Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
Date: Tue, 04 Apr 2017 18:25:07
Message-Id: 1491330293.64ad6ced41a9983b0fcba4ec0c12ebd788e6f799.whissi@gentoo
1 commit: 64ad6ced41a9983b0fcba4ec0c12ebd788e6f799
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Tue Apr 4 18:21:20 2017 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Tue Apr 4 18:24:53 2017 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64ad6ced
7
8 www-servers/nginx: Cleanup old versions
9
10 Package-Manager: Portage-2.3.5, Repoman-2.3.2
11
12 www-servers/nginx/Manifest | 4 -
13 www-servers/nginx/nginx-1.10.2-r3.ebuild | 988 -----------------------------
14 www-servers/nginx/nginx-1.11.6-r1.ebuild | 1001 ------------------------------
15 www-servers/nginx/nginx-1.11.8.ebuild | 1001 ------------------------------
16 www-servers/nginx/nginx-1.11.9.ebuild | 1001 ------------------------------
17 5 files changed, 3995 deletions(-)
18
19 diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
20 index 5bcff98aed8..ae2fef0f10a 100644
21 --- a/www-servers/nginx/Manifest
22 +++ b/www-servers/nginx/Manifest
23 @@ -1,11 +1,7 @@
24 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb
25 -DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7
26 DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6
27 DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd
28 DIST nginx-1.11.12.tar.gz 979963 SHA256 2aff7f9396d1f77256efc363e1cc05ba52d40a29e6de4d9bc08aa444eea14122 SHA512 fc40551b83c98cf81a3a7728c8b143a4d8b98251e8caccf5391397639aacb631ff57427c8207a3f9c86f0a5cb212edaf3ed0d9d92ab085d3387097b99326ff69 WHIRLPOOL 8da4c8a7578abad39f073b4f034bf328e896b51f62d25ad8280c67334e190c1277d988803e9ce169b7e3e1170bbd49dee8f1e2b1cb0f39460e77da568ab75bf0
29 -DIST nginx-1.11.6.tar.gz 960331 SHA256 3153abbb518e2d9c032e1b127da3dc0028ad36cd4679e5f3be0b8afa33bc85bd SHA512 1969f527d4554a976d14e82c2297c519a0d0d82a9fbd3cc703ab42a23067c7fcf101ddf16f1abff374c71f37969fd7c58d2a344c57566538b821acc32cd3d979 WHIRLPOOL 67ed24c25b20f6d94f3a0602946f750b4efafd79d3a093a35fdf370a20377abcc2a54c00fcd5e7bc54305515da9234fb2f192c744a7fb59c4bbdee2ba0c0f626
30 -DIST nginx-1.11.8.tar.gz 964918 SHA256 53aef3715d79015314c2dcb18f2b185a0c64368cc01b30bdf0737a215f666b34 SHA512 4bbecf17579022cc925af8808554983c57e4f438edc8f987751413f0a023267a4766edc8321cbbe8a8b675f7e86d8a2cba76bd52236c8d9509b2b301ab349ffa WHIRLPOOL a30ad4cdc0b74e0f860938942caeee961759ceabae8735725a989db29702b366fb285079a992cbc681ec3fd157ef6f8907f6a3eac13a8af302daad94ca867738
31 -DIST nginx-1.11.9.tar.gz 965463 SHA256 dc22b71f16b551705930544dc042f1ad1af2f9715f565187ec22c7a4b2625748 SHA512 95247d5db3e23a0ea22686cc3fe4295f8854948a6f168a783082fdbb2acbecdad61cd9c8cadd84c1f74c1e87becdca8d6664622ff9cebc72687f20b29cc09fd0 WHIRLPOOL 39a56073e359aac716e0a9ff672ee89b97205c281b53be97920c098aea9b25635e59a5ea0e3a7cb4ba79d43afc8ed3942cd34840773dd1e472101c9ab6ac72a4
32 DIST nginx-auth-ldap-49a8b4d28fc4a518563c82e0b52821e5f37db1fc.tar.gz 17159 SHA256 3c11c32f05da04f1a4647dc4e35dd8d8aeacd5a2e763ba349feba3dba8663132 SHA512 323abd0ca8e90f5afcaf81a8ff1a8abe3dfcbff3d69f0dd4a1c005fe6436acbf3076c4c57a4df877b3d8e388cbea085d46301bb2df9c0752e2567817ff7cca92 WHIRLPOOL ad65e8182b2634db5fa06055ef7d91c7d8aabd0fa986d8402a4845977354d6edb329621b6f9f96c90ce2d158cff20e42ae50fba06a088a84de3e3f414205dbc2
33 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 SHA256 6f9102321d8c68df6d67e9bde145a8de3f45f99f6cb47c08735a86f003234d31 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529 WHIRLPOOL 38abe56e177e22dad68ac7d6570425ecd763d2e891627a75156a6f39bd7edc54f664c3d2f638e1ea57c743dadc6a8c9889be087abbdb4c98b5641c299f7fbc07
34 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 SHA256 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 WHIRLPOOL 5f6ed4e6850d2ce7e8c65e0570a7e2c74a1fe360e167644ed405fff682ab178b09c722c99c1df9af552fb816219b9fc04dcdf638b3e4af68c688434cdb33aa59
35
36 diff --git a/www-servers/nginx/nginx-1.10.2-r3.ebuild b/www-servers/nginx/nginx-1.10.2-r3.ebuild
37 deleted file mode 100644
38 index cf55f356592..00000000000
39 --- a/www-servers/nginx/nginx-1.10.2-r3.ebuild
40 +++ /dev/null
41 @@ -1,988 +0,0 @@
42 -# Copyright 1999-2017 Gentoo Foundation
43 -# Distributed under the terms of the GNU General Public License v2
44 -
45 -EAPI=6
46 -
47 -# Maintainer notes:
48 -# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
