>From another test I found an unexpected side-effect and have modified
mkinstallp.ksh so that all directories retain r-x permissions.
To keep it simple the complete patch of the directory build/aix for
"existing" files.
On Fri, Dec 6, 2013 at 12:15 PM, Michael Felt <[email protected]> wrote:
> I realize I should have used a different "diff" format - namely from the
> httpd-2.2.x rather than with the standard release I had made and tested...
>
> michael@x054:[/data/prj/apache/httpd/httpd-2.2.x]jsvn status
> ? httpd-2.2.x.patch
> M config.layout
> ? build/aix/httpd.rte.config
> ? build/aix/include
> ? build/aix/rc2.d
> M build/aix/buildaix.ksh
> M build/aix/mkinstallp.ksh
> michael@x054:[/data/prj/apache/httpd/httpd-2.2.x]r
> ./build/aix/httpd.rte.config ./build/aix/include ./build/aix/rc2.d <
> ./build/aix/httpd.rte.config
> ./build/aix/include/
> ./build/aix/include/zlib.h
> ./build/aix/include/zconf.h
> ./build/aix/rc2.d/
> ./build/aix/rc2.d/Khttpd
> ./build/aix/rc2.d/Shttpd
>
> So in the interest of "ease of applying" please use the two files here,
> and discard the previous file.
> The tar file contains the three ? references for build/aix/*
>
> regards,
> Michael
>
>
> On Thu, Dec 5, 2013 at 11:45 PM, Michael Felt <[email protected]> wrote:
>
>> Why should it be daemon/daemon? Better than root/system - imho. Or
>> nobody/nobody. Those are default accounts, default accounts should never
>> really own anything.
>>
>> By choosing an owner I can prepare a separate fileset to setup RBAC, get
>> the files into the trusted database (tsd).
>>
>> There are advantages - but is Apache feels it is more secure to have them
>> owned by root/system and daemon/daemon running everything - I wont argue.
>> simple enough to undo.
>>
>> Bu actually, I thought I read years ago that ASF did not really have a
>> position on who "owned" the files. If I am wrong on that, my apologies.
>> Ignore patch and I'll send a new one with the ownership removed.
>>
>> regards,
>> Michael
>>
>>
>> On Thu, Dec 5, 2013 at 7:04 PM, Eric Covener <[email protected]> wrote:
>>
>>> The User/Group shouldn't own any of the files. Is there a particular
>>> failure this works around?
>>>
>>> On Thu, Dec 5, 2013 at 12:44 PM, Michael Felt <[email protected]> wrote:
>>> > Now includes:
>>> > the LICENSE in the packaging
>>> > also adds a dependency for the libc in use by the building system (to
>>> > prevent issues when trying to load a package on AIX 5.3 when it was
>>> packaged
>>> > on AIX 6.1 (or higher)
>>> > uses httpd/httpd as User/Group - and changed in httpd.conf before
>>> packaging
>>> > sets file owner/group to httpd:httpd at install (creates user/group in
>>> local
>>> > files
>>> > (i.e. not in LDAP) if needed.
>>> > rpm for libz is no longer needed
>>> >
>>> > "apr" and "apr-util" are external packages, rather than built in src -
>>> same
>>> > as httpd comes from svn.
