summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Makefile4
-rw-r--r--mod_revocator-32-bit-semaphore-fix.patch12
-rw-r--r--mod_revocator-array-size.patch12
-rw-r--r--mod_revocator-kill.patch245
-rw-r--r--mod_revocator-libpath.patch9
-rw-r--r--mod_revocator-segfault-fix.patch73
-rw-r--r--mod_revocator.spec200
7 files changed, 555 insertions, 0 deletions
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..1e65467
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,4 @@
+SRCDIR := $(shell pwd)
+NAME := $(shell basename $(SRCDIR))
+include ../common/Makefile
+
diff --git a/mod_revocator-32-bit-semaphore-fix.patch b/mod_revocator-32-bit-semaphore-fix.patch
new file mode 100644
index 0000000..62b9fb5
--- /dev/null
+++ b/mod_revocator-32-bit-semaphore-fix.patch
@@ -0,0 +1,12 @@
+diff -rupN mod_revocator-1.0.3.patched/mod_rev.c mod_revocator-1.0.3/mod_rev.c
+--- mod_revocator-1.0.3.patched/mod_rev.c 2011-10-21 16:21:44.862124000 -0700
++++ mod_revocator-1.0.3/mod_rev.c 2011-10-21 16:23:11.028211000 -0700
+@@ -74,7 +74,7 @@ apr_status_t rev_module_kill(void *data)
+
+ static void kill_apache(void) {
+ char buffer[1024];
+- PR_snprintf(buffer, sizeof(buffer), "%lld %s", 0, "kill");
++ PR_snprintf(buffer, sizeof(buffer), "%ld %s", 0, "kill");
+ write(outfd, buffer, strlen(buffer));
+ }
+
diff --git a/mod_revocator-array-size.patch b/mod_revocator-array-size.patch
new file mode 100644
index 0000000..d52c7eb
--- /dev/null
+++ b/mod_revocator-array-size.patch
@@ -0,0 +1,12 @@
+diff -rupN mod_revocator-1.0.3.patched/mod_rev.c mod_revocator-1.0.3/mod_rev.c
+--- mod_revocator-1.0.3.patched/mod_rev.c 2011-10-27 13:51:14.452000000 -0700
++++ mod_revocator-1.0.3/mod_rev.c 2011-10-27 13:58:07.598000000 -0700
+@@ -374,7 +374,7 @@ init_Module(apr_pool_t *p, apr_pool_t *p
+ semctl(sc->semid,0,IPC_SET,&status);
+ }
+ } else if (sc->nInitCount == 2) {
+- const char * child_argv[5];
++ const char * child_argv[6];
+ apr_status_t rv;
+ char sembuf[32];
+ char pidbuf[32];
diff --git a/mod_revocator-kill.patch b/mod_revocator-kill.patch
new file mode 100644
index 0000000..009bdcd
--- /dev/null
+++ b/mod_revocator-kill.patch
@@ -0,0 +1,245 @@
+diff -upN --recursive mod_revocator-1.0.3/crlhelper.cpp mod_revocator-1.0.3-kill/crlhelper.cpp
+--- mod_revocator-1.0.3/crlhelper.cpp 2010-04-13 10:11:12.000000000 -0400
++++ mod_revocator-1.0.3-kill/crlhelper.cpp 2010-11-17 13:53:07.000000000 -0500
+@@ -18,6 +18,7 @@
+ #include <sys/types.h>
+ #include <sys/ipc.h>
+ #include <sys/sem.h>
++#include <signal.h>
+ #include <nss.h>
+ #include <nspr.h>
+ #include <secitem.h>
+@@ -107,6 +108,7 @@ int main(int argc, char ** argv)
+ PRPollDesc pd;
+ PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT;
+ int semid;
++ pid_t parent_pid;
+ union semun semarg;
+ char buf[4096];
+ char url[4096];
+@@ -124,18 +126,19 @@ int main(int argc, char ** argv)
+ while (fd < fdlimit)
+ close(fd++);
+
+- if (argc < 3 || argc > 4) {
+- fprintf(stderr, "Usage: crlhelper <semid> <directory> <prefix>\n");
++ if (argc < 4 || argc > 5) {
++ fprintf(stderr, "Usage: crlhelper <semid> <parentpid> <directory> <prefix>\n");
+ exit(1);
+ }
+
+ semid = strtol(argv[1], NULL, 10);
