summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBob Beck <beck@cvs.openbsd.org>1999-10-01 05:30:29 +0000
committerBob Beck <beck@cvs.openbsd.org>1999-10-01 05:30:29 +0000
commit68ad54cd3006ad73557c1524c2ef47a31ff826eb (patch)
treeaf66b97483eb8f6dcd9aedd500433357deb7e285
parent6dc02523b27cbe62d80b853497449b269fbffb69 (diff)
build all the extra modules, for arch's that support DSO
(not enabled by default). enable suexec with reasonable OpenBSD paramters, but install 555 - user must change to be setuid before use. Change configuration to use /dev/arandom
-rw-r--r--usr.sbin/httpd/Makefile.bsd-wrapper78
-rw-r--r--usr.sbin/httpd/src/Configuration2
-rw-r--r--usr.sbin/httpd/src/Configuration.tmpl2
3 files changed, 63 insertions, 19 deletions
diff --git a/usr.sbin/httpd/Makefile.bsd-wrapper b/usr.sbin/httpd/Makefile.bsd-wrapper
index 87aca5f371d..ecee7b0ba47 100644
--- a/usr.sbin/httpd/Makefile.bsd-wrapper
+++ b/usr.sbin/httpd/Makefile.bsd-wrapper
@@ -1,5 +1,5 @@
# Build wrapper for Apache
-# $OpenBSD: Makefile.bsd-wrapper,v 1.2 1999/09/30 21:26:45 beck Exp $
+# $OpenBSD: Makefile.bsd-wrapper,v 1.3 1999/10/01 05:30:27 beck Exp $
# Our lndir is hacked; specify a full path to avoid potential conflicts
# with the one installed with X11.
@@ -40,23 +40,61 @@ HTTPD_HTDOCSDIR= /var/www/htdocs
HTTPD_ICONSDIR= /var/www/icons
HTTPD_INCLUDEDIR= /usr/lib/apache/include
-CONFIG_ARGS= --with-layout=OpenBSD --enable-module=ssl
-
-# If you support dynamic loading, enable the so module
-.if ${MACHINE_ARCH} == "i386"
-CONFIG_ARGS+= --enable-module=so
-.endif
-.if ${MACHINE_ARCH} == "m68k"
-CONFIG_ARGS+= --enable-module=so
-.endif
-.if ${MACHINE_ARCH} == "sparc"
-CONFIG_ARGS+= --enable-module=so
-.endif
-.if ${MACHINE_ARCH} == "mips"
-CONFIG_ARGS+= --enable-module=so
+CONFIG_ARGS= --with-layout=OpenBSD --enable-module=ssl \
+ --enable-suexec --enable-module=ssl \
+ --suexec-caller=www --suexec-docroot=/var/www/htdocs \
+ --suexec-logfile=/var/log/suexec_log --suexec-userdir=public_html\
+ --suexec-uidmin=1000 --suexec-gidmin=1000 \
+ --suexec-safepath=/usr/bin:/bin:/usr/local/bin
+
+# This is stupid - to build a DSO module for apache you not only need to
+# --enable-shared, you need to --enable-module or --enable-shared doesn't
+# do anything
+
+DSO_MODULE_ARGS= --enable-module=so --enable-shared=auth_anon \
+ --enable-shared=auth_db --enable-shared=auth_dbm \
+ --enable-shared=auth_digest --enable-shared=cern_meta \
+ --enable-shared=define --enable-shared=digest --enable-shared=info \
+ --enable-shared=log_agent --enable-shared=log_referer \
+ --enable-shared=mime_magic --enable-shared=mmap_static \
+ --enable-shared=proxy --enable-shared=rewrite --enable-shared=speling \
+ --enable-shared=unique_id --enable-shared=usertrack \
+ --enable-shared=vhost_alias --enable-module=auth_anon \
+ --enable-module=auth_db --enable-module=auth_dbm \
+ --enable-module=auth_digest --enable-module=cern_meta \
+ --enable-module=define --enable-module=digest --enable-module=info \
+ --enable-module=log_agent --enable-module=log_referer \
+ --enable-module=mime_magic --enable-module=mmap_static \
+ --enable-module=proxy --enable-module=rewrite --enable-module=speling \
+ --enable-module=unique_id --enable-module=usertrack \
