APKBUILD 12.8 KB
Newer Older
1
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
2 3
# Contributor: Jeff Bilyk <jbilyk@gmail.com>
# Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl>
4
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
5 6
#
# secfixes:
7 8 9 10
#   1.16.1-r0:
#     - CVE-2019-9511
#     - CVE-2019-9513
#     - CVE-2019-9516
11 12 13 14
#   1.14.1-r0:
#     - CVE-2018-16843
#     - CVE-2018-16844
#     - CVE-2018-16845
15 16 17
#   1.12.1-r0:
#     - CVE-2017-7529
#
18
pkgname=nginx
19 20
# NOTE: Upgrade only to even-numbered versions (e.g. 1.14.z, 1.16.z)!
# Odd-numbered versions are mainline (development) versions.
21
pkgver=1.16.1
J0WI's avatar
J0WI committed
22
pkgrel=1
Jakub Jirutka's avatar
Jakub Jirutka committed
23
# Revision of nginx-tests to use for check().
24
_tests_hgrev=40e5f2a0a238
J0WI's avatar
J0WI committed
25
_njs_ver=0.3.5
26
pkgdesc="HTTP and reverse proxy server (stable version)"
J0WI's avatar
J0WI committed
27
url="https://www.nginx.org/"
28
arch="all"
Jakub Jirutka's avatar
Jakub Jirutka committed
29
license="BSD-2-Clause"
30
depends=""
31 32 33
makedepends="
	gd-dev
	geoip-dev
34
	libmaxminddb-dev
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54
	libxml2-dev
	libxslt-dev
	linux-headers
	openssl-dev
	paxmark
	pcre-dev
	perl-dev
	pkgconf
	zlib-dev
	"
checkdepends="
	gd
	perl
	perl-fcgi
	perl-io-socket-ssl
	perl-net-ssleay
	perl-protocol-websocket
	tzdata
	uwsgi-python
	"
55 56 57 58
pkgusers="nginx"
_grp_ngx="nginx"
_grp_www="www-data"
pkggroups="$_grp_ngx $_grp_www"
59
install="$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgrade"
60 61
subpackages="$pkgname-doc $pkgname-vim::noarch"
replaces="$pkgname-common $pkgname-initscripts $pkgname-lua $pkgname-rtmp"
62 63
source="https://nginx.org/download/$pkgname-$pkgver.tar.gz
	$pkgname-tests-$_tests_hgrev.tar.gz::https://hg.nginx.org/nginx-tests/archive/$_tests_hgrev.tar.gz
64
	$pkgname-njs-$_njs_ver.tar.gz::https://hg.nginx.org/njs/archive/$_njs_ver.tar.gz
65 66
	nginx.conf
	default.conf
67 68
	$pkgname.logrotate
	$pkgname.initd
69
	"
70
builddir="$srcdir/$pkgname-$pkgver"
71

Jakub Jirutka's avatar
Jakub Jirutka committed
72
_modules_dir="usr/lib/$pkgname/modules"
73
_stream_js_depends="$pkgname-mod-stream"
Jakub Jirutka's avatar
Jakub Jirutka committed
74

75
# luajit is not available for s390x.
76
_skip_luajit=
77
case "$CARCH" in
78
	s390x) makedepends="$makedepends lua5.1-dev"; _skip_luajit=true;;
79 80 81
	*) makedepends="$makedepends luajit-dev";;
esac

Jakub Jirutka's avatar
Jakub Jirutka committed
82 83 84 85
# Built-in dynamic modules
for _mod in \
	http-geoip \
	http-image-filter \
86
	http-js \
Jakub Jirutka's avatar
Jakub Jirutka committed
87 88 89 90
	http-perl \
	http-xslt-filter \
	mail \
	stream \
91 92
	stream-geoip \
	stream-js
Jakub Jirutka's avatar
Jakub Jirutka committed
93 94
do
	subpackages="$subpackages $pkgname-mod-$_mod:_module"
95 96
done

