[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
Date:	Tue, 04 Apr 2017 18:25:07
Message-Id:	`1491330295.f085102d8f479d2fcacd00d62839a8a2f4729c47.whissi@gentoo`

1

commit:     f085102d8f479d2fcacd00d62839a8a2f4729c47

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Tue Apr  4 18:24:07 2017 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Tue Apr  4 18:24:55 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f085102d

7

8

www-servers/nginx: Bump to v1.11.13 mainline

9

10

Package-Manager: Portage-2.3.5, Repoman-2.3.2

11

12

 www-servers/nginx/Manifest             |    1 +

13

 www-servers/nginx/nginx-1.11.13.ebuild | 1011 ++++++++++++++++++++++++++++++++

14

 2 files changed, 1012 insertions(+)

15

16

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest

17

index ae2fef0f10a..e121a44fcc7 100644

18

--- a/www-servers/nginx/Manifest

19

+++ b/www-servers/nginx/Manifest

20

@@ -2,6 +2,7 @@ DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc18

21

 DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6

22

 DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd

23

 DIST nginx-1.11.12.tar.gz 979963 SHA256 2aff7f9396d1f77256efc363e1cc05ba52d40a29e6de4d9bc08aa444eea14122 SHA512 fc40551b83c98cf81a3a7728c8b143a4d8b98251e8caccf5391397639aacb631ff57427c8207a3f9c86f0a5cb212edaf3ed0d9d92ab085d3387097b99326ff69 WHIRLPOOL 8da4c8a7578abad39f073b4f034bf328e896b51f62d25ad8280c67334e190c1277d988803e9ce169b7e3e1170bbd49dee8f1e2b1cb0f39460e77da568ab75bf0

24

+DIST nginx-1.11.13.tar.gz 980784 SHA256 360b601ef8ed2998c80fa56a27bf3cd745c3ce18c5fb10892e6595467b1415d3 SHA512 6546a1d96e5234c9512217559c22bc4be0e5f793d6082a9a3acaa1724c91c656b36a976cb452195b256915dc0d21fd433f539cd6c06d73c8dbb0233220d54fa8 WHIRLPOOL 53b3e0b8767ea93d4a3daaf5cfcd489dd83d9f60f53f985c677dfb328b7e6aee13114290bed22b268bca12d2e63fbb142b2357ef7dd8166e8da9eac4c931289a

25

 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2

26

 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07

27

 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59

28

29

diff --git a/www-servers/nginx/nginx-1.11.13.ebuild b/www-servers/nginx/nginx-1.11.13.ebuild

30

new file mode 100644

31

index 00000000000..7870abf9766

32

--- /dev/null

33

+++ b/www-servers/nginx/nginx-1.11.13.ebuild

34

@@ -0,0 +1,1011 @@

35

+# Copyright 1999-2017 Gentoo Foundation

36

+# Distributed under the terms of the GNU General Public License v2

37

+

38

+EAPI="6"

39

+

40

+# Maintainer notes:

41

+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite

42

+# - any http-module activates the main http-functionality and overrides USE=-http

43

+# - keep the following requirements in mind before adding external modules:

44

+#	* alive upstream

45

+#	* sane packaging

46

+#	* builds cleanly

47

+#	* does not need a patch for nginx core

48

+# - TODO: test the google-perftools module (included in vanilla tarball)

49

+

50

+# prevent perl-module from adding automagic perl DEPENDs

51

+GENTOO_DEPEND_ON_PERL="no"

52

+

53

+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)

54

+DEVEL_KIT_MODULE_PV="0.3.0"

55

+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"

56

+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"

57

+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"

58

+

59

+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)

60

+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"

61

+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"

62

+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"

63

+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"

64

+

65

+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)

66

+HTTP_HEADERS_MORE_MODULE_PV="0.32"

67

+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"

68

+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"

69

+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"

70

+

71

+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)

72

+HTTP_CACHE_PURGE_MODULE_PV="2.3"

73

+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"

74

+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"

75

+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"

76

+

77

+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)

78

+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"

79

+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"

80

+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"

81

+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"

82

+

83

+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)

84

+HTTP_FANCYINDEX_MODULE_PV="0.4.1"

85

+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"

86

+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"

87

+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"

88

+

89

+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)

90

+HTTP_LUA_MODULE_PV="0.10.7"

91

+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"

92

+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"

93

+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"

94

+

95

+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)

96

+HTTP_AUTH_PAM_MODULE_PV="1.5.1"

97

+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"

