blob: c7829ef70ab5970f0dc76c5edebb25df08500acd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
# Contributor: Cameron Banta <cbanta@gmail.com>
# Contributor: Jeff Bilyk <jbilyk@gmail.com>
# Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl>
pkgname=nginx-naxsi
_pkgname=nginx
pkgver=1.11.10
pkgrel=0
pkgdesc="Lightweight HTTP and reverse proxy server with Naxsi WAF support, see also 'nxapi'"
url="http://www.nginx.org | https://github.com/nbs-system/naxsi"
arch="all"
license="custom"
# Modules
_ngx_naxsi_name=naxsi
_ngx_naxsi_ver=0.55.3
_ngx_naxsi_dir="$srcdir/$_ngx_naxsi_name-$_ngx_naxsi_ver/naxsi_src"
_ngx_cache_purge_name=ngx_cache_purge
_ngx_cache_purge_ver=2.3.0.1
_ngx_cache_purge_dir="$srcdir/$_ngx_cache_purge_name-$_ngx_cache_purge_ver"
_ngx_upstream_fair_name=nginx-upstream-fair
_ngx_upstream_fair_ver=0.1.1
_ngx_upstream_fair_dir="$srcdir/$_ngx_upstream_fair_name-$_ngx_upstream_fair_ver"
_ngx_http_sysguard_name=tengine-http-sysguard
_ngx_http_sysguard_ver=2.2.0
_ngx_http_sysguard_dir="$srcdir/$_ngx_http_sysguard_name-$_ngx_http_sysguard_ver"
depends="!nginx"
makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev libressl-dev
pcre-dev perl-dev pkgconf zlib-dev"
pkgusers="nginx"
_grp_ngx="nginx"
_grp_www="www-data"
pkggroups="$_grp_ngx $_grp_www"
install="$pkgname.pre-install $pkgname.pre-upgrade"
options="!check"
subpackages="$pkgname-doc"
source="http://nginx.org/download/$_pkgname-$pkgver.tar.gz
naxsi-$_ngx_naxsi_ver.tar.gz::https://github.com/nbs-system/$_ngx_naxsi_name/archive/$_ngx_naxsi_ver.tar.gz
ngx_cache_purge-$_ngx_cache_purge_ver.tar.gz::https://github.com/itoffshore/$_ngx_cache_purge_name/archive/v$_ngx_cache_purge_ver.tar.gz
upstream-fair-$_ngx_upstream_fair_ver.tar.gz::https://github.com/itoffshore/$_ngx_upstream_fair_name/archive/v$_ngx_upstream_fair_ver.tar.gz
sysguard-$_ngx_http_sysguard_ver.tar.gz::https://github.com/itoffshore/$_ngx_http_sysguard_name/archive/v$_ngx_http_sysguard_ver.tar.gz
anonymise.patch
ipv6.patch
sysguard.patch
nginx.initd
nginx.logrotate
nginx.conf
default.conf
"
builddir="$srcdir"/$_pkgname-$pkgver
_modules_dir="usr/lib/nginx/modules"
_modules="
http-geoip
http-image-filter
http-perl
http-xslt-filter
mail
stream
http-naxsi
http-cache-purge
http-upstream-fair
http-sysguard
"
for _m in $_modules; do
subpackages="$subpackages $pkgname-mod-$_m:_module"
done
build() {
cd "$builddir"
./configure \
--prefix=/var/lib/$_pkgname \
--sbin-path=/usr/sbin/$_pkgname \
--modules-path=/$_modules_dir \
--conf-path=/etc/$_pkgname/$_pkgname.conf \
--pid-path=/run/$_pkgname/$_pkgname.pid \
--lock-path=/run/$_pkgname/$_pkgname.lock \
--error-log-path=/var/log/$_pkgname/error.log \
--http-log-path=/var/log/$_pkgname/access.log \
--http-client-body-temp-path=/var/lib/$_pkgname/tmp/client_body \
--http-proxy-temp-path=/var/lib/$_pkgname/tmp/proxy \
--http-fastcgi-temp-path=/var/lib/$_pkgname/tmp/fastcgi \
--with-perl_modules_path=/usr/lib/perl5/vendor_perl \
\
--user=$pkgusers \
--group=$_grp_ngx \
--with-threads \
--with-file-aio \
--without-http_uwsgi_module \
--without-http_scgi_module \
\
