wok annotate apache/receipt @ rev 18584

apache: disable SSLSessionCache
author Pascal Bellard <pascal.bellard@slitaz.org>
date Thu Nov 12 16:05:44 2015 +0100 (2015-11-12)
parents 903156784651
children fb5d18e72609
rev   line source
pascal@1313 1 # SliTaz package receipt.
pascal@1313 2
pascal@1313 3 PACKAGE="apache"
pascal@18267 4 VERSION="2.4.16"
pascal@1313 5 CATEGORY="network"
pascal@1313 6 SHORT_DESC="Secure, efficient and extensible HTTP server."
pascal@1313 7 MAINTAINER="pascal.bellard@slitaz.org"
pascal@15361 8 LICENSE="Apache"
pascal@1313 9 SOURCE="httpd"
pascal@1313 10 TARBALL="$SOURCE-$VERSION.tar.bz2"
pascal@1313 11 WEB_SITE="http://www.apache.org/"
pascal@1313 12 WGET_URL="${WEB_SITE}dist/$SOURCE/$TARBALL"
pascal@1906 13 CONFIG_FILES="/etc/apache /var/www /etc/ssl/apache"
pascal@14772 14 TAZPANEL_DAEMON="edit::/etc/apache/httpd.conf|web::$WEB_SITE"
pascal@1572 15 PROVIDE="lighttpd"
jozee@4931 16 TAGS="webserver http server"
pascal@1313 17
pascal@15361 18 DEPENDS="apr-util apr openssl pcre util-linux-uuid expat zlib"
pascal@15361 19 BUILD_DEPENDS="apr-util-dev apr-dev openssl-dev sed expat-dev zlib-dev \
pascal@15361 20 util-linux-uuid-dev openldap-dev bash"
pascal@15361 21
pascal@1313 22 # Rules to configure and make the package.
pascal@1313 23 compile_rules()
pascal@1313 24 {
pascal@1313 25 grep -q Slitaz config.layout || \
slaxemulator@9698 26 cat $stuff/slitaz.layout >> config.layout
erjo@14809 27 ./configure --mandir=/usr/share/man \
erjo@14809 28 --enable-mods-shared=all \
erjo@14809 29 --enable-proxy \
erjo@14809 30 --enable-ssl \
pascal@1658 31 --enable-layout=Slitaz $CONFIGURE_ARGS &&
slaxemulator@13101 32 make $MAKEFLAGS && make DESTDIR=$DESTDIR install
pascal@1313 33 }
pascal@1313 34
pascal@1313 35 # Rules to gen a SliTaz package suitable for Tazpkg.
pascal@1313 36 genpkg_rules()
pascal@1313 37 {
pascal@1313 38 mkdir -p $fs/usr/share/apache $fs/etc/init.d $fs/etc/apache/conf.d
pascal@1794 39 mkdir -p $fs/etc/ssl/apache
pascal@15361 40 cp -a $install/usr/share/apache/icons $fs/usr/share/apache
pascal@15361 41 cp -a $install/usr/share/apache/error $fs/usr/share/apache
pascal@15361 42 cp -a $install/usr/share/apache/modules $fs/usr/share/apache
pascal@15361 43 cp -a $install/usr/bin $fs/usr
pascal@1313 44 rm -r $fs/usr/bin/apxs
pascal@15361 45 cp -a $install/etc $fs
pascal@1786 46 rm -rf $fs/etc/apache/original
pascal@15361 47 cp -a $install/var $fs
erjo@4105 48
pankso@9697 49 cp -a $stuff/apache $fs/etc/init.d
pascal@10931 50 mkdir -p $fs/etc/apache/extra
pascal@10931 51 cp -a $stuff/fix-range-CVE-2011-3192.conf $fs/etc/apache/extra
erjo@4647 52
pascal@1313 53 sed -i -e 's|User daemon|User www|' -e 's|Group daemon|Group www|' \
pascal@1313 54 -e 's|ServerAdmin you@example.com|ServerAdmin root@localhost|' \
pascal@1794 55 -e 's|#Include /etc/apache/extra/httpd-ssl.conf|Include /etc/apache/extra/httpd-ssl.conf|' \
pascal@1794 56 -e 's|/etc/apache/server.crt|/etc/ssl/apache/apache.pem|' \
pascal@1794 57 -e 's|/etc/apache/server.key|/etc/ssl/apache/apache.pem|' \
pascal@15371 58 -e 's|#LoadModule ssl_module|LoadModule ssl_module|' \
pascal@15364 59 $fs/etc/apache/httpd.conf $fs/etc/apache/extra/httpd-ssl.conf
pascal@15364 60 echo "Include /etc/apache/conf.d" >> $fs/etc/apache/httpd.conf
pascal@18584 61 sed -i 's/^SSLSessionCache /#&/' $fs/etc/apache/extra/httpd-ssl.conf
pascal@17237 62 cat >> $fs/etc/apache/extra/httpd-ssl.conf <<EOT
pascal@17237 63
pascal@17237 64 # Unsafe, see CVE-2014-3566 POODLE
pascal@17237 65 SSLProtocol All -SSLv2 -SSLv3
pascal@17237 66 EOT
pascal@1313 67 }
pascal@1313 68
pascal@1313 69 # Pre and post install commands for Tazpkg.