49 -# - any http-module activates the main http-functionality and overrides USE=-http
50 -# - keep the following requirements in mind before adding external modules:
51 -# * alive upstream
52 -# * sane packaging
53 -# * builds cleanly
54 -# * does not need a patch for nginx core
55 -# - TODO: test the google-perftools module (included in vanilla tarball)
56 -
57 -# prevent perl-module from adding automagic perl DEPENDs
58 -GENTOO_DEPEND_ON_PERL="no"
59 -
60 -# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
61 -DEVEL_KIT_MODULE_PV="0.3.0"
62 -DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
63 -DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
64 -DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
65 -
66 -# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
67 -HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
68 -HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
69 -HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
70 -HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
71 -
72 -# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
73 -HTTP_HEADERS_MORE_MODULE_PV="0.32"
74 -HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
75 -HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
76 -HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
77 -
78 -# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
79 -HTTP_CACHE_PURGE_MODULE_PV="2.3"
80 -HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
81 -HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
82 -HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
83 -
84 -# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
85 -HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
86 -HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
87 -HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
88 -HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
89 -
90 -# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
91 -HTTP_FANCYINDEX_MODULE_PV="0.4.1"
92 -HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
93 -HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
94 -HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
95 -
96 -# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
97 -HTTP_LUA_MODULE_PV="0.10.7"
98 -HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
99 -HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
100 -HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
101 -
102 -# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
103 -HTTP_AUTH_PAM_MODULE_PV="1.5.1"
104 -HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
105 -HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
106 -HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
107 -
108 -# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
109 -HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
110 -HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
111 -HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
112 -HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
113 -
114 -# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
115 -HTTP_METRICS_MODULE_PV="0.1.1"
116 -HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
117 -HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
118 -HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
119 -
120 -# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
121 -HTTP_NAXSI_MODULE_PV="0.55.1"
122 -HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
123 -HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
124 -HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
125 -
126 -# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
127 -RTMP_MODULE_PV="1.1.10"
128 -RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
129 -RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
130 -RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
131 -
132 -# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
133 -HTTP_DAV_EXT_MODULE_PV="0.0.3"
134 -HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
135 -HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
136 -HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
137 -
138 -# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
139 -HTTP_ECHO_MODULE_PV="0.60"
140 -HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
141 -HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
142 -HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
