horok/apache2
1
0
Fork 0
Code Activity

Adding debian version 2.4.63-1.

Browse source 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
This commit is contained in:
Daniel Baumann 2025-06-22 11:01:27 +02:00
parent 7263481e48
commit f56986e2d9
Signed by: daniel.baumann
GPG key ID: BCC918A2ABD66424
1490 changed files with 80785 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
debian/NEWS vendored Normal file
View file

@ -0,0 +1,9 @@
apache2 (2.4.54-3) unstable; urgency=medium
This version does not automatically enable the apache2 config snippet for
/manual anymore. If you want to have it enabled you will need to do this
yourself, e.g. with
/usr/sbin/a2enconf apache2-doc
-- Yadd <yadd@debian.org> Sat, 01 Apr 2023 08:17:08 +0400

459
debian/PACKAGING vendored Normal file
View file

@ -0,0 +1,459 @@
Apache 2 Packaging Guidelines
=============================
This document describes handling and behavior of reverse dependencies which
would like to interact with the Apache 2 HTTP server
Contents
========
1. Overview
2. Packaging Modules
2.1 '.load' and '.conf' files
2.2 Maintainer scripts
3. Packaging Sites and Configurations for Web Applications
3.1 Web application module dependencies
3.2 Package dependencies
4. Maintainer Scripts
4.1 Enabling Configurations
4.2 Switching MPMs
5. Tools
5.1 a2query
5.2 apache2-maintscript-helper
5.3 dh_apache2
6. Version
6.1 Changes
1 Overview
==========
The Apache 2 web server package in Debian supports two types of reverse
dependencies: modules and web applications. They need to be treated differently
as their requirements are different. We have special requirements for how to
declare dependencies against Apache 2 web server packages depending on the type
of package. Refer to the appropriate parts for extensive information.
Furthermore, there are several helper tools available to assist with common
tasks. These are outlined in their respective sub sections as well. You should
use these tools to get maintainer scripts and dependencies right.
This document adopts the normative wording of the Debian Policy Manual §1.1[1].
The words "must", "should", and "may", and the adjectives "required",
"recommended", and "optional", are used to distinguish the significance of the
various guidelines in this policy document.
[1] http://www.debian.org/doc/debian-policy/ch-scope.html#s1.1
2 Packaging Modules
===================
Modules are packages which are installing third party extensions to the Apache 2
web server which can be loaded at runtime to extend the functionality of the
core server. Please be aware that such compiled modules make use of a stable
Application Binary Interface (ABI) and therefore need a recompile if the web
server changes. Hence be careful how you declare dependencies against the web
server. You need to make sure it does not break upon upgrades.
A module package providing an Apache module must obey these policies to make
sure it can be upgraded without breakage of local sites. To achieve this, a
package must build-depend on apache2-dev. That package provides the 'apxs'
compile helper which makes sure the module to be compiled is compatible with the
Apache 2 web server and the C headers the server is providing as a public
interface. If an updated package is not buildable with Apache 2.2 anymore, the
apache2-dev build-dependency should be versioned ">> 2.4~", because older
versions of apache2-threaded-dev did provide apache2-dev.
A module package that uses openssl specific interfaces in mod_ssl, either by
using the mod_ssl_openssl.h header, or by using mod_ssl-internal private
interfaces (don't do that!), must build-depend on apache2-ssl-dev to ensure
that the correct version of the openssl headers are used. In this case,
dh_apache2 will also create a dependency on a apache2-api-YYYYMMDD-opensslM.M
virtual package.
The resulting binary package should be called libapache2-mod-<modulename> and
MUST NOT depend on apache2 or apache2-bin. Instead a module package must depend
on our virtual package providing the module magic number which denotes the ABI
compatibility version number. The virtual package is called apache2-api-YYYYMMDD
and is guaranteed to be stable through all binary updates of 2.4.x. The
dh_apache2 helper assists in getting the dependencies right.
2.1 '.load' and '.conf' files
-----------------------------
The module must install a 'module.load' file to /etc/apache2/modules-available,
where 'module' is the name of the installed module minus the "mod_" prefix. The
'.load' file must contain an appropriate "LoadModule" directive only.
Additionally maintainers may use a magic line in '.load' files to declare
module dependencies and conflicts which need to be resolved to load a module for
a local site. This is useful if a module depends on other modules to be
loaded, or to conflict with other modules if they can't be loaded at the same
time. a2enmod and a2dismod will parse any "magic comment lines" with the format
"# Depends: module [module [...]]" and "# Conflicts: module [module [...]]";
for example to load mod_foo:
In 'foo.load':
# Depends: bar
# Conflicts: baz
LoadModule foo_module /usr/lib/modules/mod_foo.so
Additionally, if required, a 'foo.conf' configuration file to configure the
module may be installed along with the 'load' file, following the same naming
scheme. This is useful if the module in question requires some initial
configuration to be useful. No magic comments are recognized in '.conf' files.
Otherwise they have the same functionality and requirements as configuration
files (see section 3 below). You should use only directives provided by default
by our web server configuration or which are provided by your module itelf in a
supplied '.conf' file.
In some rare cases it can't be avoided that a module depends on an another
module being loaded already before its own loading process can succeed. The
module load order is guaranteed to be sorted alphabetically, which could lead to
problems if the new module to be loaded sorts later. In most cases such
pre-load dependencies can be avoided upstream - consider filing a bug. If there
is no way out of this problem, you may want to add a conditional Include in your
own module file.
Suppose mod_foo relies on mod_bar to be loaded first. You may want to write a
module 'load' file like this:
# Depends: bar
<IfModule !mod_bar.c>
Include mods-enabled/bar.load
</IfModule>
LoadModule foo_module /usr/lib/modules/mod_foo.so
Please note that the bar.load file must also contain a matching "<IfModule
!mod_bar.c>" guard as it would be loaded twice otherwise. Use this method
extremely sparingly and in agreement with related package maintainers only.
Note that such a module '.load' file must still contain a "Depends:" magic line
to make sure that the a2enmod/a2dismod dependency resolver works correctly.
2.2 Maintainer scripts
----------------------
Maintainer scripts should not invoke a2enmod directly. Instead, the
apache2-maintscript-helper should be used. Please be aware that the helper is
not guaranteed to be installed on the target system. There are certain setups
which do not require Debian specific configurations, so modules must not do
anything in maintainer scripts which makes use of Debian-specific enhancements
like apache2-maintscript-helper, a2enmod, or a2query unconditionally. It is
recommended to invoke it like this:
if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then
. /usr/share/apache2/apache2-maintscript-helper
apache2_invoke enmod foo
fi
The dh_apache2 helper can be used to install module configuration and load
files. Additionally it generates appropriate maintainer scripts. The
apache2-maintscript-helper provides a few functions for common tasks. See their
respective reference documentations below.
If maintainer scripts use a2enmod/a2dismod manually, they must invoke them with
the "-m" (maintainer mode) switch.
3 Packaging Sites and Configurations for Web Applications
=========================================================
Web applications are different from modules in that they do not have a hard
dependency on the web server. Typically they require a running web server,
but they do not need to worry about binary compatibility of modules. We accept
that there are other web servers besides Apache; thus we discourage package
maintainers of web applications from depending unconditionally on Apache. That
said, we provide several helpers to assist web application packagers to invoke
configuration snippets to enable a web application in the Apache 2 web server.
We differentiate between two sub-types: sites and general configuration. Sites
are installed to /etc/apache2/sites-available and configure a particular
virtual host. Special care must be taken when installing a site configuration
to make sure it does not interfere with site-local configuration used by the
administrator. Typically there are only a few use cases where a Debian
package should include a virtual host configuration.
The general configuration snippets are installed to /etc/apache2/conf-available
instead. Package maintainers are advised to avoid "local-" prefixes to
installed conffiles, and ideally use "packagename.conf" to avoid name clashes.
This type of configuration must be used when installing a global (i.e. virtual
host independent) configuration. Usually these configuration snippets will be
included in the global server context via the conf-enabled directory. However,
it is planned to allow the administrator to only enable the configuration
snippets in a selected set of virtual hosts.
Typically a "packagename.conf" should enable a global alias pointing to your web
application along with a script-dependendent per-script configuration; for
example:
Alias /packagename /usr/share/packagename
<Directory /usr/share/packagename>
...
</Directory>
Please be careful about the directives you are using. Some might be provided by
modules which are not enabled by default. By default you can unconditionally use
directives from these modules: mod_access_compat, mod_alias, mod_auth_basic,
mod_authn_file, mod_authz_host, mod_authz_user, mod_autoindex, mod_deflate,
mod_dir, mod_env, mod_filter, mod_logio, mod_mime, mod_negotiation,
mod_setenvif, mod_unixd, mod_version, mod_watchdog. Check the module
documentation for the modules providing directives you are using.
Note that not all directives are really required. If your <Directory>
configuration can be enhanced by mod_rewrite rules, but does not necessarily
need to use them, you could do something like:
<Directory /usr/share/packagename>
...
<IfModule mod_rewrite.c>
on
RewriteRule ...
</IfModule>
</Directory>
(Note that some common uses of mod_rewrite for web applications can be replaced
by the relatively new FallbackResource directive.)
3.1 Web application module dependencies
---------------------------------------
There are use cases where a configuration really needs a certain module to be
enabled. This is tricky to achieve for web applications as dependencies could
lead to complex dependency chains which could break unrelated web applications
installed alongside your package. Thus, we do not resolve module dependencies
for web applications automatically, but they may be expressed (see 'load' files
in section 2.1), and a2enconf will warn the site administrator about modules
which need to enabled. Moreover, modules can be arbitrarily enabled and
disabled by local administrators, so a web application must make sure not to
break the web server's start-up if a required module is not available.
The syntax for config snippets to express dependencies is identical to the
syntax in modules' '.load' files. Within your package.conf file you still need
to protect non-default directives with <IfModule> clauses as there is no
guarantee that the modules are actually enabled. It is acceptable if your
configuration file turns into a no-op as long as it does not break the server
start-up.
For both types of configuration (configurations and sites), dh_apache2 can be
used to assist packagers.
3.2 Package dependencies
------------------------
Web applications must only depend on (or recommend) the apache2 package. Web
applications must not depend on or recommend the packages apache2-bin or
apache2-data. Generally, web server dependencies should be declared in the form:
Depends: apache2 | <alternative web servers you support> | httpd-cgi
Using dh_apache2 assists you to do so, although dh_apache2 declares a weaker
Recommends relation only. While a consolidated and consistent behavior among web
applications would be desirable, from Apache's point of view, both alternatives
are acceptable. If your web application depends on a particular web server module
you need to depend on that, too. For example, PHP applications might need to
formulate dependency lines in the form:
Depends: libapache2-mod-php5 | php5-cgi | php5-fpm
Recommends: apache2 | <alternative web servers you support> | httpd-cgi
A with modules, web applications may enable their configuration files in
maintainer scripts. Use of dh_apache2 is recommended to achieve this. Generally,
special care should be taken not to use Apache2 Debian helper scripts like
a2query and a2enmod unconditionally. You can use the apache2-maintscript-helper
tools provided by the apache2 package for common tasks this way:
if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then
. /usr/share/apache2/apache2-maintscript-helper
apache2_invoke enconf foo
fi
Refer to the reference documentation below to learn how to use
apache2-maintscript-helper. Do not enable or disable modules in web
application maintainer scripts; instead protect your configuration with
<IfModule> clauses if you require non-standard modules.
4 Maintainer Scripts
====================
Though already discussed briefly in previous sections, here follow some
clarifications regarding the invocation of wrapper scripts in maintainer scripts
of modules and web applications.
4.1 Enabling Configurations
---------------------------
Both modules and web applications should use the apache2-maintscript-helper in
general. The helper will obey local policies to decide when to enable a piece of
configuration, to reload the web server, and so on. Moreover, it will remember
whether a module was activated by the site administrator or a maintainer script.
Thus, it is particularly important you do not use "a2enmod" and so on directly
(though a2query is acceptable).
This is a summary of how the apache2-maintscript-helper should be invoked in
maintainer scripts:
Modules:
Unless a maintainer or debconf script verified that no configuration was
to be installed at all, e.g. for scripts supporting several web servers,
modules should unconditionally call apache2_invoke in their "postinst
configure" sections. It will obey site-local policies in future and will
make sure that disabled modules are not enabled again during upgrades of
a module package.
Modules need to be disabled on removal (and purge anyway), as otherwise
their configuration will be broken (as LoadModule would fail because of
the missing shared object file). Thus, modules need to call
"apache2_invoke dismod" on both removal and purge. It's apache2_invoke's
job to deal with upgrades and it will remember modules it removed during
removal and will reenable them during re-install.
Web Applications:
Web Applications derive the same behavior as modules if the web
application can be run with a sensible out-of-box configuration; don't
enable it otherwise. Likewise, web application should also be disabled
on removal (and on purge anyway), because important files may be missing
(and that's the point of package removal, anyway).
4.2 Switching MPMs
------------------
Only modules are allowed to switch the enabled MPM. Web applications must not
switch the enabled MPM in their maintainer scripts. To actually switch the MPM,
packagers can use a2query to find out whether it is necessary, and if so, can
switch it by using the corresponding helper function provided in
apache2-maintscript-helper. Do not try to switch the MPM yourself - the helper
function takes special care not to leave the site in a state without an enabled
MPM, which is a fatal error.
The helper call may fail. Your maintainer script must cope with this
possibility. It is not recommended to make your maintainer script fail if the
MPM could not be changed. Instead emit a warning. You can use the apache2_msg
function from apache2-maintscript-helper which will also log to syslog. If you
are using debconf anyway you may want to consider using that - but continue
operation. However, make sure you only enable the module in question if the MPM
was changed successfully. See below for an example snippet:
if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then
. /usr/share/apache2/apache2-maintscript-helper
# mod_foo requires the prefork MPM
if [ $(a2query -M) != 'prefork' ] ; then
if apache2_switch_mpm prefork ; then
apache2_invoke enmod foo
else
apache2_msg err "Could not switch to prefork, not enabling mod_foo"
fi
else
apache2_invoke enmod foo
fi
fi
5. Tools
========
This is an overview of tools supplied with the Apache2 package which can assist
in building web application and module packages.
5.1 apache2-maintscript-helper
------------------------------
The apache2-maintscript-helper is a collection of functions which can be
sourced in maintainer scripts to do required tasks in a simple and
standardized way. It is NOT a script; it is a library (insofar as shell
functions can be libraries). This is to avoid users calling these functions.
They are not meant to be used by users. The helper is installed within the
apache2 binary package. Thus you MUST NOT use any function of it
unconditionally, as for both modules and web applications there are use cases
when this package is not added as a dependency. Thus, use it in a protected
conditional like this only:
if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then
. /usr/share/apache2/apache2-maintscript-helper
<call apache2-maintscript-helper specific functions>
fi
The helper provides functions to enable and disable configuration files,
restart the web server, switch the MPM in use and similar. Refer to the source
code for detailed interface documentation. When available, please use the
apache2-maintscript-helper instead of calling helper scripts directly, as these
functions are careful to invoke and use the appropriate helper. Later versions
may be configurable to allow the administrator to influence which actions are
performed.
Always check the return code of the called function to find out whether
something went wrong:
if ! apache2_invoke enmod modulename ; then
echo "Whoops! Something went wrong"
fi
5.2 dh_apache2
--------------
dh_apache2 is a debhelper which can be used to install modules, module
configuration, site configuration, and global configuration snippets. It assists
you to set appropriate dependencies and maintainer scripts. Refer to
dh_apache2(1) for full usage guidelines.
5.2 a2enmod
-----------
a2enmod and its special invocations a2enconf, a2ensite, a2dismod, a2dissite and
a2disconf can be used to enable all types of Apache 2 configuration files. When
invoking these helpers in maintainer scripts, you should carefully check their
error return codes. These scripts must always be used with the -q (quiet) and -m
(maintainer mode) switches in maintainer scripts. Preferably, you should not
interface with this scripts directly; instead it is recommended to use
apache2-maintscript-helper. For detailed usage refer to their respective man
pages.
5.3 a2query
----------
a2query is a query tool to retrieve runtime status information about the Apache
2 web server instance. You can use this tool to get information about loaded
modules, the MPM used on the installation site, the module magic number and
other useful information. Use this script instead of accessing configuration
files in /etc/apache2 directly as it tries its best to return useful information
even on incomplete or broken configurations.
For example, you can use a2query to retrieve the MPM enabled on the local site
and make actions dependent on the result like this:
[ -x /usr/sbin/a2query ] || exit $?
CUR_MPM=$(a2query -M) || exit $?
case "$CUR_MPM" in
worker)
;;
...
esac
Refer to the a2query(1) man page for the full documentation. Please note that
the apache2-maintscript-helper can be used to interface with this task as well.
6 Version
=========
Document version: 1.0
Starting with Apache2 2.4.2-2 this document is versioned. Any change which affects
packaging is denoted by an increased major nummer; clarifications, spelling fixes
and minor edits are denoted by minor numbers. In future, a changelog will appear
here as well.
6.1 Changes
-----------
1.0:
* first version of this document which is versioned.

53
debian/README.backtrace vendored Normal file
View file

@ -0,0 +1,53 @@
If apache crashes or freezes, it is helpful if you include a backtrace in the
bug report.
In case of a crash, do the following:
1) Install the packages apache2-bin-dbgsym libapr1-dbgsym libaprutil1-dbgsym gdb.
2) Add "CoreDumpDirectory /var/cache/apache2/core" to your apache configuration.
3) Execute as root:
mkdir -p /var/cache/apache2/core
chown www-data: /var/cache/apache2/core
/etc/init.d/apache2 stop
ulimit -c unlimited
/etc/init.d/apache2 start
4) Do whatever it takes to reproduce the crash. There should now be the file
/var/cache/apache2/core .
5) If you use a forking MPM (e.g. mod_prefork), execute:
gdb /usr/sbin/apache2 /var/cache/apache2/core/core
(gdb) bt full
...
(gdb) quit
If you use a threaded mpm (mod_worker, mod_event), execute:
gdb /usr/sbin/apache2 /var/cache/apache2/core/core
(gdb) thread apply all bt full
...
(gdb) quit
Include the backtrace in the bug report.
6) Undo the change to your configuration, uninstall the debug packages, remove
/var/cache/apache2/core
In case of a hanging process, you don't need a core dump and you can skip steps 2 and 3.
4) Reproduce the problem. Get the pid of a hanging process.
5) Start gdb with
gdb -p pid
and continue as described above. It may also be helpful to include the output of
strace -p pid

108
debian/README.multiple-instances vendored Normal file
View file

@ -0,0 +1,108 @@
Setup
=====
The scripts apache2ctl, a2enmod, a2ensite, ... and the init script have some
support for handling multiple instances of apache2 running on the same machine.
The basic idea is to copy /etc/apache2 to /etc/apache2-xxx. An example script
that demonstrates what else needs to be done can be found in
/usr/share/doc/apache2/examples/setup-instance. Use with:
sh /usr/share/doc/apache2/examples/setup-instance xxx
Adjust the configuration in /etc/apache2-xxx, especially the listen ports in
ports.conf and in the virtual host directives in
/etc/apache2-xxx/sites-enabled/*.
You can then use a2enmod-xxx, apache2ctl-xxx, ... as usual, and they
will affect the new instance of apache2.
If you use systemd, the service name of your new instance is
"apache2@xxx.service". Otherwise the script installed an init script
named /etc/init.d/apache2-xxx.
To start the new apache2 instance on boot, use
- if you use systemd, run:
systemctl enable apache2@xxx
- if you use sysv-init with dependency based boot sequence (the default):
If you don't have ssl keys with passphrases, you may want to set
'X-Interactive: false' in /etc/init.d/apache2-xxx to reduce boot time.
Then execute:
insserv apache2-xxx
- otherwise:
ln -s ../init.d/apache2-xxx /etc/rc2.d/S80apache2-xxx
To make 'apache2ctl-xxx status' work, you need to set APACHE_STATUSURL in
/etc/apache2-xxx/envvars.
Upgrades
========
Since only the configuration files in /etc/apache2 are in the package, the
configuration of other instances won't change if the default configuration
changes. Possibly ways to deal with this are:
- Use symlinks to the files in /etc/apache2 where possible instead of copying
the files.
- Don't modify /etc/apache2 at all but use it to track the default
configuration. You can then merge the changes into the /etc/apache2-xxx dirs.
It may be a good idea to use a version control system for /etc/apache2 to
keep track of the changes. See the package etckeeper for keeping the whole
/etc dir under version control.
An advanced scheme may be for every /etc/apache2* dir to be a separate git
repository so that you can easily pull/push changes from one dir to another.
Package removal
===============
The Apache 2 package will only remove the default configuration files and
directories.
htcacheclean service
====================
The apache-htcacheclean service can be handled in the same way as the
main apache2 script. You can create an
'apache-htcacheclean@instance.service' service under systemd or you can
copy /etc/init.d/apache-htcacheclean as
/etc/init.d/apache-htcacheclean-xxx under SystemV.
The parameters of the service can be customized with
/etc/default/apache-htcacheclean-xxx (that is created by the
setup-instance helper script).
Environment variables
=====================
The following environment variables can be used to influence many scripts. The
default apache2 configuration will make use of them, too. Most can be set in
/etc/apache2-xxx/envvars. Variables set in /etc/apache2-xxx/envvars must be
exported.
variable default value
-------- -------------
APACHE_CONFDIR /etc/apache2 or /etc/apache2-xxx
APACHE_ENVVARS $APACHE_CONFDIR/envvars
APACHE_HTTPD /usr/sbin/apache2
APACHE_ARGUMENTS empty if $APACHE_CONFDIR = /etc/apache2
"-d $APACHE_CONFDIR" otherwise
APACHE_RUN_USER www-data
APACHE_RUN_GROUP www-data
APACHE_PID_FILE /var/run/apache2/apache2.pid or /var/run/apache2-xxx/apache2.pid
APACHE_RUN_DIR /var/run/apache2 or /var/run/apache2-xxx
APACHE_LOCK_DIR /var/lock/apache2 or /var/lock/apache2-xxx
APACHE_LOG_DIR /var/log/apache2 or /var/log/apache2-xxx
APACHE_MODS_AVAILABLE $APACHE_CONFDIR/mods-available
APACHE_MODS_ENABLED $APACHE_CONFDIR/mods-enabled
APACHE_SITES_AVAILABLE $APACHE_CONFDIR/sites-available
APACHE_SITES_ENABLED $APACHE_CONFDIR/sites-enabled
APACHE_LYNX www-browser -dump
APACHE_STATUSURL http://localhost:80/server-status

