commit: ca16eb6b7ecdee75b536104762288b0677ca0479 Author: orbea <orbea <AT> riseup <DOT> net> AuthorDate: Thu Sep 7 20:58:58 2023 +0000 Commit: orbea <orbea <AT> riseup <DOT> net> CommitDate: Thu Sep 7 21:06:38 2023 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=ca16eb6b
www-servers/apache: new package Upstream-PR: https://github.com/apache/httpd/pull/384 Signed-off-by: orbea <orbea <AT> riseup.net> www-servers/apache/Manifest | 4 + www-servers/apache/apache-2.4.57-r1.ebuild | 261 +++++++++++++++++++++ www-servers/apache/apache-2.4.57-r2.ebuild | 261 +++++++++++++++++++++ www-servers/apache/apache-2.4.57-r3.ebuild | 258 ++++++++++++++++++++ www-servers/apache/apache-2.4.57-r4.ebuild | 260 ++++++++++++++++++++ www-servers/apache/apache-2.4.57.ebuild | 261 +++++++++++++++++++++ www-servers/apache/files/41_mod_http2.conf | 9 + .../apache/files/apache-2.4.54-libtool.patch | 21 ++ .../apache/files/apache-2.4.54-no-which.patch | 54 +++++ .../apache/files/apache-2.4.57-libressl.patch | 40 ++++ .../files/apache-2.4.57-rustls-ffi-0.10.0.patch | 51 ++++ www-servers/apache/files/apache.conf | 3 + .../apache/files/apache2.4-hardened.service | 25 ++ www-servers/apache/metadata.xml | 23 ++ 14 files changed, 1531 insertions(+) diff --git a/www-servers/apache/Manifest b/www-servers/apache/Manifest new file mode 100644 index 0000000..4cafb77 --- /dev/null +++ b/www-servers/apache/Manifest @@ -0,0 +1,4 @@ +DIST gentoo-apache-2.4.46-r6-20210212.tar.bz2 25854 BLAKE2B 001f16c1beac8c90fd407bb2f77417f886296baf02acf0f6d81dc0f10c209270db7005f58d845d309dec8332773556da88db41a57c6ecc86f24b8a5141ba07d0 SHA512 976dde952277542efca70831b67da32b8bf636a346adeeb6e0bc5a65b3543a7ca4fb182bc01204f747b583dd753607d184d91ef46a93d5e2f3ab55ed787860a2 +DIST gentoo-apache-2.4.57-r2-20230903.tar.bz2 25595 BLAKE2B 030d7624293b85d35c02b317e78e0ac8736cfd9b4116b66727262bfd1003e28e604010526a766f0b5fa2bf359e5cfe0e6eee6ffbea05eeb41e51772913692d85 SHA512 334304d4d35e5d9e39b58af4594e3f57f2e4f6f11f5944715b0dd63c92717c1255dd3e4fed96d914487a15b8faf1792914087b7240b0f23ab6d0960972013d1e +DIST gentoo-apache-2.4.57-r3-20230903.tar.bz2 27356 BLAKE2B 793c6a94062ea7a68acbe0b739e9b317390c16e57a8ae4cd85bd03ae1663c25050a796c199dc958c9eb7913e677698cba042b3fb0b28dc5c90c5da49c503fbba SHA512 82e2c36fbc14f70f4e4b48eebe83d52082e05994d8ec095aec392adfea71f4b8abee60a320e36c188ee9b1d0113a5880b4780bdbd6230e47909ed115de0de2cb +DIST httpd-2.4.57.tar.bz2 7457022 BLAKE2B b33b51a741acd308ef4d4bdd2444d43eca9db68676fa67ec907eeea7384554f3f9a5608fc43dcf5819498264bbe36f176f30be9809474307642b70720036b88c SHA512 4d1e0a274ee90bdfb5f38d4a7d73a7367ed1c6388e26280e640014e49abc0df03683705b88dcfe2ec2da313dda4c7b4a3b86daffa1911f58e224eba89d82d155 diff --git a/www-servers/apache/apache-2.4.57-r1.ebuild b/www-servers/apache/apache-2.4.57-r1.ebuild new file mode 100644 index 0000000..36bf4a3 --- /dev/null +++ b/www-servers/apache/apache-2.4.57-r1.ebuild @@ -0,0 +1,261 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +# latest gentoo apache files +GENTOO_PATCHSTAMP="20210212" +GENTOO_DEVELOPER="polynomial-c" +GENTOO_PATCHNAME="gentoo-apache-2.4.46-r6" + +# IUSE/USE_EXPAND magic +IUSE_MPMS_FORK="prefork" +IUSE_MPMS_THREAD="event worker" + +# << obsolete modules: +# authn_default authz_default mem_cache +# mem_cache is replaced by cache_disk +# ?? buggy modules +# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found +# >> added modules for reason: +# compat: compatibility with 2.2 access control +# authz_host: new module for access control +# authn_core: functionality provided by authn_alias in previous versions +# authz_core: new module, provides core authorization capabilities +# cache_disk: replacement for mem_cache +# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3 +# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3 +# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests). +# socache_shmcb: shared object cache provider. Default config with ssl needs it +# unixd: fixes startup error: Invalid command 'User' +IUSE_MODULES="access_compat actions alias allowmethods asis auth_basic auth_digest auth_form +authn_anon authn_core authn_dbd authn_dbm authn_file authn_socache authz_core +authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex +brotli cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock +dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2 +ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness +lbmethod_heartbeat log_config log_forensic logio lua macro md mime mime_magic negotiation +proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_hcheck proxy_html proxy_http proxy_scgi +proxy_http2 proxy_fcgi proxy_uwsgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout +session session_cookie session_crypto session_dbd setenvif slotmem_shm socache_memcache +socache_shmcb speling status substitute systemd tls unique_id userdir usertrack +unixd version vhost_alias watchdog xml2enc" +# The following are also in the source as of this version, but are not available +# for user selection: +# bucketeer case_filter case_filter_in echo http isapi optional_fn_export +# optional_fn_import optional_hook_export optional_hook_import + +# inter-module dependencies +# TODO: this may still be incomplete +MODULE_DEPENDS=" + auth_form:session + brotli:filter + dav_fs:dav + dav_lock:dav + deflate:filter + cache_disk:cache + ext_filter:filter + file_cache:cache + lbmethod_byrequests:proxy_balancer + lbmethod_byrequests:slotmem_shm + lbmethod_bytraffic:proxy_balancer + lbmethod_bybusyness:proxy_balancer + lbmethod_heartbeat:proxy_balancer + log_forensic:log_config + logio:log_config + cache_disk:cache + cache_socache:cache + md:watchdog + mime_magic:mime + proxy_ajp:proxy + proxy_balancer:proxy + proxy_balancer:slotmem_shm + proxy_connect:proxy + proxy_ftp:proxy + proxy_hcheck:proxy + proxy_hcheck:watchdog + proxy_html:proxy + proxy_html:xml2enc + proxy_http:proxy + proxy_http2:proxy + proxy_scgi:proxy + proxy_uwsgi:proxy + proxy_fcgi:proxy + proxy_wstunnel:proxy + session_cookie:session + session_dbd:dbd + session_dbd:session + socache_memcache:cache + substitute:filter +" + +# module<->define mappings +MODULE_DEFINES=" + auth_digest:AUTH_DIGEST + authnz_ldap:AUTHNZ_LDAP + cache:CACHE + cache_disk:CACHE + cache_socache:CACHE + dav:DAV + dav_fs:DAV + dav_lock:DAV + file_cache:CACHE + http2:HTTP2 + info:INFO + ldap:LDAP + lua:LUA + md:SSL + proxy:PROXY + proxy_ajp:PROXY + proxy_balancer:PROXY + proxy_connect:PROXY + proxy_ftp:PROXY + proxy_html:PROXY + proxy_http:PROXY + proxy_hcheck:PROXY + proxy_fcgi:PROXY + proxy_scgi:PROXY + proxy_wstunnel:PROXY + socache_shmcb:SSL + socache_memcache:CACHE + ssl:SSL + status:STATUS + suexec:SUEXEC + systemd:SYSTEMD + userdir:USERDIR +" + +# critical modules for the default config +MODULE_CRITICAL=" + authn_core + authz_core + authz_host + dir + mime + unixd +" +inherit apache-2 systemd tmpfiles toolchain-funcs + +DESCRIPTION="The Apache Web Server" +HOMEPAGE="https://httpd.apache.org/"; + +# some helper scripts are Apache-1.1, thus both are here +LICENSE="Apache-2.0 Apache-1.1" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x64-macos ~x64-solaris" + +PATCHES=( + "${FILESDIR}"/${PN}-2.4.57-libressl.patch + "${FILESDIR}"/${PN}-2.4.54-no-which.patch # bug #844868 + "${FILESDIR}"/${PN}-2.4.54-libtool.patch # bug #858836 + "${FILESDIR}"/${P}-rustls-ffi-0.10.0.patch # bug #906523 +) + +pkg_setup() { + # dependent critical modules which are not allowed in global scope due + # to USE flag conditionals (bug #499260) + use ssl && MODULE_CRITICAL+=" socache_shmcb" + use doc && MODULE_CRITICAL+=" alias negotiation setenvif" + apache-2_pkg_setup +} + +src_configure() { + # Brain dead check. + tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no" + + apache-2_src_configure +} + +src_compile() { + if tc-is-cross-compiler ; then + # This header is the same across targets, so use the build compiler. + pushd server >/dev/null + emake gen_test_char + tc-export_build_env BUILD_CC + ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \ + gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die + popd >/dev/null + fi + + default +} + +src_install() { + apache-2_src_install + local i + local apache_tools_prune_list=( + /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm} + /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs} + /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1} + /usr/share/man/man8/{rotatelogs.8,htcacheclean.8} + ) + for i in ${apache_tools_prune_list[@]} ; do + rm "${ED}"/${i} || die "Failed to prune apache-tools bits" + done + + # install apxs in /usr/bin (bug #502384) and put a symlink into the + # old location until all ebuilds and eclasses have been modified to + # use the new location. + dobin support/apxs + use split-usr && dosym ../bin/apxs /usr/sbin/apxs + + # Note: wait for mod_systemd to be included in some forthcoming release, + # Then apache2.4.service can be used and systemd support controlled + # through --enable-systemd + systemd_newunit "${FILESDIR}/apache2.4-hardened.service" "apache2.service" + dotmpfiles "${FILESDIR}/apache.conf" + #insinto /etc/apache2/modules.d + #doins "${FILESDIR}/00_systemd.conf" + + # Install http2 module config + insinto /etc/apache2/modules.d + doins "${FILESDIR}"/41_mod_http2.conf + + # Fix path to apache libdir + sed "s|@LIBDIR@|$(get_libdir)|" -i "${ED}"/usr/sbin/apache2ctl || die +} + +pkg_postinst() { + apache-2_pkg_postinst || die "apache-2_pkg_postinst failed" + + tmpfiles_process apache.conf #662544 + + # warnings that default config might not work out of the box + local mod cmod + for mod in ${MODULE_CRITICAL} ; do + if ! use "apache2_modules_${mod}"; then + echo + ewarn "Warning: Critical module not installed!" + ewarn "Modules 'authn_core', 'authz_core' and 'unixd'" + ewarn "are highly recomended but might not be in the base profile yet." + ewarn "Default config for ssl needs module 'socache_shmcb'." + ewarn "Enabling the following flags is highly recommended:" + for cmod in ${MODULE_CRITICAL} ; do + use "apache2_modules_${cmod}" || \ + ewarn "+ apache2_modules_${cmod}" + done + echo + break + fi + done + # warning for proxy_balancer and missing load balancing scheduler + if use apache2_modules_proxy_balancer; then + local lbset= + for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do + if use "apache2_modules_${mod}"; then + lbset=1 && break + fi + done + if [[ ! ${lbset} ]] ; then + echo + ewarn "Info: Missing load balancing scheduler algorithm module" + ewarn "(They were split off from proxy_balancer in 2.3)" + ewarn "In order to get the ability of load balancing, at least" + ewarn "one of these modules has to be present:" + ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" + echo + fi + fi +} diff --git a/www-servers/apache/apache-2.4.57-r2.ebuild b/www-servers/apache/apache-2.4.57-r2.ebuild new file mode 100644 index 0000000..2e76ee9 --- /dev/null +++ b/www-servers/apache/apache-2.4.57-r2.ebuild @@ -0,0 +1,261 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +# latest gentoo apache files +GENTOO_PATCHSTAMP="20230903" +GENTOO_DEVELOPER="graaff" +GENTOO_PATCHNAME="gentoo-apache-2.4.57-r2" + +# IUSE/USE_EXPAND magic +IUSE_MPMS_FORK="prefork" +IUSE_MPMS_THREAD="event worker" + +# << obsolete modules: +# authn_default authz_default mem_cache +# mem_cache is replaced by cache_disk +# ?? buggy modules +# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found +# >> added modules for reason: +# compat: compatibility with 2.2 access control +# authz_host: new module for access control +# authn_core: functionality provided by authn_alias in previous versions +# authz_core: new module, provides core authorization capabilities +# cache_disk: replacement for mem_cache +# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3 +# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3 +# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests). +# socache_shmcb: shared object cache provider. Default config with ssl needs it +# unixd: fixes startup error: Invalid command 'User' +IUSE_MODULES="access_compat actions alias allowmethods asis auth_basic auth_digest auth_form +authn_anon authn_core authn_dbd authn_dbm authn_file authn_socache authz_core +authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex +brotli cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock +dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2 +ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness +lbmethod_heartbeat log_config log_forensic logio lua macro md mime mime_magic negotiation +proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_hcheck proxy_html proxy_http proxy_scgi +proxy_http2 proxy_fcgi proxy_uwsgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout +session session_cookie session_crypto session_dbd setenvif slotmem_shm socache_memcache +socache_shmcb speling status substitute systemd tls unique_id userdir usertrack +unixd version vhost_alias watchdog xml2enc" +# The following are also in the source as of this version, but are not available +# for user selection: +# bucketeer case_filter