[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
Date:	Wed, 12 Oct 2016 19:48:28
Message-Id:	`1476301686.313dfd88a20fa556e9175fff7fea0eabc97c6c1e.whissi@gentoo`

1

commit:     313dfd88a20fa556e9175fff7fea0eabc97c6c1e

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Wed Oct 12 19:38:28 2016 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Wed Oct 12 19:48:06 2016 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=313dfd88

7

8

www-servers/nginx: Bump to v1.10.1-r4 stable

9

10

Ebuild changes:

11

===============

12

 - NAXSI updated to v0.55.1

13

14

 - rtmp module updated to v1.1.10

15

16

 - LDAP authentication module updated to commit dbcef31b to fix some

17

   segmentation faults

18

19

Package-Manager: portage-2.3.2

20

21

 www-servers/nginx/nginx-1.10.1-r4.ebuild | 768 +++++++++++++++++++++++++++++++

22

 1 file changed, 768 insertions(+)

23

24

diff --git a/www-servers/nginx/nginx-1.10.1-r4.ebuild b/www-servers/nginx/nginx-1.10.1-r4.ebuild

25

new file mode 100644

26

index 00000000..4e28658

27

--- /dev/null

28

+++ b/www-servers/nginx/nginx-1.10.1-r4.ebuild

29

@@ -0,0 +1,768 @@

30

+# Copyright 1999-2016 Gentoo Foundation

31

+# Distributed under the terms of the GNU General Public License v2

32

+# $Id$

33

+

34

+EAPI=6

35

+

36

+# Maintainer notes:

37

+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite

38

+# - any http-module activates the main http-functionality and overrides USE=-http

39

+# - keep the following requirements in mind before adding external modules:

40

+#	* alive upstream

41

+#	* sane packaging

42

+#	* builds cleanly

43

+#	* does not need a patch for nginx core

44

+# - TODO: test the google-perftools module (included in vanilla tarball)

45

+

46

+# prevent perl-module from adding automagic perl DEPENDs

47

+GENTOO_DEPEND_ON_PERL="no"

48

+

49

+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)

50

+DEVEL_KIT_MODULE_PV="0.3.0"

51

+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"

52

+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"

53

+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"

54

+

55

+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)

56

+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"

57

+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"

58

+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"

59

+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"

60

+

61

+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)

62

+HTTP_HEADERS_MORE_MODULE_PV="0.31"

63

+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"

64

+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"

65

+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"

66

+

67

+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)

68

+HTTP_CACHE_PURGE_MODULE_PV="2.3"

69

+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"

70

+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"

71

+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"

72

+

73

+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)

74

+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"

75

+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"

76

+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"

77

+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"

78

+

79

+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)

80

+HTTP_FANCYINDEX_MODULE_PV="0.4.1"

81

+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"

82

+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"

83

+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"

84

+

85

+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)

86

+HTTP_LUA_MODULE_PV="0.10.6"

87

+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"

88

+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"

89

+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"

90

+

91

+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)

92

+HTTP_AUTH_PAM_MODULE_PV="1.5.1"

93

+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"

94

+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"

95

+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"

96

+

97

+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)

98

+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"

99

+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"

100

+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"

101

+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"

102

+

103

+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)

104

+HTTP_METRICS_MODULE_PV="0.1.1"

105

+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"

106

+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"

107

+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"

108

+

109

+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)

110

+HTTP_NAXSI_MODULE_PV="0.55.1"

111

+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"

112

+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"

113

+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"

114

+

115

+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)

116

+RTMP_MODULE_PV="1.1.10"

117

+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"

118

+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"

119

+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"

120

+

121

+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)

122

+HTTP_DAV_EXT_MODULE_PV="0.0.3"

123

+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"

124

+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"

125

+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"

126

+

127

+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)

128

+HTTP_ECHO_MODULE_PV="0.60"

129

+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"

130

+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"

131

+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"

132

+

133

+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)

134

+# keep the MODULE_P here consistent with upstream to avoid tarball duplication

135

+HTTP_SECURITY_MODULE_PV="2.9.1"

136

+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"

137

+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"

138

+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"

139

+

140

+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)

141

+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"

142

+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"

143

+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"

144

+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"

145

+

146

+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)

147

+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"

148

+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"

149

+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"

150

+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"

151

+

152

+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)

153

+HTTP_MOGILEFS_MODULE_PV="1.0.4"

154

+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"