Jakub Jirutka's avatar
Jakub Jirutka committed
97 98 99 100
# Third-party dynamic modules

# For simplicity we assume that module is hosted on GitHub.
_add_module() {
101
	local name="$1" ver="$2" url="$3" skip="$4"
Jakub Jirutka's avatar
Jakub Jirutka committed
102 103
	local dirname="${url##*/}-${ver#v}"

104 105
	# we need to include source even if module is skipped for this architecture,
	# due to the static checksums list.
Jakub Jirutka's avatar
Jakub Jirutka committed
106
	source="$source $dirname.tar.gz::$url/archive/$ver.tar.gz"
107 108 109 110
	if [ -z "$skip" ]; then
		subpackages="$subpackages $pkgname-mod-$name:_module"
		_extra_flags="$_extra_flags --add-dynamic-module=$srcdir/$dirname"
	fi
Jakub Jirutka's avatar
Jakub Jirutka committed
111 112 113 114 115
}

_add_module "devel-kit" "v0.3.0" "https://github.com/simpl/ngx_devel_kit"
_devel_kit_so="ndk_http_module.so"

116
_add_module "http-cache-purge" "2.5" "https://github.com/nginx-modules/ngx_cache_purge"
117

118
_add_module "http-echo" "v0.61" "https://github.com/openresty/echo-nginx-module"
Jakub Jirutka's avatar
Jakub Jirutka committed
119

120
_add_module "http-fancyindex" "v0.4.3" "https://github.com/aperezdc/ngx-fancyindex"
Jakub Jirutka's avatar
Jakub Jirutka committed
121

122
_add_module "http-headers-more" "v0.33" "https://github.com/openresty/headers-more-nginx-module"
Jakub Jirutka's avatar
Jakub Jirutka committed
123 124
_http_headers_more_so="ngx_http_headers_more_filter_module.so"

125 126
# luajit is required for lua-nginx-module since v0.10.14
_add_module "http-lua" "v0.10.15" "https://github.com/openresty/lua-nginx-module" $_skip_luajit
Jakub Jirutka's avatar
Jakub Jirutka committed
127 128 129
_http_lua_depends="$pkgname-mod-devel-kit"
_http_lua_provides="$pkgname-lua"  # for backward compatibility

130
_add_module "http-lua-upstream" "v0.07" "https://github.com/openresty/lua-upstream-nginx-module" $_skip_luajit
131 132
_http_lua_upstream_depends="$pkgname-mod-http-lua"

J0WI's avatar
J0WI committed
133
_add_module "http-nchan" "v1.2.5" "https://github.com/slact/nchan"
Jakub Jirutka's avatar
Jakub Jirutka committed
134 135
_http_nchan_so="ngx_nchan_module.so"

136 137
_add_module "http-shibboleth" "v2.0.1" "https://github.com/nginx-shib/nginx-http-shibboleth"

138
_add_module "http-redis2" "v0.15" "https://github.com/openresty/redis2-nginx-module"
139

140
_add_module "http-set-misc" "v0.32" "https://github.com/openresty/set-misc-nginx-module"
141 142
_http_set_misc_depends="$pkgname-mod-devel-kit"

Jakub Jirutka's avatar
Jakub Jirutka committed
143 144 145
_add_module "http-upload-progress" "v0.9.2" "https://github.com/masterzen/nginx-upload-progress-module"
_http_upload_progress_so="ngx_http_uploadprogress_module.so"

146
_add_module "http-upstream-fair" "0.1.3" "https://github.com/itoffshore/nginx-upstream-fair"
147

148
_add_module "rtmp" "v1.2.1" "https://github.com/arut/nginx-rtmp-module"
Jakub Jirutka's avatar
Jakub Jirutka committed
149 150
_rtmp_provides="$pkgname-rtmp"  # for backward compatibility

