diff options
author | jlam <jlam@pkgsrc.org> | 2001-12-26 21:20:26 +0000 |
---|---|---|
committer | jlam <jlam@pkgsrc.org> | 2001-12-26 21:20:26 +0000 |
commit | da525c873fde86ade30d8a9ca981391369e5a302 (patch) | |
tree | db288e147ec49a0af8e9db2f388aa4298747274f | |
parent | 796bc74052b7b1cfb280b9d7eb82fba99eb142bd (diff) | |
download | pkgsrc-da525c873fde86ade30d8a9ca981391369e5a302.tar.gz |
(1) Create new variable "APACHE_SUEXEC_CONFIGURE_ARGS" that may contain
--suexec-* configure options that are passed directly to the Apache
configure script. This may be used to tune the suEXEC configuration
in more restrictive ways, e.g. --suexec-uidmin=1000. This solution
is more open-ended than the fix proposed in pkg/14973. Also, we
don't duplicate all of the options from the Apache configure script
in pkgsrc bsd.pkg.defaults.mk. This closes pkg/14973 by Eric
Schnoebelen <eric@cirr.com>
(2) For namespace consistency, deprecate APACHE_USER in favor of
APACHE_SUEXEC_USER. Move APACHE_USER into bsd.pkg.obsolete.mk.
(3) Create the suEXEC user when the functionality is enabled in the server
so that CGI scripts will work properly. This closes pkg/14903 by
Wojciech Puchar <wojtek@3miasto.net>
-rw-r--r-- | mk/bsd.pkg.defaults.mk | 10 | ||||
-rw-r--r-- | mk/bsd.pkg.obsolete.mk | 6 | ||||
-rw-r--r-- | www/apache/Makefile | 23 | ||||
-rw-r--r-- | www/apache6/Makefile | 23 |
4 files changed, 39 insertions, 23 deletions
diff --git a/mk/bsd.pkg.defaults.mk b/mk/bsd.pkg.defaults.mk index b91f798d7e4..fe0d1f3814c 100644 --- a/mk/bsd.pkg.defaults.mk +++ b/mk/bsd.pkg.defaults.mk @@ -1,4 +1,4 @@ -# $NetBSD: bsd.pkg.defaults.mk,v 1.28 2001/12/21 03:59:15 fredb Exp $ +# $NetBSD: bsd.pkg.defaults.mk,v 1.29 2001/12/26 21:20:26 jlam Exp $ # # A file providing defaults for pkgsrc and the packages collection. @@ -386,12 +386,18 @@ APACHE_SUEXEC_DOCROOT?= ${LOCALBASE}/share/httpd/htdocs # Possible: Any valid directory # Default: ${LOCALBASE}/share/httpd/htdocs -APACHE_USER?= www +APACHE_SUEXEC_USER?= www # Used in the apache package to specify the user allowed to execute # the `suexec' wrapper. # Possible: any user name # Default: www +#APACHE_SUEXEC_CONFIGURE_ARGS= --suexec-uidmin=1000 +# Used in the apache package to specify additional suexec options to be +# passed to the Apache configure script. +# Possible: any --suexec-* options recognized by the Apache configure script. +# Default: not defined + ARLA_CACHE?= ${LOCALBASE}/cache # Specifies the location of the cache used by arla. Should be on a local disk. # Default: ${LOCALBASE}/cache diff --git a/mk/bsd.pkg.obsolete.mk b/mk/bsd.pkg.obsolete.mk index 6fd8d71fc16..c9804eede51 100644 --- a/mk/bsd.pkg.obsolete.mk +++ b/mk/bsd.pkg.obsolete.mk @@ -1,9 +1,13 @@ -# $NetBSD: bsd.pkg.obsolete.mk,v 1.5 2001/12/18 20:22:59 jlam Exp $ +# $NetBSD: bsd.pkg.obsolete.mk,v 1.6 2001/12/26 21:20:26 jlam Exp $ # # This file holds make(1) logic to allow obsolete or deprecated variables # still to be used. These may eventually disappear over time as the contents # are, by definition, obsolete and deprecated. +.if defined(APACHE_USER) +APACHE_SUEXEC_USER?= ${APACHE_USER} +.endif + .if defined(APACHE_SYSCONFDIR) PKG_SYSCONFDIR.ap-ssl?= ${APACHE_SYSCONFDIR} PKG_SYSCONFDIR.apache?= ${APACHE_SYSCONFDIR} diff --git a/www/apache/Makefile b/www/apache/Makefile index c48378f9ccf..6745ee944f8 100644 --- a/www/apache/Makefile +++ b/www/apache/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.85 2001/12/02 06:56:45 jlam Exp $ +# $NetBSD: Makefile,v 1.86 2001/12/26 21:20:27 jlam Exp $ # # This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of # code hooks that allow mod_ssl to be compiled separately later, if desired). @@ -42,15 +42,18 @@ CONFIGURE_ENV+= OPTIM="${APACHE_CUSTOM_CFLAGS}" PKG_SYSCONFSUBDIR?