forked from pool/apache2
Accepting request 70180 from Apache
- set sane default cipher string in apache2-vhost-ssl.template - remove useless example snakeoil certs - remove broken mkcert script - Tag boot script as interactive as systemd uses it - recommend the default mpm package (bnc#670027) OBS-URL: https://build.opensuse.org/request/show/70180 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=49
This commit is contained in:
Sascha Peilicke
Git OBS Bridge
commit
81882a7fd1
BIN
apache-ssl-stuff.tar.bz2
(Stored with Git LFS)
BIN
apache-ssl-stuff.tar.bz2
(Stored with Git LFS)
Binary file not shown.
@ -11,22 +11,13 @@
|
||||
# This is the Apache server configuration file providing SSL support.
|
||||
# It contains the configuration directives to instruct the server how to
|
||||
# serve pages over an https connection. For detailing information about these
|
||||
# directives see <URL:http://httpd.apache.org/docs-2.2/mod/mod_ssl.html>
|
||||
#
|
||||
# For the moment, see <URL:http://www.modssl.org/docs/> for this info.
|
||||
# The documents are still being prepared from material donated by the
|
||||
# modssl project.
|
||||
# directives see http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
|
||||
#
|
||||
# Do NOT simply read the instructions in here without understanding
|
||||
# what they do. They're here only as hints or reminders. If you are unsure
|
||||
# consult the online docs. You have been warned.
|
||||
#
|
||||
|
||||
# Until documentation is completed, please check http://www.modssl.org/
|
||||
# for additional config examples and module docmentation. Directives
|
||||
# and features of mod_ssl are largely unchanged from the mod_ssl project
|
||||
# for Apache 1.3.
|
||||
|
||||
<IfDefine SSL>
|
||||
<IfDefine !NOSSL>
|
||||
|
||||
@ -47,10 +38,16 @@
|
||||
# Enable/Disable SSL for this virtual host.
|
||||
SSLEngine on
|
||||
|
||||
# SSL protocols
|
||||
# Supporting TLS only is adequate nowadays
|
||||
SSLProtocol all -SSLv2 -SSLv3
|
||||
|
||||
# SSL Cipher Suite:
|
||||
# List the ciphers that the client is permitted to negotiate.
|
||||
# See the mod_ssl documentation for a complete list.
|
||||
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
|
||||
# We disable weak ciphers by default.
|
||||
# See the mod_ssl documentation or "openssl ciphers -v" for a
|
||||
# complete list.
|
||||
SSLCipherSuite ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH
|
||||
|
||||
# Server Certificate:
|
||||
# Point SSLCertificateFile at a PEM encoded certificate. If
|
||||
|
||||
@ -1,3 +1,20 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 8 13:41:48 UTC 2011 - lnussel@suse.de
|
||||
|
||||
- set sane default cipher string in apache2-vhost-ssl.template
|
||||
- remove useless example snakeoil certs
|
||||
- remove broken mkcert script
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 17 12:39:06 CET 2011 - werner@suse.de
|
||||
|
||||
- Tag boot script as interactive as systemd uses it
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 7 16:25:16 UTC 2011 - lnussel@suse.de
|
||||
|
||||
- recommend the default mpm package (bnc#670027)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 19 17:16:16 UTC 2010 - poeml@cmdline.net
|
||||
|
||||
|
||||
34
apache2.spec
34
apache2.spec
@ -77,8 +77,6 @@ Source1: apache2.changes
|
||||
Source10: SUSE-NOTICE
|
||||
Source11: rc.%{pname}
|
||||
Source13: sysconfig.%{pname}
|
||||
Source16: certificate.sh
|
||||
Source17: mkcert.sh.gz
|
||||
Source18: robots.txt
|
||||
Source20: favicon.ico
|
||||
Source22: apache2-README.QUICKSTART
|
||||
@ -148,6 +146,9 @@ Obsoletes: apache < 1.3.29
|
||||
Obsoletes: mod_ssl < 2.8.16
|
||||
%endif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
%if 0%{?suse_version} >= 1110
|
||||
Recommends: apache2-%default_mpm
|
||||
%endif
|
||||
|
||||
%description
|
||||
Apache 2, the successor to Apache 1.
|
||||
@ -316,14 +317,6 @@ Obsoletes: apache-example-pages
|
||||
Some Example pages for Apache that show information about the installed
|
||||
server.
|
||||
|
||||
%package example-certificates
|
||||
License: ASLv..
|
||||
Summary: Example certificates for the Apache 2 Web Server
|
||||
Group: Productivity/Networking/Web/Servers
|
||||
|
||||
%description example-certificates
|
||||
Snakeoil example certificates for Apache.
|
||||
|
||||
%package utils
|
||||
License: ASLv..
