%define contentdir %{_datadir}/httpd

%define docroot /var/www

%define suexec_caller apache

%define mmn 20120211

%define mmnisa %{mmn}%{__isa_name}%{__isa_bits}

%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT})

%if 0%{?fedora} > 26 || 0%{?rhel} > 7

%global mpm event

%else

%global mpm prefork

%endif

Summary: Apache HTTP Server

Name: httpd

Version: 2.4.37

Release: 39%{?dist}

URL: https://httpd.apache.org/

Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2

Source2: httpd.logrotate

Source3: instance.conf

Source4: httpd-ssl-pass-dialog

Source5: httpd.tmpfiles

Source6: httpd.service

Source7: action-graceful.sh

Source8: action-configtest.sh

Source10: httpd.conf

Source11: 00-base.conf

Source12: 00-mpm.conf

Source13: 00-lua.conf

Source14: 01-cgi.conf

Source15: 00-dav.conf

Source16: 00-proxy.conf

Source17: 00-ssl.conf

Source18: 01-ldap.conf

Source19: 00-proxyhtml.conf

Source20: userdir.conf

Source21: ssl.conf

Source22: welcome.conf

Source23: manual.conf

Source24: 00-systemd.conf

Source25: 01-session.conf

Source26: 10-listen443.conf

Source27: httpd.socket

Source28: 00-optional.conf

# Documentation

Source30: README.confd

Source31: README.confmod

Source32: httpd.service.xml

Source33: htcacheclean.service.xml

Source34: httpd.conf.xml

Source40: htcacheclean.service

Source41: htcacheclean.sysconf

Source42: httpd-init.service

Source43: httpd-ssl-gencerts

Source44: httpd@.service

Source45: config.layout

# build/scripts patches

# http://bugzilla.redhat.com/show_bug.cgi?id=1231924

# http://bugzilla.redhat.com/show_bug.cgi?id=842736

# http://bugzilla.redhat.com/show_bug.cgi?id=1214401

Patch1: httpd-2.4.35-apachectl.patch

Patch2: httpd-2.4.28-apxs.patch

Patch3: httpd-2.4.35-deplibs.patch

# Needed for socket activation and mod_systemd patch

Patch19: httpd-2.4.35-detect-systemd.patch

# Features/functional changes

Patch20: httpd-2.4.32-export.patch

Patch21: httpd-2.4.35-corelimit.patch

Patch22: httpd-2.4.35-selinux.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1170215

Patch23: httpd-2.4.28-icons.patch

Patch24: httpd-2.4.35-systemd.patch

Patch25: httpd-2.4.35-cachehardmax.patch

Patch26: httpd-2.4.28-socket-activation.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1109119

Patch27: httpd-2.4.35-sslciphdefault.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1332242

Patch28: httpd-2.4.28-statements-comment.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=811714

Patch29: httpd-2.4.35-full-release.patch

Patch30: httpd-2.4.35-freebind.patch

Patch31: httpd-2.4.35-r1830819+.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1638738

Patch32: httpd-2.4.37-sslprotdefault.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1747898

Patch33: httpd-2.4.37-mod-md-mod-ssl-hooks.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1725031

Patch34: httpd-2.4.37-r1861793+.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1704317

Patch35: httpd-2.4.37-sslkeylogfile-support.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1794728

Patch36: httpd-2.4.37-session-expiry-updt-int.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1209162

Patch37: httpd-2.4.37-logjournal.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1869576

Patch38: httpd-2.4.37-pr37355.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1896176

Patch39: httpd-2.4.37-proxy-ws-idle-timeout.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1883648

Patch40: httpd-2.4.37-ssl-proxy-chains.patch

# Bug fixes

# https://bugzilla.redhat.com/show_bug.cgi?id=1397243

Patch61: httpd-2.4.35-r1738878.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1170206

Patch62: httpd-2.4.35-r1633085.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1448892

Patch63: httpd-2.4.28-r1811831.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1602548

Patch65: httpd-2.4.35-r1842888.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1653009

# https://bugzilla.redhat.com/show_bug.cgi?id=1672977

# https://bugzilla.redhat.com/show_bug.cgi?id=1673022

Patch66: httpd-2.4.37-r1842929+.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1630432

Patch67: httpd-2.4.35-r1825120.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1670716

Patch68: httpd-2.4.37-fips-segfault.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1669221

Patch70: httpd-2.4.37-r1840554.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1673022

Patch71: httpd-2.4.37-mod-md-perms.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1724549

