Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
Date: Tue, 21 Nov 2017 16:05:02
Message-Id: 1511280291.b1a39c149ffac5d3168aa0f4e9723e4a6bc8ca95.whissi@gentoo
1 commit: b1a39c149ffac5d3168aa0f4e9723e4a6bc8ca95
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Tue Nov 21 16:04:37 2017 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Tue Nov 21 16:04:51 2017 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1a39c14
7
8 www-servers/nginx: Bump to v1.13.7 mainline
9
10 Ebuild changes:
11 ===============
12 - headers_more module bumped to v0.33
13
14 - lua module bumped to 0.10.11
15
16 - push module bumped to 0.5.4
17
18 Package-Manager: Portage-2.3.13, Repoman-2.3.4
19
20 www-servers/nginx/Manifest | 4 +
21 www-servers/nginx/nginx-1.13.7.ebuild | 1006 +++++++++++++++++++++++++++++++++
22 2 files changed, 1010 insertions(+)
23
24 diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
25 index bb8f6618067..0b2958d40da 100644
26 --- a/www-servers/nginx/Manifest
27 +++ b/www-servers/nginx/Manifest
28 @@ -6,6 +6,7 @@ DIST nginx-1.13.3.tar.gz 985931 SHA256 5b73f98004c302fb8e4a172abf046d9ce77739a82
29 DIST nginx-1.13.4.tar.gz 988415 SHA256 de21f3c49ba65c611329d8759a63d72e5fcf719bc6f2a3270e2541348ef1fbba SHA512 068f59f0dfe68a9a20a141bf5416551bc758fe50a38b2576f0e1c9df2ec674c7348b151f3ce80b614ac20610bc85374be7cef69f95b925f4fde351716c1da740 WHIRLPOOL 333cf2542fef05a0709259e6c8ea363a2eaaade00e1e1f0f50df081af023826d452b7b5fd3e826a63cad1753949f469424723b0a9731a34418c06517e14d6f3a
30 DIST nginx-1.13.5.tar.gz 988821 SHA256 0e75b94429b3f745377aeba3aff97da77bf2b03fcb9ff15b3bad9b038db29f2e SHA512 ffd0406a75a35da427522f58c9b710cde86acb1ebf48f4e6b7f6a44e04ccd83950fedc6dceed9e2ab5132e06559f3bf45935d5011fc436e7c2efd46ac1e86459 WHIRLPOOL 94703bff57b0c701709974748f07ba444143707ecfb98beb9ca0d30d66913cde07725f3ae82a44d5585709c35b0ff600eccab37f0b5df904b67cee8e2085207d
31 DIST nginx-1.13.6.tar.gz 989760 SHA256 8512fc6f986a20af293b61f33b0e72f64a72ea5b1acbcc790c4c4e2d6f63f8f8 SHA512 9ae218396e94f0e165d4d573a979354045ac579f0dcc702a37bde3ec5764e21161efc90fc1ff66bd402047c41a16ca0ff02423eaeb8d89b397e970df246f419e WHIRLPOOL e219846d7a15de9239d4c26eab4e8ec783bbc715e84eee0f6a8591a1d0dae0eeb828b15ccf622638c14a943758b3bb02e23355e129c16178d9aca72c4733b80f
32 +DIST nginx-1.13.7.tar.gz 990836 SHA256 beb732bc7da80948c43fd0bf94940a21a21b1c1ddfba0bd99a4b88e026220f5c SHA512 77ee919315e0b16ec042ec80b5a9ed01ef057d30fded4c1991fc1b7648d41433b94897fbe6f0900299d3596ede7b25e842e47c44865b1c3d91d2dc6363d23fc0 WHIRLPOOL f56195c1bf4143acfceba4d7c03a2cf7a12d26f829dbf8465c59618601dacc10746e85c45dbbbb6d3b978706766b6987a478fd665776c454411a7ff4b164e869
33 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
34 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
35 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
36 @@ -18,10 +19,13 @@ DIST ngx_http_echo-0.61.tar.gz 53155 SHA256 2e6a03032555f5da1bdff2ae96c96486f447
37 DIST ngx_http_fancyindex-0.4.1.tar.gz 21130 SHA256 2b00d8e0ad2a67152a9cee7b7ee67990c742d501412df912baaf1eee9bb6dc71 SHA512 ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1 WHIRLPOOL 4a885afbadf64bbd25df6580a099472ae48836d9dddfe1dee6ac6a6f97bfb0cf7120ff10dd69fceca7085fab590bec3a4b4b5be5644f2352375316885ddc3cac
38 DIST ngx_http_fancyindex-0.4.2.tar.gz 22047 SHA256 8327150864ca267b735d550d3304030efbbd863fdddfe0a94e970f249a8827ee SHA512 aee121e4d25872f0eee6c8150c8c732767ab24c61dc4f6e3f86bd6edc53ad715f3c23045362954a1ad2086ff1002bca821b2e9a53b58b077cbda91a95077ef76 WHIRLPOOL 81b34afe05fda9068a53d5fa29937c72210847a9eda86f8858d6d2d625958f1c6cea2c3639ce9132687b672384b066f314bfb7096098646131c7380bd99c5470
39 DIST ngx_http_headers_more-0.32.tar.gz 28033 SHA256 c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 WHIRLPOOL 2b95ea8e2933e83082b9dfd7aaa8f57dd38b0ec12fb452a4aa38a215ca76b6572fe35b79c8afe8cf3097bf89ced0e81c33e07ee6913c99966b87b8e610df3121
40 +DIST ngx_http_headers_more-0.33.tar.gz 28130 SHA256 a3dcbab117a9c103bc1ea5200fc00a7b7d2af97ff7fd525f16f8ac2632e30fbf SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37 WHIRLPOOL 3684b3ff76c6d4ff12d721db31376b6a2b8a91833210d7a0705c7e8615bb079d509d0d25d56a1a2ade33d90cf72006da4affcaeb89f7f6d57818b5436a0ab44c
41 DIST ngx_http_lua-0.10.10.tar.gz 611973 SHA256 b4acb84e2d631035a516d61830c910ef6e6485aba86096221ec745e0dbb3fbc9 SHA512 3440e3fe714407f0ff61e0da207669655b443f7b70ef8a91693ea05ed96d8fde349d9c8ea30d5ff53ea3f8e4a5c7d0a2834e136c340b1b1365d62006339a1e4d WHIRLPOOL 23b5509618a7b3db215ed62b37773f7fa4e1ec14efceef631344c608c079929cded79c6888fa4a45fc31b25463ebb43030cf86868e3df99bb8b3d49116a448d5
42 +DIST ngx_http_lua-0.10.11.tar.gz 616653 SHA256 c0fb91fcfd1c6e7dec34ca64826ef81ffebafdef6174d254467636f380566626 SHA512 35e1510c9da71c8bdf028f4ac253404550a83bd904f6c5639697d78c76708625bb6deaa858a7d086b5582f71bb46578e8f804887a46ccfbaf5f4de8510cb1511 WHIRLPOOL 1ad973245c301d585e6d427d08ad32df7c0be2d5af6bd4c422521fb7e29fc5c99565c6fe7cf3784a118ce69b042689381e1ab18d20524edd55331c112fe0a4be
43 DIST ngx_http_lua-0.10.8.tar.gz 606643 SHA256 d67449c71051b3cc2d6dd60df0ae0d21fca08aa19c9b30c5b95ee21ff38ef8dd SHA512 ad621cec178eb37109f16ebc30dbab7b1ea344ac4b523ff1e6ad62364b8cf437488a89c593ca44b446b729a1c578e3a97685851847b4b16a147ac9eca8f23a2a WHIRLPOOL 07ba9d1c35c5f8cf627a485ee19b4a5bd0969efc70283f4617af542c5152879aba2b6f5e0a8fd1a6d1a69c2438a499f56156de6f3345a0f2f6527686e682baba
