blob: baf573de50d4449164dadb864453e39782d6179d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
|
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: Jeff Bilyk <jbilyk@gmail.com>
# Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
# 1.14.1-r0:
# - CVE-2018-16843
# - CVE-2018-16844
# - CVE-2018-16845
# 1.12.1-r0:
# - CVE-2017-7529
#
pkgname=nginx
# NOTE: Upgrade only to even-numbered versions (e.g. 1.14.z, 1.16.z)!
# Odd-numbered versions are mainline (development) versions.
pkgver=1.14.2
pkgrel=0
# Revision of nginx-tests to use for check().
_tests_hgrev=d6daf03478ad
_njs_ver=0.2.0
pkgdesc="HTTP and reverse proxy server (stable version)"
url="http://www.nginx.org/en"
arch="all"
license="BSD-2-Clause"
depends=""
makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev
openssl-dev paxmark pcre-dev perl-dev pkgconf zlib-dev"
checkdepends="gd perl perl-fcgi perl-io-socket-ssl perl-net-ssleay
perl-protocol-websocket tzdata uwsgi-python"
pkgusers="nginx"
_grp_ngx="nginx"
_grp_www="www-data"
pkggroups="$_grp_ngx $_grp_www"
install="$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgrade"
subpackages="$pkgname-doc $pkgname-vim::noarch"
replaces="$pkgname-common $pkgname-initscripts $pkgname-lua $pkgname-rtmp"
source="https://nginx.org/download/$pkgname-$pkgver.tar.gz
$pkgname-tests-$_tests_hgrev.tar.gz::https://hg.nginx.org/nginx-tests/archive/$_tests_hgrev.tar.gz
$pkgname-njs-$_njs_ver.tar.gz::https://hg.nginx.org/njs/archive/$_njs_ver.tar.gz
njs~fix-test-exit-code.patch
nginx.conf
default.conf
$pkgname.logrotate
$pkgname.initd
"
builddir="$srcdir/$pkgname-$pkgver"
_modules_dir="usr/lib/$pkgname/modules"
_stream_js_depends="$pkgname-mod-stream"
# luajit is not available for s390x.
case "$CARCH" in
s390x) makedepends="$makedepends lua5.1-dev";;
*) makedepends="$makedepends luajit-dev";;
esac
# Built-in dynamic modules
for _mod in \
http-geoip \
http-image-filter \
http-js \
http-perl \
http-xslt-filter \
mail \
stream \
stream-geoip \
stream-js
do
subpackages="$subpackages $pkgname-mod-$_mod:_module"
done
# Third-party dynamic modules
# For simplicity we assume that module is hosted on GitHub.
_add_module() {
local name="$1" ver="$2" url="$3"
local dirname="${url##*/}-${ver#v}"
subpackages="$subpackages $pkgname-mod-$name:_module"
source="$source $dirname.tar.gz::$url/archive/$ver.tar.gz"
_extra_flags="$_extra_flags --add-dynamic-module=$srcdir/$dirname"
}
_add_module "devel-kit" "v0.3.0" "https://github.com/simpl/ngx_devel_kit"
_devel_kit_so="ndk_http_module.so"
_add_module "http-cache-purge" "2.4.2" "https://github.com/nginx-modules/ngx_cache_purge"
_add_module "http-echo" "v0.61" "https://github.com/openresty/echo-nginx-module"
_add_module "http-fancyindex" "v0.4.3" "https://github.com/aperezdc/ngx-fancyindex"
_add_module "http-headers-more" "v0.33" "https://github.com/openresty/headers-more-nginx-module"
_http_headers_more_so="ngx_http_headers_more_filter_module.so"
_add_module "http-lua" "v0.10.13" "https://github.com/openresty/lua-nginx-module"
_http_lua_depends="$pkgname-mod-devel-kit"
_http_lua_provides="$pkgname-lua" # for backward compatibility
_add_module "http-lua-upstream" "v0.07" "https://github.com/openresty/lua-upstream-nginx-module"
_http_lua_upstream_depends="$pkgname-mod-http-lua"
_add_module "http-nchan" "v1.1.14" "https://github.com/slact/nchan"
_http_nchan_so="ngx_nchan_module.so"
_add_module "http-shibboleth" "v2.0.1" "https://github.com/nginx-shib/nginx-http-shibboleth"
_add_module "http-redis2" "v0.15" "https://github.com/openresty/redis2-nginx-module"
_add_module "http-set-misc" "v0.32" "https://github.com/openresty/set-misc-nginx-module"
_http_set_misc_depends="$pkgname-mod-devel-kit"
_add_module "http-upload-progress" "v0.9.2" "https://github.com/masterzen/nginx-upload-progress-module"
_http_upload_progress_so="ngx_http_uploadprogress_module.so"
_add_module "http-upstream-fair" "0.1.3" "https://github.com/itoffshore/nginx-upstream-fair"
_add_module "rtmp" "v1.2.1" "https://github.com/arut/nginx-rtmp-module"
_rtmp_provides="$pkgname-rtmp" # for backward compatibility
_add_module "http-vod" "1.22" "https://github.com/kaltura/nginx-vod-module"
prepare() {
local file; for file in $source; do
case $file in
*~*.patch)
msg $file
cd "$srcdir"/${file%%~*}-*
patch -p 1 -i "$srcdir/$file"
;;
*.patch)
msg $file
cd "$builddir"
patch -p 1 -i "$srcdir/$file"
;;
