diff options
author | Bob Beck <beck@cvs.openbsd.org> | 1999-10-01 05:30:29 +0000 |
---|---|---|
committer | Bob Beck <beck@cvs.openbsd.org> | 1999-10-01 05:30:29 +0000 |
commit | 68ad54cd3006ad73557c1524c2ef47a31ff826eb (patch) | |
tree | af66b97483eb8f6dcd9aedd500433357deb7e285 | |
parent | 6dc02523b27cbe62d80b853497449b269fbffb69 (diff) |
build all the extra modules, for arch's that support DSO
(not enabled by default).
enable suexec with reasonable OpenBSD paramters, but install
555 - user must change to be setuid before use.
Change configuration to use /dev/arandom
-rw-r--r-- | usr.sbin/httpd/Makefile.bsd-wrapper | 78 | ||||
-rw-r--r-- | usr.sbin/httpd/src/Configuration | 2 | ||||
-rw-r--r-- | usr.sbin/httpd/src/Configuration.tmpl | 2 |
3 files changed, 63 insertions, 19 deletions
diff --git a/usr.sbin/httpd/Makefile.bsd-wrapper b/usr.sbin/httpd/Makefile.bsd-wrapper index 87aca5f371d..ecee7b0ba47 100644 --- a/usr.sbin/httpd/Makefile.bsd-wrapper +++ b/usr.sbin/httpd/Makefile.bsd-wrapper @@ -1,5 +1,5 @@ # Build wrapper for Apache -# $OpenBSD: Makefile.bsd-wrapper,v 1.2 1999/09/30 21:26:45 beck Exp $ +# $OpenBSD: Makefile.bsd-wrapper,v 1.3 1999/10/01 05:30:27 beck Exp $ # Our lndir is hacked; specify a full path to avoid potential conflicts # with the one installed with X11. @@ -40,23 +40,61 @@ HTTPD_HTDOCSDIR= /var/www/htdocs HTTPD_ICONSDIR= /var/www/icons HTTPD_INCLUDEDIR= /usr/lib/apache/include -CONFIG_ARGS= --with-layout=OpenBSD --enable-module=ssl - -# If you support dynamic loading, enable the so module -.if ${MACHINE_ARCH} == "i386" -CONFIG_ARGS+= --enable-module=so -.endif -.if ${MACHINE_ARCH} == "m68k" -CONFIG_ARGS+= --enable-module=so -.endif -.if ${MACHINE_ARCH} == "sparc" -CONFIG_ARGS+= --enable-module=so -.endif -.if ${MACHINE_ARCH} == "mips" -CONFIG_ARGS+= --enable-module=so +CONFIG_ARGS= --with-layout=OpenBSD --enable-module=ssl \ + --enable-suexec --enable-module=ssl \ + --suexec-caller=www --suexec-docroot=/var/www/htdocs \ + --suexec-logfile=/var/log/suexec_log --suexec-userdir=public_html\ + --suexec-uidmin=1000 --suexec-gidmin=1000 \ + --suexec-safepath=/usr/bin:/bin:/usr/local/bin + +# This is stupid - to build a DSO module for apache you not only need to +# --enable-shared, you need to --enable-module or --enable-shared doesn't +# do anything + +DSO_MODULE_ARGS= --enable-module=so --enable-shared=auth_anon \ + --enable-shared=auth_db --enable-shared=auth_dbm \ + --enable-shared=auth_digest --enable-shared=cern_meta \ + --enable-shared=define --enable-shared=digest --enable-shared=info \ + --enable-shared=log_agent --enable-shared=log_referer \ + --enable-shared=mime_magic --enable-shared=mmap_static \ + --enable-shared=proxy --enable-shared=rewrite --enable-shared=speling \ + --enable-shared=unique_id --enable-shared=usertrack \ + --enable-shared=vhost_alias --enable-module=auth_anon \ + --enable-module=auth_db --enable-module=auth_dbm \ + --enable-module=auth_digest --enable-module=cern_meta \ + --enable-module=define --enable-module=digest --enable-module=info \ + --enable-module=log_agent --enable-module=log_referer \ + --enable-module=mime_magic --enable-module=mmap_static \ + --enable-module=proxy --enable-module=rewrite --enable-module=speling \ + --enable-module=unique_id --enable-module=usertrack \ + --enable-module=vhost_alias + +INSTALL_MODULES= + +# If you support dynamic loading, enable the so module, and build all the +# modules that come with apache +.if ${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "m68k" || ${MACHINE_ARCH} == "sparc" || ${MACHINE_ARCH} == "mips" +CONFIG_ARGS+= ${DSO_MODULE_ARGS} +INSTALL_MODULES= src/modules/experimental/mod_mmap_static.so \ +src/modules/experimental/mod_auth_digest.so \ +src/modules/extra/mod_define.so \ +src/modules/proxy/libproxy.so \ +src/modules/standard/mod_vhost_alias.so \ +src/modules/standard/mod_log_agent.so \ +src/modules/standard/mod_info.so \ +src/modules/standard/mod_log_referer.so \ +src/modules/standard/mod_mime_magic.so \ +src/modules/standard/mod_speling.so \ +src/modules/standard/mod_rewrite.so \ +src/modules/standard/mod_auth_dbm.so \ +src/modules/standard/mod_auth_anon.so \ +src/modules/standard/mod_auth_db.so \ +src/modules/standard/mod_digest.so \ +src/modules/standard/mod_cern_meta.so \ +src/modules/standard/mod_usertrack.so \ +src/modules/standard/mod_unique_id.so .endif - PERLPATH= /usr/bin/perl MUNGEDFILES = ${.OBJDIR}/src/ap/Makefile \ @@ -79,7 +117,7 @@ BINFILES= src/support/htdigest src/support/htpasswd \ SBINFILES= \ src/httpd src/support/ab \ - src/support/logresolve src/support/rotatelogs + src/support/logresolve src/support/rotatelogs src/support/suexec MAN1SRCS= \ src/support/dbmmanage.1 src/support/htdigest.1 src/support/htpasswd.1 @@ -428,6 +466,12 @@ install: ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 555 \ ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_SBINDIR}; \ done + @-for i in ${INSTALL_MODULES}; do \ + j=`basename $$i`; \ + echo "Installing ${DESTDIR}${HTTPD_LIBEXECDIR}/$$j"; \ + ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \ + ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_LIBEXECDIR}; \ + done @d=`mktemp -d /tmp/httpdXXXXXXXXXX`; \ echo "Installing ${DESTDIR}${HTTPD_BINDIR}/apxs"; \ j="sed -e 's;^#!/.*;#!${PERLPATH};' \ diff --git a/usr.sbin/httpd/src/Configuration b/usr.sbin/httpd/src/Configuration index 68cc2dfaf91..b8f8cb70705 100644 --- a/usr.sbin/httpd/src/Configuration +++ b/usr.sbin/httpd/src/Configuration @@ -185,7 +185,7 @@ Rule EXPAT=default # either to 'truerand' (to use the library) or to a device or file # (e.g. '/dev/urandom'). If the truerand library is selected, Configure # will assume "-L/usr/local/lib -lrand". -Rule DEV_RANDOM=default +Rule DEV_RANDOM=/dev/arandom # The following rules should be set automatically by Configure. However, if # they are not set by Configure (because we don't know the correct value for diff --git a/usr.sbin/httpd/src/Configuration.tmpl b/usr.sbin/httpd/src/Configuration.tmpl index 35fdc590708..9bb3345d424 100644 --- a/usr.sbin/httpd/src/Configuration.tmpl +++ b/usr.sbin/httpd/src/Configuration.tmpl @@ -244,7 +244,7 @@ Rule EXPAT=default # either to 'truerand' (to use the library) or to a device or file # (e.g. '/dev/urandom'). If the truerand library is selected, Configure # will assume "-L/usr/local/lib -lrand". -Rule DEV_RANDOM=default +Rule DEV_RANDOM=/dev/arandom # The following rules should be set automatically by Configure. However, if # they are not set by Configure (because we don't know the correct value for |