blob: 1fb4ddb60f6042664f714e8d8adb92d0897bfccd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
|
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: Jeff Bilyk <jbilyk@gmail.com>
# Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
# 1.16.1-r6:
# - CVE-2019-20372
# 1.16.1-r0:
# - CVE-2019-9511
# - CVE-2019-9513
# - CVE-2019-9516
# 1.14.1-r0:
# - CVE-2018-16843
# - CVE-2018-16844
# - CVE-2018-16845
# 1.12.1-r0:
# - CVE-2017-7529
#
pkgname=nginx
# NOTE: Upgrade only to even-numbered versions (e.g. 1.14.z, 1.16.z)!
# Odd-numbered versions are mainline (development) versions.
pkgver=1.18.0
pkgrel=2
# Revision of nginx-tests to use for check().
_tests_hgrev=c1d167a13c24
_njs_ver=0.3.8
pkgdesc="HTTP and reverse proxy server (stable version)"
url="https://www.nginx.org/"
arch="all"
license="BSD-2-Clause"
depends=""
makedepends="
brotli-dev
gd-dev
geoip-dev
libmaxminddb-dev
libxml2-dev
libxslt-dev
linux-headers
luajit-dev
openssl-dev
paxmark
pcre-dev
perl-dev
pkgconf
zlib-dev
"
checkdepends="
gd
perl
perl-fcgi
perl-io-socket-ssl
perl-net-ssleay
perl-protocol-websocket
tzdata
uwsgi-python3
"
pkgusers="nginx"
_grp_ngx="nginx"
_grp_www="www-data"
pkggroups="$_grp_ngx $_grp_www"
install="$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgrade"
subpackages="$pkgname-debug $pkgname-doc $pkgname-openrc $pkgname-vim::noarch"
replaces="$pkgname-common $pkgname-initscripts $pkgname-lua $pkgname-rtmp"
source="https://nginx.org/download/$pkgname-$pkgver.tar.gz
$pkgname-tests-$_tests_hgrev.tar.gz::https://hg.nginx.org/nginx-tests/archive/$_tests_hgrev.tar.gz
$pkgname-njs-$_njs_ver.tar.gz::https://hg.nginx.org/njs/archive/$_njs_ver.tar.gz
nginx.conf
default.conf
$pkgname.logrotate
$pkgname.initd
$pkgname.confd
"
builddir="$srcdir/$pkgname-$pkgver"
_modules_dir="usr/lib/$pkgname/modules"
_stream_js_depends="$pkgname-mod-stream"
# Built-in dynamic modules
for _mod in \
http-geoip \
http-image-filter \
http-js \
http-perl \
http-xslt-filter \
mail \
stream \
stream-geoip \
stream-js
do
subpackages="$subpackages $pkgname-mod-$_mod:_module"
done
# Third-party dynamic modules
# For simplicity we assume that module is hosted on GitHub.
_add_module() {
local name="$1" ver="$2" url="$3" subdir="$4"