44 DIST ngx_http_naxsi-0.55.3.tar.gz 187416 SHA256 0b3c95d250772dc89ad8b49e47c1e024c5ae2c76c0cffa445e9fe05c4dd13495 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0 WHIRLPOOL 0a1bbe06730730944a882d86ffa378c4a3c759366208913603ffd18fcd7b18e65b6b1a89e9a07dc82e360dfe7ef4a6430391f6e52de35023d33ca19e80a3b693
45 DIST ngx_http_push_stream-0.5.2.tar.gz 182008 SHA256 1d07f38acdb8194bd49344b0ba21de101070de9b8731d27a8d22e928850bc199 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de WHIRLPOOL d309cecbb1bb5b6c4f64712d44889e3ecca59140d845a31a3f605dc3cc2aa01622b0deadb8f6852baea3c211bebbe6ed7d7868399447ac1249c1b1b740fa3c27
46 +DIST ngx_http_push_stream-0.5.4.tar.gz 183493 SHA256 5253bb8a804ea679e514137a234637298f044c3ef63c053670bf3802ff3535b1 SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86 WHIRLPOOL 14e2dee5d08d495d9a3c96298508ff83cbd75c01f2c9800b57e1827540a3dfa70bd3e67cad41847906f58bc30004af90a08a58c93fbee3903e856e3736f809b9
47 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18
48 DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 SHA256 b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c WHIRLPOOL e847603f1445c7e1471a5570e2774a448be880eb71eeb21e27361586bcee9aae31cb0a8a80cd5abfc8d14e2c356fabfa7293e6a4d5f6782d41521a7bdc124066
49 DIST ngx_http_upstream_check-0.3.0-10-gf3bdb7b.tar.gz 129060 SHA256 9e0835e8c1550033e74c7eaeebf94d41ab1617cff152dd076da976e0eba30bfc SHA512 5b2ae6d305d24d0c64dc118fd3b0c23f5bf0e9a282e70e8d2c4eb946ed510263b5e845f64ca352784e34708cf9d98804cacf64b6c9efd712a395076dd0ba7c29 WHIRLPOOL 8dab8aa1bf3f7c9adbf2952148d76cc627682876b5e64dc789582b573a4b6fa73910043325fc664784b68966bcb1e8ba9ae6bfa457133bde0d52e39b7d3c09e0
50
51 diff --git a/www-servers/nginx/nginx-1.13.7.ebuild b/www-servers/nginx/nginx-1.13.7.ebuild
52 new file mode 100644
53 index 00000000000..b0d71137e94
54 --- /dev/null
55 +++ b/www-servers/nginx/nginx-1.13.7.ebuild
56 @@ -0,0 +1,1006 @@
57 +# Copyright 1999-2017 Gentoo Foundation
58 +# Distributed under the terms of the GNU General Public License v2
59 +
60 +EAPI="6"
61 +
62 +# Maintainer notes:
63 +# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
64 +# - any http-module activates the main http-functionality and overrides USE=-http
65 +# - keep the following requirements in mind before adding external modules:
66 +# * alive upstream
67 +# * sane packaging
68 +# * builds cleanly
69 +# * does not need a patch for nginx core
70 +# - TODO: test the google-perftools module (included in vanilla tarball)
71 +
72 +# prevent perl-module from adding automagic perl DEPENDs
73 +GENTOO_DEPEND_ON_PERL="no"
74 +
75 +# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
76 +DEVEL_KIT_MODULE_PV="0.3.0"
77 +DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
78 +DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
79 +DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
80 +
81 +# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
82 +HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
83 +HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
84 +HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
85 +HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
86 +
87 +# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
88 +HTTP_HEADERS_MORE_MODULE_PV="0.33"
89 +HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
90 +HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
91 +HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
92 +
93 +# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
94 +HTTP_CACHE_PURGE_MODULE_PV="2.3"
95 +HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
96 +HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
97 +HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
98 +
99 +# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
100 +HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
101 +HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
102 +HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
103 +HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
104 +
105 +# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
106 +HTTP_FANCYINDEX_MODULE_PV="0.4.2"
107 +HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
108 +HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
109 +HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
110 +
111 +# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
112 +HTTP_LUA_MODULE_PV="0.10.11"
113 +HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
114 +HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
115 +HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
116 +
117 +# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
118 +HTTP_AUTH_PAM_MODULE_PV="1.5.1"
119 +HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
120 +HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
121 +HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
122 +
123 +# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
124 +HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
125 +HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
126 +HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
