aboutsummaryrefslogtreecommitdiffstats
path: root/main/nginx/APKBUILD
blob: a519ca5745bd9d592542fc796f3a666debab350a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: Jeff Bilyk <jbilyk@gmail.com>
# Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
#   1.12.1-r0:
#     - CVE-2017-7529
#
pkgname=nginx
pkgver=1.12.1
pkgrel=3
# Revision of nginx-tests to use for check().
_tests_hgrev=cdd44ff602db
pkgdesc="HTTP and reverse proxy server (stable version)"
url="http://www.nginx.org/en"
arch="all"
license="custom"
depends=""
makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev
	libressl-dev paxmark pcre-dev perl-dev pkgconf zlib-dev"
checkdepends="perl perl-fcgi perl-io-socket-ssl perl-net-ssleay
	perl-protocol-websocket uwsgi-python"
pkgusers="nginx"
_grp_ngx="nginx"
_grp_www="www-data"
pkggroups="$_grp_ngx $_grp_www"
install="$pkgname.pre-install $pkgname.post-upgrade"
subpackages="$pkgname-doc $pkgname-vim::noarch"
replaces="$pkgname-common $pkgname-initscripts $pkgname-lua $pkgname-rtmp"
source="http://nginx.org/download/$pkgname-$pkgver.tar.gz
	$pkgname-tests-$_tests_hgrev.tar.gz::http://hg.nginx.org/nginx-tests/archive/$_tests_hgrev.tar.gz
	echo-nginx-module~fix-nginx-1.12.patch
	lua-nginx-module~fix-nginx-1.12.patch
	lua-nginx-module~fix-libressl.patch
	nginx.conf
	default.conf
	$pkgname.logrotate
	$pkgname.initd
	"
builddir="$srcdir/$pkgname-$pkgver"

_modules_dir="usr/lib/$pkgname/modules"

# luajit is not available for s390x and ppc64le
case "$CARCH" in
	ppc64le | s390x) makedepends="$makedepends lua5.1-dev";;
	*) makedepends="$makedepends luajit-dev";;
esac

# Built-in dynamic modules
for _mod in \
	http-geoip \
	http-image-filter \
	http-perl \
	http-xslt-filter \
	mail \
	stream \
	stream-geoip
do
	subpackages="$subpackages $pkgname-mod-$_mod:_module"
done

# Third-party dynamic modules

# For simplicity we assume that module is hosted on GitHub.
_add_module() {
	local name="$1" ver="$2" url="$3"
	local dirname="${url##*/}-${ver#v}"

	subpackages="$subpackages $pkgname-mod-$name:_module"
	source="$source $dirname.tar.gz::$url/archive/$ver.tar.gz"
	_extra_flags="$_extra_flags --add-dynamic-module=$srcdir/$dirname"
}

_add_module "devel-kit" "v0.3.0" "https://github.com/simpl/ngx_devel_kit"
_devel_kit_so="ndk_http_module.so"

_add_module "http-cache-purge" "2.4.1" "https://github.com/nginx-modules/ngx_cache_purge"

_add_module "http-echo" "v0.60" "https://github.com/openresty/echo-nginx-module"

_add_module "http-fancyindex" "v0.4.1" "https://github.com/aperezdc/ngx-fancyindex"

_add_module "http-headers-more" "v0.32" "https://github.com/openresty/headers-more-nginx-module"
_http_headers_more_so="ngx_http_headers_more_filter_module.so"

_add_module "http-lua" "v0.10.8" "https://github.com/openresty/lua-nginx-module"
_http_lua_depends="$pkgname-mod-devel-kit"
_http_lua_provides="$pkgname-lua"  # for backward compatibility

_add_module "http-lua-upstream" "v0.06" "https://github.com/openresty/lua-upstream-nginx-module"
_http_lua_upstream_depends="$pkgname-mod-http-lua"

_add_module "http-nchan" "v1.1.7" "https://github.com/slact/nchan"
_http_nchan_so="ngx_nchan_module.so"

_add_module "http-shibboleth" "v2.0.1" "https://github.com/nginx-shib/nginx-http-shibboleth"

_add_module "http-redis2" "v0.14" "https://github.com/openresty/redis2-nginx-module"

_add_module "http-set-misc" "v0.31" "https://github.com/openresty/set-misc-nginx-module"
_http_set_misc_depends="$pkgname-mod-devel-kit"

_add_module "http-upload-progress" "v0.9.2" "https://github.com/masterzen/nginx-upload-progress-module"
_http_upload_progress_so="ngx_http_uploadprogress_module.so"

_add_module "http-upstream-fair" "v0.1.2" "https://github.com/itoffshore/nginx-upstream-fair"

_add_module "rtmp" "v1.1.11" "https://github.com/arut/nginx-rtmp-module"
_rtmp_provides="$pkgname-rtmp"  # for backward compatibility


prepare() {
	local file; for file in $source; do
		case $file in
		*~*.patch)
			msg $file
			cd "$srcdir"/${file%%~*}-*
			patch -p 1 -i "$srcdir/$file"
			;;
		*.patch)
			msg $file
			cd "$builddir"
			patch -p 1 -i "$srcdir/$file"
			;;
		esac
	done