BIN
debian/SupportApache-small.png vendored Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 94 KiB

616
debian/a2enmod vendored Executable file
View file

@ -0,0 +1,616 @@
#!/usr/bin/perl -w
#
# a2enmod by Stefan Fritsch <sf@debian.org>
# Licensed under Apache License 2.0
#
# The coding style is "perltidy -pbp"
use strict;
use Cwd 'realpath';
use File::Spec;
use File::Basename;
use File::Path;
use Getopt::Long;
use 5.014;
no if $] >= 5.017011, warnings => 'experimental::smartmatch';
my $quiet;
my $force;
my $maintmode;
my $purge;
Getopt::Long::Configure('bundling');
GetOptions(
'quiet|q' => \$quiet,
'force|f' => \$force,
'maintmode|m' => \$maintmode,
'purge|p' => \$purge
) or exit 2;
my $basename = basename($0);
$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
or die "$basename call name unknown\n";
my $act = $1;
my $obj = $2;
my $dir_suffix = $3;
my @essential_module_list = qw(alias auth_basic authn_file authz_host
authz_user autoindex deflate dir env filter logio mime negotiation
setenvif unixd version watchdog);
my $env_file = $ENV{APACHE_ENVVARS};
if ( !$env_file ) {
if ( $ENV{APACHE_CONFDIR} ) {
$env_file = "$ENV{APACHE_CONFDIR}/envvars";
}
else {
$env_file = "/etc/apache2$dir_suffix/envvars";
}
}
$ENV{LANG} = 'C';
read_env_file($env_file);
$act .= 'able';
my ( $name, $dir, $sffx, $reload );
if ( $obj eq 'mod' ) {
$obj = 'module';
$dir = 'mods';
$sffx = '.load';
$reload = 'restart';
}
elsif ( $obj eq 'conf' ) {
$obj = 'conf';
$dir = 'conf';
$sffx = '.conf';
$reload = 'reload';
}
else {
$dir = 'sites';
$sffx = '.conf';
$reload = 'reload';
}
$name = ucfirst($obj);
my $confdir = $ENV{APACHE_CONFDIR} || "/etc/apache2$dir_suffix";
my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
|| "$confdir/$dir-available";
my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/var/lib/apache2";
$statedir .= "/$obj";
my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
my $request_reload = 0;
my $request_htcacheclean;
my $htc = "apache-htcacheclean$dir_suffix";
my $htc_service = "apache-htcacheclean"; # Service name for systemd
my $apache_service = "apache2";
if ( defined($dir_suffix) and $dir_suffix ne '' ) {
# Uses '@instance.service' suffix instead of '-instance' suffix
my $service_suffix = '@' . substr( $dir_suffix, 1 ) . '.service';
$htc_service .= $service_suffix;
$apache_service .= $service_suffix;
}
my $rc = 0;
if ( !scalar @ARGV ) {
my @choices = myglob('*');
print "Your choices are: @choices\n";
print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
my $input = <>;
@ARGV = split /\s+/, $input;
}
my @objs;
foreach my $arg (@ARGV) {
$arg =~ s/${sffx}$//;
my @glob = myglob($arg);
if ( !@glob ) {
error("No $obj found matching $arg!\n");
$rc = 1;
}
else {
push @objs, @glob;
}
}
foreach my $acton (@objs) {
doit($acton) or $rc = 1;
}
my $htcstart = "";
my $apache_reload = "";
my $cmd = ( $act eq "enable" ) ? "start" : "stop";
if ( is_systemd() ) {
$htcstart = " systemctl $cmd $htc_service\n";
$apache_reload = " systemctl $reload $apache_service\n";
}
else {
$htcstart = " service $htc $cmd\n";
$apache_reload = " service apache2$dir_suffix $reload\n";
}
info( "To activate the new configuration, you need to run:\n"
. $apache_reload
. ( $request_htcacheclean ? $htcstart : "" ) )
if $request_reload;
exit($rc);
##############################################################################
sub myglob {
my $arg = shift;
my @glob = map {
s{^$choicedir/}{};
s{$sffx$}{};
$_
} glob("$choicedir/$arg$sffx");
return @glob;
}
sub doit {
my $acton = shift;
my ( $conftgt, $conflink );
if ( $obj eq 'module' ) {
if ( $act eq 'enable' && $acton eq 'cgi' && threaded() ) {
print
"Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
$acton = 'cgid';
}
$conftgt = "$availdir/$acton.conf";
if ( -e $conftgt ) {
$conflink = "$enabldir/$acton.conf";
}
}
my $tgt = "$availdir/$acton$sffx";
my $link = "$enabldir/$acton$sffx";
if ( !-e $tgt ) {
if ( -l $link && !-e $link ) {
if ( $act eq 'disable' ) {
info("removing dangling symlink $link\n");
unlink($link);
# force a .conf path. It may exist as dangling link, too
$conflink = "$enabldir/$acton.conf";
if ( -l $conflink && !-e $conflink ) {
info("removing dangling symlink $conflink\n");
unlink($conflink);
}
return 1;
}
else {
error("$link is a dangling symlink!\n");
}
}
if ($purge) {
switch_marker( $obj, $act, $acton );
# exit silently, we are purging anyway
return 1;
}
error("$name $acton does not exist!\n");
return 0;
}
# handle module dependencies
if ( $obj eq 'module' ) {
if ( $act eq 'enable' ) {
my @depends = get_deps("$availdir/$acton.load");
do_deps( $acton, @depends ) or return 0;
my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
check_conflicts( $acton, @conflicts ) or return 0;
}
else {
my @depending;
foreach my $d ( glob("$enabldir/*.load") ) {
my @deps = get_deps($d);
if ( is_in( $acton, @deps ) ) {
$d =~ m,/([^/]+).load$,;
push @depending, $1;
}
}
if ( scalar @depending ) {
if ($force) {
do_deps( $acton, @depending ) or return 0;
}
else {
error(
"The following modules depend on $acton ",
"and need to be disabled first: @depending\n"
);
return 0;
}
}
}
}
elsif ( $act eq 'enable' ) {
my @depends = get_deps("$availdir/$acton$sffx");
warn_deps( $acton, @depends ) or return 0;
}
if ( $act eq 'enable' ) {
my $check = check_link( $tgt, $link );
if ( $check eq 'ok' ) {
if ($conflink) {
# handle .conf file
my $confcheck = check_link( $conftgt, $conflink );
if ( $confcheck eq 'ok' ) {
info("$name $acton already enabled\n");
return 1;
}
elsif ( $confcheck eq 'missing' ) {
print "Enabling config file $acton.conf.\n";
add_link( $conftgt, $conflink ) or return 0;
}
else {
error(
"Config file $acton.conf not properly enabled: $confcheck\n"
);
return 0;
}
}
else {
info("$name $acton already enabled\n");
return 1;
}
}
elsif ( $check eq 'missing' ) {
if ($conflink) {
# handle .conf file
my $confcheck = check_link( $conftgt, $conflink );
if ( $confcheck eq 'missing' ) {
add_link( $conftgt, $conflink ) or return 0;
}
elsif ( $confcheck ne 'ok' ) {
error(
"Config file $acton.conf not properly enabled: $confcheck\n"
);
return 0;
}
}
print "Enabling $obj $acton.\n";
special_module_handling($acton);
return add_link( $tgt, $link )
&& switch_marker( $obj, $act, $acton );
}
else {
error("$name $acton not properly enabled: $check\n");
return 0;
}
}
else {
if ( -e $link || -l $link ) {
special_module_handling($acton);
if ( $obj eq 'module' && grep { $_ eq $acton }
@essential_module_list )
{
$force || essential_module_handling($acton);
}
remove_link($link);
if ( $conflink && -e $conflink ) {
remove_link($conflink);
}
switch_marker( $obj, $act, $acton );
print "$name $acton disabled.\n";
}
elsif ( $conflink && -e $conflink ) {
print "Disabling stale config file $acton.conf.\n";
remove_link($conflink);
}
else {
info("$name $acton already disabled\n");
if ($purge) {
switch_marker( $obj, $act, $acton );
}
return 1;
}
}
return 1;
}
sub get_deps {
my $file = shift;
my $type = shift || "Depends";
my $fd;
if ( !open( $fd, '<', $file ) ) {
error("Can't open $file: $!");
return;
}
my $line;
while ( defined( $line = <$fd> ) ) {
chomp $line;
if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
my $deps = $1;
return split( /[\n\s]+/, $deps );
}
# only check until the first non-empty non-comment line
last if ( $line !~ /^\s*(?:#.*)?$/ );
}
return;
}
sub do_deps {
my $acton = shift;
foreach my $d (@_) {
info("Considering dependency $d for $acton:\n");
if ( !doit($d) ) {
error("Could not $act dependency $d for $acton, aborting\n");
return 0;
}
}
return 1;
}
sub warn_deps {
my $acton = shift;
my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
foreach my $d (@_) {
info("Checking dependency $d for $acton:\n");
if ( !-e "$modsenabldir/$d.load" ) {
warning(
"Module $d is not enabled, but $acton depends on it, aborting\n"
);
return 0;
}
}
return 1;
}
sub check_conflicts {
my $acton = shift;
my $haderror = 0;
foreach my $d (@_) {
info("Considering conflict $d for $acton:\n");
my $tgt = "$availdir/$d$sffx";
my $link = "$enabldir/$d$sffx";
my $confcheck = check_link( $tgt, $link );
if ( $confcheck eq 'ok' ) {
error(
"Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
);
# Don't return immediately, there could be several conflicts
$haderror++;
}
}
if ($haderror) {
return 0;
}
return 1;
}
sub add_link {
my ( $tgt, $link ) = @_;
# create relative link
if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
die("Could not create $link: $!\n");
}
$request_reload = 1;
return 1;
}
sub check_link {
my ( $tgt, $link ) = @_;
if ( !-e $link ) {
if ( -l $link ) {
# points to nowhere
info("Removing dangling link $link");
unlink($link) or die "Could not remove $link\n";
}
return 'missing';
}
if ( -e $link && !-l $link ) {
return "$link is a real file, not touching it";
}
if ( realpath($link) ne realpath($tgt) ) {
return "$link exists but does not point to $tgt, not touching it";
}
return 'ok';
}
sub remove_link {
my ($link) = @_;
if ( -l $link ) {
unlink($link) or die "Could not remove $link: $!\n";
}
elsif ( -e $link ) {
error("$link is not a symbolic link, not deleting\n");
return 0;
}
$request_reload = 1;
return 1;
}
sub threaded {
my $result = "";
$result = qx{/usr/sbin/apache2ctl -V | grep 'threaded'}
if -x '/usr/sbin/apache2ctl';
if ( $? != 0 ) {
# config doesn't work
if ( -e "$enabldir/mpm_prefork.load" ) {
return 0;
}
elsif (-e "$enabldir/mpm_worker.load"
|| -e "$enabldir/mpm_event.load" )
{
return 1;
}
else {
error("Can't determine enabled MPM");
# do what user requested
return 0;
}
}
if ( $result =~ / no/ ) {
return 0;
}
elsif ( $result =~ / yes/ ) {
return 1;
}
else {
die("Can't parse output from apache2ctl -V:\n$result\n");
}
}
sub info {
print @_ if !$quiet;
}
sub error {
print STDERR 'ERROR: ', @_;
}
sub warning {
print STDERR 'WARNING: ', @_;
}
sub is_in {
my $needle = shift;
foreach my $e (@_) {
return 1 if $needle eq $e;
}
return 0;
}
sub read_env_file {
my $file = shift;
-r $file or return;
my @lines = qx{env - sh -c '. $file && env'};
if ($?) {
die "Could not read $file\n";
}
foreach my $l (@lines) {
chomp $l;
$l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
$ENV{$1} = $2;
}
}
sub switch_marker {
die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
if @_ != 3;
my $which = shift;
my $what = shift;
my $name = shift;
my $mode = "admin";
$mode = "maint" if $maintmode;
#print("switch_marker $which $what $name\n");
# TODO: get rid of the magic string(s)
my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
my $state_marker = "$state_marker_dir/$name";
if ( !-d $state_marker_dir ) {
File::Path::mkpath("$state_marker_dir")
|| error("Failed to create marker directory: '$state_marker_dir'\n");
}
# XXX: swap find with perl alternative
my @markers = qx{find "$statedir" -type f -a -name "$name"};
chomp(@markers);
foreach (@markers) {
unless ( unlink $_ ) {
error("Failed to remove old marker '$_'!\n") && return 0;
}
}
unless ($purge) {
qx{touch "$state_marker"};
if ( $? != 0 ) {
error("Failed to create marker '$state_marker'!\n") && return 0;
}
return 1;
}
}
sub essential_module_handling {
my $module = shift;
print "WARNING: The following essential module will be disabled.\n";
print "This might result in unexpected behavior and should NOT be done\n";
print "unless you know exactly what you are doing!\n $module\n\n";
print
"To continue type in the phrase 'Yes, do as I say!' or retry by passing '-f': ";
my $input = <STDIN>;
chomp($input);
if ( $input ne 'Yes, do as I say!' ) {
print("Aborting\n");
exit(1);
}
}
sub special_module_handling {
my $acton = shift;
if ( $obj ne 'module' ) {
return;
}
if ( $acton eq 'ssl' ) {
if ( $act eq 'enable' ) {
info( "See /usr/share/doc/apache2/README.Debian.gz on "
. "how to configure SSL and create self-signed "
. "certificates.\n" );
}
}
elsif ( $acton eq 'cache_disk' ) {
$request_htcacheclean = 1;
my $verb = "\u$act";
my $command;
$verb =~ s/e$/ing/;
if ( -d "/run/systemd" and -x "/bin/systemctl" ) {
info("$verb external service $htc_service\n");
$command = "systemctl $act $htc_service";
}
else {
info("$verb external service $htc\n");
$command = "update-rc.d $htc $act";
}
my $res = system($command);
if ( $res == 0 ) {
info("The service will be started on next reboot.\n")
if $act eq 'enable';
}
else {
warning("'$command' failed\n");
}
}
}
sub is_systemd {
my $init = readlink("/proc/1/exe") || "";
return scalar $init =~ /systemd/;
}

424
debian/a2query.in vendored Executable file
View file

@ -0,0 +1,424 @@
#! /usr/bin/perl
# a2query - Apache2 helper to retrieve configuration informations
# Copyright (C) 2012 Arno Töll <debian@toell.net>
#
# This program is licensed at your choice under the terms of the GNU General
# Public License version 2+ or under the terms of the Apache Software License
# 2.0.
#
# For GPL-2+:
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
# USA.
#
# For ASF 2.0:
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
use feature "switch";
use strict;
use Getopt::Std;
=head1 NAME
a2query - retrieve runtime configuration from a local Apache 2 HTTP server
=cut
our $APACHE2 = "apache2ctl";
our $API = "__API__";
our $MODULE_DIR = "__MODULE_DIR__";
our $SERVER_VERSION = "__SERVER_VERSION__";
our $MODULE_DIR = "/usr/lib/apache2/modules/";
our $STATE_DIR = "/var/lib/apache2";
our @STATES = ("maint", "admin");
our $MPM = "invalid";
our $CONFIG_DIR = "/etc/apache2";
our $QUIET = 0;
# time to introduce more _exit_ values
our $E_OK = '0';
our $E_FOUND = '0';
our $E_NOTFOUND = '1';
our $E_OFFBYADMIN = '32';
our $E_OFFBYMAINT = '33';
our @RETVALS = ( $E_OK, $E_FOUND, $E_OFFBYADMIN, $E_NOTFOUND, $E_OFFBYMAINT );
our @MODULES = ();
our @CONFS = ();
our @SITES =();
our @HELP = ();
our %verbose_state = ( 'admin' => 'site administrator', 'maint' => 'maintainer script', 'unknown' => 'unknown' );
=head1 SYNOPSIS
B<a2query> [S<-m> [I<MODULE>]] [S<-s> [I<SITE>]] [S<-c> [I<CONF>]] [S<-a>] [S<-v>]
[S<-M>] [S<-d>] [S<-h>]
=head1 DESCRIPTION
B<a2query> is a program designed to retrieve configuration values from a locally
available Apache 2 HTTP web server. It was designed to be as robust as possible
by returning feasible values even if the Apache 2 syntax validator fails.
This program is primarily meant to be used from maintainer scripts.
=head1 OPTIONS
=over 4
=item S<-a>
Returns the Apache 2 "Module Magic Version" (API version) number, the server was
compiled with. The returned version does not contain any minor versions which
are known to be compatible with the major version returned.
=item S<-c> [I<CONF>]
Checks whether the configuration I<CONF> is enabled. If no argument was given,
all enabled configuration files are being returned. I<CONF> is compared by
string comparison by ignoring a leading "mod_" prefix and possibly a '.conf' or
'.load' suffix.
=item S<-h>
Displays a brief summary how the program can be called and exits.
=item S<-m> [I<MODULE>]
Checks whether the module I<MODULE> is enabled, The argument is interpreted in
the same way, as for configuration files queried by the S<-c> switch.
=item S<-M>
Returns the currently enabled Apache 2 MPM (Multi Processing Module).
=item S<-s> [I<SITE>]
Checks whether the module I<SITE> is enabled, The argument is interpreted in
the same way, as for configuration files queried by the S<-c> switch.
=item S<-v>
returns the currently installed Apache 2 HTTP server version
=item S<-q>
suppress any output. This is useful to invoke a2query from another script. This
is useful if only the return code is of interest.
=back
=head1 EXIT CODES
B<a2query> returns with a zero (S<0>) exit status if the requested operation was
effectuated successfully and with a non-zero status otherwise. In case of an
error it leaves with error code S<32> if a requested module, site or
configuration was not found and S<33> if a module, site or configuration was
disabled by a maintainer script. However, exit status S<1> is returned if the
module was not found at all
=head1 SEE ALSO
L<apache2ctl>(8), L<apache2>(8), L<perl>(1)
=head1 AUTHOR
This manual and L<a2query> was written by Arno Toell <debian@toell.net>.
=cut
sub output
{
print @_ unless $QUIET;
}
sub warning
{
print STDERR @_ unless $QUIET;
}
sub fail
{
die('usage: fail($reason, $retval)') if @_ != 2;
my $reason = shift;
my $retval = shift;
warning "$reason\n";
exit $retval;
}
sub load_defaults
{
my @out = `$APACHE2 -V 2>/dev/null`;
return if $?;
foreach my $line (@out)
{
if ($line =~ m/(Server version|Server MPM|Magic Number):\s+(.*?)$/)
{
my ($pattern, $value) = ($1, $2);
if ($pattern =~ /version/)
{
$SERVER_VERSION = $value;
$SERVER_VERSION =~ s/[^\d\.]//g;
}
elsif ($pattern =~ /MPM/)
{
$MPM = $value;
}
elsif ($pattern =~ /Magic/)
{
$API = $value;
$API =~ s/\:\d+//;
}
}
}
}
sub load_modules
{
my $conf_dir = $CONFIG_DIR . "/mods-enabled";
opendir(DIR, $conf_dir) || fail("$conf_dir: $!", 1);
while ( readdir(DIR) )
{
my $file = $_;
next if $file !~ m/\.load$/;
$file =~ s/\.load//;
if ($file =~ /mpm_(event|worker|prefork)/)
{
$MPM = $1 if $MPM eq 'invalid';
if (grep { $_ =~ m/^mpm_(?:event|worker|prefork)/ } @MODULES)
{
fail("There is more than one MPM loaded. Do not proceed due to undefined results", 1);
}
}
push @MODULES, $file;
}
closedir(DIR);
}
sub load_conf
{
if ($#CONFS >= 0)
{
return;
}
my $conf_dir = $CONFIG_DIR . "/conf-enabled";
opendir(DIR, $conf_dir) || fail("$conf_dir: $!", 1);
while ( readdir(DIR) )
{
my $file = $_;
next if $file !~ m/\.conf$/;
$file =~ s/\.conf$//;
push @CONFS, $file;
}
closedir(DIR);
}
sub load_sites
{
if ($#SITES >= 0)
{
return;
}
my $conf_dir = $CONFIG_DIR . "/sites-enabled";
opendir(DIR, $conf_dir) || fail("$conf_dir: $!", 1);
while ( readdir(DIR) )
{
my $file = $_;
next if $file !~ m/\.conf$/;
$file =~ s/\.conf$//;
push @SITES, $file;
}
closedir(DIR);
}
sub switch_history
{
die('usage: switch_history([module|site|conf], [enabled|disabled], $name)') if @_ != 3;
my $which = shift;
my $what = shift;
my $name = shift;
$name =~ s/\.conf$//;
foreach my $state (@STATES)
{
my $state_token = "$STATE_DIR/$which/$what" . "_by_$state/" . $name;
if (-e $state_token)
{
return $state;
}
}
return 0;
}
sub query_state
{
my $type = shift;
my $pattern = shift;
my $listref = shift;
$pattern =~ s/^mod//;
$pattern =~ s/\.(conf|load)//;
my @candidates;
if ($pattern)
{
@candidates = grep { $_ eq $pattern } @{ $listref };
}
else
{
@candidates = @{ $listref }
}
my $matches = 0;
foreach my $module (@candidates)
{
my $state = switch_history($type, "enabled", $module);
if (!$state)
{
$state = "unknown";
}
output("$module (enabled by $verbose_state{$state})\n");
$matches++;
}
if (!$matches)
{
my $reason = "No $type matches $pattern";
my $retval = $E_NOTFOUND;
my $state = switch_history($type, "disabled", $pattern);
if ($state)
{
$reason .= " (disabled by $verbose_state{$state})";
if ($state eq 'maint')
{
$retval = $E_OFFBYMAINT;
}
if ($state eq 'admin')
{
$retval = $E_OFFBYADMIN;
}
}
fail($reason, $retval);
}
}
load_defaults();
load_modules();
my %opts;
my $help = 1;
getopts('m:s:c:havMdq', \%opts);
#foreach my $key (keys %opts) { print("$key=$opts{$key}\n");}
push @HELP, ["q", "suppress any output. Useful for invocation from scripts"];
if (exists $opts{'q'})
{
--$help;
$QUIET=1;
}
push @HELP, ["m [MODULE]", "checks whether the module MODULE is enabled, lists all enabled modules if no argument was given"];
if (exists $opts{'m'})
{
--$help;
query_state('module', $opts{'m'}, \@MODULES);
}
push @HELP, ["s [SITE]", "checks whether the site SITE is enabled, lists all sites if no argument was given"];
if (exists $opts{'s'})
{
--$help;
load_sites();
query_state('site', $opts{'s'}, \@SITES);
}
push @HELP, ["c [CONF]", "checks whether the configuration CONF is enabled, lists all configurations if no argument was given"];
if (exists $opts{'c'})
{
--$help;
load_conf();
query_state('conf', $opts{'c'}, \@CONFS);
}
push @HELP, ["a", "returns the current Apache 2 module magic version"];
if (exists $opts{'a'})
{
--$help;
output("$API\n");
}
push @HELP, ["v", "returns the current Apache 2 version"];
if (exists $opts{'v'})
{
--$help;
output("$SERVER_VERSION\n");
}
push @HELP, ["M", "returns the enabled Apache 2 MPM"];
if (exists $opts{'M'})
{
--$help;
output("$MPM\n");
}
push @HELP, ["d", "returns the Apache 2 module directory"];
if (exists $opts{'d'})
{
--$help;
output("$MODULE_DIR\n");
}
push @HELP, ["h", "display this help"];
if (exists $opts{'h'} or $help == 1)
{
my $usage = "$0 ";
map { $usage .= "-$_->[0] " } @HELP;
print("Usage: $usage\n");
my $switch_name;
my $description;
format STDOUT =
@<<<<<<<<<<<< ^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
"-$switch_name", $description,
~~ ^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
$description,
.
foreach my $switch (@HELP)
{
($switch_name, $description) = ($switch->[0], $switch->[1]);
write STDOUT;
}
exit $E_OK;
}