|
||||
Summary: Apache 2 utilities
|
||||
@ -350,8 +343,6 @@ to administrators of web servers in general.
|
||||
#
|
||||
cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
|
||||
#
|
||||
cp -p %{S:16} %{S:17} .; gunzip mkcert.sh.gz
|
||||
#
|
||||
# replace PLATFORM string that's seen in the "Server:" header
|
||||
#
|
||||
sed 's,(" PLATFORM "),(%platform_string),' server/core.c > tmp_file && mv tmp_file server/core.c
|
||||
@ -594,8 +585,7 @@ install -m 644 %{S:48} $RPM_BUILD_ROOT%{_datadir}/omc/svcinfo.d/
|
||||
#
|
||||
# ssl stuff
|
||||
install -m 755 %{S:25} $RPM_BUILD_ROOT/%{_bindir}/
|
||||
chmod 755 certificate.sh mkcert.sh
|
||||
tar xjf $RPM_SOURCE_DIR/apache-ssl-stuff.tar.bz2 -C $RPM_BUILD_ROOT/%{sysconfdir}
|
||||
tar xjf %{SOURCE29} -C $RPM_BUILD_ROOT/%{sysconfdir}
|
||||
#
|
||||
# init script and friends
|
||||
mkdir -p $RPM_BUILD_ROOT/etc/init.d
|
||||
@ -616,8 +606,9 @@ install -m 755 $RPM_SOURCE_DIR/a2enmod $RPM_BUILD_ROOT/%{_sbindir}
|
||||
ln -s a2enmod $RPM_BUILD_ROOT/%{_sbindir}/a2dismod
|
||||
#
|
||||
# directories for files from other packages and other configuration
|
||||
mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/vhosts.d
|
||||
mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/sysconfig.d
|
||||
for i in vhosts.d sysconfig.d; do
|
||||
mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/$i
|
||||
done
|
||||
#
|
||||
# make list of all modules, and install sysconfig template
|
||||
for i in $(find $RPM_BUILD_ROOT/%{libexecdir}-%{default_mpm} -name "*.so" | sort); do
|
||||
@ -821,8 +812,6 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
|
||||
%defattr(-,root,root)
|
||||
%doc INSTALL READM* LICENSE ABOUT_APACHE CHANGES
|
||||
%doc support/SHA1
|
||||
%doc %attr(755,root,root) certificate.sh
|
||||
%doc %attr(755,root,root) mkcert.sh
|
||||
%doc %{_mandir}/man8/apachectl%{vers}.8.*
|
||||
%doc %{_mandir}/man8/htcacheclean%{vers}.8.*
|
||||
%doc %{_mandir}/man8/%{httpd}.8.*
|
||||
@ -849,10 +838,6 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
|
||||
%dir %attr(700,root,root) %{sysconfdir}/ssl.key
|
||||
%dir %{sysconfdir}/ssl.prm
|
||||
%{sysconfdir}/ssl.*/README*
|
||||
%config %{sysconfdir}/ssl.*/Makefile
|
||||
%config(noreplace) %{sysconfdir}/ssl.crt/server.crt
|
||||
%config(noreplace) %{sysconfdir}/ssl.csr/server.csr
|
||||
%config(noreplace) %{sysconfdir}/ssl.key/server.key
|
||||
%dir %{sysconfdir}/conf.d
|
||||
%dir %{sysconfdir}/vhosts.d
|
||||
%dir %{sysconfdir}/sysconfig.d
|
||||
@ -943,11 +928,6 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
|
||||
%config(noreplace) %{htdocsdir}/favicon.ico
|
||||
%config(noreplace) %{htdocsdir}/robots.txt
|
||||
|
||||
%files example-certificates
|
||||
%defattr(-,root,root)
|
||||
%{sysconfdir}/ssl.*/snakeoil*
|
||||
%{sysconfdir}/ssl.*/*.0
|
||||
|
||||
%files utils
|
||||
%defattr(-,root,root)
|
||||
%doc %{_mandir}/man8/ab%{vers}.8.*
|
||||
|
||||
@ -1,4 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
./mkcert.sh make --no-print-directory /usr/bin/openssl /usr/sbin/ test
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:90308cef136bdc2ad7501647a19ab321f9645f34a87bf2c496a334098915eef2
|
||||
size 4601
|
||||
@ -20,6 +20,7 @@
|
||||
# Required-Stop: $local_fs $remote_fs $network
|
||||
# Default-Start: 3 5
|
||||
# Default-Stop: 0 1 2 6
|
||||
# X-Interactive: true
|
||||
# Short-Description: Apache 2.2 HTTP Server
|
||||
# Description: Start the Apache HTTP daemon
|
||||
### END INIT INFO
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user