151
_add_module "http-vod" "1.24" "https://github.com/kaltura/nginx-vod-module"
152

153
_add_module "http-geoip2" "3.2" "https://github.com/leev/ngx_http_geoip2_module"
154
_http_geoip2_so="ngx_http_geoip2_module.so ngx_stream_geoip2_module.so"
155

156 157 158 159 160 161 162 163 164 165 166 167 168 169 170
prepare() {
	local file; for file in $source; do
		case $file in
		*~*.patch)
			msg $file
			cd "$srcdir"/${file%%~*}-*
			patch -p 1 -i "$srcdir/$file"
			;;
		*.patch)
			msg $file
			cd "$builddir"
			patch -p 1 -i "$srcdir/$file"
			;;
		esac
	done
171 172 173

	# This test requires superuser privileges and CAP_NET_ADMIN.
	rm "$srcdir"/nginx-tests-*/proxy_bind_transparent.t
174
	rm "$srcdir"/nginx-tests-*/proxy_bind_transparent_capability.t
J0WI's avatar
J0WI committed
175 176
	# Travis and Drone.io does not support IPv6...
	rm -f "$srcdir"/nginx-tests-*/upstream_ip_hash_ipv6.t
177 178
}

179 180
build() {
	cd "$builddir"
181

182 183
	export LUAJIT_LIB="$(pkgconf --variable=libdir luajit)"
	export LUAJIT_INC="$(pkgconf --variable=includedir luajit)"
184
	./configure \
185
		--prefix=/var/lib/$pkgname \
186
		--sbin-path=/usr/sbin/$pkgname \
187
		--modules-path=/$_modules_dir \
188 189 190
		--conf-path=/etc/$pkgname/$pkgname.conf \
		--pid-path=/run/$pkgname/$pkgname.pid \
		--lock-path=/run/$pkgname/$pkgname.lock \
191 192 193 194 195
		--http-client-body-temp-path=/var/lib/$pkgname/tmp/client_body \
		--http-proxy-temp-path=/var/lib/$pkgname/tmp/proxy \
		--http-fastcgi-temp-path=/var/lib/$pkgname/tmp/fastcgi \
		--http-uwsgi-temp-path=/var/lib/$pkgname/tmp/uwsgi \
		--http-scgi-temp-path=/var/lib/$pkgname/tmp/scgi \
196
		--with-perl_modules_path=/usr/lib/perl5/vendor_perl \
197
		\
198 199
		--user=$pkgusers \
		--group=$_grp_ngx \
200 201 202
		--with-threads \
		--with-file-aio \
		\
203
		--with-http_ssl_module \
204
		--with-http_v2_module \
205 206
		--with-http_realip_module \
		--with-http_addition_module \
207 208 209
		--with-http_xslt_module=dynamic \
		--with-http_image_filter_module=dynamic \
		--with-http_geoip_module=dynamic \
210 211 212 213 214
		--with-http_sub_module \
		--with-http_dav_module \
		--with-http_flv_module \
		--with-http_mp4_module \
		--with-http_gunzip_module \
215
		--with-http_gzip_static_module \
216
		--with-http_auth_request_module \
217 218
		--with-http_random_index_module \
		--with-http_secure_link_module \
219
		--with-http_degradation_module \
220
		--with-http_slice_module \
221
		--with-http_stub_status_module \
222 223
		--with-http_perl_module=dynamic \
		--with-mail=dynamic \
224
		--with-mail_ssl_module \
225
		--with-stream=dynamic \
226
		--with-stream_ssl_module \
227 228 229
		--with-stream_realip_module \
		--with-stream_geoip_module=dynamic \
		--with-stream_ssl_preread_module \
230
		\
231
		--add-dynamic-module="$srcdir/njs-$_njs_ver/nginx" \
232
		$_extra_flags
233

