blob: aa364c3978606e75d307a7b20e36ee9f9d8760b7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
|
# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
# Contributor: Cameron Banta <cbanta@gmail.com>
# Contributor: Jeff Bilyk <jbilyk@gmail.com>
# Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl>
pkgname=nginx-naxsi
_pkgname=nginx
pkgver=1.15.5
pkgrel=0
pkgdesc="Lightweight HTTP and reverse proxy server with Naxsi WAF support, see also 'nxapi'"
url="https://github.com/nbs-system/naxsi"
arch="all"
license="custom"
# Modules
_ngx_naxsi_name=naxsi
_ngx_naxsi_ver=0.56
_ngx_naxsi_dir="$srcdir/$_ngx_naxsi_name-$_ngx_naxsi_ver/naxsi_src"
_ngx_cache_purge_name=ngx_cache_purge
_ngx_cache_purge_ver=2.3.0.1
_ngx_cache_purge_dir="$srcdir/$_ngx_cache_purge_name-$_ngx_cache_purge_ver"
_ngx_upstream_fair_name=nginx-upstream-fair
_ngx_upstream_fair_ver=0.1.3
_ngx_upstream_fair_dir="$srcdir/$_ngx_upstream_fair_name-$_ngx_upstream_fair_ver"
_ngx_http_sysguard_name=tengine-http-sysguard
_ngx_http_sysguard_ver=2.2.0
_ngx_http_sysguard_dir="$srcdir/$_ngx_http_sysguard_name-$_ngx_http_sysguard_ver"
depends="!nginx"
makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev libressl-dev
pcre-dev perl-dev pkgconf zlib-dev"
pkgusers="nginx"
_grp_ngx="nginx"
_grp_www="www-data"
pkggroups="$_grp_ngx $_grp_www"
install="$pkgname.pre-install $pkgname.pre-upgrade"
options="!check"
subpackages="$pkgname-doc"
source="https://nginx.org/download/$_pkgname-$pkgver.tar.gz
naxsi-$_ngx_naxsi_ver.tar.gz::https://github.com/nbs-system/$_ngx_naxsi_name/archive/$_ngx_naxsi_ver.tar.gz
ngx_cache_purge-$_ngx_cache_purge_ver.tar.gz::https://github.com/itoffshore/$_ngx_cache_purge_name/archive/v$_ngx_cache_purge_ver.tar.gz
upstream-fair-$_ngx_upstream_fair_ver.tar.gz::https://github.com/itoffshore/$_ngx_upstream_fair_name/archive/$_ngx_upstream_fair_ver.tar.gz
sysguard-$_ngx_http_sysguard_ver.tar.gz::https://github.com/itoffshore/$_ngx_http_sysguard_name/archive/v$_ngx_http_sysguard_ver.tar.gz
anonymise.patch
ipv6.patch
sysguard.patch
nginx.initd
nginx.logrotate
nginx.conf
default.conf
sysguard.conf
"
builddir="$srcdir"/$_pkgname-$pkgver
_modules_dir="usr/lib/nginx/modules"
_modules="
http-geoip
http-image-filter
http-perl
http-xslt-filter
mail
stream
http-naxsi
http-cache-purge
http-upstream-fair
http-sysguard
"
for _m in $_modules; do
subpackages="$subpackages $pkgname-mod-$_m:_module"
done
build() {
cd "$builddir"
./configure \
--prefix=/var/lib/$_pkgname \
--sbin-path=/usr/sbin/$_pkgname \
--modules-path=/$_modules_dir \
--conf-path=/etc/$_pkgname/$_pkgname.conf \
--pid-path=/run/$_pkgname/$_pkgname.pid \
--lock-path=/run/$_pkgname/$_pkgname.lock \
--error-log-path=/var/log/$_pkgname/error.log \
--http-log-path=/var/log/$_pkgname/access.log \
--http-client-body-temp-path=/var/lib/$_pkgname/tmp/client_body \
--http-proxy-temp-path=/var/lib/$_pkgname/tmp/proxy \
--http-fastcgi-temp-path=/var/lib/$_pkgname/tmp/fastcgi \
--with-perl_modules_path=/usr/lib/perl5/vendor_perl \
\
--user=$pkgusers \
--group=$_grp_ngx \
--with-threads \
--with-file-aio \
--without-http_uwsgi_module \
--without-http_scgi_module \
\
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-http_perl_module=dynamic \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-stream=dynamic \
--with-stream_ssl_module \
\
--add-dynamic-module="$_ngx_naxsi_dir" \