127 +HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
128 +
129 +# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
130 +HTTP_METRICS_MODULE_PV="0.1.1"
131 +HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
132 +HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
133 +HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
134 +
135 +# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
136 +HTTP_NAXSI_MODULE_PV="0.55.3"
137 +HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
138 +HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
139 +HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
140 +
141 +# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
142 +RTMP_MODULE_PV="1.2.0"
143 +RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
144 +RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
145 +RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
146 +
147 +# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
148 +HTTP_DAV_EXT_MODULE_PV="0.1.0"
149 +HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
150 +HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
151 +HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
152 +
153 +# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
154 +HTTP_ECHO_MODULE_PV="0.61"
155 +HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
156 +HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
157 +HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
158 +
159 +# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
160 +# keep the MODULE_P here consistent with upstream to avoid tarball duplication
161 +HTTP_SECURITY_MODULE_PV="2.9.2"
162 +HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
163 +HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
164 +HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
165 +
166 +# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
167 +HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
168 +HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
169 +HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
170 +HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
171 +
172 +# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
173 +HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
174 +HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
175 +HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
176 +HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
177 +
178 +# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
179 +HTTP_MOGILEFS_MODULE_PV="1.0.4"
180 +HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
181 +HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
182 +HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
183 +
184 +# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
185 +HTTP_MEMC_MODULE_PV="0.18"
186 +HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
187 +HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
188 +HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
189 +
190 +# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
191 +HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
192 +HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
193 +HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
194 +HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
195 +
196 +# We handle deps below ourselves
197 +SSL_DEPS_SKIP=1
198 +AUTOTOOLS_AUTO_DEPEND="no"
199 +
200 +inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
201 +
202 +DESCRIPTION="Robust, small and high performance http and reverse proxy server"
203 +HOMEPAGE="https://nginx.org"
204 +SRC_URI="https://nginx.org/download/${P}.tar.gz
205 + ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
206 + nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
207 + nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
208 + nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
209 + nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
210 + nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
211 + nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
212 + nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
213 + nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
214 + nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
215 + nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
216 + rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
217 + nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
218 + nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
219 + nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
220 + nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
221 + nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
222 + nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
223 + nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
224 + nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
225 +
226 +LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
227 + nginx_modules_http_security? ( Apache-2.0 )
228 + nginx_modules_http_push_stream? ( GPL-3 )"
229 +
230 +SLOT="mainline"
231 +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
232 +
233 +# Package doesn't provide a real test suite
234 +RESTRICT="test"
235 +
236 +NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
