From 9e6acdebe5136a6b836085f1ab73351cd8cc7df6 Mon Sep 17 00:00:00 2001
From: Craig Comstock <craig.comstock@northern.tech>
Date: Fri, 9 Aug 2024 11:33:26 -0500
Subject: [PATCH] Added nghttp2 as a vendored dependency we build as part of
 the hub package for apache http2 support

In order to use http2 module we must switch from mpm prefork in apache to fpm in php

Ticket: ENT-11440
Changelog: title
---
 build-scripts/compile-options                 |  2 +-
 deps-packaging/apache/cfbuild-apache.spec     |  2 +-
 deps-packaging/apache/debian/rules            |  1 -
 deps-packaging/apache/httpd.conf              |  8 +++
 deps-packaging/nghttp2/cfbuild-nghttp2.spec   | 67 +++++++++++++++++++
 .../debian/cfbuild-nghttp2-devel.install      |  2 +
 .../nghttp2/debian/cfbuild-nghttp2.install    |  1 +
 deps-packaging/nghttp2/debian/compat          |  1 +
 deps-packaging/nghttp2/debian/control         | 18 +++++
 deps-packaging/nghttp2/debian/copyright       |  0
 deps-packaging/nghttp2/debian/rules           | 50 ++++++++++++++
 deps-packaging/nghttp2/distfiles              |  1 +
 deps-packaging/nghttp2/source                 |  1 +
 deps-packaging/php/cfbuild-php.spec           |  5 +-
 deps-packaging/php/debian/rules               |  5 +-
 deps-packaging/release-monitoring.json        |  1 +
 packaging/common/cfengine-hub/postinstall.sh  |  2 +-
 17 files changed, 155 insertions(+), 12 deletions(-)
 create mode 100644 deps-packaging/nghttp2/cfbuild-nghttp2.spec
 create mode 100644 deps-packaging/nghttp2/debian/cfbuild-nghttp2-devel.install
 create mode 100644 deps-packaging/nghttp2/debian/cfbuild-nghttp2.install
 create mode 100644 deps-packaging/nghttp2/debian/compat
 create mode 100644 deps-packaging/nghttp2/debian/control
 create mode 100644 deps-packaging/nghttp2/debian/copyright
 create mode 100644 deps-packaging/nghttp2/debian/rules
 create mode 100644 deps-packaging/nghttp2/distfiles
 create mode 100644 deps-packaging/nghttp2/source

diff --git a/build-scripts/compile-options b/build-scripts/compile-options
index 11b091805..2efea9b64 100644
--- a/build-scripts/compile-options
+++ b/build-scripts/compile-options
@@ -208,7 +208,7 @@ case "$ROLE" in
     # HUB-ONLY dependencies
     hub)
         var_append DEPS "libcurl-hub"
-        var_append DEPS "libexpat apr apr-util apache git rsync"
+        var_append DEPS "nghttp2 libexpat apr apr-util apache git rsync"
         var_append DEPS "postgresql php"
         ;;
     # AGENT-ONLY dependencies
diff --git a/deps-packaging/apache/cfbuild-apache.spec b/deps-packaging/apache/cfbuild-apache.spec
index 8fd727d13..cc113dae6 100644
--- a/deps-packaging/apache/cfbuild-apache.spec
+++ b/deps-packaging/apache/cfbuild-apache.spec
@@ -30,13 +30,13 @@ CPPFLAGS=-I%{buildprefix}/include
     --prefix=%{prefix}/httpd \
     --enable-so \
     --enable-mods-shared="all ssl ldap authnz_ldap" \
+    --enable-http2 \
     --with-z=%{prefix} \
     --with-ssl=%{prefix} \
     --with-ldap=%{prefix} \
     --with-apr=%{prefix} \
     --with-apr-util=%{prefix} \
     --with-pcre=%{prefix}/bin/pcre2-config \
-    --with-mpm=prefork \
     CPPFLAGS="$CPPFLAGS"
 
