summarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.SRCINFO19
-rw-r--r--PKGBUILD26
-rw-r--r--build-fix.patch16
-rwxr-xr-xpixelserv-ca-init.sh31
-rw-r--r--pixelserv-tls.install30
5 files changed, 91 insertions, 31 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 16ec2d4a8adc..46bbd2c0540e 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,18 +1,19 @@
pkgbase = pixelserv-tls
pkgdesc = A tiny bespoke webserver for adblock with HTTP/1.1 and HTTPS support
- pkgver = 2.2.0
- pkgrel = 4
- url = https://kazoo.ga/pixelserv-tls/
+ pkgver = 2.4
+ pkgrel = 3
+ url = https://github.com/kvic-z/pixelserv-tls
install = pixelserv-tls.install
arch = any
- license = GPL3
+ license = LGPL-3.0-only
depends = openssl>=1.0.2
- source = pixelserv-tls-2.2.0.tar.gz::https://github.com/kvic-z/pixelserv-tls/archive/2.2.0.tar.gz
+ source = pixelserv-tls-2.4.tar.gz::https://github.com/kvic-z/pixelserv-tls/archive/2.4.tar.gz
source = pixelserv-ca-init.sh
source = pixelserv-tls.service
- md5sums = fee16251b14fef4509476685e364c360
- md5sums = a1c0b49b4e2e6653dbf96239ecc31c55
- md5sums = 70e0895550f301303e09eb5dfabdde42
+ source = build-fix.patch
+ b2sums = cec2a713c21b98083c5f00b05a49dae50d5f16f6b1014f0635558ce26d29c11e64a1178fc687234810d33267b5d30d1bea2ce0be9407d102a7b44f4501d92eaa
+ b2sums = df250241026b758470b3477e089b54552d74b3ee7b138675349a0c3ab2e76fbe5b09c2e6b7cf3cec40318866b28dbd44cc70dc7707c075dcaceb28803097aa88
+ b2sums = d5a7f2c193de9685e8daffedee45619d08b3192c53152302fcd9d97d75338a9906030c3511131872f4d4c7946e1d6e9e5dbb1d9918e3d6c011c0b6278e8b1118
+ b2sums = 2a9c40c6749a3c72b87267a6e6c0d076378a756176aad5fe964202d6a6fb21150b9a54564ec4259103b35223e2cdaf855c886648368be2ca7c2dd504bf58f6e1
pkgname = pixelserv-tls
-
diff --git a/PKGBUILD b/PKGBUILD
index 3ad0e07c876a..5d3097318650 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,21 +1,27 @@
-# Maintainer: Zhanibek Adilbekov <zhanibek.adilbekov@protornmail.com>
+# Maintainer: Zhanibek Adilbekov <zhanibek.adilbekov@proton.me>
pkgname=pixelserv-tls
-pkgver=2.2.0
-pkgrel=4
+pkgver=2.4
+pkgrel=3
pkgdesc="A tiny bespoke webserver for adblock with HTTP/1.1 and HTTPS support"
arch=('any')
-url="https://kazoo.ga/pixelserv-tls/"
-license=('GPL3')
+url="https://github.com/kvic-z/pixelserv-tls"
+license=('LGPL-3.0-only')
depends=('openssl>=1.0.2')
-install="$pkgname.install"
+install=$pkgname.install
source=(
"$pkgname-$pkgver.tar.gz::https://github.com/kvic-z/pixelserv-tls/archive/$pkgver.tar.gz"
"pixelserv-ca-init.sh"
- "pixelserv-tls.service")
-md5sums=('fee16251b14fef4509476685e364c360'
- 'a1c0b49b4e2e6653dbf96239ecc31c55'
- '70e0895550f301303e09eb5dfabdde42')
+ "pixelserv-tls.service"
+ "build-fix.patch")
+b2sums=('cec2a713c21b98083c5f00b05a49dae50d5f16f6b1014f0635558ce26d29c11e64a1178fc687234810d33267b5d30d1bea2ce0be9407d102a7b44f4501d92eaa'
+ 'df250241026b758470b3477e089b54552d74b3ee7b138675349a0c3ab2e76fbe5b09c2e6b7cf3cec40318866b28dbd44cc70dc7707c075dcaceb28803097aa88'
+ 'd5a7f2c193de9685e8daffedee45619d08b3192c53152302fcd9d97d75338a9906030c3511131872f4d4c7946e1d6e9e5dbb1d9918e3d6c011c0b6278e8b1118'
+ '2a9c40c6749a3c72b87267a6e6c0d076378a756176aad5fe964202d6a6fb21150b9a54564ec4259103b35223e2cdaf855c886648368be2ca7c2dd504bf58f6e1')
+prepare() {
+ cd "$pkgname-$pkgver"
+ patch --forward --strip=1 --input="${srcdir}/build-fix.patch"
+}
build() {
cd "$pkgname-$pkgver"
diff --git a/build-fix.patch b/build-fix.patch
new file mode 100644
index 000000000000..95e8ce8509e4
--- /dev/null
+++ b/build-fix.patch
@@ -0,0 +1,16 @@
+diff '--color=auto' --unified --recursive --text pixelserv-tls-2.4/pixelserv.c pixelserv-tls-2.4-fix/pixelserv.c