237 + fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
238 + referer rewrite scgi ssi split_clients upstream_hash
239 + upstream_ip_hash upstream_keepalive upstream_least_conn
240 + upstream_zone userid uwsgi"
241 +NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
242 + gzip_static image_filter mp4 perl random_index realip secure_link
243 + slice stub_status sub xslt"
244 +NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
245 + upstream_hash upstream_least_conn upstream_zone"
246 +NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
247 +NGINX_MODULES_MAIL="imap pop3 smtp"
248 +NGINX_MODULES_3RD="
249 + http_upload_progress
250 + http_headers_more
251 + http_cache_purge
252 + http_slowfs_cache
253 + http_fancyindex
254 + http_lua
255 + http_auth_pam
256 + http_upstream_check
257 + http_metrics
258 + http_naxsi
259 + http_dav_ext
260 + http_echo
261 + http_security
262 + http_push_stream
263 + http_sticky
264 + http_mogilefs
265 + http_memc
266 + http_auth_ldap"
267 +
268 +IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
269 + pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
270 +
271 +for mod in $NGINX_MODULES_STD; do
272 + IUSE="${IUSE} +nginx_modules_http_${mod}"
273 +done
274 +
275 +for mod in $NGINX_MODULES_OPT; do
276 + IUSE="${IUSE} nginx_modules_http_${mod}"
277 +done
278 +
279 +for mod in $NGINX_MODULES_STREAM_STD; do
280 + IUSE="${IUSE} nginx_modules_stream_${mod}"
281 +done
282 +
283 +for mod in $NGINX_MODULES_STREAM_OPT; do
284 + IUSE="${IUSE} nginx_modules_stream_${mod}"
285 +done
286 +
287 +for mod in $NGINX_MODULES_MAIL; do
288 + IUSE="${IUSE} nginx_modules_mail_${mod}"
289 +done
290 +
291 +for mod in $NGINX_MODULES_3RD; do
292 + IUSE="${IUSE} nginx_modules_${mod}"
293 +done
294 +
295 +# Add so we can warn users updating about config changes
296 +# @TODO: jbergstroem: remove on next release series
297 +IUSE="${IUSE} nginx_modules_http_spdy"
298 +
299 +CDEPEND="
300 + pcre? ( dev-libs/libpcre:= )
301 + pcre-jit? ( dev-libs/libpcre:=[jit] )
302 + ssl? (
303 + !libressl? ( dev-libs/openssl:0= )
304 + libressl? ( dev-libs/libressl:= )
305 + )
306 + http2? (
307 + !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
308 + libressl? ( dev-libs/libressl:= )
309 + )
310 + http-cache? (
311 + userland_GNU? (
312 + !libressl? ( dev-libs/openssl:0= )
313 + libressl? ( dev-libs/libressl:= )
314 + )
315 + )
316 + nginx_modules_http_geoip? ( dev-libs/geoip )
317 + nginx_modules_http_gunzip? ( sys-libs/zlib )
318 + nginx_modules_http_gzip? ( sys-libs/zlib )
319 + nginx_modules_http_gzip_static? ( sys-libs/zlib )
320 + nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
321 + nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
322 + nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
323 + nginx_modules_http_secure_link? (
324 + userland_GNU? (
325 + !libressl? ( dev-libs/openssl:0= )
326 + libressl? ( dev-libs/libressl:= )
327 + )
328 + )
329 + nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
330 + nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
331 + nginx_modules_http_auth_pam? ( virtual/pam )
332 + nginx_modules_http_metrics? ( dev-libs/yajl:= )
333 + nginx_modules_http_dav_ext? ( dev-libs/expat )
334 + nginx_modules_http_security? (
335 + dev-libs/apr:=
336 + dev-libs/apr-util:=
337 + dev-libs/libxml2:=
338 + net-misc/curl
339 + www-servers/apache
340 + )
341 + nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
342 +RDEPEND="${CDEPEND}
343 + selinux? ( sec-policy/selinux-nginx )
344 + !www-servers/nginx:0"
345 +DEPEND="${CDEPEND}
346 + nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
347 + arm? ( dev-libs/libatomic_ops )
348 + libatomic? ( dev-libs/libatomic_ops )"
349 +PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
350 +
351 +REQUIRED_USE="pcre-jit? ( pcre )
352 + nginx_modules_http_lua? ( nginx_modules_http_rewrite )
353 + nginx_modules_http_naxsi? ( pcre )
354 + nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
355 + nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
356 + nginx_modules_http_security? ( pcre )
357 + nginx_modules_http_push_stream? ( ssl )"
358 +
359 +pkg_setup() {
360 + NGINX_HOME="/var/lib/nginx"
361 + NGINX_HOME_TMP="${NGINX_HOME}/tmp"
362 +
363 + ebegin "Creating nginx user and group"
364 + enewgroup ${PN}
365 + enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
366 + eend $?
367 +
368 + if use libatomic; then
369 + ewarn "GCC 4.1+ features built-in atomic operations."
370 + ewarn "Using libatomic_ops is only needed if using"
371 + ewarn "a different compiler or a GCC prior to 4.1"
372 + fi
373 +
374 + if [[ -n $NGINX_ADD_MODULES ]]; then
375 + ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
376 + ewarn "This nginx installation is not supported!"
377 + ewarn "Make sure you can reproduce the bug without those modules"
378 + ewarn "_before_ reporting bugs."
379 + fi
380 +
381 + if use !http; then
382 + ewarn "To actually disable all http-functionality you also have to disable"
383 + ewarn "all nginx http modules."
384 + fi
385 +
386 + if use nginx_modules_http_mogilefs && use threads; then
387 + eerror "mogilefs won't compile with threads support."
388 + eerror "Please disable either flag and try again."
