Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
Date: Tue, 03 Jul 2018 15:56:59
Message-Id: 1530633394.91cef7605d8d9002b5430c365f46e3adf9823819.whissi@gentoo
1 commit: 91cef7605d8d9002b5430c365f46e3adf9823819
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Tue Jul 3 15:56:34 2018 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Tue Jul 3 15:56:34 2018 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91cef760
7
8 www-servers/nginx: bump to v1.15.1 mainline
9
10 - HTTP Fancy Index module bumpe to v0.4.3
11
12 - HTTP VHost Traffic Status module bumped to v0.1.18
13
14 - HTTP NAXSI module bumped to v0.56
15
16 Package-Manager: Portage-2.3.40, Repoman-2.3.9
17
18 www-servers/nginx/Manifest | 4 +
19 www-servers/nginx/nginx-1.15.1.ebuild | 1079 +++++++++++++++++++++++++++++++++
20 2 files changed, 1083 insertions(+)
21
22 diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
23 index 613d35ccc7a..42ec7cd0f6c 100644
24 --- a/www-servers/nginx/Manifest
25 +++ b/www-servers/nginx/Manifest
26 @@ -2,6 +2,7 @@ DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340
27 DIST nginx-1.12.2.tar.gz 981687 BLAKE2B cca2d2b2267fee6feac7e91a5aaec229251e829203b02c207a6a89644fd6b1f2003d75225fadde9fdfc8dda444dc53c7ff0033a1e15a0f25019c878fc716d83f SHA512 3faa2043e237a7e1d15cc5661ac9d002a965220a78c25a863be9f19e01007347e53f776b61c229f6bd3d916cc1ccf92de260811f7b8092ec1b747fba7c0061f7
28 DIST nginx-1.14.0.tar.gz 1016272 BLAKE2B 37d292955dc5f03f6b3b05fd434807ba1033fab73494866e8bacb99df1d595a7665b3722e9bb7227a119cabfea79be08a14e589565cedb78693fc3990cee4466 SHA512 40f086c9f741727e6f55802b6c3a66f081f7c49c38646dc1491aa3e3c35bae12b65ea6594386609fc849bcd99a60d7cd8ecb3f8d519e0e9ab8db01d653e930e9
29 DIST nginx-1.15.0.tar.gz 1020675 BLAKE2B b8151877d06f96276fc8186dc8c32b8f1479e27c7f6bdba9158b1d945661891e14c39d2ab3ff8991b3906c5fffe721ab4014d709895a6e3f5bc22b687ea3c536 SHA512 7dbdf437d8d546059a8a03aa9c8d2be98dba7306e2daa49611c16f1e56413a25d4c622da13a815e8075a10f4a0cd744167deaeb971c0a69189940a7a05fa32df
30 +DIST nginx-1.15.1.tar.gz 1024086 BLAKE2B 411f566f53fcae62a8b539ac3809d75dc7eaae763c757818931a666e9ed9d2f2b266a7691f58d2ab62bb97d930dfc40f2dc96d199d9a066329ccbcd82d4d2200 SHA512 bdb15791cd599d72a93d85772f8d35d83a76bab10fdfd76929173f81ed1dbad125addc305a6308c0f3d71efb836bc715acf48940047ec17fd48cf37e05b56d17
31 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
32 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 BLAKE2B f2209c8b5eb5616a362f2b532245167a5940faad6d66d98a94b3bf2d1e33a73492d42c60a9ddad347a592362a002ff38273a5d1f61f663984a09e14a3fe35e0f SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92
33 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
34 @@ -12,12 +13,14 @@ DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af59645226958
35 DIST ngx_http_dav_ext-0.1.0.tar.gz 6614 BLAKE2B 3951b573e80e8f02199680fb1ba23baa9ed0845002bf5c78fec291f3a2c01017bcf90f969e924d2e1e03db2aef364af6eaa19398478dfc22fc5bdd57508a9cbd SHA512 47b1686b483640a7fdcbf8081aae2e9f83fb0072ef0940b1cd7f8ddf4932317740b38f0dd4a8f3dd8da074c11c70038ac6758c0feafd3851331acdc85f3e0ee1
36 DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
37 DIST ngx_http_fancyindex-0.4.2.tar.gz 22047 BLAKE2B ce2cd4bffd7ec4cd0688ca79002b4cef70bb242a7c10dbc1a590786330eac628ee080b7bf9087a791ccb0e2e097cb1f8ef7d355ededccb323ecd7fa4f2a237d3 SHA512 aee121e4d25872f0eee6c8150c8c732767ab24c61dc4f6e3f86bd6edc53ad715f3c23045362954a1ad2086ff1002bca821b2e9a53b58b077cbda91a95077ef76
38 +DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
39 DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d164fdfe39ac603c4ecc7ad5b5d1482c1e21d0f1bc52be585d6a88968b29edfd8b1b63ce572e9ee8d8efb4d88889ef4cbb65b SHA512 32a23ba20e4ef3885b09baf938ef57405a6f23e86a7dbecbe5285be74c0433fc33eee70742113706e66ee105909deb1ec844ce36a6f33108597f736341d8c230
40 DIST ngx_http_headers_more-0.32.tar.gz 28033 BLAKE2B 51cff34f9a690a3c9a2a05b04084cdd51530b1f41baa1d487bd5bd4349d37a6cc48edffb78466572bee3e42aea10f56e1f8bc47d53a2790023ff831eaa72381f SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1
41 DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
42 DIST ngx_http_lua-0.10.10.tar.gz 611973 BLAKE2B c84d039087973cc6f718fd5cfcb043fd96893d790d2d65b448faf63ad7e3b8713d529c7804a436cc972bcabb9d4d3a8a605fe70a4ccf0a696dfc493656ac513c SHA512 3440e3fe714407f0ff61e0da207669655b443f7b70ef8a91693ea05ed96d8fde349d9c8ea30d5ff53ea3f8e4a5c7d0a2834e136c340b1b1365d62006339a1e4d
43 DIST ngx_http_lua-0.10.13.tar.gz 624102 BLAKE2B 009506e4cd505a2e383e2c6344b62b541b3bbb28410d4ae2e88139227e22e19dd14372a902f172fadaf82a76c5875936caff4a8c98ff740456488e5ac6ff8c53 SHA512 8c316b9d12dc35779fcddc6bb90942c096f19fd8c2e090b8397e1e1ca6f0ebd7a4edddc03fddb31310147ba4e9db9fc4b3749cfd2323046d88045b3b3333f07d
44 DIST ngx_http_naxsi-0.55.3.tar.gz 187416 BLAKE2B de4b00bcfa3e81b7f339bde9f2517e228d2f914c1ac76babd7db1419168814d30f44623a67c0f79475c232ca456792cbdc8f2b6ef3ebd1524eff3f2acfa87685 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0
45 +DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
46 DIST ngx_http_push_stream-0.5.2.tar.gz 182008 BLAKE2B b53c1269a5b96b35054011879dc2288ec7c9dd3965a1d4cea73fb7804626797b3cf7929ffa00fb0fc7479f5d6a7f8d006dbdde1ffa435f878c7cc9278e6cca00 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de
47 DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
48 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 BLAKE2B 54ec1bd0d1cc43cdaafc93ebd46b33374c57351c7f022eae0351d6961680abb03d896e7f058e67c43c4fee300253354feccb92d00e62bf91250e251e1860ec03 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d
49 @@ -25,6 +28,7 @@ DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 BLAKE2B 7bbbf52e326c64a00833