155

+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"

156

+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"

157

+

158

+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)

159

+HTTP_MEMC_MODULE_PV="0.17"

160

+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"

161

+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"

162

+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"

163

+

164

+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)

165

+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"

166

+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"

167

+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"

168

+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"

169

+

170

+# We handle deps below ourselves

171

+SSL_DEPS_SKIP=1

172

+

173

+inherit ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib

174

+

175

+DESCRIPTION="Robust, small and high performance http and reverse proxy server"

176

+HOMEPAGE="http://nginx.org"

177

+SRC_URI="http://nginx.org/download/${P}.tar.gz

178

+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz

179

+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )

180

+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )

181

+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )

182

+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )

183

+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )

184

+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )

185

+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )

186

+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )

187

+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )

188

+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )

189

+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )

190

+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )

191

+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )

192

+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )

193

+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )

194

+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )

195

+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )

196

+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )

197

+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"

198

+

199

+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+

200

+	nginx_modules_http_security? ( Apache-2.0 )

201

+	nginx_modules_http_push_stream? ( GPL-3 )"

202

+

203

+SLOT="0"

204

+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"

205

+

206

+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif

207

+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer

208

+	rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"

209

+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip

210

+	gzip_static image_filter mp4 perl random_index realip secure_link

211

+	slice stub_status sub xslt"

212

+NGINX_MODULES_STREAM="access limit_conn upstream"

213

+NGINX_MODULES_MAIL="imap pop3 smtp"

214

+NGINX_MODULES_3RD="

215

+	http_upload_progress

216

+	http_headers_more

217

+	http_cache_purge

218

+	http_slowfs_cache

219

+	http_fancyindex

220

+	http_lua

221

+	http_auth_pam

222

+	http_upstream_check

223

+	http_metrics

224

+	http_naxsi

225

+	http_dav_ext

226

+	http_echo

227

+	http_security

228

+	http_push_stream

229

+	http_sticky

230

+	http_mogilefs

231

+	http_memc

232

+	http_auth_ldap"

233

+

234

+IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre

235

+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"

236

+

237

+for mod in $NGINX_MODULES_STD; do

238

+	IUSE="${IUSE} +nginx_modules_http_${mod}"

239

+done

240

+

241

+for mod in $NGINX_MODULES_OPT; do

242

+	IUSE="${IUSE} nginx_modules_http_${mod}"

243

+done

244

+

245

+for mod in $NGINX_MODULES_STREAM; do

246

+	IUSE="${IUSE} nginx_modules_stream_${mod}"

247

+done

248

+

249

+for mod in $NGINX_MODULES_MAIL; do

250

+	IUSE="${IUSE} nginx_modules_mail_${mod}"

251

+done

252

+

253

+for mod in $NGINX_MODULES_3RD; do

254

+	IUSE="${IUSE} nginx_modules_${mod}"

255

+done

256

+

257

+# Add so we can warn users updating about config changes

258

+# @TODO: jbergstroem: remove on next release series

259

+IUSE="${IUSE} nginx_modules_http_spdy"

260

+

261

+CDEPEND="

262

+	pcre? ( >=dev-libs/libpcre-4.2 )

263

+	pcre-jit? ( >=dev-libs/libpcre-8.20[jit] )

264

+	ssl? (

265

+		!libressl? ( dev-libs/openssl:0= )

266

+		libressl? ( dev-libs/libressl:= )

267

+	)

268

+	http2? (

269

+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )

270

+		libressl? ( dev-libs/libressl:= )

271

+	)

272

+	http-cache? (

273

+		userland_GNU? (

274

+			!libressl? ( dev-libs/openssl:0= )

275

+			libressl? ( dev-libs/libressl:= )

276

+		)

277

+	)

278

+	nginx_modules_http_geoip? ( dev-libs/geoip )

279

+	nginx_modules_http_gunzip? ( sys-libs/zlib )

280

+	nginx_modules_http_gzip? ( sys-libs/zlib )

281

+	nginx_modules_http_gzip_static? ( sys-libs/zlib )

282

+	nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] )

283

+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8 )

284

+	nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 )

285

+	nginx_modules_http_secure_link? (

286

+		userland_GNU? (

287

+			!libressl? ( dev-libs/openssl:0= )

288

+			libressl? ( dev-libs/libressl:= )

289

+		)

290

+	)

291

+	nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt )

292

+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )

