From f3797e25505b803a423e937a6e058ff36b49d593 Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@redhat.com>
Date: Jun 05 2017 17:30:59 +0000
Subject: Merge branch 'master' into f26


---

diff --git a/.gitignore b/.gitignore
index 62a3130..65aa7f9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,5 +24,5 @@ x86_64
 /httpd-2.4.18.tar.bz2
 /httpd-2.4.23.tar.bz2
 /httpd-2.4.25.tar.bz2
-/httpd.socket.5
-/httpd.service.5
+/httpd.socket.8
+/httpd.service.8
diff --git a/httpd.service b/httpd.service
index 5875d9c..1f707e8 100644
--- a/httpd.service
+++ b/httpd.service
@@ -1,4 +1,4 @@
-# See httpd.service(5) for more information on using the httpd service.
+# See httpd.service(8) for more information on using the httpd service.
 
 # Modifying this file in-place is not recommended, because changes
 # will be overwritten during package upgrades.  If you want to
@@ -15,6 +15,7 @@
 [Unit]
 Description=The Apache HTTP Server
 After=network.target remote-fs.target nss-lookup.target
+Documentation=man:httpd.service(8)
 
 [Service]
 Type=notify
diff --git a/httpd.service.xml b/httpd.service.xml
index 9524045..d03e133 100644
--- a/httpd.service.xml
+++ b/httpd.service.xml
@@ -3,6 +3,24 @@
   "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
 
 ]>
+<!--
+ Copyright 2017 Red Hat, Inc.
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
 
 <refentry>
   <refentryinfo>
@@ -13,7 +31,7 @@
 
   <refmeta>
     <refentrytitle>httpd.service</refentrytitle>
-    <manvolnum>5</manvolnum>
+    <manvolnum>8</manvolnum>
   </refmeta>
   
   <refnamediv>
@@ -41,6 +59,17 @@
     socket-based activation. Most systems will use
     <command>httpd.service</command>.</para>
 
+    <para>The <command>apachectl</command> command has been modified
+    to invoke <command>systemctl</command> for most uses, so for
+    example, running <command>apachectl start</command> is equivalent
+    to running <command>systemctl start httpd.service</command>.  This
+    ensures that the running httpd daemon is tracked and managed by
+    <command>systemd</command>.  In contrast, running
+    <command>httpd</command> directly from a root shell will start the
+    service outside of <command>systemd</command>; in this case,
+    default security restrictions described below (including, but not
+    limited to, SELinux) will not be enforced.</para>
+
     <refsect2>
       <title>Changing default behaviour</title>
 
@@ -55,13 +84,12 @@
       <filename>/etc/systemd/system/httpd.service.d</filename> which
       over-rides the system defaults.</para>
 
-      <para>For example, to set the <literal>LD_LIBRARY_PATH</literal>
+      <para>For example, to set the <option>LD_LIBRARY_PATH</option>
       environment variable for the daemon, run <command>systemctl edit
       httpd.service</command> and enter:
 
       <programlisting>[Service]
 Environment=LD_LIBRARY_PATH=/opt/vendor/lib</programlisting></para>
-
     </refsect2>
     
     <refsect2>
@@ -76,7 +104,7 @@ Environment=LD_LIBRARY_PATH=/opt/vendor/lib</programlisting></para>
       IPv4 or IPv6 address.</para>
 
       <para>If httpd is configured to depend on any specific IP
-      address (for example, with a "Listen" directive), which may only
+      address (for example, with a "Listen" directive) which may only
       become available during startup, or if httpd depends on other
       services (such as a database daemon), the service
       <emphasis>must</emphasis> be configured to ensure correct
@@ -84,7 +112,7 @@ Environment=LD_LIBRARY_PATH=/opt/vendor/lib</programlisting></para>
 
       <para>For example, to ensure httpd is only running after all
       configured network interfaces are configured, create a drop-in
-      file (as described above) with the following:
+      file (as described above) with the following section:
 
       <programlisting>[Unit]
 After=network-online.target
@@ -100,7 +128,7 @@ Wants=network-online.target</programlisting>
       <title>Reloading and stopping the service</title>
 