234
	make
235 236
}

237
check() {
238
	msg "Running nginx tests..."
Jakub Jirutka's avatar
Jakub Jirutka committed
239
	cd "$srcdir"/nginx-tests-*
240
	TEST_NGINX_BINARY="$builddir/objs/nginx" prove .
241 242 243 244

	msg "Running njs tests..."
	cd "$srcdir"/njs-*
	make test
245 246
}

247
package() {
248 249
	cd "$builddir"

250
	make DESTDIR="$pkgdir" install
251

252 253 254
	# Disable some PaX protections; this is needed for Lua module.
	local paxflags="-m"
	[ "$CARCH" = "x86" ] && paxflags="-msp"
255
	paxmark $paxflags "$pkgdir"/usr/sbin/nginx
256

257 258 259
	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
	install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README

260
	install -Dm644 objs/$pkgname.8 "$pkgdir"/usr/share/man/man8/$pkgname.8
261

Jakub Jirutka's avatar
Jakub Jirutka committed
262
	local name; for name in ngx_devel_kit lua-nginx-module nginx-rtmp-module; do
263
		cp -r "$srcdir"/$name-*/doc* "$pkgdir"/usr/share/doc/$pkgname/$name
Jakub Jirutka's avatar
Jakub Jirutka committed
264
	done
265

266
	cd "$pkgdir"
267

268 269 270 271
	install -Dm644 "$srcdir"/nginx.conf ./etc/$pkgname/nginx.conf
	install -Dm644 "$srcdir"/default.conf ./etc/$pkgname/conf.d/default.conf
	install -Dm755 "$srcdir"/$pkgname.initd ./etc/init.d/$pkgname
	install -Dm644 "$srcdir"/$pkgname.logrotate ./etc/logrotate.d/$pkgname
272

273 274
	install -dm755 ./etc/$pkgname/modules
	install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname
275
	install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname/tmp
276
	install -dm755 -g $_grp_www ./var/www/localhost/htdocs
277

278
	install -dm755 ./var/log
279
	mv ./var/lib/$pkgname/logs ./var/log/$pkgname
280

281 282 283
	ln -sf /$_modules_dir ./var/lib/$pkgname/modules
	ln -sf /var/log/$pkgname ./var/lib/$pkgname/logs
	ln -sf /run/$pkgname ./var/lib/$pkgname/run
284

285 286 287
	# Remove archaic charset maps.
	rm ./etc/$pkgname/koi-* ./etc/$pkgname/win-utf

288
	rm -rf ./run ./etc/$pkgname/*.default
289 290
}

291 292
vim() {
	pkgdesc="$pkgdesc (vim syntax)"
293
	install_if="vim $pkgname=$pkgver-r$pkgrel"
294 295 296 297
	depends=

	mkdir -p "$subpkgdir"/usr/share/vim
	cp -r "$builddir"/contrib/vim "$subpkgdir"/usr/share/vim/vimfiles
298
}
299

300
_module() {
301 302
	local name="${subpkgname#$pkgname-mod-}"
	name="${name//-/_}"
303 304
	local sonames="$(eval "echo \$_${name}_so")";
	sonames="${sonames:-"ngx_${name}_module.so"}"
305

306
	pkgdesc="$pkgdesc (module $name)"
307 308
	depends="$pkgname $(eval "echo \$_${name}_depends")"
	provides="$(eval "echo \$_${name}_provides")"
309

310
	mkdir -p "$subpkgdir"/$_modules_dir
311
	mkdir -p "$subpkgdir"/etc/nginx/modules
312

313
	cd "$subpkgdir"
314

315 316 317 318
	local soname; for soname in $sonames; do
		mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname
		echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf
	done
319 320
}