293

+	nginx_modules_http_auth_pam? ( virtual/pam )

294

+	nginx_modules_http_metrics? ( dev-libs/yajl )

295

+	nginx_modules_http_dav_ext? ( dev-libs/expat )

296

+	nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )

297

+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"

298

+RDEPEND="${CDEPEND}

299

+	selinux? ( sec-policy/selinux-nginx )

300

+	!www-servers/nginx:mainline"

301

+DEPEND="${CDEPEND}

302

+	arm? ( dev-libs/libatomic_ops )

303

+	libatomic? ( dev-libs/libatomic_ops )"

304

+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"

305

+

306

+REQUIRED_USE="pcre-jit? ( pcre )

307

+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )

308

+	nginx_modules_http_naxsi? ( pcre )

309

+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )

310

+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )

311

+	nginx_modules_http_security? ( pcre )

312

+	nginx_modules_http_push_stream? ( ssl )"

313

+

314

+pkg_setup() {

315

+	NGINX_HOME="/var/lib/nginx"

316

+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"

317

+

318

+	ebegin "Creating nginx user and group"

319

+	enewgroup ${PN}

320

+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}

321

+	eend $?

322

+

323

+	if use libatomic; then

324

+		ewarn "GCC 4.1+ features built-in atomic operations."

325

+		ewarn "Using libatomic_ops is only needed if using"

326

+		ewarn "a different compiler or a GCC prior to 4.1"

327

+	fi

328

+

329

+	if [[ -n $NGINX_ADD_MODULES ]]; then

330

+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"

331

+		ewarn "This nginx installation is not supported!"

332

+		ewarn "Make sure you can reproduce the bug without those modules"

333

+		ewarn "_before_ reporting bugs."

334

+	fi

335

+

336

+	if use !http; then

337

+		ewarn "To actually disable all http-functionality you also have to disable"

338

+		ewarn "all nginx http modules."

339

+	fi

340

+

341

+	if use nginx_modules_http_mogilefs && use threads; then

342

+		eerror "mogilefs won't compile with threads support."

343

+		eerror "Please disable either flag and try again."

344

+		die "Can't compile mogilefs with threads support"

345

+	fi

346

+}

347

+

348

+src_prepare() {

349

+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"

350

+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"

351

+

352

+	if use nginx_modules_http_upstream_check; then

353

+		eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch

354

+	fi

355

+

356

+	if use nginx_modules_http_lua; then

357

+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die

358

+	fi

359

+

360

+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die

361

+	# We have config protection, don't rename etc files

362

+	sed -i 's:.default::' auto/install || die

363

+	# remove useless files

364

+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die

365

+

366

+	# don't install to /etc/nginx/ if not in use

367

+	local module

368

+	for module in fastcgi scgi uwsgi ; do

369

+		if ! use nginx_modules_http_${module}; then

370

+			sed -i -e "/${module}/d" auto/install || die

371

+		fi

372

+	done

373

+

374

+	eapply_user

375

+}

376

+

377

+src_configure() {

378

+	# mod_security needs to generate nginx/modsecurity/config before including it

379

+	if use nginx_modules_http_security; then

380

+		cd "${HTTP_SECURITY_MODULE_WD}" || die

381

+		if use luajit ; then

382

+			sed -i \

383

+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \

384

+				configure || die

385

+		fi

386

+		./configure \

387

+			--enable-standalone-module \

388

+			$(use_enable pcre-jit) \

389

+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"

390

+	fi

391

+

392

+	cd "${S}" || die

393

+

394

+	local myconf=() http_enabled= mail_enabled= stream_enabled=

395

+

396

+	use aio       && myconf+=( --with-file-aio )

397

+	use debug     && myconf+=( --with-debug )

398

+	use http2     && myconf+=( --with-http_v2_module )

399

+	use ipv6      && myconf+=( --with-ipv6 )

400

+	use libatomic && myconf+=( --with-libatomic )

401

+	use pcre      && myconf+=( --with-pcre )

402

+	use pcre-jit  && myconf+=( --with-pcre-jit )

403

+	use threads   && myconf+=( --with-threads )

404

+

405

+	# HTTP modules

406

+	for mod in $NGINX_MODULES_STD; do

407

+		if use nginx_modules_http_${mod}; then

408

+			http_enabled=1

409

+		else

410

+			myconf+=( --without-http_${mod}_module )

