proj/gentoo: Initial commit

This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
author: Robin H. Johnson <robbat2@gentoo.org> 2015-08-08 13:49:04 -0700
committer: Robin H. Johnson <robbat2@gentoo.org> 2015-08-08 17:38:18 -0700
commit: 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree: 3f91093cdb475e565ae857f1c5a7fd339e2d781e /www-apache/mod_nss
download: gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
4 files changed, 294 insertions, 0 deletions
diff --git a/www-apache/mod_nss/Manifest b/www-apache/mod_nss/Manifest
new file mode 100644
index 000000000000..fca1aba0710b
--- /dev/null
+++ b/www-apache/mod_nss/Manifest
@@ -0,0 +1 @@
+DIST mod_nss-1.0.11.tar.gz 159176 SHA256 a5a824dc77382ba61517cc7dedbbd8c4c1e6b984b1d9498e24995aeed4bd1597 SHA512 659ce74a48bf09d5ade3c1cc7f64bb3b529049f8591519000d59079485c8231a60a681718a380fa4ec9897216909f24dc6bab88d023a00dd2d6b08d997b5ef47 WHIRLPOOL b97b92d3f8b7e132a8e13661d41fcb5b920f1ebcd6f203e70d4f3108061ae8e3c3d99e3d29c0e041aec33c8787b18207c2e9c2ae6adc8063d63f7ab17195a2e5
diff --git a/www-apache/mod_nss/files/47_mod_nss.conf b/www-apache/mod_nss/files/47_mod_nss.conf
new file mode 100644
index 000000000000..731f61c03b35
--- /dev/null
+++ b/www-apache/mod_nss/files/47_mod_nss.conf
@@ -0,0 +1,224 @@
+#
+# This is the Apache server configuration file providing SSL support using.
+# the mod_nss plugin.  It contains the configuration directives to instruct
+# the server how to serve pages over an https connection.
+# 
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+
+<IfDefine NSS>
+        LoadModule nss_module  modules/mod_nss.so
+</IfDefine>
+
+<IfModule mod_nss.c>
+#
+# When we also provide SSL we have to listen to the 
+# standard HTTP port (see above) and to the HTTPS port
+#
+# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
+#       Listen directives: "Listen [::]:8443" and "Listen 0.0.0.0:8443"
+#
+Listen 8443
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#
+#   Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl    .crl
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+NSSPassPhraseDialog  builtin
+
+
+#   Pass Phrase Helper:
+#   This helper program stores the token password pins between
+#   restarts of Apache.
+NSSPassPhraseHelper /usr/sbin/nss_pcache
+
+#   Configure the SSL Session Cache. 
+#   NSSSessionCacheSize is the number of entries in the cache.
+#   NSSSessionCacheTimeout is the SSL2 session timeout (in seconds).
+#   NSSSession3CacheTimeout is the SSL3/TLS session timeout (in seconds).
+NSSSessionCacheSize 10000
+NSSSessionCacheTimeout 100
+NSSSession3CacheTimeout 86400
+
+#
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. Those platforms usually also provide a non-blocking
+# device, /dev/urandom, which may be used instead.
+#
+# This does not support seeding the RNG with each connection.
+
+NSSRandomSeed startup builtin
+#NSSRandomSeed startup file:/dev/random  512
+#NSSRandomSeed startup file:/dev/urandom 512
+
+</IfModule>
+
+
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1
+#	include -D NSS_EXAMPLE if you have
+#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1
+
+
+<IfDefine NSS_EXAMPLE>
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:8443>
+
+#   General setup for the virtual host
+DocumentRoot "/var/www/localhost/htdocs"
+ServerName localhost:8443
+ServerAdmin you@example.com>
+
+
+# Include vhosts.d/default_vhost.include
+
+
+
+# mod_nss can log to separate log files, you can choose to do that if you'd like
+# LogLevel is not inherited from httpd.conf.
+ErrorLog /var/log/apache2/nss_error_log
+TransferLog var/log/apache2/access_log
+LogLevel debug
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+NSSEngine on
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_nss documentation for a complete list.
+
+# SSL 3 ciphers. SSL 2 is disabled by default.
+#NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
+
+# SSL 3 ciphers + ECC ciphers. SSL 2 is disabled by default.
+#
+# Comment out the NSSCipherSuite line above and use the one below if you have
+# ECC enabled NSS and mod_nss and want to use Elliptical Curve Cryptography
+NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha
+
+NSSProtocol SSLv3,TLSv1
+
+#   SSL Certificate Nickname:
+#   The nickname of the RSA server certificate you are going to use.