case_filter_in echo http isapi optional_fn_export +# optional_fn_import optional_hook_export optional_hook_import + +# inter-module dependencies +# TODO: this may still be incomplete +MODULE_DEPENDS=" + auth_form:session + brotli:filter + dav_fs:dav + dav_lock:dav + deflate:filter + cache_disk:cache + ext_filter:filter + file_cache:cache + lbmethod_byrequests:proxy_balancer + lbmethod_byrequests:slotmem_shm + lbmethod_bytraffic:proxy_balancer + lbmethod_bybusyness:proxy_balancer + lbmethod_heartbeat:proxy_balancer + log_forensic:log_config + logio:log_config + cache_disk:cache + cache_socache:cache + md:watchdog + mime_magic:mime + proxy_ajp:proxy + proxy_balancer:proxy + proxy_balancer:slotmem_shm + proxy_connect:proxy + proxy_ftp:proxy + proxy_hcheck:proxy + proxy_hcheck:watchdog + proxy_html:proxy + proxy_html:xml2enc + proxy_http:proxy + proxy_http2:proxy + proxy_scgi:proxy + proxy_uwsgi:proxy + proxy_fcgi:proxy + proxy_wstunnel:proxy + session_cookie:session + session_dbd:dbd + session_dbd:session + socache_memcache:cache + substitute:filter +" + +# module<->define mappings +MODULE_DEFINES=" + auth_digest:AUTH_DIGEST + authnz_ldap:AUTHNZ_LDAP + cache:CACHE + cache_disk:CACHE + cache_socache:CACHE + dav:DAV + dav_fs:DAV + dav_lock:DAV + file_cache:CACHE + http2:HTTP2 + info:INFO + ldap:LDAP + lua:LUA + md:SSL + proxy:PROXY + proxy_ajp:PROXY + proxy_balancer:PROXY + proxy_connect:PROXY + proxy_ftp:PROXY + proxy_html:PROXY + proxy_http:PROXY + proxy_hcheck:PROXY + proxy_fcgi:PROXY + proxy_scgi:PROXY + proxy_wstunnel:PROXY + socache_shmcb:SSL + socache_memcache:CACHE + ssl:SSL + status:STATUS + suexec:SUEXEC + systemd:SYSTEMD + userdir:USERDIR +" + +# critical modules for the default config +MODULE_CRITICAL=" + authn_core + authz_core + authz_host + dir + mime + unixd +" +inherit apache-2 systemd tmpfiles toolchain-funcs + +DESCRIPTION="The Apache Web Server" +HOMEPAGE="https://httpd.apache.org/"; + +# some helper scripts are Apache-1.1, thus both are here +LICENSE="Apache-2.0 Apache-1.1" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x64-macos ~x64-solaris" + +PATCHES=( + "${FILESDIR}"/${PN}-2.4.57-libressl.patch + "${FILESDIR}"/${PN}-2.4.54-no-which.patch # bug #844868 + "${FILESDIR}"/${PN}-2.4.54-libtool.patch # bug #858836 + "${FILESDIR}"/${P}-rustls-ffi-0.10.0.patch # bug #906523 +) + +pkg_setup() { + # dependent critical modules which are not allowed in global scope due + # to USE flag conditionals (bug #499260) + use ssl && MODULE_CRITICAL+=" socache_shmcb" + use doc && MODULE_CRITICAL+=" alias negotiation setenvif" + apache-2_pkg_setup +} + +src_configure() { + # Brain dead check. + tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no" + + apache-2_src_configure +} + +src_compile() { + if tc-is-cross-compiler ; then + # This header is the same across targets, so use the build compiler. + pushd server >/dev/null + emake gen_test_char + tc-export_build_env BUILD_CC + ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \ + gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die + popd >/dev/null + fi + + default +} + +src_install() { + apache-2_src_install + local i + local apache_tools_prune_list=( + /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm} + /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs} + /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1} + /usr/share/man/man8/{rotatelogs.8,htcacheclean.8} + ) + for i in ${apache_tools_prune_list[@]} ; do + rm "${ED}"/${i} || die "Failed to prune apache-tools bits" + done + + # install apxs in /usr/bin (bug #502384) and put a symlink into the + # old location until all ebuilds and eclasses have been modified to + # use the new location. + dobin support/apxs + use split-usr && dosym ../bin/apxs /usr/sbin/apxs + + # Note: wait for mod_systemd to be included in some forthcoming release, + # Then apache2.4.service can be used and systemd support controlled + # through --enable-systemd + systemd_newunit "${FILESDIR}/apache2.4-hardened.service" "apache2.service" + dotmpfiles "${FILESDIR}/apache.conf" + #insinto /etc/apache2/modules.d + #doins "${FILESDIR}/00_systemd.conf" + + # Install http2 module config + insinto /etc/apache2/modules.d + doins "${FILESDIR}"/41_mod_http2.conf + + # Fix path to apache libdir + sed "s|@LIBDIR@|$(get_libdir)|" -i "${ED}"/usr/sbin/apache2ctl || die +} + +pkg_postinst() { + apache-2_pkg_postinst || die "apache-2_pkg_postinst failed" + + tmpfiles_process apache.conf #662544 + + # warnings that default config might not work out of the box + local mod cmod + for mod in ${MODULE_CRITICAL} ; do + if ! use "apache2_modules_${mod}"; then + echo + ewarn "Warning: Critical module not installed!" + ewarn "Modules 'authn_core', 'authz_core' and 'unixd'" + ewarn "are highly recomended but might not be in the base profile yet." + ewarn "Default config for ssl needs module 'socache_shmcb'." + ewarn "Enabling the following flags is highly recommended:" + for cmod in ${MODULE_CRITICAL} ; do + use "apache2_modules_${cmod}" || \ + ewarn "+ apache2_modules_${cmod}" + done + echo + break + fi + done + # warning for proxy_balancer and missing load balancing scheduler + if use apache2_modules_proxy_balancer; then + local lbset= + for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do + if use "apache2_modules_${mod}"; then + lbset=1 && break + fi + done + if [[ ! ${lbset} ]] ; then + echo + ewarn "Info: Missing load balancing scheduler algorithm module" + ewarn "(They were split off from proxy_balancer in 2.3)" + ewarn "In order to get the ability of load balancing, at least" + ewarn "one of these modules has to be present:" + ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" + echo + fi + fi +} diff --git a/www-servers/apache/apache-2.4.57-r3.ebuild b/www-servers/apache/apache-2.4.57-r3.ebuild new file mode 100644 index 0000000..942378a --- /dev/null +++ b/www-servers/apache/apache-2.4.57-r3.ebuild @@ -0,0 +1,258 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +# latest gentoo apache files +GENTOO_PATCHSTAMP="20230903" +GENTOO_DEVELOPER="graaff" +GENTOO_PATCHNAME="gentoo-apache-2.4.57-r3" + +# IUSE/USE_EXPAND magic +IUSE_MPMS_FORK="prefork" +IUSE_MPMS_THREAD="event worker" + +# << obsolete modules: +# authn_default authz_default mem_cache +# mem_cache is replaced by cache_disk +# ?? buggy modules +# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found +# >> added modules for reason: +# compat: compatibility with 2.2 access control +# authz_host: new module for access control +# authn_core: functionality provided