143 -
144 -# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
145 -# keep the MODULE_P here consistent with upstream to avoid tarball duplication
146 -HTTP_SECURITY_MODULE_PV="2.9.1"
147 -HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
148 -HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
149 -HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
150 -
151 -# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
152 -HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
153 -HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
154 -HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
155 -HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
156 -
157 -# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
158 -HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
159 -HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
160 -HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
161 -HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
162 -
163 -# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
164 -HTTP_MOGILEFS_MODULE_PV="1.0.4"
165 -HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
166 -HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
167 -HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
168 -
169 -# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
170 -HTTP_MEMC_MODULE_PV="0.17"
171 -HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
172 -HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
173 -HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
174 -
175 -# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
176 -HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
177 -HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
178 -HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
179 -HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
180 -
181 -# We handle deps below ourselves
182 -SSL_DEPS_SKIP=1
183 -AUTOTOOLS_AUTO_DEPEND="no"
184 -
185 -inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
186 -
187 -DESCRIPTION="Robust, small and high performance http and reverse proxy server"
188 -HOMEPAGE="https://nginx.org"
189 -SRC_URI="https://nginx.org/download/${P}.tar.gz
190 - ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
191 - nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
192 - nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
193 - nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
194 - nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
195 - nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
196 - nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
197 - nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
198 - nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
199 - nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
200 - nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
201 - rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
202 - nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
203 - nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
204 - nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
205 - nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
206 - nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
207 - nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
208 - nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
209 - nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
210 -
211 -LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
212 - nginx_modules_http_security? ( Apache-2.0 )
213 - nginx_modules_http_push_stream? ( GPL-3 )"
214 -
215 -SLOT="0"
216 -KEYWORDS="amd64 ~arm ~arm64 ~ppc x86 ~x86-fbsd ~amd64-linux ~x86-linux"
217 -
218 -# Package doesn't provide a real test suite
219 -RESTRICT="test"
220 -
221 -NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
222 - fastcgi geo gzip limit_req limit_conn map memcached proxy referer
223 - rewrite scgi ssi split_clients upstream_ip_hash userid uwsgi"
224 -NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
225 - gzip_static image_filter mp4 perl random_index realip secure_link
226 - slice stub_status sub xslt"
227 -NGINX_MODULES_STREAM="access limit_conn upstream"
228 -NGINX_MODULES_MAIL="imap pop3 smtp"
229 -NGINX_MODULES_3RD="
230 - http_upload_progress
231 - http_headers_more
232 - http_cache_purge
233 - http_slowfs_cache
234 - http_fancyindex
