fcgiwarp add

Signed-off-by: webbuilder_pel7ppc64lebuilder0 <webbuilder@powerel.org>
2 years ago · 704ea125f5
9 changed files with 291 additions and 0 deletions
--- a/SOURCES/README.SELinux
+++ b/SOURCES/README.SELinux
@ -0,0 +1,8 @@
				@@ -0,0 +1,8 @@
+Until BZ #1655702 [1] is resolved and a new selinux-polcy is pushed out, the
+local system administrator must apply the following command to avoid avc write
+denials, if selinux security policies are being enforced:
+
+   semanage fcontext -a -t httpd_var_run_t '/var/run/fcgiwrap(/.*)?'
+
+
+[1] https://bugzilla.redhat.com/show_bug.cgi?id=1655702
--- a/SOURCES/SETUP
+++ b/SOURCES/SETUP
@ -0,0 +1,19 @@
				@@ -0,0 +1,19 @@
+Perform these steps after package installation:
+
+1. Inspect the environment file /etc/sysconfig/fcgiwrap. Set fcgiwrap daemon
+   parameters acording to your needs. See man fcgiwrap for details.
+
+2. The systemd unit files provided with this package are instantiated and must
+   be started by specifiying the desired web server user account. For example,
+   when using nginx, the fgciwrap service is enabled then started like so:
+      
+      systemctl enable fcgiwrap@nginx.socket
+      systemctl start fcgiwrap@nginx.socket
+
+   Note the socket name is used here rather than the service name. There is no
+   need to enable the service itself. Indeed one cannot enable the service on
+   older versions of systemd. This is by design.
+
+   See the systemd socket documentation for further details:
+   https://www.freedesktop.org/software/systemd/man/systemd.socket.html
+
--- a/SOURCES/fcgiwrap
+++ b/SOURCES/fcgiwrap
@ -0,0 +1,8 @@
				@@ -0,0 +1,8 @@
+# fcgiwrap configuration parameters
+
+# Specify the number of fcgiwrap processes to prefork
+DAEMON_PROCS=1
+
+# Specify additional daemon options. See man fcgiwrap.
+DAEMON_OPTS=-f
+
--- a/SOURCES/fcgiwrap-1.1.0-declare_cgi_error_noreturn.patch
+++ b/SOURCES/fcgiwrap-1.1.0-declare_cgi_error_noreturn.patch
@ -0,0 +1,27 @@
				@@ -0,0 +1,27 @@
+From bd00af48ca0b0165eea66f47cd9556ac4cee7219 Mon Sep 17 00:00:00 2001
+From: Peter Colberg <peter@colberg.org>
+Date: Sat, 5 Aug 2017 11:58:26 -0400
+Subject: [PATCH] Declare cgi_error noreturn
+
+This declares the function cgi_error with the attribute __noreturn__ to
+hint to GCC/Clang that the function exits the program and to prevent
+implicit-fallthrough warnings in the function handle_fcgi_request.
+---
+ fcgiwrap.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/fcgiwrap.c b/fcgiwrap.c
+index b44d8aa..751c100 100644
+--- a/fcgiwrap.c
+++ b/fcgiwrap.c
+@@ -500,6 +500,7 @@ static bool is_allowed_program(const char *program) {
+ 	return false;
+ }
+ 
+__attribute__((__noreturn__))
+ static void cgi_error(const char *message, const char *reason, const char *filename)
+ {
+ 	printf("Status: %s\r\nContent-Type: text/plain\r\n\r\n%s\r\n",
+-- 
+2.13.5
+
--- a/SOURCES/fcgiwrap-1.1.0-fix_kill_param_sequence.patch
+++ b/SOURCES/fcgiwrap-1.1.0-fix_kill_param_sequence.patch
@ -0,0 +1,22 @@
				@@ -0,0 +1,22 @@
+From dc0c3b14f0d7bb014a9a4c6c17eb55a123496365 Mon Sep 17 00:00:00 2001
+From: "D.pz" <xpz91@126.me>
+Date: Mon, 28 Aug 2017 23:54:08 +0800
+Subject: [PATCH] 1.fix: kill() parameter sequence wrong
+
+---
+ fcgiwrap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fcgiwrap.c b/fcgiwrap.c
+index b44d8aa..bfd9a90 100644
+--- a/fcgiwrap.c
+++ b/fcgiwrap.c
+@@ -205,7 +205,7 @@ static void fcgi_finish(struct fcgi_context *fc, const char* msg)
+ 	if (fc->fd_stderr >= 0) close(fc->fd_stderr);
+ 
+ 	if (fc->cgi_pid)
+-		kill(SIGTERM, fc->cgi_pid);
+		kill(fc->cgi_pid, SIGTERM);
