%define contentdir %{_datadir}/httpd

%define docroot /var/www

%define suexec_caller apache

%define mmn 20120211

%define mmnisa %{mmn}%{__isa_name}%{__isa_bits}

%define vstring %(source /etc/os-release; echo ${NAME})

%if 0%{?fedora} > 26 || 0%{?rhel} > 7

%global mpm event

%else

%global mpm prefork

%endif

Summary: Apache HTTP Server

Name: httpd

Version: 2.4.53

Release: 11%{?dist}

URL: https://httpd.apache.org/

Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2

Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc

# gpg key file downloaded and verified by luhliarik

# https://httpd.apache.org/dev/verification.html

Source2: https://dist.apache.org/repos/dist/release/httpd/KEYS

Source3: httpd.logrotate

Source4: instance.conf

Source5: httpd-ssl-pass-dialog

Source6: httpd.tmpfiles

Source7: httpd.service

Source8: action-graceful.sh

Source9: action-configtest.sh

Source10: server-status.conf

Source11: httpd.conf

Source12: 00-base.conf

Source13: 00-mpm.conf

Source14: 00-lua.conf

Source15: 01-cgi.conf

Source16: 00-dav.conf

Source17: 00-proxy.conf

Source18: 00-ssl.conf

Source19: 01-ldap.conf

Source20: 00-proxyhtml.conf

Source21: userdir.conf

Source22: ssl.conf

Source23: welcome.conf

Source24: manual.conf

Source25: 00-systemd.conf

Source26: 01-session.conf

Source27: 10-listen443.conf

Source28: httpd.socket

Source29: 00-optional.conf

Source30: README.confd

Source31: README.confmod

Source32: httpd.service.xml

Source33: htcacheclean.service.xml

Source34: httpd.conf.xml

Source35: 00-brotli.conf

Source40: htcacheclean.service

Source41: htcacheclean.sysconf

Source42: httpd-init.service

Source43: httpd-ssl-gencerts

Source44: httpd@.service

Source45: config.layout

Source46: apachectl.sh

Source47: apachectl.xml

Source48: apache-poweredby.png

# build/scripts patches

Patch2: httpd-2.4.43-apxs.patch

Patch3: httpd-2.4.43-deplibs.patch

# Needed for socket activation and mod_systemd patch

Patch19: httpd-2.4.53-detect-systemd.patch

# Features/functional changes

Patch21: httpd-2.4.48-r1842929+.patch

Patch22: httpd-2.4.43-mod_systemd.patch

Patch23: httpd-2.4.48-export.patch

Patch24: httpd-2.4.43-corelimit.patch

Patch25: httpd-2.4.43-selinux.patch

Patch26: httpd-2.4.43-gettid.patch

Patch27: httpd-2.4.53-icons.patch

Patch30: httpd-2.4.43-cachehardmax.patch

Patch34: httpd-2.4.43-socket-activation.patch

Patch38: httpd-2.4.43-sslciphdefault.patch

Patch39: httpd-2.4.43-sslprotdefault.patch

Patch40: httpd-2.4.43-r1861269.patch

Patch41: httpd-2.4.43-r1861793+.patch

Patch42: httpd-2.4.48-r1828172+.patch

Patch45: httpd-2.4.43-logjournal.patch

Patch46: httpd-2.4.48-proxy-ws-idle-timeout.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1949969

Patch47: httpd-2.4.43-pr37355.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1949606

Patch48: httpd-2.4.46-freebind.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1950021

Patch49: httpd-2.4.48-ssl-proxy-chains.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=2004143

Patch50: httpd-2.4.48-r1825120.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=2079939

# backported regression fix

Patch51: httpd-2.4.53-r1901199.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=2065677

Patch52: httpd-2.4.53-separate-systemd-fns.patch

# Bug fixes

# https://bugzilla.redhat.com/show_bug.cgi?id=1397243

Patch60: httpd-2.4.43-enable-sslv3.patch

Patch61: httpd-2.4.46-htcacheclean-dont-break.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1932442

