updpkg: nginx-mainline-boringssl 1.11.10-1

This commit is contained in:
kasei 2017-03-05 13:43:05 +08:00
parent 7cf70007f7
commit 355bbbc91a
No known key found for this signature in database
GPG key ID: 5F1BC1A1BF2B11D0
8 changed files with 175 additions and 176 deletions

View file

@ -1,54 +1,40 @@
# Generated by mksrcinfo v8
# Sun Apr 24 05:51:34 UTC 2016
pkgbase = nginx-mainline-boringssl
pkgdesc = lightweight HTTP server, statically linked against BoringSSL.
pkgver = 1.9.15
pkgdesc = Lightweight HTTP server and IMAP/POP3 proxy server, mainline release
pkgver = 1.11.10
pkgrel = 1
url = http://nginx.org
url = https://nginx.org
install = nginx.install
arch = i686
arch = x86_64
license = custom
makedepends = libxslt
makedepends = gd
makedepends = git
makedepends = cmake
makedepends = hardening-wrapper
depends = pcre
depends = zlib
depends = pam
depends = gd
depends = hardening-wrapper
depends = libxslt
depends = go
depends = openssl
depends = geoip
provides = nginx
conflicts = nginx
conflicts = nginx-libressl
conflicts = nginx-unstable
conflicts = nginx-svn
conflicts = nginx-devel
conflicts = nginx-custom-dev
conflicts = nginx-full
backup = etc/nginx/nginx.conf
backup = etc/nginx/koi-win
backup = etc/nginx/koi-utf
backup = etc/nginx/win-utf
backup = etc/nginx/mime.types
backup = etc/nginx/fastcgi.conf
backup = etc/nginx/fastcgi_params
backup = etc/nginx/koi-win
backup = etc/nginx/koi-utf
backup = etc/nginx/mime.types
backup = etc/nginx/nginx.conf
backup = etc/nginx/scgi_params
backup = etc/nginx/uwsgi_params
backup = etc/nginx/win-utf
backup = etc/logrotate.d/nginx
source = nginx.conf
source = nginx.logrotate
source = nginx.service
source = http://nginx.org/download/nginx-1.9.15.tar.gz
source = openssl.patch
source = https://nginx.org/download/nginx-1.11.10.tar.gz
source = https://nginx.org/download/nginx-1.11.10.tar.gz.asc
source = git+https://boringssl.googlesource.com/boringssl
sha256sums = 8d8e314da10411b29157066ea313fc080a145d2075df0c99a1d500ffc7e8b7d1
sha256sums = adcf6507abb2d4edbc50bd92f498ba297927eed0460d71633df94f79637aa786
sha256sums = 225228970d779e1403ba4314e3cd8d0d7d16f8c6d48d7a22f8384db040eb0bdf
sha256sums = cc89b277cc03f403c0b746d60aa5943cdecf59ae48278f8cb7e2df0cbdb6dac3
sha256sums = dc1ea1a0323759d49a7dc2c6173811bda319c36aa4a14b775d6f589fe9c6a4c2
sha256sums = SKIP
source = service
source = logrotate
validpgpkeys = B0F4253373F8F6F510D42178520A9993A1C052F8
md5sums = 6fb10f579055d27a2240d51c7d85c190
md5sums = SKIP
md5sums = SKIP
md5sums = ce9a06bcaf66ec4a3c4eb59b636e0dfd
md5sums = d6a6d4d819f03a675bacdfabd25aa37e
pkgname = nginx-mainline-boringssl

