From c8aba5113bbe90202c87bad9db9d4c72ccc6afa2 Mon Sep 17 00:00:00 2001 From: Sebastian Kemper Date: Wed, 1 Jan 2020 23:46:21 +0100 Subject: [PATCH] apache: add extra packages + apache user This adds extra packages for certain modules (basically the ones that incur further dependencies), support files etc. This is pretty much follows Alpine's example. This updates the httpd.conf patch to _not_ uncomment MIMEMagicFile (because the module isn't loaded by default) and removes that changes that aren't needed anymore (because of the added module support). The patch now only changes the default user. Signed-off-by: Sebastian Kemper --- net/apache/Config.in | 11 - net/apache/Makefile | 247 ++++++++++++++++-- net/apache/patches/005-httpd_conf.patch | 60 +---- .../patches/010-reproducible-builds.patch | 14 +- 4 files changed, 232 insertions(+), 100 deletions(-) delete mode 100644 net/apache/Config.in diff --git a/net/apache/Config.in b/net/apache/Config.in deleted file mode 100644 index 5eb42b30a..000000000 --- a/net/apache/Config.in +++ /dev/null @@ -1,11 +0,0 @@ -menu "Configuration" - depends on PACKAGE_apache - -config APACHE_HTTP2 - bool - prompt "Enable HTTP2" - help - Enable HTTPS2 support. - default n - -endmenu diff --git a/net/apache/Makefile b/net/apache/Makefile index 0d7d35cac..908b7a67c 100644 --- a/net/apache/Makefile +++ b/net/apache/Makefile @@ -24,24 +24,30 @@ PKG_LICENSE_FILES:=LICENSE PKG_CPE_ID:=cpe:/a:apache:http_server -PKG_BUILD_PARALLEL:=1 +PKG_BUILD_DEPENDS:=openssl -PKG_INSTALL:=1 +PKG_BUILD_PARALLEL:=1 PKG_CONFIG_DEPENDS:= \ - CONFIG_APACHE_HTTP2 + CONFIG_PACKAGE_apache-mod-deflate \ + CONFIG_PACKAGE_apache-mod-http2 \ + CONFIG_PACKAGE_apache-mod-ldap \ + CONFIG_PACKAGE_apache-mod-lua \ + CONFIG_PACKAGE_apache-mod-md \ + CONFIG_PACKAGE_apache-mod-proxy \ + CONFIG_PACKAGE_apache-mod-proxy-html \ + CONFIG_PACKAGE_apache-mod-session-crypto \ + CONFIG_PACKAGE_apache-mod-suexec \ + CONFIG_PACKAGE_apache-mod-webdav \ + CONFIG_PACKAGE_apache-suexec PKG_FIXUP:=autoreconf -ADDITIONAL_MODULES:= -ifeq ($(CONFIG_APACHE_HTTP2),y) - ADDITIONAL_MODULES += --enable-http2 -endif -ifneq ($(CONFIG_APACHE_HTTP2),y) - ADDITIONAL_MODULES += --enable-http2=no -endif +PKG_INSTALL:=1 include $(INCLUDE_DIR)/package.mk +# without nls.mk mod_xml2enc might not find the iconv headers +include $(INCLUDE_DIR)/nls.mk define Package/apache/Default SECTION:=net @@ -63,7 +69,8 @@ endef define Package/apache $(call Package/apache/Default) - DEPENDS:=+libapr +libaprutil +libpcre +libopenssl +unixodbc +zlib +APACHE_HTTP2:libnghttp2 + USERID:=apache=377:apache=377 + DEPENDS:=+libapr +libaprutil +libpcre endef define Package/apache/description @@ -95,10 +102,37 @@ define Package/apache/conffiles /etc/apache2/extra/httpd-ssl.conf /etc/apache2/extra/httpd-userdir.conf /etc/apache2/extra/httpd-vhosts.conf +/etc/apache2/extra/proxy-html.conf /etc/apache2/magic /etc/apache2/mime.types endef +define Package/apache-ab +$(call Package/apache/Default) + TITLE:=Apache benchmark utility + DEPENDS:=apache +libopenssl +endef + +define Package/apache-ab/description +$(call Package/apache/Default/description) + +Apache server benchmarking utility. + +endef + +define Package/apache-error +$(call Package/apache/Default) + TITLE:=Error documents + DEPENDS:=apache +endef + +define Package/apache-error/description +$(call Package/apache/Default/description) + +Apache multi language custom error documents. + +endef + define Package/apache-icons $(call Package/apache/Default) TITLE:=Icons from Apache @@ -111,11 +145,49 @@ $(call Package/apache/Default/description) This package contains the icons from Apache. endef +define Package/apache-suexec +$(call