++ parent_pid = strtol(argv[2], NULL, 10);
+
+ /* Initialize NSPR */
+ PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256);
+
+ /* Initialize NSS and open the certificate database read-only. */
+- rv = NSS_Initialize(argv[2], argc == 4 ? argv[3] : NULL, argc == 4 ? argv[3] : NULL, "secmod.db", NSS_INIT_READONLY);
++ rv = NSS_Initialize(argv[3], argc == 5 ? argv[4] : NULL, argc == 5 ? argv[4] : NULL, "secmod.db", NSS_INIT_READONLY);
+
+ if (rv != SECSuccess) {
+ fprintf(stderr, "Unable to initialize NSS database: %d\n", rv);
+@@ -187,6 +190,10 @@ int main(int argc, char ** argv)
+ continue;
+ }
+ #endif
++ if (!(strcmp(url, "kill"))) {
++ kill(parent_pid, SIGTERM);
++ continue;
++ }
+
+ /*
+ * TODO:
+diff -upN --recursive mod_revocator-1.0.3/crlmanager.cpp mod_revocator-1.0.3-kill/crlmanager.cpp
+--- mod_revocator-1.0.3/crlmanager.cpp 2010-04-13 10:11:11.000000000 -0400
++++ mod_revocator-1.0.3-kill/crlmanager.cpp 2010-11-17 13:53:07.000000000 -0500
+@@ -66,13 +66,19 @@ RevStatus CRLInstance :: DownloadCRL(con
+ sb.sem_op = -1;
+ sb.sem_flg = SEM_UNDO;
+ if (semop(crlm->semid, &sb, 1) == -1) {
+- perror("semop reserve resource");
++ mystatus.setDetailedError(REV_ERROR_SEMAPHORE_ERROR,
++ "Unable to reserve semaphore resource");
++ return mystatus;
++ /* perror("semop reserve resource"); */
+ }
+ void* data = get_crl(crlm->infd, crlm->outfd, inurl, timeout, lastfetchtime, &len, mystatus);
+ /* unlock the pipe */
+ sb.sem_op = 1;
+ if (semop(crlm->semid, &sb, 1) == -1) {
+- perror("semop free resource id");
++ mystatus.setDetailedError(REV_ERROR_SEMAPHORE_ERROR,
++ "Unable to free semaphore resource");
++ return mystatus;
++ /* perror("semop free resource id"); */
+ }
+
+ /* We have a special case. If we have an HTTP request and the server
+diff -upN --recursive mod_revocator-1.0.3/mod_rev.c mod_revocator-1.0.3-kill/mod_rev.c
+--- mod_revocator-1.0.3/mod_rev.c 2010-04-13 10:11:11.000000000 -0400
++++ mod_revocator-1.0.3-kill/mod_rev.c 2010-11-19 18:43:08.000000000 -0500
+@@ -58,6 +58,8 @@ SECStatus ShutdownRevocation(void *data)
+
+ static pid_t parent_pid;
+
++int infd, outfd; /* file descriptors for our semaphore-controlled pipe */
++
+ apr_status_t rev_module_kill(void *data)
+ {
+ server_rec *s = (server_rec *)data;
+@@ -70,6 +72,12 @@ apr_status_t rev_module_kill(void *data)
+ return APR_SUCCESS;
+ }
+
++static void kill_apache(void) {
++ char buffer[1024];
++ PR_snprintf(buffer, sizeof(buffer), "%lld %s", 0, "kill");
++ write(outfd, buffer, strlen(buffer));
++}
++
+ /*
+ * Create the global config
+ */
+@@ -196,6 +204,7 @@ PRBool NESRevocationFailureNotification(
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+ "%s : %s %s",
+ errMsg, url, subject ? subject : "");
++ return PR_TRUE;
+ } else {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
+ "Error updating CRL %s %s : %s",
+@@ -208,8 +217,8 @@ PRBool NESRevocationFailureNotification(
+ if (critical && revocatorInitialized)
+ {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
+- "Critical CRL update failure. Shutting down server. %d", parent_pid);
+- kill(parent_pid, 15);
++ "Critical CRL update failure. Shutting down server pid %d", parent_pid);