Patch72: httpd-2.4.37-mod-mime-magic-strdup.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1724034

Patch73: httpd-2.4.35-ocsp-wrong-ctx.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1633224

Patch74: httpd-2.4.37-r1828172+.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1775158

Patch75: httpd-2.4.37-r1870095+.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1771847

Patch76: httpd-2.4.37-proxy-continue.patch

Patch77: httpd-2.4.37-balancer-failover.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1875844

Patch78: httpd-2.4.37-r1881459.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1891829

Patch79: httpd-2.4.37-r1864000.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1868608

Patch80: httpd-2.4.37-r1872790.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1861380

Patch81: httpd-2.4.37-r1879224.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1680118

Patch82: httpd-2.4.37-r1877397.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1847585

Patch83: httpd-2.4.37-r1878890.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1918741

Patch84: httpd-2.4.37-r1878280.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1891594

Patch85: httpd-2.4.37-htcacheclean-dont-break.patch

# Security fixes

Patch200: httpd-2.4.37-r1851471.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1694980

Patch201: httpd-2.4.37-CVE-2019-0211.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1695025

Patch202: httpd-2.4.37-CVE-2019-0215.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1696141

Patch203: httpd-2.4.37-CVE-2019-0217.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1696097

Patch204: httpd-2.4.37-CVE-2019-0220.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1741860

# https://bugzilla.redhat.com/show_bug.cgi?id=1741864

# https://bugzilla.redhat.com/show_bug.cgi?id=1741868

Patch205: httpd-2.4.34-CVE-2019-9511-and-9516-and-9517.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1823259

# https://bugzilla.redhat.com/show_bug.cgi?id=1747284

# fixes both CVE-2020-1927 and CVE-2019-10098

Patch206: httpd-2.4.37-CVE-2019-10098.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1747281

Patch207: httpd-2.4.37-CVE-2019-10092.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1747291

Patch208: httpd-2.4.37-CVE-2019-10097.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1820772

Patch209: httpd-2.4.37-CVE-2020-1934.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1668493

Patch210: httpd-2.4.37-CVE-2018-17199.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1866563

Patch211: httpd-2.4.37-CVE-2020-11984.patch

License: ASL 2.0

Group: System Environment/Daemons

BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root

BuildRequires: autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto

BuildRequires: zlib-devel, libselinux-devel, lua-devel,  brotli-devel

BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0

BuildRequires: systemd-devel

# web server testpage added to redhat-logos in 82.0 (rhbz1896319)

Requires: /etc/mime.types, system-logos-httpd >= 82.0

Obsoletes: httpd-suexec

Provides: webserver

Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}

Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}

Requires: httpd-tools = %{version}-%{release}

Requires: httpd-filesystem = %{version}-%{release}

Requires: mod_http2

Requires(pre): httpd-filesystem

Requires(preun): systemd-units

Requires(postun): systemd-units

Requires(post): systemd-units

Conflicts: apr < 1.5.0-1

%description

The Apache HTTP Server is a powerful, efficient, and extensible

web server.

%package devel

Group: Development/Libraries

Summary: Development interfaces for the Apache HTTP server

Requires: apr-devel, apr-util-devel, pkgconfig

Requires: httpd = %{version}-%{release}

%description devel

The httpd-devel package contains the APXS binary and other files

that you need to build Dynamic Shared Objects (DSOs) for the

Apache HTTP Server.

If you are installing the Apache HTTP server and you want to be

able to compile or develop additional modules for Apache, you need

to install this package.

%package manual

Group: Documentation

Summary: Documentation for the Apache HTTP server

Requires: httpd = %{version}-%{release}

Obsoletes: secureweb-manual, apache-manual

BuildArch: noarch

%description manual

The httpd-manual package contains the complete manual and

reference guide for the Apache HTTP server. The information can

also be found at http://httpd.apache.org/docs/2.2/.

%package filesystem

Group: System Environment/Daemons

Summary: The basic directory layout for the Apache HTTP server

BuildArch: noarch

Requires(pre): /usr/sbin/useradd

%description filesystem

The httpd-filesystem package contains the basic directory layout

for the Apache HTTP server including the correct permissions

for the directories.

%package tools

Group: System Environment/Daemons

Summary: Tools for use with the Apache HTTP Server

%description tools

The httpd-tools package contains tools which can be used with 

the Apache HTTP Server.