>>> >
>>> > Happy "Sinterklas",
>>> >
>>> > Michael
>>> >
>>> > p.s. will redo the same for httpd-2.4.x asap
>>>
>>>
>>>
>>> --
>>> Eric Covener
>>> [email protected]
>>>
>>
>>
>
Index: build/aix/buildaix.ksh
===================================================================
--- build/aix/buildaix.ksh (revision 1548486)
+++ build/aix/buildaix.ksh (working copy)
@@ -22,16 +22,27 @@
cmd=$0
export CFLAGS='-O2'
+err=0
+zflag=""
lslpp -L bos.adt.insttools >/dev/null
[[ $? -ne 0 ]] && echo "must have bos.adt.insttools installed" && exit -1
+[[ ! -e /usr/include/zlib.h && ! -e /opt/freeware/include/zlib.h && ! -e /opt/include/zlib.h ]] && \
+ [[ -e /opt/freeware/lib/libz.a ]] && \
+ CFLAGS=${CFLAGS}\ -I./build/aix/include && \
+ zflag=--with-z=`pwd`/build/aix && \
+ export LDFLAGS=${LDFLAGS}\ -L/opt/freeware/lib
+
+
+oPATH=$PATH
+export PATH=${PATH}:/opt/apr/bin
apr_config=`which apr-1-config`
apu_config=`which apu-1-config`
+export PATH=${oPATH}
-if [[ -z ${apr_config} && -z ${apu_config} ]]
+if [[ -z ${apr_config} || -z ${apu_config} ]]
then
- export PATH=/opt/bin:${PATH}
apr_config=`which apr-1-config`
apu_config=`which apu-1-config`
fi
@@ -81,14 +92,14 @@
if [[ ! -e ./Makefile ]] # if Makefile exists go faster
then
- echo "+ ./configure \n\
+ echo "+ ./configure CFLAGS="${CFLAGS}" ${zflag} \n\
--enable-layout=$LAYOUT \n\
--with-apr=$apr_config \n\
--with-apr-util=$apu_config \n\
--with-mpm=worker \n\
--enable-ssl \n\
--enable-mods-shared=all > build/aix/configure.out"
- ./configure \
+ ./configure CFLAGS="${CFLAGS}" ${zflag} \
--enable-layout=$LAYOUT \
--with-apr=$apr_config \
--with-apr-util=$apu_config \
@@ -108,10 +119,28 @@
make > build/aix/make.out
[[ $? -ne 0 ]] && echo 'make' returned an error && exit -1
+# modify User/Group
+/usr/bin/ed <<EOF
+e ./docs/conf/httpd.conf
+/^User/s/daemon/httpd/p
+/^Group/s/daemon/httpd/p
+w
+q
+EOF
+
echo "+ make install DESTDIR=$TEMPDIR > build/aix/install.out"
make install DESTDIR=$TEMPDIR > build/aix/install.out
[[ $? -ne 0 ]] && echo 'make install' returned an error && exit -1
+# copy auto start/stop in rc2.d
+echo mkdir -p $TEMPDIR/etc/rc.d/rc2.d
+mkdir -p $TEMPDIR/etc/rc.d/rc2.d
+(cd build/aix; find ./rc2.d | backup -if -) | (cd $TEMPDIR/etc/rc.d; restore -xqf -)
+mkdir -p ${TEMPDIR}/usr/sbin
+cd ${TEMPDIR}/usr/sbin
+ln -s ../../opt/httpd/sbin/apachectl apachectl
+cd -
+
echo "+ build/aix/mkinstallp.ksh $TEMPDIR > build/aix/mkinstallp.out"
build/aix/mkinstallp.ksh $TEMPDIR > build/aix/mkinstallp.out
[[ $? -ne 0 ]] && echo mkinstallp.ksh returned an error && exit -1
@@ -120,5 +149,5 @@
# list installable fileset(s)
echo ========================
-installp -d build/aix -L
+installp -d installp/ppc -L
echo ========================
Index: build/aix/mkinstallp.ksh
===================================================================
--- build/aix/mkinstallp.ksh (revision 1548486)
+++ build/aix/mkinstallp.ksh (working copy)
@@ -50,13 +50,16 @@
name=$NAME
vrmf=$VERSION
release=$RELEASE
-descr="$NAME version ${VERSION} for $ARCH ${VENDOR}"
+ts=`date -u +"%Y-%m-%d %H%M.%S"`
+descr="${ts} ${NAME}"
# copy LICENSE information
# TODO: setup template so that license acceptance is required
# TODO: add Copyright Information for display during install
-mkdir -p ${TEMPDIR}/usr/swlag/en_US
-cp ${BASE}/LICENSE ${TEMPDIR}/usr/swlag/en_US/${PKG}.${NAME}.la
+LARDIR=${TEMPDIR}/usr/swlag/${NAME}/${VERSION}/en_US
+LAR=/usr/swlag/${NAME}/${VERSION}/en_US/${NAME}.la
+mkdir -p ${LARDIR}/usr/swlag/${NAME}/${VERSION}/en_US
+/usr/bin/cp ${BASE}/LICENSE ${LARDIR}/${NAME}.la
cd ${TEMPDIR}
# remove files we do not want as "part" possibly
@@ -84,11 +87,29 @@
fi
done
+# set package permissions - no/minimal other access
files=./${NAME}.${VERSION}
cd ${TEMPDIR}/..