2
debian/apache2-bin.bug-control vendored Normal file
View file

@ -0,0 +1,2 @@
report-with: apache2 apache2-bin apache2-data
package-status: apache2 apache2-bin

83
debian/apache2-bin.bug-script vendored Executable file
View file

@ -0,0 +1,83 @@
#!/usr/bin/perl -w
use strict;
use Text::Wrap;
$Text::Wrap::columns = 70;
#open (my $out, ">&=3") or die "could not open FD 3\n";
open (my $out, ">&=0") or die "could not open FD 3\n";
our $AQUERY = 0;
our $PHP = 0;
if (-x "/usr/sbin/a2query")
{
$AQUERY = "/usr/sbin/a2query";
}
if ($AQUERY)
{
my $mpm = `$AQUERY -M`;
chomp($mpm);
print $out "Enabled MPM: $mpm\n";
}
my @modules;
if ($AQUERY)
{
print $out "List of enabled modules:\n";
@modules = `$AQUERY -m`;
}
else
{
print $out "a2query is not available.\n";
@modules = sort glob("/etc/apache2/mods-enabled/*.load");
map { s{^/etc/apache2/mods-enabled/(.*)\.load$}{$1} } @modules;
print $out "List of /etc/apache2/mods-enabled/*.load:\n";
}
if (! scalar @modules) {
print $out "Could not determine module list\n";
}
else {
my $missing;
foreach my $m (@modules) {
my ($m, @desc) = split(/\s+/, $m);
if (-e "/etc/apache2/mods-available/$m.conf" and
! -e "/etc/apache2/mods-enabled/$m.conf") {
$m .= "*";
$missing = 1;
}
if ($m =~ /^(php\d)/) {
$PHP = $1;
}
}
print $out wrap(" ", " ", "@modules\n");
print $out
wrap(" ", " ",
"(A * means that the .conf file for that module is not " .
"enabled in /etc/apache2/mods-enabled/)\n")
if $missing;
}
if (defined $PHP) {
my @exts = qx{egrep ^extension= /etc/$PHP/apache2/php.ini /etc/$PHP/apache2/conf.d/* 2>/dev/null};
if (scalar @exts) {
chomp @exts;
@exts = grep { ! m{\.dpkg-(?:bak|dist):} } @exts;
@exts = sort grep { s{^.*:extension=(\S+)\.\S+}{$1} } @exts;
print $out "List of enabled $PHP extensions:\n";
print $out wrap(" ", " ", "@exts\n");
}
}
if ($AQUERY)
{
my @confs;
print $out "List of enabled configurations:\n";
@confs = `$AQUERY -c`;
print $out wrap(" ", " ", "@confs\n");
}

1
debian/apache2-bin.dirs vendored Normal file
View file

@ -0,0 +1 @@
var/lib/apache2

1
debian/apache2-bin.docs vendored Normal file
View file

@ -0,0 +1 @@
NOTICE

2
debian/apache2-bin.install vendored Normal file
View file

@ -0,0 +1,2 @@
/usr/lib/apache2/modules/
/usr/sbin/apache2

3
debian/apache2-bin.lintian-overrides vendored Normal file
View file

@ -0,0 +1,3 @@
# Modules tend to not use protectable libc functions, which causes lots of
# false positives.
hardening-no-fortify-functions [*usr/lib/apache2/modules/*]

1
debian/apache2-bin.manpages vendored Normal file
View file

@ -0,0 +1 @@
debian/manpages/apache2.8

1
debian/apache2-data.dirs vendored Normal file
View file

@ -0,0 +1 @@
usr/share/apache2/default-site

1
debian/apache2-data.docs vendored Normal file
View file

@ -0,0 +1 @@
NOTICE

5
debian/apache2-data.install vendored Normal file
View file

@ -0,0 +1,5 @@
/usr/sbin/envvars-std /usr/share/apache2/build
/usr/share/apache2/error/
/usr/share/apache2/icons/
debian/icons/*.png /usr/share/apache2/icons
debian/index.html /usr/share/apache2/default-site/

2
debian/apache2-data.links vendored Normal file
View file

@ -0,0 +1,2 @@
# This link is dangling by design (sometimes)
usr/share/doc/apache2/changelog.Debian.gz usr/share/doc/apache2-data/changelog.Debian.gz

5
debian/apache2-data.lintian-overrides vendored Normal file
View file

@ -0,0 +1,5 @@
debian-changelog-file-is-a-symlink
package-contains-documentation-outside-usr-share-doc [*usr/share/apache2/default-site/index.html*]
package-contains-documentation-outside-usr-share-doc [*usr/share/apache2/error/include/bottom.html*]
package-contains-documentation-outside-usr-share-doc [*usr/share/apache2/error/include/spacer.html*]
package-contains-documentation-outside-usr-share-doc [*usr/share/apache2/error/include/top.html*]

2
debian/apache2-dev.dirs vendored Normal file
View file

@ -0,0 +1,2 @@
usr/include/apache2
usr/share/apache2/build

1
debian/apache2-dev.docs vendored Normal file
View file

@ -0,0 +1 @@
NOTICE

9
debian/apache2-dev.install vendored Normal file
View file

@ -0,0 +1,9 @@
/usr/bin/apxs
/usr/include/apache2
/usr/share/apache2/build/*.sh
/usr/share/apache2/build/*.mk
debian/debhelper/apache2.pm /usr/share/perl5/Debian/Debhelper/Sequence/
debian/debhelper/dh_apache2 /usr/bin
debian/debhelper/postinst-apache2 /usr/share/debhelper/autoscripts/
debian/debhelper/postrm-apache2 /usr/share/debhelper/autoscripts/
debian/debhelper/prerm-apache2 /usr/share/debhelper/autoscripts/

1
debian/apache2-dev.links vendored Normal file
View file

@ -0,0 +1 @@
usr/bin/apxs usr/bin/apxs2

3
debian/apache2-dev.manpages vendored Normal file
View file

@ -0,0 +1,3 @@
debian/manpages/apxs2.1
debian/manpages/dh_apache2.1
debian/tmp/usr/share/man/man1/apxs.1

10
debian/apache2-doc.NEWS vendored Normal file
View file

@ -0,0 +1,10 @@
apache2 (2.4.54-2) unstable; urgency=medium
This version does not automatically enable the apache2 config snippet for
/manual anymore. If you want to have it enabled you will need to do this
yourself, e.g. with
```
/usr/sbin/a2enconf apache2-doc
```
-- Hendrik Jaeger <deb@henk.geekmail.org> Thu, 06 Oct 2022 10:45:51 +0200

9
debian/apache2-doc.conf vendored Normal file
View file

@ -0,0 +1,9 @@
Alias /manual /usr/share/doc/apache2-doc/manual/
<Directory "/usr/share/doc/apache2-doc/manual/">
Options Indexes FollowSymlinks
AllowOverride None
Require all granted
AddDefaultCharset off
</Directory>

1
debian/apache2-doc.dirs vendored Normal file
View file

@ -0,0 +1 @@
usr/share/doc/apache2-doc

10
debian/apache2-doc.doc-base vendored Normal file
View file

@ -0,0 +1,10 @@
Document: apache2-manual
Title: Apache HTTP Server Version 2.4 Documentation
Abstract: This documentation describes the configuration of the Apache Web
server and the included modules.
Section: Network/Communication
Format: HTML
Index: /usr/share/doc/apache2-doc/manual/en/index.html
Files: /usr/share/doc/apache2-doc/manual/*/*.html
/usr/share/doc/apache2-doc/manual/*/*/*.html

1
debian/apache2-doc.examples vendored Normal file
View file

@ -0,0 +1 @@
debian/tmp/etc/apache2/

5
debian/apache2-doc.install vendored Normal file
View file

@ -0,0 +1,5 @@
/usr/lib/cgi-bin/printenv /usr/share/doc/apache2-doc/cgi-examples
/usr/lib/cgi-bin/test-cgi /usr/share/doc/apache2-doc/cgi-examples
/usr/share/apache2/default-site/htdocs/manual /usr/share/doc/apache2-doc
debian/apache2-doc.conf /etc/apache2/conf-available/
debian/SupportApache-small.png /usr/share/doc/apache2-doc/manual/images

2
debian/apache2-doc.lintian-overrides vendored Normal file
View file

@ -0,0 +1,2 @@
# Ignored
national-encoding [*usr/share/doc/apache2-doc/manual/ko/*.html*]

18
debian/apache2-doc.postrm vendored Normal file
View file

@ -0,0 +1,18 @@
#! /bin/sh
set -e
# This code should use dh_apache2 once it is available as build dependency
if [ "$1" = "purge" ] ; then
if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then
. /usr/share/apache2/apache2-maintscript-helper
apache2_invoke disconf apache2-doc || true
fi
fi
#DEBHELPER#
exit 0

1
debian/apache2-ssl-dev.install vendored Normal file
View file

@ -0,0 +1 @@
/usr/include/apache2/mod_ssl_openssl.h

1
debian/apache2-suexec-custom.docs vendored Normal file
View file

@ -0,0 +1 @@
NOTICE

2
debian/apache2-suexec-custom.install vendored Normal file
View file

@ -0,0 +1,2 @@
/usr/sbin/suexec-custom /usr/lib/apache2/
debian/suexec-config-dir/* /etc/apache2/suexec/

1
debian/apache2-suexec-custom.manpages vendored Normal file
View file

@ -0,0 +1 @@
debian/manpages/suexec-custom.8

1
debian/apache2-suexec-pristine.docs vendored Normal file
View file

@ -0,0 +1 @@
NOTICE

1
debian/apache2-suexec-pristine.install vendored Normal file
View file

@ -0,0 +1 @@
/usr/sbin/suexec-pristine /usr/lib/apache2/

1
debian/apache2-suexec-pristine.manpages vendored Normal file
View file

@ -0,0 +1 @@
debian/tmp/usr/share/man/man8/suexec-pristine.8

26
debian/apache2-suexec.postinst.in vendored Executable file
View file

@ -0,0 +1,26 @@
#! /bin/sh
# postinst script for apache2-suexec-__TYPE__
set -e
case "$1" in
configure)
update-alternatives --install /usr/lib/apache2/suexec suexec /usr/lib/apache2/suexec-__TYPE__ 10 \
--slave /usr/share/man/man8/suexec.8.gz suexec.8.gz /usr/share/man/man8/suexec-__TYPE__.8.gz
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 0
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0

25
debian/apache2-suexec.prerm.in vendored Executable file
View file

@ -0,0 +1,25 @@
#!/bin/sh
# prerm script for apache2-suexec-__TYPE__
set -e
case "$1" in
remove)
update-alternatives --remove suexec /usr/lib/apache2/suexec-__TYPE__
;;
upgrade|deconfigure|failed-upgrade)
;;
*)
echo "prerm called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0

1
debian/apache2-utils.docs vendored Normal file
View file

@ -0,0 +1 @@
NOTICE

12
debian/apache2-utils.install vendored Normal file
View file

@ -0,0 +1,12 @@
/usr/bin/ab /usr/bin
/usr/bin/htdbm /usr/bin
/usr/bin/htdigest /usr/bin
/usr/bin/htpasswd /usr/bin
/usr/bin/httxt2dbm /usr/sbin
/usr/bin/logresolve /usr/bin
/usr/sbin/checkgid /usr/bin
/usr/sbin/fcgistarter /usr/bin
/usr/sbin/htcacheclean /usr/bin
/usr/sbin/rotatelogs /usr/bin
support/check_forensic /usr/sbin
support/split-logfile /usr/sbin

12
debian/apache2-utils.manpages vendored Normal file
View file

@ -0,0 +1,12 @@
debian/manpages/check_forensic.8
debian/manpages/checkgid.8
debian/manpages/split-logfile.8
debian/tmp/usr/share/man/man1/ab.1
debian/tmp/usr/share/man/man1/htdbm.1
debian/tmp/usr/share/man/man1/htdigest.1
debian/tmp/usr/share/man/man1/htpasswd.1
debian/tmp/usr/share/man/man8/httxt2dbm.8
debian/tmp/usr/share/man/man1/logresolve.1
debian/tmp/usr/share/man/man8/fcgistarter.8
debian/tmp/usr/share/man/man8/htcacheclean.8
debian/tmp/usr/share/man/man8/rotatelogs.8

14
debian/apache2-utils.ufw.profile vendored Normal file
View file

@ -0,0 +1,14 @@
[Apache]
title=Web Server
description=Apache v2 is the next generation of the omnipresent Apache web server.
ports=80/tcp
[Apache Secure]
title=Web Server (HTTPS)
description=Apache v2 is the next generation of the omnipresent Apache web server.
ports=443/tcp
[Apache Full]
title=Web Server (HTTP,HTTPS)
description=Apache v2 is the next generation of the omnipresent Apache web server.
ports=80,443/tcp

246
debian/apache2.NEWS vendored Normal file
View file

@ -0,0 +1,246 @@
apache2 (2.4.10-2) unstable; urgency=low
The default period for which rotated log files are kept has been
reduced from one year to 14 days.
-- Stefan Fritsch <sf@debian.org> Tue, 23 Sep 2014 22:25:06 +0200
apache2 (2.4.1-1) unstable; urgency=low
This package introduces a new major release of the Apache HTTP server. It is
likely the site configuration needs changes to work with this release.
Notable changes which need special care are:
The module interface (ABI) has changed. If you have any locally compiled
modules, you have to re-compile them for apache2 2.4.
The authorization and authentication system has changed. Existing
configurations using deprecated Order/Allow/Deny directives need to be
upgraded to the new system. Please review upstream's "Authentication,
Authorization and Access Control Howto" [1]. There is a new module
"mod_access_compat", which is supposed to provide backward compatibility,
but it does not work well in practice.
Furthermore, MPMs are simple modules now. Thus, the MPM can be changed
at any time by (un-)loading a specific module. Be careful when upgrading. An
example of changing the MPM is given below:
a2dismod mpm_worker
a2enmod mpm_prefork
MPM ITK users should be advised, that ITK is not a MPM anymore. Instead, it
is a simple Apache module, expanding functionality of the prefork MPM. Thus,
users should switch to the prefork MPM and enable ITK as a module. The
upgrade scripts ensure this for the upgrade from Debian Wheezy.
We did change the security model for Apache in our default configuration. We
do not allow access to the file system outside /var/www and /usr/share.
If you are running virtual hosts or scripts outside these directories, you
need to whitelist them in your configuration to grant access through HTTP.
Special care must be taken if you are using a sub-directory in /srv to serve
your content as recommended by the File Hierarchy Standard (FHS). You must
allow access to your served directory explicity in the corresponding virtual
host, or by allowing access in apache2.conf as proposed.
Along the security model, we did also change the default Document Root, files
are served from. Previous releases served /var/www by default when no other
virtual host matched the request. Starting with this release, we changed the
default document root to /var/www/html, so that sensitive files from other
virtual hosts wich are typically put into some directory below /var/www are
not exposed by the default virtual host. This change further improves the out
of box security.
Moreover, the configuration mechanism in Debian has changed. All
configurations in sites-enabled and conf-enabled need a ".conf" suffix now.
The latter replaces the deprecated /etc/apache2/conf.d/ directory (which is
not supported any more) and works just like {sites,mods}-{available,enabled}
via the "a2enconf" tool. The upgrade tries to migrate known configuration
files from /etc/apache2/conf.d/ to /etc/apache2/conf-available/ - please
review these changes.
Note this means all existing sites are ignored until they get a ".conf"
suffix and are re-enabled by the use of a2ensite. The script in [3] can
automate that for simple cases. This change also includes Debian default
sites, so the default site has been renamed to 000-default to avoid naming
confusions. The rename of the config files to *.conf makes the special
handling inside apache2 to ignore *.dpkg-* backup files obsolete. This
special handling has been removed.
Users of mod_authn_dbm should switch to htdbm to manage their DBM user
databases. The pure-perl management utility "dbmmanage" was removed as it was
outdated and orphaned upstream.
Packagers are advised to review whether their packages comply with this
new version. Please see [2] for detailed documentation and instructions.
[1] http://httpd.apache.org/docs/2.4/howto/auth.html
[2] </usr/share/doc/apache2/PACKAGING>
[3] </usr/share/doc/apache2/migrate-sites.pl>
-- Arno Töll <arno@debian.org> Fri, 23 July 2012 23:50:13 +0200
apache2 (2.2.15-4) unstable; urgency=low
* Note to people using mod_proxy as forward proxy, i.e. with
'ProxyRequests on':
This release disables the configuration in mods-available/proxy.conf
by default. You should verify that access control for proxy access
still works as intended. This is especially important if you have
your forward proxy configuration in a different configuration file
than proxy.conf.
-- Stefan Fritsch <sf@debian.org> Mon, 19 Apr 2010 22:36:57 +0200
apache2 (2.2.15-1) unstable; urgency=low
* To fix a security vulnerability in the design of the SSL/TLS protocol
(CVE-2009-3555), the protocol had to be extended (RFC 5746). By default,
session renegotiation is no longer supported with old clients that do not
implement this extension. This breaks certain configurations with client
certificate authentication. If you still need to support old clients, you
may restore the old (insecure) behaviour by uncommenting the
SSLInsecureRenegotiation on
line in /etc/apache2/mods-available/ssl.conf
* This release adds and enables mod_reqtimeout, which limits the time
Apache waits for a client to send a complete request. This helps to
mitigate against certain denial of service attacks. In case of problems
with slow clients, the timeout values can be adjusted in
/etc/apache2/mods-available/reqtimeout.conf , or the module can be
disabled with "a2dismod reqtimeout".
-- Stefan Fritsch <sf@debian.org> Sat, 28 Aug 2010 20:49:30 +0100
apache2 (2.2.14-6) unstable; urgency=low
* Apache now uses the environment variables APACHE_RUN_DIR, APACHE_LOCK_DIR,
and APACHE_LOG_DIR in the default configuration. If you have modified
/etc/apache2/envvars, make sure that these variables are set and exported.
* There is now some support for running multiple instances of Apache on the
same machine. See the documentation in /usr/share/doc/apache2.2-common for
details.
-- Stefan Fritsch <sf@debian.org> Sun, 07 Feb 2010 13:56:59 +0100
apache2 (2.2.13-2) unstable; urgency=high
* The new support for TLS Server Name Indication added in 2.2.12 causes
Apache to be stricter about certain misconfigurations involving name
based SSL virtual hosts. This may result in Apache refusing to start
with the logged error message:
Server should be SSL-aware but has no certificate configured
[Hint: SSLCertificateFile]
Up to 2.2.11, Apache accepted configurations where the necessary SSL
configuration statements were included in the first (default)
<Virtualhost *:443> block but not in subsequent <Virtualhost *:443>
blocks. Starting with 2.2.12, every VirtualHost block used with SSL must
contain the SSLEngine, SSLCertificateFile, and SSLCertificateKeyFile
directives (SSLCertificateKeyFile is optional in some cases).
When you encounter the above problem, the output of the command
egrep -ir '^[^#]*(sslcertificate|sslengine|virtualhost)' \
/etc/apache2/*conf* /etc/apache2/*enabled
may be useful to determine which VirtualHost sections need to be changed.
Also, formerly accidentially working constructs like
<VirtualHost *:80 *:443>
where one virtual host definition is used for both a non-ssl and a ssl
virtual host do not work anymore. You can achieve a similar effect with
<VirtualHost *:80>
Include /.../vhost.include
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile ...
Include /.../vhost.include
</VirtualHost>
-- Stefan Fritsch <sf@debian.org> Wed, 16 Sep 2009 20:14:59 +0200
apache2 (2.2.9-3) unstable; urgency=low
* The directive "NameVirtualHost *" has been changed to "NameVirtualHost
*:80". It has also been moved from sites-available/default to ports.conf.
This allows to ship a proper SSL default virtual host config in
sites-available/default-ssl, but it means that if you use several name
based virtual hosts:
- you will have to change <VirtualHost *> to <VirtualHost *:80> in your
name based virtual hosts
- you need to add more NameVirtualHost directives if you use other ports
than 80 with name based virtual hosts. You may also have to add these
ports to the default virtual host in /etc/apache2/sites-available/default
(like this: "<VirtualHost *:80 *:81>").
If you prefer to revert to the old setup instead (and don't need the
default-ssl host), just change "NameVirtualHost *:80" back to
"NameVirtualHost *" in ports.conf and "<VirtualHost *:80>" to
"<VirtualHost *>" in sites-available/default.
* For mod_disk_cache, caching is again disabled in disk_cache.conf by
default. It usually makes more sense to enable this on a per-virtual host
basis.
-- Stefan Fritsch <sf@debian.org> Mon, 30 Jun 2008 19:47:52 +0200
apache2 (2.2.8-5) unstable; urgency=low
* The suexec helper program needed for mod_suexec is now shipped in a
separate package, apache2-suexec, which is not installed by default.
You need to install this package manually if you are using mod_suexec.
There is now also the apache2-suexec-custom package, which contains a
customizable version of suexec which can be used with different document
roots than /var/www.
-- Stefan Fritsch <sf@debian.org> Sun, 04 May 2008 20:24:00 +0200
apache2 (2.2.8-1) unstable; urgency=low
* The Apache User and Group and the PidFile path are now configured in
/etc/apache2/envvars, to make it easier to use them in scripts
(like the init and logrotate scripts, and apache2ctl).
If you have changed these settings from their default values, you need to
adjust /etc/apache2/envvars.
This also means that starting apache2 with "apache2 -k start" is no longer
possible, you have to use /etc/init.d/apache2 or apache2ctl.
-- Stefan Fritsch <sf@debian.org> Tue, 15 Jan 2008 21:41:23 +0100
apache2 (2.2.4-2) unstable; urgency=low
* This version introduces some changes in the configuration layout and
defaults. You will probably have to adjust your configuration accordingly.
- Module specific configuration has been moved from
/etc/apache2/apache2.conf to /etc/apache2/mods-available/*.conf for the
following modules:
actions alias autoindex
info mime negotiation
setenvif status
- AddDefaultCharset is again disabled by default. See
/etc/apache2/conf.d/charset
- "Listen 443" is automatically enabled in /etc/apache2/ports.conf if
mod_ssl is enabled.
* The NO_START functionality from /etc/default/apache2 has been removed. If
you don't want to start apache2 on boot, rename the S*apache2 start
symlinks as usual.
* To ensure that the disk cache does not grow indefinitely, htcacheclean is
now started when mod_disk_cache is enabled. The details can be configured
in /etc/default/apache2 .
-- Stefan Fritsch <sf@debian.org> Mon, 09 Jul 2007 21:50:58 +0200