98

+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"

99

+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"

100

+

101

+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)

102

+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"

103

+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"

104

+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"

105

+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"

106

+

107

+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)

108

+HTTP_METRICS_MODULE_PV="0.1.1"

109

+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"

110

+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"

111

+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"

112

+

113

+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)

114

+HTTP_NAXSI_MODULE_PV="0.55.3"

115

+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"

116

+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"

117

+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"

118

+

119

+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)

120

+RTMP_MODULE_PV="1.1.11"

121

+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"

122

+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"

123

+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"

124

+

125

+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)

126

+HTTP_DAV_EXT_MODULE_PV="0.0.3"

127

+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"

128

+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"

129

+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"

130

+

131

+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)

132

+HTTP_ECHO_MODULE_PV="0.60"

133

+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"

134

+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"

135

+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"

136

+

137

+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)

138

+# keep the MODULE_P here consistent with upstream to avoid tarball duplication

139

+HTTP_SECURITY_MODULE_PV="2.9.1"

140

+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"

141

+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"

142

+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"

143

+

144

+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)

145

+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"

146

+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"

147

+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"

148

+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"

149

+

150

+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)

151

+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"

152

+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"

153

+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"

154

+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"

155

+

156

+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)

157

+HTTP_MOGILEFS_MODULE_PV="1.0.4"

158

+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"

159

+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"

160

+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"

161

+

162

+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)

163

+HTTP_MEMC_MODULE_PV="0.17"

164

+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"

165

+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"

166

+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"

167

+

168

+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)

169

+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"

170

+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"

171

+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"

172

+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"

173

+

174

+# We handle deps below ourselves

175

+SSL_DEPS_SKIP=1

176

+AUTOTOOLS_AUTO_DEPEND="no"

177

+

178

+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib

179

+

180

+DESCRIPTION="Robust, small and high performance http and reverse proxy server"

181

+HOMEPAGE="https://nginx.org"

182

+SRC_URI="https://nginx.org/download/${P}.tar.gz

183

+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz

184

+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )

185

+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )

186

+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )

187

+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )

188

+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )

189

+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )

190

+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )

191

+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )

192

+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )

193

+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )

194

+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )

195

+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )

196

+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )

197

+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )

198

+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )

199

+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )

200

+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )

201

+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )

202

+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"

203

+

204

+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+

205

+	nginx_modules_http_security? ( Apache-2.0 )

206

+	nginx_modules_http_push_stream? ( GPL-3 )"

207

+

208

+SLOT="mainline"

209

+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"

210

+

211

+# Package doesn't provide a real test suite

212

+RESTRICT="test"

213

+

214

+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif

215

+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer

216

+	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash

217

+	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"

218

+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip

219

+	gzip_static image_filter mp4 perl random_index realip secure_link

220

+	slice stub_status sub xslt"

221

+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients

222

+	upstream_hash upstream_least_conn upstream_zone"

223

+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"

224

+NGINX_MODULES_MAIL="imap pop3 smtp"

225

+NGINX_MODULES_3RD="

226

+	http_upload_progress

227

+	http_headers_more

228

+	http_cache_purge

229

+	http_slowfs_cache

230

+	http_fancyindex

231

+	http_lua

232

+	http_auth_pam

233

+	http_upstream_check

234

+	http_metrics

235

+	http_naxsi

236

+	http_dav_ext

237

+	http_echo

238

+	http_security

239

+	http_push_stream

240

+	http_sticky

241

+	http_mogilefs

242

+	http_memc

243

+	http_auth_ldap"

244

+

245

+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre

246

+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"

247

+

248

+for mod in $NGINX_MODULES_STD; do

249

+	IUSE="${IUSE} +nginx_modules_http_${mod}"

250

+done

251

+

252

+for mod in $NGINX_MODULES_OPT; do

253

+	IUSE="${IUSE} nginx_modules_http_${mod}"

254

+done

255

+

256

+for mod in $NGINX_MODULES_STREAM_STD; do

257

+	IUSE="${IUSE} nginx_modules_stream_${mod}"

258

+done

259

+

260

+for mod in $NGINX_MODULES_STREAM_OPT; do

261

+	IUSE="${IUSE} nginx_modules_stream_${mod}"

262

+done

263

+

264

+for mod in $NGINX_MODULES_MAIL; do

265

+	IUSE="${IUSE} nginx_modules_mail_${mod}"

266

+done

267

+

268

+for mod in $NGINX_MODULES_3RD; do

269

+	IUSE="${IUSE} nginx_modules_${mod}"