++ kill_apache();
+ }
+ }
+ return PR_TRUE;
+@@ -298,11 +307,11 @@ PRBool NESRevocationDownloadNotification
+ {
+ /* this CRL is outdated, log it */
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
+- "CRL %s %s is outdated. Shutting down server. %d",
++ "CRL %s %s is outdated. Shutting down server pid %d",
+ url, subject, parent_pid);
+
+ /* we have to shut down the web server */
+- kill(parent_pid, 15);
++ kill_apache();
+ }
+ }
+
+@@ -335,6 +344,25 @@ init_Module(apr_pool_t *p, apr_pool_t *p
+
+ sc->nInitCount++;
+
++ if (sc->nInitCount == 1) {
++ struct sembuf sb;
++ sc->semid = semget(IPC_PRIVATE, 1, IPC_CREAT | IPC_EXCL | 0600);
++ if (sc->semid == -1) {
++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
++ "Unable to obtain semaphore.");
++ nss_die();
++ }
++
++ /* Initialize the semaphore */
++ sb.sem_num = 0;
++ sb.sem_op = 1;
++ sb.sem_flg = 0;
++ if ((semop(sc->semid, &sb, 1)) == -1) {
++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
++ "Unable to initialize semaphore.");
++ nss_die();
++ }
++
+ /* The first pass through this function will create the semaphore that
+ * will be used to lock the pipe. The user is still root at that point
+ * so for any later calls the semaphore ops will fail with permission
+@@ -345,12 +373,11 @@ init_Module(apr_pool_t *p, apr_pool_t *p
+ status.sem_perm.uid = user_id;
+ semctl(sc->semid,0,IPC_SET,&status);
+ }
+-
+- if (sc->nInitCount == 1) {
++ } else if (sc->nInitCount == 2) {
+ const char * child_argv[5];
+ apr_status_t rv;
+- struct sembuf sb;
+ char sembuf[32];
++ char pidbuf[32];
+
+ if (sc->crlhelper == NULL) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+@@ -358,29 +385,16 @@ init_Module(apr_pool_t *p, apr_pool_t *p
+ nss_die();
+ }
+
+- sc->semid = semget(IPC_PRIVATE, 1, IPC_CREAT | IPC_EXCL | 0600);
+- if (sc->semid == -1) {
+- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+- "Unable to obtain semaphore.");
+- nss_die();
+- }
+-
+- /* Initialize the semaphore */
+- sb.sem_num = 0;
+- sb.sem_op = 1;
+- sb.sem_flg = 0;
+- if ((semop(sc->semid, &sb, 1)) == -1) {
+- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+- "Unable to initialize semaphore.");
+- nss_die();
+- }
+-
+ PR_snprintf(sembuf, 32, "%d", sc->semid);
++ PR_snprintf(pidbuf, 32, "%d", parent_pid);
+ child_argv[0] = sc->crlhelper;
+ child_argv[1] = sembuf;
+- child_argv[2] = sc->database;
+- child_argv[3] = sc->dbprefix;
+- child_argv[4] = NULL;
++ child_argv[2] = pidbuf;
++ child_argv[3] = sc->database;
++ child_argv[4] = sc->dbprefix;
++ child_argv[5] = NULL;
++ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
++ "Parent PID is %d", parent_pid);
+
+ rv = apr_procattr_create(&sc->procattr, s->process->pool);
+
+@@ -428,7 +442,6 @@ InitRevocation(apr_pool_t *p, server_rec
+ void* critical = (void *)sc->crlcritical;
+ Rev_SetFailureCallbackEntryPoint setfcb = NULL;
+ Rev_SetDownloadCallbackEntryPoint setncb = NULL;
+- int infd, outfd;
+
+ /* Do nothing until Apache is ready to run */
+ if (sc->nInitCount < 2) return APR_SUCCESS;
+@@ -499,7 +512,10 @@ InitRevocation(apr_pool_t *p, server_rec
+ free(configstring);
+ apr_dso_unload(dlh);