50 DIST ngx_http_upstream_check-31b1b42873fa56620d8a873ac13f5f26b52d0cd6.tar.gz 130052 BLAKE2B 0ff95fc9780193b514fc7b28f6c5c1a58942cd54472a495a1812a48ef4039390241c20c8a3e8dfd6168e87df3a9e3b37e9c33f11d13bdf5fb0d1f37041fe4ee8 SHA512 e7ea6712c27fd2610e8681b7f687e24c94cd7558d6f19f87568d4c2169115678a61c58b1cd3686a927173b566ff1e10cb1fb767fe63db61f860a77bac9792f9b
51 DIST ngx_http_upstream_check-9aecf15ec379fe98f62355c57b60c0bc83296f04.tar.gz 130073 BLAKE2B 3c93cef79425a46e22ae39adf13d5ebb0e5d36f5d6be8555ec068dd0017918f5355d82fbbe90ba934e58c52e89c2096e24012f75390c7159d1ebacfaaa112308 SHA512 fad2a0d3ac332b6e67c52e3525f6df8a432df3e92bc173190b8107fba7f24476ab9dae4824630299af68c15e856409bd47a3a79fb5b65e03a5133eb90142b8fc
52 DIST ngx_http_vhost_traffic_status-0.1.17.tar.gz 380239 BLAKE2B ca642825d02a11d289ca45dfc6231e8ddb13d72bce0343beb2e7fea8f255ac30bdc7751ae1c521f42c5de0245ecd0cff31fea050f7c5b4610620e43c6f4250f2 SHA512 cb9abe922b0494c2587e404b0d603a0441a9a328ef5a83b11e0323e8038010e7d69dfa0d9e5c7122d7bd9b6799a684d4d934e5473442f9f41344c8d38d0d6550
53 +DIST ngx_http_vhost_traffic_status-0.1.18.tar.gz 380327 BLAKE2B 700f48ec3ae7b38d4498b1ca6f7e08069befb4b76a20cc0619d16e613c1efb387eace906901fcb098159bc20acfc8723d98aec690e11deaff949f5612dd414f9 SHA512 86b980095b3b80c8dce2e355db514cb4b3039c8408a2f5ca6df9e105d5462952fddd70f6581ec6aa2763e560b591664c27eefd978c4ea777b1f1f808bc60d4ec
54 DIST ngx_memc_module-0.18.tar.gz 37113 BLAKE2B e5b89c7c7a3e6f8ee7c1b2623fbec78851a9d7c1c37c1924e8c010b45a4e034afe504a5e228361ad88cf57e83ce06f5f6d635301f8201f1ebd7e99f30447d524 SHA512 8087bd361fb4e522493e66f93d59c9b13245d6eef0fe4a53f619d1826feb02af60769c0a04f87f2faf5308a44b794ef146a445bdbe7cbc7f21c0edaaba08c706
55 DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1d9b11885fbce46fbe9fa4df3dce365320b5963c56aecde3b0039d4f9954943d95f25c5f4fada6256861257f82ebbb12 SHA512 a64ec8dffcd011db2cd12b501271bf5c408f2f31fd2bf477b8db4e88adc5bb5732c4c2181ed8378cab6a937869d8f747ef52b22fe256c90df8440b91890edbe7
56 DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
57
58 diff --git a/www-servers/nginx/nginx-1.15.1.ebuild b/www-servers/nginx/nginx-1.15.1.ebuild
59 new file mode 100644
60 index 00000000000..4d922841b29
61 --- /dev/null
62 +++ b/www-servers/nginx/nginx-1.15.1.ebuild
63 @@ -0,0 +1,1079 @@
64 +# Copyright 1999-2018 Gentoo Foundation
65 +# Distributed under the terms of the GNU General Public License v2
66 +
67 +EAPI="6"
68 +
69 +# Maintainer notes:
70 +# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
71 +# - any http-module activates the main http-functionality and overrides USE=-http
72 +# - keep the following requirements in mind before adding external modules:
73 +# * alive upstream
74 +# * sane packaging
75 +# * builds cleanly
76 +# * does not need a patch for nginx core
77 +# - TODO: test the google-perftools module (included in vanilla tarball)
78 +
79 +# prevent perl-module from adding automagic perl DEPENDs
80 +GENTOO_DEPEND_ON_PERL="no"
81 +
82 +# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
83 +DEVEL_KIT_MODULE_PV="0.3.0"
84 +DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
85 +DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
86 +DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
87 +
88 +# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
89 +HTTP_BROTLI_MODULE_PV="0.1.2"
90 +HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
91 +HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/v${HTTP_BROTLI_MODULE_PV}.tar.gz"
92 +HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
93 +
94 +# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
95 +HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
96 +HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
97 +HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
98 +HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
99 +
100 +# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
101 +HTTP_HEADERS_MORE_MODULE_PV="0.33"
102 +HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
103 +HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
104 +HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
105 +
106 +# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
107 +HTTP_CACHE_PURGE_MODULE_PV="2.3"
108 +HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
109 +HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
110 +HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
111 +
112 +# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
113 +HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
114 +HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
115 +HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
116 +HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
117 +
118 +# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
119 +HTTP_FANCYINDEX_MODULE_PV="0.4.3"
120 +HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
121 +HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
122 +HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
123 +
124 +# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
125 +HTTP_LUA_MODULE_PV="0.10.13"
126 +HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
127 +HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
128 +HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
129 +
130 +# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
131 +HTTP_AUTH_PAM_MODULE_PV="1.5.1"
132 +HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
133 +HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
134 +HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
135 +
136 +# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
137 +HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
138 +HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
139 +HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
140 +HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
141 +
142 +# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
143 +HTTP_METRICS_MODULE_PV="0.1.1"
144 +HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
145 +HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