	# This test requires superuser privileges and CAP_NET_ADMIN.
	rm "$srcdir"/nginx-tests-*/proxy_bind_transparent.t
}

build() {
	cd "$builddir"

	export LUAJIT_LIB="$(pkgconf --variable=libdir luajit)"
	export LUAJIT_INC="$(pkgconf --variable=includedir luajit)"
	./configure \
		--prefix=/var/lib/$pkgname \
		--sbin-path=/usr/sbin/$pkgname \
		--modules-path=/$_modules_dir \
		--conf-path=/etc/$pkgname/$pkgname.conf \
		--pid-path=/run/$pkgname/$pkgname.pid \
		--lock-path=/run/$pkgname/$pkgname.lock \
		--http-client-body-temp-path=/var/tmp/$pkgname/client_body \
		--http-proxy-temp-path=/var/tmp/$pkgname/proxy \
		--http-fastcgi-temp-path=/var/tmp/$pkgname/fastcgi \
		--http-uwsgi-temp-path=/var/tmp/$pkgname/uwsgi \
		--http-scgi-temp-path=/var/tmp/$pkgname/scgi \
		--with-perl_modules_path=/usr/lib/perl5/vendor_perl \
		\
		--user=$pkgusers \
		--group=$_grp_ngx \
		--with-threads \
		--with-file-aio \
		\
		--with-http_ssl_module \
		--with-http_v2_module \
		--with-http_realip_module \
		--with-http_addition_module \
		--with-http_xslt_module=dynamic \
		--with-http_image_filter_module=dynamic \
		--with-http_geoip_module=dynamic \
		--with-http_sub_module \
		--with-http_dav_module \
		--with-http_flv_module \
		--with-http_mp4_module \
		--with-http_gunzip_module \
		--with-http_gzip_static_module \
		--with-http_auth_request_module \
		--with-http_random_index_module \
		--with-http_secure_link_module \
		--with-http_degradation_module \
		--with-http_slice_module \
		--with-http_stub_status_module \
		--with-http_perl_module=dynamic \
		--with-mail=dynamic \
		--with-mail_ssl_module \
		--with-stream=dynamic \
		--with-stream_ssl_module \
		--with-stream_realip_module \
		--with-stream_geoip_module=dynamic \
		--with-stream_ssl_preread_module \
		\
		$_extra_flags

	make
}

check() {
	cd "$srcdir"/nginx-tests-*

	TEST_NGINX_BINARY="$builddir/objs/nginx" prove .
}

package() {
	cd "$builddir"

	make DESTDIR="$pkgdir" install

	# Disable some PaX protections; this is needed for Lua module.
	local paxflags="-m"
	[ "$CARCH" = "x86" ] && paxflags="-msp"
	paxmark $paxflags "$pkgdir"/usr/sbin/nginx

	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
	install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README

	install -Dm644 objs/$pkgname.8 "$pkgdir"/usr/share/man/man8/$pkgname.8

	local name; for name in ngx_devel_kit lua-nginx-module nginx-rtmp-module; do
		cp -r "$srcdir"/$name-*/doc* "$pkgdir"/usr/share/doc/$pkgname/$name
	done

	cd "$pkgdir"

	install -Dm644 "$srcdir"/nginx.conf ./etc/$pkgname/nginx.conf
	install -Dm644 "$srcdir"/default.conf ./etc/$pkgname/conf.d/default.conf
	install -Dm755 "$srcdir"/$pkgname.initd ./etc/init.d/$pkgname
	install -Dm644 "$srcdir"/$pkgname.logrotate ./etc/logrotate.d/$pkgname

	install -dm755 ./etc/$pkgname/modules
	install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname
	install -dm700 -o $pkgusers -g $_grp_ngx ./var/tmp/$pkgname
	install -dm755 -g $_grp_www ./var/www/localhost/htdocs

	install -dm755 ./var/log
	mv ./var/lib/$pkgname/logs ./var/log/$pkgname

	ln -sf /$_modules_dir ./var/lib/$pkgname/modules
	ln -sf /var/log/$pkgname ./var/lib/$pkgname/logs
	ln -sf /var/tmp/$pkgname ./var/lib/$pkgname/tmp
	ln -sf /run/$pkgname ./var/lib/$pkgname/run

	# Remove archaic charset maps.
	rm ./etc/$pkgname/koi-* ./etc/$pkgname/win-utf

	rm -rf ./run ./etc/$pkgname/*.default
}

vim() {
	pkgdesc="$pkgdesc (vim syntax)"
	depends=

	mkdir -p "$subpkgdir"/usr/share/vim
	cp -r "$builddir"/contrib/vim "$subpkgdir"/usr/share/vim/vimfiles
}