Patch64: httpd-2.4.48-full-release.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1950011

Patch65: httpd-2.4.51-r1877397.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=1938740

Patch66: httpd-2.4.51-r1892413+.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=2073459

Patch67: httpd-2.4.51-r1811831.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=2098056

Patch68: httpd-2.4.53-r1878890.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=2151313

Patch69: httpd-2.4.53-proxy-util-loglevel.patch

# Security fixes

# https://bugzilla.redhat.com/show_bug.cgi?id=2094997

Patch200: httpd-2.4.53-CVE-2022-26377.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=2095006

Patch201: httpd-2.4.53-CVE-2022-28615.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=2095020

Patch202: httpd-2.4.53-CVE-2022-31813.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=2095002

Patch203: httpd-2.4.53-CVE-2022-28614.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=2095012

Patch204: httpd-2.4.53-CVE-2022-29404.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=2095015

Patch205: httpd-2.4.53-CVE-2022-30522.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=2095018

Patch206: httpd-2.4.53-CVE-2022-30556.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=2161773

Patch207: httpd-2.4.53-CVE-2022-37436.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=2161774

Patch208: httpd-2.4.53-CVE-2006-20001.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=2161777

Patch209: httpd-2.4.53-CVE-2022-36760.patch

License: ASL 2.0

BuildRequires: gcc, autoconf, pkgconfig, findutils, xmlto

BuildRequires: perl-interpreter, perl-generators, systemd-devel

BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel

BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0

BuildRequires: gnupg2

Requires: system-logos-httpd

Provides: webserver

Requires: httpd-core = 0:%{version}-%{release}

Recommends: mod_http2, mod_lua

Requires(preun): systemd-units

Requires(postun): systemd-units

Requires(post): systemd-units

%description

The Apache HTTP Server is a powerful, efficient, and extensible

web server.

%package core

Summary: httpd minimal core

Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}

Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}

Provides: mod_proxy_uwsgi = %{version}-%{release}

Requires: /etc/mime.types

Requires: httpd-tools = %{version}-%{release}

Requires: httpd-filesystem = %{version}-%{release}

Requires(pre): httpd-filesystem

Conflicts: apr < 1.5.0-1

Conflicts: httpd < 2.4.53-3

Conflicts: mod_http2 < 1.15.19-3

Obsoletes: mod_proxy_uwsgi < 2.0.17.1-2

%description core

The httpd-core package contains essential httpd binaries.

%package devel

Summary: Development interfaces for the Apache HTTP Server

Requires: apr-devel, apr-util-devel, pkgconfig

Requires: httpd-core = %{version}-%{release}

%description devel

The httpd-devel package contains the APXS binary and other files

that you need to build Dynamic Shared Objects (DSOs) for the

Apache HTTP Server.

If you are installing the Apache HTTP Server and you want to be

able to compile or develop additional modules for Apache, you need

to install this package.

%package manual

Summary: Documentation for the Apache HTTP Server

Requires: httpd-core = 0:%{version}-%{release}

BuildArch: noarch

%description manual

The httpd-manual package contains the complete manual and

reference guide for the Apache HTTP Server. The information can

also be found at https://httpd.apache.org/docs/2.4/.

%package filesystem

Summary: The basic directory layout for the Apache HTTP Server

BuildArch: noarch

Requires(pre): /usr/sbin/useradd

%description filesystem

The httpd-filesystem package contains the basic directory layout

for the Apache HTTP Server including the correct permissions

for the directories.

%package tools

Summary: Tools for use with the Apache HTTP Server

%description tools

The httpd-tools package contains tools which can be used with 

the Apache HTTP Server.

%package -n mod_ssl

Summary: SSL/TLS module for the Apache HTTP Server

Epoch: 1

BuildRequires: openssl-devel

Requires(pre): httpd-filesystem

Requires: httpd-core = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}

Requires: sscg >= 3.0.0-7, /usr/bin/hostname

# Require an OpenSSL which supports PROFILE=SYSTEM

Conflicts: openssl-libs < 1:1.0.1h-4

%description -n mod_ssl

The mod_ssl module provides strong cryptography for the Apache HTTP

server via the Secure Sockets Layer (SSL) and Transport Layer

Security (TLS) protocols.