by authn_alias in previous versions +# authz_core: new module, provides core authorization capabilities +# cache_disk: replacement for mem_cache +# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3 +# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3 +# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests). +# socache_shmcb: shared object cache provider. Default config with ssl needs it +# unixd: fixes startup error: Invalid command 'User' +IUSE_MODULES="access_compat actions alias allowmethods asis auth_basic auth_digest auth_form +authn_anon authn_core authn_dbd authn_dbm authn_file authn_socache authz_core +authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex +brotli cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock +dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2 +ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness +lbmethod_heartbeat log_config log_forensic logio lua macro md mime mime_magic negotiation +proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_hcheck proxy_html proxy_http proxy_scgi +proxy_http2 proxy_fcgi proxy_uwsgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout +session session_cookie session_crypto session_dbd setenvif slotmem_shm socache_memcache +socache_shmcb speling status substitute systemd tls unique_id userdir usertrack +unixd version vhost_alias watchdog xml2enc" +# The following are also in the source as of this version, but are not available +# for user selection: +# bucketeer case_filter case_filter_in echo http isapi optional_fn_export +# optional_fn_import optional_hook_export optional_hook_import + +# inter-module dependencies +# TODO: this may still be incomplete +MODULE_DEPENDS=" + auth_form:session + brotli:filter + dav_fs:dav + dav_lock:dav + deflate:filter + cache_disk:cache + ext_filter:filter + file_cache:cache + lbmethod_byrequests:proxy_balancer + lbmethod_byrequests:slotmem_shm + lbmethod_bytraffic:proxy_balancer + lbmethod_bybusyness:proxy_balancer + lbmethod_heartbeat:proxy_balancer + log_forensic:log_config + logio:log_config + cache_disk:cache + cache_socache:cache + md:watchdog + mime_magic:mime + proxy_ajp:proxy + proxy_balancer:proxy + proxy_balancer:slotmem_shm + proxy_connect:proxy + proxy_ftp:proxy + proxy_hcheck:proxy + proxy_hcheck:watchdog + proxy_html:proxy + proxy_html:xml2enc + proxy_http:proxy + proxy_http2:proxy + proxy_scgi:proxy + proxy_uwsgi:proxy + proxy_fcgi:proxy + proxy_wstunnel:proxy + session_cookie:session + session_dbd:dbd + session_dbd:session + socache_memcache:cache + substitute:filter +" + +# module<->define mappings +MODULE_DEFINES=" + auth_digest:AUTH_DIGEST + authnz_ldap:AUTHNZ_LDAP + cache:CACHE + cache_disk:CACHE + cache_socache:CACHE + dav:DAV + dav_fs:DAV + dav_lock:DAV + file_cache:CACHE + http2:HTTP2 + info:INFO + ldap:LDAP + lua:LUA + md:SSL + proxy:PROXY + proxy_ajp:PROXY + proxy_balancer:PROXY + proxy_connect:PROXY + proxy_ftp:PROXY + proxy_html:PROXY + proxy_http:PROXY + proxy_hcheck:PROXY + proxy_fcgi:PROXY + proxy_scgi:PROXY + proxy_wstunnel:PROXY + socache_shmcb:SSL + socache_memcache:CACHE + ssl:SSL + status:STATUS + suexec:SUEXEC + systemd:SYSTEMD + userdir:USERDIR +" + +# critical modules for the default config +MODULE_CRITICAL=" + authn_core + authz_core + authz_host + dir + mime + unixd +" +inherit apache-2 systemd tmpfiles toolchain-funcs + +DESCRIPTION="The Apache Web Server" +HOMEPAGE="https://httpd.apache.org/"; + +# some helper scripts are Apache-1.1, thus both are here +LICENSE="Apache-2.0 Apache-1.1" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x64-macos ~x64-solaris" + +PATCHES=( + "${FILESDIR}"/${PN}-2.4.57-libressl.patch +) + +pkg_setup() { + # dependent critical modules which are not allowed in global scope due + # to USE flag conditionals (bug #499260) + use ssl && MODULE_CRITICAL+=" socache_shmcb" + use doc && MODULE_CRITICAL+=" alias negotiation setenvif" + apache-2_pkg_setup +} + +src_configure() { + # Brain dead check. + tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no" + + apache-2_src_configure +} + +src_compile() { + if tc-is-cross-compiler ; then + # This header is the same across targets, so use the build compiler. + pushd server >/dev/null + emake gen_test_char + tc-export_build_env BUILD_CC + ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \ + gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die + popd >/dev/null + fi + + default +} + +src_install() { + apache-2_src_install + local i + local apache_tools_prune_list=( + /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm} + /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs} + /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1} + /usr/share/man/man8/{rotatelogs.8,htcacheclean.8} + ) + for i in ${apache_tools_prune_list[@]} ; do + rm "${ED}"/${i} || die "Failed to prune apache-tools bits" + done + + # install apxs in /usr/bin (bug #502384) and put a symlink into the + # old location until all ebuilds and eclasses have been modified to + # use the new location. + dobin support/apxs + use split-usr && dosym ../bin/apxs /usr/sbin/apxs + + # Note: wait for mod_systemd to be included in some forthcoming release, + # Then apache2.4.service can be used and systemd support controlled + # through --enable-systemd + systemd_newunit "${FILESDIR}/apache2.4-hardened.service" "apache2.service" + dotmpfiles "${FILESDIR}/apache.conf" + #insinto /etc/apache2/modules.d + #doins "${FILESDIR}/00_systemd.conf" + + # Install http2 module config + insinto /etc/apache2/modules.d + doins "${FILESDIR}"/41_mod_http2.conf + + # Fix path to apache libdir + sed "s|@LIBDIR@|$(get_libdir)|" -i "${ED}"/usr/sbin/apache2ctl || die +} + +pkg_postinst() { + apache-2_pkg_postinst || die "apache-2_pkg_postinst failed" + + tmpfiles_process apache.conf #662544 + + # warnings that default config might not work out of the box + local mod cmod + for mod in ${MODULE_CRITICAL} ; do + if ! use "apache2_modules_${mod}"; then + echo + ewarn "Warning: Critical module not installed!" + ewarn "Modules 'authn_core', 'authz_core' and 'unixd'" + ewarn "are highly recomended but might not be in the base profile yet." + ewarn "Default config for ssl needs module 'socache_shmcb'." + ewarn "Enabling the following flags is highly recommended:" + for cmod in ${MODULE_CRITICAL} ; do + use "apache2_modules_${cmod}" || \ + ewarn "+ apache2_modules_${cmod}" + done + echo + break + fi + done + # warning for proxy_balancer and missing load balancing scheduler + if use apache2_modules_proxy_balancer; then + local