Update to trafficserver release 8.0.7

* Update to trafficserver release 8.0.7
  - Add new luajit dependency
  - Accommodate changes to the systemd that prevents trafficserver
    from running as the 'nobody' user.  This is accomplished by relying
    on a 'trafficserver' user but introduces many challenges.  See:
      https://bbs.archlinux.org/viewtopic.php?id=241480

8 files changed, 113 insertions, 49 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 50ba3df045b7..50d02bad6b05 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = trafficserver
 	pkgdesc = Apache Traffic Server
-	pkgver = 7.1.1
+	pkgver = 8.0.7
 	pkgrel = 1
 	url = http://trafficserver.apache.org/
 	install = trafficserver.install
@@ -16,19 +16,16 @@ pkgbase = trafficserver
 	depends = libunwind
 	depends = pcre
 	depends = geoip
-	backup = etc/trafficserver/congestion.config
-	backup = etc/trafficserver/logging.config
+	depends = luajit
 	backup = etc/trafficserver/hosting.config
 	backup = etc/trafficserver/parent.config
 	backup = etc/trafficserver/records.config
 	backup = etc/trafficserver/socks.config
 	backup = etc/trafficserver/trafficserver-release
 	backup = etc/trafficserver/splitdns.config
-	backup = etc/trafficserver/vaddrs.config
-	backup = etc/trafficserver/cluster.config
 	backup = etc/trafficserver/storage.config
+	backup = etc/trafficserver/ssl_server_name.yaml
 	backup = etc/trafficserver/volume.config
-	backup = etc/trafficserver/metrics.config
 	backup = etc/trafficserver/remap.config
 	backup = etc/trafficserver/ssl_multicert.config
 	backup = etc/trafficserver/cache.config
@@ -58,18 +55,19 @@ pkgbase = trafficserver
 	backup = etc/trafficserver/body_factory/default/request#no_host
 	backup = etc/trafficserver/body_factory/default/connect#hangup
 	backup = etc/trafficserver/body_factory/default/request#invalid_content_length
-	backup = etc/trafficserver/body_factory/default/congestion#retryAfter
 	backup = etc/trafficserver/plugin.config
-	backup = etc/trafficserver/log_hosts.config
+	backup = etc/trafficserver/logging.yaml
 	backup = etc/trafficserver/ip_allow.config
-	source = http://archive.apache.org/dist/trafficserver/trafficserver-7.1.1.tar.bz2
+	source = http://archive.apache.org/dist/trafficserver/trafficserver-8.0.7.tar.bz2
 	source = trafficserver.tmpfiles
+	source = trafficserver.sysusers
 	source = trafficserver.service.in.patch
 	source = trafficserver.lib_perl_Makefile.in.patch
-	md5sums = a3a9f1a70cd9d11ad5a027275643cca1
-	md5sums = 44b617f732eb1944a916f36cc393ab7b
-	md5sums = 1a72eaf2dc694a5a60d949c9f3130e80
-	md5sums = 21cb3150aac3f1609f933dea08904592
+	md5sums = 1a2c1ee629785580b4da6b58c04e0411
+	md5sums = 5234ec78048900590edbf6d6e3be1af9
+	md5sums = a89c31b7753e8a9a0f83e7e0a79f5e87
+	md5sums = 89465888eb48237b68a3b1bd61eded53
+	md5sums = 719a9364900017cc05256042a51d0dc9
 
 pkgname = trafficserver
 
diff --git a/PKGBUILD b/PKGBUILD
index f07c31194b2c..f928a7316c09 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,43 +2,64 @@
 # Contributor: David Roheim <david dot roheim at gmail dot com>
 
 pkgname='trafficserver'
-pkgver=7.1.1
+pkgver=8.0.7
 pkgrel=1
 pkgdesc="Apache Traffic Server"
 url="http://trafficserver.apache.org/"
 license=('Apache')
 arch=('i686' 'x86_64')
-depends=('tcl' 'hwloc' 'curl' 'libunwind' 'pcre' 'geoip')
+depends=('tcl' 'hwloc' 'curl' 'libunwind' 'pcre' 'geoip' 'luajit')
 makedepends=('flex' 'python2-sphinx')
 
 source=(
     http://archive.apache.org/dist/"${pkgname}"/"${pkgname}"-"${pkgver}".tar.bz2
     trafficserver.tmpfiles
+    trafficserver.sysusers
     trafficserver.service.in.patch
     trafficserver.lib_perl_Makefile.in.patch)
 
