-%define SSLVER 2.8.14
-%define APACHEVER 1.3.27
-%define apxs /usr/sbin/apxs
+# TODO
+# - other language's descriptions look weird, backslashes and quotes
+%define SSLVER 2.8.25
+%define APACHEVER 1.3.34
+%define apxs /usr/sbin/apxs1
+%define mod_name ssl
Summary: An SSL module for the Apache Web server
Summary(cs): Modul s podporou silného ¹ifrování pro WWW server Apache
Summary(da): Krypteringsunderstøttelse for webtjeneren Apache
Summary(de): SSL-Modul für den Apache-Webserver
-Summary(es): Soporte criptofráfico para el servidor de red Apache
+Summary(es): Soporte criptofráfico para el servidor de WWW Apache
Summary(fr): Un module SSL pour le serveur Web Apache
Summary(id): Interpreter Perl untuk web server Apache
Summary(is): Perl túlkur fyrir Apache vefþjóninn
Summary(it): Supporto di crittografia per il server Web Apache
Summary(ja): Apache Web ¥µ¡¼¥Ð¡¼ÍѤΰŹ極¥Ý¡¼¥È
-Summary(no): Krypteringsstøtte for webtjeneren Apache
+Summary(nb): Krypteringsstøtte for webtjeneren Apache
Summary(pl): Modu³ SSL dla serwera WWW Apache
Summary(pt): O suporte de cifra para o servidor Web Apache
Summary(ru): íÏÄÕÌØ ÐÏÄÄÅÒÖËÉ SSL × Apache
Summary(sl): Podpora za ¹ifriranje za spletni stre¾nik Apache
Summary(sv): Kryptografistöd till webbservern Apache
Summary(uk): íÏÄÕÌØ Ð¦ÄÔÒÉÍËÉ SSL × Apache
-Name: apache-mod_ssl
+Name: apache1-mod_%{mod_name}
Version: %{SSLVER}_%{APACHEVER}
Release: 1
License: BSD
Group: Networking/Daemons
-Source0: http://www.modssl.org/source/mod_ssl-%{SSLVER}-%{APACHEVER}.tar.gz
-# Source0-md5: 8ba44e6ad3701f445b0f86f17f24ff1c
-Source1: apache1-mod_ssl.conf
+Source0: http://www.modssl.org/source/mod_%{mod_name}-%{SSLVER}-%{APACHEVER}.tar.gz
+# Source0-md5: 1ef2a6cb47573444779b2fd10502514b
+Source1: %{name}.conf
Source2: %{name}-server.crt
Source3: %{name}-server.key
Source4: %{name}-sxnet.html
Source5: %{name}.logrotate
-Patch1: mod_ssl-cca-openssl-path.patch
-Patch2: mod_ssl-db3.patch
+Patch1: mod_%{mod_name}-cca-openssl-path.patch
+Patch2: mod_%{mod_name}-db3.patch
+Patch3: %{name}-nohttpd.patch
URL: http://www.modssl.org/
-BuildRequires: apache1(EAPI)-devel = %{APACHEVER}
-BuildRequires: db-devel >= 4.1
-BuildRequires: openssl-devel >= 0.9.7
-BuildRequires: openssl-tools >= 0.9.7
BuildRequires: %{apxs}
-Requires(post,preun): apache
-Requires(post,preun): grep
-Requires(preun): fileutils
-Requires: apache1(EAPI) >= %{APACHEVER}
-Provides: mod_ssl
-BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+BuildRequires: apache1-devel = %{APACHEVER}
+BuildRequires: apache1-devel >= 1.3.33-2
+BuildRequires: db-devel >= 4.1
+BuildRequires: openssl-devel >= 0.9.7d
+BuildRequires: openssl-tools >= 0.9.7d
+BuildRequires: sed >= 4.0
+Requires(post,preun): apache1
+Requires(triggerpostun): grep
+Requires(triggerpostun): sed >= 4.0
+Requires: apache1 >= %{APACHEVER}
+Requires: apache1 >= 1.3.33-2
+# see the config
+Requires: apache1-mod_log_config
+Requires: apache1-mod_setenvif
+Provides: apache(mod_ssl) = %{version}-%{release}
+Obsoletes: apache-mod_ssl < 2
Obsoletes: mod_ssl
+BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
-%define _pkglibdir %(%{apxs} -q LIBEXECDIR)
+%define _pkglibdir %(%{apxs} -q LIBEXECDIR 2>/dev/null)
+%define _sysconfdir %(%{apxs} -q SYSCONFDIR 2>/dev/null)
+%define _pkglogdir %(%{apxs} -q PREFIX 2>/dev/null)/logs
%description
The mod_ssl project provides strong cryptography for the Apache 1.3
SSL/TLS-Toolkit OpenSSL, das auf SSLeay basiert, verwendet.