%package -n mod_ssl

Group: System Environment/Daemons

Summary: SSL/TLS module for the Apache HTTP Server

Epoch: 1

BuildRequires: openssl-devel

Requires(pre): httpd-filesystem

Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}

Requires: sscg >= 2.2.0

Obsoletes: stronghold-mod_ssl

# Require an OpenSSL which supports PROFILE=SYSTEM

Conflicts: openssl-libs < 1:1.0.1h-4

%description -n mod_ssl

The mod_ssl module provides strong cryptography for the Apache Web

server via the Secure Sockets Layer (SSL) and Transport Layer

Security (TLS) protocols.

%package -n mod_proxy_html

Group: System Environment/Daemons

Summary: HTML and XML content filters for the Apache HTTP Server

Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}

BuildRequires: libxml2-devel

Epoch: 1

Obsoletes: mod_proxy_html < 1:2.4.1-2

%description -n mod_proxy_html

The mod_proxy_html and mod_xml2enc modules provide filters which can

transform and modify HTML and XML content.

%package -n mod_ldap

Group: System Environment/Daemons

Summary: LDAP authentication modules for the Apache HTTP Server

Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}

Requires: apr-util-ldap

%description -n mod_ldap

The mod_ldap and mod_authnz_ldap modules add support for LDAP

authentication to the Apache HTTP Server.

%package -n mod_session

Group: System Environment/Daemons

Summary: Session interface for the Apache HTTP Server

Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}

%description -n mod_session

The mod_session module and associated backends provide an abstract

interface for storing and accessing per-user session data.

%prep

%setup -q

%patch1 -p1 -b .apctl

%patch2 -p1 -b .apxs

%patch3 -p1 -b .deplibs

%patch19 -p1 -b .detectsystemd

%patch20 -p1 -b .export

%patch21 -p1 -b .corelimit

%patch22 -p1 -b .selinux

%patch23 -p1 -b .icons

%patch24 -p1 -b .systemd

%patch25 -p1 -b .cachehardmax

%patch26 -p1 -b .socketactivation

%patch27 -p1 -b .sslciphdefault

%patch28 -p1 -b .statementscomment

%patch29 -p1 -b .fullrelease

%patch30 -p1 -b .freebind

%patch31 -p1 -b .r1830819+

%patch32 -p1 -b .sslprotdefault

%patch33 -p1 -b .mod-md-mod-ssl-hooks

%patch34 -p1 -b .r1861793+

%patch35 -p1 -b .sslkeylogfile-support

%patch36 -p1 -b .session-expiry

%patch37 -p1 -b .logjournal

%patch38 -p1 -b .pr37355

%patch39 -p1 -b .proxy-ws-idle-timeout

%patch40 -p1 -b .ssl-proxy-chains

%patch61 -p1 -b .r1738878

%patch62 -p1 -b .r1633085

%patch63 -p1 -b .r1811831

%patch65 -p1 -b .r1842888

%patch66 -p1 -b .r1842929+

%patch67 -p1 -b .r1825120

%patch68 -p1 -b .fipscore

%patch70 -p1 -b .r1840554

%patch71 -p1 -b .modmdperms

%patch72 -p1 -b .mimemagic

%patch73 -p1 -b .ocspwrongctx

%patch74 -p1 -b .r1828172+

%patch75 -p1 -b .r1870095+

%patch76 -p1 -b .proxy-continue

%patch77 -p1 -b .balancer-failover

%patch78 -p1 -b .r1881459

%patch79 -p1 -b .r1864000

%patch80 -p1 -b .r1872790

%patch81 -p1 -b .r1879224

%patch82 -p1 -b .r1877397

%patch83 -p1 -b .r1878890

%patch84 -p1 -b .r1878280

%patch85 -p1 -b .htcacheclean-dont-break

%patch200 -p1 -b .r1851471

%patch201 -p1 -b .CVE-2019-0211

%patch202 -p1 -b .CVE-2019-0215

%patch203 -p1 -b .CVE-2019-0217

%patch204 -p1 -b .CVE-2019-0220

%patch205 -p1 -b .CVE-2019-9511-and-9516-and-9517

%patch206 -p1 -b .CVE-2019-10098

%patch207 -p1 -b .CVE-2019-10092

%patch208 -p1 -b .CVE-2019-10097

%patch209 -p1 -b .CVE-2020-1934

%patch210 -p1 -b .CVE-2018-17199

%patch211 -p1 -b .CVE-2020-11984

# Patch in the vendor string

sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h

sed -i 's/@RELEASE@/%{release}/' server/core.c

# Prevent use of setcap in "install-suexec-caps" target.

sed -i '/suexec/s,setcap ,echo Skipping setcap for ,' Makefile.in

# Example conf for instances

cp $RPM_SOURCE_DIR/instance.conf .