local dirname=${url##*/}-${ver#v}
# Don't add new flag and source if it's already there, i.e. two or more
# modules share the same source (e.g. geoip2 that provides http-geoip2
# and stream-geoip2).
if ! printf '%s\n' $_extra_flags | grep -qFw "$srcdir/$dirname"; then
_extra_flags="$_extra_flags --add-dynamic-module=$srcdir/$dirname/$subdir"
source="$source $dirname.tar.gz::$url/archive/$ver.tar.gz"
fi
subpackages="$subpackages $pkgname-mod-$name:_module"
}
_add_module "devel-kit" "v0.3.1" "https://github.com/simpl/ngx_devel_kit"
_devel_kit_so="ndk_http_module.so"
_add_module "http-brotli" "v1.0.0rc" "https://github.com/google/ngx_brotli"
_http_brotli_so="ngx_http_brotli_filter_module.so ngx_http_brotli_static_module.so"
_add_module "http-cache-purge" "2.5" "https://github.com/nginx-modules/ngx_cache_purge"
_add_module "http-dav-ext" "v3.0.0" "https://github.com/arut/nginx-dav-ext-module"
_add_module "http-echo" "v0.61" "https://github.com/openresty/echo-nginx-module"
_add_module "http-fancyindex" "v0.4.4" "https://github.com/aperezdc/ngx-fancyindex"
_add_module "http-headers-more" "v0.33" "https://github.com/openresty/headers-more-nginx-module"
_http_headers_more_so="ngx_http_headers_more_filter_module.so"
# luajit is required for lua-nginx-module since v0.10.14
_add_module "http-lua" "v0.10.15" "https://github.com/openresty/lua-nginx-module"
_http_lua_depends="$pkgname-mod-devel-kit"
_http_lua_provides="$pkgname-lua" # for backward compatibility
_add_module "http-lua-upstream" "v0.07" "https://github.com/openresty/lua-upstream-nginx-module"
_http_lua_upstream_depends="$pkgname-mod-http-lua"
_add_module "http-nchan" "v1.2.7" "https://github.com/slact/nchan"
_http_nchan_so="ngx_nchan_module.so"
_add_module "http-shibboleth" "v2.0.1" "https://github.com/nginx-shib/nginx-http-shibboleth"
_add_module "http-redis2" "v0.15" "https://github.com/openresty/redis2-nginx-module"
_add_module "http-set-misc" "v0.32" "https://github.com/openresty/set-misc-nginx-module"
_http_set_misc_depends="$pkgname-mod-devel-kit"
_add_module "http-upload-progress" "v0.9.2" "https://github.com/masterzen/nginx-upload-progress-module"
_http_upload_progress_so="ngx_http_uploadprogress_module.so"
_add_module "http-upstream-fair" "0.1.3" "https://github.com/itoffshore/nginx-upstream-fair"
_add_module "rtmp" "v1.2.1" "https://github.com/arut/nginx-rtmp-module"
_rtmp_provides="$pkgname-rtmp" # for backward compatibility
_add_module "http-vod" "1.25" "https://github.com/kaltura/nginx-vod-module"
_add_module "http-geoip2" "3.3" "https://github.com/leev/ngx_http_geoip2_module"
_add_module "stream-geoip2" "3.3" "https://github.com/leev/ngx_http_geoip2_module"
_stream_geoip2_depends="$pkgname-mod-stream"
_add_module "http-naxsi" "0.56" "https://github.com/nbs-system/naxsi" "naxsi_src"
prepare() {
local file; for file in $source; do
case $file in
*~*.patch)
msg $file
cd "$srcdir"/${file%%~*}-*
patch -p 1 -i "$srcdir/$file"
;;
*.patch)
msg $file
cd "$builddir"
patch -p 1 -i "$srcdir/$file"
;;
esac
done
# This test requires superuser privileges and CAP_NET_ADMIN.
rm "$srcdir"/nginx-tests-*/proxy_bind_transparent.t
rm "$srcdir"/nginx-tests-*/proxy_bind_transparent_capability.t
# Travis and Drone.io does not support IPv6...
rm -f "$srcdir"/nginx-tests-*/upstream_ip_hash_ipv6.t
}
_build() {
export LUAJIT_LIB="$(pkgconf --variable=libdir luajit)"
export LUAJIT_INC="$(pkgconf --variable=includedir luajit)"
./configure \
--prefix=/var/lib/$pkgname \
--sbin-path=/usr/sbin/$pkgname \
--modules-path=/$_modules_dir \
--conf-path=/etc/$pkgname/$pkgname.conf \
--pid-path=/run/$pkgname/$pkgname.pid \
--lock-path=/run/$pkgname/$pkgname.lock \
--http-client-body-temp-path=/var/lib/$pkgname/tmp/client_body \
--http-proxy-temp-path=/var/lib/$pkgname/tmp/proxy \
--http-fastcgi-temp-path=/var/lib/$pkgname/tmp/fastcgi \
--http-uwsgi-temp-path=/var/lib/$pkgname/tmp/uwsgi \
--http-scgi-temp-path=/var/lib/$pkgname/tmp/scgi \
--with-perl_modules_path=/usr/lib/perl5/vendor_perl \
\
--user=$pkgusers \
--group=$_grp_ngx \
--with-threads \
--with-file-aio \
\
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-http_perl_module=dynamic \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-stream_ssl_preread_module \
\
--add-dynamic-module="$srcdir/njs-$_njs_ver/nginx" \
$_extra_flags \
"$@"
make
}
build() {
cd "$builddir"
_build --with-debug
mv objs objs-debug
make clean
_build
}
check() {
msg "Running nginx tests..."
cd "$srcdir"/nginx-tests-*
case "$CARCH" in
mips*)
# Sporadic failure on builder.
rm ssl.t
;;
esac
TEST_NGINX_BINARY="$builddir/objs/nginx" prove .
