aboutsummaryrefslogtreecommitdiffstats
path: root/main/nginx/APKBUILD
blob: 1fb4ddb60f6042664f714e8d8adb92d0897bfccd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: Jeff Bilyk <jbilyk@gmail.com>
# Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
#   1.16.1-r6:
#     - CVE-2019-20372
#   1.16.1-r0:
#     - CVE-2019-9511
#     - CVE-2019-9513
#     - CVE-2019-9516
#   1.14.1-r0:
#     - CVE-2018-16843
#     - CVE-2018-16844
#     - CVE-2018-16845
#   1.12.1-r0:
#     - CVE-2017-7529
#
pkgname=nginx
# NOTE: Upgrade only to even-numbered versions (e.g. 1.14.z, 1.16.z)!
# Odd-numbered versions are mainline (development) versions.
pkgver=1.18.0
pkgrel=2
# Revision of nginx-tests to use for check().
_tests_hgrev=c1d167a13c24
_njs_ver=0.3.8
pkgdesc="HTTP and reverse proxy server (stable version)"
url="https://www.nginx.org/"
arch="all"
license="BSD-2-Clause"
depends=""
makedepends="
	brotli-dev
	gd-dev
	geoip-dev
	libmaxminddb-dev
	libxml2-dev
	libxslt-dev
	linux-headers
	luajit-dev
	openssl-dev
	paxmark
	pcre-dev
	perl-dev
	pkgconf
	zlib-dev
	"
checkdepends="
	gd
	perl
	perl-fcgi
	perl-io-socket-ssl
	perl-net-ssleay
	perl-protocol-websocket
	tzdata
	uwsgi-python3
	"
pkgusers="nginx"
_grp_ngx="nginx"
_grp_www="www-data"
pkggroups="$_grp_ngx $_grp_www"
install="$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgrade"
subpackages="$pkgname-debug $pkgname-doc $pkgname-openrc $pkgname-vim::noarch"
replaces="$pkgname-common $pkgname-initscripts $pkgname-lua $pkgname-rtmp"
source="https://nginx.org/download/$pkgname-$pkgver.tar.gz
	$pkgname-tests-$_tests_hgrev.tar.gz::https://hg.nginx.org/nginx-tests/archive/$_tests_hgrev.tar.gz
	$pkgname-njs-$_njs_ver.tar.gz::https://hg.nginx.org/njs/archive/$_njs_ver.tar.gz
	nginx.conf
	default.conf
	$pkgname.logrotate
	$pkgname.initd
	$pkgname.confd
	"
builddir="$srcdir/$pkgname-$pkgver"

_modules_dir="usr/lib/$pkgname/modules"
_stream_js_depends="$pkgname-mod-stream"

# Built-in dynamic modules
for _mod in \
	http-geoip \
	http-image-filter \
	http-js \
	http-perl \
	http-xslt-filter \
	mail \
	stream \
	stream-geoip \
	stream-js
do
	subpackages="$subpackages $pkgname-mod-$_mod:_module"
done

# Third-party dynamic modules

# For simplicity we assume that module is hosted on GitHub.
_add_module() {
	local name="$1" ver="$2" url="$3" subdir="$4"
	local dirname=${url##*/}-${ver#v}

	# Don't add new flag and source if it's already there, i.e. two or more
	# modules share the same source (e.g. geoip2 that provides http-geoip2
	# and stream-geoip2).
	if ! printf '%s\n' $_extra_flags | grep -qFw "$srcdir/$dirname"; then
		_extra_flags="$_extra_flags --add-dynamic-module=$srcdir/$dirname/$subdir"
		source="$source $dirname.tar.gz::$url/archive/$ver.tar.gz"
	fi
	subpackages="$subpackages $pkgname-mod-$name:_module"
}

_add_module "devel-kit" "v0.3.1" "https://github.com/simpl/ngx_devel_kit"
_devel_kit_so="ndk_http_module.so"

_add_module "http-brotli" "v1.0.0rc" "https://github.com/google/ngx_brotli"
_http_brotli_so="ngx_http_brotli_filter_module.so ngx_http_brotli_static_module.so"

_add_module "http-cache-purge" "2.5" "https://github.com/nginx-modules/ngx_cache_purge"

_add_module "http-dav-ext" "v3.0.0" "https://github.com/arut/nginx-dav-ext-module"

_add_module "http-echo" "v0.61" "https://github.com/openresty/echo-nginx-module"

_add_module "http-fancyindex" "v0.4.4" "https://github.com/aperezdc/ngx-fancyindex"

_add_module "http-headers-more" "v0.33" "https://github.com/openresty/headers-more-nginx-module"
_http_headers_more_so="ngx_http_headers_more_filter_module.so"

