#Module-Specific definitions
%define mod_version %{apache_version}
%define mod_name mod_ssl+distcache
%define mod_so %{mod_name}.so

%define apache_version 2.0.53

# Standard Module Definitions
%define name apache2-%{mod_name}
%define version %{apache_version}_%{mod_version}

Summary:	Strong cryptography using the SSL, TLS and distcache protocols
Name:		%{name}
Version:	%{mod_version}
Release:	%mkrel 5
License:	GPL
Group:		System/Servers
URL:		http://www.distcache.org
Source1:	README.distcache.bz2
Source2:	certwatch.tar.bz2
Source5: 	mod_ssl+distcache-gentestcrt.sh.bz2
Source40: 	40_mod_ssl+distcache.conf.bz2
Source41: 	41_mod_ssl+distcache.default-vhost.conf.bz2
Prereq:		rpm-helper
#Requires:	distcache-server >= 1.4.3
#Requires:	distcache-client >= 1.4.3
BuildRequires:	distcache-devel >= 1.4.3
Provides:	apache2-mod_ssl mod_ssl
#Conflicts:	apache2-mod_ssl
Prereq:		apache2 >= %{apache_version}
Prereq:		apache2-conf >= 2.0.52-2mdk
BuildRequires:	apache2-devel >= %{apache_version}-1mdk
BuildRequires:	apache2-source = %{apache_version}
BuildRequires:	file
BuildRoot:	%{_tmppath}/%{name}-buildroot

%description
This module provides SSL v2/v3 and TLS v1 support for the Apache
HTTP Server. It was contributed by Ralf S. Engeschall based on
his mod_ssl project and originally derived from work by Ben
Laurie.

This module relies on OpenSSL to provide the cryptography engine.

This module is a drop in replacement for the standard mod_ssl with
additional distcache functionality.

Read more about distcache here:

http://www.distcache.org

%prep

%setup -c -T
# Use the source Luke
cp -p %{_usrsrc}/apache2-%{version}/modules/ssl/* .
cp -p %{_usrsrc}/apache2-%{version}/modules/loggers/* .

# fix one obsticle
perl -pi -e "s|../../modules/loggers/||g" ssl_engine_vars.c

# extract the certwatch stuff
tar -jxf %{SOURCE2}

# strip away annoying ^M
find . -type f|xargs file|grep 'CRLF'|cut -d: -f1|xargs perl -p -i -e 's/\r//'
find . -type f|xargs file|grep 'text'|cut -d: -f1|xargs perl -p -i -e 's/\r//'

%build
%{_sbindir}/apxs2 -I%{_includedir}/openssl -I%{_includedir}/distcache -I%{_includedir}/libnal \
    -lssl -lcrypto -ldistcache -lnal -lpthread -DHAVE_OPENSSL -DHAVE_DISTCACHE -DSSL_EXPERIMENTAL_ENGINE \
    -c `cat mod_ssl.txt`

# build the certwatch stuff
gcc %{optflags} -o certwatch/certwatch -Wall -Werror certwatch/certwatch.c -lcrypto

%install
[ "%{buildroot}" != "/" ] && rm -rf %{buildroot}

install -d %{buildroot}%{_libdir}/apache2-extramodules
install -m0755 .libs/mod_ssl.so %{buildroot}%{_libdir}/apache2-extramodules/

install -d %{buildroot}%{_libdir}/ssl/apache2-mod_ssl
bzcat %{SOURCE5} > %{buildroot}%{_libdir}/ssl/apache2-mod_ssl/gentestcrt.sh

# install module conf files for the "conf.d" dir loading structure
install -d %{buildroot}/%{_sysconfdir}/httpd/conf.d
bzcat %{SOURCE40} > %{buildroot}/%{_sysconfdir}/httpd/conf.d/40_mod_ssl.conf
bzcat %{SOURCE41} > %{buildroot}/%{_sysconfdir}/httpd/conf.d/41_mod_ssl.default-vhost.conf

install -d %{buildroot}%{_sysconfdir}/ssl/apache2
cat > %{buildroot}%{_sysconfdir}/ssl/apache2/README.test-certificates <<EOF
Use the %{_libdir}/ssl/apache2-mod_ssl/gentestcrt.sh script to generate your own,
self-signed certificates to replace the localhost server name.
EOF

install -d %{buildroot}%{_var}/cache/httpd

# fix a msec safe cache for the ssl stuff
install -d %{buildroot}%{_var}/cache/httpd/mod_ssl
touch %{buildroot}%{_var}/cache/httpd/mod_ssl/scache.dir
touch %{buildroot}%{_var}/cache/httpd/mod_ssl/scache.pag
touch %{buildroot}%{_var}/cache/httpd/mod_ssl/scache.sem

bzcat %{SOURCE1} > README.distcache

# install the certwatch stuff
install -d %{buildroot}%{_sysconfdir}/cron.daily
install -d %{buildroot}%{_mandir}/man8
install -d %{buildroot}%{_sbindir}
install -m0755 certwatch/certwatch %{buildroot}%{_sbindir}/certwatch
install -m0755 certwatch/certwatch.cron %{buildroot}%{_sysconfdir}/cron.daily/certwatch
install -m0644 certwatch/certwatch.8 %{buildroot}%{_mandir}/man8/certwatch.8