235 - http_lua
236 - http_auth_pam
237 - http_upstream_check
238 - http_metrics
239 - http_naxsi
240 - http_dav_ext
241 - http_echo
242 - http_security
243 - http_push_stream
244 - http_sticky
245 - http_mogilefs
246 - http_memc
247 - http_auth_ldap"
248 -
249 -IUSE="aio debug +http +http2 +http-cache ipv6 libatomic libressl luajit +pcre
250 - pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
251 -
252 -for mod in $NGINX_MODULES_STD; do
253 - IUSE="${IUSE} +nginx_modules_http_${mod}"
254 -done
255 -
256 -for mod in $NGINX_MODULES_OPT; do
257 - IUSE="${IUSE} nginx_modules_http_${mod}"
258 -done
259 -
260 -for mod in $NGINX_MODULES_STREAM; do
261 - IUSE="${IUSE} nginx_modules_stream_${mod}"
262 -done
263 -
264 -for mod in $NGINX_MODULES_MAIL; do
265 - IUSE="${IUSE} nginx_modules_mail_${mod}"
266 -done
267 -
268 -for mod in $NGINX_MODULES_3RD; do
269 - IUSE="${IUSE} nginx_modules_${mod}"
270 -done
271 -
272 -# Add so we can warn users updating about config changes
273 -# @TODO: jbergstroem: remove on next release series
274 -IUSE="${IUSE} nginx_modules_http_spdy"
275 -
276 -CDEPEND="
277 - pcre? ( dev-libs/libpcre:= )
278 - pcre-jit? ( dev-libs/libpcre:=[jit] )
279 - ssl? (
280 - !libressl? ( dev-libs/openssl:0= )
281 - libressl? ( dev-libs/libressl:= )
282 - )
283 - http2? (
284 - !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
285 - libressl? ( dev-libs/libressl:= )
286 - )
287 - http-cache? (
288 - userland_GNU? (
289 - !libressl? ( dev-libs/openssl:0= )
290 - libressl? ( dev-libs/libressl:= )
291 - )
292 - )
293 - nginx_modules_http_geoip? ( dev-libs/geoip )
294 - nginx_modules_http_gunzip? ( sys-libs/zlib )
295 - nginx_modules_http_gzip? ( sys-libs/zlib )
296 - nginx_modules_http_gzip_static? ( sys-libs/zlib )
297 - nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
298 - nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
299 - nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
300 - nginx_modules_http_secure_link? (
301 - userland_GNU? (
302 - !libressl? ( dev-libs/openssl:0= )
303 - libressl? ( dev-libs/libressl:= )
304 - )
305 - )
306 - nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
307 - nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
308 - nginx_modules_http_auth_pam? ( virtual/pam )
309 - nginx_modules_http_metrics? ( dev-libs/yajl:= )
310 - nginx_modules_http_dav_ext? ( dev-libs/expat )
311 - nginx_modules_http_security? (
312 - dev-libs/apr:=
313 - dev-libs/apr-util:=
314 - dev-libs/libxml2:=
315 - net-misc/curl
316 - www-servers/apache
317 - )
318 - nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
319 -RDEPEND="${CDEPEND}
320 - selinux? ( sec-policy/selinux-nginx )
321 - !www-servers/nginx:mainline"
322 -DEPEND="${CDEPEND}
323 - nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
324 - arm? ( dev-libs/libatomic_ops )
325 - libatomic? ( dev-libs/libatomic_ops )"
326 -PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
327 -
328 -REQUIRED_USE="pcre-jit? ( pcre )
329 - nginx_modules_http_lua? ( nginx_modules_http_rewrite )
330 - nginx_modules_http_naxsi? ( pcre )
331 - nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
332 - nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
333 - nginx_modules_http_security? ( pcre )
334 - nginx_modules_http_push_stream? ( ssl )"
335 -
336 -pkg_setup() {
337 - NGINX_HOME="/var/lib/nginx"
338 - NGINX_HOME_TMP="${NGINX_HOME}/tmp"
339 -
340 - ebegin "Creating nginx user and group"
341 - enewgroup ${PN}
342 - enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
343 - eend $?
344 -
345 - if use libatomic; then
346 - ewarn "GCC 4.1+ features built-in atomic operations."
347 - ewarn "Using libatomic_ops is only needed if using"
348 - ewarn "a different compiler or a GCC prior to 4.1"
349 - fi
350 -
351 - if [[ -n $NGINX_ADD_MODULES ]]; then
352 - ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
353 - ewarn "This nginx installation is not supported!"
354 - ewarn "Make sure you can reproduce the bug without those modules"
355 - ewarn "_before_ reporting bugs."
356 - fi
357 -
358 - if use !http; then
359 - ewarn "To actually disable all http-functionality you also have to disable"
360 - ewarn "all nginx http modules."
361 - fi
362 -
363 - if use nginx_modules_http_mogilefs && use threads; then
364 - eerror "mogilefs won't compile with threads support."
365 - eerror "Please disable either flag and try again."
