You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Michael Felt <ma...@gmail.com> on 2013/12/05 18:44:40 UTC
patches for the build/aix area - httpd-2.2.x
Now includes:
the LICENSE in the packaging
also adds a dependency for the libc in use by the building system (to
prevent issues when trying to load a package on AIX 5.3 when it was
packaged on AIX 6.1 (or higher)
uses httpd/httpd as User/Group - and changed in httpd.conf before packaging
sets file owner/group to httpd:httpd at install (creates user/group in
local files
(i.e. not in LDAP) if needed.
rpm for libz is no longer needed
"apr" and "apr-util" are external packages, rather than built in src - same
as httpd comes from svn.
Happy "Sinterklas",
Michael
p.s. will redo the same for httpd-2.4.x asap
Re: patches for the build/aix area - httpd-2.2.x
Posted by Michael Felt <ma...@gmail.com>.
>From another test I found an unexpected side-effect and have modified
mkinstallp.ksh so that all directories retain r-x permissions.
To keep it simple the complete patch of the directory build/aix for
"existing" files.
On Fri, Dec 6, 2013 at 12:15 PM, Michael Felt <ma...@gmail.com> wrote:
> I realize I should have used a different "diff" format - namely from the
> httpd-2.2.x rather than with the standard release I had made and tested...
>
> michael@x054:[/data/prj/apache/httpd/httpd-2.2.x]jsvn status
> ? httpd-2.2.x.patch
> M config.layout
> ? build/aix/httpd.rte.config
> ? build/aix/include
> ? build/aix/rc2.d
> M build/aix/buildaix.ksh
> M build/aix/mkinstallp.ksh
> michael@x054:[/data/prj/apache/httpd/httpd-2.2.x]r
> ./build/aix/httpd.rte.config ./build/aix/include ./build/aix/rc2.d <
> ./build/aix/httpd.rte.config
> ./build/aix/include/
> ./build/aix/include/zlib.h
> ./build/aix/include/zconf.h
> ./build/aix/rc2.d/
> ./build/aix/rc2.d/Khttpd
> ./build/aix/rc2.d/Shttpd
>
> So in the interest of "ease of applying" please use the two files here,
> and discard the previous file.
> The tar file contains the three ? references for build/aix/*
>
> regards,
> Michael
>
>
> On Thu, Dec 5, 2013 at 11:45 PM, Michael Felt <ma...@gmail.com> wrote:
>
>> Why should it be daemon/daemon? Better than root/system - imho. Or
>> nobody/nobody. Those are default accounts, default accounts should never
>> really own anything.
>>
>> By choosing an owner I can prepare a separate fileset to setup RBAC, get
>> the files into the trusted database (tsd).
>>
>> There are advantages - but is Apache feels it is more secure to have them
>> owned by root/system and daemon/daemon running everything - I wont argue.
>> simple enough to undo.
>>
>> Bu actually, I thought I read years ago that ASF did not really have a
>> position on who "owned" the files. If I am wrong on that, my apologies.
>> Ignore patch and I'll send a new one with the ownership removed.
>>
>> regards,
>> Michael
>>
>>
>> On Thu, Dec 5, 2013 at 7:04 PM, Eric Covener <co...@gmail.com> wrote:
>>
>>> The User/Group shouldn't own any of the files. Is there a particular
>>> failure this works around?
>>>
>>> On Thu, Dec 5, 2013 at 12:44 PM, Michael Felt <ma...@gmail.com> wrote:
>>> > Now includes:
>>> > the LICENSE in the packaging
>>> > also adds a dependency for the libc in use by the building system (to
>>> > prevent issues when trying to load a package on AIX 5.3 when it was
>>> packaged
>>> > on AIX 6.1 (or higher)
>>> > uses httpd/httpd as User/Group - and changed in httpd.conf before
>>> packaging
>>> > sets file owner/group to httpd:httpd at install (creates user/group in
>>> local
>>> > files
>>> > (i.e. not in LDAP) if needed.
>>> > rpm for libz is no longer needed
>>> >
>>> > "apr" and "apr-util" are external packages, rather than built in src -
>>> same
>>> > as httpd comes from svn.
>>> >
>>> > Happy "Sinterklas",
>>> >
>>> > Michael
>>> >
>>> > p.s. will redo the same for httpd-2.4.x asap
>>>
>>>
>>>
>>> --
>>> Eric Covener
>>> covener@gmail.com
>>>
>>
>>
>
Re: patches for the build/aix area - httpd-2.2.x
Posted by Michael Felt <ma...@gmail.com>.
I realize I should have used a different "diff" format - namely from the
httpd-2.2.x rather than with the standard release I had made and tested...
michael@x054:[/data/prj/apache/httpd/httpd-2.2.x]jsvn status
? httpd-2.2.x.patch
M config.layout
? build/aix/httpd.rte.config
? build/aix/include
? build/aix/rc2.d
M build/aix/buildaix.ksh
M build/aix/mkinstallp.ksh
michael@x054:[/data/prj/apache/httpd/httpd-2.2.x]r
./build/aix/httpd.rte.config ./build/aix/include ./build/aix/rc2.d <
./build/aix/httpd.rte.config
./build/aix/include/
./build/aix/include/zlib.h
./build/aix/include/zconf.h
./build/aix/rc2.d/
./build/aix/rc2.d/Khttpd
./build/aix/rc2.d/Shttpd
So in the interest of "ease of applying" please use the two files here, and
discard the previous file.