146 +HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
147 +
148 +# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
149 +HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="0.1.18"
150 +HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
151 +HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
152 +HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
153 +
154 +# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
155 +HTTP_NAXSI_MODULE_PV="0.56"
156 +HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
157 +HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
158 +HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
159 +
160 +# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
161 +RTMP_MODULE_PV="1.2.1"
162 +RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
163 +RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
164 +RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
165 +
166 +# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
167 +HTTP_DAV_EXT_MODULE_PV="0.1.0"
168 +HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
169 +HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
170 +HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
171 +
172 +# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
173 +HTTP_ECHO_MODULE_PV="0.61"
174 +HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
175 +HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
176 +HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
177 +
178 +# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
179 +# keep the MODULE_P here consistent with upstream to avoid tarball duplication
180 +HTTP_SECURITY_MODULE_PV="2.9.2"
181 +HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
182 +HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
183 +HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
184 +
185 +# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
186 +HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
187 +HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
188 +HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
189 +HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
190 +
191 +# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
192 +HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
193 +HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
194 +HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
195 +HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
196 +
197 +# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
198 +HTTP_MOGILEFS_MODULE_PV="1.0.4"
199 +HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
200 +HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
201 +HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
202 +
203 +# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
204 +HTTP_MEMC_MODULE_PV="0.19"
205 +HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
206 +HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
207 +HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
208 +
209 +# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
210 +HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
211 +HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
212 +HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
213 +HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
214 +
215 +# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
216 +GEOIP2_MODULE_PV="2.0"
217 +GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
218 +GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
219 +GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
220 +
221 +# njs-module (https://github.com/nginx/njs, as-is)
222 +NJS_MODULE_PV="0.2.2"
223 +NJS_MODULE_P="njs-${NJS_MODULE_PV}"
224 +NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
225 +NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
226 +
227 +# We handle deps below ourselves
228 +SSL_DEPS_SKIP=1
229 +AUTOTOOLS_AUTO_DEPEND="no"
230 +
231 +inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
232 +
233 +DESCRIPTION="Robust, small and high performance http and reverse proxy server"
234 +HOMEPAGE="https://nginx.org"
235 +SRC_URI="https://nginx.org/download/${P}.tar.gz
236 + ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
237 + nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
238 + nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
239 + nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
240 + nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
241 + nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
242 + nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
243 + nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
244 + nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
245 + nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
246 + nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
247 + nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
248 + nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
249 + nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
250 + nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
251 + nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
252 + nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
253 + nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
254 + nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
255 + nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
256 + nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
257 + nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
258 + nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
259 + nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
260 + nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
261 + rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
262 +
263 +LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