 %build
diff --git a/deps-packaging/apache/debian/rules b/deps-packaging/apache/debian/rules
index 504541046..d76a3e604 100755
--- a/deps-packaging/apache/debian/rules
+++ b/deps-packaging/apache/debian/rules
@@ -24,7 +24,6 @@ build-stamp:
 --with-apr=$(PREFIX) \
 --with-apr-util=$(PREFIX) \
 --with-pcre=$(PREFIX)/bin/pcre2-config \
---with-mpm=prefork \
 CPPFLAGS="$(CPPFLAGS)"
 	make
 
diff --git a/deps-packaging/apache/httpd.conf b/deps-packaging/apache/httpd.conf
index 6a98248fa..6bbb34145 100644
--- a/deps-packaging/apache/httpd.conf
+++ b/deps-packaging/apache/httpd.conf
@@ -56,6 +56,8 @@ LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 # Required to log into mission portal
 LoadModule authz_core_module modules/mod_authz_core.so
 
+# Enable http2
+LoadModule http2_module modules/mod_http2.so
 
 # TRACE can be useful for debugging, but can be abused to perform Cross-Site
 # Tracing (XST) attacheks in order to obtain access to user cooking via
@@ -178,6 +180,12 @@ LogLevel warn
   SSLRandomSeed startup builtin
   SSLRandomSeed connect builtin
 