%post
if [ $1 = "1" ]; then 
  #Create a self-signed server key and certificate 
  #The script checks first if they exists, if yes, it exits, 
  #otherwise, it creates them.

  if [ -d %{_sysconfdir}/ssl/apache2 ];then

    # fix upgrade if needed since apache2 certs is now in %{_sysconfdir}/ssl/apache2/
    if [ -f %{_sysconfdir}/ssl/apache/server.crt.rpmsave -a ! -f %{_sysconfdir}/ssl/apache2/server.crt.rpmsave -a ! -f %{_sysconfdir}/ssl/apache2/server.crt ]; then
    cp -p %{_sysconfdir}/ssl/apache/server.crt.rpmsave %{_sysconfdir}/ssl/apache2/server.crt; fi

    if [ -f %{_sysconfdir}/ssl/apache/server.key.rpmsave -a ! -f %{_sysconfdir}/ssl/apache2/server.key.rpmsave -a ! -f %{_sysconfdir}/ssl/apache2/server.key ]; then
    cp -p %{_sysconfdir}/ssl/apache/server.key.rpmsave %{_sysconfdir}/ssl/apache2/server.key; fi

    pushd %{_sysconfdir}/ssl/apache2 > /dev/null
    yes ""|%{_libdir}/ssl/apache2-mod_ssl/gentestcrt.sh >/dev/null 
    popd > /dev/null
  fi
  %{_datadir}/ADVX/mod_ssl-migrate-20
fi
%create_ghostfile %{_var}/cache/httpd/mod_ssl/scache.dir  apache root 0600
%create_ghostfile %{_var}/cache/httpd/mod_ssl/scache.pag  apache root 0600
%create_ghostfile %{_var}/cache/httpd/mod_ssl/scache.sem  apache root 0600

if [ -f %{_var}/lock/subsys/httpd ]; then
    %{_initrddir}/httpd restart 1>&2;
fi
    
%postun
if [ "$1" = "0" ]; then
    if [ -f %{_var}/lock/subsys/httpd ]; then
	%{_initrddir}/httpd restart 1>&2
    fi
fi

%clean
[ "%{buildroot}" != "/" ] && rm -rf %{buildroot}

%files
%defattr(-,root,root)
%doc README.distcache
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/*_mod_ssl.conf
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/*_mod_ssl.default-vhost.conf
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssl/apache2/README*
%attr(0755,root,root) %{_sysconfdir}/cron.daily/certwatch
%attr(0755,root,root) %{_sbindir}/certwatch
%attr(0755,root,root) %{_libdir}/apache2-extramodules/mod_ssl.so
%dir %{_libdir}/ssl/apache2-mod_ssl
%attr(0755,root,root) %{_libdir}/ssl/apache2-mod_ssl/gentestcrt.sh
%attr(0700,apache,root) %dir %{_var}/cache/httpd/mod_ssl
%attr(0600,apache,root) %ghost %{_var}/cache/httpd/mod_ssl/scache.dir
%attr(0600,apache,root) %ghost %{_var}/cache/httpd/mod_ssl/scache.pag
%attr(0600,apache,root) %ghost %{_var}/cache/httpd/mod_ssl/scache.sem
%attr(0644,root,root) %{_mandir}/man8/certwatch.8*

%changelog
* Sun Mar 20 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-5mdk
- use the %%mkrel macro
- added code by Vincent Danen in S2 to make certwatch take an 
  recipient e-mail address as an argument

* Sun Mar 06 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-4mdk
- make it provide mod_ssl (#14303)

* Mon Feb 28 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-3mdk
- fix %%post and %%postun to prevent double restarts
- fix bug #6574

* Wed Feb 16 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-2mdk
- spec file cleanups, remove the ADVX-build stuff

* Tue Feb  8 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-1mdk
- rebuilt for apache 2.0.53

* Thu Jan 20 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-6mdk
- fix one really old bug (#5732)
- fix deps

* Tue Jan 11 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-5mdk
- fix one really really stupid bug...

* Tue Nov 09 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-4mdk
- rebuild against newish apr libs

* Sun Oct 17 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-3mdk
- rebuilt to fix CAN-2004-0885

* Wed Oct 13 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-2mdk
- added the certwatch stuff
- misc spec file fixes

* Tue Sep 28 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-1mdk
- built for apache 2.0.52

* Thu Sep 16 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.51-1mdk
- built for apache 2.0.51

* Thu Sep 09 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.50-2mdk
- security fixes for CAN-2004-0748 and CAN-2004-0751

* Mon Jul 12 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.50-1mdk
- built for apache 2.0.50
- remove redundant provides

* Fri Jun 18 2004 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.49-1mdk
- built for apache 2.0.49
- added S1

* Mon Dec 15 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.48-2mdk
- argh!!! it cannot conflict with itself!

* Mon Dec 15 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.48-1mdk
- initial cooker contrib