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, base_server,
+- "Unable to load secmod module: %d", PR_GetError());
++ "Unable to load Revocation module, NSS error %d. %s", PR_GetError(), critical ? "" : "CRL retrieval will be disabled.");
++ if (critical) {
++ kill_apache();
++ }
+ return APR_EGENERAL;
+ }
+ free(configstring);
+diff -upN --recursive mod_revocator-1.0.3/reverror.h mod_revocator-1.0.3-kill/reverror.h
+--- mod_revocator-1.0.3/reverror.h 2007-06-05 10:38:58.000000000 -0400
++++ mod_revocator-1.0.3-kill/reverror.h 2010-11-17 13:53:07.000000000 -0500
+@@ -54,6 +54,7 @@ const PRInt32 REV_ERROR_BAD_ISSUER_USAGE
+ const PRInt32 REV_ERROR_MISSING_CRL_DATA = 1014;
+ const PRInt32 REV_ERROR_BAD_ISSUER_TRUST = 1015;
+ const PRInt32 REV_ERROR_NOUPDATE_AVAILABLE = 1016;
++const PRInt32 REV_ERROR_SEMAPHORE_ERROR = 1017;
+
+ #endif
+
diff --git a/mod_revocator-libpath.patch b/mod_revocator-libpath.patch
new file mode 100644
index 0000000..02ad727
--- /dev/null
+++ b/mod_revocator-libpath.patch
@@ -0,0 +1,9 @@
+diff -u mod_revocator-1.0.2.orig/revocator.conf mod_revocator-1.0.2/revocator.conf
+--- mod_revocator-1.0.2.orig/revocator.conf 2006-08-04 14:49:33.000000000 -0400
++++ mod_revocator-1.0.2/revocator.conf 2006-10-16 10:10:33.000000000 -0400
+@@ -1,4 +1,4 @@
+-LoadModule rev_module modules/libmodrev.so
++LoadModule rev_module modules/mod_rev.so
+
+ # CRL Engine Switch:
+ # Enable/Disable CRL retrieval
diff --git a/mod_revocator-segfault-fix.patch b/mod_revocator-segfault-fix.patch
new file mode 100644
index 0000000..e32dd34
--- /dev/null
+++ b/mod_revocator-segfault-fix.patch
@@ -0,0 +1,73 @@
+diff -rupN mod_revocator-1.0.3.patched/Makefile.am mod_revocator-1.0.3.segfault/Makefile.am
+--- mod_revocator-1.0.3.patched/Makefile.am 2010-04-13 07:11:09.000000000 -0700
++++ mod_revocator-1.0.3.segfault/Makefile.am 2011-10-11 09:41:23.000000000 -0700
+@@ -10,7 +10,7 @@ libmodrev_la_SOURCES = mod_rev.c
+ libmodrev_la_LDFLAGS = -module -avoid-version
+
+ INCLUDES = -I@apache_inc@ @nspr_inc@ @nss_inc@ @apr_inc@ -Imozilla/security/nss/lib/base @ldapsdk_inc@ -Imozilla/security/nss/lib/ckfw
+-LIBS = @ldapsdk_lib@ @nspr_lib@ @nss_lib@ @ldapsdk_libs_ssl@ -lssl3 -lsmime3 -lnss3 -lnssb @ldapsdk_libs@ -lplc4 -lplds4 -lnspr4 -lpthread -ldl
++LIBS = @ldapsdk_lib@ @nspr_lib@ @nss_lib@ @ldapsdk_libs_ssl@ -lssl3 -lsmime3 -lnss3 -lnssutil3 -lnssb @ldapsdk_libs@ -lplc4 -lplds4 -lnspr4 -lpthread -ldl
+ DEFS = -D__REVOCATION_IMPLEMENTATION__=1 @extra_cppflags@
+
+ # Remove nsprstub.o from libnssckfw.a so we can use our own stub, then
+diff -rupN mod_revocator-1.0.3.patched/crlhelper.cpp mod_revocator-1.0.3.segfault/crlhelper.cpp
+--- mod_revocator-1.0.3.patched/crlhelper.cpp 2011-10-11 09:18:33.000000000 -0700
++++ mod_revocator-1.0.3.segfault/crlhelper.cpp 2011-10-11 09:35:53.000000000 -0700
+@@ -229,7 +229,7 @@ int main(int argc, char ** argv)
+ }
+ if (NULL == data) {
+ data = fetch_url(url, 30, lastfetchtime, &len, &errnum);
+- if (expired)
++ if (expired) {
+ if (errnum == CL_NOUPDATE_AVAILABLE) {
+ node->fetchtime = PR_Now();
+ data = node->data;
+@@ -243,6 +243,7 @@ int main(int argc, char ** argv)
+ urlcache = node->next;
+ }
+ freeNode(node);