sed < $RPM_SOURCE_DIR/httpd.conf >> instance.conf '

0,/^ServerRoot/d;

/# Supplemental configuration/,$d

/^ *CustomLog .logs/s,logs/,logs/${HTTPD_INSTANCE}_,

/^ *ErrorLog .logs/s,logs/,logs/${HTTPD_INSTANCE}_,

'

touch -r $RPM_SOURCE_DIR/instance.conf instance.conf

# Safety check: prevent build if defined MMN does not equal upstream MMN.

vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`

if test "x${vmmn}" != "x%{mmn}"; then

   : Error: Upstream MMN is now ${vmmn}, packaged MMN is %{mmn}

   : Update the mmn macro and rebuild.

   exit 1

fi

# Provide default layout

cp $RPM_SOURCE_DIR/config.layout .

sed '

s,@MPM@,%{mpm},g

s,@DOCROOT@,%{docroot},g

s,@LOGDIR@,%{_localstatedir}/log/httpd,g

' < $RPM_SOURCE_DIR/httpd.conf.xml \

    > httpd.conf.xml

xmlto man ./httpd.conf.xml

xmlto man $RPM_SOURCE_DIR/htcacheclean.service.xml

xmlto man $RPM_SOURCE_DIR/httpd.service.xml

: Building with MMN %{mmn}, MMN-ISA %{mmnisa}

: Default MPM is %{mpm}, vendor string is '%{vstring}'

%build

# forcibly prevent use of bundled apr, apr-util, pcre

rm -rf srclib/{apr,apr-util,pcre}

# regenerate configure scripts

autoheader && autoconf || exit 1

# Before configure; fix location of build dir in generated apxs

%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \

        support/apxs.in

export CFLAGS=$RPM_OPT_FLAGS

export LDFLAGS="-Wl,-z,relro,-z,now"