-md5sums=('a3a9f1a70cd9d11ad5a027275643cca1'
-         '44b617f732eb1944a916f36cc393ab7b'
-         '1a72eaf2dc694a5a60d949c9f3130e80'
-         '21cb3150aac3f1609f933dea08904592')
+md5sums=('1a2c1ee629785580b4da6b58c04e0411'
+         '5234ec78048900590edbf6d6e3be1af9'
+         'a89c31b7753e8a9a0f83e7e0a79f5e87'
+         '89465888eb48237b68a3b1bd61eded53'
+         '719a9364900017cc05256042a51d0dc9')
 
 install=${pkgname}.install
 changelog=${pkgname}.changelog
 
+_missing_user_message="Trafficserver must not run as root and systemd will
+prevent it from running as the user nobody. This package requires that the
+'trafficserver' OS user and group exist when building to ensure correct file
+ownership during the build process. This package uses systemd-sysusers as
+other arch packages do. Run the following command as root before building this
+package.
+
+    # echo 'u trafficserver - \"Apache Traffic Server\"' | \\
+          systemd-sysusers --replace=/usr/lib/sysusers.d/trafficserver.conf -
+
+Note that the UID and GID assigned must match on the arch install where the
+package when be deployed.  This can be accomplished by noting the values for
+the UID and GID of the trafficserver user on the build server and then creating
+sysusers overrides for the trafficserver user where the package will be
+installed.  For example (on the server where the package will be deployed):
+
+    # echo 'u trafficserver 999:999 \"Apache Traffic Server\" - > /etc/sysusers.d/trafficserver.conf
+
+This ensures that the post install steps do not clobber administrator defined
+or existing cache ownership at the expense of requiring the trafficserver user
+be defined the same way on the package build server and package deployment
+host.  See https://bbs.archlinux.org/viewtopic.php?id=241480"
+
 backup=(
-    'etc/trafficserver/congestion.config'
-    'etc/trafficserver/logging.config'
     'etc/trafficserver/hosting.config'
     'etc/trafficserver/parent.config'
     'etc/trafficserver/records.config'
     'etc/trafficserver/socks.config'
     'etc/trafficserver/trafficserver-release'
     'etc/trafficserver/splitdns.config'
-    'etc/trafficserver/vaddrs.config'
-    'etc/trafficserver/cluster.config'
     'etc/trafficserver/storage.config'
+    'etc/trafficserver/ssl_server_name.yaml'
     'etc/trafficserver/volume.config'
-    'etc/trafficserver/metrics.config'
     'etc/trafficserver/remap.config'
     'etc/trafficserver/ssl_multicert.config'
     'etc/trafficserver/cache.config'
@@ -68,10 +89,10 @@ backup=(
     'etc/trafficserver/body_factory/default/request#no_host'
     'etc/trafficserver/body_factory/default/connect#hangup'
     'etc/trafficserver/body_factory/default/request#invalid_content_length'
-    'etc/trafficserver/body_factory/default/congestion#retryAfter'
     'etc/trafficserver/plugin.config'
-    'etc/trafficserver/log_hosts.config'
-    'etc/trafficserver/ip_allow.config')
+    'etc/trafficserver/logging.yaml'
+    'etc/trafficserver/ip_allow.config'
+)
 
 prepare() {
     cd "${srcdir}"/"${pkgname}-${pkgver}"
@@ -80,9 +101,19 @@ prepare() {
 }
 
 build() {
+    # This check is defined here instead of in prepare() in case the package
+    # builder is skipping the prepare step.
+    if ! ( getent passwd trafficserver || getent group trafficserver ); then
+        echo "$_missing_user_message"
+        return 1
+    fi
+
     cd "${srcdir}"/"${pkgname}-${pkgver}"
 