270

+done

271

+

272

+# Add so we can warn users updating about config changes

273

+# @TODO: jbergstroem: remove on next release series

274

+IUSE="${IUSE} nginx_modules_http_spdy"

275

+

276

+CDEPEND="

277

+	pcre? ( dev-libs/libpcre:= )

278

+	pcre-jit? ( dev-libs/libpcre:=[jit] )

279

+	ssl? (

280

+		!libressl? ( dev-libs/openssl:0= )

281

+		libressl? ( dev-libs/libressl:= )

282

+	)

283

+	http2? (

284

+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )

285

+		libressl? ( dev-libs/libressl:= )

286

+	)

287

+	http-cache? (

288

+		userland_GNU? (

289

+			!libressl? ( dev-libs/openssl:0= )

290

+			libressl? ( dev-libs/libressl:= )

291

+		)

292

+	)

293

+	nginx_modules_http_geoip? ( dev-libs/geoip )

294

+	nginx_modules_http_gunzip? ( sys-libs/zlib )

295

+	nginx_modules_http_gzip? ( sys-libs/zlib )

296

+	nginx_modules_http_gzip_static? ( sys-libs/zlib )

297

+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )

298

+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )

299

+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )

300

+	nginx_modules_http_secure_link? (

301

+		userland_GNU? (

302

+			!libressl? ( dev-libs/openssl:0= )

303

+			libressl? ( dev-libs/libressl:= )

304

+		)

305

+	)

306

+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )

307

+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )

308

+	nginx_modules_http_auth_pam? ( virtual/pam )

309

+	nginx_modules_http_metrics? ( dev-libs/yajl:= )

310

+	nginx_modules_http_dav_ext? ( dev-libs/expat )

311

+	nginx_modules_http_security? (

312

+		dev-libs/apr:=

313

+		dev-libs/apr-util:=

314

+		dev-libs/libxml2:=

315

+		net-misc/curl

316

+		www-servers/apache

317

+	)

318

+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"

319

+RDEPEND="${CDEPEND}

320

+	selinux? ( sec-policy/selinux-nginx )

321

+	!www-servers/nginx:0"

322

+DEPEND="${CDEPEND}

323

+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )

324

+	arm? ( dev-libs/libatomic_ops )

325

+	libatomic? ( dev-libs/libatomic_ops )"

326

+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"

327

+

328

+REQUIRED_USE="pcre-jit? ( pcre )

329

+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )

330

+	nginx_modules_http_naxsi? ( pcre )

331

+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )

332

+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )

333

+	nginx_modules_http_security? ( pcre )

334

+	nginx_modules_http_push_stream? ( ssl )"

335

+

336

+pkg_setup() {

337

+	NGINX_HOME="/var/lib/nginx"

338

+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"

339

+

340

+	ebegin "Creating nginx user and group"

341

+	enewgroup ${PN}

342

+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}

343

+	eend $?

344

+

345

+	if use libatomic; then

346

+		ewarn "GCC 4.1+ features built-in atomic operations."

347

+		ewarn "Using libatomic_ops is only needed if using"

348

+		ewarn "a different compiler or a GCC prior to 4.1"

349

+	fi

350

+

351

+	if [[ -n $NGINX_ADD_MODULES ]]; then

352

+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"

353

+		ewarn "This nginx installation is not supported!"

354

+		ewarn "Make sure you can reproduce the bug without those modules"

355

+		ewarn "_before_ reporting bugs."

356

+	fi

357

+

358

+	if use !http; then

359

+		ewarn "To actually disable all http-functionality you also have to disable"

360

+		ewarn "all nginx http modules."

361

+	fi

362

+

363

+	if use nginx_modules_http_mogilefs && use threads; then

364

+		eerror "mogilefs won't compile with threads support."

365

+		eerror "Please disable either flag and try again."