}
package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
# Disable some PaX protections; this is needed for Lua module.
local paxflags="-m"
[ "$CARCH" = "x86" ] && paxflags="-msp"
paxmark $paxflags "$pkgdir"/usr/sbin/nginx
paxmark $paxflags objs-debug/nginx
install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README
install -Dm644 objs/$pkgname.8 "$pkgdir"/usr/share/man/man8/$pkgname.8
local name; for name in ngx_devel_kit lua-nginx-module nginx-rtmp-module; do
cp -r "$srcdir"/$name-*/doc* "$pkgdir"/usr/share/doc/$pkgname/$name
done
cd "$pkgdir"
install -Dm644 "$srcdir"/nginx.conf ./etc/$pkgname/nginx.conf
install -Dm644 "$srcdir"/default.conf ./etc/$pkgname/conf.d/default.conf
install -Dm755 "$srcdir"/$pkgname.initd ./etc/init.d/$pkgname
install -Dm644 "$srcdir"/$pkgname.confd ./etc/conf.d/$pkgname
install -Dm644 "$srcdir"/$pkgname.logrotate ./etc/logrotate.d/$pkgname
install -dm755 ./etc/$pkgname/modules
install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname
install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname/tmp
install -dm755 -g $_grp_www ./var/www/localhost/htdocs
install -dm755 ./var/log
mv ./var/lib/$pkgname/logs ./var/log/$pkgname
ln -sf /$_modules_dir ./var/lib/$pkgname/modules
ln -sf /var/log/$pkgname ./var/lib/$pkgname/logs
ln -sf /run/$pkgname ./var/lib/$pkgname/run
# Remove archaic charset maps.
rm ./etc/$pkgname/koi-* ./etc/$pkgname/win-utf
rm -rf ./run ./etc/$pkgname/*.default
}
# http://nginx.org/en/docs/debugging_log.html
debug() {
pkgdesc="nginx built with support for debugging log"
depends="$pkgname=$pkgver-r$pkgrel"
options="!strip"
install -Dm755 "$builddir"/objs-debug/nginx "$subpkgdir"/usr/sbin/nginx-debug
}
vim() {
pkgdesc="$pkgdesc (vim syntax)"
install_if="vim $pkgname=$pkgver-r$pkgrel"
depends=
mkdir -p "$subpkgdir"/usr/share/vim
cp -r "$builddir"/contrib/vim "$subpkgdir"/usr/share/vim/vimfiles
}
_module() {
local name="${subpkgname#$pkgname-mod-}"
name="${name//-/_}"
local sonames="$(eval "echo \$_${name}_so")";
sonames="${sonames:-"ngx_${name}_module.so"}"
pkgdesc="$pkgdesc (module $name)"
depends="$pkgname $(eval "echo \$_${name}_depends")"
provides="$(eval "echo \$_${name}_provides")"
mkdir -p "$subpkgdir"/$_modules_dir
mkdir -p "$subpkgdir"/etc/nginx/modules
cd "$subpkgdir"
local soname; for soname in $sonames; do
mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname
echo "load_module \"modules/$soname\";" >> ./etc/nginx/modules/$name.conf
done
case "$name" in
http_perl)
mv "$pkgdir"/usr/lib/perl5 "$subpkgdir"/usr/lib/
;;
http_naxsi)
install -m644 -D "$srcdir"/naxsi-*/naxsi_config/naxsi_core.rules \
./etc/nginx/naxsi_core.rules
;;
esac
}
sha512sums="8c21eeb62ab6e32e436932500f700bd2fb99fd2d29e43c08a5bfed4714c189c29c7141db551fcd5d2437303b7439f71758f7407dfd3e801e704e45e7daa78ddb nginx-1.18.0.tar.gz
34b112d0cad5b6aeca58a7cfccbbb7626f2ae295e76e39048a226e5c375bf0371175d3fec2b893634d94b52ce4ba37b8079ecfefb4d435da84b24688fe374384 nginx-tests-c1d167a13c24.tar.gz
e9e96c8e2daf9e6007d9b878eebae9f7f7ab7622edf81d9561688844379aae461fe2e30a103d5bdc0564330f804cd40e6654141933cd7f7ec292849653ebc560 nginx-njs-0.3.8.tar.gz
ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41 nginx.conf
0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3 default.conf
09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb nginx.logrotate
ee10a5687740dde0c3d18d8b3555f49fcdc6abfc0a3bc2de1de3be0e99951a346fe8027d916aab73071ecd4e2c50871e7c867aca3a7a0fd16e3374c5caed1c57 nginx.initd
0b9b9ed01ac077e334c034faa2679f6e26740fb3362eebf8cef82d22b2af2a3faaa53bae3c9e14af51cbf64720a7c66431905ca5cc43f978366456cc4e3b7f4a nginx.confd
de1e3349d8dd08e5982279b2219dc8a8006739f0409b8e0f5c50d93434beff1fbafba43e9c5ac85a5fab90afc5c0a7244a340610339c36f82f2cba7233e72de9 ngx_devel_kit-0.3.1.tar.gz
05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d ngx_brotli-1.0.0rc.tar.gz
1f6c15b148856e5d258ed804b8340ae286e8ef925128ba230c59c24c3412c60e58952be4511e8360695cb5301268a9a3407760b0887323e6f46ccc9e81a73642 ngx_cache_purge-2.5.tar.gz
d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde nginx-dav-ext-module-3.0.0.tar.gz
c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b echo-nginx-module-0.61.tar.gz
bf8ebb188c10fee5e6ebcb338fe20fdf859bb88d9b2b0e3da6f3e2f1847738d30760d2642d0dfe257092bdf2399b561631556a3a8e2fb33dc9cd0c59d371c173 ngx-fancyindex-0.4.4.tar.gz
13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37 headers-more-nginx-module-0.33.tar.gz
1feea538464275e6e571860592628ad639b2259c8aab7f38575b81c0b355f1ade32a91643267bc9ec16519e3bcf3d132511513dc8c949f74a3bff975c85d8ff7 lua-nginx-module-0.10.15.tar.gz
72887c4490854b099cb26bb3f840073a36b0d812bde4486f04dc1be182ca74f0d1e3fd709e77c240c2dcf37665f74cf04e188ea9efe8e127c6789b27b487d0cd lua-upstream-nginx-module-0.07.tar.gz
d8b0e79c2b9cf4dd0b3ba8bfeeca86795b1206ec2a468829e6fd20c2286c9a8f75ad135424590cfb3a9d9cded5cefde4f19ba9e36d63a0ff95487d7139732bd9 nchan-1.2.7.tar.gz
1730845ea2e52be8c2f6cfceb2894304c5a07959a96940bb1617ee0e7cf81d22283304f411d9a219ddb71e4d9a66012bba0f6f5574d101aeb3c406f26c5d6a4e nginx-http-shibboleth-2.0.1.tar.gz
d6ca250db8de93edbd7875afca35e73cecdaf82132d1a7ee933cf94c6b8afa8e629e9e647a9321f2bc1fbb92137ec0d32dcd89b82ac5fae31e342537fb7e0431 redis2-nginx-module-0.15.tar.gz
5590526f60c99630f99a49bfa9e3455baee6d58cd2a1419eab1367a838dafb87a50f5e2607aa8ac557b90dbf633dcf61069c997b3526cddc8f2fc45820a7bc3b set-misc-nginx-module-0.32.tar.gz
c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c nginx-upload-progress-module-0.9.2.tar.gz
8adb7453c27748f4e685e3352e9b318b408da818754dc5b6244e908423941a8ba337561104f6e481f2553cbc0e334dcea73b57f8e810a9d6e974bb69ff8859e5 nginx-upstream-fair-0.1.3.tar.gz
4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922 nginx-rtmp-module-1.2.1.tar.gz
11a97ffa28d6078aa57ad1821421928f6e2a05235a2f384cd2b498e7998f1025edc1ee163a900937ee251b49bd9381813e71248e67d537531b91a998b1610c56 nginx-vod-module-1.25.tar.gz
06963b598c54e22d75ce837fb222f5aa6c9494c29e558ff46f1205d7159fc305414bfac4ed3288c836dcbf7628d92f26458e1992d34fc2f4b73275a32847bdc0 ngx_http_geoip2_module-3.3.tar.gz
4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd naxsi-0.56.tar.gz"
|