#Module-Specific definitions %define mod_version %{apache_version} %define mod_name mod_ssl+distcache %define mod_so %{mod_name}.so %define apache_version 2.0.53 # Standard Module Definitions %define name apache2-%{mod_name} %define version %{apache_version}_%{mod_version} Summary: Strong cryptography using the SSL, TLS and distcache protocols Name: %{name} Version: %{mod_version} Release: %mkrel 5 License: GPL Group: System/Servers URL: http://www.distcache.org Source1: README.distcache.bz2 Source2: certwatch.tar.bz2 Source5: mod_ssl+distcache-gentestcrt.sh.bz2 Source40: 40_mod_ssl+distcache.conf.bz2 Source41: 41_mod_ssl+distcache.default-vhost.conf.bz2 Prereq: rpm-helper #Requires: distcache-server >= 1.4.3 #Requires: distcache-client >= 1.4.3 BuildRequires: distcache-devel >= 1.4.3 Provides: apache2-mod_ssl mod_ssl #Conflicts: apache2-mod_ssl Prereq: apache2 >= %{apache_version} Prereq: apache2-conf >= 2.0.52-2mdk BuildRequires: apache2-devel >= %{apache_version}-1mdk BuildRequires: apache2-source = %{apache_version} BuildRequires: file BuildRoot: %{_tmppath}/%{name}-buildroot %description This module provides SSL v2/v3 and TLS v1 support for the Apache HTTP Server. It was contributed by Ralf S. Engeschall based on his mod_ssl project and originally derived from work by Ben Laurie. This module relies on OpenSSL to provide the cryptography engine. This module is a drop in replacement for the standard mod_ssl with additional distcache functionality. Read more about distcache here: http://www.distcache.org %prep %setup -c -T # Use the source Luke cp -p %{_usrsrc}/apache2-%{version}/modules/ssl/* . cp -p %{_usrsrc}/apache2-%{version}/modules/loggers/* . # fix one obsticle perl -pi -e "s|../../modules/loggers/||g" ssl_engine_vars.c # extract the certwatch stuff tar -jxf %{SOURCE2} # strip away annoying ^M find . -type f|xargs file|grep 'CRLF'|cut -d: -f1|xargs perl -p -i -e 's/\r//' find . -type f|xargs file|grep 'text'|cut -d: -f1|xargs perl -p -i -e 's/\r//' %build %{_sbindir}/apxs2 -I%{_includedir}/openssl -I%{_includedir}/distcache -I%{_includedir}/libnal \ -lssl -lcrypto -ldistcache -lnal -lpthread -DHAVE_OPENSSL -DHAVE_DISTCACHE -DSSL_EXPERIMENTAL_ENGINE \ -c `cat mod_ssl.txt` # build the certwatch stuff gcc %{optflags} -o certwatch/certwatch -Wall -Werror certwatch/certwatch.c -lcrypto %install [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} install -d %{buildroot}%{_libdir}/apache2-extramodules install -m0755 .libs/mod_ssl.so %{buildroot}%{_libdir}/apache2-extramodules/ install -d %{buildroot}%{_libdir}/ssl/apache2-mod_ssl bzcat %{SOURCE5} > %{buildroot}%{_libdir}/ssl/apache2-mod_ssl/gentestcrt.sh # install module conf files for the "conf.d" dir loading structure install -d %{buildroot}/%{_sysconfdir}/httpd/conf.d bzcat %{SOURCE40} > %{buildroot}/%{_sysconfdir}/httpd/conf.d/40_mod_ssl.conf bzcat %{SOURCE41} > %{buildroot}/%{_sysconfdir}/httpd/conf.d/41_mod_ssl.default-vhost.conf install -d %{buildroot}%{_sysconfdir}/ssl/apache2 cat > %{buildroot}%{_sysconfdir}/ssl/apache2/README.test-certificates <<EOF Use the %{_libdir}/ssl/apache2-mod_ssl/gentestcrt.sh script to generate your own, self-signed certificates to replace the localhost server name. EOF install -d %{buildroot}%{_var}/cache/httpd # fix a msec safe cache for the ssl stuff install -d %{buildroot}%{_var}/cache/httpd/mod_ssl touch %{buildroot}%{_var}/cache/httpd/mod_ssl/scache.dir touch %{buildroot}%{_var}/cache/httpd/mod_ssl/scache.pag touch %{buildroot}%{_var}/cache/httpd/mod_ssl/scache.sem bzcat %{SOURCE1} > README.distcache # install the certwatch stuff install -d %{buildroot}%{_sysconfdir}/cron.daily install -d %{buildroot}%{_mandir}/man8 install -d %{buildroot}%{_sbindir} install -m0755 certwatch/certwatch %{buildroot}%{_sbindir}/certwatch install -m0755 certwatch/certwatch.cron %{buildroot}%{_sysconfdir}/cron.daily/certwatch install -m0644 certwatch/certwatch.8 %{buildroot}%{_mandir}/man8/certwatch.8 %post if [ $1 = "1" ]; then #Create a self-signed server key and certificate #The script checks first if they exists, if yes, it exits, #otherwise, it creates them. if [ -d %{_sysconfdir}/ssl/apache2 ];then # fix upgrade if needed since apache2 certs is now in %{_sysconfdir}/ssl/apache2/ if [ -f %{_sysconfdir}/ssl/apache/server.crt.rpmsave -a ! -f %{_sysconfdir}/ssl/apache2/server.crt.rpmsave -a ! -f %{_sysconfdir}/ssl/apache2/server.crt ]; then cp -p %{_sysconfdir}/ssl/apache/server.crt.rpmsave %{_sysconfdir}/ssl/apache2/server.crt; fi if [ -f %{_sysconfdir}/ssl/apache/server.key.rpmsave -a ! -f %{_sysconfdir}/ssl/apache2/server.key.rpmsave -a ! -f %{_sysconfdir}/ssl/apache2/server.key ]; then cp -p %{_sysconfdir}/ssl/apache/server.key.rpmsave %{_sysconfdir}/ssl/apache2/server.key; fi pushd %{_sysconfdir}/ssl/apache2 > /dev/null yes ""|%{_libdir}/ssl/apache2-mod_ssl/gentestcrt.sh >/dev/null popd > /dev/null fi %{_datadir}/ADVX/mod_ssl-migrate-20 fi %create_ghostfile %{_var}/cache/httpd/mod_ssl/scache.dir apache root 0600 %create_ghostfile %{_var}/cache/httpd/mod_ssl/scache.pag apache root 0600 %create_ghostfile %{_var}/cache/httpd/mod_ssl/scache.sem apache root 0600 if [ -f %{_var}/lock/subsys/httpd ]; then %{_initrddir}/httpd restart 1>&2; fi %postun if [ "$1" = "0" ]; then if [ -f %{_var}/lock/subsys/httpd ]; then %{_initrddir}/httpd restart 1>&2 fi fi %clean [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} %files %defattr(-,root,root) %doc README.distcache %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/*_mod_ssl.conf %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/*_mod_ssl.default-vhost.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssl/apache2/README* %attr(0755,root,root) %{_sysconfdir}/cron.daily/certwatch %attr(0755,root,root) %{_sbindir}/certwatch %attr(0755,root,root) %{_libdir}/apache2-extramodules/mod_ssl.so %dir %{_libdir}/ssl/apache2-mod_ssl %attr(0755,root,root) %{_libdir}/ssl/apache2-mod_ssl/gentestcrt.sh %attr(0700,apache,root) %dir %{_var}/cache/httpd/mod_ssl %attr(0600,apache,root) %ghost %{_var}/cache/httpd/mod_ssl/scache.dir %attr(0600,apache,root) %ghost %{_var}/cache/httpd/mod_ssl/scache.pag %attr(0600,apache,root) %ghost %{_var}/cache/httpd/mod_ssl/scache.sem %attr(0644,root,root) %{_mandir}/man8/certwatch.8* %changelog * Sun Mar 20 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-5mdk - use the %%mkrel macro - added code by Vincent Danen in S2 to make certwatch take an recipient e-mail address as an argument * Sun Mar 06 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-4mdk - make it provide mod_ssl (#14303) * Mon Feb 28 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-3mdk - fix %%post and %%postun to prevent double restarts - fix bug #6574 * Wed Feb 16 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-2mdk - spec file cleanups, remove the ADVX-build stuff * Tue Feb 8 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-1mdk - rebuilt for apache 2.0.53 * Thu Jan 20 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-6mdk - fix one really old bug (#5732) - fix deps * Tue Jan 11 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-5mdk - fix one really really stupid bug... * Tue Nov 09 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-4mdk - rebuild against newish apr libs * Sun Oct 17 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-3mdk - rebuilt to fix CAN-2004-0885 * Wed Oct 13 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-2mdk - added the certwatch stuff - misc spec file fixes * Tue Sep 28 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-1mdk - built for apache 2.0.52 * Thu Sep 16 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.51-1mdk - built for apache 2.0.51 * Thu Sep 09 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.50-2mdk - security fixes for CAN-2004-0748 and CAN-2004-0751 * Mon Jul 12 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.50-1mdk - built for apache 2.0.50 - remove redundant provides * Fri Jun 18 2004 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.49-1mdk - built for apache 2.0.49 - added S1 * Mon Dec 15 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.48-2mdk - argh!!! it cannot conflict with itself! * Mon Dec 15 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.48-1mdk - initial cooker contrib