[mod_revocator] Resolves Bugzilla Bug #948875 - Man page scan results for mod_revocator
mharmsen
mharmsen at fedoraproject.org
Tue Jul 9 20:26:52 UTC 2013
commit 33a2775dca4530006e908b2e72f4c5b34846049d
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Tue Jul 9 20:26:35 2013 -0700
Resolves Bugzilla Bug #948875 - Man page scan results for mod_revocator
mod_revocator-man.patch | 220 +++++++++++++++++++++++++++++++++++++++++++++++
mod_revocator.spec | 42 +++++++---
2 files changed, 251 insertions(+), 11 deletions(-)
---
diff --git a/mod_revocator-man.patch b/mod_revocator-man.patch
new file mode 100644
index 0000000..71429fd
--- /dev/null
+++ b/mod_revocator-man.patch
@@ -0,0 +1,220 @@
+diff -rupN mod_revocator-1.0.3.orig/crlhelper.8 mod_revocator-1.0.3/crlhelper.8
+--- mod_revocator-1.0.3.orig/crlhelper.8 1969-12-31 16:00:00.000000000 -0800
++++ mod_revocator-1.0.3/crlhelper.8 2013-07-03 18:42:58.000000000 -0700
+@@ -0,0 +1,97 @@
++.\" A man page for crlhelper
++.\"
++.\" Licensed under the Apache License, Version 2.0 (the "License");
++.\" you may not use this file except in compliance with the License.
++.\" You may obtain a copy of the License at
++.\"
++.\" http://www.apache.org/licenses/LICENSE-2.0
++.\"
++.\" Unless required by applicable law or agreed to in writing, software
++.\" distributed under the License is distributed on an "AS IS" BASIS,
++.\" WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++.\" See the License for the specific language governing permissions and
++.\" limitations under the License.
++.\"
++.\" Author: Rob Crittenden <rcritten at redhat.com>
++.\"
++.TH "crlhelper" "8" "Jul 3 2013" "Rob Crittenden" ""
++.SH "NAME"
++crlhelper \- Helper program used to store-and-forward CRLs
++
++.SH "SYNOPSIS"
++crlhelper <semid> <parentpid> <directory> [prefix]
++
++.SH "DESCRIPTION"
++A helper program used by the Apache \fBhttpd\fP mod_revocator plug-in to
++store-and-forward CRLs from upstream to the various Apache processes in
++the preform MPM. This saves each process from having to fetch the CRL itself.
++This is not expected to be run by end-users.
++.PP
++The mod_revocator plug-in requires the mod_nss plug-in to also be registered
++with this Apache \fBhttpd\fP process.
++.PP
++Whenever an Apache \fBhttpd\fP process configured to use the mod_revocator
++plug-in is started, this program will be automatically invoked via reference
++to the mod_revocator configuration file stored under
++\fB/etc/httpd/conf.d/revocator.conf\fP which contains the following default
++entry:
++.IP
++# CRL Helper:
++.br
++# This helper program does the actual CRL retrieval
++.br
++#
++.br
++# NOTE: Located at '/usr/bin/crlhelper' prior
++.br
++# to 'mod_revocator-1.0.3-16'.
++.br
++#
++.br
++CRLHelper /usr/libexec/crlhelper
++
++.SH OPTIONS
++.TP
++.B <semid>
++The semaphore which corresponds to the mod_revocator plug-in registered with the Apache \fBhttpd\fP process during startup.
++.TP
++.B <parentpid>
++The primary parent pid of the Apache \fBhttpd\fP process into which both the mod_nss and mod_revocator plug-ins have been loaded.
++.TP
++.B <directory>
++Since the mod_revocator plug-in depends upon the mod_nss plug-in being configured, this option specifies the destination directory of the NSS databases that will be associated with this executable specified by the following entry in the mod_nss plug-in's \fB/etc/httpd/conf.d/nss.conf\fP configuration file:
++.IP
++.TS
++tab(;);
++ll,ll.
++;# Server Certificate Database:
++;# The NSS security database directory that holds the
++;# certificates and keys. The database consists
++;# of 3 files: cert8.db, key3.db and secmod.db.
++;# Provide the directory that these files exist.
++;NSSCertificateDatabase /etc/httpd/alias
++.TE
++.TP
++.B [prefix]
++Optional prefix to attach prior to the names of the NSS certificate and key databases contained in the directory referenced by the previous argument and specified by the following entry in mod_nss plug-in's \fB/etc/httpd/conf.d/nss.conf\fP configuration file (must be uncommented in order to be utilized):
++.IP
++.TS
++tab(;);
++ll,ll.