264 + nginx_modules_http_security? ( Apache-2.0 )
265 + nginx_modules_http_push_stream? ( GPL-3 )"
266 +
267 +SLOT="mainline"
268 +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
269 +
270 +# Package doesn't provide a real test suite
271 +RESTRICT="test"
272 +
273 +NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
274 + fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
275 + proxy referer rewrite scgi ssi split_clients upstream_hash
276 + upstream_ip_hash upstream_keepalive upstream_least_conn
277 + upstream_zone userid uwsgi"
278 +NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
279 + gzip_static image_filter mp4 perl random_index realip secure_link
280 + slice stub_status sub xslt"
281 +NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
282 + upstream_hash upstream_least_conn upstream_zone"
283 +NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
284 +NGINX_MODULES_MAIL="imap pop3 smtp"
285 +NGINX_MODULES_3RD="
286 + http_auth_ldap
287 + http_auth_pam
288 + http_brotli
289 + http_cache_purge
290 + http_dav_ext
291 + http_echo
292 + http_fancyindex
293 + http_geoip2
294 + http_headers_more
295 + http_javascript
296 + http_lua
297 + http_memc
298 + http_metrics
299 + http_mogilefs
300 + http_naxsi
301 + http_push_stream
302 + http_security
303 + http_slowfs_cache
304 + http_sticky
305 + http_upload_progress
306 + http_upstream_check
307 + http_vhost_traffic_status
308 + stream_geoip2
309 + stream_javascript
310 +"
311 +
312 +IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
313 + pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
314 +
315 +for mod in $NGINX_MODULES_STD; do
316 + IUSE="${IUSE} +nginx_modules_http_${mod}"
317 +done
318 +
319 +for mod in $NGINX_MODULES_OPT; do
320 + IUSE="${IUSE} nginx_modules_http_${mod}"
321 +done
322 +
323 +for mod in $NGINX_MODULES_STREAM_STD; do
324 + IUSE="${IUSE} nginx_modules_stream_${mod}"
325 +done
326 +
327 +for mod in $NGINX_MODULES_STREAM_OPT; do
328 + IUSE="${IUSE} nginx_modules_stream_${mod}"
329 +done
330 +
331 +for mod in $NGINX_MODULES_MAIL; do
332 + IUSE="${IUSE} nginx_modules_mail_${mod}"
333 +done
334 +
335 +for mod in $NGINX_MODULES_3RD; do
336 + IUSE="${IUSE} nginx_modules_${mod}"
337 +done
338 +
339 +# Add so we can warn users updating about config changes
340 +# @TODO: jbergstroem: remove on next release series
341 +IUSE="${IUSE} nginx_modules_http_spdy"
342 +
343 +CDEPEND="
344 + pcre? ( dev-libs/libpcre:= )
345 + pcre-jit? ( dev-libs/libpcre:=[jit] )
346 + ssl? (
347 + !libressl? ( dev-libs/openssl:0= )
348 + libressl? ( dev-libs/libressl:= )
349 + )
350 + http2? (
351 + !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
352 + libressl? ( dev-libs/libressl:= )
353 + )
354 + http-cache? (
355 + userland_GNU? (
356 + !libressl? ( dev-libs/openssl:0= )
357 + libressl? ( dev-libs/libressl:= )
358 + )
359 + )
360 + nginx_modules_http_brotli? ( app-arch/brotli:= )
361 + nginx_modules_http_geoip? ( dev-libs/geoip )
362 + nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
363 + nginx_modules_http_gunzip? ( sys-libs/zlib )
364 + nginx_modules_http_gzip? ( sys-libs/zlib )
365 + nginx_modules_http_gzip_static? ( sys-libs/zlib )
366 + nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
367 + nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
368 + nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
369 + nginx_modules_http_secure_link? (
370 + userland_GNU? (
371 + !libressl? ( dev-libs/openssl:0= )
372 + libressl? ( dev-libs/libressl:= )
373 + )
374 + )
375 + nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
376 + nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
377 + nginx_modules_http_auth_pam? ( virtual/pam )
378 + nginx_modules_http_metrics? ( dev-libs/yajl:= )
379 + nginx_modules_http_dav_ext? ( dev-libs/expat )
380 + nginx_modules_http_security? (
381 + dev-libs/apr:=
382 + dev-libs/apr-util:=
383 + dev-libs/libxml2:=
384 + net-misc/curl
385 + www-servers/apache
386 + )
387 + nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
388 +RDEPEND="${CDEPEND}
389 + selinux? ( sec-policy/selinux-nginx )
390 + !www-servers/nginx:0"
391 +DEPEND="${CDEPEND}
392 + nginx_modules_http_brotli? ( virtual/pkgconfig )
393 + nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
394 + arm? ( dev-libs/libatomic_ops )
395 + libatomic? ( dev-libs/libatomic_ops )"
396 +PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
397 +
398 +REQUIRED_USE="pcre-jit? ( pcre )
399 + nginx_modules_http_grpc? ( http2 )
400 + nginx_modules_http_lua? ( nginx_modules_http_rewrite )
401 + nginx_modules_http_naxsi? ( pcre )
402 + nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
403 + nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
404 + nginx_modules_http_security? ( pcre )
405 + nginx_modules_http_push_stream? ( ssl )"
406 +
407 +pkg_setup() {
408 + NGINX_HOME="/var/lib/nginx"
409 + NGINX_HOME_TMP="${NGINX_HOME}/tmp"
410 +
411 + ebegin "Creating nginx user and group"
412 + enewgroup ${PN}
413 + enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
414 + eend $?
415 +
416 + if use libatomic; then
417 + ewarn "GCC 4.1+ features built-in atomic operations."
418 + ewarn "Using libatomic_ops is only needed if using"
419 + ewarn "a different compiler or a GCC prior to 4.1"
420 + fi
421 +
422 + if [[ -n $NGINX_ADD_MODULES ]]; then
423 + ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
424 + ewarn "This nginx installation is not supported!"
425 + ewarn "Make sure you can reproduce the bug without those modules"
426 + ewarn "_before_ reporting bugs."
427 + fi
428 +
429 + if use !http; then
430 + ewarn "To actually disable all http-functionality you also have to disable"
431 + ewarn "all nginx http modules."
432 + fi
433 +
434 + if use nginx_modules_http_mogilefs && use threads; then
435 + eerror "mogilefs won't compile with threads support."
436 + eerror "Please disable either flag and try again."
