diff options
-rw-r--r-- | .SRCINFO | 19 | ||||
-rw-r--r-- | PKGBUILD | 26 | ||||
-rw-r--r-- | build-fix.patch | 16 | ||||
-rwxr-xr-x | pixelserv-ca-init.sh | 31 | ||||
-rw-r--r-- | pixelserv-tls.install | 30 |
5 files changed, 91 insertions, 31 deletions
@@ -1,18 +1,19 @@ pkgbase = pixelserv-tls pkgdesc = A tiny bespoke webserver for adblock with HTTP/1.1 and HTTPS support - pkgver = 2.2.0 - pkgrel = 4 - url = https://kazoo.ga/pixelserv-tls/ + pkgver = 2.4 + pkgrel = 3 + url = https://github.com/kvic-z/pixelserv-tls install = pixelserv-tls.install arch = any - license = GPL3 + license = LGPL-3.0-only depends = openssl>=1.0.2 - source = pixelserv-tls-2.2.0.tar.gz::https://github.com/kvic-z/pixelserv-tls/archive/2.2.0.tar.gz + source = pixelserv-tls-2.4.tar.gz::https://github.com/kvic-z/pixelserv-tls/archive/2.4.tar.gz source = pixelserv-ca-init.sh source = pixelserv-tls.service - md5sums = fee16251b14fef4509476685e364c360 - md5sums = a1c0b49b4e2e6653dbf96239ecc31c55 - md5sums = 70e0895550f301303e09eb5dfabdde42 + source = build-fix.patch + b2sums = cec2a713c21b98083c5f00b05a49dae50d5f16f6b1014f0635558ce26d29c11e64a1178fc687234810d33267b5d30d1bea2ce0be9407d102a7b44f4501d92eaa + b2sums = df250241026b758470b3477e089b54552d74b3ee7b138675349a0c3ab2e76fbe5b09c2e6b7cf3cec40318866b28dbd44cc70dc7707c075dcaceb28803097aa88 + b2sums = d5a7f2c193de9685e8daffedee45619d08b3192c53152302fcd9d97d75338a9906030c3511131872f4d4c7946e1d6e9e5dbb1d9918e3d6c011c0b6278e8b1118 + b2sums = 2a9c40c6749a3c72b87267a6e6c0d076378a756176aad5fe964202d6a6fb21150b9a54564ec4259103b35223e2cdaf855c886648368be2ca7c2dd504bf58f6e1 pkgname = pixelserv-tls - @@ -1,21 +1,27 @@ -# Maintainer: Zhanibek Adilbekov <zhanibek.adilbekov@protornmail.com> +# Maintainer: Zhanibek Adilbekov <zhanibek.adilbekov@proton.me> pkgname=pixelserv-tls -pkgver=2.2.0 -pkgrel=4 +pkgver=2.4 +pkgrel=3 pkgdesc="A tiny bespoke webserver for adblock with HTTP/1.1 and HTTPS support" arch=('any') -url="https://kazoo.ga/pixelserv-tls/" -license=('GPL3') +url="https://github.com/kvic-z/pixelserv-tls" +license=('LGPL-3.0-only') depends=('openssl>=1.0.2') -install="$pkgname.install" +install=$pkgname.install source=( "$pkgname-$pkgver.tar.gz::https://github.com/kvic-z/pixelserv-tls/archive/$pkgver.tar.gz" "pixelserv-ca-init.sh" - "pixelserv-tls.service") -md5sums=('fee16251b14fef4509476685e364c360' - 'a1c0b49b4e2e6653dbf96239ecc31c55' - '70e0895550f301303e09eb5dfabdde42') + "pixelserv-tls.service" + "build-fix.patch") +b2sums=('cec2a713c21b98083c5f00b05a49dae50d5f16f6b1014f0635558ce26d29c11e64a1178fc687234810d33267b5d30d1bea2ce0be9407d102a7b44f4501d92eaa' + 'df250241026b758470b3477e089b54552d74b3ee7b138675349a0c3ab2e76fbe5b09c2e6b7cf3cec40318866b28dbd44cc70dc7707c075dcaceb28803097aa88' + 'd5a7f2c193de9685e8daffedee45619d08b3192c53152302fcd9d97d75338a9906030c3511131872f4d4c7946e1d6e9e5dbb1d9918e3d6c011c0b6278e8b1118' + '2a9c40c6749a3c72b87267a6e6c0d076378a756176aad5fe964202d6a6fb21150b9a54564ec4259103b35223e2cdaf855c886648368be2ca7c2dd504bf58f6e1') +prepare() { + cd "$pkgname-$pkgver" + patch --forward --strip=1 --input="${srcdir}/build-fix.patch" +} build() { cd "$pkgname-$pkgver" diff --git a/build-fix.patch b/build-fix.patch new file mode 100644 index 000000000000..95e8ce8509e4 --- /dev/null +++ b/build-fix.patch @@ -0,0 +1,16 @@ +diff '--color=auto' --unified --recursive --text pixelserv-tls-2.4/pixelserv.c pixelserv-tls-2.4-fix/pixelserv.c +--- pixelserv-tls-2.4/pixelserv.c 2023-02-15 15:39:19.168783894 +0600 ++++ pixelserv-tls-2.4-fix/pixelserv.c 