366 - die "Can't compile mogilefs with threads support"
367 - fi
368 -}
369 -
370 -src_prepare() {
371 - eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
372 - eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
373 -
374 - if use nginx_modules_http_upstream_check; then
375 - eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}/check_1.9.2+".patch
376 - fi
377 -
378 - if use nginx_modules_http_lua; then
379 - sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
380 - fi
381 -
382 - if use nginx_modules_http_security; then
383 - cd "${HTTP_SECURITY_MODULE_WD}" || die
384 -
385 - eapply "${FILESDIR}"/http_security-pr_1158.patch
386 -
387 - eautoreconf
388 -
389 - if use luajit ; then
390 - sed -i \
391 - -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
392 - configure || die
393 - fi
394 -
395 - cd "${S}" || die
396 - fi
397 -
398 - if use nginx_modules_http_upload_progress; then
399 - cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
400 - eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
401 - cd "${S}" || die
402 - fi
403 -
404 - if use nginx_modules_http_memc; then
405 - cd "${HTTP_MEMC_MODULE_WD}" || die
406 - eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
407 - cd "${S}" || die
408 - fi
409 -
410 - find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
411 - # We have config protection, don't rename etc files
412 - sed -i 's:.default::' auto/install || die
413 - # remove useless files
414 - sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
415 -
416 - # don't install to /etc/nginx/ if not in use
417 - local module
418 - for module in fastcgi scgi uwsgi ; do
419 - if ! use nginx_modules_http_${module}; then
420 - sed -i -e "/${module}/d" auto/install || die
421 - fi
422 - done
423 -
424 - eapply_user
425 -}
426 -
427 -src_configure() {
428 - # mod_security needs to generate nginx/modsecurity/config before including it
429 - if use nginx_modules_http_security; then
430 - cd "${HTTP_SECURITY_MODULE_WD}" || die
431 -
432 - ./configure \
433 - --enable-standalone-module \
434 - --disable-mlogc \
435 - --with-ssdeep=no \
436 - $(use_enable pcre-jit) \
437 - $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
438 -
439 - cd "${S}" || die
440 - fi
441 -
442 - local myconf=() http_enabled= mail_enabled= stream_enabled=
443 -
444 - use aio && myconf+=( --with-file-aio )
445 - use debug && myconf+=( --with-debug )
446 - use http2 && myconf+=( --with-http_v2_module )
447 - use ipv6 && myconf+=( --with-ipv6 )
448 - use libatomic && myconf+=( --with-libatomic )
449 - use pcre && myconf+=( --with-pcre )
450 - use pcre-jit && myconf+=( --with-pcre-jit )
451 - use threads && myconf+=( --with-threads )
452 -
453 - # HTTP modules
454 - for mod in $NGINX_MODULES_STD; do
455 - if use nginx_modules_http_${mod}; then
456 - http_enabled=1
457 - else
458 - myconf+=( --without-http_${mod}_module )
459 - fi
460 - done
461 -
462 - for mod in $NGINX_MODULES_OPT; do
463 - if use nginx_modules_http_${mod}; then
464 - http_enabled=1
465 - myconf+=( --with-http_${mod}_module )
466 - fi
467 - done
468 -
469 - if use nginx_modules_http_fastcgi; then
470 - myconf+=( --with-http_realip_module )
471 - fi
472 -
473 - # third-party modules
474 - if use nginx_modules_http_upload_progress; then
475 - http_enabled=1
476 - myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
477 - fi
478 -
479 - if use nginx_modules_http_headers_more; then
480 - http_enabled=1
481 - myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
482 - fi
483 -
484 - if use nginx_modules_http_cache_purge; then
485 - http_enabled=1
486 - myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
487 - fi
488 -
489 - if use nginx_modules_http_slowfs_cache; then
490 - http_enabled=1
491 - myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
492 - fi
493 -
494 - if use nginx_modules_http_fancyindex; then
495 - http_enabled=1
496 - myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
497 - fi
498 -
499 - if use nginx_modules_http_lua; then
500 - http_enabled=1
501 - if use luajit; then
502 - export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
503 - export LUAJIT_INC=$(pkg-config --variable includedir luajit)
504 - else
505 - export LUA_LIB=$(pkg-config --variable libdir lua)
506 - export LUA_INC=$(pkg-config --variable includedir lua)
507 - fi
508 - myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
509 - myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
510 - fi
511 -
512 - if use nginx_modules_http_auth_pam; then
513 - http_enabled=1
514 - myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
515 - fi
516 -
517 - if use nginx_modules_http_upstream_check; then
518 - http_enabled=1
519 - myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
520 - fi
521 -
522 - if use nginx_modules_http_metrics; then
