Fijxu
/
nginx-quic-pkgbuild
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updpkg: nginx-mainline-boringssl 1.11.10-1

This commit is contained in:
kasei 2017-03-05 13:43:05 +08:00
parent 7cf70007f7
commit 355bbbc91a
No known key found for this signature in database
GPG Key ID: 5F1BC1A1BF2B11D0
8 changed files with 175 additions and 176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
.SRCINFO
View File

@ -1,54 +1,40 @@
# Generated by mksrcinfo v8
# Sun Apr 24 05:51:34 UTC 2016
pkgbase = nginx-mainline-boringssl pkgbase = nginx-mainline-boringssl
pkgdesc = lightweight HTTP server, statically linked against BoringSSL. pkgdesc = Lightweight HTTP server and IMAP/POP3 proxy server, mainline release
pkgver = 1.9.15 pkgver = 1.11.10
pkgrel = 1 pkgrel = 1
url = http://nginx.org url = https://nginx.org
install = nginx.install
arch = i686 arch = i686
arch = x86_64 arch = x86_64
license = custom license = custom
makedepends = libxslt makedepends = hardening-wrapper
makedepends = gd
makedepends = git
makedepends = cmake
depends = pcre depends = pcre
depends = zlib depends = zlib
depends = pam depends = openssl
depends = gd depends = geoip
depends = hardening-wrapper
depends = libxslt
depends = go
provides = nginx provides = nginx
conflicts = nginx conflicts = nginx
conflicts = nginx-libressl
conflicts = nginx-unstable
conflicts = nginx-svn
conflicts = nginx-devel
conflicts = nginx-custom-dev
conflicts = nginx-full
backup = etc/nginx/nginx.conf
backup = etc/nginx/koi-win
backup = etc/nginx/koi-utf
backup = etc/nginx/win-utf
backup = etc/nginx/mime.types
backup = etc/nginx/fastcgi.conf backup = etc/nginx/fastcgi.conf
backup = etc/nginx/fastcgi_params backup = etc/nginx/fastcgi_params
backup = etc/nginx/koi-win
backup = etc/nginx/koi-utf
backup = etc/nginx/mime.types
backup = etc/nginx/nginx.conf
backup = etc/nginx/scgi_params backup = etc/nginx/scgi_params
backup = etc/nginx/uwsgi_params backup = etc/nginx/uwsgi_params
backup = etc/nginx/win-utf
backup = etc/logrotate.d/nginx backup = etc/logrotate.d/nginx
source = nginx.conf source = https://nginx.org/download/nginx-1.11.10.tar.gz
source = nginx.logrotate source = https://nginx.org/download/nginx-1.11.10.tar.gz.asc
source = nginx.service
source = http://nginx.org/download/nginx-1.9.15.tar.gz
source = openssl.patch
source = git+https://boringssl.googlesource.com/boringssl source = git+https://boringssl.googlesource.com/boringssl
sha256sums = 8d8e314da10411b29157066ea313fc080a145d2075df0c99a1d500ffc7e8b7d1 source = service
sha256sums = adcf6507abb2d4edbc50bd92f498ba297927eed0460d71633df94f79637aa786 source = logrotate
sha256sums = 225228970d779e1403ba4314e3cd8d0d7d16f8c6d48d7a22f8384db040eb0bdf validpgpkeys = B0F4253373F8F6F510D42178520A9993A1C052F8
sha256sums = cc89b277cc03f403c0b746d60aa5943cdecf59ae48278f8cb7e2df0cbdb6dac3 md5sums = 6fb10f579055d27a2240d51c7d85c190
sha256sums = dc1ea1a0323759d49a7dc2c6173811bda319c36aa4a14b775d6f589fe9c6a4c2 md5sums = SKIP
sha256sums = SKIP md5sums = SKIP
md5sums = ce9a06bcaf66ec4a3c4eb59b636e0dfd
md5sums = d6a6d4d819f03a675bacdfabd25aa37e
pkgname = nginx-mainline-boringssl pkgname = nginx-mainline-boringssl