%description -l es
-"El módulo modd_ssl proporciona la criptografía para el servidor
-Web\n" "Apache, los sockets seguros, los protocolos de la seguridad
-(SSL) y de la\n" "capa tranparente (TLS)."
+El módulo mod_ssl proporciona la criptografía para el servidor Web
+Apache, los sockets seguros, los protocolos de la seguridad (SSL) y de
+la capa tranparente (TLS).
%description -l fr
Le projet mod_ssl fournit de la forte cryptographie pour le serveur
¥µ¡¼¥Ð¡¼ÍѤζ¯ÎϤʰŹ沽\n" "µ¡Ç½¤òÄ󶡤·¤Þ¤¹¡£"
%description -l pl
-Projekt mod_ssl ma za zadanie zapewniæ serwerowi www Apache 1.3 wysoki
+Projekt mod_ssl ma za zadanie zapewniæ serwerowi WWW Apache 1.3 wysoki
poziom szyfrowania dziêki protoko³om Secure Sockets Layer (SSL v2/v3)
i Transport Layer Security (TLS v1) przy pomocy pakiety narzêdziowego
Open Source SSL/TSL -- OpenSSL, stworzonego na podstawie SSLeay Erica
Layer\n" "Security)."
%description -l uk
-Apache -- ÐÏÔÕÖÎÉÊ ×¦ÌØÎÏ ÒÏÚÐÏ×ÓÀÄÖÕ×ÁÎÉÊ ÓÅÒ×ÅÒ http. ãÅ
+Apache -- ÐÏÔÕÖÎÉÊ ×¦ÌØÎÏ ÒÏÚÐÏ×ÓÀÄÖÕ×ÁÎÉÊ ÓÅÒ×ÅÒ HTTP. ãÅ
ÎÁÊÐÏÐÕÌÑÒΦÛÉÊ ÓÅÒ×ÅÒ Õ ÓצԦ (×ÉËÏÒÉÓÔÏ×Õ¤ÔØÓÑ Â¦ÌØÛ ÑË ÎÁ 50%%
ÓÅÒ×ÅÒ¦×). ãÑ ×ÅÒÓ¦Ñ Í¦ÓÔÉÔØ Ð¦ÄÔÒÉÍËÕ SSL v2, v3 ÔÁ TLS v1.
-%package -n apache-mod_sxnet
+%package devel
+Summary: Header files for mod_ssl
+Summary(pl): Pliki nag³ówkowe dla mod_ssl
+Group: Development/Building
+Requires: apache1-devel >= %{APACHEVER}
+
+%description devel
+Header files for mod_ssl.
+
+%description devel -l pl
+Pliki nag³ówkowe dla mod_ssl.
+
+%package -n apache1-mod_sxnet
Summary: Strong Extranet module for mod_ssl and apache
Summary(fr): Module d'Extranet Fort pour Apache et mod_ssl
Summary(pl): Modu³ Strong Extranet dla pakietu mod_ssl i serwera WWW Apache
Group: Networking/Daemons
-Requires(post,preun): %{apxs}
+Requires(triggerpostun): %{apxs}
Requires: apache1(EAPI) >= %{APACHEVER}
+Requires: apache1 >= 1.3.33-2
+Obsoletes: apache-mod_sxnet < 2
-%description -n apache-mod_sxnet
+%description -n apache1-mod_sxnet
The Strong Extranet allows you to use digital certificates to
authenticate users on your web server. Typically, your users enroll in
your Strong Extranet, under your control, through the Thawte Personal
Cert System.
