#Module-Specific definitions %define apache_version 2.0.53 %define mod_version %{apache_version} %define mod_name mod_ssl %define mod_so %{mod_name}.so # Standard Module Definitions %define name apache2-%{mod_name} %define version %{apache_version}_%{mod_version} Summary: Strong cryptography using the SSL, TLS and distcache protocols Name: %{name} Version: %{mod_version} Release: %mkrel 8 License: GPL Group: System/Servers URL: http://www.apache.org Source1: README.distcache.bz2 Source2: certwatch.tar.bz2 Source5: mod_ssl-gentestcrt.sh.bz2 Source40: 40_mod_ssl.conf.bz2 Source41: 41_mod_ssl.default-vhost.conf.bz2 Prereq: rpm-helper BuildRequires: openssl-devel Prereq: apache2 >= %{apache_version} Prereq: apache2-conf >= %{apache_version}-1mdk BuildRequires: apache2-devel >= %{apache_version}-1mdk BuildRequires: apache2-source >= %{apache_version}-1mdk Provides: mod_ssl BuildRoot: %{_tmppath}/%{name}-buildroot %description This module provides SSL v2/v3 and TLS v1 support for the Apache HTTP Server. It was contributed by Ralf S. Engeschall based on his mod_ssl project and originally derived from work by Ben Laurie. This module relies on OpenSSL to provide the cryptography engine. %prep %setup -c -T # Use the source Luke cp -p %{_usrsrc}/apache2-%{version}/modules/ssl/* . cp -p %{_usrsrc}/apache2-%{version}/modules/loggers/* . # fix one obsticle perl -pi -e "s|../../modules/loggers/||g" ssl_engine_vars.c # extract the certwatch stuff tar -jxf %{SOURCE2} %build %{_sbindir}/apxs2 -I%{_includedir}/openssl -lssl -lcrypto -lpthread -DHAVE_OPENSSL -DSSL_EXPERIMENTAL_ENGINE \ -c `cat mod_ssl.txt` # build the certwatch stuff gcc %{optflags} -o certwatch/certwatch -Wall -Werror certwatch/certwatch.c -lcrypto %install [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} install -d %{buildroot}%{_libdir}/apache2-extramodules install -d %{buildroot}%{_sysconfdir}/httpd/conf.d install -m0755 .libs/mod_ssl.so %{buildroot}%{_libdir}/apache2-extramodules/ install -d %{buildroot}%{_libdir}/ssl/apache2-mod_ssl bzcat %{SOURCE5} > %{buildroot}%{_libdir}/ssl/apache2-mod_ssl/gentestcrt.sh # install module conf files for the "conf.d" dir loading structure bzcat %{SOURCE40} > %{buildroot}%{_sysconfdir}/httpd/conf.d/40_mod_ssl.conf bzcat %{SOURCE41} > %{buildroot}%{_sysconfdir}/httpd/conf.d/41_mod_ssl.default-vhost.conf install -d %{buildroot}%{_sysconfdir}/ssl/apache2 cat > %{buildroot}%{_sysconfdir}/ssl/apache2/README.test-certificates <<EOF Use the %{_libdir}/ssl/apache2-mod_ssl/gentestcrt.sh script to generate your own, self-signed certificates to replace the localhost server name. EOF install -d %{buildroot}%{_var}/cache/httpd # fix a msec safe cache for the ssl stuff install -d %{buildroot}%{_var}/cache/httpd/mod_ssl touch %{buildroot}%{_var}/cache/httpd/mod_ssl/scache.dir touch %{buildroot}%{_var}/cache/httpd/mod_ssl/scache.pag touch %{buildroot}%{_var}/cache/httpd/mod_ssl/scache.sem # install the certwatch stuff install -d %{buildroot}%{_sysconfdir}/cron.daily install -d %{buildroot}%{_mandir}/man8 install -d %{buildroot}%{_sbindir} install -m0755 certwatch/certwatch %{buildroot}%{_sbindir}/certwatch install -m0755 certwatch/certwatch.cron %{buildroot}%{_sysconfdir}/cron.daily/certwatch install -m0644 certwatch/certwatch.8 %{buildroot}%{_mandir}/man8/certwatch.8 %post if [ $1 = "1" ]; then #Create a self-signed server key and certificate #The script checks first if they exists, if yes, it exits, #otherwise, it creates them. if [ -d %{_sysconfdir}/ssl/apache2 ];then # fix upgrade if needed since apache2 certs is now in %{_sysconfdir}/ssl/apache2/ if [ -f %{_sysconfdir}/ssl/apache/server.crt.rpmsave -a ! -f %{_sysconfdir}/ssl/apache2/server.crt.rpmsave -a ! -f %{_sysconfdir}/ssl/apache2/server.crt ]; then cp -p %{_sysconfdir}/ssl/apache/server.crt.rpmsave %{_sysconfdir}/ssl/apache2/server.crt; fi if [ -f %{_sysconfdir}/ssl/apache/server.key.rpmsave -a ! -f %{_sysconfdir}/ssl/apache2/server.key.rpmsave -a ! -f %{_sysconfdir}/ssl/apache2/server.key ]; then cp -p %{_sysconfdir}/ssl/apache/server.key.rpmsave %{_sysconfdir}/ssl/apache2/server.key; fi pushd %{_sysconfdir}/ssl/apache2 > /dev/null yes ""|%{_libdir}/ssl/apache2-mod_ssl/gentestcrt.sh >/dev/null popd > /dev/null fi %{_datadir}/ADVX/mod_ssl-migrate-20 fi %create_ghostfile %{_var}/cache/httpd/mod_ssl/scache.dir apache root 0600 %create_ghostfile %{_var}/cache/httpd/mod_ssl/scache.pag apache root 0600 %create_ghostfile %{_var}/cache/httpd/mod_ssl/scache.sem apache root 0600 if [ -f %{_var}/lock/subsys/httpd ]; then %{_initrddir}/httpd restart 1>&2; fi %postun if [ "$1" = "0" ]; then if [ -f %{_var}/lock/subsys/httpd ]; then %{_initrddir}/httpd restart 1>&2 fi fi %clean [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} %files %defattr(-,root,root) %doc README %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/*_mod_ssl.conf %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/*_mod_ssl.default-vhost.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssl/apache2/README* %attr(0755,root,root) %{_sysconfdir}/cron.daily/certwatch %attr(0755,root,root) %{_sbindir}/certwatch %attr(0755,root,root) %{_libdir}/apache2-extramodules/mod_ssl.so %dir %{_libdir}/ssl/apache2-mod_ssl %attr(0755,root,root) %{_libdir}/ssl/apache2-mod_ssl/gentestcrt.sh %attr(0700,apache,root) %dir %{_var}/cache/httpd/mod_ssl %attr(0600,apache,root) %ghost %{_var}/cache/httpd/mod_ssl/scache.dir %attr(0600,apache,root) %ghost %{_var}/cache/httpd/mod_ssl/scache.pag %attr(0600,apache,root) %ghost %{_var}/cache/httpd/mod_ssl/scache.sem %attr(0644,root,root) %{_mandir}/man8/certwatch.8* %changelog * Sun Mar 20 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-8mdk - added code by Vincent Danen in S2 to make certwatch take an recipient e-mail address as an argument * Thu Mar 17 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-7mdk - use the %%mkrel macro * Sun Mar 06 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-6mdk - make it provide mod_ssl (#14303) * Sun Feb 27 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-5mdk - fix %%post and %%postun to prevent double restarts * Wed Feb 16 2005 Stefan van der Eijk <stefan@eijk.nu> 2.0.53-4mdk - fix bug #6574 * Wed Feb 16 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-3mdk - fix deps * Tue Feb 15 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-2mdk - spec file cleanups, remove the ADVX-build stuff * Tue Feb 8 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53-1mdk - rebuilt for apache 2.0.53 * Thu Jan 20 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-7mdk - fix one really old bug (#5732) - fix deps * Tue Jan 11 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-6mdk - fix one really really stupid bug... * Tue Nov 09 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-4mdk - rebuild against newish apr libs * Sun Oct 17 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-3mdk - rebuilt to fix CAN-2004-0885 * Wed Oct 13 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-2mdk - added the certwatch stuff - misc spec file fixes * Tue Sep 28 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52-1mdk - 2.0.52 * Thu Sep 16 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.51-1mdk - 2.0.51 * Thu Sep 09 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.50-4mdk - security fixes for CAN-2004-0748 and CAN-2004-0751 * Tue Aug 10 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.50-3mdk - rebuilt * Mon Jul 12 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.50-2mdk - remove redundant provides * Wed Jun 30 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.50-1mdk - 2.0.50 * Wed Jun 23 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.49-12mdk - initial mandrake package