--add-dynamic-module="$_ngx_cache_purge_dir" \
--add-dynamic-module="$_ngx_upstream_fair_dir" \
--add-dynamic-module="$_ngx_http_sysguard_dir"
make
}
package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README
cd "$pkgdir"
install -Dm644 "$srcdir"/nginx.conf ./etc/$_pkgname/nginx.conf
install -Dm644 "$srcdir"/default.conf ./etc/$_pkgname/conf.d/default.conf
install -m755 -D "$srcdir"/$_pkgname.initd ./etc/init.d/$_pkgname
install -m644 -D "$srcdir"/$_pkgname.logrotate ./etc/logrotate.d/$_pkgname
install -m644 -D "$srcdir"/naxsi-$_ngx_naxsi_ver/naxsi_config/naxsi_core.rules ./etc/nginx/naxsi_core.rules
install -dm755 ./etc/$_pkgname/modules
install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname
install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname/tmp
ln -sf /$_modules_dir ./var/lib/$_pkgname/modules
ln -sf /var/log/$_pkgname ./var/lib/$_pkgname/logs
ln -sf /run/$_pkgname ./var/lib/$_pkgname/run
rm -rf ./run ./etc/$_pkgname/*.default
# scgi & uwsgi servers are disabled
rm ./etc/$_pkgname/scgi_params ./etc/$_pkgname/uwsgi_params
# add module configuration
_mod_conf sysguard.conf nginx-naxsi-mod-http-sysguard
}
_module() {
local name="${subpkgname#$pkgname-mod-}"
name="${name//-/_}"
soname="ngx_${name}_module.so"
pkgdesc="$pkgdesc (module $name)"
depends="!nginx-mod-$name"
provides="$name"
mkdir -p "$subpkgdir"/$_modules_dir
cd "$subpkgdir"
mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname
mkdir -p "$subpkgdir"/etc/nginx/modules
echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf
}
_mod_conf() {
local conf=$1 module=$2
install -Dm644 "$srcdir"/$conf ${pkgdir%/*}/$module/etc/nginx/conf.d/$conf
}
sha512sums="90b3d8148fca183bd3f6d16fd9212e2eedbe13f151c079d67086fca5a9f58256b99a87b4444ee18b1f9fb2b65fbe2d5353985145e1c075b6236b31d0ce7e9051 nginx-1.15.5.tar.gz
4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd naxsi-0.56.tar.gz
c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11ecf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0db7e3 ngx_cache_purge-2.3.0.1.tar.gz
8adb7453c27748f4e685e3352e9b318b408da818754dc5b6244e908423941a8ba337561104f6e481f2553cbc0e334dcea73b57f8e810a9d6e974bb69ff8859e5 upstream-fair-0.1.3.tar.gz
2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e07e1 sysguard-2.2.0.tar.gz
1117ca5887822e002d9995c041435fda53890614fd7309ea011a59bfb0df3261fc7ba8670e93aaee9116cda16b9806921a85f52c9959b093f2e5ac5df4d9b0fb anonymise.patch
cae9f842c3d1188730d4355440476ad2338b19c027c4b329efe88d4487e90d96bf60dea6feb4be6a6f96d4b356fc154345e32c2bb643d70f68e428df26330a49 ipv6.patch
2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce sysguard.patch
72888c43cec3203cafe1c5e018be464129a220913c21e0abe5ca57ad0649b7120d419ede9b37181def3daad7f08b1c1afdacb33a20aa148ce1d1b9ce3b5b2a33 nginx.initd
01b77cff16f6e8bfd7fa1d4d20f625bbcddd08f0509173452d060c342c93dc315a7b0560f4734323a5d29ea294de0491f2e3f32e5337574e1a28ebc005eceea8 nginx.logrotate
a1a1d9dbd65955b458d17918138fc65bf8990c46909ef43940b1633458c8f119eb485939179b6a9a3dac0c3b58c1eb0c5aec44e7b25ea7a34969c4a0807d4788 nginx.conf
ed1257ca2c0f687e24ebfd5446c472a592a9f7abea022bd04b3dd519631cc235f448027aabf699a89cb7aa4d5761031d44dffcd33d02fd17db0c93da0d5e8689 default.conf
8067c78b00e9fd89141b7a70fdc39ab1095a89c97abc8c9a37df26bef40785715dabdae19bce596ec3c3baff00f9022e2f24c7f5d884590857773e87aae75734 sysguard.conf"
|