%define contentdir /var/www #%define mm_ver 1.3.0 %define apache_ver 1.3.29 %define mod_ssl_ver %{version}-%{apache_ver} Summary: Cryptography support for the Apache Web server. Name: mod_ssl Version: 2.8.16 Release: 1 Group: System Environment/Daemons Source0: ftp://ftp.modssl.org/source/mod_ssl-%{mod_ssl_ver}.tar.gz Source1: SSL-Certificate-Creation Source2: mod_ssl.logrotate Patch0: mod_ssl-2.6.4-tty.patch Patch1: mod_ssl-2.8.4-sdbm.patch Patch2: mod_ssl-2.8.4-openssl.patch License: Apache Software License BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildPrereq: apache-devel = %{apache_ver}, eapi = %{version}, mm-devel Requires: webserver, make Prereq: openssl, dev %description The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. %prep %setup -q -n %{name}-%{mod_ssl_ver} %patch0 -p2 -b .tty %patch1 -p1 -b .sdbm %patch2 -p1 -b .openssl %build CFLAGS="$RPM_OPT_FLAGS -fPIC" ; export CFLAGS SSL_COMPAT=yes; export SSL_COMPAT SSL_EXPERIMENTAL=yes ; export SSL_EXPERIMENTAL # The --force below keeps configure from failing when the httpd binary # is not present, and changes nothing else. %configure --with-apxs=%{_sbindir}/apxs --with-mm=SYSTEM --force make %install [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT`%{_sbindir}/apxs -q LIBEXECDIR` install -m755 pkg.sslmod/libssl.so $RPM_BUILD_ROOT`%{_sbindir}/apxs -q LIBEXECDIR` # install config information for suffix in crl crt csr key prm ; do mkdir -p $RPM_BUILD_ROOT/`%{_sbindir}/apxs -q SYSCONFDIR`/ssl.${suffix} install -m644 pkg.sslcfg/*.${suffix} $RPM_BUILD_ROOT/`%{_sbindir}/apxs -q SYSCONFDIR`/ssl.${suffix} rm -f $RPM_BUILD_ROOT/`%{_sbindir}/apxs -q SYSCONFDIR`/ssl.${suffix}/server.* done chmod 600 $RPM_BUILD_ROOT/`%{_sbindir}/apxs -q SYSCONFDIR`/ssl.*/*.key # install log rotation stuff mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d install -m644 $RPM_SOURCE_DIR/mod_ssl.logrotate \ $RPM_BUILD_ROOT/etc/logrotate.d/mod_ssl # install docs mkdir -p $RPM_BUILD_ROOT%{contentdir}/html/manual/mod/mod_ssl/ install -m644 pkg.ssldoc/*.{html,gif,jpg} \ $RPM_BUILD_ROOT%{contentdir}/html/manual/mod/mod_ssl/ # point to the right makefile. mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf ln -s ../../../usr/share/ssl/certs/Makefile $RPM_BUILD_ROOT/etc/httpd/conf find $RPM_BUILD_ROOT -type f | \ xargs grep -l "/usr/local/bin/perl5" | \ xargs perl -pi -e "s|/usr/local/bin/perl5|%{__perl}|g;" find $RPM_BUILD_ROOT -type f | \ xargs grep -l "/usr/local/bin/perl" | \ xargs perl -pi -e "s|/usr/local/bin/perl|%{__perl}|g;" # create a prototype session cache mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache touch $RPM_BUILD_ROOT%{_localstatedir}/cache/ssl_gcache_data.{dir,pag,sem} # tim: remove stuff we're not installing from the buildroot rm $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/mod_ssl %clean rm -rf $RPM_BUILD_ROOT %post /sbin/ldconfig umask 077 if [ ! -f %{_sysconfdir}/httpd/conf/ssl.key/server.key ] ; then %{_bindir}/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 1024 > %{_sysconfdir}/httpd/conf/ssl.key/server.key 2> /dev/null fi if [ ! -f %{_sysconfdir}/httpd/conf/ssl.crt/server.crt ] ; then cat << EOF | %{_bindir}/openssl req -new -key %{_sysconfdir}/httpd/conf/ssl.key/server.key -x509 -days 365 -out %{_sysconfdir}/httpd/conf/ssl.crt/server.crt 2>/dev/null -- SomeState SomeCity SomeOrganization SomeOrganizationalUnit localhost.localdomain root@localhost.localdomain EOF fi %files %defattr(-,root,root) %doc $RPM_SOURCE_DIR/SSL-Certificate-Creation README* LICENSE NEWS CHANGES CREDITS %{contentdir}/html/manual/mod/mod_ssl/ %{_libdir}/apache/libssl.so %config %{_sysconfdir}/httpd/conf/Makefile %attr(0700,root,root) %dir %{_sysconfdir}/httpd/conf/ssl.* %attr(0600,apache,root) %ghost %{_localstatedir}/cache/ssl_gcache_data.dir %attr(0600,apache,root) %ghost %{_localstatedir}/cache/ssl_gcache_data.pag %attr(0600,apache,root) %ghost %{_localstatedir}/cache/ssl_gcache_data.sem %dir %{_sysconfdir}/httpd %config %{_sysconfdir}/httpd/conf/ssl.*/* %changelog * Wed Oct 23 2002 Nalin Dahyabhai 2.8.12-0.7 - update to 2.8.12 for 1.3.27, fixing a cross-site scripting vulnerability * Mon Oct 7 2002 Nalin Dahyabhai 2.8.11-1 - update to 2.8.11 for 1.3.27 * Thu Jun 27 2002 Nalin Dahyabhai 2.8.10-1 - update to 2.8.10 for 1.3.26 * Wed Mar 27 2002 Nalin Dahyabhai 2.8.8-1 - update to 2.8.8 for 1.3.24 * Tue Feb 26 2002 Nalin Dahyabhai 2.8.7-2 - rotate engine logs * Mon Feb 25 2002 Nalin Dahyabhai 2.8.7-1 - update to 2.8.7 * Fri Feb 22 2002 Nalin Dahyabhai 2.8.6-2 - rebuild * Fri Feb 1 2002 Nalin Dahyabhai 2.8.6-1 - update to 2.8.6 * Wed Jan 23 2002 Nalin Dahyabhai 2.8.5-2 - rebuild in new environment * Mon Oct 11 2001 Nalin Dahyabhai 2.8.5-1 - update to 2.8.5 * Thu Oct 11 2001 Nalin Dahyabhai 2.8.4-10 - update to build against and require 1.3.22 * Tue Jul 24 2001 Nalin Dahyabhai 2.8.4-9 - mark files under %%{_sysconfdir} as configuration files - add dependency on make to ensure that makefiles are usable * Mon Jul 23 2001 Nalin Dahyabhai - remove a patch * Thu Jul 19 2001 Nalin Dahyabhai - don't package a default server.anything - use system mm library - use --force when configuring so that we don't error out -- the apxs script still works * Wed Jul 18 2001 Nalin Dahyabhai - add a mod_ssl.logrotate configuration file to the package * Fri Jul 12 2001 Nalin Dahyabhai - break out of the apache package