The tar file contains the three ? references for build/aix/*
regards,
Michael
On Thu, Dec 5, 2013 at 11:45 PM, Michael Felt <ma...@gmail.com> wrote:
> Why should it be daemon/daemon? Better than root/system - imho. Or
> nobody/nobody. Those are default accounts, default accounts should never
> really own anything.
>
> By choosing an owner I can prepare a separate fileset to setup RBAC, get
> the files into the trusted database (tsd).
>
> There are advantages - but is Apache feels it is more secure to have them
> owned by root/system and daemon/daemon running everything - I wont argue.
> simple enough to undo.
>
> Bu actually, I thought I read years ago that ASF did not really have a
> position on who "owned" the files. If I am wrong on that, my apologies.
> Ignore patch and I'll send a new one with the ownership removed.
>
> regards,
> Michael
>
>
> On Thu, Dec 5, 2013 at 7:04 PM, Eric Covener <co...@gmail.com> wrote:
>
>> The User/Group shouldn't own any of the files. Is there a particular
>> failure this works around?
>>
>> On Thu, Dec 5, 2013 at 12:44 PM, Michael Felt <ma...@gmail.com> wrote:
>> > Now includes:
>> > the LICENSE in the packaging
>> > also adds a dependency for the libc in use by the building system (to
>> > prevent issues when trying to load a package on AIX 5.3 when it was
>> packaged
>> > on AIX 6.1 (or higher)
>> > uses httpd/httpd as User/Group - and changed in httpd.conf before
>> packaging
>> > sets file owner/group to httpd:httpd at install (creates user/group in
>> local
>> > files
>> > (i.e. not in LDAP) if needed.
>> > rpm for libz is no longer needed
>> >
>> > "apr" and "apr-util" are external packages, rather than built in src -
>> same
>> > as httpd comes from svn.
>> >
>> > Happy "Sinterklas",
>> >
>> > Michael
>> >
>> > p.s. will redo the same for httpd-2.4.x asap
>>
>>
>>
>> --
>> Eric Covener
>> covener@gmail.com
>>
>
>
Re: patches for the build/aix area - httpd-2.2.x
Posted by Michael Felt <ma...@gmail.com>.
Why should it be daemon/daemon? Better than root/system - imho. Or
nobody/nobody. Those are default accounts, default accounts should never
really own anything.
By choosing an owner I can prepare a separate fileset to setup RBAC, get
the files into the trusted database (tsd).
There are advantages - but is Apache feels it is more secure to have them
owned by root/system and daemon/daemon running everything - I wont argue.
simple enough to undo.
Bu actually, I thought I read years ago that ASF did not really have a
position on who "owned" the files. If I am wrong on that, my apologies.
Ignore patch and I'll send a new one with the ownership removed.
regards,
Michael
On Thu, Dec 5, 2013 at 7:04 PM, Eric Covener <co...@gmail.com> wrote:
> The User/Group shouldn't own any of the files. Is there a particular
> failure this works around?
>
> On Thu, Dec 5, 2013 at 12:44 PM, Michael Felt <ma...@gmail.com> wrote:
> > Now includes:
> > the LICENSE in the packaging
> > also adds a dependency for the libc in use by the building system (to
> > prevent issues when trying to load a package on AIX 5.3 when it was
> packaged
> > on AIX 6.1 (or higher)
> > uses httpd/httpd as User/Group - and changed in httpd.conf before
> packaging
> > sets file owner/group to httpd:httpd at install (creates user/group in
> local
> > files
> > (i.e. not in LDAP) if needed.
> > rpm for libz is no longer needed
> >
> > "apr" and "apr-util" are external packages, rather than built in src -
> same
> > as httpd comes from svn.
> >
> > Happy "Sinterklas",
> >
> > Michael
> >
> > p.s. will redo the same for httpd-2.4.x asap
>
>
>
> --
> Eric Covener
> covener@gmail.com
>
Re: patches for the build/aix area - httpd-2.2.x
Posted by Eric Covener <co...@gmail.com>.
The User/Group shouldn't own any of the files. Is there a particular
failure this works around?
On Thu, Dec 5, 2013 at 12:44 PM, Michael Felt <ma...@gmail.com> wrote:
> Now includes:
> the LICENSE in the packaging
> also adds a dependency for the libc in use by the building system (to
> prevent issues when trying to load a package on AIX 5.3 when it was packaged
> on AIX 6.1 (or higher)
> uses httpd/httpd as User/Group - and changed in httpd.conf before packaging
> sets file owner/group to httpd:httpd at install (creates user/group in local
> files
> (i.e. not in LDAP) if needed.
> rpm for libz is no longer needed
>
> "apr" and "apr-util" are external packages, rather than built in src - same
> as httpd comes from svn.
>
> Happy "Sinterklas",
>
> Michael
>
> p.s. will redo the same for httpd-2.4.x asap
--
Eric Covener
covener@gmail.com