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-http_perl_module=dynamic \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-stream=dynamic \
--with-stream_ssl_module \
\
--add-dynamic-module="$_ngx_naxsi_dir" \
--add-dynamic-module="$_ngx_cache_purge_dir" \
--add-dynamic-module="$_ngx_upstream_fair_dir" \
--add-dynamic-module="$_ngx_http_sysguard_dir" \
|| return 1
make || return 1
}
package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README
cd "$pkgdir"
install -Dm644 "$srcdir"/nginx.conf ./etc/$_pkgname/nginx.conf
install -Dm644 "$srcdir"/default.conf ./etc/$_pkgname/conf.d/default.conf
install -m755 -D "$srcdir"/$_pkgname.initd ./etc/init.d/$_pkgname
install -m644 -D "$srcdir"/$_pkgname.logrotate ./etc/logrotate.d/$_pkgname
install -m644 -D "$srcdir"/naxsi-$_ngx_naxsi_ver/naxsi_config/naxsi_core.rules ./etc/nginx/naxsi_core.rules
install -dm755 ./etc/$_pkgname/modules
install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname
install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname/tmp
ln -sf /$_modules_dir ./var/lib/$_pkgname/modules
ln -sf /var/log/$_pkgname ./var/lib/$_pkgname/logs
ln -sf /run/$_pkgname ./var/lib/$_pkgname/run
rm -rf ./run ./etc/$_pkgname/*.default
# scgi & uwsgi servers are disabled
rm ./etc/$_pkgname/scgi_params ./etc/$_pkgname/uwsgi_params
}
_module() {
local name="${subpkgname#$pkgname-mod-}"
name="${name//-/_}"
soname="ngx_${name}_module.so"
pkgdesc="$pkgdesc (module $name)"
depends="!nginx-mod-$name"
provides="$name"
mkdir -p "$subpkgdir"/$_modules_dir
cd "$subpkgdir"
mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname || return 1
mkdir -p "$subpkgdir"/etc/nginx/modules
echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf
}
sha512sums="b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 nginx-1.11.10.tar.gz
9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0 naxsi-0.55.3.tar.gz
c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11ecf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0db7e3 ngx_cache_purge-2.3.0.1.tar.gz
fd305b859c868ef55171b05f64071a2836c12073bcd89d6197af4946a3d1177f77c6708d4d589d460c84967273dee87ca9de97ab0f0d47e6d65f86b465d70316 upstream-fair-0.1.1.tar.gz
2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e07e1 sysguard-2.2.0.tar.gz
1117ca5887822e002d9995c041435fda53890614fd7309ea011a59bfb0df3261fc7ba8670e93aaee9116cda16b9806921a85f52c9959b093f2e5ac5df4d9b0fb anonymise.patch
cae9f842c3d1188730d4355440476ad2338b19c027c4b329efe88d4487e90d96bf60dea6feb4be6a6f96d4b356fc154345e32c2bb643d70f68e428df26330a49 ipv6.patch
2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce sysguard.patch
e0784764d509589a9626e20bd800787583573314293caf0ebc135bbfc50346f86847d4a93b91cb01d7b8f6e1b00285569ae8088e35ed9bc3ae8278cad3ba320e nginx.initd
01b77cff16f6e8bfd7fa1d4d20f625bbcddd08f0509173452d060c342c93dc315a7b0560f4734323a5d29ea294de0491f2e3f32e5337574e1a28ebc005eceea8 nginx.logrotate
a1a1d9dbd65955b458d17918138fc65bf8990c46909ef43940b1633458c8f119eb485939179b6a9a3dac0c3b58c1eb0c5aec44e7b25ea7a34969c4a0807d4788 nginx.conf
9bd5145762a5040a6b5494d31f216d1db7c52921142275f26eed67aff746270526caad8e34eae65ec6390975ce603b35f6add05eb857f1670bf28ab5049b97d8 default.conf"
|