215
PKGBUILD
View File

@ -1,120 +1,139 @@
#base on aur/nginx-mainline-libressl # $Id: PKGBUILD 289024 2017-02-15 21:13:17Z bpiotrowski $
# Maintainer: Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
_pkgname="nginx" # Contributor: Sébastien Luttringer
_user="www" # Contributor: Drew DeVault
_group="www" # Contributor: Kasei Wang <cnsdwpc at gmail.com>
_doc_root="/usr/share/${_pkgname}/http"
_sysconf_path="etc"
_conf_path="${_sysconf_path}/${_pkgname}"
_tmp_path="/var/spool/${_pkgname}"
_pid_path="/run"
_lock_path="/var/lock"
_log_path="/var/log/${_pkgname}"
pkgname=nginx-mainline-boringssl pkgname=nginx-mainline-boringssl
pkgver=1.9.15 pkgver=1.11.10
pkgrel=1 pkgrel=1
pkgdesc="lightweight HTTP server, statically linked against BoringSSL." pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server, mainline release'
arch=('i686' 'x86_64') arch=('i686' 'x86_64')
url='https://nginx.org'
depends=('pcre' 'zlib' 'pam' 'gd' 'hardening-wrapper' 'libxslt' 'go')
makedepends=(
'libxslt'
'gd'
'git'
'cmake'
)
url="http://nginx.org"
license=('custom') license=('custom')
conflicts=('nginx' 'nginx-libressl' 'nginx-unstable' 'nginx-svn' 'nginx-devel' 'nginx-custom-dev' 'nginx-full') depends=('pcre' 'zlib' 'openssl' 'geoip')
makedepends=('hardening-wrapper')
backup=('etc/nginx/fastcgi.conf'
'etc/nginx/fastcgi_params'
'etc/nginx/koi-win'
'etc/nginx/koi-utf'
'etc/nginx/mime.types'
'etc/nginx/nginx.conf'
'etc/nginx/scgi_params'
'etc/nginx/uwsgi_params'
'etc/nginx/win-utf'
'etc/logrotate.d/nginx')
install=nginx.install
provides=('nginx') provides=('nginx')
backup=("${_conf_path}/nginx.conf" conflicts=('nginx')
"${_conf_path}/koi-win" source=($url/download/nginx-$pkgver.tar.gz{,.asc}
"${_conf_path}/koi-utf" "git+https://boringssl.googlesource.com/boringssl"
"${_conf_path}/win-utf" "service"
"${_conf_path}/mime.types" "logrotate")
"${_conf_path}/fastcgi.conf" validpgpkeys=('B0F4253373F8F6F510D42178520A9993A1C052F8') # Maxim Dounin <mdounin@mdounin.ru>
"${_conf_path}/fastcgi_params" md5sums=('6fb10f579055d27a2240d51c7d85c190'
"${_conf_path}/scgi_params" 'SKIP'
"${_conf_path}/uwsgi_params" 'SKIP'
"etc/logrotate.d/nginx") 'ce9a06bcaf66ec4a3c4eb59b636e0dfd'
'd6a6d4d819f03a675bacdfabd25aa37e')
source=( "nginx.conf" _common_flags=(
"nginx.logrotate" --with-pcre-jit
"nginx.service" --with-file-aio
"http://nginx.org/download/nginx-$pkgver.tar.gz" --with-http_addition_module
"openssl.patch" --with-http_auth_request_module
"git+https://boringssl.googlesource.com/boringssl" --with-http_dav_module
--with-http_degradation_module
--with-http_flv_module
--with-http_geoip_module
--with-http_gunzip_module
--with-http_gzip_static_module
--with-http_mp4_module
--with-http_realip_module
--with-http_secure_link_module
--with-http_slice_module
--with-http_ssl_module
--with-http_stub_status_module
--with-http_sub_module
--with-http_v2_module
--with-mail
--with-mail_ssl_module
--with-stream
--with-stream_ssl_module
--with-threads
) )
sha256sums=('8d8e314da10411b29157066ea313fc080a145d2075df0c99a1d500ffc7e8b7d1' _mainline_flags=(
'adcf6507abb2d4edbc50bd92f498ba297927eed0460d71633df94f79637aa786' --with-stream_ssl_preread_module
'225228970d779e1403ba4314e3cd8d0d7d16f8c6d48d7a22f8384db040eb0bdf' --with-stream_geoip_module
'cc89b277cc03f403c0b746d60aa5943cdecf59ae48278f8cb7e2df0cbdb6dac3' --with-stream_realip_module
'dc1ea1a0323759d49a7dc2c6173811bda319c36aa4a14b775d6f589fe9c6a4c2' )
'SKIP')
build() { build() {
local _src_dir="${srcdir}/${_pkgname}-${pkgver}" export CXXFLAGS="$CXXFLAGS -fPIC"
export CFLAGS="-Wno-error -fPIC" cd ${srcdir}/boringssl
cd ${srcdir}/boringssl mkdir build && cd build && cmake ../ && make && cd ${srcdir}/boringssl