%package -n mod_proxy_html

Summary: HTML and XML content filters for the Apache HTTP Server

Requires: httpd-core = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}

BuildRequires: libxml2-devel

BuildRequires: make

Epoch: 1

Obsoletes: mod_proxy_html < 1:2.4.1-2

%description -n mod_proxy_html

The mod_proxy_html and mod_xml2enc modules provide filters which can

transform and modify HTML and XML content.

%package -n mod_ldap

Summary: LDAP authentication modules for the Apache HTTP Server

Requires: httpd-core = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}

Requires: apr-util-ldap

%description -n mod_ldap

The mod_ldap and mod_authnz_ldap modules add support for LDAP

authentication to the Apache HTTP Server.

%package -n mod_session

Summary: Session interface for the Apache HTTP Server

Requires: httpd-core = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}

%description -n mod_session

The mod_session module and associated backends provide an abstract

interface for storing and accessing per-user session data.

%package -n mod_lua

Summary: Lua scripting support for the Apache HTTP Server

Requires: httpd-core = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}

%description -n mod_lua

The mod_lua module allows the server to be extended with scripts

written in the Lua programming language.

%prep

%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'

%setup -q

%patch2 -p1 -b .apxs

%patch3 -p1 -b .deplibs

%patch19 -p1 -b .detectsystemd

%patch21 -p1 -b .r1842929+

%patch22 -p1 -b .mod_systemd

%patch23 -p1 -b .export

%patch24 -p1 -b .corelimit

%patch25 -p1 -b .selinux

%patch26 -p1 -b .gettid

%patch27 -p1 -b .icons

%patch30 -p1 -b .cachehardmax

%patch34 -p1 -b .socketactivation

%patch38 -p1 -b .sslciphdefault

%patch39 -p1 -b .sslprotdefault

%patch40 -p1 -b .r1861269

%patch41 -p1 -b .r1861793+

%patch42 -p1 -b .r1828172+

%patch45 -p1 -b .logjournal

%patch46 -p1 -b .proxy-ws-idle-timeout

%patch47 -p1 -b .pr37355

%patch48 -p1 -b .freebind

%patch49 -p1 -b .ssl-proxy-chains

%patch50 -p1 -b .r1825120

%patch51 -p1 -b .r1901199

%patch52 -p1 -b .separatesystemd

%patch60 -p1 -b .enable-sslv3

%patch61 -p1 -b .htcacheclean-dont-break

%patch64 -p1 -b .full-release

%patch65 -p1 -b .r1877397

%patch66 -p1 -b .r1892413+

%patch67 -p1 -b .r1811831

%patch68 -p1 -b .r1878890

%patch69 -p1 -b .proxyutil-loglevel

%patch200 -p1 -b .CVE-2022-26377

%patch201 -p1 -b .CVE-2022-28615

%patch202 -p1 -b .CVE-2022-31813

%patch203 -p1 -b .CVE-2022-28614

%patch204 -p1 -b .CVE-2022-29404

%patch205 -p1 -b .CVE-2022-30522

%patch206 -p1 -b .CVE-2022-30556

%patch207 -p1 -b .CVE-2022-37436

%patch208 -p1 -b .CVE-2006-20001

%patch209 -p1 -b .CVE-2022-36760

# Patch in the vendor string

sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h

sed -i 's/@RELEASE@/%{release}/' server/core.c

# Prevent use of setcap in "install-suexec-caps" target.

sed -i '/suexec/s,setcap ,echo Skipping setcap for ,' Makefile.in

# Example conf for instances

cp $RPM_SOURCE_DIR/instance.conf .

sed < $RPM_SOURCE_DIR/httpd.conf >> instance.conf '

0,/^ServerRoot/d;

