diff options
-rw-r--r-- | .SRCINFO | 19 | ||||
-rw-r--r-- | .gitignore | 27 | ||||
-rw-r--r-- | PKGBUILD | 64 | ||||
-rw-r--r-- | openssl-1.1.0.patch | 255 |
4 files changed, 341 insertions, 24 deletions
@@ -1,18 +1,21 @@ -# Generated by mksrcinfo v8 -# Fri Nov 25 08:17:37 UTC 2016 -pkgbase = openresty +pkgbase = openresty-git pkgdesc = A Fast and Scalable Web Platform by Extending NGINX with Lua - pkgver = 1.11.2.2 + pkgver = 1.11.2.2.r32.g78af48d pkgrel = 1 url = http://openresty.org/ install = openresty.install arch = i686 arch = x86_64 license = BSD + makedepends = dos2unix + makedepends = git + makedepends = mercurial depends = perl>=5.6.1 depends = readline depends = pcre depends = openssl + provides = openresty=1.11.2.2.r32.g78af48d + conflicts = openresty backup = opt/openresty/nginx/conf/fastcgi.conf backup = opt/openresty/nginx/conf/fastcgi_params backup = opt/openresty/nginx/conf/koi-win @@ -23,16 +26,16 @@ pkgbase = openresty backup = opt/openresty/nginx/conf/uwsgi_params backup = opt/openresty/nginx/conf/win-utf backup = etc/logrotate.d/openresty - source = https://openresty.org/download/openresty-1.11.2.2.tar.gz - source = https://openresty.org/download/openresty-1.11.2.2.tar.gz.asc + source = openresty::git+https://github.com/openresty/openresty.git source = service source = openresty.logrotate source = openresty.install - sha256sums = 7f9ca62cfa1e4aedf29df9169aed0395fd1b90de254139996e554367db4d5a01 + source = openssl-1.1.0.patch sha256sums = SKIP sha256sums = ec55ac7da98f5f5ec54d096c5f79b656edec0ebca835b6b9f1d20fb7be7119c5 sha256sums = 613b0ed3fe4b5ee505ddb5122ee41604f464a5049be81c97601ee93970763a23 sha256sums = f071e0fd8d0d588f03fcc7db6f3cb3f7ea1b870d3416a0bde142d9aeb839d0f6 + sha256sums = 30fc7d2896dfe7d922964fd159b756a81b1f853a6b29cb7786e8acbef8c647e4 -pkgname = openresty +pkgname = openresty-git diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000000..43316bc3c124 --- /dev/null +++ b/.gitignore @@ -0,0 +1,27 @@ +# From: https://github.com/github/gitignore/blob/master/ArchLinuxPackages.gitignore + +*.tar +*.tar.* +*.zip +*.tgz +*.log +*.log.* +*.sig + +# makepkg working folders +pkg +src + +# +# Additional ignore patterns: +# + +# Source files +*.deb +*.gem +*.out +*.rpm +*.html + +# Ignore package source folders +*/* @@ -1,29 +1,38 @@ -# Maintainer: Daichi Shinozaki <dseg@shield.jp> +# Maintainer: James An <james@jamesan.ca> +# Contributor: Daichi Shinozaki <dseg@shield.jp> # Contributor: Jean-Sébastien Ney <jeansebastien.ney@gmail.com> # Contributor: James Cleveland <jc@blackflags.co.uk> # Contributor: Eimantas Bunevičius <eimantaster@gmail.com> -_cfgdir=/opt/openresty/nginx/conf -_tmpdir=/var/lib/openresty -pkgname=openresty -pkgver=1.11.2.2 + +# Based on the AUR package @ https://aur.archlinux.org/openresty.git. + +pkgname=openresty-git +_pkgname=${pkgname%-git} +_cfgdir=/opt/$_pkgname/nginx/conf +_tmpdir=/var/lib/$_pkgname +pkgver=1.11.2.2.r32.g78af48d +_pkgver=1 pkgrel=1 pkgdesc="A Fast and Scalable Web Platform by Extending NGINX with Lua" arch=('i686' 'x86_64') url="http://openresty.org/" license=('BSD') depends=('perl>=5.6.1' 'readline' 'pcre' 'openssl') -install=$pkgname.install -source=(https://openresty.org/download/$pkgname-$pkgver.tar.gz{,.asc} +makedepends=('dos2unix' 'git' 'mercurial') +provides=("$_pkgname=$pkgver") +conflicts=("$_pkgname") +install=$_pkgname.install +source=("$_pkgname"::"git+https://github.com/$_pkgname/$_pkgname.git" service - $pkgname.logrotate - $pkgname.install) + $_pkgname.logrotate + $_pkgname.install + openssl-1.1.0.patch) noextract=() -validpgpkeys=('25451EB088460026195BD62CB550E09EA0E98066') -sha256sums=('7f9ca62cfa1e4aedf29df9169aed0395fd1b90de254139996e554367db4d5a01' - 'SKIP' +sha256sums=('SKIP' 'ec55ac7da98f5f5ec54d096c5f79b656edec0ebca835b6b9f1d20fb7be7119c5' '613b0ed3fe4b5ee505ddb5122ee41604f464a5049be81c97601ee93970763a23' - 'f071e0fd8d0d588f03fcc7db6f3cb3f7ea1b870d3416a0bde142d9aeb839d0f6') + 'f071e0fd8d0d588f03fcc7db6f3cb3f7ea1b870d3416a0bde142d9aeb839d0f6' + '30fc7d2896dfe7d922964fd159b756a81b1f853a6b29cb7786e8acbef8c647e4') backup=(${_cfgdir:1}/fastcgi.conf ${_cfgdir:1}/fastcgi_params ${_cfgdir:1}/koi-win @@ -35,8 +44,29 @@ backup=(${_cfgdir:1}/fastcgi.conf ${_cfgdir:1}/win-utf etc/logrotate.d/openresty) +pkgver() { + cd "$_pkgname" + ( + set -o pipefail + git describe --long --tag | sed -r 's/^v//;s/([^-]*-g)/r\1/;s/-/./g' || + printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)" + ) + _pkgver=$(./util/ver) +} + +prepare() { + cd "$_pkgname" + echo $_pkgver + + patch -p1 -i ../openssl-1.1.0.patch + make +} + build() { - cd "$srcdir/$pkgname-$pkgver" + cd "$srcdir/$_pkgname" + echo $_pkgver + + cd $_pkgname-$(./util/ver) ./configure \ --prefix=/opt/openresty \ @@ -209,9 +239,11 @@ build() { } package() { - cd "$srcdir/$pkgname-$pkgver" + cd "$srcdir/$_pkgname" + cd $_pkgname-$(./util/ver) + make DESTDIR="$pkgdir" install - install -Dm644 COPYRIGHT $pkgdir/usr/share/licenses/$pkgname/LICENSE + install -Dm644 COPYRIGHT $pkgdir/usr/share/licenses/$_pkgname/LICENSE install -d "$pkgdir"/etc/logrotate.d install -m644 "$srcdir"/openresty.logrotate "$pkgdir"/etc/logrotate.d/openresty install -d "$pkgdir"/$_tmpdir diff --git a/openssl-1.1.0.patch b/openssl-1.1.0.patch new file mode 100644 index 000000000000..c9a8235112ee --- /dev/null +++ b/openssl-1.1.0.patch @@ -0,0 +1,255 @@ +diff --git a/patches/nginx-1.11.2-guarded_SSL_R_NO_CIPHERS_PASSED_not_present_in_OpenSSL_1.1.0.patch