+--- pixelserv-tls-2.4/pixelserv.c 2023-02-15 15:39:19.168783894 +0600
++++ pixelserv-tls-2.4-fix/pixelserv.c 2023-02-15 15:38:40.247906442 +0600
+@@ -820,10 +820,9 @@
+ break;
+ /* fall through */
+ default:
+- log_msg(LGG_WARNING, "handshake failed: client %s:%s server %s. Lib(%d) Func(%d) Reason(%d)",
++ log_msg(LGG_WARNING, "handshake failed: client %s:%s server %s. Lib(%d) Reason(%d)",
+ ip_buf, port_buf, t->servername,
+- ERR_GET_LIB(ERR_peek_last_error()), ERR_GET_FUNC(ERR_peek_last_error()),
+- ERR_GET_REASON(ERR_peek_last_error()));
++ ERR_GET_LIB(ERR_peek_last_error()), ERR_GET_REASON(ERR_peek_last_error()));
+ }
+ break;
+ case SSL_ERROR_SYSCALL:
diff --git a/pixelserv-ca-init.sh b/pixelserv-ca-init.sh
index 74d7066277be..bdd15161be0e 100755
--- a/pixelserv-ca-init.sh
+++ b/pixelserv-ca-init.sh
@@ -1,10 +1,31 @@
-#!/bin/sh
+#!/bin/env bash
+
+# target directory
+TARGET_DIR='/var/cache/pixelserv'
+
+# ensure the target directory exists
+if [[ -d "$TARGET_DIR" ]]; then
+ echo "$TARGET_DIR already exists. Consider to remove it before generating new certificates"
+else
+ sudo mkdir -pv "$TARGET_DIR"
+fi
+
+# check the ownership of the directory
+if [[ "$(stat -c '%U' "$TARGET_DIR")" != 'nobody' ]]; then
+ sudo chown -vR nobody:root "$TARGET_DIR"
+fi
+
+# check directory permissions
+if [[ "$(stat -c '%A' "$TARGET_DIR")" =~ '---$' ]]; then
+ sudo chmod -vR o-rwx "$TARGET_DIR"
+fi
# generate cert
-sudo -u nobody openssl genrsa -out /var/cache/pixelserv/ca.key 1024
-sudo -u nobody openssl req -key /var/cache/pixelserv/ca.key -new -x509 -days 3650 -sha256 \
- -extensions v3_ca -out /var/cache/pixelserv/ca.crt -subj "/CN=Pixelserv CA"
+sudo -u nobody openssl genrsa -out "$TARGET_DIR"/ca.key 2048
+sudo -u nobody openssl req -key "$TARGET_DIR"/ca.key -new -x509 -days 3650 -sha256 \
+ -extensions v3_ca -config /etc/ssl/openssl.cnf \
+ -out "$TARGET_DIR"/ca.crt -subj "/CN=Pixelserv CA"
# trust cert
-sudo cp /var/cache/pixelserv/ca.crt /usr/share/ca-certificates/trust-source/anchors/ca.pixelserv.crt
+sudo cp "$TARGET_DIR"/ca.crt /usr/share/ca-certificates/trust-source/anchors/ca.pixelserv.crt
sudo trust extract-compat
diff --git a/pixelserv-tls.install b/pixelserv-tls.install
index 82b3320854cd..07299d03f394 100644
--- a/pixelserv-tls.install
+++ b/pixelserv-tls.install
@@ -1,11 +1,26 @@
# arg 1: the new package version
post_install() {
- if [ ! -d /var/cache/pixelserv ]; then
- /bin/mkdir /var/cache/pixelserv
+ # target directory
+ TARGET_DIR='/var/cache/pixelserv'
+
+ # ensure the target directory exists
+ if [[ -d "$TARGET_DIR" ]]; then
+ echo "$TARGET_DIR already exists. Consider to remove it before generating new certificates"
+ else
+ sudo mkdir -pv "$TARGET_DIR"
+ fi
+
+ # check the ownership of the directory
+ if [[ "$(stat -c '%U' "$TARGET_DIR")" != 'nobody' ]]; then
+ sudo chown -vR nobody:root "$TARGET_DIR"
fi
- /bin/chown -R nobody:root /var/cache/pixelserv
- /bin/chmod -R 755 /var/cache/pixelserv
-cat << EOF
+
+ # check directory permissions
+ if [[ "$(stat -c '%A' "$TARGET_DIR")" =~ '---$' ]]; then
+ sudo chmod -vR o-rwx "$TARGET_DIR"
+ fi
+
+ cat <<EOF
In order to use pixelserv-tls you need to:
1. create root CA certificate https://git.io/vNuoH
@@ -37,7 +52,8 @@ post_upgrade() {
# arg 1: the old package version
post_remove() {
-cat << EOF
+ TARGET_DIR='/var/cache/pixelserv'
+ cat <<EOF
If you won't use pixelserv-tls anymore you may remove "Pixelserv CA" certificate
and pixelserv-tls's cert folder using:
@@ -45,7 +61,7 @@ cat << EOF
rm /usr/share/ca-certificates/trust-source/anchors/ca.pixelserv.crt
trust extract-compat
- rm -rf /var/cache/pixelserv
+ rm -rf $TARGET_DIR
EOF
}