++;# Database Prefix:
++;# In order to be able to store multiple NSS databases
++;# in one directory they need unique names. This option
++;# sets the database prefix used for cert8.db and key3.db.
++;#NSSDBPrefix my-prefix-
++.TE
++
++.SH BUGS
++Report bugs to http://bugzilla.redhat.com.
++
++.SH AUTHORS
++Rob Crittenden <rcritten at redhat.com>.
++
++.SH COPYRIGHT
++Copyright (c) 2013 Red Hat, Inc. This is licensed under the Apache License, Version 2.0 (the "License"); no one may use this file except in compliance with the License. A copy of this license is available at http://www.apache.org/licenses/LICENSE-2.0.
++.PP
++Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+diff -rupN mod_revocator-1.0.3.orig/crlhelper.cpp mod_revocator-1.0.3/crlhelper.cpp
+--- mod_revocator-1.0.3.orig/crlhelper.cpp 2013-07-02 17:03:45.000000000 -0700
++++ mod_revocator-1.0.3/crlhelper.cpp 2013-07-03 19:08:13.000000000 -0700
+@@ -127,7 +127,7 @@ int main(int argc, char ** argv)
+ close(fd++);
+
+ if (argc < 4 || argc > 5) {
+- fprintf(stderr, "Usage: crlhelper <semid> <parentpid> <directory> <prefix>\n");
++ fprintf(stderr, "Usage: crlhelper <semid> <parentpid> <directory> [prefix]\n");
+ exit(1);
+ }
+
+diff -rupN mod_revocator-1.0.3.orig/ldapget.8 mod_revocator-1.0.3/ldapget.8
+--- mod_revocator-1.0.3.orig/ldapget.8 1969-12-31 16:00:00.000000000 -0800
++++ mod_revocator-1.0.3/ldapget.8 2013-07-03 19:23:11.000000000 -0700
+@@ -0,0 +1,76 @@
++.\" A man page for ldapget
++.\"
++.\" Licensed under the Apache License, Version 2.0 (the "License");
++.\" you may not use this file except in compliance with the License.
++.\" You may obtain a copy of the License at
++.\"
++.\" http://www.apache.org/licenses/LICENSE-2.0
++.\"
++.\" Unless required by applicable law or agreed to in writing, software
++.\" distributed under the License is distributed on an "AS IS" BASIS,
++.\" WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++.\" See the License for the specific language governing permissions and
++.\" limitations under the License.
++.\"
++.\" Author: Rob Crittenden <rcritten at redhat.com>
++.\"
++.TH "ldapget" "8" "Jul 3 2013" "Rob Crittenden" ""
++.SH "NAME"
++ldapget \- Tool used to fetch URLs via LDAP/LDAPS
++
++.SH "SYNOPSIS"
++ldapget [NSS database] <url>
++
++.SH "DESCRIPTION"
++A tool supplied with the Apache \fBhttpd\fP mod_revocator plug-in used to demonstrate how CRLs can be fetched using LDAP/LDAPS without the use of any direct LDAP/LDAPS URLs.
++.PP
++The mod_revocator plug-in requires the mod_nss plug-in to also be registered
++with this Apache \fBhttpd\fP process.
++.PP
++Prior to \fBmod_revocator-1.0.3-16\fP, this tool was located at \fB/usr/bin/ldapget\fP.
++
++.SH OPTIONS
++.TP
++.B [NSS database]
++Optionally specifies the destination directory where the NSS databases reside. If this parameter is not provided, the location specified in mod_nss plug-in's \fB/etc/httpd/conf.d/nss.conf\fP configuration file will be utilized:
++.IP
++.TS
++tab(;);
++ll,ll.
++;# Server Certificate Database:
++;# The NSS security database directory that holds the
++;# certificates and keys. The database consists
++;# of 3 files: cert8.db, key3.db and secmod.db.
++;# Provide the directory that these files exist.
++;NSSCertificateDatabase /etc/httpd/alias
++.TE
++.TP
++.B <url>
++.br
++The LDAP/LDAPS URL utilized to fetch the CRL. The following entry in mod_revocator plug-in's \fB/etc/httpd/conf.d/revocator.conf\fP configuration file contains a sample utilization of this executable (the line containing \fBldapget\fP must be uncommented in order to be utilized):
++.IP
++.TS
++tab(+);
++ll,ll.
+++# CRL URLs:
+++# A space delimited list of URLs to retrieve and install.
+++# protocol://urldata;update_interval;max_age
+++#CRLFile "ldap://ldap.example.com:5000/o=example.net?