Package/apache/Default) + TITLE:=Apache suEXEC + DEPENDS:=apache +endef + +define Package/apache-suexec/description +$(call Package/apache/Default/description) + +This package contains the suEXEC utility from Apache. + +endef + +define Package/apache-utils +$(call Package/apache/Default) + TITLE:=Apache utilities + DEPENDS:=apache +endef + +define Package/apache-utils/description +$(call Package/apache/Default/description) + +Apache utility programs for webservers. + +endef + +define Package/apache/install/mod + $(INSTALL_DIR) $(1)/usr/lib/apache2 + $(INSTALL_BIN) \ + $(PKG_INSTALL_DIR)/usr/lib/apache2/mod_$(2).so \ + $(1)/usr/lib/apache2 +endef + CONFIGURE_ARGS+= \ + --$(if $(CONFIG_PACKAGE_apache-mod-deflate),en,dis)able-deflate \ + --$(if $(CONFIG_PACKAGE_apache-mod-http2),en,dis)able-http2 \ + --$(if $(CONFIG_PACKAGE_apache-mod-lua),en,dis)able-lua \ + --$(if $(CONFIG_PACKAGE_apache-mod-md),en,dis)able-md \ + --$(if $(CONFIG_PACKAGE_apache-mod-proxy),en,dis)able-proxy \ + --$(if $(CONFIG_PACKAGE_apache-mod-session-crypto),en,dis)able-session-crypto \ + --$(if $(CONFIG_PACKAGE_apache-mod-ssl),en,dis)able-ssl \ --datadir=/usr/share/apache2 \ - --disable-authnz-ldap \ --disable-imagemap \ - --disable-ldap \ --disable-luajit \ --enable-authn-alias \ --enable-authn-anon \ @@ -139,6 +211,62 @@ CONFIGURE_ARGS+= \ --with-pcre="$(STAGING_DIR)/usr/bin/pcre-config" \ --with-ssl +ifneq ($(CONFIG_PACKAGE_apache-mod-ldap),) +CONFIGURE_ARGS+= \ + --enable-authnz-ldap \ + --enable-ldap +else +CONFIGURE_ARGS+= \ + --disable-authnz-ldap \ + --disable-ldap +endif + +ifneq ($(CONFIG_PACKAGE_apache-mod-proxy),) +CONFIGURE_ARGS+= \ + --enable-proxy \ + --enable-proxy-connect \ + --enable-proxy-ftp \ + --enable-proxy-http +else +CONFIGURE_ARGS+= \ + --disable-proxy +endif + +ifneq ($(CONFIG_PACKAGE_apache-mod-proxy-html),) +CONFIGURE_ARGS+= \ + --enable-proxy-html \ + --enable-xml2enc \ + --with-libxml2="$(STAGING_DIR)/usr" +else +CONFIGURE_ARGS+= \ + --disable-proxy-html \ + --disable-xml2enc +endif + +ifneq ($(CONFIG_PACKAGE_apache-mod-suexec)$(CONFIG_PACKAGE_apache-suexec),) +CONFIGURE_ARGS+= \ + --enable-suexec \ + --with-suexec-bin=/usr/sbin/suexec \ + --with-suexec-caller=apache \ + --with-suexec-docroot=/var/www \ + --with-suexec-logfile=/var/log/apache2/suexec.log \ + --with-suexec-uidmin=99 \ + --with-suexec-gidmin=99 +else +CONFIGURE_ARGS+= \ + --disable-suexec +endif + +ifneq ($(CONFIG_PACKAGE_apache-mod-webdav),) +CONFIGURE_ARGS+= \ + --enable-dav \ + --enable-dav-fs \ + --enable-dav-lock +else +CONFIGURE_ARGS+= \ + --disable-dav +endif + CONFIGURE_VARS += \ ap_cv_void_ptr_lt_long=no @@ -175,16 +303,31 @@ define Package/apache/preinst endef define Package/apache/install - $(INSTALL_DIR) $(1)/usr/sbin - # we don't need apxs on the router, it's just for building apache modules. - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/{ab,dbmmanage,htdbm,htdigest,htpasswd,httxt2dbm,logresolve} $(1)/usr/sbin/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/{apachectl,checkgid,envvars,envvars-std,htcacheclean,httpd,rotatelogs} $(1)/usr/sbin/ - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/httpd.exp $(1)/usr/lib/ - $(INSTALL_DIR) $(1)/usr/share - $(CP) $(PKG_INSTALL_DIR)/usr/share/{error,htdocs,cgi-bin,build} $(1)/usr/share/ - $(INSTALL_DIR) $(1)/etc/apache - $(CP) $(PKG_INSTALL_DIR)/etc/apache/{httpd.conf,magic,mime.types,extra} $(1)/etc/apache/ + $(INSTALL_DIR) $(1)/etc/apache2/extra + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/apache2/extra/* \ + $(1)/etc/apache2/extra + $(INSTALL_DATA) \ + $(PKG_INSTALL_DIR)/etc/apache2/{httpd.conf,magic,mime.types} \ + $(1)/etc/apache2 + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/apache.init $(1)/etc/init.d/apache + $(INSTALL_DIR) $(1)/usr/lib/apache2 + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/apache2/*.so \ + $(1)/usr/lib/apache2 + rm -f $(1)/usr/lib/apache2/mod_{*ldap,dav*,deflate,http2,lbmethod_*,lua,md,proxy*,proxy_html,session_crypto,ssl,suexec,xml2enc}.so + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/apache2/httpd.exp \ + $(1)/usr/lib/apache2 + $(INSTALL_DIR) $(1)/usr/share/apache2/{cgi-bin,htdocs} + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/apache2/cgi-bin/* \ + $(1)/usr/share/apache2/cgi-bin + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/apache2/htdocs/* \ + $(1)/usr/share/apache2/htdocs + $(INSTALL_DIR) $(1)/usr/{,s}bin + $(INSTALL_BIN) \ + $(PKG_INSTALL_DIR)/usr/bin/{dbmmanage,htdbm,htdigest,htpasswd,httxt2dbm,logresolve} \ + $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/{apachectl,httpd} \ + $(1)/usr/sbin endef define Package/apache/postrm @@ -194,10 +337,64 @@ define Package/apache/postrm with busybox's httpd." endef +define Package/apache-ab/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ab $(1)/usr/bin +endef + +define Package/apache-error/install + $(INSTALL_DIR) $(1)/usr/share/apache2/error + $(CP) $(PKG_INSTALL_DIR)/usr/share/apache2/error/* \ + $(1)/usr/share/apache2/error +endef + define Package/apache-icons/install - $(INSTALL_DIR) $(1)/usr/share - $(CP) $(PKG_INSTALL_DIR)/usr/share/icons $(1)/usr/share/ + $(INSTALL_DIR) $(1)/usr/share/apache2 + $(CP) $(PKG_INSTALL_DIR)/usr/share/apache2/icons \ + $(1)/usr/share/apache2 +endef + +define Package/apache-suexec/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/suexec $(1)/usr/sbin +endef + +define Package/apache-utils/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) \ + $(PKG_INSTALL_DIR)/usr/sbin/{checkgid,envvars*,htcacheclean,rotatelogs} \ + $(1)/usr/sbin +endef + +define Package/apache/Module +define Package/apache-mod-$(1) +$(call Package/apache/Default) + TITLE:=$(2) module + DEPENDS:=apache $(patsubst +%,+PACKAGE_apache-mod-$(1):%,$(4)) +endef +define Package/apache-mod-$(1)/description +$(subst \n,$(newline),$(3)) +endef +define Package/apache-mod-$(1)/install +$(foreach m,$(5),$(call Package/apache/install/mod,$$(1),$(m));) +endef +$$(eval $$(call BuildPackage,apache-mod-$(1))) endef $(eval $(call BuildPackage,apache)) +$(eval $(call BuildPackage,apache-ab)) +$(eval $(call BuildPackage,apache-error)) $(eval $(call BuildPackage,apache-icons)) +$(eval $(call BuildPackage,apache-suexec)) +$(eval $(call BuildPackage,apache-utils)) +$(eval $(call Package/apache/Module,deflate,Deflate,Deflate support for the Apache HTTP server.,+zlib,deflate)) +$(eval $(call Package/apache/Module,http2,HTTP2,HTTP/2 transport layer for the Apache HTTP Server.,+libnghttp2 +libopenssl,http2)) +$(eval $(call Package/apache/Module,ldap,LDAP,LDAP authentication/authorization module for the Apache HTTP Server.,+libaprutil-ldap,authnz_ldap ldap)) +$(eval $(call Package/apache/Module,lua,Lua,Lua support for the Apache HTTP server.,+liblua,lua)) +$(eval $(call Package/apache/Module,md,Managed Domain handling,Managed Domain handling.,+libcurl +jansson +libopenssl,md)) +$(eval $(call Package/apache/Module,proxy,Proxy,Proxy modules for the Apache HTTP Server.,,proxy proxy_ajp proxy_balancer proxy_connect proxy_express proxy_fcgi proxy_fdpass proxy_ftp proxy_hcheck proxy_http proxy_scgi proxy_uwsgi proxy_wstunnel lbmethod_byrequests lbmethod_heartbeat lbmethod_bytraffic lbmethod_bybusyness)) +$(eval $(call Package/apache/Module,proxy-html,Proxy HTML,HTML and XML content filters for the Apache HTTP Server.,+apache-mod-proxy +libxml2,proxy_html xml2enc)) +$(eval $(call Package/apache/Module,session-crypto,Session