lbset= + for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do + if use "apache2_modules_${mod}"; then + lbset=1 && break + fi + done + if [[ ! ${lbset} ]] ; then + echo + ewarn "Info: Missing load balancing scheduler algorithm module" + ewarn "(They were split off from proxy_balancer in 2.3)" + ewarn "In order to get the ability of load balancing, at least" + ewarn "one of these modules has to be present:" + ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" + echo + fi + fi +} diff --git a/www-servers/apache/apache-2.4.57-r4.ebuild b/www-servers/apache/apache-2.4.57-r4.ebuild new file mode 100644 index 0000000..11dca18 --- /dev/null +++ b/www-servers/apache/apache-2.4.57-r4.ebuild @@ -0,0 +1,260 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +# latest gentoo apache files +GENTOO_PATCHSTAMP="20230903" +GENTOO_DEVELOPER="graaff" +GENTOO_PATCHNAME="gentoo-apache-2.4.57-r3" + +# IUSE/USE_EXPAND magic +IUSE_MPMS_FORK="prefork" +IUSE_MPMS_THREAD="event worker" + +# << obsolete modules: +# authn_default authz_default mem_cache +# mem_cache is replaced by cache_disk +# ?? buggy modules +# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found +# >> added modules for reason: +# compat: compatibility with 2.2 access control +# authz_host: new module for access control +# authn_core: functionality provided by authn_alias in previous versions +# authz_core: new module, provides core authorization capabilities +# cache_disk: replacement for mem_cache +# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3 +# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3 +# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests). +# socache_shmcb: shared object cache provider. Default config with ssl needs it +# unixd: fixes startup error: Invalid command 'User' +IUSE_MODULES="access_compat actions alias allowmethods asis auth_basic auth_digest auth_form +authn_anon authn_core authn_dbd authn_dbm authn_file authn_socache authz_core +authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex +brotli cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock +dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2 +ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness +lbmethod_heartbeat log_config log_forensic logio lua macro md mime mime_magic negotiation +proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_hcheck proxy_html proxy_http proxy_scgi +proxy_http2 proxy_fcgi proxy_uwsgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout +session session_cookie session_crypto session_dbd setenvif slotmem_shm socache_memcache +socache_shmcb speling status substitute systemd tls unique_id userdir usertrack +unixd version vhost_alias watchdog xml2enc" +# The following are also in the source as of this version, but are not available +# for user selection: +# bucketeer case_filter case_filter_in echo http isapi optional_fn_export +# optional_fn_import optional_hook_export optional_hook_import + +# inter-module dependencies +# TODO: this may still be incomplete +MODULE_DEPENDS=" + auth_form:session + brotli:filter + dav_fs:dav + dav_lock:dav + deflate:filter + cache_disk:cache + ext_filter:filter + file_cache:cache + lbmethod_byrequests:proxy_balancer + lbmethod_byrequests:slotmem_shm + lbmethod_bytraffic:proxy_balancer + lbmethod_bybusyness:proxy_balancer + lbmethod_heartbeat:proxy_balancer + log_forensic:log_config + logio:log_config + cache_disk:cache + cache_socache:cache + md:watchdog + mime_magic:mime + proxy_ajp:proxy + proxy_balancer:proxy + proxy_balancer:slotmem_shm + proxy_connect:proxy + proxy_ftp:proxy + proxy_hcheck:proxy + proxy_hcheck:watchdog + proxy_html:proxy + proxy_html:xml2enc + proxy_http:proxy + proxy_http2:proxy + proxy_scgi:proxy + proxy_uwsgi:proxy + proxy_fcgi:proxy + proxy_wstunnel:proxy + session_cookie:session + session_dbd:dbd + session_dbd:session + socache_memcache:cache + substitute:filter +" + +# module<->define mappings +MODULE_DEFINES=" + auth_digest:AUTH_DIGEST + authnz_ldap:AUTHNZ_LDAP + cache:CACHE + cache_disk:CACHE + cache_socache:CACHE + dav:DAV + dav_fs:DAV + dav_lock:DAV + file_cache:CACHE + http2:HTTP2 + info:INFO + ldap:LDAP + lua:LUA + md:SSL + proxy:PROXY + proxy_ajp:PROXY + proxy_balancer:PROXY + proxy_connect:PROXY + proxy_fcgi:PROXY + proxy_ftp:PROXY + proxy_hcheck:PROXY + proxy_html:PROXY + proxy_http:PROXY + proxy_http2:PROXY + proxy_scgi:PROXY + proxy_uswgi:PROXY + proxy_wstunnel:PROXY + socache_shmcb:SSL + socache_memcache:CACHE + ssl:SSL + status:STATUS + suexec:SUEXEC + systemd:SYSTEMD + userdir:USERDIR +" + +# critical modules for the default config +MODULE_CRITICAL=" + authn_core + authz_core + authz_host + dir + mime + unixd +" +inherit apache-2 systemd tmpfiles toolchain-funcs + +DESCRIPTION="The Apache Web Server" +HOMEPAGE="https://httpd.apache.org/"; + +# some helper scripts are Apache-1.1, thus both are here +LICENSE="Apache-2.0 Apache-1.1" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x64-macos ~x64-solaris" + +PATCHES=( + "${FILESDIR}"/${PN}-2.4.57-libressl.patch +) + +pkg_setup() { + # dependent critical modules which are not allowed in global scope due + # to USE flag conditionals (bug #499260) + use ssl && MODULE_CRITICAL+=" socache_shmcb" + use doc && MODULE_CRITICAL+=" alias negotiation setenvif" + apache-2_pkg_setup +} + +src_configure() { + # Brain dead check. + tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no" + + apache-2_src_configure +} + +src_compile() { + if tc-is-cross-compiler ; then + # This header is the same across targets, so use the build compiler. + pushd server >/dev/null + emake gen_test_char + tc-export_build_env BUILD_CC + ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \ + gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die + popd >/dev/null + fi + + default +} + +src_install() { + apache-2_src_install + local i + local apache_tools_prune_list=( + /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm} + /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs} + /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1} + /usr/share/man/man8/{rotatelogs.8,htcacheclean.8} + ) + for i in ${apache_tools_prune_list[@]} ; do + rm "${ED}"/${i} || die "Failed to prune apache-tools bits" + done + + # install apxs in /usr/bin (bug #502384) and put a symlink into the + # old location until all ebuilds and eclasses have been modified to + # use the new location. + dobin support/apxs + use split-usr && dosym ../bin/apxs /usr/sbin/apxs + + # Note: wait for mod_systemd to be included in some forthcoming release, + # Then