_module() {
	local name="${subpkgname#$pkgname-mod-}"
	name="${name//-/_}"
	local soname="$(eval "echo \$_${name}_so")";
	soname="${soname:-"ngx_${name}_module.so"}"

	pkgdesc="$pkgdesc (module $name)"
	depends="$pkgname $(eval "echo \$_${name}_depends")"
	provides="$(eval "echo \$_${name}_provides")"

	mkdir -p "$subpkgdir"/$_modules_dir
	cd "$subpkgdir"

	mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname

	mkdir -p "$subpkgdir"/etc/nginx/modules
	echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf
}

sha512sums="3a2ad2a559b366dda92dd58c0fe40ee84dd60a3eaf72071454110e032c3e9a03f2a63b28fe3a615b527950521eeb533c687a2cc4c87524e1d8f3a0a5f043fdb6  nginx-1.12.1.tar.gz
ca8be839aef71c537d6d3a79e2894f38790834d6310c6d15ad06900c7c2d7cf71a113847ab96ef9be0fbdfff3b7808e74dea427502b275cfd6c909550f9ba9ab  nginx-tests-cdd44ff602db.tar.gz
401f57ed73941619cdd41061bd92fffc00730e34cc647ea3c9345225723e9c7ebd72d9d15a703cffd93b0a99d458a05fe5efa7373ae24f41b35279285b5ca0fa  echo-nginx-module~fix-nginx-1.12.patch
04f7d75ce15eba99be99a76d266903c17e48742ab4bf237b988bf84f00cdbf6510c3d4eee88a24620e56dc426220192df39f4736af157fdc4e4c50b4f1d794f2  lua-nginx-module~fix-nginx-1.12.patch
fd8bce0e7d69552267b8e405b07fc9323e25e06cceb8912a2d143952447a4299756e6a9a8a40f4eabe8b00fed475fd87ee4a982f5ad7449d59783e872c682451  lua-nginx-module~fix-libressl.patch
ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41  nginx.conf
0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3  default.conf
09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb  nginx.logrotate
eb183860cd511361346e4079c1fcf470985e1c3b2a034a57f8b2a92ba851fed99256261f9b779770a5f57e3750e9e71bd1550a9d19ad9bf3a4d288864f0374a2  nginx.initd
558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614  ngx_devel_kit-0.3.0.tar.gz
1134d404ec9fd163d410c6ac6d8ec55515586e470aad17f1909e23c4fd35217a39639fa24cdffcf3b32733bb83c5f47508e16fb22f9d2c42e8226bda51b4ae38  ngx_cache_purge-2.4.1.tar.gz
c455bee73cebd0752449472452d15614b9587ddd199263d366484ede890c4d108eacbbeaef31adc9dc7732b56ef2bfc73c0fef3366366db03a8ec3fdc27a985c  echo-nginx-module-0.60.tar.gz
ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1  ngx-fancyindex-0.4.1.tar.gz
e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1  headers-more-nginx-module-0.32.tar.gz
ad621cec178eb37109f16ebc30dbab7b1ea344ac4b523ff1e6ad62364b8cf437488a89c593ca44b446b729a1c578e3a97685851847b4b16a147ac9eca8f23a2a  lua-nginx-module-0.10.8.tar.gz
eee427887b172cde32f42c5b2158fb1e05742b102b996e48e99941a9c1a33ec7d473a8835c1d06686c02afeb5d5dbe0fec8ff700a363d6330821f108196e85da  lua-upstream-nginx-module-0.06.tar.gz
1e9b029912ef6e89dba8e3aed57d50848b52fbeb1077d965ca39aea14c2b34c11092ee53db47fb1df9e5adaf466f849c5a33cade881fddb420c1a036bc659d4b  nchan-1.1.7.tar.gz
1730845ea2e52be8c2f6cfceb2894304c5a07959a96940bb1617ee0e7cf81d22283304f411d9a219ddb71e4d9a66012bba0f6f5574d101aeb3c406f26c5d6a4e  nginx-http-shibboleth-2.0.1.tar.gz
a22cfab85f5a15cf4b778749227caee559982dbe7711e1c5698456b3821943ec66b7a980ed56612b7f2ae70d22832123be24e50a402c659c6f3eb1d98d60b4cd  redis2-nginx-module-0.14.tar.gz
c853b041cecc3521f888be3d0483c6cf23d239259ac4f5d35b10d4483b0fb06d1d22060adedcf6605b220d99f9051faf300d06989736d510b4486f943d3a675e  set-misc-nginx-module-0.31.tar.gz
c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c  nginx-upload-progress-module-0.9.2.tar.gz
4da7734301d21cd696fcc3aed1a496a93be15af373307487622c0a5920e79d9b580fd5836de7f9c0b60c01485021ba85afae1abb471e703c2d6e23c60ffe7d0a  nginx-upstream-fair-0.1.2.tar.gz
e7c897265d1e93b06f7e46a653b113e24d2451e2112a7a6da415f130928437444a0346832fd9c10042397fea6120e4e44acc2bccf649ec30ca5bffbf985672e2  nginx-rtmp-module-1.1.11.tar.gz"