444
debian/apache2.README.Debian vendored Normal file
View file

@ -0,0 +1,444 @@
Contents
========
Apache2 Configuration under Debian GNU/Linux
Files and Directories in '/etc/apache2'
Tools
Using mod_cache_disk
SSL
Enabling SSL
Creating self-signed certificates
SSL workaround for MSIE
Suexec
Documentation
Upgrades
Common Problems
For Developers
Apache2 Configuration under Debian GNU/Linux
============================================
Debian's default Apache2 installation attempts to make adding and
removing modules, virtual hosts, and extra configuration directives as
flexible as possible, in order to make automating the changes and
administering the server as easy as possible.
Please be aware that this layout is quite different from the standard
Apache configuration. Due to the use of environment variables, apache2
needs to be started/stopped with '/etc/init.d/apache2', apachectl, or
apache2ctl. Calling '/usr/bin/apache2' directly will not work with the
default configuration. To call apache2 with specific command line
arguments, just call apache2ctl with the same arguments.
Files and Directories in '/etc/apache2':
---------------------------------------
apache2.conf
This is the main configuration file. It does not include any
actual configuration we expect to be adapted on your site, so
where possible please do not touch it. This file is the
foundation stone of the Apache configuration in Debian and should
be up to date after upgrades to make sure all configuration pieces
are properly included.
If you want to extend the global configuration, you can customize
the Apache web server by including configuration files through the
conf-available mechanism. To change listening ports and socket
configuration use ports.conf (see below).
ports.conf
Configuration directives for which ports and IP addresses to
listen to.
magic
Patterns for mod_mime_magic. This is not compatible with the format
used by current versions of the file/libmagic packages.
envvars
This contains environment variables that may be used in the
configuration. Some settings, like user and pid file, need to
go in here so that other scripts can use them. It can also
be used to change some default settings used by apache2ctl,
including the ulimit value for the maximum number of open files.
The default LANG=C setting is also here, and can be changed to a
different language.
conf-available/
Files in this directory are included in the global server scope by
this line in apache2.conf:
# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
This is a good place to add additional configuration
directives. All configuration snippets need a '.conf' suffix to be
included as actual configuration. The local administrator should
use file names starting with 'local-' to avoid name clashes with
files installed by packages.
Configuration snippets can be enabled and disabled by using the
a2enconf and a2disconf executables. This works similarly to the
approach used for modules and sites below.
Configuration snippets can of course also be included in individual
virtual hosts.
conf-enabled/
Like mods-enabled/ and sites-enabled/, a piece of configuration is
enabled by symlinking a file from conf-available/ into this
directory. The a2enconf helper is provided to assist this task.
mods-available/
This directory contains a series of .load and .conf files.
The .load files contain the Apache configuration directive
necessary to load the module in question. The corresponding
.conf files contain configuration directives necessary to
utilize the module in question.
mods-enabled/
To actually enable a module for Apache2, it is necessary to
create a symlink in this directory to the .load (and .conf, if
it exists) files associated with the module in
mods-available/. For example:
cgi.load -> /etc/apache2/mods-available/cgi.load
The a2enmod helper can be used to enable a module.
sites-available/
Like mods-available/, except that it contains configuration
directives for different virtual hosts that might be used with
apache2. Note that the hostname doesn't have to correspond
exactly with the filename. '000-default.conf' is the default
host which is provided by Debian.
sites-enabled/
Similar in functionality to mods-enabled/, sites-enabled
contains symlinks to sites in sites-available/ that the
administrator wishes to enable.
Apache uses the first VirtualHost that matches the IP/Port
as default for named virtual hosts. Therefore the 'default'
site should be called '000-default' to make sure it sorts before
other sites.
Example:
dedasys.conf -> /etc/apache2/sites-available/dedasys.conf
The a2ensite helper can be used to enable a site.
The Include directives ignore files with names that do not end with a
.conf suffix. This behavior has changed from previous releases!
In some cases you may want to enable a specific piece of configuration
(think of files shipped in conf-available/) for a particular virtual
host only and not globally as is our default. In such cases you can
disable the configuration at a global scope for example by doing
a2disconf some-configuration
Then it can be included in a particular virtual host within a file in
sites-enabled/. You may want to add
Include conf-available/some-configuration.conf
in that site configuration. However, be careful, as this may not work for
some configurations, depending on the context and implications of some
directives.
Tools
-----
a2enmod and a2dismod are available for enabling and disabling modules utilizing
the above configuration system.
a2ensite and a2dissite do essentially the same thing as the above tools, but
for sites rather than modules. Finally a2enconf and a2disconf are the
corresponding tools for configuration snippets.
a2query is a helper script providing runtime information about the running
server instance. For example it can be used to query enabled modules, the
selected MPM, and other information. This tool is primarily meant for package
maintainers who need to interact with the Apache packages to activate
their configurations upon package installation, but it can be used by users
as well.
apxs2 -a/-A is modified to use a2enmod to activate newly installed modules.
Using mod_cache_disk
====================
To ensure that the disk cache does not grow indefinitely, htcacheclean is
started when mod_cache_disk is enabled. Both daemon and cron (daily) mode
are supported. The configuration (run mode, cache size, etc.) is in
'/etc/default/apache-htcacheclean'.
Normally, htcacheclean is automatically started and stopped by
'/etc/init.d/apache2'. However, if you change the state of mod_cache_disk or
the configuration of htcacheclean while apache2 is running, you may need to
manually start/stop htcacheclean with "/etc/init.d/apache2 start-htcacheclean"
or "/etc/init.d/apache2 stop-htcacheclean".
Note that mod_cache_disk was named mod_disk_cache in versions 2.2 and earlier.
SSL
===
Enabling SSL
------------
To enable SSL, type (as user root):
a2ensite default-ssl
a2enmod ssl
If you want to use self-signed certificates, you should install the ssl-cert
package (see below). Otherwise, just adjust the SSLCertificateKeyFile and
SSLCertificateFile directives in '/etc/apache2/sites-available/default-ssl.conf'
to point to your SSL certificate. Then restart apache:
service apache2 restart
The SSL key file should only be readable by root; the certificate file may be
globally readable. These files are read by the Apache parent process which runs
as root, and it is therefore not necessary to make the files readable by the
www-data user.
Creating self-signed certificates
---------------------------------
If you install the ssl-cert package, a self-signed certificate will be
automatically created using the hostname currently configured on your computer.
You can recreate that certificate (e.g. after you have changed '/etc/hosts' or
DNS to give the correct hostname) as user root with:
make-ssl-cert generate-default-snakeoil --force-overwrite
To create more certificates with different host names, you can use
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /path/to/cert-file.crt
This will ask you for the hostname and place both SSL key and certificate in
the file '/path/to/cert-file.crt'. Use this file with the SSLCertificateFile
directive in the Apache config (you don't need the SSLCertificateKeyFile in
this case as it also contains the key). The file '/path/to/cert-file.crt'
should only be readable by root. A good directory to use for the additional
certificates/keys is '/etc/ssl/private'.
SSL workaround for MSIE
-----------------------
The SSL workaround for MS Internet Explorer needs to be added to your SSL
VirtualHost section (it was previously in ssl.conf but caused keepalive to be
disabled even for non-SSL connections):
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
The default SSL virtual host in '/etc/apache2/sites-available/default-ssl.conf'
already contains this workaround.
Suexec
======
Debian ships two version of the suexec helper program required by
mod_suexec. It is not installed by default, to avoid possible security
issues. The package apache2-suexec-pristine contains the standard version
that works only with document root /var/www, userdir suffix public_html,
and Apache run user www-data. The package apache2-suexec-custom contains a
customizable version that can be configured with a config file to use
different settings (like /srv/www as document root). For more information
see the suexec(8) man page in the apache2-suexec-custom package.
Since apache2-suexec-custom has received less testing and might be slightly
slower, apache2-suexec is the recommended version unless you need the features
from apache2-suexec-custom.
Starting with Apache 2.4 both alternatives can be installed at the same
time and the default suexec mechanism can be picked by using the
update-alternatives(8) system.
Unicode File Name Normalization
===============================
Using Apache with the document root on a file system that does unicode
normalization on the filenames can cause security issues. In Debian,
this affects ZFS with the non-default option to enable filename normalization,
and HFS+. It is strongly recommended not to use Apache with such file systems.
More information about this issue can be found by searching the web for
CVE-2013-0966.
Documentation
=============
The full Apache 2 documentation can be found on the web at
http://httpd.apache.org/docs/2.4/
or, if you have installed the apache2-doc package, in
/usr/share/doc/apache2-doc/manual/
or at
http://localhost/manual/
There is also a wiki that contains useful information:
http://wiki.apache.org/httpd/
Some hints about securing Apache 2 on Debian are available at
http://wiki.debian.org/Apache/Hardening
Upgrades
========
Changes in the Apache packages that require manual configuration adjustments
are announced in NEWS.Debian. Installing the apt-listchanges package is
recommended. It will display the relevant NEWS.Debian sections before
upgrades.
Multiple instances
==================
There is some support for running multiple instances of Apache2 on the same
machine. See '/usr/share/doc/apache2/README.multiple-instances' for more
information.
Common Problems
===============
1) Error message "Could not reliably determine the server's fully qualified
domain name, using 127.0.0.1 for ServerName" during start
This can usually be ignored but it means that Apache httpd was unable to obtain
a fully-qualified hostname by doing a reverse lookup on your server's IP
address. You may want to add the fully-qualified hostname to '/etc/hosts'.
An alternative is to specify "ServerName 127.0.0.1" in the global server
context of the configuration, e.g. in
'/etc/apache2/conf-enabled/local-servername.conf'.
2) Error message "mod_rewrite: could not create rewrite_log_lock"
This probably means that there are some stale SYSV semaphores around. This
usually happens after apache2 has been killed with kill -9 (SIGKILL). You can
clean up the semaphores with:
ipcs -s | grep www-data | awk ' { print $2 } ' | xargs ipcrm sem
3) Message "File does not exist: /etc/apache2/htdocs" in error log
In most cases this means that no matching VirtualHost definition could be
found for an incoming request. Check that the target IP address/port and the
name in the Host: header of the request actually match one of the virtual
hosts.
4) Message "Couldn't create pollset in child; check user or system limits" in
error log
On Linux kernels since 2.6.27.8, the value in
/proc/sys/fs/epoll/max_user_instances
needs to be larger than
for prefork/itk MPM: 2 * MaxClients
for worker/event MPM: MaxClients + MaxClients/ThreadsPerChild
It can be set on boot by adding a line like
fs.epoll.max_user_instances=1024
to '/etc/sysctl.conf'.
There are several other error messages related to creating a pollset that can
appear for the same reason.
On the other hand, errors about adding to a pollset are related to the setting
fs.epoll.max_user_watches. On most systems, max_user_watches should be high
enough by default.
5) Message "Server should be SSL-aware but has no certificate configured" in
error log
Since 2.2.12, Apache is stricter about certain misconfigurations concerning
name based SSL virtual hosts. See NEWS.Debian.gz for more details.
6) Apache does not pass Authorization header to CGI scripts
This is intentional to avoid security holes. If you really want to change it,
you can use mod_rewrite:
RewriteCond %{HTTP:Authorization} (.*)
RewriteRule . - [env=HTTP_AUTHORIZATION:%1]
7) mod_dav is behaving strangely
In general, if you use mod_dav_fs, you need to disable multiviews and script
execution for that directory. For example:
<Directory /var/www/dav>
Dav on
Options -MultiViews -ExecCGI
SetHandler none
<IfModule mod_php5.c>
php_admin_value engine Off
</IfModule>
</Directory>
8) Message "apache2: bad user name ${APACHE_RUN_USER}" when starting apache2
directly
Use apache2ctl (it accepts all the same options as apache2).
9) A PUT with mod_dav_fs fails with "Unable to PUT new contents for /...
[403, #0]" even if Apache has permission to write the file.
Apache also needs write permission to the directory containing the file, in
order to replace it atomically.
10) When starting/reloading Apache, there is the error message
"ulimit: open files: cannot modify limit: Operation not permitted"
If you are running Apache in a vserver environment, the start script may not
be allowed to set the maximum number of open files. You should adjust
APACHE_ULIMIT_MAX_FILES in /etc/apache2/envvars to your setup. You can
disable changing the limits by setting APACHE_ULIMIT_MAX_FILES=true .
For Developers
==============
The Apache 2 web server package provides several helpers to assist
packagers to interact with the web server for both, build and installation
time. Please refer to the PACKAGING file in the apache2 package for
detailed information.

22
debian/apache2.apache-htcacheclean.default vendored Normal file
View file

@ -0,0 +1,22 @@
# This file must only contain KEY=VALUE lines. Do not use advanced
# shell script constructs!
## run mode: cron, daemon
## run in daemon mode or as daily cron job
## default: daemon
HTCACHECLEAN_MODE=daemon
## cache size
HTCACHECLEAN_SIZE=300M
## interval: if in daemon mode, clean cache every x minutes
HTCACHECLEAN_DAEMON_INTERVAL=120
## path to cache
## must be the same as in CacheRoot directive
#HTCACHECLEAN_PATH=/var/cache/apache2/mod_cache_disk
## additional options:
## -n : be nice
## -t : remove empty directories
HTCACHECLEAN_OPTIONS="-n"

71
debian/apache2.apache-htcacheclean.init vendored Executable file
View file

@ -0,0 +1,71 @@
#!/bin/sh
# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing.
if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then
set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script
fi
### BEGIN INIT INFO
# Provides: apache-htcacheclean
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Cache cleaner process for Apache2 web server
# Description: Start the htcacheclean helper
# This script will start htcacheclean which will periodically scan the
# cache directory of Apache2's mod_cache_disk and remove outdated files.
### END INIT INFO
DESC="Apache htcacheclean"
DAEMON=/usr/bin/htcacheclean
NAME="${0##*/}"
NAME="${NAME##[KS][0-9][0-9]}"
DIR_SUFFIX="${NAME##apache-htcacheclean}"
APACHE_CONFDIR="${APACHE_CONFDIR:=/etc/apache2$DIR_SUFFIX}"
RUN_USER=$(. $APACHE_CONFDIR/envvars > /dev/null && echo "$APACHE_RUN_USER")
# Default values. Edit /etc/default/apache-htcacheclean$DIR_SUFFIX to change these
HTCACHECLEAN_SIZE="${HTCACHECLEAN_SIZE:=300M}"
HTCACHECLEAN_DAEMON_INTERVAL="${HTCACHECLEAN_DAEMON_INTERVAL:=120}"
HTCACHECLEAN_PATH="${HTCACHECLEAN_PATH:=/var/cache/apache2$DIR_SUFFIX/mod_cache_disk}"
HTCACHECLEAN_OPTIONS="${HTCACHECLEAN_OPTIONS:=-n}"
# Read configuration variable file if it is present
if [ -f /etc/default/apache-htcacheclean$DIR_SUFFIX ] ; then
. /etc/default/apache-htcacheclean$DIR_SUFFIX
elif [ -f /etc/default/apache-htcacheclean ] ; then
. /etc/default/apache-htcacheclean
fi
PIDDIR="/var/run/apache2/$RUN_USER"
PIDFILE="$PIDDIR/$NAME.pid"
DAEMON_ARGS="$HTCACHECLEAN_OPTIONS \
-d$HTCACHECLEAN_DAEMON_INTERVAL \
-P$PIDFILE -i \
-p$HTCACHECLEAN_PATH \
-l$HTCACHECLEAN_SIZE"
do_start_prepare () {
if [ ! -d "$PIDDIR" ] ; then
mkdir -p "$PIDDIR"
chown "$RUN_USER:" "$PIDDIR"
fi
if [ ! -d "$HTCACHECLEAN_PATH" ] ; then
echo "Directory $HTCACHECLEAN_PATH does not exist!" >&2
exit 2
fi
}
do_start_cmd_override () {
start-stop-daemon --start --quiet --pidfile ${PIDFILE} \
-u $RUN_USER --startas $DAEMON --name htcacheclean --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile ${PIDFILE} \
-c $RUN_USER --startas $DAEMON --name htcacheclean -- $DAEMON_ARGS \
|| return 2
}
do_stop_cmd_override () {
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
-u $RUN_USER --pidfile ${PIDFILE} --name htcacheclean
}

17
debian/apache2.apache-htcacheclean.service vendored Normal file
View file

@ -0,0 +1,17 @@
[Unit]
Description=Disk Cache Cleaning Daemon for Apache HTTP Server
After=apache2.service
Documentation=https://httpd.apache.org/docs/2.4/programs/htcacheclean.html
[Service]
Type=forking
User=www-data
Environment=HTCACHECLEAN_SIZE=300M
Environment=HTCACHECLEAN_DAEMON_INTERVAL=120
Environment=HTCACHECLEAN_PATH=/var/cache/apache2/mod_cache_disk
Environment=HTCACHECLEAN_OPTIONS=-n
EnvironmentFile=-/etc/default/apache-htcacheclean
ExecStart=/usr/bin/htcacheclean -d $HTCACHECLEAN_DAEMON_INTERVAL -p $HTCACHECLEAN_PATH -l $HTCACHECLEAN_SIZE $HTCACHECLEAN_OPTIONS
[Install]
WantedBy=multi-user.target