366

+		die "Can't compile mogilefs with threads support"

367

+	fi

368

+}

369

+

370

+src_prepare() {

371

+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"

372

+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"

373

+

374

+	if use nginx_modules_http_echo; then

375

+		cd "${HTTP_ECHO_MODULE_WD}" || die

376

+		eapply "${FILESDIR}"/http_echo-nginx-1.11.11+.patch

377

+		cd "${S}" || die

378

+	fi

379

+

380

+	if use nginx_modules_http_upstream_check; then

381

+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch

382

+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch

383

+	fi

384

+

385

+	if use nginx_modules_http_lua; then

386

+		cd "${HTTP_LUA_MODULE_WD}" || die

387

+		eapply -p1 "${FILESDIR}"/http_lua_nginx-1.11.11+.patch

388

+		cd "${S}" || die

389

+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die

390

+	fi

391

+

392

+	if use nginx_modules_http_security; then

393

+		cd "${HTTP_SECURITY_MODULE_WD}" || die

394

+

395

+		eapply "${FILESDIR}"/http_security-pr_1158.patch

396

+		eapply "${FILESDIR}"/http_security-pr_1373.patch

397

+

398

+		eautoreconf

399

+

400

+		if use luajit ; then

401

+			sed -i \

402

+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \

403

+				configure || die

404

+		fi

405

+

406

+		cd "${S}" || die

407

+	fi

408

+

409

+	if use nginx_modules_http_upload_progress; then

410

+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die

411

+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch

412

+		cd "${S}" || die

413

+	fi

414

+

415

+	if use nginx_modules_http_memc; then

416

+		cd "${HTTP_MEMC_MODULE_WD}" || die

417

+		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch

418

+		cd "${S}" || die

419

+	fi

420

+

421

+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die

422

+	# We have config protection, don't rename etc files

423

+	sed -i 's:.default::' auto/install || die

424

+	# remove useless files

425

+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die

426

+

427

+	# don't install to /etc/nginx/ if not in use

428

+	local module

429

+	for module in fastcgi scgi uwsgi ; do

430

+		if ! use nginx_modules_http_${module}; then

431

+			sed -i -e "/${module}/d" auto/install || die

432

+		fi

433

+	done

434

+

435

+	eapply_user

436

+}

437

+

438

+src_configure() {

439

+	# mod_security needs to generate nginx/modsecurity/config before including it

440

+	if use nginx_modules_http_security; then

441

+		cd "${HTTP_SECURITY_MODULE_WD}" || die

442

+

443

+		./configure \

444

+			--enable-standalone-module \

445

+			--disable-mlogc \

446

+			--with-ssdeep=no \

447

+			$(use_enable pcre-jit) \

448

+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"

449

+

450

+		cd "${S}" || die

451

+	fi

452

+

453

+	local myconf=() http_enabled= mail_enabled= stream_enabled=

454

+

455

+	use aio       && myconf+=( --with-file-aio )

456

+	use debug     && myconf+=( --with-debug )

457

+	use http2     && myconf+=( --with-http_v2_module )

458

+	use libatomic && myconf+=( --with-libatomic )

459

+	use pcre      && myconf+=( --with-pcre )

460

+	use pcre-jit  && myconf+=( --with-pcre-jit )

461

+	use threads   && myconf+=( --with-threads )

462

+

463

+	# HTTP modules

464

+	for mod in $NGINX_MODULES_STD; do

465

+		if use nginx_modules_http_${mod}; then

466

+			http_enabled=1

467

+		else

468

+			myconf+=( --without-http_${mod}_module )

469

+		fi

470

+	done

471

+

472

+	for mod in $NGINX_MODULES_OPT; do

473

+		if use nginx_modules_http_${mod}; then

474

+			http_enabled=1

475

+			myconf+=( --with-http_${mod}_module )

476

+		fi

477

+	done

478

+

479

+	if use nginx_modules_http_fastcgi; then

480

+		myconf+=( --with-http_realip_module )

481

+	fi

482

+

483

+	# third-party modules

484

+	if use nginx_modules_http_upload_progress; then

485

+		http_enabled=1

486

+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )

487

+	fi

488

+

489

+	if use nginx_modules_http_headers_more; then

490

+		http_enabled=1

491

+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )

492

+	fi

493

+

494

+	if use nginx_modules_http_cache_purge; then

495

+		http_enabled=1

496

+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )

497

+	fi

498

+

499

+	if use nginx_modules_http_slowfs_cache; then

500

+		http_enabled=1

501

+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )

502

+	fi

503

+

504

+	if use nginx_modules_http_fancyindex; then

505

+		http_enabled=1

506

+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )

507

+	fi

508

+

509

+	if use nginx_modules_http_lua; then

510

+		http_enabled=1

511

+		if use luajit; then

512

+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)

513

+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)

514

+		else

515

+			export LUA_LIB=$(pkg-config --variable libdir lua)

516

+			export LUA_INC=$(pkg-config --variable includedir lua)

517

+		fi

518

+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )

519

+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )

520

+	fi

521

+

522

+	if use nginx_modules_http_auth_pam; then

523

+		http_enabled=1

524

+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )

525

+	fi

526

+

527

+	if use nginx_modules_http_upstream_check; then

528

+		http_enabled=1

529

+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )

530

+	fi

531

+

532

+	if use nginx_modules_http_metrics; then

533

+		http_enabled=1

534

+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )

535

+	fi

536

+

537

+	if use nginx_modules_http_naxsi ; then

538

+		http_enabled=1

539

+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )

540

+	fi

541

+

542

+	if use rtmp ; then

543

+		http_enabled=1

544

+		myconf+=( --add-module=${RTMP_MODULE_WD} )

545

+	fi

546

+

547

+	if use nginx_modules_http_dav_ext ; then

548

+		http_enabled=1

549

+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )

550

+	fi

551

+

552

+	if use nginx_modules_http_echo ; then

553

+		http_enabled=1

554

+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )

555

+	fi

556

+

557

+	if use nginx_modules_http_security ; then

558

+		http_enabled=1

559

+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )

560

+	fi

561

+

562

+	if use nginx_modules_http_push_stream ; then

563

+		http_enabled=1

564

+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )

565

+	fi

566

+

567

+	if use nginx_modules_http_sticky ; then

568

+		http_enabled=1

569

+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )

570

+	fi

571

+

572

+	if use nginx_modules_http_mogilefs ; then

573

+		http_enabled=1

574

+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )

575

+	fi

576

+

577

+	if use nginx_modules_http_memc ; then

578

+		http_enabled=1

579

+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )

580

+	fi

581

+

582

+	if use nginx_modules_http_auth_ldap; then

583

+		http_enabled=1

584

+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )

585

+	fi

586

+

587

+	if use http || use http-cache || use http2; then

588

+		http_enabled=1

589

+	fi

590

+

591

+	if [ $http_enabled ]; then

592

+		use http-cache || myconf+=( --without-http-cache )

593

+		use ssl && myconf+=( --with-http_ssl_module )

594

+	else

595

+		myconf+=( --without-http --without-http-cache )

596

+	fi

597

+

598

+	# Stream modules

599

+	for mod in $NGINX_MODULES_STREAM_STD; do

600

+		if use nginx_modules_stream_${mod}; then

601

+			stream_enabled=1

602

+		else

603

+			myconf+=( --without-stream_${mod}_module )

604

+		fi

605

+	done

606

+

607

+	for mod in $NGINX_MODULES_STREAM_OPT; do

608

+		if use nginx_modules_stream_${mod}; then

609

+			stream_enabled=1

610

+			myconf+=( --with-stream_${mod}_module )

611

+		fi

612

+	done

613

+

614

+	if [ $stream_enabled ]; then

615

+		myconf+=( --with-stream )

616

+		use ssl && myconf+=( --with-stream_ssl_module )

617

+	fi

618

+

619

+	# MAIL modules

620

+	for mod in $NGINX_MODULES_MAIL; do

621

+		if use nginx_modules_mail_${mod}; then

622

+			mail_enabled=1

623

+		else

624

+			myconf+=( --without-mail_${mod}_module )

625

+		fi

626

+	done

627

+

628

+	if [ $mail_enabled ]; then

629

+		myconf+=( --with-mail )

630

+		use ssl && myconf+=( --with-mail_ssl_module )

631

+	fi

632

+

633

+	# custom modules

634

+	for mod in $NGINX_ADD_MODULES; do

635

+		myconf+=(  --add-module=${mod} )

636

+	done

637

+

638

+	# https://bugs.gentoo.org/286772

639

+	export LANG=C LC_ALL=C

640

+	tc-export CC

641

+

642

+	if ! use prefix; then

643

+		myconf+=( --user=${PN} )

644

+		myconf+=( --group=${PN} )

645

+	fi

646

+

647

+	local WITHOUT_IPV6=

648

+	if ! use ipv6; then

649

+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"

650

+	fi

651

+

652

+	./configure \

653

+		--prefix="${EPREFIX}"/usr \

654

+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \

655

+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \

656

+		--pid-path="${EPREFIX}"/run/${PN}.pid \

657

+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \

658

+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \

659

+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \

660

+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \

661

+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \

662

+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \

663

+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \

664

+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \

665

+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \

666

+		--with-compat \

667

+		"${myconf[@]}" || die "configure failed"

668

+

669

+	# A purely cosmetic change that makes nginx -V more readable. This can be

670

+	# good if people outside the gentoo community would troubleshoot and

671

+	# question the users setup.