+
+chmod -R g+r,o-w ${files}
find ${files} -type d -exec chmod og+rx {} \;
-chmod -R go+r ${files}
-chown -R 0.0 ${files}
+
+# add r access for /usr/share /usr/*bin /usr/swlag and /opt/httpd/"others"
+chmod -R o+r ${files}/usr
+
+chmod -R o+r ${files}/opt/httpd/manual ${files}/opt/httpd/include ${files}/opt/httpd/icons
+
+# set user/owner to httpd:httpd (for tcb inventory, e.g.)
+lsgroup httpd >/dev/null
+[[ $? -ne 0 ]] && mkgroup -R files -a httpd
+lsuser httpd >/dev/null
+[[ $? -ne 0 ]] && mkuser -R files -a pgrp=httpd shell=/bin/false httpd
+chown -R httpd.httpd ${files}/var ${files}/opt ${files}/usr/share
+
+LIBCVRML=`lslpp -Lqc bos.rte.libc | awk -F: ' { print $3 } ' | awk -F. ' { print $1 "." $2 ".0.0" } '`
+CONFIG_PATH=${BASE}/build/aix/httpd.rte.config
+
+# Name of license agreement: LAR./ASF.httpd/2.2.26/en_US/httpd.la
cat - <<EOF >>$template
Package Name: ${PKG}.${NAME}
@@ -99,12 +120,14 @@
Fileset VRMF: ${VERSION}.${RELEASE}
Fileset Description: ${descr}
USRLIBLPPFiles
+ Configuration Script: ${CONFIG_PATH}
EOUSRLIBLPPFiles
Bosboot required: N
- License agreement acceptance required: N
- Name of license agreement:
- Include license files in this package: N
- Requisites:
+ License agreement acceptance required: Y
+ Name of license agreement: LAR${LAR}
+ Include license files in this package: Y
+ License file path: LAF${LAR}
+ Requisites: *prereq bos.rte.libc ${LIBCVRML};
EOF
[[ $szetc -ne 0 ]] && echo " Upsize: ${nmetc} $szetc;" >> $template
@@ -114,7 +137,7 @@
# USR part -- i.e. files in /usr and /opt
cd ${TEMPDIR}/..