411

+		fi

412

+	done

413

+

414

+	for mod in $NGINX_MODULES_OPT; do

415

+		if use nginx_modules_http_${mod}; then

416

+			http_enabled=1

417

+			myconf+=( --with-http_${mod}_module )

418

+		fi

419

+	done

420

+

421

+	if use nginx_modules_http_fastcgi; then

422

+		myconf+=( --with-http_realip_module )

423

+	fi

424

+

425

+	# third-party modules

426

+	if use nginx_modules_http_upload_progress; then

427

+		http_enabled=1

428

+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )

429

+	fi

430

+

431

+	if use nginx_modules_http_headers_more; then

432

+		http_enabled=1

433

+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )

434

+	fi

435

+

436

+	if use nginx_modules_http_cache_purge; then

437

+		http_enabled=1

438

+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )

439

+	fi

440

+

441

+	if use nginx_modules_http_slowfs_cache; then

442

+		http_enabled=1

443

+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )

444

+	fi

445

+

446

+	if use nginx_modules_http_fancyindex; then

447

+		http_enabled=1

448

+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )

449

+	fi

450

+

451

+	if use nginx_modules_http_lua; then

452

+		http_enabled=1

453

+		if use luajit; then

454

+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)

455

+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)

456

+		else

457

+			export LUA_LIB=$(pkg-config --variable libdir lua)

458

+			export LUA_INC=$(pkg-config --variable includedir lua)

459

+		fi

460

+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )

461

+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )

462

+	fi

463

+

464

+	if use nginx_modules_http_auth_pam; then

465

+		http_enabled=1

466

+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )

467

+	fi

468

+

469

+	if use nginx_modules_http_upstream_check; then

470

+		http_enabled=1

471

+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )

472

+	fi

473

+

474

+	if use nginx_modules_http_metrics; then

475

+		http_enabled=1

476

+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )

477

+	fi

478

+

479

+	if use nginx_modules_http_naxsi ; then

480

+		http_enabled=1

481

+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )

482

+	fi

483

+

484

+	if use rtmp ; then

485

+		http_enabled=1

486

+		myconf+=( --add-module=${RTMP_MODULE_WD} )

487

+	fi

488

+

489

+	if use nginx_modules_http_dav_ext ; then

490

+		http_enabled=1

491

+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )

492

+	fi

493

+

494

+	if use nginx_modules_http_echo ; then

495

+		http_enabled=1

496

+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )

497

+	fi

498

+

499

+	if use nginx_modules_http_security ; then

500

+		http_enabled=1

501

+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )

502

+	fi

503

+

504

+	if use nginx_modules_http_push_stream ; then

505

+		http_enabled=1

506

+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )

507

+	fi

508

+

509

+	if use nginx_modules_http_sticky ; then

510

+		http_enabled=1

511

+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )

512

+	fi

513

+

514

+	if use nginx_modules_http_mogilefs ; then

515

+		http_enabled=1

516

+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )

517

+	fi

518

+

519

+	if use nginx_modules_http_memc ; then

520

+		http_enabled=1

521

+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )

522

+	fi

523

+

524

+	if use nginx_modules_http_auth_ldap; then

525

+		http_enabled=1

526

+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )

527

+	fi

528

+

529

+	if use http || use http-cache || use http2; then

530

+		http_enabled=1

531

+	fi

532

+

533

+	if [ $http_enabled ]; then

534

+		use http-cache || myconf+=( --without-http-cache )

535

+		use ssl && myconf+=( --with-http_ssl_module )

536

+	else

537

+		myconf+=( --without-http --without-http-cache )

538

+	fi

539

+

540

+	# Stream modules

541

+	for mod in $NGINX_MODULES_STREAM; do

542

+		if use nginx_modules_stream_${mod}; then

543

+			stream_enabled=1

544

+		else

545

+			# Treat stream upstream slightly differently

546

+			if ! use nginx_modules_stream_upstream; then

547

+				myconf+=( --without-stream_upstream_hash_module )

548

+				myconf+=( --without-stream_upstream_least_conn_module )

549

+				myconf+=( --without-stream_upstream_zone_module )

550

+			else

551

+				myconf+=( --without-stream_${mod}_module )

552

+			fi

553

+		fi

554

+	done

555

+

556

+	if [ $stream_enabled ]; then

557

+		myconf+=( --with-stream )

558

+		use ssl && myconf+=( --with-stream_ssl_module )