esac
done
# This test requires superuser privileges and CAP_NET_ADMIN.
rm "$srcdir"/nginx-tests-*/proxy_bind_transparent.t
rm "$srcdir"/nginx-tests-*/proxy_bind_transparent_capability.t
}
build() {
cd "$builddir"
export LUAJIT_LIB="$(pkgconf --variable=libdir luajit)"
export LUAJIT_INC="$(pkgconf --variable=includedir luajit)"
./configure \
--prefix=/var/lib/$pkgname \
--sbin-path=/usr/sbin/$pkgname \
--modules-path=/$_modules_dir \
--conf-path=/etc/$pkgname/$pkgname.conf \
--pid-path=/run/$pkgname/$pkgname.pid \
--lock-path=/run/$pkgname/$pkgname.lock \
--http-client-body-temp-path=/var/tmp/$pkgname/client_body \
--http-proxy-temp-path=/var/tmp/$pkgname/proxy \
--http-fastcgi-temp-path=/var/tmp/$pkgname/fastcgi \
--http-uwsgi-temp-path=/var/tmp/$pkgname/uwsgi \
--http-scgi-temp-path=/var/tmp/$pkgname/scgi \
--with-perl_modules_path=/usr/lib/perl5/vendor_perl \
\
--user=$pkgusers \
--group=$_grp_ngx \
--with-threads \
--with-file-aio \
\
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-http_perl_module=dynamic \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-stream_ssl_preread_module \
\
--add-dynamic-module="$srcdir/njs-$_njs_ver/nginx" \
$_extra_flags
make
}
check() {
msg "Running nginx tests..."
cd "$srcdir"/nginx-tests-*
TEST_NGINX_BINARY="$builddir/objs/nginx" prove .
msg "Running njs tests..."
cd "$srcdir"/njs-*
make test
}
package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
# Disable some PaX protections; this is needed for Lua module.
local paxflags="-m"
[ "$CARCH" = "x86" ] && paxflags="-msp"
paxmark $paxflags "$pkgdir"/usr/sbin/nginx
install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README
install -Dm644 objs/$pkgname.8 "$pkgdir"/usr/share/man/man8/$pkgname.8
local name; for name in ngx_devel_kit lua-nginx-module nginx-rtmp-module; do
cp -r "$srcdir"/$name-*/doc* "$pkgdir"/usr/share/doc/$pkgname/$name
done
cd "$pkgdir"