crypto,Session encryption support for the Apache HTTP Server.,+libaprutil-crypto-openssl,session_crypto)) +$(eval $(call Package/apache/Module,ssl,SSL/TLS,SSL/TLS module for the Apache HTTP Server.,+libopenssl,ssl)) +$(eval $(call Package/apache/Module,suexec,suEXEC,suEXEC module for the Apache HTTP Server.,+apache-suexec,suexec)) +$(eval $(call Package/apache/Module,webdav,WebDAV,WebDAV support for the Apache HTTP Server.,,dav dav_fs dav_lock)) diff --git a/net/apache/patches/005-httpd_conf.patch b/net/apache/patches/005-httpd_conf.patch index 04a73a9e3..9de32fe8c 100644 --- a/net/apache/patches/005-httpd_conf.patch +++ b/net/apache/patches/005-httpd_conf.patch @@ -1,63 +1,13 @@ -Index: httpd-2.4.25/docs/conf/httpd.conf.in -=================================================================== ---- httpd-2.4.25.orig/docs/conf/httpd.conf.in -+++ httpd-2.4.25/docs/conf/httpd.conf.in -@@ -63,7 +63,6 @@ Listen @@Port@@ - # Example: - # LoadModule foo_module modules/mod_foo.so - # --@@LoadModule@@ - - - # -@@ -74,8 +73,8 @@ Listen @@Port@@ +--- a/docs/conf/httpd.conf.in ++++ b/docs/conf/httpd.conf.in +@@ -74,8 +74,8 @@ Listen @@Port@@ # It is usually good practice to create a dedicated user and group for # running httpd, as with most system services. # -User daemon -Group daemon -+User nobody -+Group nogroup ++User apache ++Group apache -@@ -188,7 +187,7 @@ ErrorLog "@rel_logfiledir@/error_log" - # Possible values include: debug, info, notice, warn, error, crit, - # alert, emerg. - # --LogLevel warn -+LogLevel debug - - - # -@@ -330,7 +329,7 @@ LogLevel warn - # contents of the file itself to determine its type. The MIMEMagicFile - # directive tells the module where the hint definitions are located. - # --#MIMEMagicFile @rel_sysconfdir@/magic -+MIMEMagicFile @rel_sysconfdir@/magic - - # - # Customizable error responses come in three flavors: -@@ -360,7 +359,7 @@ LogLevel warn - # Defaults: EnableMMAP On, EnableSendfile Off - # - #EnableMMAP off --#EnableSendfile on -+EnableSendfile off - - # Supplemental configuration - # -@@ -411,8 +410,8 @@ Include @rel_sysconfdir@/extra/proxy-htm - # starting without SSL on platforms with no /dev/random equivalent - # but a statically compiled-in mod_ssl. - # -- --SSLRandomSeed startup builtin --SSLRandomSeed connect builtin -- -+# -+#SSLRandomSeed startup builtin -+#SSLRandomSeed connect builtin -+# - diff --git a/net/apache/patches/010-reproducible-builds.patch b/net/apache/patches/010-reproducible-builds.patch index 0289da1cb..8d73efec8 100644 --- a/net/apache/patches/010-reproducible-builds.patch +++ b/net/apache/patches/010-reproducible-builds.patch @@ -5,10 +5,8 @@ Author: Jean-Michel Vourgère Forwarded: no Last-Update: 2015-08-11 -Index: apache2/server/buildmark.c -=================================================================== ---- apache2.orig/server/buildmark.c -+++ apache2/server/buildmark.c +--- a/server/buildmark.c ++++ b/server/buildmark.c @@ -17,11 +17,7 @@ #include "ap_config.h" #include "httpd.h" @@ -22,16 +20,14 @@ Index: apache2/server/buildmark.c AP_DECLARE(const char *) ap_get_server_built() { -Index: apache2/server/Makefile.in -=================================================================== ---- apache2.orig/server/Makefile.in -+++ apache2/server/Makefile.in +--- a/server/Makefile.in ++++ b/server/Makefile.in @@ -1,3 +1,4 @@ +export LC_ALL = C CLEAN_TARGETS = gen_test_char test_char.h \ ApacheCoreOS2.def httpd.exp export_files \ -@@ -85,8 +86,8 @@ httpd.exp: exports.c export_vars.h +@@ -87,8 +88,8 @@ httpd.exp: exports.c export_vars.h @echo "#! ." > $@ @echo "* This file was AUTOGENERATED at build time." >> $@ @echo "* Please do not edit by hand." >> $@