pascal@1313 70 # We stop the server by default in case of upgarde.
pascal@1313 71 pre_install()
pascal@1313 72 {
pascal@1313 73 echo "Processing pre-install commands..."
pascal@1794 74 [ -z "$1" ] && [ -f /etc/init.d/$PACKAGE ] && /etc/init.d/$PACKAGE stop
pascal@1313 75 }
pascal@1313 76
pascal@1313 77 post_install()
pascal@1313 78 {
pascal@12197 79 local lang=$(. /etc/locale.conf 2>/dev/null; echo ${LANG#*_})
pascal@12197 80 local tz=$(cat /etc/TZ 2>/dev/null)
pascal@12197 81 local hostname=$(cat /etc/hostname 2>/dev/null)
pascal@1313 82 echo "Processing post-install commands..."
pascal@1313 83 # Just in case.
pascal@1313 84 chown www.www $1/var/log/$PACKAGE
pascal@1658 85 ping -c 2 $(hostname) > /dev/null 2>&1 ||
pascal@16806 86 sed -i "s/localhost/$(hostname) localhost/" $1/etc/hosts
pascal@11175 87 [ -s $1/etc/ssl/apache/apache.pem ] ||
pascal@1794 88 openssl req -new -x509 -keyout $1/etc/ssl/apache/apache.pem \
pascal@1794 89 -out $1/etc/ssl/apache/apache.pem -days 3650 -nodes <<EOT
pascal@12197 90 ${lang:-us}
pascal@12197 91 ${tz:-UTC}
pascal@1794 92
pascal@12197 93 ${hostname:-slitaz}
pascal@1794 94
pascal@1794 95
pascal@1794 96
pascal@1794 97 EOT
pascal@1922 98 ( cd $1/$INSTALLED/ ; grep -l /etc/apache/conf.d/ */receipt ) | \
pascal@1922 99 while read file; do
pascal@1922 100 pkg=$(dirname $file)
pascal@1922 101 [ "$pkg" = "$PACKAGE" ] && continue
pascal@1922 102 echo "Reconfiguring $pkg for $PACKAGE..."
pascal@1922 103 tazpkg reconfigure $pkg
pascal@1922 104 done
pascal@16806 105 [ -f $1/etc/php.ini ] && tazpkg get-install php-apache --root=$1
pascal@1905 106 if [ -z "$1" ]; then
pascal@1905 107 for i in lighttpd ; do
pascal@1905 108 [ -f /etc/init.d/$i ] && /etc/init.d/$i stop
pascal@1905 109 done
pascal@1905 110 /etc/init.d/$PACKAGE start
pascal@1905 111 fi
pascal@1313 112 }
pascal@1313 113
pascal@1313 114 # Rules to clean extras dirs or files
pascal@1313 115 clean_wok()
pascal@1313 116 {
pascal@1313 117 rm -rf $WOK/$PACKAGE/${PACKAGE}.${VERSION}
pascal@1313 118 }