install -Dm644 "$srcdir"/nginx.conf ./etc/$pkgname/nginx.conf
install -Dm644 "$srcdir"/default.conf ./etc/$pkgname/conf.d/default.conf
install -Dm755 "$srcdir"/$pkgname.initd ./etc/init.d/$pkgname
install -Dm644 "$srcdir"/$pkgname.logrotate ./etc/logrotate.d/$pkgname
install -dm755 ./etc/$pkgname/modules
install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname
install -dm700 -o $pkgusers -g $_grp_ngx ./var/tmp/$pkgname
chmod 1777 "$pkgdir"/var/tmp
install -dm755 -g $_grp_www ./var/www/localhost/htdocs
install -dm755 ./var/log
mv ./var/lib/$pkgname/logs ./var/log/$pkgname
ln -sf /$_modules_dir ./var/lib/$pkgname/modules
ln -sf /var/log/$pkgname ./var/lib/$pkgname/logs
ln -sf /var/tmp/$pkgname ./var/lib/$pkgname/tmp
ln -sf /run/$pkgname ./var/lib/$pkgname/run
# Remove archaic charset maps.
rm ./etc/$pkgname/koi-* ./etc/$pkgname/win-utf
rm -rf ./run ./etc/$pkgname/*.default
}
vim() {
pkgdesc="$pkgdesc (vim syntax)"
depends=
mkdir -p "$subpkgdir"/usr/share/vim
cp -r "$builddir"/contrib/vim "$subpkgdir"/usr/share/vim/vimfiles
}
_module() {
local name="${subpkgname#$pkgname-mod-}"
name="${name//-/_}"
local soname="$(eval "echo \$_${name}_so")";
soname="${soname:-"ngx_${name}_module.so"}"
pkgdesc="$pkgdesc (module $name)"
depends="$pkgname $(eval "echo \$_${name}_depends")"
provides="$(eval "echo \$_${name}_provides")"
mkdir -p "$subpkgdir"/$_modules_dir
cd "$subpkgdir"
mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname
mkdir -p "$subpkgdir"/etc/nginx/modules
echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf
}
sha512sums="d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7 nginx-1.14.2.tar.gz
775f8fcc55e0e670f7b509974cc9e9cfb56e4bd2a88d1c7716c96b63ad87c14fd6d07f293545639972e798fb20f81414ef6483451d00ae5a4eaa262ccf2cbc98 nginx-tests-d6daf03478ad.tar.gz
be07e635f5e0e50a28366b28180344568b5cca9d67c79bc80d0c6758d8d4097ff9428393fb6951ed239c6e9c9e3f84b46f9c92a6e2c313f1f35e677b3662512f nginx-njs-0.2.0.tar.gz
cd6983c164383100e0239be85dfeddc7879ab9c29589aecdd9bb4b6772d1f0a5d4cd70bf728d0fb5181765cbed77b7e4c99fd85c0ec59c55826c52e923510017 njs~fix-test-exit-code.patch
ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41 nginx.conf
0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3 default.conf
09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb nginx.logrotate
eb183860cd511361346e4079c1fcf470985e1c3b2a034a57f8b2a92ba851fed99256261f9b779770a5f57e3750e9e71bd1550a9d19ad9bf3a4d288864f0374a2 nginx.initd
558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 ngx_devel_kit-0.3.0.tar.gz
1c2e6f5026becbd7bdf9feb920f10c19c6c5487600008161b045e9d6b5ea0269af68a2869e57b528bc921d549c541e6dbb02eb2ef26416a22d5d5a7f3ffc552b ngx_cache_purge-2.4.2.tar.gz
c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b echo-nginx-module-0.61.tar.gz
fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1 ngx-fancyindex-0.4.3.tar.gz
13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37 headers-more-nginx-module-0.33.tar.gz
8c316b9d12dc35779fcddc6bb90942c096f19fd8c2e090b8397e1e1ca6f0ebd7a4edddc03fddb31310147ba4e9db9fc4b3749cfd2323046d88045b3b3333f07d lua-nginx-module-0.10.13.tar.gz
72887c4490854b099cb26bb3f840073a36b0d812bde4486f04dc1be182ca74f0d1e3fd709e77c240c2dcf37665f74cf04e188ea9efe8e127c6789b27b487d0cd lua-upstream-nginx-module-0.07.tar.gz
f07f39923b89e67eb0dd98938ce3ecd991d13df456ec9937323550a6d3c25a99f22b829f9f779c9104abe5af89487636d46ab73ff7c08de63749fc65049218ec nchan-1.1.14.tar.gz
1730845ea2e52be8c2f6cfceb2894304c5a07959a96940bb1617ee0e7cf81d22283304f411d9a219ddb71e4d9a66012bba0f6f5574d101aeb3c406f26c5d6a4e nginx-http-shibboleth-2.0.1.tar.gz
d6ca250db8de93edbd7875afca35e73cecdaf82132d1a7ee933cf94c6b8afa8e629e9e647a9321f2bc1fbb92137ec0d32dcd89b82ac5fae31e342537fb7e0431 redis2-nginx-module-0.15.tar.gz
5590526f60c99630f99a49bfa9e3455baee6d58cd2a1419eab1367a838dafb87a50f5e2607aa8ac557b90dbf633dcf61069c997b3526cddc8f2fc45820a7bc3b set-misc-nginx-module-0.32.tar.gz
c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c nginx-upload-progress-module-0.9.2.tar.gz
8adb7453c27748f4e685e3352e9b318b408da818754dc5b6244e908423941a8ba337561104f6e481f2553cbc0e334dcea73b57f8e810a9d6e974bb69ff8859e5 nginx-upstream-fair-0.1.3.tar.gz
4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922 nginx-rtmp-module-1.2.1.tar.gz
ee1d55c406ff7c0943ec3c6069d087a238021b5be7839c9fa7e61bd8d324dc1a831d9ee1ec9ee6f6b7b0e0514cd87ff3690ac4183525a0980537d46175c430ad nginx-vod-module-1.22.tar.gz"
|