# luajit is required for lua-nginx-module since v0.10.14
_add_module "http-lua" "v0.10.15" "https://github.com/openresty/lua-nginx-module"
_http_lua_depends="$pkgname-mod-devel-kit"
_http_lua_provides="$pkgname-lua"  # for backward compatibility

_add_module "http-lua-upstream" "v0.07" "https://github.com/openresty/lua-upstream-nginx-module"
_http_lua_upstream_depends="$pkgname-mod-http-lua"

_add_module "http-nchan" "v1.2.7" "https://github.com/slact/nchan"
_http_nchan_so="ngx_nchan_module.so"

_add_module "http-shibboleth" "v2.0.1" "https://github.com/nginx-shib/nginx-http-shibboleth"

_add_module "http-redis2" "v0.15" "https://github.com/openresty/redis2-nginx-module"

_add_module "http-set-misc" "v0.32" "https://github.com/openresty/set-misc-nginx-module"
_http_set_misc_depends="$pkgname-mod-devel-kit"

_add_module "http-upload-progress" "v0.9.2" "https://github.com/masterzen/nginx-upload-progress-module"
_http_upload_progress_so="ngx_http_uploadprogress_module.so"

_add_module "http-upstream-fair" "0.1.3" "https://github.com/itoffshore/nginx-upstream-fair"

_add_module "rtmp" "v1.2.1" "https://github.com/arut/nginx-rtmp-module"
_rtmp_provides="$pkgname-rtmp"  # for backward compatibility

_add_module "http-vod" "1.25" "https://github.com/kaltura/nginx-vod-module"

_add_module "http-geoip2" "3.3" "https://github.com/leev/ngx_http_geoip2_module"
_add_module "stream-geoip2" "3.3" "https://github.com/leev/ngx_http_geoip2_module"
_stream_geoip2_depends="$pkgname-mod-stream"

_add_module "http-naxsi" "0.56" "https://github.com/nbs-system/naxsi" "naxsi_src"

prepare() {
	local file; for file in $source; do
		case $file in
		*~*.patch)
			msg $file
			cd "$srcdir"/${file%%~*}-*
			patch -p 1 -i "$srcdir/$file"
			;;
		*.patch)
			msg $file
			cd "$builddir"
			patch -p 1 -i "$srcdir/$file"
			;;
		esac
	done

	# This test requires superuser privileges and CAP_NET_ADMIN.
	rm "$srcdir"/nginx-tests-*/proxy_bind_transparent.t
	rm "$srcdir"/nginx-tests-*/proxy_bind_transparent_capability.t
	# Travis and Drone.io does not support IPv6...
	rm -f "$srcdir"/nginx-tests-*/upstream_ip_hash_ipv6.t
}

_build() {
	export LUAJIT_LIB="$(pkgconf --variable=libdir luajit)"
	export LUAJIT_INC="$(pkgconf --variable=includedir luajit)"
	./configure \
		--prefix=/var/lib/$pkgname \
		--sbin-path=/usr/sbin/$pkgname \
		--modules-path=/$_modules_dir \
		--conf-path=/etc/$pkgname/$pkgname.conf \
		--pid-path=/run/$pkgname/$pkgname.pid \
		--lock-path=/run/$pkgname/$pkgname.lock \
		--http-client-body-temp-path=/var/lib/$pkgname/tmp/client_body \
		--http-proxy-temp-path=/var/lib/$pkgname/tmp/proxy \
		--http-fastcgi-temp-path=/var/lib/$pkgname/tmp/fastcgi \
		--http-uwsgi-temp-path=/var/lib/$pkgname/tmp/uwsgi \
		--http-scgi-temp-path=/var/lib/$pkgname/tmp/scgi \
		--with-perl_modules_path=/usr/lib/perl5/vendor_perl \
		\
		--user=$pkgusers \
		--group=$_grp_ngx \
		--with-threads \
		--with-file-aio \
		\
		--with-http_ssl_module \
		--with-http_v2_module \
		--with-http_realip_module \
		--with-http_addition_module \
		--with-http_xslt_module=dynamic \
		--with-http_image_filter_module=dynamic \
		--with-http_geoip_module=dynamic \
		--with-http_sub_module \
		--with-http_dav_module \
		--with-http_flv_module \
		--with-http_mp4_module \
		--with-http_gunzip_module \
		--with-http_gzip_static_module \
		--with-http_auth_request_module \
		--with-http_random_index_module \
		--with-http_secure_link_module \
		--with-http_degradation_module \
		--with-http_slice_module \
		--with-http_stub_status_module \
		--with-http_perl_module=dynamic \
		--with-mail=dynamic \
		--with-mail_ssl_module \
		--with-stream=dynamic \
		--with-stream_ssl_module \
		--with-stream_realip_module \
		--with-stream_geoip_module=dynamic \
		--with-stream_ssl_preread_module \
		\
		--add-dynamic-module="$srcdir/njs-$_njs_ver/nginx" \
		$_extra_flags \
		"$@"

	make
}

build() {
	cd "$builddir"