++ }
+ }
+ if (data) {
+ node = (Node *)malloc(sizeof(Node));
+@@ -262,10 +263,11 @@ int main(int argc, char ** argv)
+ data = node->data;
+ node->fetchtime = PR_Now();
+ node->errnum = errnum;
+- if (urlcache)
++ if (urlcache) {
+ node->next = urlcache;
+- else
++ } else {
+ node->next = NULL;
++ }
+ urlcache = node;
+ }
+ }
+diff -rupN mod_revocator-1.0.3.patched/mod_rev.c mod_revocator-1.0.3.segfault/mod_rev.c
+--- mod_revocator-1.0.3.patched/mod_rev.c 2011-10-11 09:18:33.000000000 -0700
++++ mod_revocator-1.0.3.segfault/mod_rev.c 2011-10-11 11:15:37.000000000 -0700
+@@ -501,6 +501,23 @@ InitRevocation(apr_pool_t *p, server_rec
+ apr_os_file_get(&infd, sc->proc.out);
+ PR_snprintf(configstring, CONFIGLEN, "library=%s name=revocation parameters=\"%s %ld %d %d\"", revocation_library, sc->crlfile ? sc->crlfile : "", sc->semid, infd, outfd);
+
++ /* Since NSS now separates some functionality into 'libnssutil3.so',
++ * to prevent a segmentation violation from occurring, it is now
++ * necessary to insure that all executables and libraries are
++ * linked against this library, and that the SECOID_Init() function
++ * is called prior to calling the SECMOD_LoadUserModule() function.
++ */
++ if (SECOID_Init() != SECSuccess) {
++ free(configstring);
++ apr_dso_unload(dlh);
++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, base_server,
++ "Unable to initialize SECOID, NSS error %d. %s", PR_GetError(), critical ? "" : "CRL retrieval will be disabled.");
++ if (critical) {
++ kill_apache();
++ }
++ return APR_EGENERAL;
++ }
++
+ mod = SECMOD_LoadUserModule(configstring, NULL, PR_FALSE);
+ if (!mod || !mod->loaded)
+ {
diff --git a/mod_revocator.spec b/mod_revocator.spec
new file mode 100644
index 0000000..0943b26
--- /dev/null
+++ b/mod_revocator.spec
@@ -0,0 +1,200 @@
+%{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}}
+%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo missing-httpd-devel)}}
+%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}}
+# /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4
+%{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
+
+Name: mod_revocator
+Version: 1.0.3
+Release: 12%{?dist}
+Summary: CRL retrieval module for the Apache HTTP server
+Group: System Environment/Daemons
+License: ASL 2.0
+URL: http://directory.fedora.redhat.com/wiki/Mod_revocator
+Source: http://directory.fedora.redhat.com/sources/%{name}-%{version}.tar.gz
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRequires: nspr-devel >= 4.6, nss-devel >= 3.11.9
+BuildRequires: nss-pkcs11-devel >= 3.11
+BuildRequires: nss-pkcs11-devel-static
+BuildRequires: httpd-devel >= 0:2.0.52, apr-devel, apr-util-devel
+BuildRequires: pkgconfig, autoconf, automake, libtool
+BuildRequires: openldap-devel >= 2.2.29
+Requires: mod_nss >= 1.0.8
+Requires: httpd-mmn = %{_httpd_mmn}
+Patch1: mod_revocator-libpath.patch
+Patch2: mod_revocator-kill.patch
+Patch3: mod_revocator-segfault-fix.patch
+Patch4: mod_revocator-32-bit-semaphore-fix.patch
+Patch5: mod_revocator-array-size.patch
+
+%description
+The mod_revocator module retrieves and installs remote
+Certificate Revocate Lists (CRLs) into an Apache web server.