apache2.4.service can be used and systemd support controlled + # through --enable-systemd + systemd_newunit "${FILESDIR}/apache2.4-hardened.service" "apache2.service" + dotmpfiles "${FILESDIR}/apache.conf" + #insinto /etc/apache2/modules.d + #doins "${FILESDIR}/00_systemd.conf" + + # Install http2 module config + insinto /etc/apache2/modules.d + doins "${FILESDIR}"/41_mod_http2.conf + + # Fix path to apache libdir + sed "s|@LIBDIR@|$(get_libdir)|" -i "${ED}"/usr/sbin/apache2ctl || die +} + +pkg_postinst() { + apache-2_pkg_postinst || die "apache-2_pkg_postinst failed" + + tmpfiles_process apache.conf #662544 + + # warnings that default config might not work out of the box + local mod cmod + for mod in ${MODULE_CRITICAL} ; do + if ! use "apache2_modules_${mod}"; then + echo + ewarn "Warning: Critical module not installed!" + ewarn "Modules 'authn_core', 'authz_core' and 'unixd'" + ewarn "are highly recomended but might not be in the base profile yet." + ewarn "Default config for ssl needs module 'socache_shmcb'." + ewarn "Enabling the following flags is highly recommended:" + for cmod in ${MODULE_CRITICAL} ; do + use "apache2_modules_${cmod}" || \ + ewarn "+ apache2_modules_${cmod}" + done + echo + break + fi + done + # warning for proxy_balancer and missing load balancing scheduler + if use apache2_modules_proxy_balancer; then + local lbset= + for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do + if use "apache2_modules_${mod}"; then + lbset=1 && break + fi + done + if [[ ! ${lbset} ]] ; then + echo + ewarn "Info: Missing load balancing scheduler algorithm module" + ewarn "(They were split off from proxy_balancer in 2.3)" + ewarn "In order to get the ability of load balancing, at least" + ewarn "one of these modules has to be present:" + ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" + echo + fi + fi +} diff --git a/www-servers/apache/apache-2.4.57.ebuild b/www-servers/apache/apache-2.4.57.ebuild new file mode 100644 index 0000000..1479520 --- /dev/null +++ b/www-servers/apache/apache-2.4.57.ebuild @@ -0,0 +1,261 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +# latest gentoo apache files +GENTOO_PATCHSTAMP="20210212" +GENTOO_DEVELOPER="polynomial-c" +GENTOO_PATCHNAME="gentoo-apache-2.4.46-r6" + +# IUSE/USE_EXPAND magic +IUSE_MPMS_FORK="prefork" +IUSE_MPMS_THREAD="event worker" + +# << obsolete modules: +# authn_default authz_default mem_cache +# mem_cache is replaced by cache_disk +# ?? buggy modules +# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found +# >> added modules for reason: +# compat: compatibility with 2.2 access control +# authz_host: new module for access control +# authn_core: functionality provided by authn_alias in previous versions +# authz_core: new module, provides core authorization capabilities +# cache_disk: replacement for mem_cache +# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3 +# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3 +# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3 +# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests). +# socache_shmcb: shared object cache provider. Default config with ssl needs it +# unixd: fixes startup error: Invalid command 'User' +IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest auth_form +authn_anon authn_core authn_dbd authn_dbm authn_file authn_socache authz_core +authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex +brotli cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock +dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2 +ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness +lbmethod_heartbeat log_config log_forensic logio lua macro md mime mime_magic negotiation +proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_hcheck proxy_html proxy_http proxy_scgi +proxy_http2 proxy_fcgi proxy_uwsgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout +session session_cookie session_crypto session_dbd setenvif slotmem_shm socache_memcache +socache_shmcb speling status substitute systemd tls unique_id userdir usertrack +unixd version vhost_alias watchdog xml2enc" +# The following are also in the source as of this version, but are not available +# for user selection: +# bucketeer case_filter case_filter_in echo http isapi optional_fn_export +# optional_fn_import optional_hook_export optional_hook_import + +# inter-module dependencies +# TODO: this may still be incomplete +MODULE_DEPENDS=" + auth_form:session + brotli:filter + dav_fs:dav + dav_lock:dav + deflate:filter + cache_disk:cache + ext_filter:filter + file_cache:cache + lbmethod_byrequests:proxy_balancer + lbmethod_byrequests:slotmem_shm + lbmethod_bytraffic:proxy_balancer + lbmethod_bybusyness:proxy_balancer + lbmethod_heartbeat:proxy_balancer + log_forensic:log_config + logio:log_config + cache_disk:cache + cache_socache:cache + md:watchdog + mime_magic:mime + proxy_ajp:proxy + proxy_balancer:proxy + proxy_balancer:slotmem_shm + proxy_connect:proxy + proxy_ftp:proxy + proxy_hcheck:proxy + proxy_hcheck:watchdog + proxy_html:proxy + proxy_html:xml2enc + proxy_http:proxy + proxy_http2:proxy + proxy_scgi:proxy + proxy_uwsgi:proxy + proxy_fcgi:proxy + proxy_wstunnel:proxy + session_cookie:session + session_dbd:dbd + session_dbd:session + socache_memcache:cache + substitute:filter +" + +# module<->define mappings +MODULE_DEFINES=" + auth_digest:AUTH_DIGEST + authnz_ldap:AUTHNZ_LDAP + cache:CACHE + cache_disk:CACHE + cache_socache:CACHE + dav:DAV + dav_fs:DAV + dav_lock:DAV + file_cache:CACHE + http2:HTTP2 + info:INFO + ldap:LDAP + lua:LUA + md:SSL + proxy:PROXY + proxy_ajp:PROXY + proxy_balancer:PROXY + proxy_connect:PROXY + proxy_ftp:PROXY + proxy_html:PROXY + proxy_http:PROXY + proxy_hcheck:PROXY + proxy_fcgi:PROXY + proxy_scgi:PROXY + proxy_wstunnel:PROXY + socache_shmcb:SSL + socache_memcache:CACHE + ssl:SSL + status:STATUS + suexec:SUEXEC + systemd:SYSTEMD + userdir:USERDIR +" + +# critical modules for the default config +MODULE_CRITICAL=" + authn_core + authz_core + authz_host + dir + mime + unixd +" +inherit apache-2 systemd tmpfiles toolchain-funcs + +DESCRIPTION="The Apache Web Server" +HOMEPAGE="https://httpd.apache.org/"; + +# some helper scripts are Apache-1.1, thus both are here +LICENSE="Apache-2.0 Apache-1.1" +SLOT="2" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x64-macos ~x64-solaris" + +PATCHES=( + "${FILESDIR}"/${PN}-2.4.57-libressl.patch + "${FILESDIR}"/${PN}-2.4.54-no-which.patch # bug #844868 + "${FILESDIR}"/${PN}-2.4.54-libtool.patch # bug #858836 + "${FILESDIR}"/${P}-rustls-ffi-0.10.0.patch # bug #906523 +) + +pkg_setup() { + # dependent critical modules which are not allowed in global scope due + # to USE flag conditionals (bug #499260) + use ssl && MODULE_CRITICAL+=" socache_shmcb" + use doc && MODULE_CRITICAL+=" alias negotiation setenvif" + apache-2_pkg_setup +} + +src_configure() { + # Brain dead check. + tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no" + + apache-2_src_configure +} + +src_compile() { + if tc-is-cross-compiler ; then + # This header is the same across targets, so use the build compiler. + pushd server >/dev/null + emake gen_test_char + tc-export_build_env BUILD_CC + ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \ + gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die + popd >/dev/null + fi + + default +} + +src_install() { + apache-2_src_install + local i + local apache_tools_prune_list=( + /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm} + /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs} + /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1} + /usr/share/man/man8/{rotatelogs.8,htcacheclean.8} + ) + for i in ${apache_tools_prune_list[@]} ; do + rm "${ED}"/${i} || die "Failed to prune apache-tools bits" + done + + # install apxs in /usr/bin (bug #502384) and put a symlink into the + # old location until all ebuilds and eclasses have been modified to + # use the new location. + dobin support/apxs + use split-usr && dosym ../bin/apxs /usr/sbin/apxs + + # Note: wait for mod_systemd to be included in some forthcoming release, + # Then apache2.4.service can be used and systemd support controlled + # through --enable-systemd + systemd_newunit "${FILESDIR}/apache2.4-hardened.service" "apache2.service" + dotmpfiles "${FILESDIR}/apache.conf" + #insinto /etc/apache2/modules.d + #doins "${FILESDIR}/00_systemd.conf" + + # Install http2 module config + insinto /etc/apache2/modules.d + doins "${FILESDIR}"/41_mod_http2.conf + + # Fix path to apache libdir + sed "s|@LIBDIR@|$(get_libdir)|" -i "${ED}"/usr/sbin/apache2ctl || die +} + +pkg_postinst() { + apache-2_pkg_postinst || die "apache-2_pkg_postinst failed" + + tmpfiles_process apache.conf #662544 + + # warnings that default config might not work out of the box + local mod cmod + for mod in ${MODULE_CRITICAL} ; do + if ! use "apache2_modules_${mod}"; then + echo + ewarn "Warning: Critical module not installed!" + ewarn "Modules 'authn_core', 'authz_core' and 'unixd'" + ewarn "are highly recomended but might not be in the base profile yet." + ewarn "Default config for ssl needs module 'socache_shmcb'." + ewarn "Enabling the following flags is highly recommended:" + for cmod in ${MODULE_CRITICAL} ; do + use "apache2_modules_${cmod}" || \ + ewarn "+ apache2_modules_${cmod}" + done + echo + break + fi + done + # warning for proxy_balancer and missing load balancing scheduler + if use apache2_modules_proxy_balancer; then + local lbset= + for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do + if use "apache2_modules_${mod}"; then + lbset=1 && break + fi + done + if [[ ! ${lbset} ]] ; then + echo + ewarn "Info: Missing load balancing scheduler algorithm module" + ewarn "(They were split off from proxy_balancer in 2.3)" + ewarn "In order to get the ability of load balancing, at least" + ewarn "one of these modules has to be present:" + ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" + echo + fi + fi +} diff --git a/www-servers/apache/files/41_mod_http2.conf b/www-servers/apache/files/41_mod_http2.conf new file mode 100644 index 0000000..e4c9454 --- /dev/null +++ b/www-servers/apache/files/41_mod_http2.conf @@ -0,0 +1,9 @@ +<IfDefine SSL> + <IfModule http2_module> + # enable debugging for this module + #LogLevel http2:info + + #Enable HTTP/2 support + Protocols h2 h2c http/1.1 + </IfModule> +</IfDefine> diff --git a/www-servers/apache/files/apache-2.4.54-libtool.patch b/www-servers/apache/files/apache-2.4.54-libtool.patch new file mode 100644 index 0000000..a0d55d8 --- /dev/null +++ b/www-servers/apache/files/apache-2.4.54-libtool.patch @@ -0,0 +1,21 @@ +Bug: https://bugs.gentoo.org/858836 + +From: orbea <[email protected]> +Date: Tue, 19 Jul 2022 07:46:36 -0700 +Subject: [PATCH] build: Fix the build with slibtool + +Adding LT_INIT to configure.in generates the libtool script in the build +directory which is required by rlibtool to determine if the build is +shared or static. + +--- a/configure.in ++++ b/configure.in +@@ -398,7 +398,7 @@ AC_PATH_PROG(RSYNC, rsync) + AC_PATH_PROG(SVN, svn) + AC_PROG_AWK + AC_PROG_LN_S +-AC_CHECK_TOOL(RANLIB, ranlib, true) ++LT_INIT + dnl AC_PATH_PROG(PERL_PATH, perl) + AC_CHECK_PROGS(LYNX_PATH,[lynx links elinks], [lynx]) + diff --git a/www-servers/apache/files/apache-2.4.54-no-which.patch b/www-servers/apache/files/apache-2.4.54-no-which.patch new file mode 100644 index 0000000..65764df --- /dev/null +++ b/www-servers/apache/files/apache-2.4.54-no-which.patch @@ -0,0 +1,54 @@ +https://bugs.gentoo.org/844868 +https://bz.apache.org/bugzilla/show_bug.cgi?id=66130 +--- a/build/aix/buildaix.ksh ++++ b/build/aix/buildaix.ksh +@@ -26,14 +26,14 @@ export CFLAGS='-O2 -qlanglvl=extc99' + lslpp -L bos.adt.insttools >/dev/null + [[ $? -ne 0 ]] && echo "must have bos.adt.insttools installed" && exit -1 + +-apr_config=`which apr-1-config` +-apu_config=`which apu-1-config` ++apr_config=`command -v apr-1-config 2>/dev/null` ++apu_config=`command -v apu-1-config 2>/dev/null` + + if [[ -z ${apr_config} && -z ${apu_config} ]] + then + export PATH=/opt/bin:${PATH} +- apr_config=`which apr-1-config` +- apu_config=`which apu-1-config` ++ apr_config=`command -v apr-1-config 2>/dev/null` ++ apu_config=`command -v apu-1-config 2>/dev/null` + fi + + while test $# -gt 0 +--- a/build/pkg/buildpkg.sh ++++ b/build/pkg/buildpkg.sh +@@ -24,8 +24,8 @@ PREFIX=/usr/local/apache2 + TEMPDIR=/var/tmp/$USER/httpd-root + rm -rf $TEMPDIR + +-apr_config=`which apr-1-config` +-apu_config=`which apu-1-config` ++apr_config=`command -v apr-1-config 2>/dev/null` ++apu_config=`command -v apu-1-config 2>/dev/null` + + while test $# -gt 0 + do +--- a/configure.in ++++ b/configure.in +@@ -216,13 +216,13 @@ AC_ARG_WITH(pcre, + APACHE_HELP_STRING(--with-pcre=PATH,Use external PCRE library)) + if test "x$with_pcre" = "x" || test "$with_pcre" = "yes"; then + with_pcre="$PATH" +-else if which $with_pcre 2>/dev/null; then :; else ++else if command -v $with_pcre 2>/dev/null; then :; else + with_pcre="$with_pcre/bin:$with_pcre" + fi + fi + + AC_CHECK_TARGET_TOOLS(PCRE_CONFIG, [pcre2-config pcre-config], +- [`which $with_pcre 