2023-02-15 15:38:40.247906442 +0600 +@@ -820,10 +820,9 @@ + break; + /* fall through */ + default: +- log_msg(LGG_WARNING, "handshake failed: client %s:%s server %s. Lib(%d) Func(%d) Reason(%d)", ++ log_msg(LGG_WARNING, "handshake failed: client %s:%s server %s. Lib(%d) Reason(%d)", + ip_buf, port_buf, t->servername, +- ERR_GET_LIB(ERR_peek_last_error()), ERR_GET_FUNC(ERR_peek_last_error()), +- ERR_GET_REASON(ERR_peek_last_error())); ++ ERR_GET_LIB(ERR_peek_last_error()), ERR_GET_REASON(ERR_peek_last_error())); + } + break; + case SSL_ERROR_SYSCALL: diff --git a/pixelserv-ca-init.sh b/pixelserv-ca-init.sh index 74d7066277be..bdd15161be0e 100755 --- a/pixelserv-ca-init.sh +++ b/pixelserv-ca-init.sh @@ -1,10 +1,31 @@ -#!/bin/sh +#!/bin/env bash + +# target directory +TARGET_DIR='/var/cache/pixelserv' + +# ensure the target directory exists +if [[ -d "$TARGET_DIR" ]]; then + echo "$TARGET_DIR already exists. Consider to remove it before generating new certificates" +else + sudo mkdir -pv "$TARGET_DIR" +fi + +# check the ownership of the directory +if [[ "$(stat -c '%U' "$TARGET_DIR")" != 'nobody' ]]; then + sudo chown -vR nobody:root "$TARGET_DIR" +fi + +# check directory permissions +if [[ "$(stat -c '%A' "$TARGET_DIR")" =~ '---$' ]]; then + sudo chmod -vR o-rwx "$TARGET_DIR" +fi # generate cert -sudo -u nobody openssl genrsa -out /var/cache/pixelserv/ca.key 1024 -sudo -u nobody openssl req -key /var/cache/pixelserv/ca.key -new -x509 -days 3650 -sha256 \ - -extensions v3_ca -out /var/cache/pixelserv/ca.crt -subj "/CN=Pixelserv CA" +sudo -u nobody openssl genrsa -out "$TARGET_DIR"/ca.key 2048 +sudo -u nobody openssl req -key "$TARGET_DIR"/ca.key -new -x509 -days 3650 -sha256 \ + -extensions v3_ca -config /etc/ssl/openssl.cnf \ + -out "$TARGET_DIR"/ca.crt -subj "/CN=Pixelserv CA" # trust cert -sudo cp /var/cache/pixelserv/ca.crt /usr/share/ca-certificates/trust-source/anchors/ca.pixelserv.crt +sudo cp "$TARGET_DIR"/ca.crt /usr/share/ca-certificates/trust-source/anchors/ca.pixelserv.crt sudo trust extract-compat diff --git a/pixelserv-tls.install b/pixelserv-tls.install index 82b3320854cd..07299d03f394 100644 --- a/pixelserv-tls.install +++ b/pixelserv-tls.install @@ -1,11 +1,26 @@ # arg 1: the new package version post_install() { - if [ ! -d /var/cache/pixelserv ]; then - /bin/mkdir /var/cache/pixelserv + # target directory + TARGET_DIR='/var/cache/pixelserv' + + # ensure the target directory exists + if [[ -d "$TARGET_DIR" ]]; then + echo "$TARGET_DIR already exists. Consider to remove it before generating new certificates" + else + sudo mkdir -pv "$TARGET_DIR" + fi + + # check the ownership of the directory + if [[ "$(stat -c '%U' "$TARGET_DIR")" != 'nobody' ]]; then + sudo chown -vR nobody:root "$TARGET_DIR" fi - /bin/chown -R nobody:root /var/cache/pixelserv - /bin/chmod -R 755 /var/cache/pixelserv -cat << EOF + + # check directory permissions + if [[ "$(stat -c '%A' "$TARGET_DIR")" =~ '---$' ]]; then + sudo chmod -vR o-rwx "$TARGET_DIR" + fi + + cat <<EOF In order to use pixelserv-tls you need to: 1. create root CA certificate https://git.io/vNuoH @@ -37,7 +52,8 @@ post_upgrade() { # arg 1: the old package version post_remove() { -cat << EOF + TARGET_DIR='/var/cache/pixelserv' + cat <<EOF If you won't use pixelserv-tls anymore you may remove "Pixelserv CA" certificate and pixelserv-tls's cert folder using: @@ -45,7 +61,7 @@ cat << EOF rm /usr/share/ca-certificates/trust-source/anchors/ca.pixelserv.crt trust extract-compat - rm -rf /var/cache/pixelserv + rm -rf $TARGET_DIR EOF } |