437 + die "Can't compile mogilefs with threads support"
438 + fi
439 +}
440 +
441 +src_prepare() {
442 + eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
443 + eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
444 +
445 + if use nginx_modules_http_brotli; then
446 + cd "${HTTP_BROTLI_MODULE_WD}" || die
447 + eapply "${FILESDIR}"/http_brotli-detect-brotli-r1.patch
448 + cd "${S}" || die
449 + fi
450 +
451 + if use nginx_modules_http_upstream_check; then
452 + eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
453 + fi
454 +
455 + if use nginx_modules_http_cache_purge; then
456 + cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
457 + eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
458 + cd "${S}" || die
459 + fi
460 +
461 + if use nginx_modules_http_security; then
462 + cd "${HTTP_SECURITY_MODULE_WD}" || die
463 +
464 + eautoreconf
465 +
466 + if use luajit ; then
467 + sed -i \
468 + -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
469 + configure || die
470 + fi
471 +
472 + cd "${S}" || die
473 + fi
474 +
475 + if use nginx_modules_http_upload_progress; then
476 + cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
477 + eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
478 + cd "${S}" || die
479 + fi
480 +
481 + find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
482 + # We have config protection, don't rename etc files
483 + sed -i 's:.default::' auto/install || die
484 + # remove useless files
485 + sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
486 +
487 + # don't install to /etc/nginx/ if not in use
488 + local module
489 + for module in fastcgi scgi uwsgi ; do
490 + if ! use nginx_modules_http_${module}; then
491 + sed -i -e "/${module}/d" auto/install || die
492 + fi
493 + done
494 +
495 + eapply_user
496 +}
497 +
498 +src_configure() {
499 + # mod_security needs to generate nginx/modsecurity/config before including it
500 + if use nginx_modules_http_security; then
501 + cd "${HTTP_SECURITY_MODULE_WD}" || die
502 +
503 + ./configure \
504 + --enable-standalone-module \
505 + --disable-mlogc \
506 + --with-ssdeep=no \
507 + $(use_enable pcre-jit) \
508 + $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
509 +
510 + cd "${S}" || die
511 + fi
512 +
513 + local myconf=() http_enabled= mail_enabled= stream_enabled=
514 +
515 + use aio && myconf+=( --with-file-aio )
516 + use debug && myconf+=( --with-debug )
517 + use http2 && myconf+=( --with-http_v2_module )
518 + use libatomic && myconf+=( --with-libatomic )
519 + use pcre && myconf+=( --with-pcre )
520 + use pcre-jit && myconf+=( --with-pcre-jit )
521 + use threads && myconf+=( --with-threads )
522 +
523 + # HTTP modules
524 + for mod in $NGINX_MODULES_STD; do
525 + if use nginx_modules_http_${mod}; then
526 + http_enabled=1
527 + else
528 + myconf+=( --without-http_${mod}_module )
529 + fi
530 + done
531 +
532 + for mod in $NGINX_MODULES_OPT; do
533 + if use nginx_modules_http_${mod}; then
534 + http_enabled=1
535 + myconf+=( --with-http_${mod}_module )
536 + fi
537 + done
538 +
539 + if use nginx_modules_http_fastcgi; then
540 + myconf+=( --with-http_realip_module )
541 + fi
542 +
543 + # third-party modules
544 + if use nginx_modules_http_upload_progress; then
545 + http_enabled=1
546 + myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
547 + fi
548 +
549 + if use nginx_modules_http_headers_more; then
550 + http_enabled=1
551 + myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
552 + fi
553 +
554 + if use nginx_modules_http_cache_purge; then
555 + http_enabled=1
556 + myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
557 + fi
558 +
559 + if use nginx_modules_http_slowfs_cache; then
560 + http_enabled=1
561 + myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
562 + fi
563 +
564 + if use nginx_modules_http_fancyindex; then
565 + http_enabled=1
566 + myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
567 + fi
568 +
569 + if use nginx_modules_http_lua; then
570 + http_enabled=1
571 + if use luajit; then
572 + export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
573 + export LUAJIT_INC=$(pkg-config --variable includedir luajit)
574 + else
575 + export LUA_LIB=$(pkg-config --variable libdir lua)
576 + export LUA_INC=$(pkg-config --variable includedir lua)
577 + fi
578 + myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
579 + myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
580 + fi
581 +
582 + if use nginx_modules_http_auth_pam; then
583 + http_enabled=1
584 + myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
585 + fi
586 +
587 + if use nginx_modules_http_upstream_check; then
588 + http_enabled=1
589 + myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
590 + fi
591 +
592 + if use nginx_modules_http_metrics; then
593 + http_enabled=1
594 + myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
595 + fi
596 +
597 + if use nginx_modules_http_naxsi ; then
598 + http_enabled=1
599 + myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
600 + fi
601 +
602 + if use rtmp ; then
603 + http_enabled=1
604 + myconf+=( --add-module=${RTMP_MODULE_WD} )
605 + fi
606 +
607 + if use nginx_modules_http_dav_ext ; then
608 + http_enabled=1
609 + myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
610 + fi
611 +
612 + if use nginx_modules_http_echo ; then
613 + http_enabled=1
614 + myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
615 + fi
616 +
617 + if use nginx_modules_http_security ; then
618 + http_enabled=1
619 + myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
620 + fi
621 +
622 + if use nginx_modules_http_push_stream ; then
623 + http_enabled=1
624 + myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
625 + fi
626 +
627 + if use nginx_modules_http_sticky ; then
628 + http_enabled=1
629 + myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
630 + fi
631 +
632 + if use nginx_modules_http_mogilefs ; then
633 + http_enabled=1
634 + myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
635 + fi
636 +
637 + if use nginx_modules_http_memc ; then
638 + http_enabled=1
639 + myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
640 + fi
641 +