/# Supplemental configuration/,$d

/^ *CustomLog .logs/s,logs/,logs/${HTTPD_INSTANCE}_,

/^ *ErrorLog .logs/s,logs/,logs/${HTTPD_INSTANCE}_,

'

touch -r $RPM_SOURCE_DIR/instance.conf instance.conf

cp -p $RPM_SOURCE_DIR/server-status.conf server-status.conf

# Safety check: prevent build if defined MMN does not equal upstream MMN.

vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`

if test "x${vmmn}" != "x%{mmn}"; then

   : Error: Upstream MMN is now ${vmmn}, packaged MMN is %{mmn}

   : Update the mmn macro and rebuild.

   exit 1

fi

# A new logo which comes together with a new test page

cp %{SOURCE48} ./docs/icons/apache_pb3.png

# Provide default layout

cp $RPM_SOURCE_DIR/config.layout .

sed '

s,@MPM@,%{mpm},g

s,@DOCROOT@,%{docroot},g

s,@LOGDIR@,%{_localstatedir}/log/httpd,g

' < $RPM_SOURCE_DIR/httpd.conf.xml \

    > httpd.conf.xml

xmlto man ./httpd.conf.xml

xmlto man $RPM_SOURCE_DIR/htcacheclean.service.xml

xmlto man $RPM_SOURCE_DIR/httpd.service.xml

# apachectl.xml => apachectl.8

xmlto man %{SOURCE47}

: Building with MMN %{mmn}, MMN-ISA %{mmnisa}

: Default MPM is %{mpm}, vendor string is '%{vstring}'

%build

# forcibly prevent use of bundled apr, apr-util, pcre

rm -rf srclib/{apr,apr-util,pcre}

# regenerate configure scripts

autoheader && autoconf || exit 1

# Before configure; fix location of build dir in generated apxs

%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \

        support/apxs.in

export CFLAGS=$RPM_OPT_FLAGS

export LDFLAGS="-Wl,-z,relro,-z,now"