17
debian/apache2.apache-htcacheclean@.service vendored Normal file
View file

@ -0,0 +1,17 @@
[Unit]
Description=Disk Cache Cleaning Daemon for Apache HTTP Server
After=apache2@%i.service
Documentation=https://httpd.apache.org/docs/2.4/programs/htcacheclean.html
[Service]
Type=forking
User=www-data
Environment=HTCACHECLEAN_SIZE=300M
Environment=HTCACHECLEAN_DAEMON_INTERVAL=120
Environment=HTCACHECLEAN_PATH=/var/cache/apache2-%i/mod_cache_disk
Environment=HTCACHECLEAN_OPTIONS=-n
EnvironmentFile=-/etc/default/apache-htcacheclean-%i
ExecStart=/usr/bin/htcacheclean -d $HTCACHECLEAN_DAEMON_INTERVAL -p $HTCACHECLEAN_PATH -l $HTCACHECLEAN_SIZE $HTCACHECLEAN_OPTIONS
[Install]
WantedBy=multi-user.target

25
debian/apache2.cron.daily vendored Normal file
View file

@ -0,0 +1,25 @@
#!/bin/sh
# run htcacheclean if set to 'cron' mode
set -e
set -u
type htcacheclean > /dev/null 2>&1 || exit 0
[ -e /etc/default/apache-htcacheclean ] || exit 0
# edit /etc/default/apache-htcacheclean to change this
HTCACHECLEAN_MODE=daemon
HTCACHECLEAN_RUN=auto
HTCACHECLEAN_SIZE=300M
HTCACHECLEAN_PATH=/var/cache/apache2/mod_cache_disk
HTCACHECLEAN_OPTIONS=""
. /etc/default/apache-htcacheclean
[ "$HTCACHECLEAN_MODE" = "cron" ] || exit 0
htcacheclean ${HTCACHECLEAN_OPTIONS} \
-p${HTCACHECLEAN_PATH} \
-l${HTCACHECLEAN_SIZE}

13
debian/apache2.dirs vendored Normal file
View file

@ -0,0 +1,13 @@
etc/apache2/conf-enabled
etc/apache2/mods-enabled
etc/apache2/sites-enabled
etc/logrotate.d
usr/lib/cgi-bin
usr/share/bug/apache2
usr/share/lintian/overrides
var/cache/apache2
var/cache/apache2/mod_cache_disk
var/lib/apache2
var/log/apache2
var/www/html
/etc/ufw/applications.d/apache2

4
debian/apache2.docs vendored Normal file
View file

@ -0,0 +1,4 @@
debian/PACKAGING
debian/README.backtrace
debian/README.multiple-instances
NOTICE

3
debian/apache2.examples vendored Normal file
View file

@ -0,0 +1,3 @@
debian/apache2.monit
debian/secondary-init-script
debian/setup-instance

353
debian/apache2.init vendored Executable file
View file

@ -0,0 +1,353 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: apache2
# Required-Start: $local_fs $remote_fs $network $syslog $named
# Required-Stop: $local_fs $remote_fs $network $syslog $named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# X-Interactive: true
# Short-Description: Apache2 web server
# Description: Start the web server
# This script will start the apache2 web server.
### END INIT INFO
DESC="Apache httpd web server"
NAME=apache2
DAEMON=/usr/sbin/$NAME
SCRIPTNAME="${0##*/}"
SCRIPTNAME="${SCRIPTNAME##[KS][0-9][0-9]}"
if [ -n "$APACHE_CONFDIR" ] ; then
if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
DIR_SUFFIX="${APACHE_CONFDIR##/etc/apache2-}"
else
DIR_SUFFIX=
fi
elif [ "${SCRIPTNAME##apache2-}" != "$SCRIPTNAME" ] ; then
DIR_SUFFIX="-${SCRIPTNAME##apache2-}"
APACHE_CONFDIR=/etc/apache2$DIR_SUFFIX
else
DIR_SUFFIX=
APACHE_CONFDIR=/etc/apache2
fi
if [ -z "$APACHE_ENVVARS" ] ; then
APACHE_ENVVARS=$APACHE_CONFDIR/envvars
fi
export APACHE_CONFDIR APACHE_ENVVARS
ENV="env -i LANG=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
if [ "$APACHE_CONFDIR" != /etc/apache2 ] ; then
ENV="$ENV APACHE_CONFDIR=$APACHE_CONFDIR"
fi
if [ "$APACHE_ENVVARS" != "$APACHE_CONFDIR/envvars" ] ; then
ENV="$ENV APACHE_ENVVARS=$APACHE_ENVVARS"
fi
PIDFILE=$(. $APACHE_ENVVARS && echo $APACHE_PID_FILE)
VERBOSE=no
if [ -f /etc/default/rcS ]; then
. /etc/default/rcS
fi
. /lib/lsb/init-functions
# Now, set defaults:
APACHE2CTL="$ENV apache2ctl"
PIDFILE=$(. $APACHE_ENVVARS && echo $APACHE_PID_FILE)
APACHE2_INIT_MESSAGE=""
CONFTEST_OUTFILE=
cleanup() {
if [ -n "$CONFTEST_OUTFILE" ] ; then
rm -f "$CONFTEST_OUTFILE"
fi
}
trap cleanup 0 # "0" means "EXIT", but "EXIT" is not portable
apache_conftest() {
[ -z "$CONFTEST_OUTFILE" ] || rm -f "$CONFTEST_OUTFILE"
CONFTEST_OUTFILE=$(mktemp)
if ! $APACHE2CTL configtest > "$CONFTEST_OUTFILE" 2>&1 ; then
return 1
else
rm -f "$CONFTEST_OUTFILE"
CONFTEST_OUTFILE=
return 0
fi
}
clear_error_msg() {
[ -z "$CONFTEST_OUTFILE" ] || rm -f "$CONFTEST_OUTFILE"
CONFTEST_OUTFILE=
APACHE2_INIT_MESSAGE=
}
print_error_msg() {
[ -z "$APACHE2_INIT_MESSAGE" ] || log_warning_msg "$APACHE2_INIT_MESSAGE"
if [ -n "$CONFTEST_OUTFILE" ] ; then
echo "Output of config test was:" >&2
cat "$CONFTEST_OUTFILE" >&2
rm -f "$CONFTEST_OUTFILE"
CONFTEST_OUTFILE=
fi
}
apache_wait_start() {
local STATUS=$1
local i=0
if [ $STATUS != 0 ] ; then
return $STATUS
fi
while : ; do
PIDTMP=$(pidofproc -p $PIDFILE $DAEMON)
if [ -n "${PIDTMP:-}" ] && kill -0 "${PIDTMP:-}" 2> /dev/null; then
return $STATUS
fi
if [ $i = "20" ] ; then
APACHE2_INIT_MESSAGE="The apache2$DIR_SUFFIX instance did not start within 20 seconds. Please read the log files to discover problems"
return 2
fi
[ "$VERBOSE" != no ] && log_progress_msg "."
sleep 1
i=$(($i+1))
done
}
apache_wait_stop() {
local STATUS=$1
local METH=$2
if [ $STATUS != 0 ] ; then
return $STATUS
fi
PIDTMP=$(pidofproc -p $PIDFILE $DAEMON)
if [ -n "${PIDTMP:-}" ] && kill -0 "${PIDTMP:-}" 2> /dev/null; then
if [ "$METH" = "kill" ]; then
killproc -p $PIDFILE $DAEMON
else
$APACHE2CTL $METH > /dev/null 2>&1
fi
local i=0
while kill -0 "${PIDTMP:-}" 2> /dev/null; do
if [ $i = '60' ]; then
STATUS=2
break
fi
[ "$VERBOSE" != no ] && log_progress_msg "."
sleep 1
i=$(($i+1))
done
return $STATUS
else
return $STATUS
fi
}
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
if pidofproc -p $PIDFILE "$DAEMON" > /dev/null 2>&1 ; then
return 1
fi
if apache_conftest ; then
$APACHE2CTL start
apache_wait_start $?
return $?
else
APACHE2_INIT_MESSAGE="The apache2$DIR_SUFFIX configtest failed."
return 2
fi
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
# either "stop" or "graceful-stop"
local STOP=$1
# can't use pidofproc from LSB here
local AP_RET=0
if pidof $DAEMON > /dev/null 2>&1 ; then
if [ -e $PIDFILE ] && pidof $DAEMON | tr ' ' '\n' | grep -w $(cat $PIDFILE) > /dev/null 2>&1 ; then
AP_RET=2
else
AP_RET=1
fi
else
AP_RET=0
fi
# AP_RET is:
# 0 if Apache (whichever) is not running
# 1 if Apache (whichever) is running
# 2 if Apache from the PIDFILE is running
if [ $AP_RET = 0 ] ; then
return 1
fi
if [ $AP_RET = 2 ] && apache_conftest ; then
apache_wait_stop $? $STOP
return $?
else
if [ $AP_RET = 2 ]; then
clear_error_msg
APACHE2_INIT_MESSAGE="The apache2$DIR_SUFFIX configtest failed, so we are trying to kill it manually. This is almost certainly suboptimal, so please make sure your system is working as you'd expect now!"
apache_wait_stop $? "kill"
return $?
elif [ $AP_RET = 1 ] ; then
APACHE2_INIT_MESSAGE="There are processes named 'apache2' running which do not match your pid file which are left untouched in the name of safety, Please review the situation by hand".
return 2
fi
fi
}
#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
if apache_conftest; then
if ! pidofproc -p $PIDFILE "$DAEMON" > /dev/null 2>&1 ; then
APACHE2_INIT_MESSAGE="Apache2 is not running"
return 2
fi
$APACHE2CTL graceful > /dev/null 2>&1
return $?
else
APACHE2_INIT_MESSAGE="The apache2$DIR_SUFFIX configtest failed. Not doing anything."
return 2
fi
}
# Sanity checks. They need to occur after function declarations
[ -x $DAEMON ] || exit 0
if [ ! -x $DAEMON ] ; then
echo "No apache-bin package installed"
exit 0
fi
if [ -z "$PIDFILE" ] ; then
echo ERROR: APACHE_PID_FILE needs to be defined in $APACHE_ENVVARS >&2
exit 2
fi
case "$1" in
start)
log_daemon_msg "Starting $DESC" "$NAME"
do_start
RET_STATUS=$?
case "$RET_STATUS" in
0|1)
log_success_msg
[ "$VERBOSE" != no ] && [ $RET_STATUS = 1 ] && log_warning_msg "Server was already running"
;;
2)
log_failure_msg
print_error_msg
exit 1
;;
esac
;;
stop|graceful-stop)
log_daemon_msg "Stopping $DESC" "$NAME"
do_stop "$1"
RET_STATUS=$?
case "$RET_STATUS" in
0|1)
log_success_msg
[ "$VERBOSE" != no ] && [ $RET_STATUS = 1 ] && log_warning_msg "Server was not running"
;;
2)
log_failure_msg
print_error_msg
exit 1
;;
esac
print_error_msg
;;
status)
status_of_proc -p $PIDFILE "apache2" "$NAME"
exit $?
;;
reload|force-reload|graceful)
log_daemon_msg "Reloading $DESC" "$NAME"
do_reload
RET_STATUS=$?
case "$RET_STATUS" in
0|1)
log_success_msg
[ "$VERBOSE" != no ] && [ $RET_STATUS = 1 ] && log_warning_msg "Server was already running"
;;
2)
log_failure_msg
print_error_msg
exit 1
;;
esac
print_error_msg
;;
restart)
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop stop
case "$?" in
0|1)
do_start
case "$?" in
0)
log_end_msg 0
;;
1|*)
log_end_msg 1 # Old process is still or failed to running
print_error_msg
exit 1
;;
esac
;;
*)
# Failed to stop
log_end_msg 1
print_error_msg
exit 1
;;
esac
;;
start-htcacheclean|stop-htcacheclean)
echo "Use 'service apache-htcacheclean' instead"
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|graceful-stop|restart|reload|force-reload}" >&2
exit 3
;;
esac
exit 0

11
debian/apache2.install vendored Normal file
View file

@ -0,0 +1,11 @@
debian/a2enmod /usr/sbin
debian/a2query /usr/sbin
debian/apache2ctl /usr/sbin
debian/ask-for-passphrase /usr/share/apache2/
debian/bash_completion/a2enmod /usr/share/bash-completion/completions/
debian/config-dir/*-available /etc/apache2
debian/config-dir/*.conf /etc/apache2
debian/config-dir/envvars /etc/apache2
debian/config-dir/magic /etc/apache2
debian/debhelper/apache2-maintscript-helper /usr/share/apache2/
debian/apache2-utils.ufw.profile /etc/ufw/applications.d/

13
debian/apache2.links vendored Normal file
View file

@ -0,0 +1,13 @@
usr/sbin/a2enmod usr/sbin/a2disconf
usr/sbin/a2enmod usr/sbin/a2dismod
usr/sbin/a2enmod usr/sbin/a2dissite
usr/sbin/a2enmod usr/sbin/a2enconf
usr/sbin/a2enmod usr/sbin/a2ensite
usr/sbin/apache2ctl usr/sbin/apachectl
usr/share/bash-completion/completions/a2enmod usr/share/bash-completion/completions/a2disconf
usr/share/bash-completion/completions/a2enmod usr/share/bash-completion/completions/a2dismod
usr/share/bash-completion/completions/a2enmod usr/share/bash-completion/completions/a2dissite
usr/share/bash-completion/completions/a2enmod usr/share/bash-completion/completions/a2enconf
usr/share/bash-completion/completions/a2enmod usr/share/bash-completion/completions/a2ensite
usr/share/bug/apache2-bin/control usr/share/bug/apache2/control
usr/share/bug/apache2-bin/script usr/share/bug/apache2/script

12
debian/apache2.lintian-overrides vendored Normal file
View file

@ -0,0 +1,12 @@
# Log files must not be world readable because they may contain sensitive
# information
non-standard-dir-perm 0750 != 0755 *var/log/apache2/*
# The default configuration refers to this directory. Thus it should exist on
# default installations.
package-contains-empty-directory [*usr/lib/cgi-bin/*]
# Apache uses var/www/html/ as a new default document root
# See #730372 and https://lists.debian.org/debian-devel/2012/04/msg00301.html
dir-or-file-in-var-www *var/www/html/*
# Second update-rc.d call is to disable the service
duplicate-updaterc.d-calls-in-postinst apache-htcacheclean *

20
debian/apache2.logrotate vendored Normal file
View file

@ -0,0 +1,20 @@
/var/log/apache2/*.log {
daily
missingok
rotate 14
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then
run-parts /etc/logrotate.d/httpd-prerotate
fi
endscript
postrotate
if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
invoke-rc.d apache2 reload 2>&1 | logger -t apache2.logrotate
fi
endscript
}

9
debian/apache2.manpages vendored Normal file
View file

@ -0,0 +1,9 @@
debian/manpages/a2disconf.8
debian/manpages/a2dismod.8
debian/manpages/a2dissite.8
debian/manpages/a2enconf.8
debian/manpages/a2enmod.8
debian/manpages/a2ensite.8
debian/manpages/a2query.8
debian/manpages/apache2ctl.8
debian/manpages/apachectl.8

7
debian/apache2.monit vendored Normal file
View file

@ -0,0 +1,7 @@
check process apache2 with pidfile /var/run/apache2.pid
group www
start program = "service apache2 start"
stop program = "service apache2 stop"
if failed host localhost port 80
protocol HTTP request "/" then restart
if 5 restarts within 5 cycles then timeout

294
debian/apache2.postinst vendored Normal file
View file

@ -0,0 +1,294 @@
#! /bin/bash
# postinst script
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
#
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
#
is_fresh_install()
{
if [ -z "$2" ] ; then
return 0
fi
return 1
}
enable_default_mpm()
{
if is_fresh_install $@ ; then
a2enmod -m -q mpm_event
fi
}
enable_default_modules()
{
if is_fresh_install $@; then
for module in authz_host auth_basic access_compat authn_file authz_user \
alias dir autoindex \
env mime negotiation setenvif \
filter deflate \
status reqtimeout ; do
a2enmod -m -q $module
done
fi
if [ -z "$2" ] ; then
return 0
fi
}
enable_default_conf()
{
if is_fresh_install $@ ; then
for conf in charset localized-error-pages other-vhosts-access-log \
security serve-cgi-bin ; do
a2enconf -m -q $conf
done
fi
}
install_default_site()
{
if is_fresh_install $@ ; then
if [ ! -L /etc/apache2/sites-enabled/000-default.conf -a \
! -f /etc/apache2/sites-enabled/000-default.conf ]; then
a2ensite -q 000-default
fi
touch /var/log/apache2/error.log /var/log/apache2/access.log
chown root:adm /var/log/apache2/error.log /var/log/apache2/access.log
chmod 0640 /var/log/apache2/error.log /var/log/apache2/access.log
touch /var/log/apache2/other_vhosts_access.log
chown root:adm /var/log/apache2/other_vhosts_access.log
chmod 0640 /var/log/apache2/other_vhosts_access.log
fi
}
is_problematic_index_html () {
local FILE="$1"
[ -f "$FILE" ] || return 1
local MD5=$(md5sum "$FILE" 2> /dev/null |cut -d' ' -f 1)
[ -n "$MD5" ] || return 1
grep -q "$MD5" <<- EOF
1736dfc80cf1f5a8966c096a0b094377
776221a94e5a174dc2396c0f3f6b6a74
51a41c3207374dad24ec64a0f2646bdc
c481228d439cbb54bdcedbaec5bbb11a
3183a3d71d86bcc88aaf3ca5cbbefb45
74cec59a19e5d16f7cc6a2445e35fa3b
EOF
}
# XXX: This site is installed in the apache2-data package. Should the postinst
# scriptlet move there too?
install_default_files()
{
if is_fresh_install $@ ; then
local do_copy=true
local dir ext
for dir in /var/www /var/www/html ; do
for ext in html cgi pl php xhtml htm ; do
if [ -e $dir/index.$ext ] ; then
do_copy=false
break 2
fi
done
if [ -h $dir/index.html ] ; then
do_copy=false
break
fi
done
if $do_copy ; then
cp /usr/share/apache2/default-site/index.html /var/www/html/index.html
fi
else
# see #821313
for dir in /var/www /var/www/html ; do
local file=$dir/index.html
if is_problematic_index_html $file ; then
cp /usr/share/apache2/default-site/index.html $file
fi
done
fi
}
start_htcacheclean ()
{
local action
if [ -x "/etc/init.d/apache-htcacheclean" ]; then
if [ -n "$2" ]; then
action=restart
else
action=start
fi
invoke-rc.d apache-htcacheclean $action || true
fi
}
disable_htcacheclean()
{
if deb-systemd-helper debian-installed apache-htcacheclean.service; then
deb-systemd-helper disable apache-htcacheclean.service >/dev/null || true
fi
update-rc.d apache-htcacheclean disable >/dev/null
}
# The apache-htcacheclean service is disabled by default. Can't use
# debhelper. The update-rc.d 'disable' call must come after the 'defaults'
# call, or the former will fail.
handle_htcacheclean ()
{
if dpkg --compare-versions "$2" lt "2.4.18-2~"; then
# Disable on initial installation or when upgrading from an old
# version without that init script and with the module disabled
# (or when configured to run from cron)
if [ ! -e "/etc/apache2/mods-enabled/cache_disk.load" ]; then
disable_htcacheclean
return
elif (. /etc/default/apache-htcacheclean && [ "$HTCACHECLEAN_MODE" = "cron" ]); then
disable_htcacheclean
return
fi
fi
# Restart it if applicable
start_htcacheclean "$@"
}
msg ()
{
local PRIORITY="$1"
local MSG="$2"
echo "$PRIORITY: $MSG"
if type logger > /dev/null 2>&1 ; then
logger -p daemon.$PRIORITY -t apache2.postinst "$MSG" || true
fi
}
execute_deferred_actions ()
{
if [ ! -e /var/lib/apache2/deferred_actions ]; then
return 0
fi
local error=false
cat /var/lib/apache2/deferred_actions |
while read PACKAGE FUNCTION ARG1 ARG2 ARG3
do
if ! dpkg-query -f '${Status}' -W "$PACKAGE"|egrep -q 'installed|triggers-awaited|triggers-pending' ; then
# If the package has been removed again, skip the actions
continue
fi
case "$FUNCTION" in
apache2_invoke)
case "$ARG1" in
enmod|dismod|enconf|disconf|ensite|dissite)
# We can ignore reload/restart in ARG3 because apache2 has not
# been started, yet.
msg "info" "Executing deferred 'a2$ARG1 $ARG2' for package $PACKAGE"
a2$ARG1 -m -q "$ARG2"
;;
*)
msg "error" "'apache2_invoke $ARG1' in /var/lib/apache2/deferred_actions invalid"
error=true
esac
;;
apache2_switch_mpm)
local MPM="$ARG1"
local CUR_MPM="$(ls /etc/apache2/mods-enabled/mpm_*.load | grep -e event -e prefork -e worker)"
CUR_MPM="${CUR_MPM##*/mpm_}"
CUR_MPM="${CUR_MPM%.load}"
if [ ! -e /etc/apache2/mods-available/mpm_$MPM.load ] ; then
msg "error" "mpm $MPM not found in 'apache2_switch_mpm $ARG1' for package $PACKAGE"
error=true
elif [ -e /etc/apache2/mods-enabled/mpm_$MPM.load ] ; then
msg "info" "Switch to mpm $MPM for package $PACKAGE: No action required"
else
msg "info" "Switch to mpm $MPM for package $PACKAGE"
if ! a2dismod -m -q "mpm_$CUR_MPM" ||
! a2enmod -m -q "mpm_$MPM"
then
msg "error" "Switching to mpm $MPM failed"
error=true
fi
fi
;;
*)
msg "ERROR: function '$FUNCTION' in /var/lib/apache2/deferred_actions invalid"
;;
esac
done
if $error ; then
msg "error" "Some deferred actions failed. You will need to fix the configuration manually."
fi
rm /var/lib/apache2/deferred_actions
}
list_fixup_conffiles () {
cat <<- EOF
/etc/bash_completion.d/apache2
/etc/apache2/sites-available/000-default.conf
/etc/apache2/sites-available/default-ssl.conf
/etc/apache2/conf-available/charset.conf
/etc/apache2/conf-available/localized-error-pages.conf
/etc/apache2/conf-available/other-vhosts-access-log.conf
/etc/apache2/conf-available/security.conf
EOF
}
case "$1" in
configure)
enable_default_mpm $@
install_default_files $@
enable_default_modules $@
enable_default_conf $@
install_default_site $@
execute_deferred_actions
;;
abort-upgrade)
;;
abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
#DEBHELPER#
# Deal with htcacheclean after debhelper's initial init script handling
case "$1" in
configure)
handle_htcacheclean $@
;;
abort-upgrade)
start_htcacheclean $@
;;
esac
exit 0