642 + if use nginx_modules_http_auth_ldap; then
643 + http_enabled=1
644 + myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
645 + fi
646 +
647 + if use nginx_modules_http_vhost_traffic_status; then
648 + http_enabled=1
649 + myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
650 + fi
651 +
652 + if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
653 + myconf+=( --add-module=${GEOIP2_MODULE_WD} )
654 + fi
655 +
656 + if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
657 + myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
658 + fi
659 +
660 + if use nginx_modules_http_brotli; then
661 + http_enabled=1
662 + myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
663 + fi
664 +
665 + if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
666 + http_enabled=1
667 + fi
668 +
669 + if [ $http_enabled ]; then
670 + use http-cache || myconf+=( --without-http-cache )
671 + use ssl && myconf+=( --with-http_ssl_module )
672 + else
673 + myconf+=( --without-http --without-http-cache )
674 + fi
675 +
676 + # Stream modules
677 + for mod in $NGINX_MODULES_STREAM_STD; do
678 + if use nginx_modules_stream_${mod}; then
679 + stream_enabled=1
680 + else
681 + myconf+=( --without-stream_${mod}_module )
682 + fi
683 + done
684 +
685 + for mod in $NGINX_MODULES_STREAM_OPT; do
686 + if use nginx_modules_stream_${mod}; then
687 + stream_enabled=1
688 + myconf+=( --with-stream_${mod}_module )
689 + fi
690 + done
691 +
692 + if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
693 + stream_enabled=1
694 + fi
695 +
696 + if [ $stream_enabled ]; then
697 + myconf+=( --with-stream )
698 + use ssl && myconf+=( --with-stream_ssl_module )
699 + fi
700 +
701 + # MAIL modules
702 + for mod in $NGINX_MODULES_MAIL; do
703 + if use nginx_modules_mail_${mod}; then
704 + mail_enabled=1
705 + else
706 + myconf+=( --without-mail_${mod}_module )
707 + fi
708 + done
709 +
710 + if [ $mail_enabled ]; then
711 + myconf+=( --with-mail )
712 + use ssl && myconf+=( --with-mail_ssl_module )
713 + fi
714 +
715 + # custom modules
716 + for mod in $NGINX_ADD_MODULES; do
717 + myconf+=( --add-module=${mod} )
718 + done
719 +
720 + # https://bugs.gentoo.org/286772
721 + export LANG=C LC_ALL=C
722 + tc-export CC
723 +
724 + if ! use prefix; then
725 + myconf+=( --user=${PN} )
726 + myconf+=( --group=${PN} )
727 + fi
728 +
729 + local WITHOUT_IPV6=
730 + if ! use ipv6; then
731 + WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
732 + fi
733 +
734 + if [[ -n "${EXTRA_ECONF}" ]]; then
735 + myconf+=( ${EXTRA_ECONF} )
736 + ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
737 + fi
738 +
739 + ./configure \
740 + --prefix="${EPREFIX}"/usr \
741 + --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
742 + --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
743 + --pid-path="${EPREFIX}"/run/${PN}.pid \
744 + --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
745 + --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
746 + --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
747 + --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
748 + --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
749 + --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
750 + --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
751 + --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
752 + --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
753 + --with-compat \
754 + "${myconf[@]}" || die "configure failed"
755 +
756 + # A purely cosmetic change that makes nginx -V more readable. This can be
757 + # good if people outside the gentoo community would troubleshoot and
758 + # question the users setup.
759 + sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
760 +}
761 +
762 +src_compile() {
763 + use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
764 +
765 + # https://bugs.gentoo.org/286772
766 + export LANG=C LC_ALL=C
767 + emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
768 +}
769 +
770 +src_install() {
771 + emake DESTDIR="${D%/}" install
772 +
773 + cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
774 +
775 + newinitd "${FILESDIR}"/nginx.initd-r4 nginx
776 + newconfd "${FILESDIR}"/nginx.confd nginx
777 +
778 + systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
779 +
780 + doman man/nginx.8
781 + dodoc CHANGES* README
782 +
783 + # just keepdir. do not copy the default htdocs files (bug #449136)
784 + keepdir /var/www/localhost
785 + rm -rf "${D}"usr/html || die
786 +
787 + # set up a list of directories to keep
788 + local keepdir_list="${NGINX_HOME_TMP}"/client
789 + local module
790 + for module in proxy fastcgi scgi uwsgi; do
791 + use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
792 + done
793 +
794 + keepdir /var/log/nginx ${keepdir_list}
795 +
796 + # this solves a problem with SELinux where nginx doesn't see the directories
797 + # as root and tries to create them as nginx
798 + fperms 0750 "${NGINX_HOME_TMP}"
799 + fowners ${PN}:0 "${NGINX_HOME_TMP}"
800 +
801 + fperms 0700 ${keepdir_list}
802 + fowners ${PN}:${PN} ${keepdir_list}
803 +
804 + fperms 0710 /var/log/nginx
805 + fowners 0:${PN} /var/log/nginx
806 +
807 + # logrotate
808 + insinto /etc/logrotate.d
809 + newins "${FILESDIR}"/nginx.logrotate-r1 nginx
810 +
811 + if use nginx_modules_http_perl; then
812 + cd "${S}"/objs/src/http/modules/perl/ || die
813 + emake DESTDIR="${D}" INSTALLDIRS=vendor
814 + perl_delete_localpod
815 + cd "${S}" || die
816 + fi
817 +
818 + if use nginx_modules_http_cache_purge; then
819 + docinto ${HTTP_CACHE_PURGE_MODULE_P}
820 + dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
821 + fi
822 +
823 + if use nginx_modules_http_slowfs_cache; then
824 + docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
825 + dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
826 + fi
827 +
828 + if use nginx_modules_http_fancyindex; then
829 + docinto ${HTTP_FANCYINDEX_MODULE_P}
830 + dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
831 + fi
832 +
833 + if use nginx_modules_http_lua; then
834 + docinto ${HTTP_LUA_MODULE_P}
835 + dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
836 + fi
