ((pw = getpwuid(uid)) == NULL) { | ||
261 | - log_err("crit: invalid uid: (%ld)\n", uid); | ||
262 | + log_err("crit: invalid uid: (%lu)\n", (unsigned long)uid); | ||
263 | exit(102); | ||
264 | } | ||
265 | /* | ||
266 | @@ -289,7 +311,9 @@ int main(int argc, char *argv[]) | ||
267 | #ifdef AP_HTTPD_USER | ||
268 | fprintf(stderr, " -D AP_HTTPD_USER=\"%s\"\n", AP_HTTPD_USER); | ||
269 | #endif | ||
270 | -#ifdef AP_LOG_EXEC | ||
271 | +#if defined(AP_LOG_SYSLOG) | ||
272 | + fprintf(stderr, " -D AP_LOG_SYSLOG\n"); | ||
273 | +#elif defined(AP_LOG_EXEC) | ||
274 | fprintf(stderr, " -D AP_LOG_EXEC=\"%s\"\n", AP_LOG_EXEC); | ||
275 | #endif | ||
276 | #ifdef AP_SAFE_PATH | ||
277 | @@ -440,7 +464,7 @@ int main(int argc, char *argv[]) | ||
278 | * a UID less than AP_UID_MIN. Tsk tsk. | ||
279 | */ | ||
280 | if ((uid == 0) || (uid < AP_UID_MIN)) { | ||
281 | - log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd); | ||
282 | + log_err("cannot run as forbidden uid (%lu/%s)\n", (unsigned long)uid, cmd); | ||
283 | exit(107); | ||
284 | } | ||
285 | |||
286 | @@ -449,7 +473,7 @@ int main(int argc, char *argv[]) | ||
287 | * or as a GID less than AP_GID_MIN. Tsk tsk. | ||
288 | */ | ||
289 | if ((gid == 0) || (gid < AP_GID_MIN)) { | ||
290 | - log_err("cannot run as forbidden gid (%d/%s)\n", gid, cmd); | ||
291 | + log_err("cannot run as forbidden gid (%lu/%s)\n", (unsigned long)gid, cmd); | ||
292 | exit(108); | ||
293 | } | ||
294 | |||
295 | @@ -460,7 +484,7 @@ int main(int argc, char *argv[]) | ||
296 | * and setgid() to the target group. If unsuccessful, error out. | ||
297 | */ | ||
298 | if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0)) { | ||
299 | - log_err("failed to setgid (%ld: %s)\n", gid, cmd); | ||
300 | + log_err("failed to setgid (%lu: %s)\n", (unsigned long)gid, cmd); | ||
301 | exit(109); | ||
302 | } | ||
303 | |||
304 | @@ -468,7 +492,7 @@ int main(int argc, char *argv[]) | ||
305 | * setuid() to the target user. Error out on fail. | ||
306 | */ | ||
307 | if ((setuid(uid)) != 0) { | ||
308 | - log_err("failed to setuid (%ld: %s)\n", uid, cmd); | ||
309 | + log_err("failed to setuid (%lu: %s)\n", (unsigned long)uid, cmd); | ||
310 | exit(110); | ||
311 | } | ||
312 | |||
313 | @@ -556,11 +580,11 @@ int main(int argc, char *argv[]) | ||
314 | (gid != dir_info.st_gid) || | ||
315 | (uid != prg_info.st_uid) || | ||
316 | (gid != prg_info.st_gid)) { | ||
317 | - log_err("target uid/gid (%ld/%ld) mismatch " | ||
318 | - "with directory (%ld/%ld) or program (%ld/%ld)\n", | ||
319 | - uid, gid, | ||
320 | - dir_info.st_uid, dir_info.st_gid, | ||
321 | - prg_info.st_uid, prg_info.st_gid); | ||
322 | + log_err("target uid/gid (%lu/%lu) mismatch " | ||
323 | + "with directory (%lu/%lu) or program (%lu/%lu)\n", | ||
324 | + (unsigned long)uid, (unsigned long)gid, | ||
325 | + (unsigned long)dir_info.st_uid, (unsigned long)dir_info.st_gid, | ||
326 | + (unsigned long)prg_info.st_uid, (unsigned long)prg_info.st_gid); | ||
327 | exit(120); | ||
328 | } | ||
329 | /* | ||
330 | @@ -585,6 +609,12 @@ int main(int argc, char *argv[]) | ||
