diff options
| author | Hui Yiqun | 2017-04-06 09:41:01 +0800 |
|---|---|---|
| committer | Hui Yiqun | 2017-04-06 09:41:01 +0800 |
| commit | c41e9482bff6b8b04f564ca6bf66810ed4853d31 (patch) | |
| tree | fed8858f2f050648632836f29edaf900c8c0afd4 | |
| parent | 3e59ccd0f239cfc4a0c650e103cceff4e9d9b89c (diff) | |
| download | aur-c41e9482bff6b8b04f564ca6bf66810ed4853d31.tar.gz | |
copy & paste from extra/nginx
| -rw-r--r-- | PKGBUILD | 111 | ||||
| -rw-r--r-- | logrotate | 2 | ||||
| -rw-r--r-- | nginx.install | 44 | ||||
| -rw-r--r-- | service | 2 |
4 files changed, 88 insertions, 71 deletions
@@ -1,16 +1,19 @@ -# Maintainer: Hui Yiqun <huiyiqun@gmail.com> -pkgname=nginx-rtmp -_pkgname=nginx -pkgver=1.7.11 -_rtmpver=1.1.7 -pkgrel=1 -pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server, with nginx-rtmp-module' +# $Id: PKGBUILD 291713 2017-03-26 22:26:20Z seblu $ +# Maintainer: Bartłomiej Piotrowski <bpiotrowski@archlinux.org> +# Maintainer: Sébastien Luttringer +# Contributor: Sergej Pupykin <pupykin.s+arch@gmail.com> +# Contributor: Miroslaw Szot <mss@czlug.icis.pcz.pl> +# Contributor: Daniel Micay <danielmicay@gmail.com> + +pkgname=nginx +pkgver=1.10.3 +pkgrel=4 +pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server' arch=('i686' 'x86_64') -url='http://nginx.org' +url='https://nginx.org' license=('custom') depends=('pcre' 'zlib' 'openssl' 'geoip') -provides=('nginx') -conflicts=('nginx') +makedepends=('hardening-wrapper') backup=('etc/nginx/fastcgi.conf' 'etc/nginx/fastcgi_params' 'etc/nginx/koi-win' @@ -22,17 +25,47 @@ backup=('etc/nginx/fastcgi.conf' 'etc/nginx/win-utf' 'etc/logrotate.d/nginx') install=nginx.install -source=($url/download/nginx-$pkgver.tar.gz - https://github.com/arut/nginx-rtmp-module/archive/v$_rtmpver.tar.gz +source=($url/download/nginx-$pkgver.tar.gz{,.asc} service logrotate) -md5sums=('22912ba71eebd6987be47eeaff79f0f0' - '8006de2560db3e55bb15d110220076ac' - '5dd4d09914a4403b9df778ec1d66167c' - '19a26a61c8afe78defb8b4544f79a9a0') +validpgpkeys=('B0F4253373F8F6F510D42178520A9993A1C052F8') # Maxim Dounin <mdounin@mdounin.ru> +md5sums=('204a20cb4f0b0c9db746c630d89ff4ea' + 'SKIP' + '09862c34cd9593bc40da81f88c5fc4b2' + '6a01fb17af86f03707c8ae60f98a2dc2') + +_common_flags=( + --with-pcre-jit + --with-file-aio + --with-http_addition_module + --with-http_auth_request_module + --with-http_dav_module + --with-http_degradation_module + --with-http_flv_module + --with-http_geoip_module + --with-http_gunzip_module + --with-http_gzip_static_module + --with-http_mp4_module + --with-http_realip_module + --with-http_secure_link_module + --with-http_slice_module + --with-http_ssl_module + --with-http_stub_status_module + --with-http_sub_module + --with-http_v2_module + --with-mail + --with-mail_ssl_module + --with-stream + --with-stream_ssl_module + --with-threads +) + +_stable_flags=( + --with-ipv6 +) build() { - cd $_pkgname-$pkgver + cd $pkgname-$pkgver ./configure \ --prefix=/etc/nginx \ @@ -49,42 +82,16 @@ build() { --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ --http-scgi-temp-path=/var/lib/nginx/scgi \ --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ - --with-imap \ - --with-imap_ssl_module \ - --with-ipv6 \ - --with-pcre-jit \ - --with-file-aio \ - --with-http_addition_module \ - --with-http_auth_request_module \ - --with-http_dav_module \ - --with-http_degradation_module \ - --with-http_flv_module \ - --with-http_geoip_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_mp4_module \ - --with-http_realip_module \ - --with-http_secure_link_module \ - --with-http_spdy_module \ - --with-http_ssl_module \ - --with-http_stub_status_module \ - --with-http_sub_module \ - --add-module=$srcdir/nginx-rtmp-module-$_rtmpver + ${_common_flags[@]} \ + ${_stable_flags[@]} make } package() { - cd $_pkgname-$pkgver + cd $pkgname-$pkgver make DESTDIR="$pkgdir" install - install -Dm644 