# Hard-code path to links to avoid unnecessary builddep

export LYNX_PATH=/usr/bin/links

# Build the daemon

./configure \

        --prefix=%{_sysconfdir}/httpd \

        --exec-prefix=%{_prefix} \

        --bindir=%{_bindir} \

        --sbindir=%{_sbindir} \

        --mandir=%{_mandir} \

        --libdir=%{_libdir} \

        --sysconfdir=%{_sysconfdir}/httpd/conf \

        --includedir=%{_includedir}/httpd \

        --libexecdir=%{_libdir}/httpd/modules \

        --datadir=%{contentdir} \

        --enable-layout=Fedora \

        --with-installbuilddir=%{_libdir}/httpd/build \

        --enable-mpms-shared=all \

        --with-apr=%{_prefix} --with-apr-util=%{_prefix} \

        --enable-suexec --with-suexec \

        --enable-suexec-capabilities \

        --with-suexec-caller=%{suexec_caller} \

        --with-suexec-docroot=%{docroot} \

        --without-suexec-logfile \

        --with-suexec-syslog \

        --with-suexec-bin=%{_sbindir}/suexec \

        --with-suexec-uidmin=1000 --with-suexec-gidmin=1000 \

        --with-brotli \

        --enable-pie \

        --with-pcre=/usr/bin/pcre-config \

        --enable-mods-shared=all \

        --enable-ssl --with-ssl --disable-distcache \

        --enable-proxy --enable-proxy-fdpass \

        --enable-cache \

        --enable-disk-cache \

        --enable-ldap --enable-authnz-ldap \

        --enable-cgid --enable-cgi \

        --enable-cgid-fdpassing \

        --enable-authn-anon --enable-authn-alias \

        --enable-systemd \

        --disable-imagemap --disable-file-cache \

        --disable-http2 \

        --disable-md \

        $*

%make_build

%install

rm -rf $RPM_BUILD_ROOT

%make_install

# Install systemd service files

mkdir -p $RPM_BUILD_ROOT%{_unitdir}

for s in httpd.service htcacheclean.service httpd.socket \

         httpd@.service httpd-init.service; do

  install -p -m 644 $RPM_SOURCE_DIR/${s} \

                    $RPM_BUILD_ROOT%{_unitdir}/${s}

done

# install conf file/directory

mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \

      $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d

install -m 644 $RPM_SOURCE_DIR/README.confd \

    $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README

install -m 644 $RPM_SOURCE_DIR/README.confmod \

    $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/README

for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \

         00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \

         01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf \

         00-brotli.conf; do

  install -m 644 -p $RPM_SOURCE_DIR/$f \

        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f

done

sed -i '/^#LoadModule mpm_%{mpm}_module /s/^#//' \

     $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/00-mpm.conf

touch -r $RPM_SOURCE_DIR/00-mpm.conf \

     $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/00-mpm.conf

# install systemd override drop directory

# Web application packages can drop snippets into this location if

# they need ExecStart[pre|post].

mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.service.d

mkdir $RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d

install -m 644 -p $RPM_SOURCE_DIR/10-listen443.conf \

      $RPM_BUILD_ROOT%{_unitdir}/httpd.socket.d/10-listen443.conf

for f in welcome.conf ssl.conf manual.conf userdir.conf; do

  install -m 644 -p $RPM_SOURCE_DIR/$f \

        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/$f

done

# Split-out extra config shipped as default in conf.d:

for f in autoindex; do

  install -m 644 docs/conf/extra/httpd-${f}.conf \

        $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/${f}.conf

done

# Extra config trimmed:

rm -v docs/conf/extra/httpd-{ssl,userdir}.conf

rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/*.conf

install -m 644 -p $RPM_SOURCE_DIR/httpd.conf \

   $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/httpd.conf

mkdir $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig

install -m 644 -p $RPM_SOURCE_DIR/htcacheclean.sysconf \

   $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/htcacheclean

# tmpfiles.d configuration

mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d 

install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \

   $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/httpd.conf

# Other directories

mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/httpd \

         $RPM_BUILD_ROOT/run/httpd/htcacheclean

# Substitute in defaults which are usually done (badly) by "make install"

sed -i \

   "/^DavLockDB/d;

    s,@@ServerRoot@@/user.passwd,/etc/httpd/conf/user.passwd,;

    s,@@ServerRoot@@/docs,%{docroot},;

    s,@@ServerRoot@@,%{docroot},;