672

+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die

673

+}

674

+

675

+src_compile() {

676

+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"

677

+

678

+	# https://bugs.gentoo.org/286772

679

+	export LANG=C LC_ALL=C

680

+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"

681

+}

682

+

683

+src_install() {

684

+	emake DESTDIR="${D%/}" install

685

+

686

+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die

687

+

688

+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx

689

+	newconfd "${FILESDIR}"/nginx.confd nginx

690

+

691

+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service

692

+

693

+	doman man/nginx.8

694

+	dodoc CHANGES* README

695

+

696

+	# just keepdir. do not copy the default htdocs files (bug #449136)

697

+	keepdir /var/www/localhost

698

+	rm -rf "${D}"usr/html || die

699

+

700

+	# set up a list of directories to keep

701

+	local keepdir_list="${NGINX_HOME_TMP}"/client

702

+	local module

703

+	for module in proxy fastcgi scgi uwsgi; do

704

+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"

705

+	done

706

+

707

+	keepdir /var/log/nginx ${keepdir_list}

708

+

709

+	# this solves a problem with SELinux where nginx doesn't see the directories

710

+	# as root and tries to create them as nginx

711

+	fperms 0750 "${NGINX_HOME_TMP}"

712

+	fowners ${PN}:0 "${NGINX_HOME_TMP}"

713

+

714

+	fperms 0700 ${keepdir_list}

715

+	fowners ${PN}:${PN} ${keepdir_list}

716

+

717

+	fperms 0710 /var/log/nginx

718

+	fowners 0:${PN} /var/log/nginx

719

+

720

+	# logrotate

721

+	insinto /etc/logrotate.d

722

+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx

723

+

724

+	if use nginx_modules_http_perl; then

725

+		cd "${S}"/objs/src/http/modules/perl/ || die

726

+		emake DESTDIR="${D}" INSTALLDIRS=vendor

727

+		perl_delete_localpod

728

+		cd "${S}" || die

729

+	fi

730

+

731

+	if use nginx_modules_http_cache_purge; then

732

+		docinto ${HTTP_CACHE_PURGE_MODULE_P}

733

+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}

734

+	fi

735

+

736

+	if use nginx_modules_http_slowfs_cache; then

737

+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}

738

+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}

739

+	fi

740

+

741

+	if use nginx_modules_http_fancyindex; then

742

+		docinto ${HTTP_FANCYINDEX_MODULE_P}

743

+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst

744

+	fi

745

+

746

+	if use nginx_modules_http_lua; then

747

+		docinto ${HTTP_LUA_MODULE_P}

748

+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown

749

+	fi

750

+

751

+	if use nginx_modules_http_auth_pam; then

752

+		docinto ${HTTP_AUTH_PAM_MODULE_P}

753

+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}

754

+	fi

755

+

756

+	if use nginx_modules_http_upstream_check; then

757

+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}

758

+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}

759

+	fi

760

+

761

+	if use nginx_modules_http_naxsi; then

762

+		insinto /etc/nginx

763

+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules

764

+	fi

765

+

766

+	if use rtmp; then

767

+		docinto ${RTMP_MODULE_P}

768

+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}

769

+	fi

770

+

771

+	if use nginx_modules_http_dav_ext; then

772

+		docinto ${HTTP_DAV_EXT_MODULE_P}

773

+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README

774

+	fi

775

+

776

+	if use nginx_modules_http_echo; then

777

+		docinto ${HTTP_ECHO_MODULE_P}

778

+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown

779

+	fi

780

+

781

+	if use nginx_modules_http_security; then

782

+		docinto ${HTTP_SECURITY_MODULE_P}

783

+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}

784

+	fi

785

+

786

+	if use nginx_modules_http_push_stream; then

787

+		docinto ${HTTP_PUSH_STREAM_MODULE_P}

788

+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}

789

+	fi

790

+

791

+	if use nginx_modules_http_sticky; then

792

+		docinto ${HTTP_STICKY_MODULE_P}

793

+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}

794

+	fi

795

+

796

+	if use nginx_modules_http_memc; then

797

+		docinto ${HTTP_MEMC_MODULE_P}

798

+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown

799

+	fi

800

+

801

+	if use nginx_modules_http_auth_ldap; then

802

+		docinto ${HTTP_LDAP_MODULE_P}

803

+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf

804

+	fi

805

+}

806

+

807

+pkg_postinst() {

808

+	if use ssl; then

809

+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then

810

+			install_cert /etc/ssl/${PN}/${PN}

811

+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}

812

+		fi

813

+	fi

814

+

815

+	if use nginx_modules_http_spdy; then

816

+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."