559

+	fi

560

+

561

+	# MAIL modules

562

+	for mod in $NGINX_MODULES_MAIL; do

563

+		if use nginx_modules_mail_${mod}; then

564

+			mail_enabled=1

565

+		else

566

+			myconf+=( --without-mail_${mod}_module )

567

+		fi

568

+	done

569

+

570

+	if [ $mail_enabled ]; then

571

+		myconf+=( --with-mail )

572

+		use ssl && myconf+=( --with-mail_ssl_module )

573

+	fi

574

+

575

+	# custom modules

576

+	for mod in $NGINX_ADD_MODULES; do

577

+		myconf+=(  --add-module=${mod} )

578

+	done

579

+

580

+	# https://bugs.gentoo.org/286772

581

+	export LANG=C LC_ALL=C

582

+	tc-export CC

583

+

584

+	if ! use prefix; then

585

+		myconf+=( --user=${PN} )

586

+		myconf+=( --group=${PN} )

587

+	fi

588

+

589

+	./configure \

590

+		--prefix="${EPREFIX}"/usr \

591

+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \

592

+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \

593

+		--pid-path="${EPREFIX}"/run/${PN}.pid \

594

+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \

595

+		--with-cc-opt="-I${EROOT}usr/include" \

596

+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \

597

+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \

598

+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \

599

+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \

600

+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \

601

+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \

602

+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \

603

+		"${myconf[@]}" || die "configure failed"

604

+

605

+	# A purely cosmetic change that makes nginx -V more readable. This can be

606

+	# good if people outside the gentoo community would troubleshoot and

607

+	# question the users setup.

608

+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die

609

+}

610

+

611

+src_compile() {

612

+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"

613

+

614

+	# https://bugs.gentoo.org/286772

615

+	export LANG=C LC_ALL=C

616

+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"

617

+}

618

+

619

+src_install() {

620

+	emake DESTDIR="${D%/}" install

621

+

622

+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die

623

+

624

+	newinitd "${FILESDIR}"/nginx.initd-r3 nginx

625

+

626

+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service

627

+

628

+	doman man/nginx.8

629

+	dodoc CHANGES* README

630

+

631

+	# just keepdir. do not copy the default htdocs files (bug #449136)

632

+	keepdir /var/www/localhost

633

+	rm -rf "${D}"usr/html || die

634

+

635

+	# set up a list of directories to keep

636

+	local keepdir_list="${NGINX_HOME_TMP}"/client

637

+	local module

638

+	for module in proxy fastcgi scgi uwsgi; do

639

+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"

640

+	done

641

+

642

+	keepdir /var/log/nginx ${keepdir_list}

643

+

644

+	# this solves a problem with SELinux where nginx doesn't see the directories

645

+	# as root and tries to create them as nginx

646

+	fperms 0750 "${NGINX_HOME_TMP}"

647

+	fowners ${PN}:0 "${NGINX_HOME_TMP}"