2>/dev/null`], $with_pcre) ++ [`command -v $with_pcre 2>/dev/null`], $with_pcre) + + if test "x$PCRE_CONFIG" != "x"; then + if $PCRE_CONFIG --version >/dev/null 2>&1; then :; else diff --git a/www-servers/apache/files/apache-2.4.57-libressl.patch b/www-servers/apache/files/apache-2.4.57-libressl.patch new file mode 100644 index 0000000..8be5a55 --- /dev/null +++ b/www-servers/apache/files/apache-2.4.57-libressl.patch @@ -0,0 +1,40 @@ +https://github.com/apache/httpd/pull/384 + +From: orbea <[email protected]> +Date: Thu, 7 Sep 2023 12:52:13 -0700 +Subject: [PATCH] acinclude.m4: test for OPENSSL_NO_ENGINE + +With >= LibreSSL 3.8.1 the engine code has been removed and +OPENSSL_NO_ENGINE has been defined, testing for this define during +configure will prevent implicit function declarations when using an ssl +implementation with the engine code disabled or removed. +--- + acinclude.m4 | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -587,10 +587,22 @@ AC_DEFUN([APACHE_CHECK_OPENSSL],[ + + dnl Run library and function checks + liberrors="" ++ AC_TRY_COMPILE([#include <openssl/opensslconf.h>],[ ++#if defined(OPENSSL_NO_ENGINE) ++#error "Engine support disabled in <openssl/opensslconf.h>" ++#endif], ++ [AC_MSG_RESULT(OK) ++ ac_cv_openssl_engine=yes], ++ [AC_MSG_RESULT(FAILED)]) + AC_CHECK_HEADERS([openssl/engine.h]) + AC_CHECK_FUNCS([SSL_CTX_new], [], [liberrors="yes"]) + AC_CHECK_FUNCS([OPENSSL_init_ssl]) +- AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines RAND_egd]) ++ AC_CHECK_FUNCS([ENGINE_load_builtin_engines RAND_egd]) ++ if test "x$ac_cv_openssl_engine" = "xyes"; then ++ AC_CHECK_FUNCS([ENGINE_init]) ++ else ++ AC_MSG_WARN([OpenSSL engine support disabled]) ++ fi + if test "x$liberrors" != "x"; then + AC_MSG_WARN([OpenSSL libraries are unusable]) + fi diff --git a/www-servers/apache/files/apache-2.4.57-rustls-ffi-0.10.0.patch b/www-servers/apache/files/apache-2.4.57-rustls-ffi-0.10.0.patch new file mode 100644 index 0000000..81869f7 --- /dev/null +++ b/www-servers/apache/files/apache-2.4.57-rustls-ffi-0.10.0.patch @@ -0,0 +1,51 @@ +https://github.com/apache/httpd/commit/0495a95f511c0bc7f34dc1b706d6d8276865743b +https://bugs.gentoo.org/906523 + +From 0495a95f511c0bc7f34dc1b706d6d8276865743b Mon Sep 17 00:00:00 2001 +From: Stefan Eissing <[email protected]> +Date: Tue, 2 May 2023 09:21:07 +0000 +Subject: [PATCH] Backport of r1909558 from trunk: + + *) mod_tls: updating to rustls-ffi version 0.9.2 or higher. + Checking in configure for proper version installed. Code + fixes for changed clienthello member name. + + + +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1909561 13f79535-47bb-0310-9956-ffa450edef68 +--- /dev/null ++++ b/changes-entries/tls-rustls-update.txt +@@ -0,0 +1,4 @@ ++ *) mod_tls: updating to rustls-ffi version 0.9.2 or higher. ++ Checking in configure for proper version installed. Code ++ fixes for changed clienthello member name. ++ [Stefan Eissing] +\ No newline at end of file +--- a/modules/tls/config2.m4 ++++ b/modules/tls/config2.m4 +@@ -109,9 +109,10 @@ AC_DEFUN([APACHE_CHECK_RUSTLS],[ + fi + fi + +- AC_MSG_CHECKING([for rustls version >= 0.8.2]) ++ AC_MSG_CHECKING([for rustls version >= 0.9.2]) + AC_TRY_COMPILE([#include <rustls.h>],[ + rustls_version(); ++rustls_acceptor_new(); + ], + [AC_MSG_RESULT(OK) + ac_cv_rustls=yes], +--- a/modules/tls/tls_core.c ++++ b/modules/tls/tls_core.c +@@ -507,8 +507,8 @@ static const rustls_certified_key *extract_client_hello_values( + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, "extract client hello values"); + if (!cc) goto cleanup; + cc->client_hello_seen = 1; +- if (hello->sni_name.len > 0) { +- cc->sni_hostname = apr_pstrndup(c->pool, hello->sni_name.data, hello->sni_name.len); ++ if (hello->server_name.len > 0) { ++ cc->sni_hostname = apr_pstrndup(c->pool, hello->server_name.data, hello->server_name.len); + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, "sni detected: %s", cc->sni_hostname); + } + else { + diff --git a/www-servers/apache/files/apache.conf b/www-servers/apache/files/apache.conf new file mode 100644 index 0000000..74888d8 --- /dev/null +++ b/www-servers/apache/files/apache.conf @@ -0,0 +1,3 @@ +d /run/apache2 710 root apache +d /run/apache_ssl_mutex +d /var/cache/apache2 750 apache apache diff --git a/www-servers/apache/files/apache2.4-hardened.service b/www-servers/apache/files/apache2.4-hardened.service new file mode 100644 index 0000000..fe66567 --- /dev/null +++ b/www-servers/apache/files/apache2.4-hardened.service @@ -0,0 +1,25 @@ +[Unit] +Description=The Apache HTTP Server +After=network.target remote-fs.target nss-lookup.target + +[Service] +EnvironmentFile=/etc/conf.d/apache2 +ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND +ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful +ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop +# We want systemd to give httpd some time to finish gracefully, but still want +# it to kill httpd after TimeoutStopSec if something went wrong during the +# graceful stop. Normally, Systemd sends SIGTERM signal right after the +# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give +# httpd time to finish. +KillSignal=SIGCONT +PrivateTmp=true +#Hardening +CapabilityBoundingSet=CAP_CHOWN CAP_SETGID CAP_SETUID CAP_DAC_OVERRIDE CAP_KILL CAP_NET_BIND_SERVICE CAP_IPC_LOCK +SecureBits=noroot-locked +ProtectSystem=full +PrivateDevices=true +MemoryDenyWriteExecute=true + +[Install] +WantedBy=multi-user.target diff --git a/www-servers/apache/metadata.xml b/www-servers/apache/metadata.xml new file mode 100644 index 0000000..2c46080 --- /dev/null +++ b/www-servers/apache/metadata.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <maintainer type="project"> + <email>[email protected]</email> + <name>Apache project</name> + </maintainer> + <longdescription> + The Apache HTTP Server Project is an effort to develop and maintain an + open-source HTTP server for modern operating systems. The goal of this + project is to provide a secure, efficient and extensible server that + provides HTTP services in sync with the current HTTP standards. + </longdescription> + <use> + <flag name="suexec">Install suexec with apache</flag> + <flag name="suexec-caps">Install suexec with capabilities instead of SUID</flag> + <flag name="suexec-syslog">Log suexec to syslog instead of to a separate file</flag> + <flag name="static">Link in apache2 modules statically rather then plugins</flag> + </use> + <upstream> + <remote-id type="github">apache/httpd</remote-id> + </upstream> +</pkgmetadata>