-    ./configure PYTHON=python2 SPHINXBUILD=sphinx-build2 --enable-layout=Arch
+    ./configure PYTHON=python2 SPHINXBUILD=sphinx-build2 \
+        --with-user=trafficserver \
+        --with-group=trafficserver \
+        --enable-layout=Arch
     make
 }
 
@@ -98,11 +129,14 @@ package()
 
     rm -rf "${pkgdir}"/run
     rm -rf "${pkgdir}"/usr/lib/perl5
-    rm -rf "${pkgdir}"/usr/share/trafficserver
+    rm -rf "${pkgdir}"/usr/share
 
     install -D -m 644 "${srcdir}"/trafficserver.tmpfiles \
         "${pkgdir}"/usr/lib/tmpfiles.d/trafficserver.conf
 
+    install -D -m 644 "${srcdir}"/trafficserver.sysusers \
+        "${pkgdir}"/usr/lib/sysusers.d/trafficserver.conf
+
     install -D -m 644 \
         "${srcdir}"/"${pkgname}-${pkgver}"/rc/trafficserver.service \
         "${pkgdir}"/usr/lib/systemd/system/trafficserver.service
diff --git a/trafficserver.changelog b/trafficserver.changelog
index 88d228b679ac..5deadb347ca4 100644
--- a/trafficserver.changelog
+++ b/trafficserver.changelog
@@ -1,3 +1,12 @@
+2020-05-07 Galen Sampson <youremail@domain.com>
+
+        * 8.0.7-1 :
+        Apache Traffic Server 8.0.7.
+
+        Use a dedicated OS user trafficserver for cache, log, and config
+        file ownership.
+
+
 2017-09-15 Galen Sampson <youremail@domain.com>
 
         * 7.1.1-1 :
diff --git a/trafficserver.install b/trafficserver.install
index 25ba2f9a4d5f..3f4fbc06ef53 100644
--- a/trafficserver.install
+++ b/trafficserver.install
@@ -1,16 +1,38 @@
-post_install() {
-    systemd-tmpfiles --create trafficserver.conf
+_missing_user_message="This package requires that the 'trafficserver' OS user
+and group exist when installing this package and that it must match the UID and
+GID of the server that built the package.  This package uses systemd-sysusers
+as other arch packages do. Run the following command as root before building
+this package, replacing <UID:GID> with the values from the package build
+machine.
+
+    # echo 'u trafficserver <UID:GID> \"Apache Traffic Server\"' | \
+          systemd-sysusers --replace=/usr/lib/sysusers.d/trafficserver.conf -
+
+Note that the UID and GID assigned must match on the arch install where the
+package will be installed.
+
+This ensures that the post install steps do not clobber administrator defined
+or existing cache ownership at the expense of requiring the trafficserver user
+be defined the same way on the package build server and package deployment
+host.  See https://bbs.archlinux.org/viewtopic.php?id=241480"
+
+pre_install() {
+    if ! (getent passwd trafficserver || getent group trafficserver); then
+        echo "$_missing_user_message"
+        return 1
+    fi
+
 }
 
 post_upgrade() {
     # There are configuration changes required when upgrading to major
-    # version 6.
-    if [[ "${2%%.*}" -lt 7 ]]; then
-        echo 'Please review your configuration when upgrading to v7:'
-        echo ' https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0'
+    # version 8.
+    if [[ "${2%%.*}" -lt 8 ]]; then
+        echo 'Please review your configuration when upgrading to v8:'
+        echo ' https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v8.0'
     fi
 }
 