contrib/vim/ftdetect/nginx.vim \ - "$pkgdir"/usr/share/vim/vimfiles/ftdetect/nginx.vim - install -Dm644 contrib/vim/syntax/nginx.vim \ - "$pkgdir"/usr/share/vim/vimfiles/syntax/nginx.vim - install -Dm644 contrib/vim/indent/nginx.vim \ - "$pkgdir"/usr/share/vim/vimfiles/indent/nginx.vim - sed -e 's|\<user\s\+\w\+;|user html;|g' \ -e '44s|html|/usr/share/nginx/html|' \ -e '54s|html|/usr/share/nginx/html|' \ @@ -95,21 +102,25 @@ package() { install -d "$pkgdir"/var/lib/nginx install -dm700 "$pkgdir"/var/lib/nginx/proxy - chmod 750 "$pkgdir"/var/log/nginx - chown http:log "$pkgdir"/var/log/nginx + chmod 755 "$pkgdir"/var/log/nginx + chown root:root "$pkgdir"/var/log/nginx install -d "$pkgdir"/usr/share/nginx mv "$pkgdir"/etc/nginx/html/ "$pkgdir"/usr/share/nginx install -Dm644 ../logrotate "$pkgdir"/etc/logrotate.d/nginx install -Dm644 ../service "$pkgdir"/usr/lib/systemd/system/nginx.service - install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$_pkgname/LICENSE - install -Dm644 ../nginx-rtmp-module-$_rtmpver/LICENSE "$pkgdir"/usr/share/licenses/nginx-rtmp-module/LICENSE + install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE rmdir "$pkgdir"/run install -d "$pkgdir"/usr/share/man/man8/ gzip -9c man/nginx.8 > "$pkgdir"/usr/share/man/man8/nginx.8.gz + + for i in ftdetect indent syntax; do + install -Dm644 contrib/vim/${i}/nginx.vim \ + "${pkgdir}/usr/share/vim/vimfiles/${i}/nginx.vim" + done } # vim:set ts=2 sw=2 et: diff --git a/logrotate b/logrotate index 61237601f6da..e0afbb927021 100644 --- a/logrotate +++ b/logrotate @@ -1,7 +1,7 @@ /var/log/nginx/*log { missingok + notifempty create 640 http log - su http log sharedscripts compress postrotate diff --git a/nginx.install b/nginx.install index 7c4adf14bd9a..d80514afe352 100644 --- a/nginx.install +++ b/nginx.install @@ -1,21 +1,27 @@ post_upgrade() { - if (( $(vercmp $2 1.2.7-4) <= 0 )); then - chmod 750 var/log/nginx - chown http:log var/log/nginx - fi - if (( $(vercmp $2 1.2.1-2) <= 0 )); then - echo ' >>> Since 1.2.1-2 several changes has been made in package:' - echo ' - *.conf files have been moved to /etc/nginx' - echo ' - /etc/conf.d/nginx has been removed' - echo ' Main configuration file is set to /etc/nginx/nginx.conf' - echo ' - access.log and error.log can be found in /var/log/nginx by default' - echo ' - bundled *.html files have been moved to /usr/share/nginx/html' - echo ' - /etc/nginx/{html,logs} symbolic links and *.default files have been removed' - fi - if (( $(vercmp $2 1.4.2-4) < 0 )); then - echo 'Nginx now includes only upstream bundled modules.' - echo 'Thus, passenger module support was dropped.' - fi -} + if (( $(vercmp $2 1.2.7-4) <= 0 )); then + chmod 750 var/log/nginx + chown http:log var/log/nginx + fi + + if (( $(vercmp $2 1.2.1-2) <= 0 )); then + echo ':: Since 1.2.1-2 several changes has been made in package:' + echo ' - *.conf files have been moved to /etc/nginx' + echo ' - /etc/conf.d/nginx has been removed' + echo ' Main configuration file is set to /etc/nginx/nginx.conf' + echo ' - access.log and error.log can be found in /var/log/nginx by default' + echo ' - bundled *.html files have been moved to /usr/share/nginx/html' + echo ' - /etc/nginx/{html,logs} symbolic links and *.default files have been removed' + fi -# vim:set ts=4 sw=4 et: + if (( $(vercmp $2 1.10.2-3) < 0)); then + chown root:root var/log/nginx + fi + + if (( $(vercmp $2 1.10.3-2) < 0 )); then + chmod 755 var/log/nginx + echo ':: Security notice:' + echo ' - When additional log directories are used in /var/log/nginx make sure they' + echo ' are owned by root:root and have 755 set as permission to mitigate CVE-2016-1247' + fi +} @@ -9,7 +9,7 @@ PrivateDevices=yes SyslogLevel=err ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log stderr;' -ExecReload=/usr/bin/kill -HUP $MAINPID +ExecReload=/usr/bin/nginx -s reload KillSignal=SIGQUIT KillMode=mixed |