-%description -n apache-mod_sxnet -l fr
+%description -n apache1-mod_sxnet -l fr
L'Extranet Fort vous permet d'utiliser des certificats numeriques pour
authentifier les usagers sur votre serveur web. Typiquement, vos
usagers s'enrolent dans votre Extranet Fort, sous votre controle, a
travers le Thawte Personal Cert System.
-%description -n apache-mod_sxnet -l pl
+%description -n apache1-mod_sxnet -l pl
Pakiet Strong Extranet umo¿liwia u¿ywanie cyfrowych certyfikatów dla
-uwierzytelniania u¿ytkowników serwera www. Zwykle u¿ytkownicy
+uwierzytelniania u¿ytkowników serwera WWW. Zwykle u¿ytkownicy
rejestruj± siê pod opiek± administratora poprzez Thawte Personal Cert
System.
%prep
-%setup -q -n mod_ssl-%{SSLVER}-%{APACHEVER}
+%setup -q -n mod_%{mod_name}-%{SSLVER}-%{APACHEVER}
%patch1 -p1
%patch2 -p1
+%patch3 -p1
+
+%{__perl} -pi -e 's@ /lib /usr/lib @ /%{_lib} /usr/%{_lib} @' pkg.sslmod/libssl.module
+
+cd pkg.contrib
+tar xvf sxnet.tar
%build
-SSL_BASE=SYSTEM
-export SSL_BASE
+SSL_BASE=SYSTEM; export SSL_BASE
%configure \
--with-apxs=%{apxs} \
--enable-shared=ssl \
%{__make}
-cd pkg.contrib
-tar xvf sxnet.tar
-cd sxnet
+cd pkg.contrib/sxnet
%{apxs} -DMalloc=malloc -DFree=free -I%{_includedir}/openssl -L%{_libdir} -l ssl -l crypto -c mod_sxnet.c
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_libdir}/mod_ssl,%{_pkglibdir}} \
- $RPM_BUILD_ROOT%{_sysconfdir}/httpd \
+install -d $RPM_BUILD_ROOT{%{_libdir}/mod_%{mod_name},%{_pkglibdir},%{_pkglogdir}} \
+ $RPM_BUILD_ROOT%{_includedir}/apache1 \
+ $RPM_BUILD_ROOT%{_sysconfdir}/conf.d \
$RPM_BUILD_ROOT/etc/logrotate.d
install pkg.sslmod/libssl.so $RPM_BUILD_ROOT%{_pkglibdir}
install pkg.contrib/sxnet/mod_sxnet.so $RPM_BUILD_ROOT%{_pkglibdir}
-install pkg.contrib/*.sh $RPM_BUILD_ROOT%{_libdir}/mod_ssl
-install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/httpd/mod_ssl.conf
-install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/httpd/server.crt
-install %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/httpd/server.key
-install %{SOURCE5} $RPM_BUILD_ROOT/etc/logrotate.d/apache-mod_ssl
+install pkg.contrib/*.sh $RPM_BUILD_ROOT%{_libdir}/mod_%{mod_name}
+install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/40_mod_%{mod_name}.conf
+install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/server.crt
+install %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/server.key
+install %{SOURCE5} $RPM_BUILD_ROOT/etc/logrotate.d/apache-mod_%{mod_name}
-mv -f pkg.ssldoc ssl-doc
+cp -a pkg.ssldoc ssl-doc
install %{SOURCE4} sxnet.html
+echo 'LoadModule sxnet_module modules/mod_sxnet.so' > \
+ $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/90_mod_sxnet.conf
+
+install pkg.sslmod/*.h $RPM_BUILD_ROOT%{_includedir}/apache1
+
+> $RPM_BUILD_ROOT%{_pkglogdir}/ssl_engine_log
+> $RPM_BUILD_ROOT%{_pkglogdir}/ssl_request_log
%clean
rm -rf $RPM_BUILD_ROOT
%post
-if [ -f %{_sysconfdir}/httpd/httpd.conf ] && \
- ! grep -q "^Include.*/mod_ssl.conf" %{_sysconfdir}/httpd/httpd.conf; then
- echo "Include /etc/httpd/mod_ssl.conf" >> %{_sysconfdir}/httpd/httpd.conf
-fi
-if [ -f /var/lock/subsys/httpd ]; then
- /etc/rc.d/init.d/httpd restart 1>&2
+if [ -f /var/lock/subsys/apache ]; then
+ /etc/rc.d/init.d/apache restart 1>&2
else
- echo "Run \"/etc/rc.d/init.d/httpd start\" to start apache http daemon."