b/patches/nginx-1.11.2-guarded_SSL_R_NO_CIPHERS_PASSED_not_present_in_OpenSSL_1.1.0.patch +new file mode 100644 +index 0000000..fd59562 +--- /dev/null ++++ b/patches/nginx-1.11.2-guarded_SSL_R_NO_CIPHERS_PASSED_not_present_in_OpenSSL_1.1.0.patch +@@ -0,0 +1,23 @@ ++# HG changeset patch ++# User Sergey Kandaurov <pluknet@nginx.com> ++# Date 1470653089 -10800 ++# Node ID 1891b2892b68223dcc8f6bec7205d0d8c03682d5 ++# Parent 7d4e33092e2abe92f0b904e5dadad4728eb12257 ++SSL: guarded SSL_R_NO_CIPHERS_PASSED not present in OpenSSL 1.1.0. ++ ++It was removed in OpenSSL 1.1.0 Beta 3 (pre-release 6). It was ++not used since OpenSSL 1.0.1n and 1.0.2b. ++ ++diff -r 7d4e33092e2a -r 1891b2892b68 src/event/ngx_event_openssl.c ++--- a/src/event/ngx_event_openssl.c Thu Aug 04 23:43:10 2016 +0300 +++++ b/src/event/ngx_event_openssl.c Mon Aug 08 13:44:49 2016 +0300 ++@@ -2023,7 +2023,9 @@ ++ || n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST /* 151 */ ++ || n == SSL_R_EXCESSIVE_MESSAGE_SIZE /* 152 */ ++ || n == SSL_R_LENGTH_MISMATCH /* 159 */ +++#ifdef SSL_R_NO_CIPHERS_PASSED ++ || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ +++#endif ++ || n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */ ++ || n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */ ++ || n == SSL_R_NO_SHARED_CIPHER /* 193 */ +diff --git a/patches/ngx_http_encrypted_session-0.06-init_cipher_ctx_indirectly.patch b/patches/ngx_http_encrypted_session-0.06-init_cipher_ctx_indirectly.patch +new file mode 100644 +index 0000000..3a1b7d6 +--- /dev/null ++++ b/patches/ngx_http_encrypted_session-0.06-init_cipher_ctx_indirectly.patch +@@ -0,0 +1,119 @@ ++diff --git a/src/ngx_http_encrypted_session_cipher.c b/src/ngx_http_encrypted_session_cipher.c ++index 5c8da81..3f2fed8 100644 ++--- a/src/ngx_http_encrypted_session_cipher.c +++++ b/src/ngx_http_encrypted_session_cipher.c ++@@ -26,7 +26,7 @@ ++ const u_char *in, size_t in_len, ngx_uint_t expires, u_char **dst, ++ size_t *dst_len) ++ { ++- EVP_CIPHER_CTX ctx; +++ EVP_CIPHER_CTX *ctx; ++ const EVP_CIPHER *cipher; ++ u_char *p, *data; ++ int ret; ++@@ -39,7 +39,7 @@ ++ return NGX_ERROR; ++ } ++ ++- EVP_CIPHER_CTX_init(&ctx); +++ EVP_CIPHER_CTX_init(ctx); ++ ++ cipher = EVP_aes_256_cbc(); ++ ++@@ -83,28 +83,28 @@ ++ ++ p += MD5_DIGEST_LENGTH; ++ ++- ret = EVP_EncryptInit(&ctx, cipher, key, iv); +++ ret = EVP_EncryptInit(ctx, cipher, key, iv); ++ if (!ret) { ++ goto evp_error; ++ } ++ ++ /* encrypt the raw input data */ ++ ++- ret = EVP_EncryptUpdate(&ctx, p, &len, data, data_size); +++ ret = EVP_EncryptUpdate(ctx, p, &len, data, data_size); ++ if (!ret) { ++ goto evp_error; ++ } ++ ++ p += len; ++ ++- ret = EVP_EncryptFinal(&ctx, p, &len); +++ ret = EVP_EncryptFinal(ctx, p, &len); ++ if (!ret) { ++ return NGX_ERROR; ++ } ++ ++ /* XXX we should still explicitly release the ctx ++ * or we'll leak memory here */ ++- EVP_CIPHER_CTX_cleanup(&ctx); +++ EVP_CIPHER_CTX_cleanup(ctx); ++ ++ p += len; ++ ++@@ -121,7 +121,7 @@ ++ ++ evp_error: ++ ++- EVP_CIPHER_CTX_cleanup(&ctx); +++ EVP_CIPHER_CTX_cleanup(ctx); ++ ++ return NGX_ERROR; ++ } ++@@ -132,7 +132,7 @@ ++ const u_char *iv, size_t iv_len, const u_char *key, size_t key_len, ++ const u_char *in, size_t in_len, u_char **dst, size_t *dst_len) ++ { ++- EVP_CIPHER_CTX ctx; +++ EVP_CIPHER_CTX *ctx; ++ const EVP_CIPHER *cipher; ++ int ret; ++ size_t block_size, buf_size; ++@@ -152,11 +152,11 @@ ++ ++ digest = in; ++ ++- EVP_CIPHER_CTX_init(&ctx); +++ EVP_CIPHER_CTX_init(ctx); ++ ++ cipher = EVP_aes_256_cbc(); ++ ++- ret = EVP_DecryptInit(&ctx, cipher, key, iv); +++ ret = EVP_DecryptInit(ctx, cipher, key, iv); ++ if (!ret) { ++ goto evp_error; ++ } ++@@ -173,7 +173,7 @@ ++ ++ *dst = p; ++ ++- ret = EVP_DecryptUpdate(&ctx, p, &len, in + MD5_DIGEST_LENGTH, +++ ret = EVP_DecryptUpdate(ctx, p, &len, in + MD5_DIGEST_LENGTH, ++ in_len - MD5_DIGEST_LENGTH); ++ ++ if (!ret) { ++@@ -183,11 +183,11 @@ ++ ++ p += len; ++ ++- ret = EVP_DecryptFinal(&ctx, p, &len); +++ ret = EVP_DecryptFinal(ctx, p, &len); ++ ++ /* XXX we should still explicitly release the ctx ++ * or we'll leak memory here */ ++- EVP_CIPHER_CTX_cleanup(&ctx); +++ EVP_CIPHER_CTX_cleanup(ctx); ++ ++ if (!ret) { ++ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, log, 0, ++@@ -249,7 +249,7 @@ ++ ++ evp_error: ++ ++- EVP_CIPHER_CTX_cleanup(&ctx); +++ EVP_CIPHER_CTX_cleanup(ctx); ++ ++ return NGX_ERROR; ++ } +diff --git a/patches/ngx_lua-0.10.8-support_openssl_1.1.0.patch b/patches/ngx_lua-0.10.8-support_openssl_1.1.0.patch +new file mode 100644 +index 0000000..bcfb25e +--- /dev/null ++++ b/patches/ngx_lua-0.10.8-support_openssl_1.1.0.patch +@@ -0,0 +1,56 @@ ++diff --git a/src/ngx_http_lua_ssl_ocsp.c b/src/ngx_http_lua_ssl_ocsp.c ++index 3904aa8e..71d40e74 100644 ++--- a/src/ngx_http_lua_ssl_ocsp.c +++++ b/src/ngx_http_lua_ssl_ocsp.c ++@@ -468,7 +468,11 @@ ngx_http_lua_ffi_ssl_set_ocsp_status_resp(ngx_http_request_t *r, ++ return NGX_ERROR; ++ } ++ +++#ifdef SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE +++ if (SSL_get_tlsext_status_type(ssl_conn) == -1) { +++#else ++ if (ssl_conn->tlsext_status_type == -1) { +++#endif ++ dd("no ocsp status req from client"); ++ return NGX_DECLINED; ++ } ++@@ -490,7 +494,11 @@ ngx_http_lua_ffi_ssl_set_ocsp_status_resp(ngx_http_request_t *r, ++ ++ dd("set ocsp resp: resp_len=%d", (int) resp_len); ++ (void) SSL_set_tlsext_status_ocsp_resp(ssl_conn, p, resp_len); +++#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE +++ SSL_set_tlsext_status_type(ssl_conn, TLSEXT_STATUSTYPE_ocsp); +++#else ++ ssl_conn->tlsext_status_expected = 1; +++#endif ++ ++ return NGX_OK; ++ ++diff --git a/src/ngx_http_lua_ssl_session_storeby.c b/src/ngx_http_lua_ssl_session_storeby.c ++index b5596bc7..6e132a31 100644 ++--- a/src/ngx_http_lua_ssl_session_storeby.c +++++ b/src/ngx_http_lua_ssl_session_storeby.c ++@@ -172,6 +172,8 @@ int ++ ngx_http_lua_ssl_sess_store_handler(ngx_ssl_conn_t *ssl_conn, ++ ngx_ssl_session_t *sess) ++ { +++ const u_char *sess_id; +++ unsigned int sess_id_len; ++ lua_State *L; ++ ngx_int_t rc; ++ ngx_connection_t *c, *fc = NULL; ++@@ -246,11 +248,12 @@ ngx_http_lua_ssl_sess_store_handler(ngx_ssl_conn_t *ssl_conn, ++ } ++ } ++ +++ sess_id = SSL_SESSION_get_id(sess, &sess_id_len); ++ cctx->connection = c; ++ cctx->request = r; ++ cctx->session = sess; ++- cctx->session_id.data = sess->session_id; ++- cctx->session_id.len = sess->session_id_length; +++ cctx->session_id.data = (u_char *) sess_id; +++ cctx->session_id.len = sess_id_len; ++ cctx->done = 0; ++ ++ dd("setting cctx"); +diff --git a/util/mirror-tarballs b/util/mirror-tarballs +index 2da01f1..cf09f99 100755 +--- a/util/mirror-tarballs ++++ b/util/mirror-tarballs +@@ -335,6 +335,8 @@ echo + + echo "$info_txt applying the safe_resolver_ipv6_option patch for nginx" + patch -p1 < $root/patches/nginx-$main_ver-safe_resolver_ipv6_option.patch || exit 1 ++echo "$info_txt applying the guarded_SSL_R_NO_CIPHERS_PASSED_not_present_in_OpenSSL_1.1.0 patch for nginx" ++patch -p1 < $root/patches/nginx-$main_ver-guarded_SSL_R_NO_CIPHERS_PASSED_not_present_in_OpenSSL_1.1.0.patch || exit 1 + echo + + cp $root/html/index.html docs/html/ || exit 1 +@@ -412,6 +414,12 @@ $root/util/get-tarball "https://github.com/openresty/lua-nginx-module/tarball/v$ + tar -xzf lua-nginx-module-$ver.tar.gz || exit 1 + mv openresty-lua-nginx-module-* ngx_lua-$ver || exit 1 + ++cd ngx_lua-$ver ++echo "applying ngx_lua-$ver-support_openssl_1.1.0.patch" ++patch -p1 < $root/patches/ngx_lua-$ver-support_openssl_1.1.0.patch || exit 1 ++echo ++cd .. ++ + ################################# + + ver=0.06 +@@ -461,6 +469,12 @@ $root/util/get-tarball "https://github.com/openresty/encrypted-session-nginx-mod + tar -xzf encrypted-session-nginx-module-$ver.tar.gz || exit 1 + mv openresty-encrypted-session-nginx-module-* encrypted-session-nginx-module-$ver || exit 1 + ++cd encrypted-session-nginx-module-$ver ++echo "applying ngx_http_encrypted_session-$ver-init_cipher_ctx_indirectly.patch" ++patch -p1 < $root/patches/ngx_http_encrypted_session-$ver-init_cipher_ctx_indirectly.patch || exit 1 ++echo ++cd .. ++ + ################################# + + |