+
+%prep
+%setup -q
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+
+%build
+autoreconf -fvi
+
+# Needed for ppc64, automake can't be run here
+for file in %{_datadir}/automake-*/config.{guess,sub}
+do
+ cp -f $file .
+done
+
+CFLAGS="$RPM_OPT_FLAGS"
+export CFLAGS
+
+NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --variable=includedir nspr`
+NSPR_LIB_DIR=`/usr/bin/pkg-config --variable=libdir nspr`
+
+NSS_INCLUDE_DIR=`/usr/bin/pkg-config --variable=includedir nss`
+NSS_LIB_DIR=`/usr/bin/pkg-config --variable=libdir nss`
+
+NSS_BIN=`/usr/bin/pkg-config --variable=exec_prefix nss`
+
+%configure \
+ --with-nss-lib=$NSS_LIB_DIR \
+ --with-nss-inc=$NSS_INCLUDE_DIR \
+ --with-nspr-lib=$NSPR_LIB_DIR \
+ --with-nspr-inc=$NSPR_INCLUDE_DIR \
+ --with-apr-config --enable-openldap \
+ --with-apxs=%{_httpd_apxs}
+
+make %{?_smp_flags} all
+
+%install
+# The install target of the Makefile isn't used because that uses apxs
+# which tries to enable the module in the build host httpd instead of in
+# the build root.
+rm -rf $RPM_BUILD_ROOT
+
+mkdir -p $RPM_BUILD_ROOT%{_httpd_confdir} $RPM_BUILD_ROOT%{_httpd_modconfdir} \
+ $RPM_BUILD_ROOT%{_libdir}/httpd/modules $RPM_BUILD_ROOT%{_bindir}
+
+
+%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
+# httpd >= 2.4.x
+sed -n /^LoadModule/p revocator.conf > 11-revocator.conf
+sed -i /^LoadModule/d revocator.conf
+install -m 644 11-revocator.conf $RPM_BUILD_ROOT%{_httpd_modconfdir}/11-revocator.conf
+%endif
+install -m 644 revocator.conf $RPM_BUILD_ROOT%{_httpd_confdir}/revocator.conf
+install -m 755 .libs/libmodrev.so $RPM_BUILD_ROOT%{_libdir}/httpd/modules/mod_rev.so
+# Ugh, manually create the ldconfig symbolic links
+version=`grep -v '^\#' ./libtool-version`
+current=`echo $version | cut -d: -f1`
+revision=`echo $version | cut -d: -f2`
+age=`echo $version | cut -d: -f3`
+install -m 755 .libs/librevocation.so.$current.$revision.$age $RPM_BUILD_ROOT%{_libdir}/
+(cd $RPM_BUILD_ROOT%{_libdir} && ln -s librevocation.so.$current.$revision.$age librevocation.so.0)
+(cd $RPM_BUILD_ROOT%{_libdir} && ln -s librevocation.so.$current.$revision.$age librevocation.so)
+install -m 755 ldapget $RPM_BUILD_ROOT%{_bindir}/
+install -m 755 crlhelper $RPM_BUILD_ROOT%{_bindir}/
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%files
+%defattr(-,root,root,-)
+%doc README LICENSE docs/mod_revocator.html
+%config(noreplace) %{_httpd_confdir}/*.conf
+%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
+%config(noreplace) %{_httpd_modconfdir}/*.conf
+%endif
+%{_libdir}/httpd/modules/mod_rev.so
+# rpmlint will complain that librevocation.so is a shared library but this
+# must be ignored because this file is loaded directly by name by the Apache
+# module.