+ }
+ 
+ static const char * fcgi_pass_fd(struct fcgi_context *fc, int *fdp, FCGI_FILE *ffp, char *buf, size_t bufsize)
--- a/SOURCES/fcgiwrap-1.1.0-use_pkg-config_libsystemd.patch
+++ b/SOURCES/fcgiwrap-1.1.0-use_pkg-config_libsystemd.patch
@ -0,0 +1,25 @@
				@@ -0,0 +1,25 @@
+From 99e1976b5dbe8379457bd3cd3115208b688f0c9c Mon Sep 17 00:00:00 2001
+From: Juan Orti Alcaine <j.orti.alcaine@gmail.com>
+Date: Wed, 9 Nov 2016 16:29:10 +0100
+Subject: [PATCH] pkg-config libsystemd-daemon has been renamed to libsystemd
+
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index bb3674e..2b02ef4 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -28,7 +28,7 @@ AC_ARG_WITH([systemd],
+   [], [with_systemd=check])
+ have_systemd=no
+ if test "x$with_systemd" != "xno"; then
+-  PKG_CHECK_MODULES(systemd, [libsystemd-daemon],
+  PKG_CHECK_MODULES(systemd, [libsystemd],
+     [AC_DEFINE(HAVE_SYSTEMD, 1, [Define if systemd is available])
+     have_systemd=yes],
+   have_systemd=no)
+-- 
+2.9.3
+
--- a/SOURCES/fcgiwrap@.service
+++ b/SOURCES/fcgiwrap@.service
@ -0,0 +1,11 @@
				@@ -0,0 +1,11 @@
+[Unit]
+Description=Simple CGI Server
+After=nss-user-lookup.target
+
+[Service]
+EnvironmentFile=/etc/sysconfig/fcgiwrap
+ExecStart=/usr/sbin/fcgiwrap ${DAEMON_OPTS} -c ${DAEMON_PROCS} 
+User=%i
+
+[Install]
+Also=fcgiwrap@%i.socket
--- a/SOURCES/fcgiwrap@.socket
+++ b/SOURCES/fcgiwrap@.socket
@ -0,0 +1,11 @@
				@@ -0,0 +1,11 @@
+[Unit]
+Description=fcgiwrap Socket
+
+[Socket]
+ListenStream=/run/fcgiwrap/fcgiwrap-%i.sock
+RuntimeDirectory=fcgiwrap
+SocketUser=%i
+SocketMode=0660
+
+[Install]
+WantedBy=sockets.target
--- a/SPECS/fcgiwrap.spec
+++ b/SPECS/fcgiwrap.spec
@ -0,0 +1,160 @@
				@@ -0,0 +1,160 @@
+%global commit 99c942c90063c73734e56bacaa65f947772d9186
+%global shortcommit %(c=%{commit}; echo ${c:0:7})
+%global date 20181108
+
+Name:           fcgiwrap
+Version:        1.1.0
+Release:        18.%{date}git%{shortcommit}%{?dist}
+Summary:        Simple FastCGI wrapper for CGI scripts
+License:        MIT
+URL:            https://github.com/gnosek/fcgiwrap
+Source0:        https://github.com/gnosek/fcgiwrap/archive/%{commit}/%{name}-%{commit}.tar.gz
+Source1:        %{name}@.service
+Source2:        %{name}@.socket
+Source3:        %{name}
+Source4:        SETUP
+Source5:        README.SELinux
+
+# https://github.com/gnosek/fcgiwrap/pull/39
+Patch0:         %{name}-1.1.0-use_pkg-config_libsystemd.patch
+# https://github.com/gnosek/fcgiwrap/pull/43
+Patch1:         %{name}-1.1.0-declare_cgi_error_noreturn.patch
+# https://github.com/gnosek/fcgiwrap/pull/44
+Patch2:         %{name}-1.1.0-fix_kill_param_sequence.patch
+
+BuildRequires:  coreutils
+BuildRequires:  gcc
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  fcgi-devel
+BuildRequires:  systemd-devel
+BuildRequires: make
+%{?systemd_requires}
+
+%description
+This package provides a simple FastCGI wrapper for CGI scripts with/
+following features:
+ - very lightweight (84KB of private memory per instance)
+ - fixes broken CR/LF in headers
+ - handles environment in a sane way (CGI scripts get HTTP-related environment
+   vars from FastCGI parameters and inherit all the others from
+   environment of fcgiwrap )
+ - no configuration, so you can run several sites off the same
+   fcgiwrap pool
+ - passes CGI std error output to std error stream of cgiwrap or FastCGI
+ - support systemd socket activation, launcher program like spawn-fcgi
+   is no longer required on systemd-enabled distributions
+
+%prep
+%autosetup -n %{name}-%{commit}
+install -pm 0644 %{SOURCE4} .