    s,@@Port@@,80,;" \

    docs/conf/extra/*.conf

# Set correct path for httpd binary in apachectl script

sed 's,@HTTPDBIN@,%{_sbindir}/httpd,g' $RPM_SOURCE_DIR/apachectl.sh \

    > apachectl.sh

# Create cache directory

mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd \

         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/proxy \

         $RPM_BUILD_ROOT%{_localstatedir}/cache/httpd/ssl

# Make the MMN accessible to module packages

echo %{mmnisa} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn

mkdir -p $RPM_BUILD_ROOT%{_rpmconfigdir}/macros.d

cat > $RPM_BUILD_ROOT%{_rpmconfigdir}/macros.d/macros.httpd <

%%_httpd_mmn %{mmnisa}

%%_httpd_apxs %%{_libdir}/httpd/build/vendor-apxs

%%_httpd_modconfdir %%{_sysconfdir}/httpd/conf.modules.d

%%_httpd_confdir %%{_sysconfdir}/httpd/conf.d

%%_httpd_contentdir %{contentdir}

%%_httpd_moddir %%{_libdir}/httpd/modules

%%_httpd_requires Requires: httpd-mmn = %%{_httpd_mmn}

EOF

# Handle contentdir

mkdir $RPM_BUILD_ROOT%{contentdir}/noindex \

      $RPM_BUILD_ROOT%{contentdir}/server-status

ln -s ../../testpage/index.html \

      $RPM_BUILD_ROOT%{contentdir}/noindex/index.html

install -m 644 -p docs/server-status/* \

        $RPM_BUILD_ROOT%{contentdir}/server-status

rm -rf %{contentdir}/htdocs

# remove manual sources

find $RPM_BUILD_ROOT%{contentdir}/manual \( \

    -name \*.xml -o -name \*.xml.* -o -name \*.ent -o -name \*.xsl -o -name \*.dtd \

    \) -print0 | xargs -0 rm -f

# Strip the manual down just to English and replace the typemaps with flat files:

set +x

for f in `find $RPM_BUILD_ROOT%{contentdir}/manual -name \*.html -type f`; do

   if test -f ${f}.en; then

      cp ${f}.en ${f}

      rm ${f}.*

   fi

done

set -x

# Clean Document Root

rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \

      $RPM_BUILD_ROOT%{docroot}/cgi-bin/*

# Symlink for the powered-by-$DISTRO image:

ln -s ../../pixmaps/poweredby.png \

        $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png

# Symlink for the system logo

ln -s ../../pixmaps/system-noindex-logo.png \

        $RPM_BUILD_ROOT%{contentdir}/icons/system_noindex_logo.png

# symlinks for /etc/httpd

rmdir $RPM_BUILD_ROOT/etc/httpd/{state,run}

ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs

ln -s ../..%{_localstatedir}/lib/httpd $RPM_BUILD_ROOT/etc/httpd/state

ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run

ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules

# install http-ssl-pass-dialog

mkdir -p $RPM_BUILD_ROOT%{_libexecdir}

install -m755 $RPM_SOURCE_DIR/httpd-ssl-pass-dialog \

        $RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog

# install http-ssl-gencerts

install -m755 $RPM_SOURCE_DIR/httpd-ssl-gencerts \

        $RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-gencerts

# Install scripts

install -m 755 apachectl.sh $RPM_BUILD_ROOT%{_sbindir}/apachectl

touch -r $RPM_SOURCE_DIR/apachectl.sh $RPM_BUILD_ROOT%{_sbindir}/apachectl

mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd

for f in graceful configtest; do

    install -p -m 755 $RPM_SOURCE_DIR/action-${f}.sh \

            $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd/${f}

done

# Install logrotate config

mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d

install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \

        $RPM_BUILD_ROOT/etc/logrotate.d/httpd

# Install man pages

install -d $RPM_BUILD_ROOT%{_mandir}/man8 $RPM_BUILD_ROOT%{_mandir}/man5

install -m 644 -p httpd.service.8 httpd-init.service.8 httpd.socket.8 \

        httpd@.service.8 htcacheclean.service.8 apachectl.8 \

        $RPM_BUILD_ROOT%{_mandir}/man8

install -m 644 -p httpd.conf.5 \

        $RPM_BUILD_ROOT%{_mandir}/man5

# fix man page paths

sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \

    -e "s|/usr/local/apache2/conf/mime.types|/etc/mime.types|" \

    -e "s|/usr/local/apache2/conf/magic|/etc/httpd/conf/magic|" \