817

+		ewarn "Update your configs and package.use accordingly."

818

+	fi

819

+

820

+	if use nginx_modules_http_lua && use http2; then

821

+		ewarn "Lua 3rd party module author warns against using ${P} with"

822

+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"

823

+	fi

824

+

825

+	local _n_permission_layout_checks=0

826

+	local _has_to_adjust_permissions=0

827

+	local _has_to_show_permission_warning=0

828

+

829

+	# Defaults to 1 to inform people doing a fresh installation

830

+	# that we ship modified {scgi,uwsgi,fastcgi}_params files

831

+	local _has_to_show_httpoxy_mitigation_notice=1

832

+

833

+	local _replacing_version=

834

+	for _replacing_version in ${REPLACING_VERSIONS}; do

835

+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))

836

+

837

+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then

838

+			# Should never happen:

839

+			# Package is abusing slots but doesn't allow multiple parallel installations.

840

+			# If we run into this situation it is unsafe to automatically adjust any

841

+			# permission...

842

+			_has_to_show_permission_warning=1

843

+

844

+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \

845

+				"You will have to adjust permissions on your own."

846

+

847

+			break

848

+		fi

849

+

850

+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")

851

+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."

852

+

853

+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?

854

+		# This was before we introduced multiple nginx versions so we

855

+		# do not need to distinguish between stable and mainline

856

+		local _need_to_fix_CVE2013_0337=1

857

+

858

+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then

859

+			# We are updating an installation which should already be fixed

860

+			_need_to_fix_CVE2013_0337=0

861

+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"

862

+		else

863

+			_has_to_adjust_permissions=1

864

+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"

865

+		fi

866

+

867

+		# Do we need to inform about HTTPoxy mitigation?

868

+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f

869

+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then

870

+			# Updating from <1.10

871

+			_has_to_show_httpoxy_mitigation_notice=1

872

+			debug-print "Need to inform about HTTPoxy mitigation!"

873

+		else

874

+			# Updating from >=1.10

875

+			local _fixed_in_pvr=

876

+			case "${_replacing_version_branch}" in

877

+				"1.10")

878

+					_fixed_in_pvr="1.10.1-r2"

879

+					;;

880

+				"1.11")

881

+					_fixed_in_pvr="1.11.3-r1"

882

+					;;

883

+				*)

884

+					# This should be any future branch.

885

+					# If we run this code it is safe to assume that the user has

886

+					# already seen the HTTPoxy mitigation notice because he/she is doing

887

+					# an update from previous version where we have already shown

888

+					# the warning. Otherwise, we wouldn't hit this code path ...

889

+					_fixed_in_pvr=

890

+			esac

891

+

892

+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then

893

+				# We are updating an installation where we already informed

894

+				# that we are mitigating HTTPoxy per default

895

+				_has_to_show_httpoxy_mitigation_notice=0

896

+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"

897

+			else

898

+				_has_to_show_httpoxy_mitigation_notice=1

899

+				debug-print "Need to inform about HTTPoxy mitigation!"

900

+			fi

901

+		fi

902

+

903

+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?

904

+		# All branches up to 1.11 are affected

905

+		local _need_to_fix_CVE2016_1247=1

906

+

907

+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then

908

+			# Updating from <1.10

909

+			_has_to_adjust_permissions=1

910

+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"

911

+		else

912

+			# Updating from >=1.10

913

+			local _fixed_in_pvr=

914

+			case "${_replacing_version_branch}" in

915

+				"1.10")

916

+					_fixed_in_pvr="1.10.2-r3"

917

+					;;

918

+				"1.11")

919

+					_fixed_in_pvr="1.11.6-r1"

920

+					;;

921

+				*)

922

+					# This should be any future branch.

923

+					# If we run this code it is safe to assume that we have already

924

+					# adjusted permissions or were never affected because user is

925

+					# doing an update from previous version which was safe or did

926

+					# the adjustments. Otherwise, we wouldn't hit this code path ...

927

+					_fixed_in_pvr=

928

+			esac

929

+

930

+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then

931

+				# We are updating an installation which should already be adjusted

932

+				# or which was never affected

933

+				_need_to_fix_CVE2016_1247=0

934

+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"

935

+			else

936

+				_has_to_adjust_permissions=1

937

+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"

938

+			fi

939

+		fi

940

+	done

941

+

942

+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then

943

+		# We do not DIE when chmod/chown commands are failing because

944

+		# package is already merged on user's system at this stage

945

+		# and we cannot retry without losing the information that

946

+		# the existing installation needs to adjust permissions.