+++usercertificate%3binary?sub?(sn=Jensen)??;30;30"
+++\fB#CRLFile "exec:///usr/sbin/ldapget|ldap://ldap.example.com:
+++3389/o=example.com?userCertificate%3bbinary?sub?
+++(uid=crl)??;30;30"\fP
+++#CRLFile "https://ca.example.com:1025/getCRL?op=
+++getCRL&issuepoint=MasterCRL;30;30"
++.TE
++
++.SH BUGS
++Report bugs to http://bugzilla.redhat.com.
++
++.SH AUTHORS
++Rob Crittenden <rcritten at redhat.com>.
++
++.SH COPYRIGHT
++Copyright (c) 2013 Red Hat, Inc. This is licensed under the Apache License, Version 2.0 (the "License"); no one may use this file except in compliance with the License. A copy of this license is available at http://www.apache.org/licenses/LICENSE-2.0.
++.PP
++Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+diff -rupN mod_revocator-1.0.3.orig/ldapget.cpp mod_revocator-1.0.3/ldapget.cpp
+--- mod_revocator-1.0.3.orig/ldapget.cpp 2010-04-13 07:11:11.000000000 -0700
++++ mod_revocator-1.0.3/ldapget.cpp 2013-07-03 19:08:38.000000000 -0700
+@@ -45,7 +45,7 @@ main( int argc, char **argv )
+ const char *url;
+
+ if (argc < 2 || argc > 4) {
+- printf("Usage: %s <NSS database> url\n", argv[0]);
++ printf("Usage: %s [NSS database] <url>\n", argv[0]);
+ return 1;
+ }
+
+diff -rupN mod_revocator-1.0.3.orig/revocator.conf mod_revocator-1.0.3/revocator.conf
+--- mod_revocator-1.0.3.orig/revocator.conf 2013-07-02 17:03:44.000000000 -0700
++++ mod_revocator-1.0.3/revocator.conf 2013-07-03 17:53:11.000000000 -0700
+@@ -15,7 +15,10 @@ CRLUpdateCritical off
+
+ # CRL Helper:
+ # This helper program does the actual CRL retrieval
+-CRLHelper /usr/bin/crlhelper
++#
++# NOTE: Located at '/usr/bin/crlhelper' prior to 'mod_revocator-1.0.3-16'.
++#
++CRLHelper /usr/libexec/crlhelper
+
+ # CRL URLs:
+ # A space delimited list of URLs to retrieve and install.
diff --git a/mod_revocator.spec b/mod_revocator.spec
index 7d93c67..9770d6f 100644
--- a/mod_revocator.spec
+++ b/mod_revocator.spec
@@ -1,17 +1,16 @@
%{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}}
-%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo missing-httpd-devel)}}
%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}}
# /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4
%{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
Name: mod_revocator
Version: 1.0.3
-Release: 15%{?dist}
+Release: 16%{?dist}
Summary: CRL retrieval module for the Apache HTTP server
Group: System Environment/Daemons
License: ASL 2.0
-URL: http://directory.fedora.redhat.com/wiki/Mod_revocator
-Source: http://directory.fedora.redhat.com/sources/%{name}-%{version}.tar.gz
+URL: http://directory.fedoraproject.org/wiki/Mod_revocator
+Source: http://directory.fedoraproject.org/sources/%{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: nspr-devel >= 4.6, nss-devel >= 3.11.9
BuildRequires: nss-pkcs11-devel >= 3.11
@@ -20,13 +19,13 @@ BuildRequires: httpd-devel >= 0:2.0.52, apr-devel, apr-util-devel
BuildRequires: pkgconfig, autoconf, automake, libtool
BuildRequires: openldap-devel >= 2.2.29
Requires: mod_nss >= 1.0.8
-Requires: httpd-mmn = %{_httpd_mmn}
Patch1: mod_revocator-libpath.patch
Patch2: mod_revocator-kill.patch
Patch3: mod_revocator-segfault-fix.patch
Patch4: mod_revocator-32-bit-semaphore-fix.patch
Patch5: mod_revocator-array-size.patch
Patch6: mod_revocator-waitpid.patch
+Patch7: mod_revocator-man.patch
%description
The mod_revocator module retrieves and installs remote
@@ -40,6 +39,7 @@ Certificate Revocate Lists (CRLs) into an Apache web server.
