diff options
| author | Kasei Wang | 2021-03-23 19:18:43 +0800 |
|---|---|---|
| committer | Kasei Wang | 2021-03-23 19:18:43 +0800 |
| commit | dfc1ce3cb170c1bbe7b6c90941ff62d7473e732b (patch) | |
| tree | cabc93b95d605be28b3b2345311f01aeaa51b42e | |
| download | aur-dfc1ce3cb170c1bbe7b6c90941ff62d7473e732b.tar.gz | |
addpkg: nginx-quiche 1.16.1-1
| -rw-r--r-- | .SRCINFO | 55 | ||||
| -rw-r--r-- | PKGBUILD | 174 | ||||
| -rw-r--r-- | logrotate | 10 | ||||
| -rw-r--r-- | nginx.install | 27 | ||||
| -rw-r--r-- | service | 16 |
5 files changed, 282 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..3d105b63b514 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,55 @@ +pkgbase = nginx + pkgdesc = Lightweight HTTP server and IMAP/POP3 proxy server + pkgver = 1.16.1 + pkgrel = 1 + url = https://nginx.org + install = nginx.install + arch = x86_64 + license = custom + checkdepends = perl + checkdepends = perl-gd + checkdepends = perl-io-socket-ssl + checkdepends = perl-fcgi + checkdepends = perl-cache-memcached + checkdepends = memcached + checkdepends = ffmpeg + checkdepends = inetutils + makedepends = git + makedepends = mercurial + makedepends = cmake + makedepends = rust + depends = pcre + depends = zlib + depends = openssl + depends = geoip + depends = mailcap + backup = etc/nginx/fastcgi.conf + backup = etc/nginx/fastcgi_params + backup = etc/nginx/koi-win + backup = etc/nginx/koi-utf + backup = etc/nginx/nginx.conf + backup = etc/nginx/scgi_params + backup = etc/nginx/uwsgi_params + backup = etc/nginx/win-utf + backup = etc/logrotate.d/nginx + source = https://nginx.org/download/nginx-1.16.1.tar.gz + source = https://nginx.org/download/nginx-1.16.1.tar.gz.asc + source = hg+http://hg.nginx.org/nginx-tests#revision=ddbde6c5b0cd + source = https://github.com/cloudflare/quiche/archive/0.7.0.tar.gz + source = git+https://boringssl.googlesource.com/boringssl#commit=597b810379e126ae05d32c1d94b1a9464385acd0 + source = service + source = logrotate + validpgpkeys = B0F4253373F8F6F510D42178520A9993A1C052F8 + md5sums = 45a80f75336c980d240987badc3dcf60 + md5sums = SKIP + md5sums = SKIP + md5sums = c308dfc84e69c14206c3cdfde92a259d + md5sums = SKIP + md5sums = ba2e3b08ce0f0fff7cced624d0ecf7cc + md5sums = 6a01fb17af86f03707c8ae60f98a2dc2 + +pkgname = nginx + +pkgname = nginx-src + depends = + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..a616917e8b59 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,174 @@ +# Maintainer: Bartłomiej Piotrowski <bpiotrowski@archlinux.org> +# Contributor: Sébastien Luttringer +# Contributor: Sergej Pupykin <pupykin.s+arch@gmail.com> +# Contributor: Miroslaw Szot <mss@czlug.icis.pcz.pl> +# Contributor: Daniel Micay <danielmicay@gmail.com> + +pkgbase=nginx +pkgname=(nginx nginx-src) +pkgver=1.16.1 +pkgrel=1 +_quichever=0.7.0 +pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server' +arch=(x86_64) +url='https://nginx.org' +license=(custom) +depends=(pcre zlib openssl geoip mailcap) +makedepends=(git mercurial cmake rust) +checkdepends=(perl perl-gd perl-io-socket-ssl perl-fcgi perl-cache-memcached + memcached ffmpeg inetutils) +backup=(etc/nginx/fastcgi.conf + etc/nginx/fastcgi_params + etc/nginx/koi-win + etc/nginx/koi-utf + etc/nginx/nginx.conf + etc/nginx/scgi_params + etc/nginx/uwsgi_params + etc/nginx/win-utf + etc/logrotate.d/nginx) +install=nginx.install +source=(https://nginx.org/download/nginx-$pkgver.tar.gz{,.asc} + hg+http://hg.nginx.org/nginx-tests#revision=ddbde6c5b0cd + https://github.com/cloudflare/quiche/archive/$_quichever.tar.gz + git+https://boringssl.googlesource.com/boringssl#commit=597b810379e126ae05d32c1d94b1a9464385acd0 + service + logrotate) +validpgpkeys=(B0F4253373F8F6F510D42178520A9993A1C052F8) # Maxim Dounin <mdounin@mdounin.ru> +md5sums=('45a80f75336c980d240987badc3dcf60' + 'SKIP' + 'SKIP' + 'c308dfc84e69c14206c3cdfde92a259d' + 'SKIP' + 'ba2e3b08ce0f0fff7cced624d0ecf7cc' + '6a01fb17af86f03707c8ae60f98a2dc2') + +_common_flags=( + --with-compat + --with-debug + --with-file-aio + --with-http_addition_module + --with-http_auth_request_module + --with-http_dav_module + --with-http_degradation_module + --with-http_flv_module + --with-http_geoip_module + --with-http_gunzip_module + --with-http_gzip_static_module + --with-http_mp4_module + --with-http_realip_module + --with-http_secure_link_module + --with-http_slice_module + --with-http_ssl_module + --with-http_stub_status_module + --with-http_sub_module + --with-http_v2_module + --with-mail + --with-mail_ssl_module + --with-pcre-jit + --with-stream + --with-stream_geoip_module + --with-stream_realip_module + --with-stream_ssl_module + --with-stream_ssl_preread_module + --with-threads +) + +_stable_flags=( +) + +prepare() { + cp -r $pkgbase-$pkgver{,-src} + + #cd $srcdir/boringssl + #mkdir build && cd build && cmake ../ && make && cd $srcdir/boringssl + #mkdir -p .openssl/lib && cd .openssl && ln -s ../include . && cd ../ + #cp $srcdir/boringssl/build/crypto/libcrypto.a $srcdir/boringssl/build/ssl/libssl.a .openssl/lib + #touch $srcdir/boringssl/.openssl/include/openssl/ssl.h + + cd $srcdir/quiche-$_quichever/deps + rm -r boringssl + ln -s $srcdir/boringssl boringssl + + cd $srcdir/$pkgbase-$pkgver + patch -Np1 -i $srcdir/quiche-$_quichever/extras/nginx/nginx-1.16.patch +} + +build() { + cd $srcdir/boringssl + mkdir build && cd build && cmake ../ && make && cd $srcdir/boringssl + + cd $srcdir/$pkgbase-$pkgver + + ./configure \ + --prefix=/etc/nginx \ + --conf-path=/etc/nginx/nginx.conf \ + --sbin-path=/usr/bin/nginx \ + --pid-path=/run/nginx.pid \ + --lock-path=/run/lock/nginx.lock \ + --user=http \ + --group=http \ + --http-log-path=/var/log/nginx/access.log \ + --error-log-path=stderr \ + --http-client-body-temp-path=/var/lib/nginx/client-body \ + --http-proxy-temp-path=/var/lib/nginx/proxy \ + --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ + --http-scgi-temp-path=/var/lib/nginx/scgi \ + --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ + --with-cc-opt="$CFLAGS $CPPFLAGS" \ + --with-ld-opt="$LDFLAGS" \ + --with-http_v3_module \ + --with-openssl=$srcdir/boringssl \ + --with-quiche=$srcdir/quiche-$_quichever \ + ${_common_flags[@]} \ + ${_stable_flags[@]} + + #touch ${srcdir}/boringssl/.openssl/include/openssl/ssl.h + make +} + +check() { + cd nginx-tests + TEST_NGINX_BINARY="$srcdir/$pkgbase-$pkgver/objs/nginx" prove . +} + +package_nginx() { + cd $pkgbase-$pkgver + make DESTDIR="$pkgdir" install + + sed -e 's|\<user\s\+\w\+;|user html;|g' \ + -e '44s|html|/usr/share/nginx/html|' \ + -e '54s|html|/usr/share/nginx/html|' \ + -i "$pkgdir"/etc/nginx/nginx.conf + + rm "$pkgdir"/etc/nginx/*.default + rm "$pkgdir"/etc/nginx/mime.types # in mailcap + + install -d "$pkgdir"/var/lib/nginx + install -dm700 "$pkgdir"/var/lib/nginx/proxy + + chmod 755 "$pkgdir"/var/log/nginx + chown root:root "$pkgdir"/var/log/nginx + + install -d "$pkgdir"/usr/share/nginx + mv "$pkgdir"/etc/nginx/html/ "$pkgdir"/usr/share/nginx + + install -Dm644 ../logrotate "$pkgdir"/etc/logrotate.d/nginx + install -Dm644 ../service "$pkgdir"/usr/lib/systemd/system/nginx.service + install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE + + rmdir "$pkgdir"/run + + install -d "$pkgdir"/usr/share/man/man8/ + gzip -9c man/nginx.8 > "$pkgdir"/usr/share/man/man8/nginx.8.gz + + for i in ftdetect indent syntax; do + install -Dm644 contrib/vim/$i/nginx.vim \ + "$pkgdir/usr/share/vim/vimfiles/$i/nginx.vim" + done +} + +package_nginx-src() { + depends=() + install -d "$pkgdir/usr/src" + cp -r $pkgbase-$pkgver-src "$pkgdir/usr/src/nginx" +} diff --git a/logrotate b/logrotate new file mode 100644 index 000000000000..e0afbb927021 --- /dev/null +++ b/logrotate @@ -0,0 +1,10 @@ +/var/log/nginx/*log { + missingok + notifempty + create 640 http log + sharedscripts + compress + postrotate + test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid` + endscript +} diff --git a/nginx.install b/nginx.install new file mode 100644 index 000000000000..d80514afe352 --- /dev/null +++ b/nginx.install @@ -0,0 +1,27 @@ +post_upgrade() { + if (( $(vercmp $2 1.2.7-4) <= 0 )); then + chmod 750 var/log/nginx + chown http:log var/log/nginx + fi + + if (( $(vercmp $2 1.2.1-2) <= 0 )); then + echo ':: Since 1.2.1-2 several changes has been made in package:' + echo ' - *.conf files have been moved to /etc/nginx' + echo ' - /etc/conf.d/nginx has been removed' + echo ' Main configuration file is set to /etc/nginx/nginx.conf' + echo ' - access.log and error.log can be found in /var/log/nginx by default' + echo ' - bundled *.html files have been moved to /usr/share/nginx/html' + echo ' - /etc/nginx/{html,logs} symbolic links and *.default files have been removed' + fi + + if (( $(vercmp $2 1.10.2-3) < 0)); then + chown root:root var/log/nginx + fi + + if (( $(vercmp $2 1.10.3-2) < 0 )); then + chmod 755 var/log/nginx + echo ':: Security notice:' + echo ' - When additional log directories are used in /var/log/nginx make sure they' + echo ' are owned by root:root and have 755 set as permission to mitigate CVE-2016-1247' + fi +} diff --git a/service b/service new file mode 100644 index 000000000000..6302474f3674 --- /dev/null +++ b/service @@ -0,0 +1,16 @@ +[Unit] +Description=A high performance web server and a reverse proxy server +After=network.target network-online.target nss-lookup.target + +[Service] +Type=forking +PIDFile=/run/nginx.pid +PrivateDevices=yes +SyslogLevel=err + +ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log stderr;' +ExecReload=/usr/bin/nginx -s reload +KillMode=mixed + +[Install] +WantedBy=multi-user.target |