+ echo "Run \"/etc/rc.d/init.d/apache start\" to start apache HTTP daemon."
fi
-%preun
+%postun
if [ "$1" = "0" ]; then
- umask 027
- grep -E -v "^Include.*mod_ssl.conf" %{_sysconfdir}/httpd/httpd.conf > \
- %{_sysconfdir}/httpd/httpd.conf.tmp
- mv -f %{_sysconfdir}/httpd/httpd.conf.tmp %{_sysconfdir}/httpd/httpd.conf
- if [ -f /var/lock/subsys/httpd ]; then
- /etc/rc.d/init.d/httpd restart 1>&2
+ if [ -f /var/lock/subsys/apache ]; then
+ /etc/rc.d/init.d/apache restart 1>&2
fi
fi
-%post -n apache-mod_sxnet
-%{apxs} -e -a -n sxnet %{_pkglibdir}/mod_sxnet.so 1>&2
-if [ -f /var/lock/subsys/httpd ]; then
- /etc/rc.d/init.d/httpd restart 1>&2
+%triggerpostun -- apache1-mod_ssl < 2.8.22_1.3.33-1.7
+if grep -q '^Include conf\.d/\*\.conf' /etc/apache/apache.conf; then
+ sed -i -e '
+ /^Include.*mod_%{mod_name}.conf/d
+ ' /etc/apache/apache.conf
+else
+ # they're still using old apache.conf
+ sed -i -e '
+ s,^Include.*mod_%{mod_name}.conf,Include %{_sysconfdir}/conf.d/*_mod_%{mod_name}.conf,
+ ' /etc/apache/apache.conf
fi
-%preun -n apache-mod_sxnet
-if [ "$1" = "0" ]; then
+%triggerpostun -- apache1-mod_sxnet < 2.8.22_1.3.33-1.9
+# check that they're not using old apache.conf
+if grep -q '^Include conf\.d' /etc/apache/apache.conf; then
%{apxs} -e -A -n sxnet %{_pkglibdir}/mod_sxnet.so 1>&2
- if [ -f /var/lock/subsys/httpd ]; then
- /etc/rc.d/init.d/httpd restart 1>&2
+fi
+
+%post -n apache1-mod_sxnet
+if [ -f /var/lock/subsys/apache ]; then
+ /etc/rc.d/init.d/apache restart 1>&2
+fi
+
+%postun -n apache1-mod_sxnet
+if [ "$1" = "0" ]; then
+ if [ -f /var/lock/subsys/apache ]; then
+ /etc/rc.d/init.d/apache restart 1>&2
fi
fi
-
+
%files
%defattr(644,root,root,755)
-%attr(640,root,root) %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/httpd/mod_ssl.conf
-%attr(640,root,root) %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/httpd/server.crt
-%attr(640,root,root) %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/httpd/server.key
-%attr(640,root,root) %config(noreplace) /etc/logrotate.d/*
-%doc ANNOUNCE CHANGES CREDITS NEWS README*
-%doc ssl-doc
+%doc ANNOUNCE CHANGES CREDITS NEWS README* ssl-doc
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_ssl.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/server.crt
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/server.key
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/*
+%attr(640,root,root) %ghost %{_pkglogdir}/*
%attr(755,root,root) %{_pkglibdir}/libssl.so
-%dir %{_libdir}/mod_ssl
-%attr(755,root,root) %{_libdir}/mod_ssl/*.sh
+%dir %{_libdir}/mod_%{mod_name}
+%attr(755,root,root) %{_libdir}/mod_%{mod_name}/*.sh
-%files -n apache-mod_sxnet
+%files devel
+%defattr(644,root,root,755)
+%{_includedir}/apache1/*.h
+
+%files -n apache1-mod_sxnet
%defattr(644,root,root,755)
-%attr(755,root,root) %{_pkglibdir}/mod_sxnet.so
%doc sxnet.html
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_sxnet.conf
+%attr(755,root,root) %{_pkglibdir}/mod_sxnet.so