215
PKGBUILD
View file

@ -1,120 +1,139 @@
#base on aur/nginx-mainline-libressl
_pkgname="nginx"
_user="www"
_group="www"
_doc_root="/usr/share/${_pkgname}/http"
_sysconf_path="etc"
_conf_path="${_sysconf_path}/${_pkgname}"
_tmp_path="/var/spool/${_pkgname}"
_pid_path="/run"
_lock_path="/var/lock"
_log_path="/var/log/${_pkgname}"
# $Id: PKGBUILD 289024 2017-02-15 21:13:17Z bpiotrowski $
# Maintainer: Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
# Contributor: Sébastien Luttringer
# Contributor: Drew DeVault
# Contributor: Kasei Wang <cnsdwpc at gmail.com>
pkgname=nginx-mainline-boringssl
pkgver=1.9.15
pkgver=1.11.10
pkgrel=1
pkgdesc="lightweight HTTP server, statically linked against BoringSSL."
pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server, mainline release'
arch=('i686' 'x86_64')
depends=('pcre' 'zlib' 'pam' 'gd' 'hardening-wrapper' 'libxslt' 'go')
makedepends=(
'libxslt'
'gd'
'git'
'cmake'
)
url="http://nginx.org"
url='https://nginx.org'
license=('custom')
conflicts=('nginx' 'nginx-libressl' 'nginx-unstable' 'nginx-svn' 'nginx-devel' 'nginx-custom-dev' 'nginx-full')
depends=('pcre' 'zlib' 'openssl' 'geoip')
makedepends=('hardening-wrapper')
backup=('etc/nginx/fastcgi.conf'
'etc/nginx/fastcgi_params'
'etc/nginx/koi-win'
'etc/nginx/koi-utf'
'etc/nginx/mime.types'
'etc/nginx/nginx.conf'
'etc/nginx/scgi_params'
'etc/nginx/uwsgi_params'
'etc/nginx/win-utf'
'etc/logrotate.d/nginx')
install=nginx.install
provides=('nginx')
backup=("${_conf_path}/nginx.conf"
"${_conf_path}/koi-win"
"${_conf_path}/koi-utf"
"${_conf_path}/win-utf"
"${_conf_path}/mime.types"
"${_conf_path}/fastcgi.conf"
"${_conf_path}/fastcgi_params"
"${_conf_path}/scgi_params"
"${_conf_path}/uwsgi_params"
"etc/logrotate.d/nginx")
conflicts=('nginx')
source=($url/download/nginx-$pkgver.tar.gz{,.asc}
"git+https://boringssl.googlesource.com/boringssl"
"service"
"logrotate")
validpgpkeys=('B0F4253373F8F6F510D42178520A9993A1C052F8') # Maxim Dounin <mdounin@mdounin.ru>
md5sums=('6fb10f579055d27a2240d51c7d85c190'
'SKIP'
'SKIP'
'ce9a06bcaf66ec4a3c4eb59b636e0dfd'
'd6a6d4d819f03a675bacdfabd25aa37e')
source=( "nginx.conf"
"nginx.logrotate"
"nginx.service"
"http://nginx.org/download/nginx-$pkgver.tar.gz"
"openssl.patch"
"git+https://boringssl.googlesource.com/boringssl"
_common_flags=(
--with-pcre-jit
--with-file-aio
--with-http_addition_module
--with-http_auth_request_module
--with-http_dav_module
--with-http_degradation_module
--with-http_flv_module
--with-http_geoip_module
--with-http_gunzip_module
--with-http_gzip_static_module
--with-http_mp4_module
--with-http_realip_module
--with-http_secure_link_module
--with-http_slice_module
--with-http_ssl_module
--with-http_stub_status_module
--with-http_sub_module
--with-http_v2_module
--with-mail
--with-mail_ssl_module
--with-stream
--with-stream_ssl_module
--with-threads
)
sha256sums=('8d8e314da10411b29157066ea313fc080a145d2075df0c99a1d500ffc7e8b7d1'
'adcf6507abb2d4edbc50bd92f498ba297927eed0460d71633df94f79637aa786'
'225228970d779e1403ba4314e3cd8d0d7d16f8c6d48d7a22f8384db040eb0bdf'
'cc89b277cc03f403c0b746d60aa5943cdecf59ae48278f8cb7e2df0cbdb6dac3'
'dc1ea1a0323759d49a7dc2c6173811bda319c36aa4a14b775d6f589fe9c6a4c2'
'SKIP')
_mainline_flags=(
--with-stream_ssl_preread_module
--with-stream_geoip_module
--with-stream_realip_module
)
build() {
local _src_dir="${srcdir}/${_pkgname}-${pkgver}"
export CXXFLAGS="$CXXFLAGS -fPIC"
export CFLAGS="-Wno-error -fPIC"
cd ${srcdir}/boringssl
mkdir build && cd build && cmake ../ && make && cd ${srcdir}/boringssl
mkdir -p .openssl/lib && cd .openssl && ln -s ../include . && cd ../