	_build --with-debug
	mv objs objs-debug

	make clean
	_build
}

check() {
	msg "Running nginx tests..."
	cd "$srcdir"/nginx-tests-*

	case "$CARCH" in
	mips*)
		# Sporadic failure on builder.
		rm ssl.t
		;;
	esac

	TEST_NGINX_BINARY="$builddir/objs/nginx" prove .
}

package() {
	cd "$builddir"

	make DESTDIR="$pkgdir" install

	# Disable some PaX protections; this is needed for Lua module.
	local paxflags="-m"
	[ "$CARCH" = "x86" ] && paxflags="-msp"
	paxmark $paxflags "$pkgdir"/usr/sbin/nginx
	paxmark $paxflags objs-debug/nginx

	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
	install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README

	install -Dm644 objs/$pkgname.8 "$pkgdir"/usr/share/man/man8/$pkgname.8

	local name; for name in ngx_devel_kit lua-nginx-module nginx-rtmp-module; do
		cp -r "$srcdir"/$name-*/doc* "$pkgdir"/usr/share/doc/$pkgname/$name
	done

	cd "$pkgdir"

	install -Dm644 "$srcdir"/nginx.conf ./etc/$pkgname/nginx.conf
	install -Dm644 "$srcdir"/default.conf ./etc/$pkgname/conf.d/default.conf
	install -Dm755 "$srcdir"/$pkgname.initd ./etc/init.d/$pkgname
	install -Dm644 "$srcdir"/$pkgname.confd ./etc/conf.d/$pkgname
	install -Dm644 "$srcdir"/$pkgname.logrotate ./etc/logrotate.d/$pkgname

	install -dm755 ./etc/$pkgname/modules
	install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname
	install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname/tmp
	install -dm755 -g $_grp_www ./var/www/localhost/htdocs

	install -dm755 ./var/log
	mv ./var/lib/$pkgname/logs ./var/log/$pkgname

	ln -sf /$_modules_dir ./var/lib/$pkgname/modules
	ln -sf /var/log/$pkgname ./var/lib/$pkgname/logs
	ln -sf /run/$pkgname ./var/lib/$pkgname/run

	# Remove archaic charset maps.
	rm ./etc/$pkgname/koi-* ./etc/$pkgname/win-utf

	rm -rf ./run ./etc/$pkgname/*.default
}

# http://nginx.org/en/docs/debugging_log.html
debug() {
	pkgdesc="nginx built with support for debugging log"
	depends="$pkgname=$pkgver-r$pkgrel"
	options="!strip"

	install -Dm755 "$builddir"/objs-debug/nginx "$subpkgdir"/usr/sbin/nginx-debug
}

vim() {
	pkgdesc="$pkgdesc (vim syntax)"
	install_if="vim $pkgname=$pkgver-r$pkgrel"
	depends=

	mkdir -p "$subpkgdir"/usr/share/vim
	cp -r "$builddir"/contrib/vim "$subpkgdir"/usr/share/vim/vimfiles
}

_module() {
	local name="${subpkgname#$pkgname-mod-}"
	name="${name//-/_}"
	local sonames="$(eval "echo \$_${name}_so")";
	sonames="${sonames:-"ngx_${name}_module.so"}"

	pkgdesc="$pkgdesc (module $name)"
	depends="$pkgname $(eval "echo \$_${name}_depends")"
	provides="$(eval "echo \$_${name}_provides")"

	mkdir -p "$subpkgdir"/$_modules_dir
	mkdir -p "$subpkgdir"/etc/nginx/modules

	cd "$subpkgdir"

	local soname; for soname in $sonames; do
		mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname
		echo "load_module \"modules/$soname\";" >> ./etc/nginx/modules/$name.conf
	done

	case "$name" in
		http_perl)
			mv "$pkgdir"/usr/lib/perl5 "$subpkgdir"/usr/lib/
		;;
		http_naxsi)
			install -m644 -D "$srcdir"/naxsi-*/naxsi_config/naxsi_core.rules \
				./etc/nginx/naxsi_core.rules
		;;
	esac
}