331 | #endif /* AP_SUEXEC_UMASK */ | ||
332 | |||
333 | /* Be sure to close the log file so the CGI can't mess with it. */ | ||
334 | +#ifdef AP_LOG_SYSLOG | ||
335 | + if (log_open) { | ||
336 | + closelog(); | ||
337 | + log_open = 0; | ||
338 | + } | ||
339 | +#else | ||
340 | if (log != NULL) { | ||
341 | #if APR_HAVE_FCNTL_H | ||
342 | /* | ||
343 | @@ -606,6 +636,7 @@ int main(int argc, char *argv[]) | ||
344 | log = NULL; | ||
345 | #endif | ||
346 | } | ||
347 | +#endif | ||
348 | |||
349 | /* | ||
350 | * Execute the command, replacing our image with its own. | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-restart.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-restart.patch new file mode 100644 index 000000000..42254d2f8 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-restart.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | |||
2 | * server/main.c (main): Bail out *before* signalling the server | ||
3 | if the config is bad. (as per the claim in the docs!) | ||
4 | |||
5 | https://bugzilla.redhat.com/show_bug.cgi?id=814645 | ||
6 | http://svn.apache.org/viewvc?view=revision&revision=1328345 | ||
7 | |||
8 | Upstream-Status: Backport | ||
9 | |||
10 | --- httpd-2.4.2/server/main.c.restart | ||
11 | +++ httpd-2.4.2/server/main.c | ||
12 | @@ -671,6 +671,11 @@ int main(int argc, const char * const ar | ||
13 | } | ||
14 | } | ||
15 | |||
16 | + /* If our config failed, deal with that here. */ | ||
17 | + if (rv != OK) { | ||
18 | + destroy_and_exit_process(process, 1); | ||
19 | + } | ||
20 | + | ||
21 | signal_server = APR_RETRIEVE_OPTIONAL_FN(ap_signal_server); | ||
22 | if (signal_server) { | ||
23 | int exit_status; | ||
24 | @@ -680,11 +685,6 @@ int main(int argc, const char * const ar | ||
25 | } | ||
26 | } | ||
27 | |||
28 | - /* If our config failed, deal with that here. */ | ||
29 | - if (rv != OK) { | ||
30 | - destroy_and_exit_process(process, 1); | ||
31 | - } | ||
32 | - | ||
33 | apr_pool_clear(plog); | ||
34 | |||
35 | if ( ap_run_open_logs(pconf, plog, ptemp, ap_server_conf) != OK) { | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/replace-lynx-to-curl-in-apachectl-script.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/replace-lynx-to-curl-in-apachectl-script.patch new file mode 100644 index 000000000..584ddc8d9 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/replace-lynx-to-curl-in-apachectl-script.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From 760ccbb2fb046621a2aeaecabb2b1ef9aa280cf1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yulong Pei <Yulong.pei@windriver.com> | ||
3 | Date: Thu, 1 Sep 2011 01:03:14 +0800 | ||
4 | Subject: [PATCH] replace lynx to curl in apachectl script | ||
5 | |||
6 | Upstream-Status: Inappropriate [configuration] | ||
7 | |||
8 | Signed-off-by: Yulong Pei <Yulong.pei@windriver.com> | ||
9 | --- | ||
10 | support/apachectl.in | 14 ++++++++++---- | ||
11 | 1 files changed, 10 insertions(+), 4 deletions(-) | ||
12 | |||
13 | diff --git a/support/apachectl.in b/support/apachectl.in | ||
14 | index d4dff38..109ea13 100644 | ||