 post_remove() {
-    echo 'Tserver log files and cache files must be cleaned up manually.'
+    echo 'Traffic Server log files and cache files must be cleaned up manually.'
 }
diff --git a/trafficserver.lib_perl_Makefile.in.patch b/trafficserver.lib_perl_Makefile.in.patch
index 14a646d095e5..c8d161270f48 100644
--- a/trafficserver.lib_perl_Makefile.in.patch
+++ b/trafficserver.lib_perl_Makefile.in.patch
@@ -1,6 +1,6 @@
---- lib/perl/Makefile.in.orig	2016-11-22 08:10:18.804768153 -1000
-+++ lib/perl/Makefile.in	2016-11-22 08:10:46.160746491 -1000
-@@ -708,16 +708,16 @@
+--- lib/perl/Makefile.in.orig	2020-05-07 06:07:06.047917129 -0700
++++ lib/perl/Makefile.in	2020-05-07 06:13:04.444045176 -0700
+@@ -682,16 +682,16 @@
  
  
  all-local: Makefile-pl
@@ -9,14 +9,14 @@
  
  install-exec-local: Makefile-pl
 -	$(MAKE) -f Makefile-pl INSTALLMAN3DIR=$(mandir)/man3 INSTALLDIRS=$(INSTALLDIRS) PREFIX=$(prefix) DESTDIR=$(DESTDIR) install
-+	$(MAKE) -f Makefile-pl INSTALLDIRS=vendor install
++	$(MAKE) -f Makefile-pl INSTALLDIRS=vendor
  
  # The perl build needs to have the source files in the current working directory, so we need to
  # copy them to the build directory if we are building out of tree.
- Makefile-pl: Makefile.PL
+ Makefile-pl: Makefile.PL $(top_builddir)/config.status
  	test -f "$(top_builddir)/$(subdir)/Makefile.PL" || cp -rf "$(srcdir)/." "$(top_builddir)/$(subdir)/"
 -	$(PERL) Makefile.PL INSTALLDIRS=$(INSTALLDIRS) INSTALL_BASE=$(prefix) PREFIX=
 +	$(PERL) Makefile.PL INSTALLDIRS=vendor
  
- distclean-local:
- 	-rm -rf Makefile-pl MYMETA.* blip
+ clean-local:
+ 	-rm -f Makefile-pl
diff --git a/trafficserver.service.in.patch b/trafficserver.service.in.patch
index 4ca75e958f45..455d019418b8 100644
--- a/trafficserver.service.in.patch
+++ b/trafficserver.service.in.patch
@@ -1,11 +1,11 @@
---- rc/trafficserver.service.in.orig	2016-08-17 07:55:35.673822545 -1000
-+++ rc/trafficserver.service.in	2016-08-17 07:56:10.830103516 -1000
+--- rc/trafficserver.service.in.orig	2020-05-07 05:59:25.663463182 -0700
++++ rc/trafficserver.service.in	2020-05-07 06:05:16.772825562 -0700
 @@ -21,7 +21,7 @@
  
  [Service]
  Type=simple
 -EnvironmentFile=-/etc/sysconfig/trafficserver
 +EnvironmentFile=-/etc/conf.d/trafficserver
- PIDFile=@exp_runtimedir@/cop.pid
- ExecStart=@exp_bindir@/traffic_cop $TC_DAEMON_ARGS
- ExecReload=@exp_bindir@/traffic_ctl config reload
+ ExecStart=@exp_bindir@/traffic_manager $TM_DAEMON_ARGS
+ Restart=on-failure
+ RestartSec=5s
diff --git a/trafficserver.sysusers b/trafficserver.sysusers
new file mode 100644
index 000000000000..10aa6bcb1671
--- /dev/null
+++ b/trafficserver.sysusers
@@ -0,0 +1 @@
+u   trafficserver   -   "Apache Traffic Server" -
diff --git a/trafficserver.tmpfiles b/trafficserver.tmpfiles
index bbd8ecde789a..31d80e872f9e 100644
--- a/trafficserver.tmpfiles
+++ b/trafficserver.tmpfiles
@@ -1 +1 @@
-d /run/trafficserver 750 nobody nobody
+d /run/trafficserver 750 trafficserver trafficserver -