90
debian/apache2.postrm vendored Normal file
View file

@ -0,0 +1,90 @@
#!/bin/sh
# postrm script for apache2
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <postrm> `remove'
# * <postrm> `purge'
# * <old-postrm> `upgrade' <new-version>
# * <new-postrm> `failed-upgrade' <old-version>
# * <new-postrm> `abort-install'
# * <new-postrm> `abort-install' <old-version>
# * <new-postrm> `abort-upgrade' <old-version>
# * <disappearer's-postrm> `disappear' <overwriter>
# <overwriter-version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
is_default_index_html () {
local FILE="$1"
[ -f "$FILE" ] || return 1
local MD5=$(md5sum "$FILE" 2> /dev/null |cut -d' ' -f 1) ||
return 1
grep -q "$MD5" <<- EOF
1736dfc80cf1f5a8966c096a0b094377
21dde95d9d269cbb2fa6560309dca40c
3183a3d71d86bcc88aaf3ca5cbbefb45
51a41c3207374dad24ec64a0f2646bdc
5388f60d7695cb57b87c799ee62d20b2
74cec59a19e5d16f7cc6a2445e35fa3b
776221a94e5a174dc2396c0f3f6b6a74
c481228d439cbb54bdcedbaec5bbb11a
e2620d4a5a0f8d80dd4b16de59af981f
58d03fa9125ca62b1019ce77c8accaa6
EOF
}
case "$1" in
purge)
for d in var/cache/apache2 \
var/cache/apache2/mod_cache_disk \
var/log/apache2 \
var/lib/apache2/conf \
var/lib/apache2/module \
var/lib/apache2/site ; do
[ -d $d ] && rm -rf $d
done
rm -f /var/lib/apache2/deferred_actions
for f in /etc/apache2/sites-enabled/* \
/etc/apache2/conf-enabled/* \
/etc/apache2/mods-enabled/* ; do
[ -L "$f" ] && rm -f "$f"
done
for d in /etc/apache2/sites-enabled/ \
/etc/apache2/mods-enabled/ \
/etc/apache2/conf-enabled/ \
/etc/apache2 \
/var/cache/apache2 \
/var/run/apache2 \
/var/lock/apache2 ; do
rmdir $d 2> /dev/null || true
done
if is_default_index_html /var/www/html/index.html ; then
rm -f /var/www/html/index.html
fi
;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
;;
*)
echo "postrm called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0

111
debian/apache2.preinst.in vendored Normal file
View file

@ -0,0 +1,111 @@
#! /bin/bash
# preinst script for apache2
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <new-preinst> `install'
# * <new-preinst> `install' <old-version>
# * <new-preinst> `upgrade' <old-version>
# * <old-preinst> `abort-upgrade' <new-version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
FIXUP_TEMPFILE=
# During the migration of conffiles from apache2.2-common to apache2,
# some things may have gone wrong.
# * Some conffiles may have been left with obsolete content. These
# have an md5sum in this list.
# * Some other conffiles may have been removed but dpkg still thinks that
# they belong to apache2.2-common. A few of these have been re-introduced,
# but dpkg being confused about their state causes dpkg to think the
# admin has removed them and to not create the new content.
# These have a 'restore' instead of a md5 in the list.
list_fixup_conffiles () {
cat <<- EOF
/etc/bash_completion.d/apache2 6a5f85e62655f6b5c8fa0f95c7c35c9c removed
/etc/apache2/sites-available/000-default.conf 2cc450cf300a880abbc3767fc002477d
/etc/apache2/sites-available/default-ssl.conf 196d150beeaeaf845ece50d7e84e12de
/etc/apache2/conf-available/charset.conf e6fbb8adf631932851d6cc522c1e48d7
/etc/apache2/conf-available/localized-error-pages.conf 844ba27ddb794fc6967bfb56b950e6a8
/etc/apache2/conf-available/other-vhosts-access-log.conf 2cad303fc4221d6b0068a8b37597b9fb
/etc/apache2/conf-available/security.conf 0f644d9d04ad556f44f1e65674bc07dc
/etc/apache2/mods-available/cern_meta.load restore
/etc/apache2/mods-available/ident.load restore
/etc/apache2/mods-available/imagemap.load restore
EOF
}
create_fixup_conffiles_tgz () {
FIXUP_TEMPFILE=$(mktemp)
base64 -d > $FIXUP_TEMPFILE << EOF
XXX_FIXUP_CONFFILES_BASE64_XXX
EOF
}
extract_fixup_conffile () {
local FILE=$1
local BASENAME=${FILE##*/}
tar -xz -O -f $FIXUP_TEMPFILE $BASENAME > $FILE
}
replace_broken_conffiles () {
local FILE
local MD5
create_fixup_conffiles_tgz
while read FILE MD5 REMOVED ; do
if [ -f "$FILE" ] && md5sum "$FILE" | grep -q "^$MD5 " ; then
echo "Replacing broken conffile ${FILE}."
mv "$FILE" "${FILE}.dpkg-remove-fixup"
if [ -z "$REMOVED" ] ; then
extract_fixup_conffile "$FILE"
fi
elif [ ! -e "$FILE" ] && [ "$MD5" = "restore" ] ; then
echo "Restoring lost conffile ${FILE}."
extract_fixup_conffile "$FILE"
fi
done
rm -f "$FIXUP_TEMPFILE"
}
revert_broken_conffiles () {
local FILE
local MD5
local REMOVE
while read FILE MD5 REMOVED; do
if [ -f "$FILE.dpkg-remove-fixup" ]; then
echo "Moving broken conffile $FILE back."
mv "${FILE}.dpkg-remove-fixup" "$FILE"
fi
done
}
case "$1" in
upgrade|install)
if dpkg --compare-versions "$2" lt-nl "2.4.23-3~" ; then
list_fixup_conffiles | replace_broken_conffiles
fi
;;
abort-upgrade)
list_fixup_conffiles | revert_broken_conffiles
;;
*)
echo "preinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0

9
debian/apache2.prerm vendored Normal file
View file

@ -0,0 +1,9 @@
#!/bin/sh
set -e
# If upgrading, postinst will restart. So we only need stop if removing.
if [ -x "/etc/init.d/apache-htcacheclean" ] && [ "$1" = remove ] ; then
invoke-rc.d apache-htcacheclean stop || true
fi
#DEBHELPER#

18
debian/apache2.service vendored Normal file
View file

@ -0,0 +1,18 @@
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
Documentation=https://httpd.apache.org/docs/2.4/
[Service]
Type=forking
Environment=APACHE_STARTED_BY_SYSTEMD=true
ExecStart=/usr/sbin/apachectl start
ExecStop=/usr/sbin/apachectl graceful-stop
ExecReload=/usr/sbin/apachectl graceful
KillMode=mixed
PrivateTmp=true
Restart=on-abort
OOMPolicy=continue
[Install]
WantedBy=multi-user.target

18
debian/apache2@.service vendored Normal file
View file

@ -0,0 +1,18 @@
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
ConditionPathIsDirectory=/etc/apache2-%i
Documentation=https://httpd.apache.org/docs/2.4/
[Service]
Type=forking
Environment=APACHE_CONFDIR=/etc/apache2-%i APACHE_STARTED_BY_SYSTEMD=true
ExecStart=/usr/sbin/apachectl start
ExecStop=/usr/sbin/apachectl graceful-stop
ExecReload=/usr/sbin/apachectl graceful
KillMode=mixed
PrivateTmp=true
Restart=on-abort
[Install]
WantedBy=multi-user.target

220
debian/apache2ctl vendored Executable file
View file

@ -0,0 +1,220 @@
#!/bin/sh
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# Apache control script designed to allow an easy command line interface
# to controlling Apache. Written by Marc Slemko, 1997/08/23
#
# Heavily modified for Debian by Stefan Fritsch 2007-2010
#
# The exit codes returned are:
# XXX this doc is no longer correct now that the interesting
# XXX functions are handled by httpd
# 0 - operation completed successfully
# 1 -
# 2 - usage error
# 3 - httpd could not be started
# 4 - httpd could not be stopped
# 5 - httpd could not be started during a restart
# 6 - httpd could not be restarted during a restart
# 7 - httpd could not be restarted during a graceful restart
# 8 - configuration syntax error
#
# When multiple arguments are given, only the error from the _last_
# one is reported. Run "apachectl help" for usage info
#
set -e
ARGV="$@"
#
# |||||||||||||||||||| START CONFIGURATION SECTION ||||||||||||||||||||
# -------------------- --------------------
#
# main configuration directory
if test -z "$APACHE_CONFDIR" ; then
if test "${0##*apache2ctl-}" != "$0" ; then
APACHE_CONFDIR="/etc/apache2-${0##*apache2ctl-}"
else
APACHE_CONFDIR=/etc/apache2
fi
fi
SUFFIX="${APACHE_CONFDIR##/etc/apache2-}"
case "$SUFFIX" in
/etc/apache2)
SUFFIX=""
;;
*)
SUFFIX="@$SUFFIX"
;;
esac
APACHE_SYSTEMD_SERVICE="apache2$SUFFIX"
# the path to the environment variable file
test -z "$APACHE_ENVVARS" && APACHE_ENVVARS="$APACHE_CONFDIR/envvars"
# pick up any necessary environment variables
if test -f $APACHE_ENVVARS; then
. $APACHE_ENVVARS
fi
if test "$APACHE_CONFDIR" != /etc/apache2 ; then
APACHE_ARGUMENTS="-d $APACHE_CONFDIR $APACHE_ARGUMENTS"
fi
# the following APACHE_* variables should be set in /etc/apache2/envvars
#
# the path to your httpd binary, including options if necessary
HTTPD=${APACHE_HTTPD:-/usr/sbin/apache2}
#
# a command that outputs a formatted text version of the HTML at the
# url given on the command line. Designed for lynx, however other
# programs may work.
LYNX="${APACHE_LYNX:-www-browser -dump}"
#
# the URL to your server's mod_status status page. If you do not
# have one, then status and fullstatus will not work.
STATUSURL="${APACHE_STATUSURL:-http://localhost:80/server-status}"
#
# Set this variable to a command that increases the maximum
# number of file descriptors allowed per child process. This is
# critical for configurations that use many file descriptors,
# such as mass vhosting, or a multithreaded server.
ULIMIT_MAX_FILES="${APACHE_ULIMIT_MAX_FILES:-ulimit -n 8192}"
# -------------------- --------------------
# |||||||||||||||||||| END CONFIGURATION SECTION ||||||||||||||||||||
# Set the maximum number of file descriptors allowed per child process.
if [ "x$ULIMIT_MAX_FILES" != "x" ] && [ `id -u` -eq 0 ] ; then
if ! $ULIMIT_MAX_FILES ; then
echo Setting ulimit failed. See README.Debian for more information. >&2
fi
fi
ERROR=0
if [ "x$ARGV" = "x" ] || [ "x$ARGV" = "xusage" ] || [ "x$ARGV" = "xhelp" ] || [ "x$ARGV" = "x--help" ]; then
echo "Usage: $0 start|stop|restart|graceful|graceful-stop|configtest|status|fullstatus|help" >&2
echo " $0 <apache2 args>" >&2
echo " $0 -h (for help on <apache2 args>)" >&2
exit 1
fi
get_status () {
if ! $LYNX $STATUSURL ; then
echo "'$LYNX $STATUSURL'" failed. >&2
echo Maybe you need to install a package providing www-browser or you >&2
echo need to adjust the APACHE_LYNX variable in /etc/apache2/envvars >&2
exit 1
fi
}
mkdir_chown () {
local OWNER="$1"
local DIR="$2"
local STAT="$(LC_ALL=C stat -c %F:%U $DIR 2> /dev/null || true)"
if [ "$STAT" = "" ] ; then
local TMPNAME=$(mktemp -d $DIR.XXXXXXXXXX) || exit 1
chmod 755 $TMPNAME || exit 1
chown $OWNER $TMPNAME || exit 1
if ! mv -T $TMPNAME $DIR 2> /dev/null; then
rmdir $TMPNAME
# check for race with other apachectl
if [ "$(LC_ALL=C stat -c %F:%U $DIR 2>/dev/null)" != "directory:$OWNER" ]
then
echo Cannot create $DIR with owner $OWNER.
echo Please fix manually. Aborting.
exit 1
fi
fi
elif [ "$STAT" != "directory:$OWNER" ] ; then
echo $DIR already exists but is not a directory owned by $OWNER.
echo Please fix manually. Aborting.
exit 1
fi
}
[ ! -d ${APACHE_RUN_DIR:-/var/run/apache2} ] && mkdir -p ${APACHE_RUN_DIR:-/var/run/apache2}
[ ! -d ${APACHE_RUN_DIR:-/var/run/apache2}/socks ] && mkdir_chown ${APACHE_RUN_USER:-www-data} ${APACHE_RUN_DIR:-/var/run/apache2}/socks
[ ! -d ${APACHE_LOCK_DIR:-/var/lock/apache2} ] && mkdir_chown ${APACHE_RUN_USER:-www-data} ${APACHE_LOCK_DIR:-/var/lock/apache2}
case "$ARGV" in
start)
# ssl_scache shouldn't be here if we're just starting up.
# (this is bad if there are several apache2 instances running)
[ -e ${APACHE_RUN_DIR:-/var/run/apache2}/*ssl_scache* ] && rm -f ${APACHE_RUN_DIR:-/var/run/apache2}/*ssl_scache*
need_systemd=false
if [ -z "$APACHE_STARTED_BY_SYSTEMD" ] ; then
case "$(readlink -f /proc/1/exe)" in
*systemd*)
need_systemd=true
;;
*)
;;
esac
fi
if $need_systemd ; then
# If running on systemd we should not start httpd without systemd
# or systemd will get confused about the status of httpd.
echo "Invoking 'systemctl start $APACHE_SYSTEMD_SERVICE'."
echo "Use 'systemctl status $APACHE_SYSTEMD_SERVICE' for more info."
systemctl start "$APACHE_SYSTEMD_SERVICE"
else
unset APACHE_STARTED_BY_SYSTEMD
$HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"
fi
ERROR=$?
;;
stop|graceful-stop)
$HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"
ERROR=$?
;;
restart|graceful)
if $HTTPD ${APACHE_ARGUMENTS} -t 2> /dev/null ; then
$HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"
else
$HTTPD ${APACHE_ARGUMENTS} -t
fi
ERROR=$?
;;
startssl|sslstart|start-SSL)
echo The startssl option is no longer supported.
echo Please edit httpd.conf to include the SSL configuration settings
echo and then use "apachectl start".
ERROR=2
;;
configtest)
$HTTPD ${APACHE_ARGUMENTS} -t
ERROR=$?
;;
status)
get_status | awk ' /process$/ { print; exit } { print } '
;;
fullstatus)
get_status
;;
*)
$HTTPD ${APACHE_ARGUMENTS} "$@"
ERROR=$?
esac
if [ "$ERROR" != 0 ] ; then
echo Action \'"$@"\' failed.
echo The Apache error log may have more information.
fi
exit $ERROR

48
debian/ask-for-passphrase vendored Executable file
View file

@ -0,0 +1,48 @@
#!/bin/bash
#
# ask-for-passphrase - designed to be used by SSLPassPhraseDialog exec:
#
# Copyright Canonical, Ltd. 2010, All Rights Reserved
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
sitename=$1
keytype=$2
log="logger -p daemon.err -t apache2"
prompt="Enter passphrase for SSL/TLS keys for $sitename ($keytype):"
# Apache gives us a pipe for stdin, but we want to
# talk to apache's terminal.
tty=`tty < /proc/${PPID}/fd/0`
if [ "$tty" = "not a tty" ] ; then
if [ -x /bin/systemd-ask-password ] ; then
exec /bin/systemd-ask-password --timeout=0 "$prompt"
elif [ -x /bin/plymouth ] && plymouth --ping ; then
echo $prompt | logger
exec plymouth ask-for-password --prompt="$prompt"
else
$log "No way to ask user for passphrase"
exit 1
fi
$log "Passphrase prompt failed"
exit 1
fi
# We must not print anything on stdout except the passphrase
read -s -p "$prompt" passphrase > $tty 2>&1 < $tty
echo > $tty
echo "$passphrase"

89
debian/bash_completion/a2enmod vendored Normal file
View file

@ -0,0 +1,89 @@
# bash completion for Debian apache2 configuration tools
_apache2_allcomp()
{
command ls /etc/apache2/$1 2>/dev/null
}
_apache2_mods()
{
COMPREPLY=( $( compgen -W '$( _apache2_allcomp $1 \
| sed -e 's/[.]load$//' -e 's/[.]conf$//' )' -- $cur ) )
}
_apache2_sites()
{
COMPREPLY=( $( compgen -W '$( _apache2_allcomp $1 )' -- $cur ) )
}
_apache2_conf()
{
COMPREPLY=( $( compgen -W '$( _apache2_allcomp $1 \
| sed -e 's/[.]conf$//' )' -- $cur ) )
}
_a2enmod()
{
local cur
COMPREPLY=()
cur=${COMP_WORDS[COMP_CWORD]}
_apache2_mods mods-available
}
complete -F _a2enmod a2enmod
_a2ensite()
{
local cur
COMPREPLY=()
cur=${COMP_WORDS[COMP_CWORD]}
_apache2_sites sites-available
}
complete -F _a2ensite a2ensite
_a2enconf()
{
local cur
COMPREPLY=()
cur=${COMP_WORDS[COMP_CWORD]}
_apache2_conf conf-available
}
complete -F _a2enconf a2enconf
_a2dismod()
{
local cur
COMPREPLY=()
cur=${COMP_WORDS[COMP_CWORD]}
_apache2_mods mods-enabled
}
complete -F _a2dismod a2dismod
_a2dissite()
{
local cur
COMPREPLY=()
cur=${COMP_WORDS[COMP_CWORD]}
_apache2_sites sites-enabled
}
complete -F _a2dissite a2dissite
_a2disconf()
{
local cur
COMPREPLY=()
cur=${COMP_WORDS[COMP_CWORD]}
_apache2_conf conf-enabled
}
complete -F _a2disconf a2disconf

4794
debian/changelog vendored Normal file
View file

File diff suppressed because it is too large Load diff

22
debian/clean vendored Normal file
View file

@ -0,0 +1,22 @@
debian/apache2-suexec-custom.postinst
debian/apache2-suexec-custom.preinst
debian/apache2-suexec-custom.prerm
debian/apache2-suexec-custom.links
debian/apache2-suexec-custom.dirs
debian/apache2-suexec-custom.lintian-overrides
debian/apache2-suexec-pristine.postinst
debian/apache2-suexec-pristine.preinst
debian/apache2-suexec-pristine.prerm
debian/apache2-suexec-pristine.links
debian/apache2-suexec-pristine.dirs
debian/apache2-suexec-pristine.lintian-overrides
debian/a2query
debian/config-dir/apache2.conf
debian/manpages/a2query.8
debian/manpages/dh_apache2.1
debian/debhelper/dh_apache2
debian/apache2.preinst
debian/fixup_conffiles.b64
debian/fixup_conffiles.tgz
config.nice
support/suexec-custom.c

57
debian/clean_config_vars vendored Executable file
View file

@ -0,0 +1,57 @@
#! /usr/bin/perl
use strict;
my %FLAGS = {
'CFLAGS' => $ARGV[0],
'CPPFLAGS' => $ARGV[1],
'LDDFLAGS' => $ARGV[2],
'CXXFLAGS' => $ARGV[3],
};
sub clean_and_deduplicate {
my $arg = shift;
my $return_flags = "";
my @flags = split( /\s+/, $arg );
my %seen = ();
my @flags = grep { !$seen{$_}++ } @flags;
foreach my $flag (@flags) {
#print("FLAG: $flag\n");
$return_flags .= "$flag "
unless $flag =~ m/PLATFORM/
|| $flag =~ m/-DBUILD_DATETIME/
|| $flag =~ m/-fdebug-prefix-map/
|| $flag =~ m/-ffile-prefix-map/;
}
return $return_flags;
}
chdir("debian/tmp/usr/share/apache2/build/") || die("$1");
open( CONFIG_VARS, "<", "config_vars.mk" ) || die("config_vars.mk: $!");
open( TMP_CONFIG_VARS, ">", "tmp_config_vars.mk" )
|| die("tmp_config_vars.mk: $1");
while ( my $line = <CONFIG_VARS> ) {
chomp $line;
unless ( $line =~ m/(^|_)(LD|CPP|C|CXX)FLAGS/ ) {
print TMP_CONFIG_VARS "$line\n";
}
else {
my ( $flag, $value ) = split( /\s*=\s*/, $line, 2 );
if ( exists $FLAGS{$flag} ) {
$value .= ' ' . $FLAGS{$flag};
}
my $mangled = clean_and_deduplicate($value);
print "mangle: $flag: '$value' => '$mangled'\n";
printf TMP_CONFIG_VARS "%s = %s\n", $flag, $mangled;
}
}
close(CONFIG_VARS);
close(TMP_CONFIG_VARS);
unlink("config_vars.mk") || die("unlink: config_vars.mk: $1");
rename( "tmp_config_vars.mk", "config_vars.mk" )
|| die("rename: tmp_config_vars.mk: $1");