15 | --- a/support/apachectl.in | ||
16 | +++ b/support/apachectl.in | ||
17 | @@ -51,11 +51,11 @@ fi | ||
18 | # a command that outputs a formatted text version of the HTML at the | ||
19 | # url given on the command line. Designed for lynx, however other | ||
20 | # programs may work. | ||
21 | -LYNX="@LYNX_PATH@ -dump" | ||
22 | +CURL="/usr/bin/curl" | ||
23 | # | ||
24 | # the URL to your server's mod_status status page. If you do not | ||
25 | # have one, then status and fullstatus will not work. | ||
26 | -STATUSURL="http://localhost:@PORT@/server-status" | ||
27 | +STATUSURL="http://localhost:@PORT@/" | ||
28 | # | ||
29 | # Set this variable to a command that increases the maximum | ||
30 | # number of file descriptors allowed per child process. This is | ||
31 | @@ -91,10 +91,16 @@ configtest) | ||
32 | ERROR=$? | ||
33 | ;; | ||
34 | status) | ||
35 | - $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' | ||
36 | + $CURL -s $STATUSURL | grep -o "It works!" | ||
37 | + if [ $? != 0 ] ; then | ||
38 | + echo The httpd server does not work! | ||
39 | + fi | ||
40 | ;; | ||
41 | fullstatus) | ||
42 | - $LYNX $STATUSURL | ||
43 | + $CURL -s $STATUSURL | grep -o "It works!" | ||
44 | + if [ $? != 0 ] ; then | ||
45 | + echo The httpd server does not work! | ||
46 | + fi | ||
47 | ;; | ||
48 | *) | ||
49 | $HTTPD $ARGV | ||
50 | -- | ||
51 | 1.6.4 | ||
52 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/server-makefile.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/server-makefile.patch new file mode 100644 index 000000000..f1349cb6a --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/server-makefile.patch | |||
@@ -0,0 +1,11 @@ | |||
1 | --- http-2.0.54/server/Makefile.in-old 2005-12-20 13:26:56.000000000 -0500 | ||
2 | +++ http-2.0.54/server/Makefile.in 2005-12-20 13:27:22.000000000 -0500 | ||
3 | @@ -27,7 +27,7 @@ | ||
4 | $(LINK) $(EXTRA_LDFLAGS) $(gen_test_char_OBJECTS) $(EXTRA_LIBS) | ||
5 | |||
6 | test_char.h: gen_test_char | ||
7 | - ./gen_test_char > test_char.h | ||
8 | + gen_test_char > test_char.h | ||
9 | |||
10 | util.lo: test_char.h | ||
11 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.2.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.2.bb new file mode 100644 index 000000000..17482ae0e --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.2.bb | |||
@@ -0,0 +1,43 @@ | |||
1 | DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ | ||
2 | extensible web server." | ||
3 | SUMMARY = "Apache HTTP Server" | ||
4 | HOMEPAGE = "http://httpd.apache.org/" | ||
5 | DEPENDS = "expat-native pcre-native apr-native apr-util-native" | ||
6 | SECTION = "net" | ||
7 | LICENSE = "Apache-2.0" | ||
8 | PR = "r0" | ||
9 | |||
10 | inherit native | ||
11 | |||
12 | SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2" | ||
13 | |||
14 | S = "${WORKDIR}/httpd-${PV}" | ||
15 | |||
16 | LIC_FILES_CHKSUM = "file://LICENSE;md5=eff226ae95d0516d6210ed77dfdf2dcc" | ||
17 | SRC_URI[md5sum] = "6bb12f726e22656f0ad2baf91f1f8329" | ||
18 | SRC_URI[sha256sum] = "5382f9c507d3d02706e33d6308ea041f39e8511b5948aef0ca188df8f90159b8" | ||