    -e "s|/usr/local/apache2/logs/error_log|/var/log/httpd/error_log|" \

    -e "s|/usr/local/apache2/logs/access_log|/var/log/httpd/access_log|" \

    -e "s|/usr/local/apache2/logs/httpd.pid|/run/httpd/httpd.pid|" \

    -e "s|/usr/local/apache2|/etc/httpd|" < docs/man/httpd.8 \

  > $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8

# Make ap_config_layout.h libdir-agnostic

sed -i '/.*DEFAULT_..._LIBEXECDIR/d;/DEFAULT_..._INSTALLBUILDDIR/d' \

    $RPM_BUILD_ROOT%{_includedir}/httpd/ap_config_layout.h

# Fix path to instdso in special.mk

sed -i '/instdso/s,top_srcdir,top_builddir,' \

    $RPM_BUILD_ROOT%{_libdir}/httpd/build/special.mk

# vendor-apxs uses an unsanitized config_vars.mk which may

# have dependencies on redhat-rpm-config.  apxs uses the

# config_vars.mk with a sanitized config_vars.mk

cp -p $RPM_BUILD_ROOT%{_libdir}/httpd/build/config_vars.mk \

      $RPM_BUILD_ROOT%{_libdir}/httpd/build/vendor_config_vars.mk

# Sanitize CFLAGS in standard config_vars.mk

sed '/^CFLAGS/s,=.*$,= -O2 -g -Wall,' \

    -i $RPM_BUILD_ROOT%{_libdir}/httpd/build/config_vars.mk

sed 's/config_vars.mk/vendor_config_vars.mk/' \

    $RPM_BUILD_ROOT%{_bindir}/apxs \

    > $RPM_BUILD_ROOT%{_libdir}/httpd/build/vendor-apxs

touch -r $RPM_BUILD_ROOT%{_bindir}/apxs \

      $RPM_BUILD_ROOT%{_libdir}/httpd/build/vendor-apxs

chmod 755 $RPM_BUILD_ROOT%{_libdir}/httpd/build/vendor-apxs

# Remove unpackaged files

rm -vf \

      $RPM_BUILD_ROOT%{_libdir}/*.exp \

      $RPM_BUILD_ROOT/etc/httpd/conf/mime.types \

      $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.exp \

      $RPM_BUILD_ROOT%{_libdir}/httpd/build/config.nice \

      $RPM_BUILD_ROOT%{_bindir}/{ap?-config,dbmmanage} \

      $RPM_BUILD_ROOT%{_sbindir}/{checkgid,envvars*} \

      $RPM_BUILD_ROOT%{contentdir}/htdocs/* \

      $RPM_BUILD_ROOT%{_mandir}/man1/dbmmanage.* \

      $RPM_BUILD_ROOT%{contentdir}/cgi-bin/*

rm -rf $RPM_BUILD_ROOT/etc/httpd/conf/{original,extra}

%pre filesystem

getent group apache >/dev/null || groupadd -g 48 -r apache

getent passwd apache >/dev/null || \

  useradd -r -u 48 -g apache -s /sbin/nologin \

    -d %{contentdir} -c "Apache" apache

exit 0

%post

%systemd_post httpd.service htcacheclean.service httpd.socket

%preun

%systemd_preun httpd.service htcacheclean.service httpd.socket

%postun

%systemd_postun httpd.service htcacheclean.service httpd.socket

%posttrans

test -f /etc/sysconfig/httpd-disable-posttrans || \

  /bin/systemctl try-restart --no-block httpd.service htcacheclean.service >/dev/null 2>&1 || :

%check

make -C server exports.o

nm --defined httpd > exports-actual.list

set +x

rv=0

nm --defined-only server/exports.o | \

  sed -n '/ap_hack_/{s/.* ap_hack_//;/^ap[ru]/d;p;}' | \

  while read sym; do

    if ! grep -q " "$sym\$ exports-actual.list; then

     echo ERROR: Symbol $sym missing in httpd exports

     rv=1

    fi

  done

if [ $rv -eq 0 ]; then

  echo PASS: Symbol export list verified.

fi

# Check the built modules are all PIC

if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then

   echo FAIL: Modules contain non-relocatable code

   rv=1

else

   echo PASS: No non-relocatable code in module builds

fi

# Ensure every mod_* that's built is loaded.

for f in $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so; do

  m=${f##*/}

  if ! grep -q $m $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/*.conf; then

    echo FAIL: Module $m not configured.  Disable it, or load it.

    rv=1

   else

    echo PASS: Module $m is configured and loaded.

  fi

done

# Ensure every loaded mod_* is actually built

mods=`grep -h ^LoadModule $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/*.conf | sed 's,.*modules/,,'`

for m in $mods; do

  f=$RPM_BUILD_ROOT%{_libdir}/httpd/modules/${m}

  if ! test -x $f; then

    echo FAIL: Module $m is configured but not built.

    rv=1

  else

    echo PASS: Loaded module $m is installed.