389 + die "Can't compile mogilefs with threads support"
390 + fi
391 +}
392 +
393 +src_prepare() {
394 + eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
395 + eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
396 +
397 + if use nginx_modules_http_upstream_check; then
398 + #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
399 + eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
400 + fi
401 +
402 + if use nginx_modules_http_cache_purge; then
403 + cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
404 + eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
405 + cd "${S}" || die
406 + fi
407 +
408 + if use nginx_modules_http_security; then
409 + cd "${HTTP_SECURITY_MODULE_WD}" || die
410 +
411 + eautoreconf
412 +
413 + if use luajit ; then
414 + sed -i \
415 + -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
416 + configure || die
417 + fi
418 +
419 + cd "${S}" || die
420 + fi
421 +
422 + if use nginx_modules_http_upload_progress; then
423 + cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
424 + eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
425 + cd "${S}" || die
426 + fi
427 +
428 + find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
429 + # We have config protection, don't rename etc files
430 + sed -i 's:.default::' auto/install || die
431 + # remove useless files
432 + sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
433 +
434 + # don't install to /etc/nginx/ if not in use
435 + local module
436 + for module in fastcgi scgi uwsgi ; do
437 + if ! use nginx_modules_http_${module}; then
438 + sed -i -e "/${module}/d" auto/install || die
439 + fi
440 + done
441 +
442 + eapply_user
443 +}
444 +
445 +src_configure() {
446 + # mod_security needs to generate nginx/modsecurity/config before including it
447 + if use nginx_modules_http_security; then
448 + cd "${HTTP_SECURITY_MODULE_WD}" || die
449 +
450 + ./configure \
451 + --enable-standalone-module \
452 + --disable-mlogc \
453 + --with-ssdeep=no \
454 + $(use_enable pcre-jit) \
455 + $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
456 +
457 + cd "${S}" || die
458 + fi
459 +
460 + local myconf=() http_enabled= mail_enabled= stream_enabled=
461 +
462 + use aio && myconf+=( --with-file-aio )
463 + use debug && myconf+=( --with-debug )
464 + use http2 && myconf+=( --with-http_v2_module )
465 + use libatomic && myconf+=( --with-libatomic )
466 + use pcre && myconf+=( --with-pcre )
467 + use pcre-jit && myconf+=( --with-pcre-jit )
468 + use threads && myconf+=( --with-threads )
469 +
470 + # HTTP modules
471 + for mod in $NGINX_MODULES_STD; do
472 + if use nginx_modules_http_${mod}; then
473 + http_enabled=1
474 + else
475 + myconf+=( --without-http_${mod}_module )
476 + fi
477 + done
478 +
479 + for mod in $NGINX_MODULES_OPT; do
480 + if use nginx_modules_http_${mod}; then
481 + http_enabled=1
482 + myconf+=( --with-http_${mod}_module )
483 + fi
484 + done
485 +
486 + if use nginx_modules_http_fastcgi; then
487 + myconf+=( --with-http_realip_module )
488 + fi
489 +
490 + # third-party modules
491 + if use nginx_modules_http_upload_progress; then
492 + http_enabled=1
493 + myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
494 + fi
495 +
496 + if use nginx_modules_http_headers_more; then
497 + http_enabled=1
498 + myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
499 + fi
500 +
501 + if use nginx_modules_http_cache_purge; then
502 + http_enabled=1
503 + myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
504 + fi
505 +
506 + if use nginx_modules_http_slowfs_cache; then
507 + http_enabled=1
508 + myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
509 + fi
510 +
511 + if use nginx_modules_http_fancyindex; then
512 + http_enabled=1
513 + myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
514 + fi
515 +
516 + if use nginx_modules_http_lua; then
517 + http_enabled=1
518 + if use luajit; then
519 + export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
520 + export LUAJIT_INC=$(pkg-config --variable includedir luajit)
521 + else
522 + export LUA_LIB=$(pkg-config --variable libdir lua)
523 + export LUA_INC=$(pkg-config --variable includedir lua)
524 + fi
525 + myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
526 + myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
527 + fi
528 +
529 + if use nginx_modules_http_auth_pam; then
530 + http_enabled=1
531 + myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
532 + fi
533 +
534 + if use nginx_modules_http_upstream_check; then
535 + http_enabled=1
536 + myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
537 + fi
538 +
539 + if use nginx_modules_http_metrics; then
540 + http_enabled=1
541 + myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
542 + fi
543 +
544 + if use nginx_modules_http_naxsi ; then
545 + http_enabled=1
546 + myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
547 + fi
548 +
549 + if use rtmp ; then
550 + http_enabled=1
551 + myconf+=( --add-module=${RTMP_MODULE_WD} )
552 + fi
553 +
554 + if use nginx_modules_http_dav_ext ; then
555 + http_enabled=1
556 + myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
557 + fi
558 +
559 + if use nginx_modules_http_echo ; then
560 + http_enabled=1
561 + myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
562 + fi
563 +
564 + if use nginx_modules_http_security ; then
565 + http_enabled=1
566 + myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
567 + fi
568 +
569 + if use nginx_modules_http_push_stream ; then
570 + http_enabled=1
571 + myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
572 + fi
573 +
574 + if use nginx_modules_http_sticky ; then
575 + http_enabled=1
576 + myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
577 + fi
578 +
579 + if use nginx_modules_http_mogilefs ; then
580 + http_enabled=1