19 | |||
20 | do_configure () { | ||
21 | ./configure --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ | ||
22 | --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ | ||
23 | --prefix=${prefix} --datadir=${datadir}/apache2 | ||
24 | } | ||
25 | |||
26 | do_install () { | ||
27 | install -d ${D}${bindir} ${D}${libdir} | ||
28 | cp server/gen_test_char ${D}${bindir} | ||
29 | install -m 755 support/apxs ${D}${bindir}/ | ||
30 | install -m 755 httpd ${D}${bindir}/ | ||
31 | install -d ${D}${datadir}/apache2/build | ||
32 | cp build/*.mk ${D}${datadir}/apache2/build | ||
33 | cp build/instdso.sh ${D}${datadir}/apache2/build | ||
34 | |||
35 | install -d ${D}${includedir}/apache2 | ||
36 | cp include/* ${D}${includedir}/apache2 | ||
37 | cp os/unix/os.h ${D}${includedir}/apache2 | ||
38 | cp os/unix/unixd.h ${D}${includedir}/apache2 | ||
39 | |||
40 | cp support/envvars-std ${D}${bindir}/envvars | ||
41 | chmod 755 ${D}${bindir}/envvars | ||
42 | } | ||
43 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.2.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.2.bb new file mode 100644 index 000000000..15c4d024f --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.2.bb | |||
@@ -0,0 +1,130 @@ | |||
1 | DESCRIPTION = "The Apache HTTP Server is a powerful, efficient, and \ | ||
2 | extensible web server." | ||
3 | SUMMARY = "Apache HTTP Server" | ||
4 | HOMEPAGE = "http://httpd.apache.org/" | ||
5 | DEPENDS = "libtool-native apache2-native openssl expat pcre apr apr-util" | ||
6 | RDEPENDS_${PN} += "openssl libgcc" | ||
7 | SECTION = "net" | ||
8 | LICENSE = "Apache-2.0" | ||
9 | PR = "r0" | ||
10 | |||
11 | SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \ | ||
12 | file://server-makefile.patch \ | ||
13 | file://fix-libtool-name.patch \ | ||
14 | file://httpd-2.4.1-corelimit.patch \ | ||
15 | file://httpd-2.4.1-export.patch \ | ||
16 | file://httpd-2.4.1-selinux.patch \ | ||
17 | file://httpd-2.4.2-r1326980+.patch \ | ||
18 | file://httpd-2.4.2-r1327036+.patch \ | ||
19 | file://httpd-2.4.2-r1332643.patch \ | ||
20 | file://httpd-2.4.2-r1337344+.patch \ | ||
21 | file://httpd-2.4.2-restart.patch \ | ||
22 | file://apache-configure_perlbin.patch \ | ||
23 | file://replace-lynx-to-curl-in-apachectl-script.patch \ | ||
24 | file://apache-ssl-ltmain-rpath.patch \ | ||
25 | file://init" | ||
26 | |||
27 | LIC_FILES_CHKSUM = "file://LICENSE;md5=eff226ae95d0516d6210ed77dfdf2dcc" | ||
28 | SRC_URI[md5sum] = "6bb12f726e22656f0ad2baf91f1f8329" | ||
29 | SRC_URI[sha256sum] = "5382f9c507d3d02706e33d6308ea041f39e8511b5948aef0ca188df8f90159b8" | ||
30 | |||
31 | S = "${WORKDIR}/httpd-${PV}" | ||
32 | |||
33 | inherit autotools update-rc.d | ||
34 | |||
35 | CFLAGS_append = " -DPATH_MAX=4096" | ||
36 | CFLAGS_prepend = "-I${STAGING_INCDIR}/openssl " | ||
37 | EXTRA_OECONF = "--enable-ssl \ | ||
38 | --with-ssl=${STAGING_LIBDIR}/.. \ | ||
39 | --with-expat=${STAGING_LIBDIR}/.. \ | ||
40 | --with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ | ||
41 | --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \ | ||
42 | --enable-info \ | ||