947

+		# Instead we are going to a show a big warning ...

948

+

949

+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then

950

+			ewarn ""

951

+			ewarn "The world-readable bit (if set) has been removed from the"

952

+			ewarn "following directories to mitigate a security bug"

953

+			ewarn "(CVE-2013-0337, bug #458726):"

954

+			ewarn ""

955

+			ewarn "  ${EPREFIX%/}/var/log/nginx"

956

+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"

957

+			ewarn ""

958

+			ewarn "Check if this is correct for your setup before restarting nginx!"

959

+			ewarn "This is a one-time change and will not happen on subsequent updates."

960

+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"

961

+			chmod o-rwx \

962

+				"${EPREFIX%/}"/var/log/nginx \

963

+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \

964

+				_has_to_show_permission_warning=1

965

+		fi

966

+

967

+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then

968

+			ewarn ""

969

+			ewarn "The permissions on the following directory have been reset in"

970

+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"

971

+			ewarn ""

972

+			ewarn "  ${EPREFIX%/}/var/log/nginx"

973

+			ewarn ""

974

+			ewarn "Check if this is correct for your setup before restarting nginx!"

975

+			ewarn "Also ensure that no other log directory used by any of your"

976

+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"

977

+			ewarn "used by nginx can be abused to escalate privileges!"

978

+			ewarn "This is a one-time change and will not happen on subsequent updates."

979

+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1

980

+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1

981

+		fi

982

+

983

+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then

984

+			# Should never happen ...

985

+			ewarn ""

986

+			ewarn "*************************************************************"

987

+			ewarn "***************         W A R N I N G         ***************"

988

+			ewarn "*************************************************************"

989

+			ewarn "The one-time only attempt to adjust permissions of the"

990

+			ewarn "existing nginx installation failed. Be aware that we will not"

991

+			ewarn "try to adjust the same permissions again because now you are"

992

+			ewarn "using a nginx version where we expect that the permissions"

993

+			ewarn "are already adjusted or that you know what you are doing and"

994

+			ewarn "want to keep custom permissions."

995

+			ewarn ""

996

+		fi

997

+	fi

998

+

999

+	# Sanity check for CVE-2016-1247

1000

+	# Required to warn users who received the warning above and thought

1001

+	# they could fix it by unmerging and re-merging the package or have

1002

+	# unmerged a affected installation on purpose in the past leaving

1003

+	# /var/log/nginx on their system due to keepdir/non-empty folder

1004

+	# and are now installing the package again.

1005

+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)

1006

+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null

1007

+	if [ $? -eq 0 ] ; then

1008

+		# Cleanup -- no reason to die here!

1009

+		rm -f "${_sanity_check_testfile}"

1010

+

1011

+		ewarn ""

1012

+		ewarn "*************************************************************"

1013

+		ewarn "***************         W A R N I N G         ***************"

1014

+		ewarn "*************************************************************"

1015

+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"

1016

+		ewarn "(bug #605008) because nginx user is able to create files in"

1017

+		ewarn ""

1018

+		ewarn "  ${EPREFIX%/}/var/log/nginx"

1019

+		ewarn ""

1020

+		ewarn "Also ensure that no other log directory used by any of your"

1021

+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"

1022

+		ewarn "used by nginx can be abused to escalate privileges!"

1023

+	fi

1024

+

1025

+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then

1026

+		# HTTPoxy mitigation

1027

+		ewarn ""

1028

+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"

1029

+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"

1030

+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"

1031

+		ewarn "are sourcing one of the default"

1032

+		ewarn ""

1033

+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"

1034

+		ewarn "  - 'scgi_params'"

1035

+		ewarn "  - 'uwsgi_params'"

1036

+		ewarn ""

1037

+		ewarn "files in your server block(s)."

1038

+		ewarn ""

1039

+		ewarn "If this is causing any problems for you make sure that you are sourcing the"

1040

+		ewarn "default parameters _before_ you set your own values."

1041

+		ewarn "If you are relying on user-supplied proxy values you have to remove the"

1042

+		ewarn "correlating lines from the file(s) mentioned above."

1043

+		ewarn ""

1044

+	fi

1045

+}

Gentoo Archives: gentoo-commits