+install -pm 0644 %{SOURCE5} .
+
+%build
+autoreconf -i
+%configure --prefix="" --with-systemd
+%make_build
+
+%install
+%make_install
+
+# Remove the default systemd files 
+rm -f %{buildroot}%{_unitdir}/fcgiwrap.service
+rm -f %{buildroot}%{_unitdir}/fcgiwrap.socket
+
+# Install our own systemd config files
+install -Dm 644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}@.service
+install -Dm 644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}@.socket
+install -Dm 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
+
+%post
+%systemd_post %{name}@.service %{name}@.socket
+
+%preun
+%systemd_preun %{name}@.service %{name}@.socket
+
+%postun
+%systemd_postun_with_restart %{name}@.service %{name}@.socket
+
+%files
+%doc README.rst README.SELinux SETUP
+%license COPYING
+%{_sbindir}/%{name}
+%{_mandir}/man8/%{name}.8*
+%{_unitdir}/%{name}@.service
+%{_unitdir}/%{name}@.socket
+%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
+
+%changelog
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-18.20181108git99c942c
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-17.20181108git99c942c
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.1.0-16.20181108git99c942c
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-15.20181108git99c942c
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-14.20181108git99c942c
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-13.20181108git99c942c
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sun Oct 06 2019 Andrew Bauer <zonexpertconsulting@outlook.com> - 1.1.0-12.20181108git99c942c
+- Update SETUP instructions. Fixes RHBZ 1740030. 
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-11.20181108git99c942c
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-10.20181108git99c942c
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Dec 14 2018 Andrew Bauer <zonexpertconsulting@outlook.com> - 1.1.0-9.20181108git99c942c
+- fix typo in fcgiwrap socket file 
+
+* Tue Dec 04 2018 Andrew Bauer <zonexpertconsulting@outlook.com> - 1.1.0-8.20181108git99c942c
+- Modify socket file based on feedback in BZ 1655281
+- Add README.SELinux
+
+* Thu Nov 08 2018 Andrew Bauer <zonexpertconsulting@outlook.com> - 1.1.0-7.20181108git99c942c
+- Feedback from fedora package review
+- Remove Group from unit file
+- Set date to snapshot date, not commit date
+
+* Sat Nov 03 2018 Andrew Bauer <zonexpertconsulting@outlook.com> - 1.1.0-6.20150530git99c942c
+- Supply our own systemd service, socket, and environment files
+- Add Patch2 to fix kill parameter sequence
+
+* Wed Aug 30 2017 Juan Orti Alcaine <jorti@fedoraproject.org> - 1.1.0-5.20150530git99c942c
+- Add license
+- Use systemd_requires macro
+- Update URL
+- Add Patch1 to fix compilation with gcc 7
+
+* Wed Nov 09 2016 Juan Orti Alcaine <jorti@fedoraproject.org> - 1.1.0-4.20150530git99c942c
+- Patch0 to rename pkg-config libsystemd-daemon to libsystemd
+
+* Thu Feb 04 2016 Juan Orti Alcaine <jorti@fedoraproject.org> - 1.1.0-3.20150530git99c942c
+- Use %%make_build macro
+
+* Sat May 30 2015 Juan Orti Alcaine <jorti@fedoraproject.org> - 1.1.0-2.20150530git99c942c
+- Update to commit 99c942c
+
+* Fri Feb 08 2013 Hiroaki Nakamura <hnakamur@gmail.com> - 1.1.0-1
+- new upstream release.
+
+* Fri Jan 11 2013 Hiroaki Nakamura <hnakamur@gmail.com> - 1.0.3.20120908-1
+- Change version to increase monotonously.
+
+* Wed Jan  9 2013 Hiroaki Nakamura <hnakamur@gmail.com> - 1.0.3-3.gitb9f03e6377
+- Make the rpm relocatable.
+
+* Tue Dec 25 2012 Hiroaki Nakamura <hnakamur@gmail.com> - 1.0.3-2.gitb9f03e6377
+
+* Tue Jan 31 2012 Craig Barnes <cr@igbarn.es> - 1.0.3-1.git1328862
+- Initial package