225
debian/config-dir/apache2.conf.in vendored Normal file
View file

@ -0,0 +1,225 @@
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.4/ for detailed information about
# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
# hints.
#
#
# Summary of how the Apache 2 configuration works in Debian:
# The Apache 2 web server configuration in Debian is quite different to
# upstream's suggested way to configure the web server. This is because Debian's
# default Apache2 installation attempts to make adding and removing modules,
# virtual hosts, and extra configuration directives as flexible as possible, in
# order to make automating the changes and administering the server as easy as
# possible.
# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
# /etc/apache2/
# |-- apache2.conf
# | `-- ports.conf
# |-- mods-enabled
# | |-- *.load
# | `-- *.conf
# |-- conf-enabled
# | `-- *.conf
# `-- sites-enabled
# `-- *.conf
#
#
# * apache2.conf is the main configuration file (this file). It puts the pieces
# together by including all remaining configuration files when starting up the
# web server.
#
# * ports.conf is always included from the main configuration file. It is
# supposed to determine listening ports for incoming connections which can be
# customized anytime.
#
# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
# directories contain particular configuration snippets which manage modules,
# global configuration fragments, or virtual host configurations,
# respectively.
#
# They are activated by symlinking available configuration files from their
# respective *-available/ counterparts. These should be managed by using our
# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
# their respective man pages for detailed information.
#
# * The binary is called apache2. Due to the use of environment variables, in
# the default configuration, apache2 needs to be started/stopped with
# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
# work with the default configuration.
# Global configuration
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
___MUTEX___Mutex file:${APACHE_LOCK_DIR} default
#
# The directory where shm and other runtime files will be stored.
#
DefaultRuntimeDir ${APACHE_RUN_DIR}
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log
#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# Include list of ports to listen on
Include ports.conf
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
#<Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf

6
debian/config-dir/conf-available/charset.conf vendored Normal file
View file

@ -0,0 +1,6 @@
# Read the documentation before enabling AddDefaultCharset.
# In general, it is only a good idea if you know that all your files
# have this encoding. It will override any encoding given in the files
# in meta http-equiv or xml encoding tags.
#AddDefaultCharset UTF-8

79
debian/config-dir/conf-available/localized-error-pages.conf vendored Normal file
View file

@ -0,0 +1,79 @@
# Customizable error responses come in three flavors:
# 1) plain text
# 2) local redirects
# 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections. We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line:
#
#Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
# even on a per-VirtualHost basis. If you include the Alias in the global server
# context, is has to come _before_ the 'Alias /error/ ...' line.
#
# The default include files will display your Apache version number and your
# ServerAdmin email address regardless of the setting of ServerSignature.
#
# WARNING: The configuration below will NOT work out of the box if you have a
# SetHandler directive in a <Location /> context somewhere. Adding
# the following three lines AFTER the <Location /> context should
# make it work in most cases:
# <Location /error/>
# SetHandler none
# </Location>
#
# The internationalized error documents require mod_alias, mod_include
# and mod_negotiation. To activate them, uncomment the following 37 lines.
#<IfModule mod_negotiation.c>
# <IfModule mod_include.c>
# <IfModule mod_alias.c>
#
# Alias /error/ "/usr/share/apache2/error/"
#
# <Directory "/usr/share/apache2/error">
# Options IncludesNoExec
# AddOutputFilter Includes html
# AddHandler type-map var
# Order allow,deny
# Allow from all
# LanguagePriority en cs de es fr it nl sv pt-br ro
# ForceLanguagePriority Prefer Fallback
# </Directory>
#
# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
# ErrorDocument 410 /error/HTTP_GONE.html.var
# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
# </IfModule>
# </IfModule>
#</IfModule>

2
debian/config-dir/conf-available/other-vhosts-access-log.conf vendored Normal file
View file

@ -0,0 +1,2 @@
# Define an access log for VirtualHosts that don't define their own logfile
CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined

58
debian/config-dir/conf-available/security.conf vendored Normal file
View file

@ -0,0 +1,58 @@
# Changing the following options will not really affect the security of the
# server, but might make attacks slightly more difficult in some cases.
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#ServerTokens Minimal
ServerTokens OS
#ServerTokens Full
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#ServerSignature Off
ServerSignature On
#
# Allow TRACE method
#
# Set to "extended" to also reflect the request body (only for testing and
# diagnostic purposes).
#
# Set to one of: On | Off | extended
TraceEnable Off
#TraceEnable On
#
# Forbid access to version control directories
#
# If you use version control systems in your document root, you should
# probably deny access to their directories.
#
# Examples:
#
#RedirectMatch 404 /\.git
#RedirectMatch 404 /\.svn
#
# Setting this header will prevent MSIE from interpreting files as something
# else than declared by the content type in the HTTP headers.
# Requires mod_headers to be enabled.
#
#Header set X-Content-Type-Options: "nosniff"
#
# Setting this header will prevent other sites from embedding pages from this
# site as frames. This defends against clickjacking attacks.
# Requires mod_headers to be enabled.
#
#Header set Content-Security-Policy "frame-ancestors 'self';"

18
debian/config-dir/conf-available/serve-cgi-bin.conf vendored Normal file
View file

@ -0,0 +1,18 @@
<IfModule mod_alias.c>
<IfModule mod_cgi.c>
Define ENABLE_USR_LIB_CGI_BIN
</IfModule>
<IfModule mod_cgid.c>
Define ENABLE_USR_LIB_CGI_BIN
</IfModule>
<IfDefine ENABLE_USR_LIB_CGI_BIN>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Require all granted
</Directory>
</IfDefine>
</IfModule>

47
debian/config-dir/envvars vendored Normal file
View file

@ -0,0 +1,47 @@
# envvars - default environment variables for apache2ctl
# this won't be correct after changing uid
unset HOME
# for supporting multiple apache2 instances
if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
else
SUFFIX=
fi
# Since there is no sane way to get the parsed apache2 config in scripts, some
# settings are defined via environment variables and then used in apache2ctl,
# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
# temporary state file location. This might be changed to /run in Wheezy+1
export APACHE_PID_FILE=/var/run/apache2$SUFFIX/apache2.pid
export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
## The locale used by some modules like mod_dav
export LANG=C
## Uncomment the following line to use the system default locale instead:
#. /etc/default/locale
export LANG
## The command to get the status for 'apache2ctl status'.
## Some packages providing 'www-browser' need '--dump' instead of '-dump'.
#export APACHE_LYNX='www-browser -dump'
## If you need a higher file descriptor limit, uncomment and adjust the
## following line (default is 8192):
#APACHE_ULIMIT_MAX_FILES='ulimit -n 65536'
## If you would like to pass arguments to the web server, add them below
## to the APACHE_ARGUMENTS environment.
#export APACHE_ARGUMENTS=''
## Enable the debug mode for maintainer scripts.
## This will produce a verbose output on package installations of web server modules and web application
## installations which interact with Apache
#export APACHE2_MAINTSCRIPT_DEBUG=1

