source: branches/fc20-dev/server/fedora/specs/httpd.spec.patch @ 2559

Last change on this file since 2559 was 2551, checked in by andersk, 10 years ago
Put back CAP_DAC_OVERRIDE on suexec so it can write to /var/log/httpd In the future, though, we may want to investigate following Fedora’s switch to syslog.
File size: 2.8 KB
  • httpd.spec

    old new  
    1515Summary: Apache HTTP Server
    1616Name: httpd
    1717Version: 2.4.10
    18 Release: 1%{?dist}
     18Release: 1%{?dist}.scripts.%{scriptsversion}
    1919URL: http://httpd.apache.org/
    2020Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
    2121Source1: index.html
     
    8484Requires(post): systemd-units
    8585Conflicts: apr < 1.5.0-1
    8686
     87Provides: scripts-httpd = %{version}-%{release}
     88Patch1001: httpd-suexec-scripts.patch
     89Patch1002: httpd-mod_status-security.patch
     90Patch1003: httpd-304s.patch
     91Patch1004: httpd-fixup-vhost.patch
     92
    8793%description
    8894The Apache HTTP Server is a powerful, efficient, and extensible
    8995web server.
     
    94100Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
    95101Requires: apr-devel, apr-util-devel, pkgconfig
    96102Requires: httpd = %{version}-%{release}
     103Provides: scripts-httpd-devel = %{version}-%{release}
    97104
    98105%description devel
    99106The httpd-devel package contains the APXS binary and other files
     
    132139Requires(post): openssl, /bin/cat
    133140Requires(pre): httpd
    134141Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
     142Provides: scripts-mod_ssl
    135143Obsoletes: stronghold-mod_ssl
    136144
    137145%description -n mod_ssl
     
    196204# Prevent use of setcap in "install-suexec-caps" target.
    197205sed -i '/suexec/s,setcap ,echo Skipping setcap for ,' Makefile.in
    198206
     207%patch1001 -p1 -b .suexec-scripts
     208%patch1002 -p1 -b .mod_status-security
     209%patch1003 -p1 -b .scripts-304s
     210%patch1004 -p1 -b .fixup-vhost
     211
    199212# Safety check: prevent build if defined MMN does not equal upstream MMN.
    200213vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
    201214if test "x${vmmn}" != "x%{mmn}"; then
     
    242255        --enable-suexec --with-suexec \
    243256        --enable-suexec-capabilities \
    244257        --with-suexec-caller=%{suexec_caller} \
    245         --with-suexec-docroot=%{docroot} \
    246         --without-suexec-logfile \
    247         --with-suexec-syslog \
     258        --with-suexec-docroot=/ \
     259        --with-suexec-userdir=web_scripts \
     260        --with-suexec-trusteddir=/usr/libexec/scripts-trusted \
     261        --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \
     262        --without-suexec-syslog \
    248263        --with-suexec-bin=%{_sbindir}/suexec \
    249         --with-suexec-uidmin=500 --with-suexec-gidmin=100 \
     264        --with-suexec-uidmin=50 --with-suexec-gidmin=50 \
    250265        --enable-pie \
    251266        --with-pcre \
    252267        --enable-mods-shared=all \
     
    542557%{_sbindir}/fcgistarter
    543558%{_sbindir}/apachectl
    544559%{_sbindir}/rotatelogs
    545 %caps(cap_setuid,cap_setgid+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
     560# cap_dac_override needed to write to /var/log/httpd
     561%caps(cap_setuid,cap_setgid,cap_dac_override+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
    546562
    547563%dir %{_libdir}/httpd
    548564%dir %{_libdir}/httpd/modules
Note: See TracBrowser for help on using the repository browser.