+ --enable-module=vhost_alias
+
+INSTALL_MODULES=
+
+# If you support dynamic loading, enable the so module, and build all the
+# modules that come with apache
+.if ${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "m68k" || ${MACHINE_ARCH} == "sparc" || ${MACHINE_ARCH} == "mips"
+CONFIG_ARGS+= ${DSO_MODULE_ARGS}
+INSTALL_MODULES= src/modules/experimental/mod_mmap_static.so \
+src/modules/experimental/mod_auth_digest.so \
+src/modules/extra/mod_define.so \
+src/modules/proxy/libproxy.so \
+src/modules/standard/mod_vhost_alias.so \
+src/modules/standard/mod_log_agent.so \
+src/modules/standard/mod_info.so \
+src/modules/standard/mod_log_referer.so \
+src/modules/standard/mod_mime_magic.so \
+src/modules/standard/mod_speling.so \
+src/modules/standard/mod_rewrite.so \
+src/modules/standard/mod_auth_dbm.so \
+src/modules/standard/mod_auth_anon.so \
+src/modules/standard/mod_auth_db.so \
+src/modules/standard/mod_digest.so \
+src/modules/standard/mod_cern_meta.so \
+src/modules/standard/mod_usertrack.so \
+src/modules/standard/mod_unique_id.so
.endif
-
PERLPATH= /usr/bin/perl
MUNGEDFILES = ${.OBJDIR}/src/ap/Makefile \
@@ -79,7 +117,7 @@ BINFILES= src/support/htdigest src/support/htpasswd \
SBINFILES= \
src/httpd src/support/ab \
- src/support/logresolve src/support/rotatelogs
+ src/support/logresolve src/support/rotatelogs src/support/suexec
MAN1SRCS= \
src/support/dbmmanage.1 src/support/htdigest.1 src/support/htpasswd.1
@@ -428,6 +466,12 @@ install:
${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 555 \
${.OBJDIR}/$$i ${DESTDIR}${HTTPD_SBINDIR}; \
done
+ @-for i in ${INSTALL_MODULES}; do \
+ j=`basename $$i`; \
+ echo "Installing ${DESTDIR}${HTTPD_LIBEXECDIR}/$$j"; \
+ ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \
+ ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_LIBEXECDIR}; \
+ done
@d=`mktemp -d /tmp/httpdXXXXXXXXXX`; \
echo "Installing ${DESTDIR}${HTTPD_BINDIR}/apxs"; \
j="sed -e 's;^#!/.*;#!${PERLPATH};' \
diff --git a/usr.sbin/httpd/src/Configuration b/usr.sbin/httpd/src/Configuration
index 68cc2dfaf91..b8f8cb70705 100644
--- a/usr.sbin/httpd/src/Configuration
+++ b/usr.sbin/httpd/src/Configuration
@@ -185,7 +185,7 @@ Rule EXPAT=default
# either to 'truerand' (to use the library) or to a device or file
# (e.g. '/dev/urandom'). If the truerand library is selected, Configure
# will assume "-L/usr/local/lib -lrand".
-Rule DEV_RANDOM=default
+Rule DEV_RANDOM=/dev/arandom
# The following rules should be set automatically by Configure. However, if
# they are not set by Configure (because we don't know the correct value for
diff --git a/usr.sbin/httpd/src/Configuration.tmpl b/usr.sbin/httpd/src/Configuration.tmpl
index 35fdc590708..9bb3345d424 100644
--- a/usr.sbin/httpd/src/Configuration.tmpl
+++ b/usr.sbin/httpd/src/Configuration.tmpl
@@ -244,7 +244,7 @@ Rule EXPAT=default
# either to 'truerand' (to use the library) or to a device or file
# (e.g. '/dev/urandom'). If the truerand library is selected, Configure
# will assume "-L/usr/local/lib -lrand".
-Rule DEV_RANDOM=default
+Rule DEV_RANDOM=/dev/arandom
# The following rules should be set automatically by Configure. However, if
# they are not set by Configure (because we don't know the correct value for