581 + myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
582 + fi
583 +
584 + if use nginx_modules_http_memc ; then
585 + http_enabled=1
586 + myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
587 + fi
588 +
589 + if use nginx_modules_http_auth_ldap; then
590 + http_enabled=1
591 + myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
592 + fi
593 +
594 + if use http || use http-cache || use http2; then
595 + http_enabled=1
596 + fi
597 +
598 + if [ $http_enabled ]; then
599 + use http-cache || myconf+=( --without-http-cache )
600 + use ssl && myconf+=( --with-http_ssl_module )
601 + else
602 + myconf+=( --without-http --without-http-cache )
603 + fi
604 +
605 + # Stream modules
606 + for mod in $NGINX_MODULES_STREAM_STD; do
607 + if use nginx_modules_stream_${mod}; then
608 + stream_enabled=1
609 + else
610 + myconf+=( --without-stream_${mod}_module )
611 + fi
612 + done
613 +
614 + for mod in $NGINX_MODULES_STREAM_OPT; do
615 + if use nginx_modules_stream_${mod}; then
616 + stream_enabled=1
617 + myconf+=( --with-stream_${mod}_module )
618 + fi
619 + done
620 +
621 + if [ $stream_enabled ]; then
622 + myconf+=( --with-stream )
623 + use ssl && myconf+=( --with-stream_ssl_module )
624 + fi
625 +
626 + # MAIL modules
627 + for mod in $NGINX_MODULES_MAIL; do
628 + if use nginx_modules_mail_${mod}; then
629 + mail_enabled=1
630 + else
631 + myconf+=( --without-mail_${mod}_module )
632 + fi
633 + done
634 +
635 + if [ $mail_enabled ]; then
636 + myconf+=( --with-mail )
637 + use ssl && myconf+=( --with-mail_ssl_module )
638 + fi
639 +
640 + # custom modules
641 + for mod in $NGINX_ADD_MODULES; do
642 + myconf+=( --add-module=${mod} )
643 + done
644 +
645 + # https://bugs.gentoo.org/286772
646 + export LANG=C LC_ALL=C
647 + tc-export CC
648 +
649 + if ! use prefix; then
650 + myconf+=( --user=${PN} )
651 + myconf+=( --group=${PN} )
652 + fi
653 +
654 + local WITHOUT_IPV6=
655 + if ! use ipv6; then
656 + WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
657 + fi
658 +
659 + ./configure \
660 + --prefix="${EPREFIX}"/usr \
661 + --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
662 + --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
663 + --pid-path="${EPREFIX}"/run/${PN}.pid \
664 + --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
665 + --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
666 + --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
667 + --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
668 + --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
669 + --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
670 + --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
671 + --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
672 + --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
673 + --with-compat \
674 + "${myconf[@]}" || die "configure failed"
675 +
676 + # A purely cosmetic change that makes nginx -V more readable. This can be
677 + # good if people outside the gentoo community would troubleshoot and
678 + # question the users setup.
679 + sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
680 +}
681 +
682 +src_compile() {
683 + use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
684 +
685 + # https://bugs.gentoo.org/286772
686 + export LANG=C LC_ALL=C
687 + emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
688 +}
689 +
690 +src_install() {
691 + emake DESTDIR="${D%/}" install
692 +
693 + cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
694 +
695 + newinitd "${FILESDIR}"/nginx.initd-r4 nginx
696 + newconfd "${FILESDIR}"/nginx.confd nginx
697 +
698 + systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
699 +
700 + doman man/nginx.8
701 + dodoc CHANGES* README
702 +
703 + # just keepdir. do not copy the default htdocs files (bug #449136)
704 + keepdir /var/www/localhost
705 + rm -rf "${D}"usr/html || die
706 +
707 + # set up a list of directories to keep
708 + local keepdir_list="${NGINX_HOME_TMP}"/client
709 + local module
710 + for module in proxy fastcgi scgi uwsgi; do
711 + use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
712 + done
713 +
714 + keepdir /var/log/nginx ${keepdir_list}
715 +
716 + # this solves a problem with SELinux where nginx doesn't see the directories
717 + # as root and tries to create them as nginx
718 + fperms 0750 "${NGINX_HOME_TMP}"
719 + fowners ${PN}:0 "${NGINX_HOME_TMP}"
720 +
721 + fperms 0700 ${keepdir_list}
722 + fowners ${PN}:${PN} ${keepdir_list}
723 +
724 + fperms 0710 /var/log/nginx
725 + fowners 0:${PN} /var/log/nginx
726 +
727 + # logrotate
728 + insinto /etc/logrotate.d
729 + newins "${FILESDIR}"/nginx.logrotate-r1 nginx
730 +
731 + if use nginx_modules_http_perl; then
732 + cd "${S}"/objs/src/http/modules/perl/ || die
733 + emake DESTDIR="${D}" INSTALLDIRS=vendor
734 + perl_delete_localpod
735 + cd "${S}" || die
736 + fi
737 +
738 + if use nginx_modules_http_cache_purge; then
739 + docinto ${HTTP_CACHE_PURGE_MODULE_P}
740 + dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
741 + fi
742 +
743 + if use nginx_modules_http_slowfs_cache; then
744 + docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
745 + dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
746 + fi
747 +
748 + if use nginx_modules_http_fancyindex; then
749 + docinto ${HTTP_FANCYINDEX_MODULE_P}
750 + dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
751 + fi
752 +
753 + if use nginx_modules_http_lua; then
754 + docinto ${HTTP_LUA_MODULE_P}
755 + dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
756 + fi
757 +
758 + if use nginx_modules_http_auth_pam; then
759 + docinto ${HTTP_AUTH_PAM_MODULE_P}
760 + dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
761 + fi
762 +
763 + if use nginx_modules_http_upstream_check; then
764 + docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
