From 95798203fe321c2f64d2e4abc64a64dcc3aa3e9e Mon Sep 17 00:00:00 2001 From: Clinton Ebadi Date: Sun, 14 Oct 2018 15:23:12 -0400 Subject: [PATCH] apache: remove php5-cgi support, always generate php config Only fastcgi php is supported going forward since suphp has long been deprecated. Config.Apache.defaultPhpVersion has been removed; since PhpVersion will always be specified, there is no reason for domtool not to explicitly generate config instead of relying on the ambient apache config to set default handlers for php. The kerberos/afs fastcgi wrapper is suppressed on non-waklog systems, but ONLY when php is configured from PhpVersion in the vhost as a whole; the phpVersion and fastScriptAlias actions don't have access to the node they are being generated on, and can't detect that waklog is not supported. Will need to be fixed eventually... --- configDefault/apache.cfg | 2 -- configDefault/apache.csg | 1 - lib/apache.dtl | 1 - scripts/domtool-publish | 3 ++- src/plugins/apache.sml | 31 ++++++++++++------------------- 5 files changed, 14 insertions(+), 24 deletions(-) diff --git a/configDefault/apache.cfg b/configDefault/apache.cfg index b2c321e..a65b7d8 100644 --- a/configDefault/apache.cfg +++ b/configDefault/apache.cfg @@ -78,8 +78,6 @@ fun fastCgiWrapperOf user = (* FIXME: hcoop reference *) val phpFastCgiWrapper = "/afs/hcoop.net/common/bin/php5-fcgi-wrapper" -val defaultPhpVersion = 5 - val waklogUserFile = ConfigCore.localRoot ^ "/waklog.conf" end diff --git a/configDefault/apache.csg b/configDefault/apache.csg index d81f912..451ab40 100644 --- a/configDefault/apache.csg +++ b/configDefault/apache.csg @@ -27,7 +27,6 @@ signature APACHE_CONFIG = sig val backupLogDirOf : bool -> string val fastCgiWrapperOf : string -> string - val defaultPhpVersion : int val phpFastCgiWrapper : string val waklogUserFile : string diff --git a/lib/apache.dtl b/lib/apache.dtl index c56a380..feabe77 100644 --- a/lib/apache.dtl +++ b/lib/apache.dtl @@ -34,7 +34,6 @@ extern val no_ssl : ssl; extern val use_cert : ssl_cert_path -> ssl; extern type php_version; -extern val php5 : php_version; extern val fast_php : php_version; {{FastCGI based php5. Much faster than regular php5.}} diff --git a/scripts/domtool-publish b/scripts/domtool-publish index 1f1129e..31cc351 100755 --- a/scripts/domtool-publish +++ b/scripts/domtool-publish @@ -2,7 +2,8 @@ # grab tokens in case they were dropped by sudo if [ -x "$(which aklog)" ]; then - aklog + # ignore exit code, may fail on older versions + aklog || true fi redo_exim() { diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml index c97b9a3..fa5cc3a 100644 --- a/src/plugins/apache.sml +++ b/src/plugins/apache.sml @@ -466,8 +466,7 @@ fun vhostPost () = (!post (); write "\n"; app (TextIO.closeOut o #2) (!vhostFiles)) -val php_version = fn (EVar "php5", _) => SOME 5 - | (EVar "fast_php", _) => SOME 6 +val php_version = fn (EVar "fast_php", _) => SOME 6 | _ => NONE fun vhostBody (env, makeFullHost) = @@ -532,15 +531,7 @@ fun vhostBody (env, makeFullHost) = (TextIO.output (file, "\n\tSuexecUserGroup "); TextIO.output (file, user); TextIO.output (file, " "); - TextIO.output (file, group); - (* suPHP is no longer used for fastcgi php and php 7.x *) - (if php < 6 then - (TextIO.output (file, "\n\tsuPHP_UserGroup "); - TextIO.output (file, user); - TextIO.output (file, " "); - TextIO.output (file, group)) - else - ())) + TextIO.output (file, group)) else (); @@ -556,17 +547,17 @@ fun vhostBody (env, makeFullHost) = TextIO.output (file, user); TextIO.output (file, "/DAVLock"); - if php = Config.Apache.defaultPhpVersion - then - () - else if php = 6 + if php = 6 then - (* fastcgi php 5.6 since 6 doesn't exist *) + (* fastcgi php 5.6, using version 6 since php6 doesn't exist *) (TextIO.output (file, "\n\tAddHandler fcgid-script .php .phtml"); - (* FIXME: only set kerberos wrapper of waklog is on *) map (fn ext => (TextIO.output (file, "\n\tFcgidWrapper \""); - TextIO.output (file, Config.Apache.fastCgiWrapperOf user); - TextIO.output (file, " "); + (* kerberos wrapper, simulates waklog+mod_cgi *) + if isWaklog node then + (TextIO.output (file, Config.Apache.fastCgiWrapperOf user); + TextIO.output (file, " ")) + else + (); TextIO.output (file, Config.Apache.phpFastCgiWrapper); TextIO.output (file, "\" "); TextIO.output (file, ext))) @@ -817,6 +808,7 @@ val () = Env.action_two "fastScriptAlias" write "\tSetHandler fcgid-script\n"; (* FIXME: only set kerberos wrapper of waklog is on *) + (* won't be trivial, since we don't have access to node here *) write "\tFcgidWrapper \""; write (Config.Apache.fastCgiWrapperOf (Domain.getUser ())); write " "; @@ -1160,6 +1152,7 @@ val () = Env.action_one "phpVersion" (* fastcgi php 5.6 since 6 doesn't exist *) (write "\tAddHandler fcgid-script .php .phtml\n"; (* FIXME: only set kerberos wrapper of waklog is on *) + (* won't be trivial, since we don't have access to node here *) write "\n\tFcgidWrapper \""; write (Config.Apache.fastCgiWrapperOf (Domain.getUser ())); write " "; -- 2.20.1