diff options
author | Haruue Icymoon | 2017-12-07 16:06:42 +0800 |
---|---|---|
committer | Haruue Icymoon | 2017-12-07 16:08:25 +0800 |
commit | 326f2bb2189a778d5017cf270af25124a7d07b09 (patch) | |
tree | 345e83495c10e2ce4e24a2fde48b0b4a2b612161 | |
download | aur-326f2bb2189a778d5017cf270af25124a7d07b09.tar.gz |
init: nginx-mainline-openssl-weak
Signed-off-by: Haruue Icymoon <haruue@caoyue.com.cn>
-rw-r--r-- | .SRCINFO | 36 | ||||
-rw-r--r-- | .gitignore | 3 | ||||
-rw-r--r-- | PKGBUILD | 145 | ||||
-rw-r--r-- | logrotate | 10 | ||||
-rw-r--r-- | nginx.install | 12 | ||||
-rw-r--r-- | service | 17 |
6 files changed, 223 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..c4c49b7a343f --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,36 @@ +pkgbase = nginx-mainline-openssl-weak + pkgdesc = Lightweight HTTP server and IMAP/POP3 proxy server, mainline release, with weak openssl ciphers enabled for IE8 + pkgver = 1.13.7+openssl_1.1.0g + pkgrel = 1 + url = https://nginx.org + install = nginx.install + arch = x86_64 + license = custom + makedepends = mercurial + depends = pcre + depends = zlib + depends = openssl + depends = geoip + depends = mailcap + provides = nginx=1.13.7 + conflicts = nginx + backup = etc/nginx/fastcgi.conf + backup = etc/nginx/fastcgi_params + backup = etc/nginx/koi-win + backup = etc/nginx/koi-utf + backup = etc/nginx/nginx.conf + backup = etc/nginx/scgi_params + backup = etc/nginx/uwsgi_params + backup = etc/nginx/win-utf + backup = etc/logrotate.d/nginx + source = https://nginx.org/download/nginx-1.13.7.tar.gz + source = service + source = logrotate + source = https://www.openssl.org/source/openssl-1.1.0g.tar.gz + md5sums = 5fcd056b40cb5c47b053fb14a2a89e7d + md5sums = ef491e760e7c1ffec9ca25441a150c83 + md5sums = 6a01fb17af86f03707c8ae60f98a2dc2 + md5sums = ba5f1b8b835b88cadbce9b35ed9531a6 + +pkgname = nginx-mainline-openssl-weak + diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000000..f9e46d035853 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.tar.* +/src +/pkg diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..3c43251dd7d7 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,145 @@ +# Maintainer: Haruue Icymoon <haruue@caoyue.com.cn> +# Contributor: Giancarlo Razzolini <grazzolini@archlinux.org> +# Contributor: Bartłomiej Piotrowski <bpiotrowski@archlinux.org> +# Contributor: Sébastien Luttringer +# Contributor: Drew DeVault + +pkgname=nginx-mainline-openssl-weak +pkgver=1.13.7+openssl_1.1.0g +pkgrel=1 +pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server, mainline release, with weak openssl ciphers enabled for IE8' +arch=(x86_64) +_basename=nginx +_nginx_ver=1.13.7 +_openssl_ver="1.1.0g" +url='https://nginx.org' +license=(custom) +depends=(pcre zlib openssl geoip mailcap) +makedepends=(mercurial) +backup=(etc/nginx/fastcgi.conf + etc/nginx/fastcgi_params + etc/nginx/koi-win + etc/nginx/koi-utf + etc/nginx/nginx.conf + etc/nginx/scgi_params + etc/nginx/uwsgi_params + etc/nginx/win-utf + etc/logrotate.d/nginx) +install=nginx.install +provides=("nginx=$_nginx_ver") +conflicts=('nginx') +source=($url/download/nginx-$_nginx_ver.tar.gz + service + logrotate + "https://www.openssl.org/source/openssl-$_openssl_ver.tar.gz") +#validpgpkeys=('B0F4253373F8F6F510D42178520A9993A1C052F8') # Maxim Dounin <mdounin@mdounin.ru> +md5sums=('5fcd056b40cb5c47b053fb14a2a89e7d' + 'ef491e760e7c1ffec9ca25441a150c83' + '6a01fb17af86f03707c8ae60f98a2dc2' + 'ba5f1b8b835b88cadbce9b35ed9531a6') + +_common_flags=( + --with-compat + --with-file-aio + --with-http_addition_module + --with-http_auth_request_module + --with-http_dav_module + --with-http_degradation_module + --with-http_flv_module + --with-http_geoip_module + --with-http_gunzip_module + --with-http_gzip_static_module + --with-http_mp4_module + --with-http_realip_module + --with-http_secure_link_module + --with-http_slice_module + --with-http_ssl_module + --with-http_stub_status_module + --with-http_sub_module + --with-http_v2_module + --with-mail + --with-mail_ssl_module + --with-pcre-jit + --with-stream + --with-stream_geoip_module + --with-stream_realip_module + --with-stream_ssl_module + --with-stream_ssl_preread_module + --with-threads +) + +_mainline_flags=( +) + +_openssl_flags=( + --with-openssl="../openssl-$_openssl_ver" + --with-openssl-opt=enable-weak-ssl-ciphers +) + +pkgver() { + echo "$_nginx_ver+openssl_$_openssl_ver" +} + +build() { + cd $_basename-$_nginx_ver + ./configure \ + --prefix=/etc/nginx \ + --conf-path=/etc/nginx/nginx.conf \ + --sbin-path=/usr/bin/nginx \ + --pid-path=/run/nginx.pid \ + --lock-path=/run/lock/nginx.lock \ + --user=http \ + --group=http \ + --http-log-path=/var/log/nginx/access.log \ + --error-log-path=stderr \ + --http-client-body-temp-path=/var/lib/nginx/client-body \ + --http-proxy-temp-path=/var/lib/nginx/proxy \ + --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ + --http-scgi-temp-path=/var/lib/nginx/scgi \ + --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ + --with-cc-opt="$CFLAGS $CPPFLAGS" \ + --with-ld-opt="$LDFLAGS" \ + ${_common_flags[@]} \ + ${_mainline_flags[@]} \ + ${_openssl_flags[@]} + + make +} + +package() { + cd $_basename-$_nginx_ver + make DESTDIR="$pkgdir" install + + sed -e 's|\<user\s\+\w\+;|user html;|g' \ + -e '44s|html|/usr/share/nginx/html|' \ + -e '54s|html|/usr/share/nginx/html|' \ + -i "$pkgdir"/etc/nginx/nginx.conf + + rm "$pkgdir"/etc/nginx/*.default + rm "$pkgdir"/etc/nginx/mime.types # in mailcap + + install -d "$pkgdir"/var/lib/nginx + install -dm700 "$pkgdir"/var/lib/nginx/proxy + + chmod 755 "$pkgdir"/var/log/nginx + chown root:root "$pkgdir"/var/log/nginx + + install -d "$pkgdir"/usr/share/nginx + mv "$pkgdir"/etc/nginx/html/ "$pkgdir"/usr/share/nginx + + install -Dm644 ../logrotate "$pkgdir"/etc/logrotate.d/nginx + install -Dm644 ../service "$pkgdir"/usr/lib/systemd/system/nginx.service + install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$_basename/LICENSE + + rmdir "$pkgdir"/run + + install -d "$pkgdir"/usr/share/man/man8/ + gzip -9c man/nginx.8 > "$pkgdir"/usr/share/man/man8/nginx.8.gz + + for i in ftdetect indent syntax; do + install -Dm644 contrib/vim/$i/nginx.vim \ + "$pkgdir/usr/share/vim/vimfiles/$i/nginx.vim" + done +} + +# vim:set ts=8 sts=2 sw=2 et: diff --git a/logrotate b/logrotate new file mode 100644 index 000000000000..e0afbb927021 --- /dev/null +++ b/logrotate @@ -0,0 +1,10 @@ +/var/log/nginx/*log { + missingok + notifempty + create 640 http log + sharedscripts + compress + postrotate + test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid` + endscript +} diff --git a/nginx.install b/nginx.install new file mode 100644 index 000000000000..90d24a5905b3 --- /dev/null +++ b/nginx.install @@ -0,0 +1,12 @@ +post_upgrade() { + if (( $(vercmp $2 1.11.8-2) < 0)); then + chown root:root var/log/nginx + fi + + if (( $(vercmp $2 1.11.9-2) < 0 )); then + chmod 755 var/log/nginx + echo ':: Security notice:' + echo ' - When additional log directories are used in /var/log/nginx make sure they' + echo ' are owned by root:root and have 755 set as permission to mitigate CVE-2016-1247' + fi +} diff --git a/service b/service new file mode 100644 index 000000000000..365bc9568e0c --- /dev/null +++ b/service @@ -0,0 +1,17 @@ +[Unit] +Description=A high performance web server and a reverse proxy server +After=network.target network-online.target nss-lookup.target + +[Service] +Type=forking +PIDFile=/run/nginx.pid +PrivateDevices=yes +SyslogLevel=err + +ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log stderr;' +ExecReload=/usr/bin/nginx -s reload +KillSignal=SIGQUIT +KillMode=mixed + +[Install] +WantedBy=multi-user.target |