765 + dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
766 + fi
767 +
768 + if use nginx_modules_http_naxsi; then
769 + insinto /etc/nginx
770 + doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
771 + fi
772 +
773 + if use rtmp; then
774 + docinto ${RTMP_MODULE_P}
775 + dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
776 + fi
777 +
778 + if use nginx_modules_http_dav_ext; then
779 + docinto ${HTTP_DAV_EXT_MODULE_P}
780 + dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
781 + fi
782 +
783 + if use nginx_modules_http_echo; then
784 + docinto ${HTTP_ECHO_MODULE_P}
785 + dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
786 + fi
787 +
788 + if use nginx_modules_http_security; then
789 + docinto ${HTTP_SECURITY_MODULE_P}
790 + dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
791 + fi
792 +
793 + if use nginx_modules_http_push_stream; then
794 + docinto ${HTTP_PUSH_STREAM_MODULE_P}
795 + dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
796 + fi
797 +
798 + if use nginx_modules_http_sticky; then
799 + docinto ${HTTP_STICKY_MODULE_P}
800 + dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
801 + fi
802 +
803 + if use nginx_modules_http_memc; then
804 + docinto ${HTTP_MEMC_MODULE_P}
805 + dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
806 + fi
807 +
808 + if use nginx_modules_http_auth_ldap; then
809 + docinto ${HTTP_LDAP_MODULE_P}
810 + dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
811 + fi
812 +}
813 +
814 +pkg_postinst() {
815 + if use ssl; then
816 + if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
817 + install_cert /etc/ssl/${PN}/${PN}
818 + use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
819 + fi
820 + fi
821 +
822 + if use nginx_modules_http_spdy; then
823 + ewarn ""
824 + ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
825 + ewarn "Update your configs and package.use accordingly."
826 + fi
827 +
828 + if use nginx_modules_http_lua; then
829 + ewarn ""
830 + ewarn "While you can build lua 3rd party module against ${P}"
831 + ewarn "the author warns that >=${PN}-1.11.11 is still not an"
832 + ewarn "officially supported target yet. You are on your own."
833 + ewarn "Expect runtime failures, memory leaks and other problems!"
834 + fi
835 +
836 + if use nginx_modules_http_lua && use http2; then
837 + ewarn ""
838 + ewarn "Lua 3rd party module author warns against using ${P} with"
839 + ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
840 + fi
841 +
842 + local _n_permission_layout_checks=0
843 + local _has_to_adjust_permissions=0
844 + local _has_to_show_permission_warning=0
845 +
846 + # Defaults to 1 to inform people doing a fresh installation
847 + # that we ship modified {scgi,uwsgi,fastcgi}_params files
848 + local _has_to_show_httpoxy_mitigation_notice=1
849 +
850 + local _replacing_version=
851 + for _replacing_version in ${REPLACING_VERSIONS}; do
852 + _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
853 +
854 + if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
855 + # Should never happen:
856 + # Package is abusing slots but doesn't allow multiple parallel installations.
857 + # If we run into this situation it is unsafe to automatically adjust any
858 + # permission...
859 + _has_to_show_permission_warning=1
860 +
861 + ewarn "Replacing multiple ${PN}' versions is unsupported! " \
862 + "You will have to adjust permissions on your own."
863 +
864 + break
865 + fi
866 +
867 + local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
868 + debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
869 +
870 + # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
871 + # This was before we introduced multiple nginx versions so we
872 + # do not need to distinguish between stable and mainline
873 + local _need_to_fix_CVE2013_0337=1
874 +
875 + if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
876 + # We are updating an installation which should already be fixed
877 + _need_to_fix_CVE2013_0337=0
878 + debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
879 + else
880 + _has_to_adjust_permissions=1
881 + debug-print "Need to adjust permissions to fix CVE-2013-0337!"
882 + fi
883 +
884 + # Do we need to inform about HTTPoxy mitigation?
885 + # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
886 + if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
887 + # Updating from <1.10
888 + _has_to_show_httpoxy_mitigation_notice=1
889 + debug-print "Need to inform about HTTPoxy mitigation!"
890 + else
891 + # Updating from >=1.10
892 + local _fixed_in_pvr=
893 + case "${_replacing_version_branch}" in
894 + "1.10")
895 + _fixed_in_pvr="1.10.1-r2"
896 + ;;
897 + "1.11")
898 + _fixed_in_pvr="1.11.3-r1"
899 + ;;
900 + *)
901 + # This should be any future branch.
902 + # If we run this code it is safe to assume that the user has
903 + # already seen the HTTPoxy mitigation notice because he/she is doing
904 + # an update from previous version where we have already shown
905 + # the warning. Otherwise, we wouldn't hit this code path ...
906 + _fixed_in_pvr=
907 + esac
908 +
909 + if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
910 + # We are updating an installation where we already informed
911 + # that we are mitigating HTTPoxy per default
912 + _has_to_show_httpoxy_mitigation_notice=0
913 + debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
914 + else
915 + _has_to_show_httpoxy_mitigation_notice=1
916 + debug-print "Need to inform about HTTPoxy mitigation!"
917 + fi
918 + fi
919 +
920 + # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
921 + # All branches up to 1.11 are affected
922 + local _need_to_fix_CVE2016_1247=1
923 +
924 + if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
925 + # Updating from <1.10
926 + _has_to_adjust_permissions=1
927 + debug-print "Need to adjust permissions to fix CVE-2016-1247!"