+NSSNickname Server-Cert
+
+#   SSL Certificate Nickname:
+#   The nickname of the ECC server certificate you are going to use, if you
+#   have an ECC-enabled version of NSS and mod_nss
+#NSSECCNickname Server-Cert-ecc
+
+#   Server Certificate Database:
+#   The NSS security database directory that holds the certificates and
+#   keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
+#   Provide the directory that these files exist.
+NSSCertificateDatabase /etc/apache2/nss/
+
+#   Database Prefix:
+#   In order to be able to store multiple NSS databases in one directory
+#   they need unique names. This option sets the database prefix used for
+#   cert8.db and key3.db.
+#NSSDBPrefix my-prefix-
+
+#   Client Authentication (Type):
+#   Client certificate verification type.  Types are none, optional and
+#   require.
+NSSVerifyClient none
+
+#
+#   Online Certificate Status Protocol (OCSP).
+#   Verify that certificates have not been revoked before accepting them.
+NSSOCSP off
+
+#
+#   Use a default OCSP responder. If enabled this will be used regardless
+#   of whether one is included in a client certificate. Note that the
+#   server certificate is verified during startup.
+#
+#   NSSOCSPDefaultURL defines the service URL of the OCSP responder
+#   NSSOCSPDefaultName is the nickname of the certificate to trust to
+#       sign the OCSP responses.
+#NSSOCSPDefaultResponder on
+#NSSOCSPDefaultURL http://example.com/ocsp/status
+#NSSOCSPDefaultName ocsp-nickname
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_nss documentation
+#   for more details.
+#<Location />
+#NSSRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "NSSRequireSSL" or "NSSRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#NSSOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    NSSOptions +StdEnvVars
+</Files>
+<Directory "/usr/cgi-bin">
+    NSSOptions +StdEnvVars
+</Directory>
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+#CustomLog /home/rcrit/redhat/apache/logs/ssl_request_log \
+#          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>                                  
+
+</IfDefine>
diff --git a/www-apache/mod_nss/metadata.xml b/www-apache/mod_nss/metadata.xml
new file mode 100644
index 000000000000..1508bf7f6ae4
--- /dev/null
+++ b/www-apache/mod_nss/metadata.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer>
+        <email>lxnay@gentoo.org</email>
+</maintainer>
+<use>
+	<flag name='ecc'>enable Elliptical Curve Cyptography</flag>
+</use>
+</pkgmetadata>
diff --git a/www-apache/mod_nss/mod_nss-1.0.11.ebuild b/www-apache/mod_nss/mod_nss-1.0.11.ebuild
new file mode 100644
index 000000000000..26a9b92c985b
--- /dev/null
+++ b/www-apache/mod_nss/mod_nss-1.0.11.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit autotools apache-module eutils
+
+DESCRIPTION="SSL/TLS module for the Apache HTTP server"
+HOMEPAGE="https://fedorahosted.org/mod_nss/"
+SRC_URI="https://fedorahosted.org/released/mod_nss/${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+ecc"
+
+DEPEND=">=dev-libs/nss-3.11.4
+	>=dev-libs/nspr-4.6.4
+	virtual/pkgconfig
+	sys-apps/sed
+"
+RDEPEND="
+	>=dev-libs/nss-3.11.4
+	>=dev-libs/nspr-4.6.4
+	net-dns/bind-tools
+"
+
+APACHE2_MOD_CONF="47_${PN}"
+APACHE2_MOD_DEFINE="NSS"
+
+DOCFILES="NOTICE README"
+
+need_apache2
+
+src_prepare() {
+	# setup proper exec name
+	sed -i -e 's/certutil/nsscertutil/' gencert.in || die "sed failed"
+	epatch "${FILESDIR}"/${PN}-parallel-build.patch
+
+	eautoreconf
+}
+
+src_configure() {
+	econf $(use_enable ecc) --with-apxs=${APXS}
+}
+
+src_compile() {
+	emake
+}
+
+src_install() {
+	# override broken build system
+	mv .libs/libmodnss.so .libs/"${PN}".so || die "cannot move lib"
+	dosbin gencert nss_pcache
+	dohtml docs/mod_nss.html
+	newbin migrate.pl nss_migrate
+	dodir /etc/apache2/nss
+	apache-module_src_install
+}
author	Robin H. Johnson <robbat2@gentoo.org>	2015-08-08 13:49:04 -0700
committer	Robin H. Johnson <robbat2@gentoo.org>	2015-08-08 17:38:18 -0700
commit	56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree	3f91093cdb475e565ae857f1c5a7fd339e2d781e /www-apache/mod_nss
download	gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip