diff options
author | Galen Sampson | 2020-05-19 17:18:47 -0700 |
---|---|---|
committer | Galen Sampson | 2020-05-19 17:19:13 -0700 |
commit | e64173de1307dda8e69a9d877831fbfa795befc0 (patch) | |
tree | 31b799e2ae9bada80975b0b0c060d6bd4899becf | |
parent | 577ad9d12f92abfb434fbd1a8cc6da3664cc7666 (diff) | |
download | aur-e64173de1307dda8e69a9d877831fbfa795befc0.tar.gz |
Update to trafficserver release 8.0.7
* Update to trafficserver release 8.0.7
- Add new luajit dependency
- Accommodate changes to the systemd that prevents trafficserver
from running as the 'nobody' user. This is accomplished by relying
on a 'trafficserver' user but introduces many challenges. See:
https://bbs.archlinux.org/viewtopic.php?id=241480
-rw-r--r-- | .SRCINFO | 24 | ||||
-rw-r--r-- | PKGBUILD | 66 | ||||
-rw-r--r-- | trafficserver.changelog | 9 | ||||
-rw-r--r-- | trafficserver.install | 36 | ||||
-rw-r--r-- | trafficserver.lib_perl_Makefile.in.patch | 14 | ||||
-rw-r--r-- | trafficserver.service.in.patch | 10 | ||||
-rw-r--r-- | trafficserver.sysusers | 1 | ||||
-rw-r--r-- | trafficserver.tmpfiles | 2 |
8 files changed, 113 insertions, 49 deletions
@@ -1,6 +1,6 @@ pkgbase = trafficserver pkgdesc = Apache Traffic Server - pkgver = 7.1.1 + pkgver = 8.0.7 pkgrel = 1 url = http://trafficserver.apache.org/ install = trafficserver.install @@ -16,19 +16,16 @@ pkgbase = trafficserver depends = libunwind depends = pcre depends = geoip - backup = etc/trafficserver/congestion.config - backup = etc/trafficserver/logging.config + depends = luajit backup = etc/trafficserver/hosting.config backup = etc/trafficserver/parent.config backup = etc/trafficserver/records.config backup = etc/trafficserver/socks.config backup = etc/trafficserver/trafficserver-release backup = etc/trafficserver/splitdns.config - backup = etc/trafficserver/vaddrs.config - backup = etc/trafficserver/cluster.config backup = etc/trafficserver/storage.config + backup = etc/trafficserver/ssl_server_name.yaml backup = etc/trafficserver/volume.config - backup = etc/trafficserver/metrics.config backup = etc/trafficserver/remap.config backup = etc/trafficserver/ssl_multicert.config backup = etc/trafficserver/cache.config @@ -58,18 +55,19 @@ pkgbase = trafficserver backup = etc/trafficserver/body_factory/default/request#no_host backup = etc/trafficserver/body_factory/default/connect#hangup backup = etc/trafficserver/body_factory/default/request#invalid_content_length - backup = etc/trafficserver/body_factory/default/congestion#retryAfter backup = etc/trafficserver/plugin.config - backup = etc/trafficserver/log_hosts.config + backup = etc/trafficserver/logging.yaml backup = etc/trafficserver/ip_allow.config - source = http://archive.apache.org/dist/trafficserver/trafficserver-7.1.1.tar.bz2 + source = http://archive.apache.org/dist/trafficserver/trafficserver-8.0.7.tar.bz2 source = trafficserver.tmpfiles + source = trafficserver.sysusers source = trafficserver.service.in.patch source = trafficserver.lib_perl_Makefile.in.patch - md5sums = a3a9f1a70cd9d11ad5a027275643cca1 - md5sums = 44b617f732eb1944a916f36cc393ab7b - md5sums = 1a72eaf2dc694a5a60d949c9f3130e80 - md5sums = 21cb3150aac3f1609f933dea08904592 + md5sums = 1a2c1ee629785580b4da6b58c04e0411 + md5sums = 5234ec78048900590edbf6d6e3be1af9 + md5sums = a89c31b7753e8a9a0f83e7e0a79f5e87 + md5sums = 89465888eb48237b68a3b1bd61eded53 + md5sums = 719a9364900017cc05256042a51d0dc9 pkgname = trafficserver @@ -2,43 +2,64 @@ # Contributor: David Roheim <david dot roheim at gmail dot com> pkgname='trafficserver' -pkgver=7.1.1 +pkgver=8.0.7 pkgrel=1 pkgdesc="Apache Traffic Server" url="http://trafficserver.apache.org/" license=('Apache') arch=('i686' 'x86_64') -depends=('tcl' 'hwloc' 'curl' 'libunwind' 'pcre' 'geoip') +depends=('tcl' 'hwloc' 'curl' 'libunwind' 'pcre' 'geoip' 'luajit') makedepends=('flex' 'python2-sphinx') source=( http://archive.apache.org/dist/"${pkgname}"/"${pkgname}"-"${pkgver}".tar.bz2 trafficserver.tmpfiles + trafficserver.sysusers trafficserver.service.in.patch trafficserver.lib_perl_Makefile.in.patch) -md5sums=('a3a9f1a70cd9d11ad5a027275643cca1' - '44b617f732eb1944a916f36cc393ab7b' - '1a72eaf2dc694a5a60d949c9f3130e80' - '21cb3150aac3f1609f933dea08904592') +md5sums=('1a2c1ee629785580b4da6b58c04e0411' + '5234ec78048900590edbf6d6e3be1af9' + 'a89c31b7753e8a9a0f83e7e0a79f5e87' + '89465888eb48237b68a3b1bd61eded53' + '719a9364900017cc05256042a51d0dc9') install=${pkgname}.install changelog=${pkgname}.changelog +_missing_user_message="Trafficserver must not run as root and systemd will +prevent it from running as the user nobody. This package requires that the +'trafficserver' OS user and group exist when building to ensure correct file +ownership during the build process. This package uses systemd-sysusers as +other arch packages do. Run the following command as root before building this +package. + + # echo 'u trafficserver - \"Apache Traffic Server\"' | \\ + systemd-sysusers --replace=/usr/lib/sysusers.d/trafficserver.conf - + +Note that the UID and GID assigned must match on the arch install where the +package when be deployed. This can be accomplished by noting the values for +the UID and GID of the trafficserver user on the build server and then creating +sysusers overrides for the trafficserver user where the package will be +installed. For example (on the server where the package will be deployed): + + # echo 'u trafficserver 999:999 \"Apache Traffic Server\" - > /etc/sysusers.d/trafficserver.conf + +This ensures that the post install steps do not clobber administrator defined +or existing cache ownership at the expense of requiring the trafficserver user +be defined the same way on the package build server and package deployment +host. See https://bbs.archlinux.org/viewtopic.php?id=241480" + backup=( - 'etc/trafficserver/congestion.config' - 'etc/trafficserver/logging.config' 'etc/trafficserver/hosting.config' 'etc/trafficserver/parent.config' 'etc/trafficserver/records.config' 'etc/trafficserver/socks.config' 'etc/trafficserver/trafficserver-release' 'etc/trafficserver/splitdns.config' - 'etc/trafficserver/vaddrs.config' - 'etc/trafficserver/cluster.config' 'etc/trafficserver/storage.config' + 'etc/trafficserver/ssl_server_name.yaml' 'etc/trafficserver/volume.config' - 'etc/trafficserver/metrics.config' 'etc/trafficserver/remap.config' 'etc/trafficserver/ssl_multicert.config' 'etc/trafficserver/cache.config' @@ -68,10 +89,10 @@ backup=( 'etc/trafficserver/body_factory/default/request#no_host' 'etc/trafficserver/body_factory/default/connect#hangup' 'etc/trafficserver/body_factory/default/request#invalid_content_length' - 'etc/trafficserver/body_factory/default/congestion#retryAfter' 'etc/trafficserver/plugin.config' - 'etc/trafficserver/log_hosts.config' - 'etc/trafficserver/ip_allow.config') + 'etc/trafficserver/logging.yaml' + 'etc/trafficserver/ip_allow.config' +) prepare() { cd "${srcdir}"/"${pkgname}-${pkgver}" @@ -80,9 +101,19 @@ prepare() { } build() { + # This check is defined here instead of in prepare() in case the package + # builder is skipping the prepare step. + if ! ( getent passwd trafficserver || getent group trafficserver ); then + echo "$_missing_user_message" + return 1 + fi + cd "${srcdir}"/"${pkgname}-${pkgver}" - ./configure PYTHON=python2 SPHINXBUILD=sphinx-build2 --enable-layout=Arch + ./configure PYTHON=python2 SPHINXBUILD=sphinx-build2 \ + --with-user=trafficserver \ + --with-group=trafficserver \ + --enable-layout=Arch make } @@ -98,11 +129,14 @@ package() rm -rf "${pkgdir}"/run rm -rf "${pkgdir}"/usr/lib/perl5 - rm -rf "${pkgdir}"/usr/share/trafficserver + rm -rf "${pkgdir}"/usr/share install -D -m 644 "${srcdir}"/trafficserver.tmpfiles \ "${pkgdir}"/usr/lib/tmpfiles.d/trafficserver.conf + install -D -m 644 "${srcdir}"/trafficserver.sysusers \ + "${pkgdir}"/usr/lib/sysusers.d/trafficserver.conf + install -D -m 644 \ "${srcdir}"/"${pkgname}-${pkgver}"/rc/trafficserver.service \ "${pkgdir}"/usr/lib/systemd/system/trafficserver.service diff --git a/trafficserver.changelog b/trafficserver.changelog index 88d228b679ac..5deadb347ca4 100644 --- a/trafficserver.changelog +++ b/trafficserver.changelog @@ -1,3 +1,12 @@ +2020-05-07 Galen Sampson <youremail@domain.com> + + * 8.0.7-1 : + Apache Traffic Server 8.0.7. + + Use a dedicated OS user trafficserver for cache, log, and config + file ownership. + + 2017-09-15 Galen Sampson <youremail@domain.com> * 7.1.1-1 : diff --git a/trafficserver.install b/trafficserver.install index 25ba2f9a4d5f..3f4fbc06ef53 100644 --- a/trafficserver.install +++ b/trafficserver.install @@ -1,16 +1,38 @@ -post_install() { - systemd-tmpfiles --create trafficserver.conf +_missing_user_message="This package requires that the 'trafficserver' OS user +and group exist when installing this package and that it must match the UID and +GID of the server that built the package. This package uses systemd-sysusers +as other arch packages do. Run the following command as root before building +this package, replacing <UID:GID> with the values from the package build +machine. + + # echo 'u trafficserver <UID:GID> \"Apache Traffic Server\"' | \ + systemd-sysusers --replace=/usr/lib/sysusers.d/trafficserver.conf - + +Note that the UID and GID assigned must match on the arch install where the +package will be installed. + +This ensures that the post install steps do not clobber administrator defined +or existing cache ownership at the expense of requiring the trafficserver user +be defined the same way on the package build server and package deployment +host. See https://bbs.archlinux.org/viewtopic.php?id=241480" + +pre_install() { + if ! (getent passwd trafficserver || getent group trafficserver); then + echo "$_missing_user_message" + return 1 + fi + } post_upgrade() { # There are configuration changes required when upgrading to major - # version 6. - if [[ "${2%%.*}" -lt 7 ]]; then - echo 'Please review your configuration when upgrading to v7:' - echo ' https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0' + # version 8. + if [[ "${2%%.*}" -lt 8 ]]; then + echo 'Please review your configuration when upgrading to v8:' + echo ' https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v8.0' fi } post_remove() { - echo 'Tserver log files and cache files must be cleaned up manually.' + echo 'Traffic Server log files and cache files must be cleaned up manually.' } diff --git a/trafficserver.lib_perl_Makefile.in.patch b/trafficserver.lib_perl_Makefile.in.patch index 14a646d095e5..c8d161270f48 100644 --- a/trafficserver.lib_perl_Makefile.in.patch +++ b/trafficserver.lib_perl_Makefile.in.patch @@ -1,6 +1,6 @@ ---- lib/perl/Makefile.in.orig 2016-11-22 08:10:18.804768153 -1000 -+++ lib/perl/Makefile.in 2016-11-22 08:10:46.160746491 -1000 -@@ -708,16 +708,16 @@ +--- lib/perl/Makefile.in.orig 2020-05-07 06:07:06.047917129 -0700 ++++ lib/perl/Makefile.in 2020-05-07 06:13:04.444045176 -0700 +@@ -682,16 +682,16 @@ all-local: Makefile-pl @@ -9,14 +9,14 @@ install-exec-local: Makefile-pl - $(MAKE) -f Makefile-pl INSTALLMAN3DIR=$(mandir)/man3 INSTALLDIRS=$(INSTALLDIRS) PREFIX=$(prefix) DESTDIR=$(DESTDIR) install -+ $(MAKE) -f Makefile-pl INSTALLDIRS=vendor install ++ $(MAKE) -f Makefile-pl INSTALLDIRS=vendor # The perl build needs to have the source files in the current working directory, so we need to # copy them to the build directory if we are building out of tree. - Makefile-pl: Makefile.PL + Makefile-pl: Makefile.PL $(top_builddir)/config.status test -f "$(top_builddir)/$(subdir)/Makefile.PL" || cp -rf "$(srcdir)/." "$(top_builddir)/$(subdir)/" - $(PERL) Makefile.PL INSTALLDIRS=$(INSTALLDIRS) INSTALL_BASE=$(prefix) PREFIX= + $(PERL) Makefile.PL INSTALLDIRS=vendor - distclean-local: - -rm -rf Makefile-pl MYMETA.* blip + clean-local: + -rm -f Makefile-pl diff --git a/trafficserver.service.in.patch b/trafficserver.service.in.patch index 4ca75e958f45..455d019418b8 100644 --- a/trafficserver.service.in.patch +++ b/trafficserver.service.in.patch @@ -1,11 +1,11 @@ ---- rc/trafficserver.service.in.orig 2016-08-17 07:55:35.673822545 -1000 -+++ rc/trafficserver.service.in 2016-08-17 07:56:10.830103516 -1000 +--- rc/trafficserver.service.in.orig 2020-05-07 05:59:25.663463182 -0700 ++++ rc/trafficserver.service.in 2020-05-07 06:05:16.772825562 -0700 @@ -21,7 +21,7 @@ [Service] Type=simple -EnvironmentFile=-/etc/sysconfig/trafficserver +EnvironmentFile=-/etc/conf.d/trafficserver - PIDFile=@exp_runtimedir@/cop.pid - ExecStart=@exp_bindir@/traffic_cop $TC_DAEMON_ARGS - ExecReload=@exp_bindir@/traffic_ctl config reload + ExecStart=@exp_bindir@/traffic_manager $TM_DAEMON_ARGS + Restart=on-failure + RestartSec=5s diff --git a/trafficserver.sysusers b/trafficserver.sysusers new file mode 100644 index 000000000000..10aa6bcb1671 --- /dev/null +++ b/trafficserver.sysusers @@ -0,0 +1 @@ +u trafficserver - "Apache Traffic Server" - diff --git a/trafficserver.tmpfiles b/trafficserver.tmpfiles index bbd8ecde789a..31d80e872f9e 100644 --- a/trafficserver.tmpfiles +++ b/trafficserver.tmpfiles @@ -1 +1 @@ -d /run/trafficserver 750 nobody nobody +d /run/trafficserver 750 trafficserver trafficserver - |