sha512sums="8c21eeb62ab6e32e436932500f700bd2fb99fd2d29e43c08a5bfed4714c189c29c7141db551fcd5d2437303b7439f71758f7407dfd3e801e704e45e7daa78ddb  nginx-1.18.0.tar.gz
34b112d0cad5b6aeca58a7cfccbbb7626f2ae295e76e39048a226e5c375bf0371175d3fec2b893634d94b52ce4ba37b8079ecfefb4d435da84b24688fe374384  nginx-tests-c1d167a13c24.tar.gz
e9e96c8e2daf9e6007d9b878eebae9f7f7ab7622edf81d9561688844379aae461fe2e30a103d5bdc0564330f804cd40e6654141933cd7f7ec292849653ebc560  nginx-njs-0.3.8.tar.gz
ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41  nginx.conf
0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3  default.conf
09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb  nginx.logrotate
ee10a5687740dde0c3d18d8b3555f49fcdc6abfc0a3bc2de1de3be0e99951a346fe8027d916aab73071ecd4e2c50871e7c867aca3a7a0fd16e3374c5caed1c57  nginx.initd
0b9b9ed01ac077e334c034faa2679f6e26740fb3362eebf8cef82d22b2af2a3faaa53bae3c9e14af51cbf64720a7c66431905ca5cc43f978366456cc4e3b7f4a  nginx.confd
de1e3349d8dd08e5982279b2219dc8a8006739f0409b8e0f5c50d93434beff1fbafba43e9c5ac85a5fab90afc5c0a7244a340610339c36f82f2cba7233e72de9  ngx_devel_kit-0.3.1.tar.gz
05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d  ngx_brotli-1.0.0rc.tar.gz
1f6c15b148856e5d258ed804b8340ae286e8ef925128ba230c59c24c3412c60e58952be4511e8360695cb5301268a9a3407760b0887323e6f46ccc9e81a73642  ngx_cache_purge-2.5.tar.gz
d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde  nginx-dav-ext-module-3.0.0.tar.gz
c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b  echo-nginx-module-0.61.tar.gz
bf8ebb188c10fee5e6ebcb338fe20fdf859bb88d9b2b0e3da6f3e2f1847738d30760d2642d0dfe257092bdf2399b561631556a3a8e2fb33dc9cd0c59d371c173  ngx-fancyindex-0.4.4.tar.gz
13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37  headers-more-nginx-module-0.33.tar.gz
1feea538464275e6e571860592628ad639b2259c8aab7f38575b81c0b355f1ade32a91643267bc9ec16519e3bcf3d132511513dc8c949f74a3bff975c85d8ff7  lua-nginx-module-0.10.15.tar.gz
72887c4490854b099cb26bb3f840073a36b0d812bde4486f04dc1be182ca74f0d1e3fd709e77c240c2dcf37665f74cf04e188ea9efe8e127c6789b27b487d0cd  lua-upstream-nginx-module-0.07.tar.gz
d8b0e79c2b9cf4dd0b3ba8bfeeca86795b1206ec2a468829e6fd20c2286c9a8f75ad135424590cfb3a9d9cded5cefde4f19ba9e36d63a0ff95487d7139732bd9  nchan-1.2.7.tar.gz
1730845ea2e52be8c2f6cfceb2894304c5a07959a96940bb1617ee0e7cf81d22283304f411d9a219ddb71e4d9a66012bba0f6f5574d101aeb3c406f26c5d6a4e  nginx-http-shibboleth-2.0.1.tar.gz
d6ca250db8de93edbd7875afca35e73cecdaf82132d1a7ee933cf94c6b8afa8e629e9e647a9321f2bc1fbb92137ec0d32dcd89b82ac5fae31e342537fb7e0431  redis2-nginx-module-0.15.tar.gz
5590526f60c99630f99a49bfa9e3455baee6d58cd2a1419eab1367a838dafb87a50f5e2607aa8ac557b90dbf633dcf61069c997b3526cddc8f2fc45820a7bc3b  set-misc-nginx-module-0.32.tar.gz
c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c  nginx-upload-progress-module-0.9.2.tar.gz
8adb7453c27748f4e685e3352e9b318b408da818754dc5b6244e908423941a8ba337561104f6e481f2553cbc0e334dcea73b57f8e810a9d6e974bb69ff8859e5  nginx-upstream-fair-0.1.3.tar.gz
4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922  nginx-rtmp-module-1.2.1.tar.gz
11a97ffa28d6078aa57ad1821421928f6e2a05235a2f384cd2b498e7998f1025edc1ee163a900937ee251b49bd9381813e71248e67d537531b91a998b1610c56  nginx-vod-module-1.25.tar.gz
06963b598c54e22d75ce837fb222f5aa6c9494c29e558ff46f1205d7159fc305414bfac4ed3288c836dcbf7628d92f26458e1992d34fc2f4b73275a32847bdc0  ngx_http_geoip2_module-3.3.tar.gz
4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd  naxsi-0.56.tar.gz"