648

+

649

+	fperms 0700 /var/log/nginx ${keepdir_list}

650

+	fowners ${PN}:${PN} /var/log/nginx ${keepdir_list}

651

+

652

+	# logrotate

653

+	insinto /etc/logrotate.d

654

+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx

655

+

656

+	if use nginx_modules_http_perl; then

657

+		cd "${S}"/objs/src/http/modules/perl/ || die

658

+		emake DESTDIR="${D}" INSTALLDIRS=vendor

659

+		perl_delete_localpod

660

+		cd "${S}" || die

661

+	fi

662

+

663

+	if use nginx_modules_http_cache_purge; then

664

+		docinto ${HTTP_CACHE_PURGE_MODULE_P}

665

+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}

666

+	fi

667

+

668

+	if use nginx_modules_http_slowfs_cache; then

669

+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}

670

+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}

671

+	fi

672

+

673

+	if use nginx_modules_http_fancyindex; then

674

+		docinto ${HTTP_FANCYINDEX_MODULE_P}

675

+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst

676

+	fi

677

+

678

+	if use nginx_modules_http_lua; then

679

+		docinto ${HTTP_LUA_MODULE_P}

680

+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown

681

+	fi

682

+

683

+	if use nginx_modules_http_auth_pam; then

684

+		docinto ${HTTP_AUTH_PAM_MODULE_P}

685

+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}

686

+	fi

687

+

688

+	if use nginx_modules_http_upstream_check; then

689

+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}

690

+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}

691

+	fi

692

+

693

+	if use nginx_modules_http_naxsi; then

694

+		insinto /etc/nginx

695

+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules

696

+	fi

697

+

698

+	if use rtmp; then

699

+		docinto ${RTMP_MODULE_P}

700

+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}

701

+	fi

702

+

703

+	if use nginx_modules_http_dav_ext; then

704

+		docinto ${HTTP_DAV_EXT_MODULE_P}

705

+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README

706

+	fi

707

+

708

+	if use nginx_modules_http_echo; then

709

+		docinto ${HTTP_ECHO_MODULE_P}

710

+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown

711

+	fi

712

+

713

+	if use nginx_modules_http_security; then

714

+		docinto ${HTTP_SECURITY_MODULE_P}

715

+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}

716

+	fi

717

+

718

+	if use nginx_modules_http_push_stream; then

719

+		docinto ${HTTP_PUSH_STREAM_MODULE_P}

720

+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}

721

+	fi

722

+

723

+	if use nginx_modules_http_sticky; then

724

+		docinto ${HTTP_STICKY_MODULE_P}

725

+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}

726

+	fi

727

+

728

+	if use nginx_modules_http_memc; then

729

+		docinto ${HTTP_MEMC_MODULE_P}

730

+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown

731

+	fi

732

+

733

+	if use nginx_modules_http_auth_ldap; then

734

+		docinto ${HTTP_LDAP_MODULE_P}

735

+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf

736

+	fi

737

+}

738

+

739

+pkg_postinst() {

740

+	if use ssl; then

741

+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then

742

+			install_cert /etc/ssl/${PN}/${PN}

743

+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}

744

+		fi

745

+	fi

746

+

747

+	if use nginx_modules_http_spdy; then

748

+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."

749

+		ewarn "Update your configs and package.use accordingly."

750

+	fi

751

+

752

+	if use nginx_modules_http_lua && use http2; then

753

+		ewarn "Lua 3rd party module author warns against using ${P} with"

754

+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"

755

+	fi

756

+

757

+	# This is the proper fix for bug #458726/#469094, resp. CVE-2013-0337 for

758

+	# existing installations

759

+	local fix_perms=0

760

+

761

+	for rv in ${REPLACING_VERSIONS}; do

762

+		version_compare ${rv} 1.4.1-r2

763

+		[[ $? -eq 1 ]] && fix_perms=1

764

+	done

765

+

766

+	if [[ $fix_perms -eq 1 ]] ; then

767

+		ewarn "To fix a security bug (CVE-2013-0337, bug #458726) had the following"

768

+		ewarn "directories the world-readable bit removed (if set):"

769

+		ewarn "  ${EPREFIX}/var/log/nginx"

770

+		ewarn "  ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"

771

+		ewarn "Check if this is correct for your setup before restarting nginx!"

772

+		ewarn "This is a one-time change and will not happen on subsequent updates."

773

+		ewarn "Furthermore nginx' temp directories got moved to ${NGINX_HOME_TMP}"

774

+		chmod -f o-rwx "${EPREFIX}"/var/log/nginx "${EPREFIX}${NGINX_HOME_TMP}"/{,client,proxy,fastcgi,scgi,uwsgi}

775

+	fi

776

+

777

+	# If the nginx user can't change into or read the dir, display a warning.

778

+	# If su is not available we display the warning nevertheless since we can't check properly

779

+	su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null

780

+	if [ $? -ne 0 ] ; then

781

+		ewarn "Please make sure that the nginx user or group has at least"

782

+		ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"

783

+		ewarn "Otherwise you end up with empty log files after a logrotate."

784

+	fi

785

+

786

+	# HTTPoxy mitigation

787

+	ewarn ""

788

+	ewarn "This nginx installation comes with a mitigation for the HTTPoxy"

789

+	ewarn "vulnerability for FastCGI applications by setting the HTTP_PROXY FastCGI"

790

+	ewarn "parameter to an empty string per default when you are sourcing the default"

791

+	ewarn "'fastcgi_params' or 'fastcgi.conf' in your server block(s)."

792

+	ewarn ""

793

+	ewarn "If this is causing any problems for you make sure that you are sourcing the"

794

+	ewarn "default parameters _before_ you set your own values."

795

+	ewarn "If you are relying on user-supplied proxy values you have to remove the"

796

+	ewarn "correlating lines from 'fastcgi_params' and or 'fastcgi.conf'."

797

+}

Gentoo Archives: gentoo-commits