= httpd .if defined(APACHE_SUEXEC) && ${APACHE_SUEXEC} == YES -APACHE_USER?= www -APACHE_SUEXEC_DOCROOT?= ${LOCALBASE}/share/httpd/htdocs -SUEXEC_PATH= /bin:/usr/bin:${PREFIX}/bin:/usr/local/bin -CONFIGURE_ARGS+= --enable-suexec \ - --suexec-caller=${APACHE_USER} \ - --suexec-safepath='${SUEXEC_PATH}' \ +APACHE_SUEXEC_USER?= www +APACHE_SUEXEC_DOCROOT?= ${PREFIX}/share/httpd/htdocs +APACHE_SUEXEC_PATH= /bin:/usr/bin:${PREFIX}/bin:/usr/local/bin +APACHE_SUEXEC_CONFIGURE_ARGS+= \ + --suexec-caller=${APACHE_SUEXEC_USER} \ + --suexec-safepath='${APACHE_SUEXEC_PATH}' \ --suexec-docroot=${APACHE_SUEXEC_DOCROOT} +CONFIGURE_ARGS+= --enable-suexec \ + ${APACHE_SUEXEC_CONFIGURE_ARGS:M--suexec-*} PLIST_SRC= ${PKGDIR}/PLIST.suexec -BUILD_DEFS+= APACHE_USER APACHE_SUEXEC_DOCROOT +PKG_USERS= ${APACHE_SUEXEC_USER}:nogroup::Apache\\ suEXEC\\ user +BUILD_DEFS+= APACHE_SUEXEC_CONFIGURE_ARGS .endif # Note that there is NO static compile module hook here. This is intentional. @@ -140,12 +143,12 @@ post-patch: ${MV} apxs.pl.sed apxs.pl pre-configure: - ${SED} ${FILES_SUBST_SED} \ + @${SED} ${FILES_SUBST_SED} \ ${FILESDIR}/config.layout > ${WRKDIR}/config.layout pre-install: ${FIND} ${WRKSRC}/htdocs -name '*.orig' -print | ${XARGS} ${RM} -f - ${SED} ${FILES_SUBST_SED} ${FILESDIR}/apache.sh > ${WRKDIR}/apache.sh + @${SED} ${FILES_SUBST_SED} ${FILESDIR}/apache.sh > ${WRKDIR}/apache.sh post-install: .if !defined(NOPIC) diff --git a/www/apache6/Makefile b/www/apache6/Makefile index 07019c158b8..400c7442778 100644 --- a/www/apache6/Makefile +++ b/www/apache6/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.48 2001/12/02 06:56:45 jlam Exp $ +# $NetBSD: Makefile,v 1.49 2001/12/26 21:20:27 jlam Exp $ # # This package does not compile in mod_ssl support hooks, as it conflicts # with IPv6-enable patch. @@ -50,15 +50,18 @@ IGNORE= "IPv6 only build" PKG_SYSCONFSUBDIR?= httpd .if defined(APACHE_SUEXEC) && ${APACHE_SUEXEC} == YES -APACHE_USER?= www -APACHE_SUEXEC_DOCROOT?= ${LOCALBASE}/share/httpd/htdocs -SUEXEC_PATH= /bin:/usr/bin:${PREFIX}/bin:/usr/local/bin -CONFIGURE_ARGS+= --enable-suexec \ - --suexec-caller=${APACHE_USER} \ - --suexec-safepath='${SUEXEC_PATH}' \ +APACHE_SUEXEC_USER?= www +APACHE_SUEXEC_DOCROOT?= ${PREFIX}/share/httpd/htdocs +APACHE_SUEXEC_PATH= /bin:/usr/bin:${PREFIX}/bin:/usr/local/bin +APACHE_SUEXEC_CONFIGURE_ARGS+= \ + --suexec-caller=${APACHE_SUEXEC_USER} \ + --suexec-safepath='${APACHE_SUEXEC_PATH}' \ --suexec-docroot=${APACHE_SUEXEC_DOCROOT} +CONFIGURE_ARGS+= --enable-suexec \ + ${APACHE_SUEXEC_CONFIGURE_ARGS:M--suexec-*} PLIST_SRC= ${PKGDIR}/PLIST.suexec -BUILD_DEFS+= APACHE_USER APACHE_SUEXEC_DOCROOT +PKG_USERS= ${APACHE_SUEXEC_USER}:nogroup::Apache\\ suEXEC\\ user +BUILD_DEFS+= APACHE_SUEXEC_CONFIGURE_ARGS .endif # Note that there is NO static compile module hook here. This is intentional. @@ -136,12 +139,12 @@ post-patch: > ${WRKSRC}/conf/httpd.conf-dist pre-configure: - ${SED} ${FILES_SUBST_SED} \ + @${SED} ${FILES_SUBST_SED} \ ${FILESDIR}/config.layout > ${WRKDIR}/config.layout pre-install: ${FIND} ${WRKSRC}/htdocs -name '*.orig' -print | ${XARGS} ${RM} -f - ${SED} ${FILES_SUBST_SED} ${FILESDIR}/apache.sh > ${WRKDIR}/apache.sh + @${SED} ${FILES_SUBST_SED} ${FILESDIR}/apache.sh > ${WRKDIR}/apache.sh post-install: .if !defined(NOPIC) |