935
debian/config-dir/magic vendored Normal file
View file

@ -0,0 +1,935 @@
# Magic data for mod_mime_magic (originally for file(1) command)
#
# The format is 4-5 columns:
# Column #1: byte number to begin checking from, ">" indicates continuation
# Column #2: type of data to match
# Column #3: contents of data to match
# Column #4: MIME type of result
# Column #5: MIME encoding of result (optional)
#------------------------------------------------------------------------------
# Localstuff: file(1) magic for locally observed files
# Add any locally observed files here.
# Real Audio (Magic .ra\0375)
0 belong 0x2e7261fd audio/x-pn-realaudio
0 string .RMF application/vnd.rn-realmedia
#video/x-pn-realvideo
#video/vnd.rn-realvideo
#application/vnd.rn-realmedia
# sigh, there are many mimes for that but the above are the most common.
# Taken from magic, converted to magic.mime
# mime types according to http://www.geocities.com/nevilo/mod.htm:
# audio/it .it
# audio/x-zipped-it .itz
# audio/xm fasttracker modules
# audio/x-s3m screamtracker modules
# audio/s3m screamtracker modules
# audio/x-zipped-mod mdz
# audio/mod mod
# audio/x-mod All modules (mod, s3m, 669, mtm, med, xm, it, mdz, stm, itz, xmz, s3z)
# Taken from loader code from mikmod version 2.14
# by Steve McIntyre (stevem@chiark.greenend.org.uk)
# <doj@cubic.org> added title printing on 2003-06-24
0 string MAS_UTrack_V00
>14 string >/0 audio/x-mod
#audio/x-tracker-module
#0 string UN05 MikMod UNI format module sound data
0 string Extended\ Module: audio/x-mod
#audio/x-tracker-module
##>17 string >\0 Title: "%s"
21 string/c \!SCREAM! audio/x-mod
#audio/x-screamtracker-module
21 string BMOD2STM audio/x-mod
#audio/x-screamtracker-module
1080 string M.K. audio/x-mod
#audio/x-protracker-module
#>0 string >\0 Title: "%s"
1080 string M!K! audio/x-mod
#audio/x-protracker-module
#>0 string >\0 Title: "%s"
1080 string FLT4 audio/x-mod
#audio/x-startracker-module
#>0 string >\0 Title: "%s"
1080 string FLT8 audio/x-mod
#audio/x-startracker-module
#>0 string >\0 Title: "%s"
1080 string 4CHN audio/x-mod
#audio/x-fasttracker-module
#>0 string >\0 Title: "%s"
1080 string 6CHN audio/x-mod
#audio/x-fasttracker-module
#>0 string >\0 Title: "%s"
1080 string 8CHN audio/x-mod
#audio/x-fasttracker-module
#>0 string >\0 Title: "%s"
1080 string CD81 audio/x-mod
#audio/x-oktalyzer-tracker-module
#>0 string >\0 Title: "%s"
1080 string OKTA audio/x-mod
#audio/x-oktalyzer-tracker-module
#>0 string >\0 Title: "%s"
# Not good enough.
#1082 string CH
#>1080 string >/0 %.2s-channel Fasttracker "oktalyzer" module sound data
1080 string 16CN audio/x-mod
#audio/x-taketracker-module
#>0 string >\0 Title: "%s"
1080 string 32CN audio/x-mod
#audio/x-taketracker-module
#>0 string >\0 Title: "%s"
# Impuse tracker module (it)
0 string IMPM audio/x-mod
#>4 string >\0 "%s"
#>40 leshort !0 compatible w/ITv%x
#>42 leshort !0 created w/ITv%x
#------------------------------------------------------------------------------
# end local stuff
#------------------------------------------------------------------------------
# xml based formats!
# svg
0 string \<?xml
# text/xml
>38 string \<\!DOCTYPE\040svg image/svg+xml
# xml
0 string \<?xml text/xml
#------------------------------------------------------------------------------
# Java
0 short 0xcafe
>2 short 0xbabe application/java
#------------------------------------------------------------------------------
# audio: file(1) magic for sound formats
#
# from Jan Nicolai Langfeldt <janl@ifi.uio.no>,
#
# Sun/NeXT audio data
0 string .snd
>12 belong 1 audio/basic
>12 belong 2 audio/basic
>12 belong 3 audio/basic
>12 belong 4 audio/basic
>12 belong 5 audio/basic
>12 belong 6 audio/basic
>12 belong 7 audio/basic
>12 belong 23 audio/x-adpcm
# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
# that uses little-endian encoding and has a different magic number
# (0x0064732E in little-endian encoding).
0 lelong 0x0064732E
>12 lelong 1 audio/x-dec-basic
>12 lelong 2 audio/x-dec-basic
>12 lelong 3 audio/x-dec-basic
>12 lelong 4 audio/x-dec-basic
>12 lelong 5 audio/x-dec-basic
>12 lelong 6 audio/x-dec-basic
>12 lelong 7 audio/x-dec-basic
# compressed (G.721 ADPCM)
>12 lelong 23 audio/x-dec-adpcm
# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM"
# AIFF audio data
8 string AIFF audio/x-aiff
# AIFF-C audio data
8 string AIFC audio/x-aiff
# IFF/8SVX audio data
8 string 8SVX audio/x-aiff
# Creative Labs AUDIO stuff
# Standard MIDI data
0 string MThd audio/unknown
#>9 byte >0 (format %d)
#>11 byte >1 using %d channels
# Creative Music (CMF) data
0 string CTMF audio/unknown
# SoundBlaster instrument data
0 string SBI audio/unknown
# Creative Labs voice data
0 string Creative\ Voice\ File audio/unknown
## is this next line right? it came this way...
#>19 byte 0x1A
#>23 byte >0 - version %d
#>22 byte >0 \b.%d
# [GRR 950115: is this also Creative Labs? Guessing that first line
# should be string instead of unknown-endian long...]
#0 long 0x4e54524b MultiTrack sound data
#0 string NTRK MultiTrack sound data
#>4 long x - version %ld
# Microsoft WAVE format (*.wav)
# [GRR 950115: probably all of the shorts and longs should be leshort/lelong]
# Microsoft RIFF
0 string RIFF
# - WAVE format
>8 string WAVE audio/x-wav
>8 string/B AVI video/x-msvideo
#
>8 string CDRA image/x-coreldraw
# AAC (aka MPEG-2 NBC)
0 beshort&0xfff6 0xfff0 audio/X-HX-AAC-ADTS
0 string ADIF audio/X-HX-AAC-ADIF
0 beshort&0xffe0 0x56e0 audio/MP4A-LATM
0 beshort 0x4De1 audio/MP4A-LATM
# MPEG Layer 3 sound files
0 beshort&0xfffe =0xfffa audio/mpeg
#MP3 with ID3 tag
0 string ID3 audio/mpeg
# Ogg/Vorbis
0 string OggS application/ogg
#------------------------------------------------------------------------------
# c-lang: file(1) magic for C programs or various scripts
#
# XPM icons (Greg Roelofs, newt@uchicago.edu)
# ideally should go into "images", but entries below would tag XPM as C source
0 string /*\ XPM image/x-xpmi 7bit
# 3DS (3d Studio files)
#16 beshort 0x3d3d image/x-3ds
# this first will upset you if you're a PL/1 shop... (are there any left?)
# in which case rm it; ascmagic will catch real C programs
# C or REXX program text
#0 string /* text/x-c
# C++ program text
#0 string // text/x-c++
#------------------------------------------------------------------------------
# commands: file(1) magic for various shells and interpreters
#
#0 string :\ shell archive or commands for antique kernel text
0 string #!/bin/sh application/x-shellscript
0 string #!\ /bin/sh application/x-shellscript
0 string #!/bin/csh application/x-shellscript
0 string #!\ /bin/csh application/x-shellscript
# korn shell magic, sent by George Wu, gwu@clyde.att.com
0 string #!/bin/ksh application/x-shellscript
0 string #!\ /bin/ksh application/x-shellscript
0 string #!/bin/tcsh application/x-shellscript
0 string #!\ /bin/tcsh application/x-shellscript
0 string #!/usr/local/tcsh application/x-shellscript
0 string #!\ /usr/local/tcsh application/x-shellscript
0 string #!/usr/local/bin/tcsh application/x-shellscript
0 string #!\ /usr/local/bin/tcsh application/x-shellscript
# bash shell magic, from Peter Tobias (tobias@server.et-inf.fho-emden.de)
0 string #!/bin/bash application/x-shellscript
0 string #!\ /bin/bash application/x-shellscript
0 string #!/usr/local/bin/bash application/x-shellscript
0 string #!\ /usr/local/bin/bash application/x-shellscript
#
# zsh/ash/ae/nawk/gawk magic from cameron@cs.unsw.oz.au (Cameron Simpson)
0 string #!/bin/zsh application/x-shellscript
0 string #!/usr/bin/zsh application/x-shellscript
0 string #!/usr/local/bin/zsh application/x-shellscript
0 string #!\ /usr/local/bin/zsh application/x-shellscript
0 string #!/usr/local/bin/ash application/x-shellscript
0 string #!\ /usr/local/bin/ash application/x-shellscript
#0 string #!/usr/local/bin/ae Neil Brown's ae
#0 string #!\ /usr/local/bin/ae Neil Brown's ae
0 string #!/bin/nawk application/x-nawk
0 string #!\ /bin/nawk application/x-nawk
0 string #!/usr/bin/nawk application/x-nawk
0 string #!\ /usr/bin/nawk application/x-nawk
0 string #!/usr/local/bin/nawk application/x-nawk
0 string #!\ /usr/local/bin/nawk application/x-nawk
0 string #!/bin/gawk application/x-gawk
0 string #!\ /bin/gawk application/x-gawk
0 string #!/usr/bin/gawk application/x-gawk
0 string #!\ /usr/bin/gawk application/x-gawk
0 string #!/usr/local/bin/gawk application/x-gawk
0 string #!\ /usr/local/bin/gawk application/x-gawk
#
0 string #!/bin/awk application/x-awk
0 string #!\ /bin/awk application/x-awk
0 string #!/usr/bin/awk application/x-awk
0 string #!\ /usr/bin/awk application/x-awk
# update to distinguish from *.vcf files by Joerg Jenderek: joerg dot jenderek at web dot de
#0 regex BEGIN[[:space:]]*[{] application/x-awk
# For Larry Wall's perl language. The ``eval'' line recognizes an
# outrageously clever hack for USG systems.
# Keith Waclena <keith@cerberus.uchicago.edu>
0 string #!/bin/perl application/x-perl
0 string #!\ /bin/perl application/x-perl
0 string eval\ "exec\ /bin/perl application/x-perl
0 string #!/usr/bin/perl application/x-perl
0 string #!\ /usr/bin/perl application/x-perl
0 string eval\ "exec\ /usr/bin/perl application/x-perl
0 string #!/usr/local/bin/perl application/x-perl
0 string #!\ /usr/local/bin/perl application/x-perl
0 string eval\ "exec\ /usr/local/bin/perl application/x-perl
#------------------------------------------------------------------------------
# compress: file(1) magic for pure-compression formats (no archives)
#
# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc.
#
# Formats for various forms of compressed data
# Formats for "compress" proper have been moved into "compress.c",
# because it tries to uncompress it to figure out what's inside.
# standard unix compress
#0 string \037\235 application/x-compress
# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
#0 string \037\213 application/x-gzip
0 string PK\003\004 application/x-zip
# RAR archiver (Greg Roelofs, newt@uchicago.edu)
0 string Rar! application/x-rar
# According to gzip.h, this is the correct byte order for packed data.
0 string \037\036 application/octet-stream
#
# This magic number is byte-order-independent.
#
0 short 017437 application/octet-stream
# XXX - why *two* entries for "compacted data", one of which is
# byte-order independent, and one of which is byte-order dependent?
#
# compacted data
0 short 0x1fff application/octet-stream
0 string \377\037 application/octet-stream
# huf output
0 short 0145405 application/octet-stream
# Squeeze and Crunch...
# These numbers were gleaned from the Unix versions of the programs to
# handle these formats. Note that I can only uncrunch, not crunch, and
# I didn't have a crunched file handy, so the crunch number is untested.
# Keith Waclena <keith@cerberus.uchicago.edu>
#0 leshort 0x76FF squeezed data (CP/M, DOS)
#0 leshort 0x76FE crunched data (CP/M, DOS)
# Freeze
#0 string \037\237 Frozen file 2.1
#0 string \037\236 Frozen file 1.0 (or gzip 0.5)
# lzh?
#0 string \037\240 LZH compressed data
257 string ustar\0 application/x-tar posix
257 string ustar\040\040\0 application/x-tar gnu
0 short 070707 application/x-cpio
0 short 0143561 application/x-cpio swapped
0 string =<ar> application/x-archive
0 string \!<arch> application/x-archive
>8 string debian application/x-debian-package
#------------------------------------------------------------------------------
#
# RPM: file(1) magic for Red Hat Packages Erik Troan (ewt@redhat.com)
#
0 beshort 0xedab
>2 beshort 0xeedb application/x-rpm
0 lelong&0x8080ffff 0x0000081a application/x-arc lzw
0 lelong&0x8080ffff 0x0000091a application/x-arc squashed
0 lelong&0x8080ffff 0x0000021a application/x-arc uncompressed
0 lelong&0x8080ffff 0x0000031a application/x-arc packed
0 lelong&0x8080ffff 0x0000041a application/x-arc squeezed
0 lelong&0x8080ffff 0x0000061a application/x-arc crunched
0 leshort 0xea60 application/x-arj
# LHARC/LHA archiver (Greg Roelofs, newt@uchicago.edu)
2 string -lh0- application/x-lharc lh0
2 string -lh1- application/x-lharc lh1
2 string -lz4- application/x-lharc lz4
2 string -lz5- application/x-lharc lz5
# [never seen any but the last; -lh4- reported in comp.compression:]
2 string -lzs- application/x-lha lzs
2 string -lh\ - application/x-lha lh
2 string -lhd- application/x-lha lhd
2 string -lh2- application/x-lha lh2
2 string -lh3- application/x-lha lh3
2 string -lh4- application/x-lha lh4
2 string -lh5- application/x-lha lh5
2 string -lh6- application/x-lha lh6
2 string -lh7- application/x-lha lh7
# Shell archives
10 string #\ This\ is\ a\ shell\ archive application/octet-stream x-shell
#------------------------------------------------------------------------------
# frame: file(1) magic for FrameMaker files
#
# This stuff came on a FrameMaker demo tape, most of which is
# copyright, but this file is "published" as witness the following:
#
0 string \<MakerFile application/x-frame
0 string \<MIFFile application/x-frame
0 string \<MakerDictionary application/x-frame
0 string \<MakerScreenFon application/x-frame
0 string \<MML application/x-frame
0 string \<Book application/x-frame
0 string \<Maker application/x-frame
#------------------------------------------------------------------------------
# html: file(1) magic for HTML (HyperText Markup Language) docs
#
# from Daniel Quinlan <quinlan@yggdrasil.com>
#
0 string/cB \<!DOCTYPE\ html text/html
0 string/cb \<head text/html
0 string/cb \<title text/html
0 string/bc \<html text/html
0 string \<!-- text/html
0 string/c \<h1 text/html
0 string \<?xml text/xml
#------------------------------------------------------------------------------
# images: file(1) magic for image formats (see also "c-lang" for XPM bitmaps)
#
# originally from jef@helios.ee.lbl.gov (Jef Poskanzer),
# additions by janl@ifi.uio.no as well as others. Jan also suggested
# merging several one- and two-line files into here.
#
# XXX - byte order for GIF and TIFF fields?
# [GRR: TIFF allows both byte orders; GIF is probably little-endian]
#
# [GRR: what the hell is this doing in here?]
#0 string xbtoa btoa'd file
# PBMPLUS
# PBM file
0 string P1 image/x-portable-bitmap 7bit
# PGM file
0 string P2 image/x-portable-greymap 7bit
# PPM file
0 string P3 image/x-portable-pixmap 7bit
# PBM "rawbits" file
0 string P4 image/x-portable-bitmap
# PGM "rawbits" file
0 string P5 image/x-portable-greymap
# PPM "rawbits" file
0 string P6 image/x-portable-pixmap
# NIFF (Navy Interchange File Format, a modification of TIFF)
# [GRR: this *must* go before TIFF]
0 string IIN1 image/x-niff
# TIFF and friends
# TIFF file, big-endian
0 string MM image/tiff
# TIFF file, little-endian
0 string II image/tiff
# possible GIF replacements; none yet released!
# (Greg Roelofs, newt@uchicago.edu)
#
# GRR 950115: this was mine ("Zip GIF"):
# ZIF image (GIF+deflate alpha)
0 string GIF94z image/unknown
#
# GRR 950115: this is Jeremy Wohl's Free Graphics Format (better):
# FGF image (GIF+deflate beta)
0 string FGF95a image/unknown
#
# GRR 950115: this is Thomas Boutell's Portable Bitmap Format proposal
# (best; not yet implemented):
# PBF image (deflate compression)
0 string PBF image/unknown
# GIF
0 string GIF image/gif
# JPEG images
0 beshort 0xffd8 image/jpeg
# PC bitmaps (OS/2, Windoze BMP files) (Greg Roelofs, newt@uchicago.edu)
0 string BM image/x-ms-bmp
#>14 byte 12 (OS/2 1.x format)
#>14 byte 64 (OS/2 2.x format)
#>14 byte 40 (Windows 3.x format)
#0 string IC icon
#0 string PI pointer
#0 string CI color icon
#0 string CP color pointer
#0 string BA bitmap array
# CDROM Filesystems
32769 string CD001 application/x-iso9660
# Newer StuffIt archives (grant@netbsd.org)
0 string StuffIt application/x-stuffit
#>162 string >0 : %s
# BinHex is the Macintosh ASCII-encoded file format (see also "apple")
# Daniel Quinlan, quinlan@yggdrasil.com
11 string must\ be\ converted\ with\ BinHex\ 4 application/mac-binhex40
##>41 string x \b, version %.3s
#------------------------------------------------------------------------------
# lisp: file(1) magic for lisp programs
#
# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
0 string ;; text/plain 8bit
# Emacs 18 - this is always correct, but not very magical.
0 string \012( application/x-elc
# Emacs 19
0 string ;ELC\023\000\000\000 application/x-elc
#------------------------------------------------------------------------------
# mail.news: file(1) magic for mail and news
#
# There are tests to ascmagic.c to cope with mail and news.
0 string Relay-Version: message/rfc822 7bit
0 string #!\ rnews message/rfc822 7bit
0 string N#!\ rnews message/rfc822 7bit
0 string Forward\ to message/rfc822 7bit
0 string Pipe\ to message/rfc822 7bit
0 string Return-Path: message/rfc822 7bit
0 string Received: message/rfc822
0 string Path: message/news 8bit
0 string Xref: message/news 8bit
0 string From: message/rfc822 7bit
0 string Article message/news 8bit
#------------------------------------------------------------------------------
# msword: file(1) magic for MS Word files
#
# Contributor claims:
# Reversed-engineered MS Word magic numbers
#
0 string \376\067\0\043 application/msword
0 string \320\317\021\340\241\261 application/msword
0 string \333\245-\0\0\0 application/msword
#------------------------------------------------------------------------------
# printer: file(1) magic for printer-formatted files
#
# PostScript
0 string %! application/postscript
0 string \004%! application/postscript
# Acrobat
# (due to clamen@cs.cmu.edu)
0 string %PDF- application/pdf
#------------------------------------------------------------------------------
# sc: file(1) magic for "sc" spreadsheet
#
38 string Spreadsheet application/x-sc
#------------------------------------------------------------------------------
# tex: file(1) magic for TeX files
#
# XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
#
# From <conklin@talisman.kaleida.com>
# Although we may know the offset of certain text fields in TeX DVI
# and font files, we can't use them reliably because they are not
# zero terminated. [but we do anyway, christos]
0 string \367\002 application/x-dvi
#0 string \367\203 TeX generic font data
#0 string \367\131 TeX packed font data
#0 string \367\312 TeX virtual font data
#0 string This\ is\ TeX, TeX transcript text
#0 string This\ is\ METAFONT, METAFONT transcript text
# There is no way to detect TeX Font Metric (*.tfm) files without
# breaking them apart and reading the data. The following patterns
# match most *.tfm files generated by METAFONT or afm2tfm.
2 string \000\021 application/x-tex-tfm
2 string \000\022 application/x-tex-tfm
#>34 string >\0 (%s)
# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
0 string \\input\ texinfo text/x-texinfo
0 string This\ is\ Info\ file text/x-info
# correct TeX magic for Linux (and maybe more)
# from Peter Tobias (tobias@server.et-inf.fho-emden.de)
#
0 leshort 0x02f7 application/x-dvi
# RTF - Rich Text Format
0 string {\\rtf text/rtf
#------------------------------------------------------------------------------
# animation: file(1) magic for animation/movie formats
#
# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8)
# MPEG file
# MPEG sequences
0 belong 0x000001BA
>4 byte &0x40 video/mp2p
>4 byte ^0x40 video/mpeg
0 belong 0x000001BB video/mpeg
0 belong 0x000001B0 video/mp4v-es
0 belong 0x000001B5 video/mp4v-es
0 belong 0x000001B3 video/mpv
0 belong&0xFF5FFF1F 0x47400010 video/mp2t
0 belong 0x00000001
>4 byte&0x1F 0x07 video/h264
# FLI animation format
0 leshort 0xAF11 video/fli
# FLC animation format
0 leshort 0xAF12 video/flc
#
# SGI and Apple formats
# Added ISO mimes
0 string MOVI video/sgi
4 string moov video/quicktime
4 string mdat video/quicktime
4 string wide video/quicktime
4 string skip video/quicktime
4 string free video/quicktime
4 string idsc image/x-quicktime
4 string idat image/x-quicktime
4 string pckg application/x-quicktime
4 string/B jP image/jp2
4 string ftyp
>8 string isom video/mp4
>8 string mp41 video/mp4
>8 string mp42 video/mp4
>8 string/B jp2 image/jp2
>8 string 3gp video/3gpp
>8 string avc1 video/3gpp
>8 string mmp4 video/mp4
>8 string/B M4A audio/mp4
>8 string/B qt video/quicktime
# The contributor claims:
# I couldn't find a real magic number for these, however, this
# -appears- to work. Note that it might catch other files, too,
# so BE CAREFUL!
#
# Note that title and author appear in the two 20-byte chunks
# at decimal offsets 2 and 22, respectively, but they are XOR'ed with
# 255 (hex FF)! DL format SUCKS BIG ROCKS.
#
# DL file version 1 , medium format (160x100, 4 images/screen)
0 byte 1 video/unknown
0 byte 2 video/unknown
#
# Databases
#
# GDBM magic numbers
# Will be maintained as part of the GDBM distribution in the future.
# <downsj@teeny.org>
0 belong 0x13579ace application/x-gdbm
0 lelong 0x13579ace application/x-gdbm
0 string GDBM application/x-gdbm
#
0 belong 0x061561 application/x-dbm
#
# Executables
#
0 string \177ELF
>16 leshort 0 application/octet-stream
>16 leshort 1 application/x-object
>16 leshort 2 application/x-executable
>16 leshort 3 application/x-sharedlib
>16 leshort 4 application/x-coredump
>16 beshort 0 application/octet-stream
>16 beshort 1 application/x-object
>16 beshort 2 application/x-executable
>16 beshort 3 application/x-sharedlib
>16 beshort 4 application/x-coredump
#
# DOS
0 string MZ application/x-dosexec
#
# KDE
0 string [KDE\ Desktop\ Entry] application/x-kdelnk
0 string \#\ KDE\ Config\ File application/x-kdelnk
# xmcd database file for kscd
0 string \#\ xmcd text/xmcd
#------------------------------------------------------------------------------
# pkgadd: file(1) magic for SysV R4 PKG Datastreams
#
0 string #\ PaCkAgE\ DaTaStReAm application/x-svr4-package
#PNG Image Format
0 string \x89PNG image/png
# MNG Video Format, <URL:http://www.libpng.org/pub/mng/spec/>
0 string \x8aMNG video/x-mng
0 string \x8aJNG video/x-jng
#------------------------------------------------------------------------------
# Hierarchical Data Format, used to facilitate scientific data exchange
# specifications at http://hdf.ncsa.uiuc.edu/
#Hierarchical Data Format (version 4) data
0 belong 0x0e031301 application/x-hdf
#Hierarchical Data Format (version 5) data
0 string \211HDF\r\n\032 application/x-hdf
# Adobe Photoshop
0 string 8BPS image/x-photoshop
# Felix von Leitner <felix-file@fefe.de>
0 string d8:announce application/x-bittorrent
# lotus 1-2-3 document
0 belong 0x00001a00 application/x-123
0 belong 0x00000200 application/x-123
# MS Access database
4 string Standard\ Jet\ DB application/msaccess
## magic for XBase files
#0 byte 0x02
#>8 leshort >0
#>>12 leshort 0 application/x-dbf
#
#0 byte 0x03
#>8 leshort >0
#>>12 leshort 0 application/x-dbf
#
#0 byte 0x04
#>8 leshort >0
#>>12 leshort 0 application/x-dbf
#
#0 byte 0x05
#>8 leshort >0
#>>12 leshort 0 application/x-dbf
#
#0 byte 0x30
#>8 leshort >0
#>>12 leshort 0 application/x-dbf
#
#0 byte 0x43
#>8 leshort >0
#>>12 leshort 0 application/x-dbf
#
#0 byte 0x7b
#>8 leshort >0
#>>12 leshort 0 application/x-dbf
#
#0 byte 0x83
#>8 leshort >0
#>>12 leshort 0 application/x-dbf
#
#0 byte 0x8b
#>8 leshort >0
#>>12 leshort 0 application/x-dbf
#
#0 byte 0x8e
#>8 leshort >0
#>>12 leshort 0 application/x-dbf
#
#0 byte 0xb3
#>8 leshort >0
#>>12 leshort 0 application/x-dbf
#
#0 byte 0xf5
#>8 leshort >0
#>>12 leshort 0 application/x-dbf
#
#0 leshort 0x0006 application/x-dbt
# Debian has entries for the old PGP formats:
# pgp: file(1) magic for Pretty Good Privacy
# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
#text/PGP key public ring
0 beshort 0x9900 application/pgp
#text/PGP key security ring
0 beshort 0x9501 application/pgp
#text/PGP key security ring
0 beshort 0x9500 application/pgp
#text/PGP encrypted data
0 beshort 0xa600 application/pgp-encrypted
#text/PGP armored data
##public key block
2 string ---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK- application/pgp-keys
0 string -----BEGIN\040PGP\40MESSAGE- application/pgp
0 string -----BEGIN\040PGP\40SIGNATURE- application/pgp-signature
#
# GnuPG Magic:
#
#
#text/GnuPG key public ring
0 beshort 0x9901 application/pgp
#text/OpenPGP data
0 beshort 0x8501 application/pgp-encrypted
# flash: file(1) magic for Macromedia Flash file format
#
# See
#
# http://www.macromedia.com/software/flash/open/
#
0 string FWS
>3 byte x application/x-shockwave-flash
# The following paramaters are created for Namazu.
# <http://www.namazu.org/>
#
# 1999/08/13
#0 string \<!--\ MHonArc text/html; x-type=mhonarc
0 string BZh application/x-bzip2
# 1999/09/09
# VRML (suggested by Masao Takaku)
0 string #VRML\ V1.0\ ascii model/vrml
0 string #VRML\ V2.0\ utf8 model/vrml
#------------------------------------------------------------------------------
# ichitaro456: file(1) magic for Just System Word Processor Ichitaro
#
# Contributor kenzo-:
# Reversed-engineered JS Ichitaro magic numbers
#
0 string DOC
>43 byte 0x14 application/ichitaro4
>144 string JDASH application/ichitaro4
0 string DOC
>43 byte 0x15 application/ichitaro5
0 string DOC
>43 byte 0x16 application/ichitaro6
#------------------------------------------------------------------------------
# office97: file(1) magic for MicroSoft Office files
#
# Contributor kenzo-:
# Reversed-engineered MS Office magic numbers
#
#0 string \320\317\021\340\241\261\032\341
#>48 byte 0x1B application/excel
2080 string Microsoft\ Excel\ 5.0\ Worksheet application/excel
2114 string Biff5 application/excel
0 string \224\246\056 application/msword
0 belong 0x31be0000 application/msword
0 string PO^Q` application/msword
0 string \320\317\021\340\241\261\032\341
>546 string bjbj application/msword
>546 string jbjb application/msword
512 string R\0o\0o\0t\0\ \0E\0n\0t\0r\0y application/msword
2080 string Microsoft\ Word\ 6.0\ Document application/msword
2080 string Documento\ Microsoft\ Word\ 6 application/msword
2112 string MSWordDoc application/msword
#0 string \320\317\021\340\241\261\032\341 application/powerpoint
0 string \320\317\021\340\241\261\032\341 application/msword
0 string #\ PaCkAgE\ DaTaStReAm application/x-svr4-package
# WinNT/WinCE PE files (Warner Losh, imp@village.org)
#
128 string PE\000\000 application/octet-stream
0 string PE\000\000 application/octet-stream
# miscellaneous formats
0 string LZ application/octet-stream
# .EXE formats (Greg Roelofs, newt@uchicago.edu)
#
0 string MZ
>24 string @ application/octet-stream
0 string MZ
>30 string Copyright\ 1989-1990\ PKWARE\ Inc. application/x-zip
0 string MZ
>30 string PKLITE\ Copr. application/x-zip
0 string MZ
>36 string LHa's\ SFX application/x-lha
0 string MZ application/octet-stream
# LHA archiver
2 string -lh
>6 string - application/x-lha
# Zoo archiver
20 lelong 0xfdc4a7dc application/x-zoo
# ARC archiver
0 lelong&0x8080ffff 0x0000081a application/x-arc
0 lelong&0x8080ffff 0x0000091a application/x-arc
0 lelong&0x8080ffff 0x0000021a application/x-arc
0 lelong&0x8080ffff 0x0000031a application/x-arc
0 lelong&0x8080ffff 0x0000041a application/x-arc
0 lelong&0x8080ffff 0x0000061a application/x-arc
# Microsoft Outlook's Transport Neutral Encapsulation Format (TNEF)
0 lelong 0x223e9f78 application/ms-tnef
# From: stephane.loeuillet@tiscali.f
# http://www.djvuzone.org/
0 string AT&TFORM image/x.djvu
# Danny Milosavljevic <danny.milo@gmx.net>
# this are adrift (adventure game standard) game files, extension .taf
# depending on version magic continues with 0x93453E6139FA (V 4.0)
# 0x9445376139FA (V 3.90)
# 0x9445366139FA (V 3.80)
# this is from source (http://www.adrift.org.uk/) and I have some taf
# files, and checked them.
#0 belong 0x3C423FC9
#>4 belong 0x6A87C2CF application/x-adrift
#0 string \000\000\001\000 image/x-ico
# Quark Xpress 3 Files:
# (made the mimetype up)
0 string \0\0MMXPR3\0 application/x-quark-xpress-3
# EET archive
# From: Tilman Sauerbeck <tilman@code-monkey.de>
0 belong 0x1ee7ff00 application/x-eet
# From: Denis Knauf, via gentoo.
0 string fLaC audio/x-flac
0 string CWS application/x-shockwave-flash
# Gnumeric spreadsheet
# This entry is only semi-helpful, as Gnumeric compresses its files, so
# they will ordinarily reported as "compressed", but at least -z helps
39 string =<gmr:Workbook application/x-gnumeric

2
debian/config-dir/mods-available/access_compat.load vendored Normal file
View file

@ -0,0 +1,2 @@
# Depends: authn_core
LoadModule access_compat_module /usr/lib/apache2/modules/mod_access_compat.so

9
debian/config-dir/mods-available/actions.conf vendored Normal file
View file

@ -0,0 +1,9 @@
# a2enmod-note: needs-configuration
#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#

1
debian/config-dir/mods-available/actions.load vendored Normal file
View file

@ -0,0 +1 @@
LoadModule actions_module /usr/lib/apache2/modules/mod_actions.so

19
debian/config-dir/mods-available/alias.conf vendored Normal file
View file

@ -0,0 +1,19 @@
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/". If the fakename is slash-terminated, then the
# realname must also be slash terminated, and if the fakename omits the
# trailing slash, the realname must also omit it.
#
# We include the /icons/ alias for FancyIndexed directory listings. If
# you do not use FancyIndexing, you may comment this out.
Alias /icons/ "/usr/share/apache2/icons/"
<Directory "/usr/share/apache2/icons">
Options FollowSymlinks
AllowOverride None
Require all granted
</Directory>

1
debian/config-dir/mods-available/alias.load vendored Normal file
View file

@ -0,0 +1 @@
LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so

1
debian/config-dir/mods-available/allowmethods.load vendored Normal file
View file

@ -0,0 +1 @@
LoadModule allowmethods_module /usr/lib/apache2/modules/mod_allowmethods.so

2
debian/config-dir/mods-available/asis.load vendored Normal file
View file

@ -0,0 +1,2 @@
# Depends: mime
LoadModule asis_module /usr/lib/apache2/modules/mod_asis.so

2
debian/config-dir/mods-available/auth_basic.load vendored Normal file
View file

@ -0,0 +1,2 @@
# Depends: authn_core
LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so

2
debian/config-dir/mods-available/auth_digest.load vendored Normal file
View file

@ -0,0 +1,2 @@
# Depends: authn_core
LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so

2
debian/config-dir/mods-available/auth_form.load vendored Normal file
View file

@ -0,0 +1,2 @@
# Depends: session authn_core
LoadModule auth_form_module /usr/lib/apache2/modules/mod_auth_form.so

1
debian/config-dir/mods-available/authn_anon.load vendored Normal file
View file

@ -0,0 +1 @@
LoadModule authn_anon_module /usr/lib/apache2/modules/mod_authn_anon.so

1
debian/config-dir/mods-available/authn_core.load vendored Normal file
View file

@ -0,0 +1 @@
LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so

2
debian/config-dir/mods-available/authn_dbd.load vendored Normal file
View file

@ -0,0 +1,2 @@
# Depends: dbd
LoadModule authn_dbd_module /usr/lib/apache2/modules/mod_authn_dbd.so

1
debian/config-dir/mods-available/authn_dbm.load vendored Normal file
View file

@ -0,0 +1 @@
LoadModule authn_dbm_module /usr/lib/apache2/modules/mod_authn_dbm.so

1
debian/config-dir/mods-available/authn_file.load vendored Normal file
View file

@ -0,0 +1 @@
LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so

1
debian/config-dir/mods-available/authn_socache.load vendored Normal file
View file

@ -0,0 +1 @@
LoadModule authn_socache_module /usr/lib/apache2/modules/mod_authn_socache.so

1
debian/config-dir/mods-available/authnz_fcgi.load vendored Normal file
View file

@ -0,0 +1 @@
LoadModule authnz_fcgi_module /usr/lib/apache2/modules/mod_authnz_fcgi.so

2
debian/config-dir/mods-available/authnz_ldap.load vendored Normal file
View file

@ -0,0 +1,2 @@
# Depends: ldap
LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so

Some files were not shown because too many files have changed in this diff Show more