-find ${files}/usr/swlag ${files}/opt \
+find ${files}/usr/*bin ${files}/usr/swlag ${files}/opt \
| sed -e s#^${files}## | sed -e "/^$/d" >>$template
echo " EOUSRFiles" >> $template
@@ -153,7 +176,7 @@
# manual pages, space required calculation
set `du -s usr/share/man`
szman=$1
- descr="$NAME ${VERSION} man pages ${VENDOR}"
+ descr="${ts} ${NAME} man pages"
cat - <<EOF >>$template
Fileset
Fileset Name: ${PKG}.${NAME}.man.en_US
@@ -192,8 +215,9 @@
# copy package to build/aix
# create TOC
-cp ${TEMPDIR}/tmp/$PKG.$NAME.$VERSION.0.bff ${BASE}/build/aix
-cd ${BASE}/build/aix
+mkdir -p ${BASE}/installp/ppc
+cp ${TEMPDIR}/tmp/$PKG.$NAME.$VERSION.0.bff ${BASE}/installp/ppc
+cd ${BASE}/installp/ppc
rm -f $PKG.$NAME.$VERSION.$ARCH.I
mv $PKG.$NAME.$VERSION.0.bff $PKG.$NAME.$ARCH.$VERSION.I
rm -f .toc
Index: build/aix/README
===================================================================
--- build/aix/README (revision 1548486)
+++ build/aix/README (working copy)
@@ -1,5 +1,9 @@
-The script buildaix.ksh will attempt to build a AIX installp fileset
-out of a source tree for ASF project
+The script buildaix.ksh will package Apache Software Foundation HTTPD
+as an AIX installp (or bff) package in the directory ./installp/ppc
+The script mkinstallp.ksh creates the template for the AIX commands
+/usr/sbin/mkinstallp and /usr/sbin/makebff.pl
+
+FYI: these scripts are also available in a more generic form - see below
REQUIREMENTS:
Fileset Level State Type Description (Uninstaller)
@@ -10,9 +14,16 @@
----------------------------------------------------------------------------
rpm.rte 3.0.5.41 C F RPM Package Manager
-Additional:
+ZLIB aka libz
+This is normally installed during installation via rpm.rte.
+However, there are no include files installed, namely zlib.h and zconf.h
+The build script checks for these files in /usr/include; /opt/freeware/include and /opt/include
+If not found the flag -I ./build/aix/include is included
+
+Optional:
Preferred: download zlib sources and copy zlib.h and zconf.h to /opt/include
and, if configure cannot find them directly, add symbolic links from /usr/include to /opt/include
+Or, install aixtools.zlib.rte (from http://dl.aixtools.rte/tools)
To build a package, make sure you are in the root of the source tree,
and run:
@@ -20,15 +31,24 @@
build/aix/buildaix.ksh
An AIX fileset named $PKG.$NAME.$ARCH.$VERSION.I will be
-created in the build/aix directory. the .template file created is also there.
+created in the installp/ppc directory.
+The .template file created is stored in build/aix
-KNOWN issues:
+KNOWN issues with packaging on AIX
on AIX libtool is known to have issues with the install command.
Some of these issues have been resolved by extracting the apr/apu utilities
from the projects (i.e. NOT using the embedded version)
In case of problems I recommend that you install the GNU 'install' program (part of coreutils)
-If make DESTDIR=$TEMPDIR install command continues to fail, try 'make install' and then run
-the buildaix.ksh command again
+If you have problems with mkinstallp (/usr/sbin/mkinstallp) I have posted a patch for
+symbolic link testing on sourceforge buildaix project page.
+
+Suggestions
+If make DESTDIR=$TEMPDIR install command continues to fail, try 'make install' normally
+and then run the build/aix/buildaix.ksh command again
+Also: the project buildaix on sourceforge or at http://dl.aixtools.net/tools
+has a generic buildaix installp. The generic version calls the
+application specific buildaix script when it sees one so you can get used to using
+the generic command: buildaix
TODO
Add Copyright display/banner
@@ -36,3 +56,4 @@
Add special instructions for TCB - to ignore /etc/* /var/httpd/htdocs/*
Add _config_i scripts to setup autostart
Add _pre_i scripts to verify pre-requisites, required users/groups, etc.
+Add modify User/Group from daemon/daemon to httpd/httpd
Index: build/aix/aixinfo
===================================================================
--- build/aix/aixinfo (revision 1548486)
+++ build/aix/aixinfo (working copy)
@@ -1,8 +1,6 @@
-
PKG="ASF"
NAME="httpd"
-ARCH="powerpc"
-VERSION="2.2.22"
+ARCH="ppc"
CATEGORY="application"
VENDOR="Apache Software Foundation"
EMAIL="[email protected]"
