new ebuild, coming from 389 Directory Server project (http://directory.fedoraproject.org)

Package-Manager: portage-2.2_rc67/cvs/Linux x86_64

5 files changed, 316 insertions, 0 deletions

diff --git a/www-apache/mod_nss/ChangeLog b/www-apache/mod_nss/ChangeLog
new file mode 100644
index 000000000000..a3071c35ebfc
--- /dev/null
+++ b/www-apache/mod_nss/ChangeLog
@@ -0,0 +1,11 @@
+# ChangeLog for www-apache/mod_nss
+# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_nss/ChangeLog,v 1.1 2010/07/07 13:36:56 lxnay Exp $
+
+*mod_nss-1.0.8-r1 (07 Jul 2010)
+
+  07 Jul 2010; Fabio Erculiani <lxnay@gentoo.org> +files/47_mod_nss.conf,
+  +mod_nss-1.0.8-r1.ebuild, +metadata.xml:
+  new ebuild, coming from 389 Directory Server project
+  (http://directory.fedoraproject.org)
+
diff --git a/www-apache/mod_nss/Manifest b/www-apache/mod_nss/Manifest
new file mode 100644
index 000000000000..cb3623d87292
--- /dev/null
+++ b/www-apache/mod_nss/Manifest
@@ -0,0 +1,5 @@
+AUX 47_mod_nss.conf 8849 RMD160 3220d46e8ba8862c793c6aa08d91923dde977c9a SHA1 2af8c8eaf33a040a6abb968ac7c3b1ab18b0e065 SHA256 78f48475b21bd8a5b1304c8bd14437a0e92e9a8b6ffbe7ecd243f83d37da8342
+DIST mod_nss-1.0.8.tar.gz 405061 RMD160 23467e40d0922c51ee073f7c7d24636bafba2bc1 SHA1 69a4b51eaee2087ee6ea85e1b19fb0c7ccd7ab2e SHA256 f8477dfc432033738ee1aad5e010e9f0429eb1c1debd273a05fed6316d50a801
+EBUILD mod_nss-1.0.8-r1.ebuild 1417 RMD160 76bc4759a9ff32cc3d7ba70f3d979405d5247519 SHA1 1ee873fab9d366c04123480d0dedf4f2d5ef597a SHA256 65c46cb8767a5cc21e5062b0ff7de85b50ae876a1843a4d6bcc646897af09f22
+MISC ChangeLog 453 RMD160 a088d5b973a6e72586b5e294ef3ddac889c72f79 SHA1 a0b9ec274f186c6706a924c56c01ead31189e56d SHA256 a922f5807d39c0dd444d077a3af7dcaa55098aa13e68224c9b28aadee96b05e5
+MISC metadata.xml 301 RMD160 211b5196645853e1db5eef78637d71ea743f70f4 SHA1 5da7395a66ce714c6225a13f80ce84f6d49be2b8 SHA256 4b667001f266ede36d6a7564035a5a1dbe745c053b7370b499c63395afd886e0
diff --git a/www-apache/mod_nss/files/47_mod_nss.conf b/www-apache/mod_nss/files/47_mod_nss.conf
new file mode 100644
index 000000000000..731f61c03b35
--- /dev/null
+++ b/www-apache/mod_nss/files/47_mod_nss.conf
@@ -0,0 +1,224 @@
+#
+# This is the Apache server configuration file providing SSL support using.
+# the mod_nss plugin.  It contains the configuration directives to instruct
+# the server how to serve pages over an https connection.
+# 
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+
+<IfDefine NSS>
+        LoadModule nss_module  modules/mod_nss.so
+</IfDefine>
+
+<IfModule mod_nss.c>
+#
+# When we also provide SSL we have to listen to the 
+# standard HTTP port (see above) and to the HTTPS port
+#
+# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
+#       Listen directives: "Listen [::]:8443" and "Listen 0.0.0.0:8443"
+#
+Listen 8443
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#
+#   Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl    .crl
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+NSSPassPhraseDialog  builtin
+
+
+#   Pass Phrase Helper:
+#   This helper program stores the token password pins between
+#   restarts of Apache.
+NSSPassPhraseHelper /usr/sbin/nss_pcache
+
+#   Configure the SSL Session Cache. 
+#   NSSSessionCacheSize is the number of entries in the cache.
+#   NSSSessionCacheTimeout is the SSL2 session timeout (in seconds).
+#   NSSSession3CacheTimeout is the SSL3/TLS session timeout (in seconds).
+NSSSessionCacheSize 10000
+NSSSessionCacheTimeout 100
+NSSSession3CacheTimeout 86400
+
+#
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. Those platforms usually also provide a non-blocking
+# device, /dev/urandom, which may be used instead.
+#
+# This does not support seeding the RNG with each connection.
+
+NSSRandomSeed startup builtin
+#NSSRandomSeed startup file:/dev/random  512
+#NSSRandomSeed startup file:/dev/urandom 512
+
+</IfModule>
+
+
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1
+#	include -D NSS_EXAMPLE if you have
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1
+
+
+<IfDefine NSS_EXAMPLE>
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:8443>
+
+#   General setup for the virtual host
+DocumentRoot "/var/www/localhost/htdocs"
+ServerName localhost:8443
+ServerAdmin you@example.com>
+
+
+# Include vhosts.d/default_vhost.include
+
+
+
+# mod_nss can log to separate log files, you can choose to do that if you'd like
+# LogLevel is not inherited from httpd.conf.
+ErrorLog /var/log/apache2/nss_error_log
+TransferLog var/log/apache2/access_log
+LogLevel debug
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+NSSEngine on
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_nss documentation for a complete list.