%patch4 -p1
%patch5 -p1
%patch6 -p1
+%patch7 -p1
%build
autoreconf -fvi
@@ -78,8 +78,9 @@ make %{?_smp_flags} all
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{_httpd_confdir} $RPM_BUILD_ROOT%{_httpd_modconfdir} \
- $RPM_BUILD_ROOT%{_libdir}/httpd/modules $RPM_BUILD_ROOT%{_bindir}
-
+ $RPM_BUILD_ROOT%{_libdir}/httpd/modules $RPM_BUILD_ROOT%{_bindir} \
+ $RPM_BUILD_ROOT%{_libexecdir} $RPM_BUILD_ROOT%{_sbindir} \
+ $RPM_BUILD_ROOT%{_mandir}/man8
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
# httpd >= 2.4.x
@@ -89,16 +90,27 @@ install -m 644 11-revocator.conf $RPM_BUILD_ROOT%{_httpd_modconfdir}/11-revocato
%endif
install -m 644 revocator.conf $RPM_BUILD_ROOT%{_httpd_confdir}/revocator.conf
install -m 755 .libs/libmodrev.so $RPM_BUILD_ROOT%{_libdir}/httpd/modules/mod_rev.so
+install -m 644 ldapget.8 $RPM_BUILD_ROOT%{_mandir}/man8/
+install -m 644 crlhelper.8 $RPM_BUILD_ROOT%{_mandir}/man8/
# Ugh, manually create the ldconfig symbolic links
version=`grep -v '^\#' ./libtool-version`
current=`echo $version | cut -d: -f1`
revision=`echo $version | cut -d: -f2`
age=`echo $version | cut -d: -f3`
install -m 755 .libs/librevocation.so.$current.$revision.$age $RPM_BUILD_ROOT%{_libdir}/
+# install missing symlink (was giving no-ldconfig-symlink rpmlint errors)
+ldconfig -n $RPM_BUILD_ROOT%{_libdir}
(cd $RPM_BUILD_ROOT%{_libdir} && ln -s librevocation.so.$current.$revision.$age librevocation.so.0)
(cd $RPM_BUILD_ROOT%{_libdir} && ln -s librevocation.so.$current.$revision.$age librevocation.so)
-install -m 755 ldapget $RPM_BUILD_ROOT%{_bindir}/
-install -m 755 crlhelper $RPM_BUILD_ROOT%{_bindir}/
+install -m 755 ldapget $RPM_BUILD_ROOT%{_sbindir}/
+install -m 755 crlhelper $RPM_BUILD_ROOT%{_libexecdir}/
+# Provide compatibility links to prevent disruption of customized deployments.
+#
+# NOTE: These links may be deprecated in a future release
+# of 'mod_revocator'.
+#
+ln -s %{_sbindir}/ldapget $RPM_BUILD_ROOT%{_bindir}/ldapget
+ln -s %{_libexecdir}/crlhelper $RPM_BUILD_ROOT%{_bindir}/crlhelper
%clean
rm -rf $RPM_BUILD_ROOT
@@ -110,6 +122,7 @@ rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%doc README LICENSE docs/mod_revocator.html
+%{_mandir}/man8/*
%config(noreplace) %{_httpd_confdir}/*.conf
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
%config(noreplace) %{_httpd_modconfdir}/*.conf
@@ -119,10 +132,17 @@ rm -rf $RPM_BUILD_ROOT
# must be ignored because this file is loaded directly by name by the Apache
# module.
%{_libdir}/librevocation.*so*
+%{_sbindir}/ldapget
+%{_libexecdir}/crlhelper
%{_bindir}/ldapget
%{_bindir}/crlhelper
%changelog
+* Wed Jul 3 2013 Matthew Harmsen <mharmsen at redhat.com> - 1.0.3-16
+- Bugzilla Bug #948875 - Man page scan results for mod_revocator
+- Moved 'ldapget' from %%bindir to %%sbindir (provided compatibility link)
+- Moved 'crlhelper' from %%bindir to %%libexecdir (provided compatibility link)
+
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.3-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
@@ -173,10 +193,10 @@ rm -rf $RPM_BUILD_ROOT
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
-* Tue Oct 4 2010 Rob Crittenden <rcritten at redhat.com> - 1.0.3-2
+* Tue Oct 5 2010 Rob Crittenden <rcritten at redhat.com> - 1.0.3-2
- Add BuildRequires: nss-pkcs11-static (#640293)
-* Tue Apr 14 2010 Rob Crittenden <rcritten at redhat.com> - 1.0.3-1
+* Wed Apr 14 2010 Rob Crittenden <rcritten at redhat.com> - 1.0.3-1
- Update to upstream 1.0.3
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.2-8
More information about the scm-commits
mailing list