928 + else
929 + # Updating from >=1.10
930 + local _fixed_in_pvr=
931 + case "${_replacing_version_branch}" in
932 + "1.10")
933 + _fixed_in_pvr="1.10.2-r3"
934 + ;;
935 + "1.11")
936 + _fixed_in_pvr="1.11.6-r1"
937 + ;;
938 + *)
939 + # This should be any future branch.
940 + # If we run this code it is safe to assume that we have already
941 + # adjusted permissions or were never affected because user is
942 + # doing an update from previous version which was safe or did
943 + # the adjustments. Otherwise, we wouldn't hit this code path ...
944 + _fixed_in_pvr=
945 + esac
946 +
947 + if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
948 + # We are updating an installation which should already be adjusted
949 + # or which was never affected
950 + _need_to_fix_CVE2016_1247=0
951 + debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
952 + else
953 + _has_to_adjust_permissions=1
954 + debug-print "Need to adjust permissions to fix CVE-2016-1247!"
955 + fi
956 + fi
957 + done
958 +
959 + if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
960 + # We do not DIE when chmod/chown commands are failing because
961 + # package is already merged on user's system at this stage
962 + # and we cannot retry without losing the information that
963 + # the existing installation needs to adjust permissions.
964 + # Instead we are going to a show a big warning ...
965 +
966 + if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
967 + ewarn ""
968 + ewarn "The world-readable bit (if set) has been removed from the"
969 + ewarn "following directories to mitigate a security bug"
970 + ewarn "(CVE-2013-0337, bug #458726):"
971 + ewarn ""
972 + ewarn " ${EPREFIX%/}/var/log/nginx"
973 + ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
974 + ewarn ""
975 + ewarn "Check if this is correct for your setup before restarting nginx!"
976 + ewarn "This is a one-time change and will not happen on subsequent updates."
977 + ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
978 + chmod o-rwx \
979 + "${EPREFIX%/}"/var/log/nginx \
980 + "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
981 + _has_to_show_permission_warning=1
982 + fi
983 +
984 + if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
985 + ewarn ""
986 + ewarn "The permissions on the following directory have been reset in"
987 + ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
988 + ewarn ""
989 + ewarn " ${EPREFIX%/}/var/log/nginx"
990 + ewarn ""
991 + ewarn "Check if this is correct for your setup before restarting nginx!"
992 + ewarn "Also ensure that no other log directory used by any of your"
993 + ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
994 + ewarn "used by nginx can be abused to escalate privileges!"
995 + ewarn "This is a one-time change and will not happen on subsequent updates."
996 + chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
997 + chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
998 + fi
999 +
1000 + if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
1001 + # Should never happen ...
1002 + ewarn ""
1003 + ewarn "*************************************************************"
1004 + ewarn "*************** W A R N I N G ***************"
1005 + ewarn "*************************************************************"
1006 + ewarn "The one-time only attempt to adjust permissions of the"
1007 + ewarn "existing nginx installation failed. Be aware that we will not"
1008 + ewarn "try to adjust the same permissions again because now you are"
1009 + ewarn "using a nginx version where we expect that the permissions"
1010 + ewarn "are already adjusted or that you know what you are doing and"
1011 + ewarn "want to keep custom permissions."
1012 + ewarn ""
1013 + fi
1014 + fi
1015 +
1016 + # Sanity check for CVE-2016-1247
1017 + # Required to warn users who received the warning above and thought
1018 + # they could fix it by unmerging and re-merging the package or have
1019 + # unmerged a affected installation on purpose in the past leaving
1020 + # /var/log/nginx on their system due to keepdir/non-empty folder
1021 + # and are now installing the package again.
1022 + local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
1023 + su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
1024 + if [ $? -eq 0 ] ; then
1025 + # Cleanup -- no reason to die here!
1026 + rm -f "${_sanity_check_testfile}"
1027 +
1028 + ewarn ""
1029 + ewarn "*************************************************************"
1030 + ewarn "*************** W A R N I N G ***************"
1031 + ewarn "*************************************************************"
1032 + ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
1033 + ewarn "(bug #605008) because nginx user is able to create files in"
1034 + ewarn ""
1035 + ewarn " ${EPREFIX%/}/var/log/nginx"
1036 + ewarn ""
1037 + ewarn "Also ensure that no other log directory used by any of your"
1038 + ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
1039 + ewarn "used by nginx can be abused to escalate privileges!"
1040 + fi
1041 +
1042 + if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
1043 + # HTTPoxy mitigation
1044 + ewarn ""
1045 + ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
1046 + ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
1047 + ewarn "the HTTP_PROXY parameter to an empty string per default when you"
1048 + ewarn "are sourcing one of the default"
1049 + ewarn ""
1050 + ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
1051 + ewarn " - 'scgi_params'"
1052 + ewarn " - 'uwsgi_params'"
1053 + ewarn ""
1054 + ewarn "files in your server block(s)."
1055 + ewarn ""
1056 + ewarn "If this is causing any problems for you make sure that you are sourcing the"
1057 + ewarn "default parameters _before_ you set your own values."
1058 + ewarn "If you are relying on user-supplied proxy values you have to remove the"
1059 + ewarn "correlating lines from the file(s) mentioned above."
1060 + ewarn ""
1061 + fi
1062 +}
Report Message
Find on MARC Find on Google Groups