       <para>When running <command>systemctl reload
-      httpd.service</command>, a "<emphasis>graceful</emphasis>"
+      httpd.service</command>, a <emphasis>graceful</emphasis>
       restart is used, which sends a signal to the httpd parent
       process to reload the configuration and re-open log files. Any
       children with open connections at the time of reload will
@@ -110,7 +138,7 @@ Wants=network-online.target</programlisting>
       delay before any configuration changes take effect for all
       users.</para>
 
-      <para>Similarly, a "<emphasis>graceful stop</emphasis>" is used
+      <para>Similarly, a <emphasis>graceful stop</emphasis> is used
       when <command>systemctl stop httpd.service</command> is run,
       which terminates the server only once active connections have
       been processed.</para>
@@ -120,7 +148,7 @@ Wants=network-online.target</programlisting>
     <refsect2>
       <title>systemd integration and mod_systemd</title>
 
-      <para>httpd.service uses the "<option>notify</option>" systemd
+      <para>The httpd service uses the <option>notify</option> systemd
       service type. The <literal>mod_systemd</literal> module must be
       loaded (as in the default configuration) for this to work
       correctly - the service will fail if this module is not
@@ -135,12 +163,12 @@ Wants=network-online.target</programlisting>
       <title>Security and SELinux</title>
 
       <para>The default SELinux policy restricts the httpd service in
-      various ways. The ports to which httpd can bind (using the
-      <literal>Listen</literal> directive), which parts of the
-      filesystem can be accessed, whether outgoing TCP connections are
-      possible, are limited by default, for example. Many of these
-      restrictions can be lifted using SELinux booleans and port
-      types. See
+      various ways. For example, the default policy limits the ports
+      to which httpd can bind (using the <literal>Listen</literal>
+      directive), which parts of the filesystem can be accessed, and
+      whether outgoing TCP connections are possible. Many of these
+      restrictions can be adjusted using <command>semanage</command>
+      to change booleans or other types. See
       <citerefentry><refentrytitle>httpd_selinux</refentrytitle><manvolnum>8</manvolnum></citerefentry>
       for more information.</para>
 
@@ -173,7 +201,8 @@ Wants=network-online.target</programlisting>
     <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, 
     <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
     <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>httpd_selinux</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    <citerefentry><refentrytitle>httpd_selinux</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+    <citerefentry><refentrytitle>semanage</refentrytitle><manvolnum>8</manvolnum></citerefentry>
     </para>
   </refsect1>
 
diff --git a/httpd.socket b/httpd.socket
index a75779c..074695e 100644
--- a/httpd.socket
+++ b/httpd.socket
@@ -1,7 +1,8 @@
-# See httpd.socket(5) for more information on using the httpd service.
+# See httpd.socket(8) for more information on using the httpd service.
 
 [Unit]
 Description=Apache httpd Server Socket
+Documentation=man:httpd.socket(8)
 
 [Socket]
 ListenStream=80
diff --git a/httpd.spec b/httpd.spec
index 34ae869..3db2d21 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -8,7 +8,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.25
-Release: 9%{?dist}
+Release: 10%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: index.html
@@ -439,9 +439,8 @@ install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \
 	$RPM_BUILD_ROOT/etc/logrotate.d/httpd
 
 # Install systemd service man pages
-mkdir -p $RPM_BUILD_ROOT%{_mandir}/man5
-install -m 644 -p httpd.service.5 httpd.socket.5 \
-        $RPM_BUILD_ROOT%{_mandir}/man5
+install -m 644 -p httpd.service.8 httpd.socket.8 \
+        $RPM_BUILD_ROOT%{_mandir}/man8
 
 # fix man page paths
 sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \
@@ -633,7 +632,6 @@ rm -rf $RPM_BUILD_ROOT
 %attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
 
 %{_mandir}/man8/*
-%{_mandir}/man5/*
 
 %{_unitdir}/*.service
 %{_unitdir}/*.socket
@@ -700,6 +698,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Mon Jun  5 2017 Joe Orton <jorton@redhat.com> - 2.4.25-10
+- move unit man pages to section 8, add as Documentation= in units
+
 * Fri May 19 2017 Joe Orton <jorton@redhat.com> - 2.4.25-9
 - add httpd.service(5) and httpd.socket(5) man pages