43 | --enable-rewrite \ | ||
44 | --with-dbm=sdbm \ | ||
45 | --with-berkeley-db=no \ | ||
46 | --localstatedir=/var/${PN} \ | ||
47 | --with-gdbm=no \ | ||
48 | --with-ndbm=no \ | ||
49 | --includedir=${includedir}/${PN} \ | ||
50 | --datadir=${datadir}/${PN} \ | ||
51 | --sysconfdir=${sysconfdir}/${PN} \ | ||
52 | --libexecdir=${libdir}/${PN}/modules \ | ||
53 | ap_cv_void_ptr_lt_long=no \ | ||
54 | --enable-mpms-shared \ | ||
55 | ac_cv_have_threadsafe_pollset=no" | ||
56 | |||
57 | do_install_append() { | ||
58 | install -d ${D}/${sysconfdir}/init.d | ||
59 | cat ${WORKDIR}/init | \ | ||
60 | sed -e 's,/usr/sbin/,${sbindir}/,g' \ | ||
61 | -e 's,/usr/bin/,${bindir}/,g' \ | ||
62 | -e 's,/usr/lib,${libdir}/,g' \ | ||
63 | -e 's,/etc/,${sysconfdir}/,g' \ | ||
64 | -e 's,/usr/,${prefix}/,g' > ${D}/${sysconfdir}/init.d/${PN} | ||
65 | chmod 755 ${D}/${sysconfdir}/init.d/${PN} | ||
66 | # remove the goofy original files... | ||
67 | rm -rf ${D}/${sysconfdir}/${PN}/original | ||
68 | # Expat should be found in the staging area via DEPENDS... | ||
69 | rm -f ${D}/${libdir}/libexpat.* | ||
70 | |||
71 | # Ensure configuration file pulls in modules.d | ||
72 | printf "\nInclude ${sysconfdir}/${PN}/modules.d/*\n\n" >> ${D}/${sysconfdir}/${PN}/httpd.conf | ||
73 | } | ||
74 | |||
75 | SYSROOT_PREPROCESS_FUNCS += "apache_sysroot_preprocess" | ||
76 | |||
77 | apache_sysroot_preprocess () { | ||
78 | install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ | ||
79 | install -m 755 ${D}${bindir}/apxs ${SYSROOT_DESTDIR}${bindir_crossscripts}/ | ||
80 | sed -i 's!my $installbuilddir = .*!my $installbuilddir = "${STAGING_DIR_HOST}/${datadir}/${PN}/build";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs | ||
81 | sed -i 's!my $libtool = .*!my $libtool = "${STAGING_BINDIR_CROSS}/${TARGET_PREFIX}libtool";!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/apxs | ||
82 | |||
83 | sed -i 's!^APR_CONFIG = .*!APR_CONFIG = ${STAGING_BINDIR_CROSS}/apr-1-config!' ${SYSROOT_DESTDIR}${datadir}/${PN}/build/config_vars.mk | ||
84 | sed -i 's!^APU_CONFIG = .*!APU_CONFIG = ${STAGING_BINDIR_CROSS}/apu-1-config!' ${SYSROOT_DESTDIR}${datadir}/${PN}/build/config_vars.mk | ||
85 | } | ||
86 | |||
87 | # | ||
88 | # implications - used by update-rc.d scripts | ||
89 | # | ||
90 | INITSCRIPT_NAME = "apache2" | ||
91 | INITSCRIPT_PARAMS = "defaults 91 20" | ||
92 | LEAD_SONAME = "libapr-1.so.0" | ||
93 | |||
94 | CONFFILES_${PN} = "${sysconfdir}/${PN}/httpd.conf \ | ||
95 | ${sysconfdir}/${PN}/magic \ | ||
96 | ${sysconfdir}/${PN}/mime.types \ | ||
97 | ${sysconfdir}/init.d/${PN} " | ||
98 | |||
99 | PACKAGES = "${PN}-doc ${PN}-dev ${PN}-dbg ${PN}" | ||
100 | |||
101 | # we override here rather than append so that .so links are | ||
102 | # included in the runtime package rather than here (-dev) | ||
103 | # and to get build, icons, error into the -dev package | ||
104 | FILES_${PN}-dev = "${datadir}/${PN}/build \ | ||
105 | ${datadir}/${PN}/icons \ | ||
106 | ${datadir}/${PN}/error \ | ||
107 | ${bindir}/apr-config ${bindir}/apu-config \ | ||
108 | ${libdir}/apr*.exp \ | ||
109 | ${includedir}/${PN} \ | ||
110 | ${libdir}/*.la \ | ||
111 | ${libdir}/*.a" | ||
112 | |||
113 | # manual to manual | ||
114 | FILES_${PN}-doc += " ${datadir}/${PN}/manual" | ||
115 | |||
116 | # | ||
117 | # override this too - here is the default, less datadir | ||
118 | # | ||
119 | FILES_${PN} = "${bindir} ${sbindir} ${libexecdir} ${libdir}/lib*.so.* ${sysconfdir} \ | ||
120 | ${sharedstatedir} ${localstatedir} /bin /sbin /lib/*.so* \ | ||
121 | ${libdir}/${PN}" | ||
122 | |||
123 | # we want htdocs and cgi-bin to go with the binary | ||
124 | FILES_${PN} += "${datadir}/${PN}/htdocs ${datadir}/${PN}/cgi-bin" | ||
125 | |||
126 | #make sure the lone .so links also get wrapped in the base package | ||
127 | FILES_${PN} += "${libdir}/lib*.so ${libdir}/pkgconfig/*" | ||
128 | |||
129 | FILES_${PN}-dbg += "${libdir}/${PN}/modules/.debug" | ||
130 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/files/init b/meta-webserver/recipes-httpd/apache2/files/init new file mode 100755 index 000000000..85af74283 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/files/init | |||
@@ -0,0 +1,73 @@ | |||
1 | #!/bin/sh | ||
2 | ### BEGIN INIT INFO | ||
3 | # Provides: httpd | ||
4 | # Required-Start: $local_fs $remote_fs $network $named | ||
5 | # Required-Stop: $local_fs $remote_fs $network | ||
6 | # Should-Start: distcache | ||
7 | # Short-Description: start and stop Apache HTTP Server | ||
8 | # Description: The Apache HTTP Server is an extensible server | ||
9 | # implementing the current HTTP standards. | ||
10 | ### END INIT INFO | ||
11 | |||
12 | ARGS="-D SSL -k start" | ||
13 | NAME=apache2 | ||
14 | PATH=/bin:/usr/bin:/sbin:/usr/sbin | ||
15 | DAEMON=/usr/sbin/httpd | ||
16 | SUEXEC=/usr/lib/apache/suexec | ||
17 | PIDFILE=/var/run/$NAME.pid | ||
18 | CONF=/etc/apache2/httpd.conf | ||
19 | APACHECTL=/usr/sbin/apachectl | ||
20 | |||
21 | trap "" 1 | ||
22 | export LANG=C | ||
23 | export PATH | ||
24 | |||
25 | test -f $DAEMON || exit 0 | ||
26 | test -f $APACHECTL || exit 0 | ||
27 | |||
28 | # ensure we don't leak environment vars into apachectl | ||
29 | APACHECTL="env -i LANG=${LANG} PATH=${PATH} $APACHECTL" | ||
30 | |||
31 | case "$1" in | ||
32 | start) | ||
33 | echo -n "Starting web server: $NAME" | ||
34 | $APACHECTL $ARGS | ||
35 | ;; | ||
36 | |||
37 | stop) | ||
38 | $APACHECTL stop | ||
39 | ;; | ||
40 | |||
41 | reload) | ||
42 | echo -n "Reloading $NAME configuration" | ||
43 | $APACHECTL reload | ||
44 | ;; | ||
45 | |||
46 | reload-modules) | ||
47 | echo -n "Reloading $NAME modules" | ||
48 | $APACHECTL restart | ||
49 | ;; | ||
50 | |||
51 | restart) | ||
52 | $APACHECTL restart | ||
53 | exit $? | ||
54 | ;; | ||
55 | |||
56 | force-reload) | ||
57 | $0 reload-modules | ||
58 | exit $? | ||
59 | ;; | ||
60 | |||
61 | *) | ||
62 | echo "Usage: /etc/init.d/$NAME {start|stop|reload|reload-modules|force-reload|restart}" | ||
63 | exit 1 | ||
64 | ;; | ||
65 | esac | ||
66 | |||
67 | if [ $? = 0 ]; then | ||
68 | echo . | ||
69 | exit 0 | ||
70 | else | ||
71 | echo failed | ||
72 | exit 1 | ||
73 | fi | ||