+
+# SSL 3 ciphers. SSL 2 is disabled by default.
+#NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
+
+# SSL 3 ciphers + ECC ciphers. SSL 2 is disabled by default.
+#
+# Comment out the NSSCipherSuite line above and use the one below if you have
+# ECC enabled NSS and mod_nss and want to use Elliptical Curve Cryptography
+NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha
+
+NSSProtocol SSLv3,TLSv1
+
+#   SSL Certificate Nickname:
+#   The nickname of the RSA server certificate you are going to use.
+NSSNickname Server-Cert
+
+#   SSL Certificate Nickname:
+#   The nickname of the ECC server certificate you are going to use, if you
+#   have an ECC-enabled version of NSS and mod_nss
+#NSSECCNickname Server-Cert-ecc
+
+#   Server Certificate Database:
+#   The NSS security database directory that holds the certificates and
+#   keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
+#   Provide the directory that these files exist.
+NSSCertificateDatabase /etc/apache2/nss/
+
+#   Database Prefix:
+#   In order to be able to store multiple NSS databases in one directory
+#   they need unique names. This option sets the database prefix used for
+#   cert8.db and key3.db.
+#NSSDBPrefix my-prefix-
+
+#   Client Authentication (Type):
+#   Client certificate verification type.  Types are none, optional and
+#   require.
+NSSVerifyClient none
+
+#
+#   Online Certificate Status Protocol (OCSP).
+#   Verify that certificates have not been revoked before accepting them.
+NSSOCSP off
+
+#
+#   Use a default OCSP responder. If enabled this will be used regardless
+#   of whether one is included in a client certificate. Note that the
+#   server certificate is verified during startup.
+#
+#   NSSOCSPDefaultURL defines the service URL of the OCSP responder
+#   NSSOCSPDefaultName is the nickname of the certificate to trust to
+#       sign the OCSP responses.
+#NSSOCSPDefaultResponder on
+#NSSOCSPDefaultURL http://example.com/ocsp/status
+#NSSOCSPDefaultName ocsp-nickname
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_nss documentation
+#   for more details.
+#<Location />
+#NSSRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "NSSRequireSSL" or "NSSRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#NSSOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    NSSOptions +StdEnvVars
+</Files>
+<Directory "/usr/cgi-bin">
+    NSSOptions +StdEnvVars
+</Directory>
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+#CustomLog /home/rcrit/redhat/apache/logs/ssl_request_log \
+#          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>                                  
+
+</IfDefine>
diff --git a/www-apache/mod_nss/metadata.xml b/www-apache/mod_nss/metadata.xml
new file mode 100644
index 000000000000..a1dab44fd8dc
--- /dev/null
+++ b/www-apache/mod_nss/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>no-herd</herd>
+<maintainer>
+        <email>lxnay@gentoo.org</email>
+</maintainer>
+<use>
+	<flag name='ecc'>enable Elliptical Curve Cyptography</flag>
+</use>
+</pkgmetadata>
diff --git a/www-apache/mod_nss/mod_nss-1.0.8-r1.ebuild b/www-apache/mod_nss/mod_nss-1.0.8-r1.ebuild
new file mode 100644
index 000000000000..c37f38b9f5a4
--- /dev/null
+++ b/www-apache/mod_nss/mod_nss-1.0.8-r1.ebuild
@@ -0,0 +1,65 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_nss/mod_nss-1.0.8-r1.ebuild,v 1.1 2010/07/07 13:36:56 lxnay Exp $
+
+EAPI="2"
+
+WANT_AUTOMAKE="1.6"
+
+inherit base autotools apache-module flag-o-matic
+
+DESCRIPTION="SSL/TLS module for the Apache HTTP server"
+HOMEPAGE="http://directory.fedoraproject.org/wiki/Mod_nss"
+SRC_URI="http://directory.fedoraproject.org/sources/${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+ecc"
+
+DEPEND=">=dev-libs/nss-3.11.4
+	>=dev-libs/nspr-4.6.4
+	dev-util/pkgconfig"
+
+RDEPEND=">=dev-libs/nss-3.11.4
+	>=dev-libs/nspr-4.6.4
+	net-dns/bind-tools"
+
+APACHE2_MOD_CONF="47_${PN}"
+APACHE2_MOD_DEFINE="NSS"
+
+DOCFILES="NOTICE README"
+
+need_apache2
+
+src_prepare() {
+	# add gentoo naming
+	sed -i -e 's/certutil/nsscertutil/' gencert.in || die "sed failed"
+	eautoreconf
+}
+
+src_configure() {
+	econf $(use_enable ecc) \
+		--with-apxs=${APXS} || die "econf failed"
+}
+
+src_compile() {
+	base_src_compile
+}
+
+src_install() {
+	mv .libs/libmodnss.so .libs/"${PN}".so || die "cannot move lib"
+
+	dosbin gencert nss_pcache
+	dohtml docs/mod_nss.html
+	newbin migrate.pl nss_migrate
+	dodir /etc/apache2/nss
+	apache-module_src_install
+}
+
+pkg_postinst() {
+	apache-module_pkg_postinst
+
+	elog "If you need to generate a SSL certificate,"
+	elog "please use gencert script from bind-tools"
+}