# Hard-code path to links to avoid unnecessary builddep

export LYNX_PATH=/usr/bin/links

# Build the daemon

./configure \

        --prefix=%{_sysconfdir}/httpd \

        --exec-prefix=%{_prefix} \

        --bindir=%{_bindir} \

        --sbindir=%{_sbindir} \

        --mandir=%{_mandir} \

        --libdir=%{_libdir} \

        --sysconfdir=%{_sysconfdir}/httpd/conf \

        --includedir=%{_includedir}/httpd \

        --libexecdir=%{_libdir}/httpd/modules \

        --datadir=%{contentdir} \

        --enable-layout=Fedora \

        --with-installbuilddir=%{_libdir}/httpd/build \

        --enable-mpms-shared=all \

        --with-apr=%{_prefix} --with-apr-util=%{_prefix} \

        --enable-suexec --with-suexec \

        --enable-suexec-capabilities \

        --with-suexec-caller=%{suexec_caller} \

        --with-suexec-docroot=%{docroot} \

        --without-suexec-logfile \

        --with-suexec-syslog \

        --with-suexec-bin=%{_sbindir}/suexec \

        --with-suexec-uidmin=1000 --with-suexec-gidmin=1000 \

        --with-brotli \

        --enable-pie \

        --with-pcre \

        --enable-mods-shared=all \

        --enable-ssl --with-ssl --disable-distcache \

        --enable-proxy --enable-proxy-fdpass \

        --enable-cache \

        --enable-disk-cache \

        --enable-ldap --enable-authnz-ldap \

        --enable-cgid --enable-cgi \

        --enable-cgid-fdpassing \

        --enable-authn-anon --enable-authn-alias \

        --disable-imagemap --disable-file-cache \

        --disable-http2 \

        --disable-md \

        $*

make %{?_smp_mflags}

%install

rm -rf $RPM_BUILD_ROOT

make DESTDIR=$RPM_BUILD_ROOT install

# Install systemd service files

mkdir -p $RPM_BUILD_ROOT%{_unitdir}

for s in httpd.service htcacheclean.service httpd.socket \

         httpd@.service httpd-init.service; do

  install -p -m 644 $RPM_SOURCE_DIR/${s} \

                    $RPM_BUILD_ROOT%{_unitdir}/${s}

done

# install conf file/directory

mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \

      $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d

install -m 644 $RPM_SOURCE_DIR/README.confd \

    $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README

install -m 644 $RPM_SOURCE_DIR/README.confmod \

    $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/README

for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \

         00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \

         01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf; do

  install -m 644 -p $RPM_SOURCE_DIR/$f \

        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f

done

sed -i '/^#LoadModule mpm_%{mpm}_module /s/^#//' \

     $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/00-mpm.conf

touch -r $RPM_SOURCE_DIR/00-mpm.conf \

     $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/00-mpm.conf

# install systemd override drop directory

# Web application packages can drop snippets into this location if

# they need ExecStart[pre|post].

mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.service.d

mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d

install -m 644 -p $RPM_SOURCE_DIR/10-listen443.conf \

      $RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d/10-listen443.conf

for f in welcome.conf ssl.conf manual.conf userdir.conf; do

  install -m 644 -p $RPM_SOURCE_DIR/$f \

        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/$f

done

# Split-out extra config shipped as default in conf.d:

for f in autoindex; do

  install -m 644 docs/conf/extra/httpd-${f}.conf \

        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/${f}.conf

done

# Extra config trimmed:

rm -v docs/conf/extra/httpd-{ssl,userdir}.conf

rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/*.conf

install -m 644 -p $RPM_SOURCE_DIR/httpd.conf \

   $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/httpd.conf

mkdir $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig

install -m 644 -p $RPM_SOURCE_DIR/htcacheclean.sysconf \

   $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/htcacheclean

# tmpfiles.d configuration

mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d 

install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \

   $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/httpd.conf

# Other directories

mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \

         $RPM_BUILD_ROOT%{_localstatedir}/lib/httpd \

         $RPM_BUILD_ROOT/run/httpd/htcacheclean

# Substitute in defaults which are usually done (badly) by "make install"

sed -i \

   "s,@@ServerRoot@@/var,%{_localstatedir}/lib/dav,;

    s,@@ServerRoot@@/user.passwd,/etc/httpd/conf/user.passwd,;

    s,@@ServerRoot@@/docs,%{docroot},;

    s,@@ServerRoot@@,%{docroot},;