+
+# Enable http2. As described in https://httpd.apache.org/docs/2.4/howto/http2.html
+# there is no need to do an IfModule check here as the Protocols are free-form
+# and not validated in any way.
+Protocols h2 h2c http/1.1
+
   <VirtualHost _default_:443>
     DocumentRoot "/var/cfengine/httpd/htdocs/public"
     Alias "/api" "/var/cfengine/httpd/htdocs/api"
diff --git a/deps-packaging/nghttp2/cfbuild-nghttp2.spec b/deps-packaging/nghttp2/cfbuild-nghttp2.spec
new file mode 100644
index 000000000..07aeb11e6
--- /dev/null
+++ b/deps-packaging/nghttp2/cfbuild-nghttp2.spec
@@ -0,0 +1,67 @@
+%define nghttp2_version 1.62.1
+
+Summary: CFEngine Build Automation -- nghttp2
+Name: cfbuild-nghttp2
+Version: %{version}
+Release: 1
+Source0: nghttp2-%{nghttp2_version}.tar.xz
+License: MIT
+Group: Other
+Url: nghttp2.org
+BuildRoot: %{_topdir}/BUILD/%{name}-%{version}-%{release}-buildroot
+
+AutoReqProv: no
+
+%define prefix %{buildprefix}
+%prep
+mkdir -p %{_builddir}
+%setup -q -n nghttp2-%{nghttp2_version}
+
+./configure --prefix=%{prefix}
+
+%build
+
+make
+
+%install
+
+rm -rf ${RPM_BUILD_ROOT}
+
+make install DESTDIR=${RPM_BUILD_ROOT}
+
+# Remove unused files
+rm -rf ${RPM_BUILD_ROOT}%{prefix}/lib/libnghttp2.*a
+rm -rf ${RPM_BUILD_ROOT}%{prefix}/share/doc/nghttp2/README.rst
+rm -rf ${RPM_BUILD_ROOT}%{prefix}/share/man/man1/h2load.1
+rm -rf ${RPM_BUILD_ROOT}%{prefix}/share/man/man1/nghttp*
+rm -rf ${RPM_BUILD_ROOT}%{prefix}/share/nghttp2/fetch-ocsp-response
+
+%clean
+
+rm -rf $RPM_BUILD_ROOT
+
+%package devel
+Summary: CFEngine Build Automation -- nghttp2 -- development files
+Group: Other
+AutoReqProv: no
+
+%description
+CFEngine Build Automation -- nghttp2
+
+%description devel
+CFEngine Build Automation -- nghttp2 -- development files
+
+%files
+%defattr(-,root,root)
+
+%dir %prefix/lib
+%prefix/lib/*.so*
+
+%files devel
+%defattr(-,root,root)
+
+%prefix/include
+%dir %prefix/lib
+%prefix/lib/pkgconfig
+
+%changelog
diff --git a/deps-packaging/nghttp2/debian/cfbuild-nghttp2-devel.install b/deps-packaging/nghttp2/debian/cfbuild-nghttp2-devel.install
new file mode 100644
index 000000000..96c4b3019
--- /dev/null
+++ b/deps-packaging/nghttp2/debian/cfbuild-nghttp2-devel.install
@@ -0,0 +1,2 @@
+/var/cfengine/include
+/var/cfengine/lib/pkgconfig
diff --git a/deps-packaging/nghttp2/debian/cfbuild-nghttp2.install b/deps-packaging/nghttp2/debian/cfbuild-nghttp2.install
new file mode 100644
index 000000000..d47339c9d
--- /dev/null
+++ b/deps-packaging/nghttp2/debian/cfbuild-nghttp2.install
@@ -0,0 +1 @@
+/var/cfengine/lib/*.so*
diff --git a/deps-packaging/nghttp2/debian/compat b/deps-packaging/nghttp2/debian/compat
new file mode 100644
index 000000000..f599e28b8
--- /dev/null
+++ b/deps-packaging/nghttp2/debian/compat
@@ -0,0 +1 @@
+10
diff --git a/deps-packaging/nghttp2/debian/control b/deps-packaging/nghttp2/debian/control
new file mode 100644
index 000000000..778b59ddc
--- /dev/null
+++ b/deps-packaging/nghttp2/debian/control
@@ -0,0 +1,18 @@
+Source: cfbuild-nghttp2
+Section: libs
+Priority: optional
+Maintainer: CFEngine Packages <packager@cfengine.com>
+Build-Depends: debhelper
+Standard-Version: 3.8.4
+
+Package: cfbuild-nghttp2
+Section: libs
+Architecture: any
+Description: CFEngine Build Automation -- nghttp2
+ CFEngine Build Automation -- nghttp2
+
+Package: cfbuild-nghttp2-devel
+Section: libdevel
+Architecture: any
+Desciption: CFEngine Build Automation -- cfbuild-nghttp2-devel
+ CFEngine Build Automation -- cfbuild-nghttp2-devel
diff --git a/deps-packaging/nghttp2/debian/copyright b/deps-packaging/nghttp2/debian/copyright
new file mode 100644
index 000000000..e69de29bb