837 +
838 + if use nginx_modules_http_auth_pam; then
839 + docinto ${HTTP_AUTH_PAM_MODULE_P}
840 + dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
841 + fi
842 +
843 + if use nginx_modules_http_upstream_check; then
844 + docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
845 + dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
846 + fi
847 +
848 + if use nginx_modules_http_naxsi; then
849 + insinto /etc/nginx
850 + doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
851 + fi
852 +
853 + if use rtmp; then
854 + docinto ${RTMP_MODULE_P}
855 + dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
856 + fi
857 +
858 + if use nginx_modules_http_dav_ext; then
859 + docinto ${HTTP_DAV_EXT_MODULE_P}
860 + dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
861 + fi
862 +
863 + if use nginx_modules_http_echo; then
864 + docinto ${HTTP_ECHO_MODULE_P}
865 + dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
866 + fi
867 +
868 + if use nginx_modules_http_security; then
869 + docinto ${HTTP_SECURITY_MODULE_P}
870 + dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
871 + fi
872 +
873 + if use nginx_modules_http_push_stream; then
874 + docinto ${HTTP_PUSH_STREAM_MODULE_P}
875 + dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
876 + fi
877 +
878 + if use nginx_modules_http_sticky; then
879 + docinto ${HTTP_STICKY_MODULE_P}
880 + dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
881 + fi
882 +
883 + if use nginx_modules_http_memc; then
884 + docinto ${HTTP_MEMC_MODULE_P}
885 + dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
886 + fi
887 +
888 + if use nginx_modules_http_auth_ldap; then
889 + docinto ${HTTP_LDAP_MODULE_P}
890 + dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
891 + fi
892 +}
893 +
894 +pkg_postinst() {
895 + if use ssl; then
896 + if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
897 + install_cert /etc/ssl/${PN}/${PN}
898 + use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
899 + fi
900 + fi
901 +
902 + if use nginx_modules_http_spdy; then
903 + ewarn ""
904 + ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
905 + ewarn "Update your configs and package.use accordingly."
906 + fi
907 +
908 + if use nginx_modules_http_lua; then
909 + ewarn ""
910 + ewarn "While you can build lua 3rd party module against ${P}"
911 + ewarn "the author warns that >=${PN}-1.11.11 is still not an"
912 + ewarn "officially supported target yet. You are on your own."
913 + ewarn "Expect runtime failures, memory leaks and other problems!"
914 + fi
915 +
916 + if use nginx_modules_http_lua && use http2; then
917 + ewarn ""
918 + ewarn "Lua 3rd party module author warns against using ${P} with"
919 + ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
920 + fi
921 +
922 + local _n_permission_layout_checks=0
923 + local _has_to_adjust_permissions=0
924 + local _has_to_show_permission_warning=0
925 +
926 + # Defaults to 1 to inform people doing a fresh installation
927 + # that we ship modified {scgi,uwsgi,fastcgi}_params files
928 + local _has_to_show_httpoxy_mitigation_notice=1
929 +
930 + local _replacing_version=
931 + for _replacing_version in ${REPLACING_VERSIONS}; do
932 + _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
933 +
934 + if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
935 + # Should never happen:
936 + # Package is abusing slots but doesn't allow multiple parallel installations.
937 + # If we run into this situation it is unsafe to automatically adjust any
938 + # permission...
939 + _has_to_show_permission_warning=1
940 +
941 + ewarn "Replacing multiple ${PN}' versions is unsupported! " \
942 + "You will have to adjust permissions on your own."
943 +
944 + break
945 + fi
946 +
947 + local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
948 + debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
949 +
950 + # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
951 + # This was before we introduced multiple nginx versions so we
952 + # do not need to distinguish between stable and mainline
953 + local _need_to_fix_CVE2013_0337=1
954 +
955 + if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
956 + # We are updating an installation which should already be fixed
957 + _need_to_fix_CVE2013_0337=0
958 + debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
959 + else
960 + _has_to_adjust_permissions=1
961 + debug-print "Need to adjust permissions to fix CVE-2013-0337!"
962 + fi
963 +
964 + # Do we need to inform about HTTPoxy mitigation?
965 + # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
966 + if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
967 + # Updating from <1.10
968 + _has_to_show_httpoxy_mitigation_notice=1
969 + debug-print "Need to inform about HTTPoxy mitigation!"
970 + else
971 + # Updating from >=1.10
972 + local _fixed_in_pvr=
973 + case "${_replacing_version_branch}" in
974 + "1.10")
975 + _fixed_in_pvr="1.10.1-r2"
976 + ;;
977 + "1.11")
978 + _fixed_in_pvr="1.11.3-r1"
979 + ;;
980 + *)
981 + # This should be any future branch.
982 + # If we run this code it is safe to assume that the user has
983 + # already seen the HTTPoxy mitigation notice because he/she is doing
984 + # an update from previous version where we have already shown
985 + # the warning. Otherwise, we wouldn't hit this code path ...
986 + _fixed_in_pvr=
987 + esac
988 +
989 + if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
990 + # We are updating an installation where we already informed
991 + # that we are mitigating HTTPoxy per default
992 + _has_to_show_httpoxy_mitigation_notice=0
993 + debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
994 + else
995 + _has_to_show_httpoxy_mitigation_notice=1
996 + debug-print "Need to inform about HTTPoxy mitigation!"
997 + fi
998 + fi
999 +
1000 + # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
1001 + # All branches up to 1.11 are affected
1002 + local _need_to_fix_CVE2016_1247=1
1003 +
1004 + if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
1005 + # Updating from <1.10
1006 + _has_to_adjust_permissions=1
1007 + debug-print "Need to adjust permissions to fix CVE-2016-1247!"