    s,@@Port@@,80,;" \

    docs/conf/extra/*.conf

# Create cache directory

mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd \

         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/proxy \

         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/ssl

# Make the MMN accessible to module packages

echo %{mmnisa} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn

mkdir -p $RPM_BUILD_ROOT%{_rpmconfigdir}/macros.d

cat > $RPM_BUILD_ROOT%{_rpmconfigdir}/macros.d/macros.httpd <

%%_httpd_mmn %{mmnisa}

%%_httpd_apxs %%{_bindir}/apxs

%%_httpd_modconfdir %%{_sysconfdir}/httpd/conf.modules.d

%%_httpd_confdir %%{_sysconfdir}/httpd/conf.d

%%_httpd_contentdir %{contentdir}

%%_httpd_moddir %%{_libdir}/httpd/modules

EOF

# Handle contentdir

mkdir $RPM_BUILD_ROOT%{contentdir}/noindex

ln -s ../../testpage/index.html \

      $RPM_BUILD_ROOT%{contentdir}/noindex/index.html

rm -rf %{contentdir}/htdocs

# remove manual sources

find $RPM_BUILD_ROOT%{contentdir}/manual \( \

    -name \*.xml -o -name \*.xml.* -o -name \*.ent -o -name \*.xsl -o -name \*.dtd \

    \) -print0 | xargs -0 rm -f

# Strip the manual down just to English and replace the typemaps with flat files:

set +x

for f in `find $RPM_BUILD_ROOT%{contentdir}/manual -name \*.html -type f`; do

   if test -f ${f}.en; then

      cp ${f}.en ${f}

      rm ${f}.*

   fi

done

set -x

# Clean Document Root

rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \

      $RPM_BUILD_ROOT%{docroot}/cgi-bin/*

# Symlink for the powered-by-$DISTRO image:

ln -s ../../pixmaps/poweredby.png \

        $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png

# symlinks for /etc/httpd

rmdir $RPM_BUILD_ROOT/etc/httpd/{state,run}

ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs

ln -s ../..%{_localstatedir}/lib/httpd $RPM_BUILD_ROOT/etc/httpd/state

ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run

ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules

# install http-ssl-pass-dialog

mkdir -p $RPM_BUILD_ROOT%{_libexecdir}

install -m755 $RPM_SOURCE_DIR/httpd-ssl-pass-dialog \

        $RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog

# install http-ssl-gencerts

install -m755 $RPM_SOURCE_DIR/httpd-ssl-gencerts \

        $RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-gencerts

# Install action scripts

mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd

for f in graceful configtest; do

    install -p -m 755 $RPM_SOURCE_DIR/action-${f}.sh \

            $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd/${f}

done

# Install logrotate config

mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d

install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \

        $RPM_BUILD_ROOT/etc/logrotate.d/httpd

# Install man pages

install -d $RPM_BUILD_ROOT%{_mandir}/man8 $RPM_BUILD_ROOT%{_mandir}/man5

install -m 644 -p httpd.service.8 httpd-init.service.8 httpd.socket.8 \

        httpd@.service.8  htcacheclean.service.8 \

        $RPM_BUILD_ROOT%{_mandir}/man8

install -m 644 -p httpd.conf.5 \

        $RPM_BUILD_ROOT%{_mandir}/man5

# fix man page paths

sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \

    -e "s|/usr/local/apache2/conf/mime.types|/etc/mime.types|" \

    -e "s|/usr/local/apache2/conf/magic|/etc/httpd/conf/magic|" \

    -e "s|/usr/local/apache2/logs/error_log|/var/log/httpd/error_log|" \

    -e "s|/usr/local/apache2/logs/access_log|/var/log/httpd/access_log|" \

    -e "s|/usr/local/apache2/logs/httpd.pid|/run/httpd/httpd.pid|" \

    -e "s|/usr/local/apache2|/etc/httpd|" < docs/man/httpd.8 \

  > $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8

# Make ap_config_layout.h libdir-agnostic

sed -i '/.*DEFAULT_..._LIBEXECDIR/d;/DEFAULT_..._INSTALLBUILDDIR/d' \

    $RPM_BUILD_ROOT%{_includedir}/httpd/ap_config_layout.h

# Fix path to instdso in special.mk

sed -i '/instdso/s,top_srcdir,top_builddir,' \

    $RPM_BUILD_ROOT%{_libdir}/httpd/build/special.mk

# Remove unpackaged files

rm -vf \

      $RPM_BUILD_ROOT%{_libdir}/*.exp \

      $RPM_BUILD_ROOT/etc/httpd/conf/mime.types \

      $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.exp \

      $RPM_BUILD_ROOT%{_libdir}/httpd/build/config.nice \

      $RPM_BUILD_ROOT%{_bindir}/{ap?-config,dbmmanage} \

      $RPM_BUILD_ROOT%{_sbindir}/{checkgid,envvars*} \

      $RPM_BUILD_ROOT%{contentdir}/htdocs/* \

      $RPM_BUILD_ROOT%{_mandir}/man1/dbmmanage.* \

      $RPM_BUILD_ROOT%{contentdir}/cgi-bin/*

rm -rf $RPM_BUILD_ROOT/etc/httpd/conf/{original,extra}

%pre filesystem

getent group apache >/dev/null || groupadd -g 48 -r apache

getent passwd apache >/dev/null || \

  useradd -r -u 48 -g apache -s /sbin/nologin \

    -d %{contentdir} -c "Apache" apache

exit 0

%post

%systemd_post httpd.service htcacheclean.service httpd.socket

%preun

%systemd_preun httpd.service htcacheclean.service httpd.socket

%postun

%systemd_postun httpd.service htcacheclean.service httpd.socket

# Trigger for conversion from SysV, per guidelines at:

# https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd

%triggerun -- httpd < 2.2.21-5

# Save the current service runlevel info

# User must manually run systemd-sysv-convert --apply httpd

# to migrate them to systemd targets

/usr/bin/systemd-sysv-convert --save httpd.service >/dev/null 2>&1 ||:

# Run these because the SysV package being removed won't do them

/sbin/chkconfig --del httpd >/dev/null 2>&1 || :

%posttrans

test -f /etc/sysconfig/httpd-disable-posttrans || \

  /bin/systemctl try-restart --no-block httpd.service htcacheclean.service >/dev/null 2>&1 || :

%check

# Check the built modules are all PIC

if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then

   : modules contain non-relocatable code

   exit 1

fi

set +x

rv=0

# Ensure every mod_* that's built is loaded.

for f in $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so; do

  m=${f##*/}

  if ! grep -q $m $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/*.conf; then

    echo ERROR: Module $m not configured.  Disable it, or load it.

    rv=1

  fi

done

# Ensure every loaded mod_* is actually built

mods=`grep -h ^LoadModule $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/*.conf | sed 's,.*modules/,,'`

for m in $mods; do

  f=$RPM_BUILD_ROOT%{_libdir}/httpd/modules/${m}

  if ! test -x $f; then

    echo ERROR: Module $m is configured but not built.

    rv=1