+%{_libdir}/librevocation.*so*
+%{_bindir}/ldapget
+%{_bindir}/crlhelper
+
+%changelog
+* Tue Apr 24 2012 Remi Collet <RPMS@FamilleCollet.com> - 1.0.3-12
+- rebuild for remi repo and httpd 2.4
+
+* Mon Apr 23 2012 Joe Orton <jorton@redhat.com> - 1.0.3-12
+- use 11- prefix for config file w/2.4
+
+* Wed Apr 18 2012 Remi Collet <RPMS@FamilleCollet.com> - 1.0.3-11
+- rebuild for remi repo and httpd 2.4
+
+* Wed Apr 18 2012 Joe Orton <jorton@redhat.com> - 1.0.3-11
+- fix deps, packaging for 2.4 (#803074)
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.3-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Thu Oct 27 2011 Matthew Harmsen <mharmsen@redhat.com> - 1.0.3-9
+- Bugzilla Bug #716874 - httpd (32 bit) failed to start if mod_revocator
+ (32 bit) is installed on ppc64
+
+* Fri Oct 21 2011 Matthew Harmsen <mharmsen@redhat.com> - 1.0.3-7
+- Bugzilla Bug #716355 - mod_revocator does not shut down httpd server if
+ expired CRL is fetched
+- Bugzilla Bug #716361 - mod_revocator does not bring down httpd server if
+ CRLUpdate fails
+
+* Tue Oct 11 2011 Matthew Harmsen <mharmsen@redhat.com> - 1.0.3-6
+- Bugzilla Bug #737556 - CRLS are not downloaded when mod_revocator module
+ is loaded successfully. And no error was thrown in httpd error_log -
+ mharmsen
+- Add 'autoreconf -fvi' to build section - mharmsen
+- Fix shutting down Apache if CRLUpdateCritical is on and a CRL
+ is not available at startup (#654378) - rcritten@redhat.com
+- Updated mod_revocator-kill patch. The ownership of the semaphore used to
+ control access to crlhelper was not always changed to the Apache user
+ (#648546) - rcritten@redhat.com
+- Actually apply the patch (#648546) - rcritten@redhat.com
+- Fix killing the web server if updatecritical is set (#648546) -
+ rcritten@redhat.com
+
+* Mon Mar 7 2011 Rob Crittenden <rcritten@redhat.com> - 1.0.3-4
+- Use correct package name, nss-pkcs11-devel-static (#640293)
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Oct 4 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.3-2
+- Add BuildRequires: nss-pkcs11-static (#640293)
+
+* Tue Apr 14 2010 Rob Crittenden <rcritten@redhat.com> - 1.0.3-1
+- Update to upstream 1.0.3
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.2-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Mar 04 2009 Robert Scheck <robert@fedoraproject.org> - 1.0.2-7
+- Solve the ppc64-redhat-linux-gnu configure target error
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.2-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Mon Aug 11 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.0.2-5
+- fix license tag
+
+* Mon Feb 25 2008 Rob Crittenden <rcritten@redhat.com> 1.0.2-4
+- The nss package changed the location of the NSS shared libraries to /lib from
+ /usr/lib. Static libraries remained in /usr/lib. They then updated their
+ devel package to put symlinks back from /lib to /usr. Respin to pick that up.
+ BZ 434395.
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.0.2-3
+- Autorebuild for GCC 4.3
+
+* Wed Dec 5 2007 Rob Crittenden <rcritten@redhat.com> 1.0.2-2
+- Respin to pick up new openldap
+
+* Mon Oct 16 2006 Rob Crittenden <rcritten@redhat.com> 1.0.2-1
+- Initial build