1008 + else
1009 + # Updating from >=1.10
1010 + local _fixed_in_pvr=
1011 + case "${_replacing_version_branch}" in
1012 + "1.10")
1013 + _fixed_in_pvr="1.10.2-r3"
1014 + ;;
1015 + "1.11")
1016 + _fixed_in_pvr="1.11.6-r1"
1017 + ;;
1018 + *)
1019 + # This should be any future branch.
1020 + # If we run this code it is safe to assume that we have already
1021 + # adjusted permissions or were never affected because user is
1022 + # doing an update from previous version which was safe or did
1023 + # the adjustments. Otherwise, we wouldn't hit this code path ...
1024 + _fixed_in_pvr=
1025 + esac
1026 +
1027 + if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
1028 + # We are updating an installation which should already be adjusted
1029 + # or which was never affected
1030 + _need_to_fix_CVE2016_1247=0
1031 + debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
1032 + else
1033 + _has_to_adjust_permissions=1
1034 + debug-print "Need to adjust permissions to fix CVE-2016-1247!"
1035 + fi
1036 + fi
1037 + done
1038 +
1039 + if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
1040 + # We do not DIE when chmod/chown commands are failing because
1041 + # package is already merged on user's system at this stage
1042 + # and we cannot retry without losing the information that
1043 + # the existing installation needs to adjust permissions.
1044 + # Instead we are going to a show a big warning ...
1045 +
1046 + if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
1047 + ewarn ""
1048 + ewarn "The world-readable bit (if set) has been removed from the"
1049 + ewarn "following directories to mitigate a security bug"
1050 + ewarn "(CVE-2013-0337, bug #458726):"
1051 + ewarn ""
1052 + ewarn " ${EPREFIX%/}/var/log/nginx"
1053 + ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
1054 + ewarn ""
1055 + ewarn "Check if this is correct for your setup before restarting nginx!"
1056 + ewarn "This is a one-time change and will not happen on subsequent updates."
1057 + ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
1058 + chmod o-rwx \
1059 + "${EPREFIX%/}"/var/log/nginx \
1060 + "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
1061 + _has_to_show_permission_warning=1
1062 + fi
1063 +
1064 + if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
1065 + ewarn ""
1066 + ewarn "The permissions on the following directory have been reset in"
1067 + ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
1068 + ewarn ""
1069 + ewarn " ${EPREFIX%/}/var/log/nginx"
1070 + ewarn ""
1071 + ewarn "Check if this is correct for your setup before restarting nginx!"
1072 + ewarn "Also ensure that no other log directory used by any of your"
1073 + ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
1074 + ewarn "used by nginx can be abused to escalate privileges!"
1075 + ewarn "This is a one-time change and will not happen on subsequent updates."
1076 + chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
1077 + chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
1078 + fi
1079 +
1080 + if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
1081 + # Should never happen ...
1082 + ewarn ""
1083 + ewarn "*************************************************************"
1084 + ewarn "*************** W A R N I N G ***************"
1085 + ewarn "*************************************************************"
1086 + ewarn "The one-time only attempt to adjust permissions of the"
1087 + ewarn "existing nginx installation failed. Be aware that we will not"
1088 + ewarn "try to adjust the same permissions again because now you are"
1089 + ewarn "using a nginx version where we expect that the permissions"
1090 + ewarn "are already adjusted or that you know what you are doing and"
1091 + ewarn "want to keep custom permissions."
1092 + ewarn ""
1093 + fi
1094 + fi
1095 +
1096 + # Sanity check for CVE-2016-1247
1097 + # Required to warn users who received the warning above and thought
1098 + # they could fix it by unmerging and re-merging the package or have
1099 + # unmerged a affected installation on purpose in the past leaving
1100 + # /var/log/nginx on their system due to keepdir/non-empty folder
1101 + # and are now installing the package again.
1102 + local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
1103 + su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
1104 + if [ $? -eq 0 ] ; then
1105 + # Cleanup -- no reason to die here!
1106 + rm -f "${_sanity_check_testfile}"
1107 +
1108 + ewarn ""
1109 + ewarn "*************************************************************"
1110 + ewarn "*************** W A R N I N G ***************"
1111 + ewarn "*************************************************************"
1112 + ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
1113 + ewarn "(bug #605008) because nginx user is able to create files in"
1114 + ewarn ""
1115 + ewarn " ${EPREFIX%/}/var/log/nginx"
1116 + ewarn ""
1117 + ewarn "Also ensure that no other log directory used by any of your"
1118 + ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
1119 + ewarn "used by nginx can be abused to escalate privileges!"
1120 + fi
1121 +
1122 + if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
1123 + # HTTPoxy mitigation
1124 + ewarn ""
1125 + ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
1126 + ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
1127 + ewarn "the HTTP_PROXY parameter to an empty string per default when you"
1128 + ewarn "are sourcing one of the default"
1129 + ewarn ""
1130 + ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
1131 + ewarn " - 'scgi_params'"
1132 + ewarn " - 'uwsgi_params'"
1133 + ewarn ""
1134 + ewarn "files in your server block(s)."
1135 + ewarn ""
1136 + ewarn "If this is causing any problems for you make sure that you are sourcing the"
1137 + ewarn "default parameters _before_ you set your own values."
1138 + ewarn "If you are relying on user-supplied proxy values you have to remove the"
1139 + ewarn "correlating lines from the file(s) mentioned above."
1140 + ewarn ""
1141 + fi
1142 +}
Report Message
Find on MARC Find on Google Groups