321 322
sha512sums="17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437  nginx-1.16.1.tar.gz
69ebc81dba60c062e3a0e1ba0a7e1f2c2bf74f38f2bbd4dd0c5608e6c6965b819dc3c57fe21b596c1faceef61bc4a1c804eb9634f8824d62bc9293d17cd2bab2  nginx-tests-40e5f2a0a238.tar.gz
J0WI's avatar
J0WI committed
323
e7e11b5ed8703adac1d4fb3b8e82731f868eb6c1cad405e9664f3761733ebfaa9a122517ac78cf4ef93d8d78cdb58d36bdbd96dff164079a3a18e9eba60f4aae  nginx-njs-0.3.5.tar.gz
324 325 326
ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41  nginx.conf
0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3  default.conf
09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb  nginx.logrotate
327
eb183860cd511361346e4079c1fcf470985e1c3b2a034a57f8b2a92ba851fed99256261f9b779770a5f57e3750e9e71bd1550a9d19ad9bf3a4d288864f0374a2  nginx.initd
328
558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614  ngx_devel_kit-0.3.0.tar.gz
329
1f6c15b148856e5d258ed804b8340ae286e8ef925128ba230c59c24c3412c60e58952be4511e8360695cb5301268a9a3407760b0887323e6f46ccc9e81a73642  ngx_cache_purge-2.5.tar.gz
330
c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b  echo-nginx-module-0.61.tar.gz
331
fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1  ngx-fancyindex-0.4.3.tar.gz
332
13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37  headers-more-nginx-module-0.33.tar.gz
333
1feea538464275e6e571860592628ad639b2259c8aab7f38575b81c0b355f1ade32a91643267bc9ec16519e3bcf3d132511513dc8c949f74a3bff975c85d8ff7  lua-nginx-module-0.10.15.tar.gz
334
72887c4490854b099cb26bb3f840073a36b0d812bde4486f04dc1be182ca74f0d1e3fd709e77c240c2dcf37665f74cf04e188ea9efe8e127c6789b27b487d0cd  lua-upstream-nginx-module-0.07.tar.gz
J0WI's avatar
J0WI committed
335
016bbc4a33dccb4f06d43d32b132159473f26b96df2366f6eea246c695073842bcd6252a71873f42032fa47404cbbf9e34ac80f2ea819a9196491ef6c58713f7  nchan-1.2.5.tar.gz
336
1730845ea2e52be8c2f6cfceb2894304c5a07959a96940bb1617ee0e7cf81d22283304f411d9a219ddb71e4d9a66012bba0f6f5574d101aeb3c406f26c5d6a4e  nginx-http-shibboleth-2.0.1.tar.gz
337 338
d6ca250db8de93edbd7875afca35e73cecdaf82132d1a7ee933cf94c6b8afa8e629e9e647a9321f2bc1fbb92137ec0d32dcd89b82ac5fae31e342537fb7e0431  redis2-nginx-module-0.15.tar.gz
5590526f60c99630f99a49bfa9e3455baee6d58cd2a1419eab1367a838dafb87a50f5e2607aa8ac557b90dbf633dcf61069c997b3526cddc8f2fc45820a7bc3b  set-misc-nginx-module-0.32.tar.gz
339
c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c  nginx-upload-progress-module-0.9.2.tar.gz
340
8adb7453c27748f4e685e3352e9b318b408da818754dc5b6244e908423941a8ba337561104f6e481f2553cbc0e334dcea73b57f8e810a9d6e974bb69ff8859e5  nginx-upstream-fair-0.1.3.tar.gz
341
4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922  nginx-rtmp-module-1.2.1.tar.gz
342 343
daa9b23858937e57f1bcd5f4400b33155ab4e0e455eea01d80eec5285fc85bd10db63d80a1560f1fea51914a4eb4c59cc54110b7e4de208adbf52ea691cfd6d9  nginx-vod-module-1.24.tar.gz
84b26955234e29dbfbf2431b652fcc453c5e86b95f837296df4f3d6c730e3e0773223dae890eebfc9b5763f46082bde6f38d6505b8bf78133b89e7297016cc5d  ngx_http_geoip2_module-3.2.tar.gz"