mkdir build && cd build && cmake ../ && make && cd ${srcdir}/boringssl mkdir -p .openssl/lib && cd .openssl && ln -s ../include . && cd ../
mkdir -p .openssl/lib && cd .openssl && ln -s ../include . && cd ../ cp ${srcdir}/boringssl/build/crypto/libcrypto.a ${srcdir}/boringssl/build/ssl/libssl.a .openssl/lib && cd ..
cp ${srcdir}/boringssl/build/crypto/libcrypto.a ${srcdir}/boringssl/build/ssl/libssl.a .openssl/lib && cd ..
cd $_src_dir cd ${srcdir}/$provides-$pkgver
./configure \
--prefix=/etc/nginx \
--conf-path=/etc/nginx/nginx.conf \
--sbin-path=/usr/bin/nginx \
--pid-path=/run/nginx.pid \
--lock-path=/run/lock/nginx.lock \
--user=http \
--group=http \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=stderr \
--http-client-body-temp-path=/var/lib/nginx/client-body \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--with-openssl=${srcdir}/boringssl \
${_common_flags[@]} \
${_mainline_flags[@]}
./configure \ touch ${srcdir}/boringssl/.openssl/include/openssl/ssl.h
--prefix="/${_conf_path}" \ make
--conf-path="/${_conf_path}/nginx.conf" \
--sbin-path="/usr/bin/${_pkgname}" \
--pid-path="${_pid_path}/${_pkgname}.pid" \
--lock-path=${_pid_path}/${_pkgname}.lock \
--http-client-body-temp-path=${_tmp_path}/client_body_temp \
--http-proxy-temp-path=${_tmp_path}/proxy_temp \
--http-fastcgi-temp-path=${_tmp_path}/fastcgi_temp \
--http-uwsgi-temp-path=${_tmp_path}/uwsgi_temp \
--http-scgi-temp-path=${_tmp_path}scgi_temp \
--http-log-path=${_log_path}/access.log \
--error-log-path=${_log_path}/error.log \
--user=${_user} \
--group=${_group} \
--with-ipv6 \
--with-openssl=../boringssl \
--with-threads \
--with-http_ssl_module \
--with-http_gzip_static_module \
--with-http_realip_module \
--with-http_v2_module \
--with-file-aio \
--with-pcre-jit \
--with-stream
touch ${srcdir}/boringssl/.openssl/include/openssl/ssl.h
patch -p0 < ../openssl.patch
make
} }
package() { package() {
cd "${srcdir}/${_pkgname}-${pkgver}" cd $provides-$pkgver
make DESTDIR="$pkgdir/" install make DESTDIR="$pkgdir" install
sed -i -e "s/\<user\s\+\w\+;/user $_user;/g" ${pkgdir}/$_conf_path/nginx.conf sed -e 's|\<user\s\+\w\+;|user html;|g' \
mkdir -p ${pkgdir}/$_conf_path/sites-available/ -e '44s|html|/usr/share/nginx/html|' \
-e '54s|html|/usr/share/nginx/html|' \
-i "$pkgdir"/etc/nginx/nginx.conf
install -d "${pkgdir}/${_tmp_path}" rm "$pkgdir"/etc/nginx/*.default
install -d "${pkgdir}/${_doc_root}"
mv "${pkgdir}/${_conf_path}/html/"* "${pkgdir}/${_doc_root}" install -d "$pkgdir"/var/lib/nginx
rm -rf "${pkgdir}/${_conf_path}/html" install -dm700 "$pkgdir"/var/lib/nginx/proxy
install -D -m644 "${srcdir}/nginx.logrotate" "${pkgdir}/etc/logrotate.d/${_pkgname}" chmod 755 "$pkgdir"/var/log/nginx
install -D -m644 "${srcdir}/nginx.conf" "${pkgdir}/etc/conf.d/${_pkgname}" chown root:root "$pkgdir"/var/log/nginx
install -D -m644 "${srcdir}/nginx.service" "${pkgdir}/usr/lib/systemd/system/nginx.service"
install -D -m644 "LICENSE" "${pkgdir}/usr/share/licenses/${_pkgname}/LICENSE" install -d "$pkgdir"/usr/share/nginx
install -D -m644 "man/nginx.8" "${pkgdir}/usr/share/man/man8/nginx.8" mv "$pkgdir"/etc/nginx/html/ "$pkgdir"/usr/share/nginx
install -Dm644 ../logrotate "$pkgdir"/etc/logrotate.d/nginx
install -Dm644 ../service "$pkgdir"/usr/lib/systemd/system/nginx.service
install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$provides/LICENSE
rmdir "$pkgdir"/run
install -d "$pkgdir"/usr/share/man/man8/
gzip -9c man/nginx.8 > "$pkgdir"/usr/share/man/man8/nginx.8.gz
for i in ftdetect indent syntax; do
install -Dm644 contrib/vim/${i}/nginx.vim \
"${pkgdir}/usr/share/vim/vimfiles/${i}/nginx.vim"
done
} }
# vim:set ts=2 sw=2 et:

10
logrotate Normal file
View File

@ -0,0 +1,10 @@
/var/log/nginx/*log {
missingok
notifempty
create 640 http log
sharedscripts
compress
postrotate
test ! -r /var/run/nginx.pid || kill -USR1 `cat /var/run/nginx.pid`
endscript
}

12
nginx.install Normal file
View File

@ -0,0 +1,12 @@
post_upgrade() {
if (( $(vercmp $2 1.11.8-2) < 0)); then
chown root:root var/log/nginx
fi
if (( $(vercmp $2 1.11.9-2) < 0 )); then
chmod 755 var/log/nginx
echo ':: Security notice:'
echo ' - When additional log directories are used in /var/log/nginx make sure they'
echo ' are owned by root:root and have 755 set as permission to mitigate CVE-2016-1247'
fi
}

8
nginx.logrotate
View File

@ -1,8 +0,0 @@
/var/log/nginx/*log {
daily
create 640 http log
compress
postrotate
[ ! -f /run/nginx.pid ] || kill -USR1 `cat /run/nginx.pid`
endscript
}

18
nginx.service
View File

@ -1,18 +0,0 @@
[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
PrivateDevices=yes
SyslogLevel=err
ExecStartPre=/usr/bin/nginx -t -q -g 'pid /run/nginx.pid; error_log stderr;'
ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log stderr;'
ExecReload=/usr/bin/kill -HUP $MAINPID
KillSignal=SIGQUIT
KillMode=mixed
[Install]
WantedBy=multi-user.target

16
openssl.patch
View File

@ -1,16 +0,0 @@
--- src/event/ngx_event_openssl.c 2016-01-10 02:38:56.405000000 +0000
+++ src/event/ngx_event_openssl.c.mod 2016-01-10 02:40:10.388000000 +0000
@@ -1909,13 +1909,11 @@
/* handshake failures */
if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */
- || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */
|| n == SSL_R_DIGEST_CHECK_FAILED /* 149 */
|| n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST /* 151 */
|| n == SSL_R_EXCESSIVE_MESSAGE_SIZE /* 152 */
|| n == SSL_R_LENGTH_MISMATCH /* 159 */
|| n == SSL_R_NO_CIPHERS_PASSED /* 182 */
- || n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */
|| n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */
|| n == SSL_R_NO_SHARED_CIPHER /* 193 */
|| n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */

14
service Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=A high performance web server and a reverse proxy server
After=syslog.target network.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/bin/nginx -t -q -g 'pid /run/nginx.pid; daemon on; master_process on;'
ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;'
ExecReload=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;' -s reload
ExecStop=/usr/bin/nginx -g 'pid /run/nginx.pid;' -s quit
[Install]
WantedBy=multi-user.target