cp ${srcdir}/boringssl/build/crypto/libcrypto.a ${srcdir}/boringssl/build/ssl/libssl.a .openssl/lib && cd ..
cd ${srcdir}/boringssl
mkdir build && cd build && cmake ../ && make && cd ${srcdir}/boringssl
mkdir -p .openssl/lib && cd .openssl && ln -s ../include . && cd ../
cp ${srcdir}/boringssl/build/crypto/libcrypto.a ${srcdir}/boringssl/build/ssl/libssl.a .openssl/lib && cd ..
cd $_src_dir
cd ${srcdir}/$provides-$pkgver
./configure \
--prefix=/etc/nginx \
--conf-path=/etc/nginx/nginx.conf \
--sbin-path=/usr/bin/nginx \
--pid-path=/run/nginx.pid \
--lock-path=/run/lock/nginx.lock \
--user=http \
--group=http \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=stderr \
--http-client-body-temp-path=/var/lib/nginx/client-body \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--with-openssl=${srcdir}/boringssl \
${_common_flags[@]} \
${_mainline_flags[@]}
./configure \
--prefix="/${_conf_path}" \
--conf-path="/${_conf_path}/nginx.conf" \
--sbin-path="/usr/bin/${_pkgname}" \
--pid-path="${_pid_path}/${_pkgname}.pid" \
--lock-path=${_pid_path}/${_pkgname}.lock \
--http-client-body-temp-path=${_tmp_path}/client_body_temp \
--http-proxy-temp-path=${_tmp_path}/proxy_temp \
--http-fastcgi-temp-path=${_tmp_path}/fastcgi_temp \
--http-uwsgi-temp-path=${_tmp_path}/uwsgi_temp \
--http-scgi-temp-path=${_tmp_path}scgi_temp \
--http-log-path=${_log_path}/access.log \
--error-log-path=${_log_path}/error.log \
--user=${_user} \
--group=${_group} \
--with-ipv6 \
--with-openssl=../boringssl \
--with-threads \
--with-http_ssl_module \
--with-http_gzip_static_module \
--with-http_realip_module \
--with-http_v2_module \
--with-file-aio \
--with-pcre-jit \
--with-stream
touch ${srcdir}/boringssl/.openssl/include/openssl/ssl.h
patch -p0 < ../openssl.patch
make
touch ${srcdir}/boringssl/.openssl/include/openssl/ssl.h
make
}
package() {
cd "${srcdir}/${_pkgname}-${pkgver}"
make DESTDIR="$pkgdir/" install
cd $provides-$pkgver
make DESTDIR="$pkgdir" install
sed -i -e "s/\<user\s\+\w\+;/user $_user;/g" ${pkgdir}/$_conf_path/nginx.conf
mkdir -p ${pkgdir}/$_conf_path/sites-available/
sed -e 's|\<user\s\+\w\+;|user html;|g' \
-e '44s|html|/usr/share/nginx/html|' \
-e '54s|html|/usr/share/nginx/html|' \
-i "$pkgdir"/etc/nginx/nginx.conf
install -d "${pkgdir}/${_tmp_path}"
install -d "${pkgdir}/${_doc_root}"
rm "$pkgdir"/etc/nginx/*.default
mv "${pkgdir}/${_conf_path}/html/"* "${pkgdir}/${_doc_root}"
rm -rf "${pkgdir}/${_conf_path}/html"
install -d "$pkgdir"/var/lib/nginx
install -dm700 "$pkgdir"/var/lib/nginx/proxy
install -D -m644 "${srcdir}/nginx.logrotate" "${pkgdir}/etc/logrotate.d/${_pkgname}"
install -D -m644 "${srcdir}/nginx.conf" "${pkgdir}/etc/conf.d/${_pkgname}"
install -D -m644 "${srcdir}/nginx.service" "${pkgdir}/usr/lib/systemd/system/nginx.service"
install -D -m644 "LICENSE" "${pkgdir}/usr/share/licenses/${_pkgname}/LICENSE"
install -D -m644 "man/nginx.8" "${pkgdir}/usr/share/man/man8/nginx.8"
chmod 755 "$pkgdir"/var/log/nginx
chown root:root "$pkgdir"/var/log/nginx
install -d "$pkgdir"/usr/share/nginx
mv "$pkgdir"/etc/nginx/html/ "$pkgdir"/usr/share/nginx
install -Dm644 ../logrotate "$pkgdir"/etc/logrotate.d/nginx
install -Dm644 ../service "$pkgdir"/usr/lib/systemd/system/nginx.service
install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$provides/LICENSE
rmdir "$pkgdir"/run
install -d "$pkgdir"/usr/share/man/man8/
gzip -9c man/nginx.8 > "$pkgdir"/usr/share/man/man8/nginx.8.gz
for i in ftdetect indent syntax; do
install -Dm644 contrib/vim/${i}/nginx.vim \
"${pkgdir}/usr/share/vim/vimfiles/${i}/nginx.vim"
done
}
# vim:set ts=2 sw=2 et:

10
logrotate Normal file
View file

@ -0,0 +1,10 @@
/var/log/nginx/*log {
missingok
notifempty
create 640 http log
sharedscripts
compress
postrotate
test ! -r /var/run/nginx.pid || kill -USR1 `cat /var/run/nginx.pid`
endscript
}

12
nginx.install Normal file
View file

@ -0,0 +1,12 @@
post_upgrade() {
if (( $(vercmp $2 1.11.8-2) < 0)); then
chown root:root var/log/nginx
fi
if (( $(vercmp $2 1.11.9-2) < 0 )); then
chmod 755 var/log/nginx
echo ':: Security notice:'
echo ' - When additional log directories are used in /var/log/nginx make sure they'
echo ' are owned by root:root and have 755 set as permission to mitigate CVE-2016-1247'
fi
}

View file

@ -1,8 +0,0 @@
/var/log/nginx/*log {
daily
create 640 http log
compress
postrotate
[ ! -f /run/nginx.pid ] || kill -USR1 `cat /run/nginx.pid`
endscript
}

View file

@ -1,18 +0,0 @@
[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
PrivateDevices=yes
SyslogLevel=err
ExecStartPre=/usr/bin/nginx -t -q -g 'pid /run/nginx.pid; error_log stderr;'
ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log stderr;'
ExecReload=/usr/bin/kill -HUP $MAINPID
KillSignal=SIGQUIT
KillMode=mixed
[Install]
WantedBy=multi-user.target

View file

@ -1,16 +0,0 @@
--- src/event/ngx_event_openssl.c 2016-01-10 02:38:56.405000000 +0000
+++ src/event/ngx_event_openssl.c.mod 2016-01-10 02:40:10.388000000 +0000
@@ -1909,13 +1909,11 @@
/* handshake failures */
if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */
- || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */
|| n == SSL_R_DIGEST_CHECK_FAILED /* 149 */
|| n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST /* 151 */
|| n == SSL_R_EXCESSIVE_MESSAGE_SIZE /* 152 */
|| n == SSL_R_LENGTH_MISMATCH /* 159 */
|| n == SSL_R_NO_CIPHERS_PASSED /* 182 */
- || n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */
|| n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */
|| n == SSL_R_NO_SHARED_CIPHER /* 193 */
|| n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */

14
service Normal file
View file

@ -0,0 +1,14 @@
[Unit]
Description=A high performance web server and a reverse proxy server
After=syslog.target network.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/bin/nginx -t -q -g 'pid /run/nginx.pid; daemon on; master_process on;'
ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;'
ExecReload=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;' -s reload
ExecStop=/usr/bin/nginx -g 'pid /run/nginx.pid;' -s quit
[Install]
WantedBy=multi-user.target