diff --git a/deps-packaging/nghttp2/debian/rules b/deps-packaging/nghttp2/debian/rules
new file mode 100644
index 000000000..cf106c36b
--- /dev/null
+++ b/deps-packaging/nghttp2/debian/rules
@@ -0,0 +1,50 @@
+#!/usr/bin/make -f
+PREFIX=$(BUILDPREFIX)
+
+clean:
+	dh_testdir
+	dh_testroot
+
+	dh_clean
+
+build: build-stamp
+build-stamp:
+	dh_testdir
+
+	./configure --prefix=$(PREFIX)
+
+	make
+
+	touch build-stamp
+
+install: build
+	dh_testdir
+	dh_testroot
+	dh_clean -k
+	dh_installdirs
+
+	$(MAKE) install DESTDIR=$(CURDIR)/debian/tmp
+
+	rm -rf $(CURDIR)/debian/tmp$(PREFIX)/lib/libnghttp2.*a
+	rm -rf $(CURDIR)/debian/tmp$(PREFIX)/share/doc/nghttp2/README.rst
+	rm -rf $(CURDIR)/debian/tmp$(PREFIX)/share/man/man1/h2load.1
+	rm -rf $(CURDIR)/debian/tmp$(PREFIX)/share/man/man1/nghttp*
+	rm -rf $(CURDIR)/debian/tmp$(PREFIX)/share/nghttp2
+
+binary-indep: build install
+
+binary-arch: build install
+	dh_testdir
+	dh_testroot
+	dh_install --sourcedir=debian/tmp
+	dh_link
+	dh_strip
+	dh_compress
+	dh_fixperms
+	dh_installdeb
+	dh_gencontrol
+	dh_md5sums
+	dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install configure
diff --git a/deps-packaging/nghttp2/distfiles b/deps-packaging/nghttp2/distfiles
new file mode 100644
index 000000000..ab9b85cef
--- /dev/null
+++ b/deps-packaging/nghttp2/distfiles
@@ -0,0 +1 @@
+2345d4dc136fda28ce243e0bb21f2e7e8ef6293d62c799abbf6f633a6887af72  nghttp2-1.62.1.tar.xz
diff --git a/deps-packaging/nghttp2/source b/deps-packaging/nghttp2/source
new file mode 100644
index 000000000..bbdbefacd
--- /dev/null
+++ b/deps-packaging/nghttp2/source
@@ -0,0 +1 @@
+https://github.com/nghttp2/nghttp2/releases/download/v1.62.1/
diff --git a/deps-packaging/php/cfbuild-php.spec b/deps-packaging/php/cfbuild-php.spec
index 25d0bcedd..1bdd526eb 100644
--- a/deps-packaging/php/cfbuild-php.spec
+++ b/deps-packaging/php/cfbuild-php.spec
@@ -45,10 +45,7 @@ LDFLAGS=""
   --enable-mbstring \
   --enable-sockets \
   --disable-mbregex \
-  --without-fpm-user \
-  --without-fpm-group \
-  --without-fpm-systemd \
-  --without-fpm-acl \
+  --enable-fpm \
   --without-layout \
   --without-sqlite3 \
   --without-bz2 \
diff --git a/deps-packaging/php/debian/rules b/deps-packaging/php/debian/rules
index 94eaf588d..469606184 100755
--- a/deps-packaging/php/debian/rules
+++ b/deps-packaging/php/debian/rules
@@ -25,10 +25,7 @@ build-stamp:
 --enable-mbstring \
 --enable-sockets \
 --disable-mbregex \
---without-fpm-user \
---without-fpm-group \
---without-fpm-systemd \
---without-fpm-acl \
+--enable-fpm \
 --without-layout \
 --without-sqlite3 \
 --without-bz2 \
diff --git a/deps-packaging/release-monitoring.json b/deps-packaging/release-monitoring.json
index e9749b68e..1eb7b9f46 100644
--- a/deps-packaging/release-monitoring.json
+++ b/deps-packaging/release-monitoring.json
@@ -14,6 +14,7 @@
         "libxml2":"1783",
         "libyaml":"13522",
         "lmdb":"6974",
+        "nghttp2":"8651",
         "openldap":"2551",
         "openssl":"2566",
         "pcre2":"5832",
diff --git a/packaging/common/cfengine-hub/postinstall.sh b/packaging/common/cfengine-hub/postinstall.sh
index 9189d1e75..24a78b966 100644
--- a/packaging/common/cfengine-hub/postinstall.sh
+++ b/packaging/common/cfengine-hub/postinstall.sh
@@ -87,7 +87,7 @@ fi
 #Copy necessary Files and permissions
 #
 cp "$PREFIX/lib/php"/*.ini "$PREFIX/httpd/php/lib"
-EXTENSIONS_DIR="$(ls -d -1 "$PREFIX/httpd/php/lib/php/extensions/no-debug-non-zts-"*|tail -1)"
+EXTENSIONS_DIR="$(ls -d -1 "$PREFIX/httpd/php/lib/php/extensions/no-debug-zts-"*|tail -1)"
 cp "$PREFIX/lib/php"/*.so "$EXTENSIONS_DIR"
 
 #