523 - http_enabled=1
524 - myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
525 - fi
526 -
527 - if use nginx_modules_http_naxsi ; then
528 - http_enabled=1
529 - myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
530 - fi
531 -
532 - if use rtmp ; then
533 - http_enabled=1
534 - myconf+=( --add-module=${RTMP_MODULE_WD} )
535 - fi
536 -
537 - if use nginx_modules_http_dav_ext ; then
538 - http_enabled=1
539 - myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
540 - fi
541 -
542 - if use nginx_modules_http_echo ; then
543 - http_enabled=1
544 - myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
545 - fi
546 -
547 - if use nginx_modules_http_security ; then
548 - http_enabled=1
549 - myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
550 - fi
551 -
552 - if use nginx_modules_http_push_stream ; then
553 - http_enabled=1
554 - myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
555 - fi
556 -
557 - if use nginx_modules_http_sticky ; then
558 - http_enabled=1
559 - myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
560 - fi
561 -
562 - if use nginx_modules_http_mogilefs ; then
563 - http_enabled=1
564 - myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
565 - fi
566 -
567 - if use nginx_modules_http_memc ; then
568 - http_enabled=1
569 - myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
570 - fi
571 -
572 - if use nginx_modules_http_auth_ldap; then
573 - http_enabled=1
574 - myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
575 - fi
576 -
577 - if use http || use http-cache || use http2; then
578 - http_enabled=1
579 - fi
580 -
581 - if [ $http_enabled ]; then
582 - use http-cache || myconf+=( --without-http-cache )
583 - use ssl && myconf+=( --with-http_ssl_module )
584 - else
585 - myconf+=( --without-http --without-http-cache )
586 - fi
587 -
588 - # Stream modules
589 - for mod in $NGINX_MODULES_STREAM; do
590 - if use nginx_modules_stream_${mod}; then
591 - stream_enabled=1
592 - else
593 - # Treat stream upstream slightly differently
594 - if ! use nginx_modules_stream_upstream; then
595 - myconf+=( --without-stream_upstream_hash_module )
596 - myconf+=( --without-stream_upstream_least_conn_module )
597 - myconf+=( --without-stream_upstream_zone_module )
598 - else
599 - myconf+=( --without-stream_${mod}_module )
600 - fi
601 - fi
602 - done
603 -
604 - if [ $stream_enabled ]; then
605 - myconf+=( --with-stream )
606 - use ssl && myconf+=( --with-stream_ssl_module )
607 - fi
608 -
609 - # MAIL modules
610 - for mod in $NGINX_MODULES_MAIL; do
611 - if use nginx_modules_mail_${mod}; then
612 - mail_enabled=1
613 - else
614 - myconf+=( --without-mail_${mod}_module )
615 - fi
616 - done
617 -
618 - if [ $mail_enabled ]; then
619 - myconf+=( --with-mail )
620 - use ssl && myconf+=( --with-mail_ssl_module )
621 - fi
622 -
623 - # custom modules
624 - for mod in $NGINX_ADD_MODULES; do
625 - myconf+=( --add-module=${mod} )
626 - done
627 -
628 - # https://bugs.gentoo.org/286772
629 - export LANG=C LC_ALL=C
630 - tc-export CC
631 -
632 - if ! use prefix; then
633 - myconf+=( --user=${PN} )
634 - myconf+=( --group=${PN} )
635 - fi
636 -
637 - ./configure \
638 - --prefix="${EPREFIX}"/usr \
639 - --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
640 - --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
641 - --pid-path="${EPREFIX}"/run/${PN}.pid \
642 - --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
643 - --with-cc-opt="-I${EROOT}usr/include" \
644 - --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
645 - --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
646 - --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
647 - --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
648 - --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
649 - --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
650 - --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
651 - "${myconf[@]}" || die "configure failed"
652 -
653 - # A purely cosmetic change that makes nginx -V more readable. This can be
654 - # good if people outside the gentoo community would troubleshoot and
655 - # question the users setup.
656 - sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
657 -}
658 -
659 -src_compile() {
660 - use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
661 -
662 - # https://bugs.gentoo.org/286772
663 - export LANG=C LC_ALL=C
664 - emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
665 -}
666 -
667 -src_install() {
668 - emake DESTDIR="${D%/}" install
669 -
670 - cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
671 -
672 - newinitd "${FILESDIR}"/nginx.initd-r4 nginx
673 - newconfd "${FILESDIR}"/nginx.confd nginx
674 -
675 - systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
676 -
677 - doman man/nginx.8
678 - dodoc CHANGES* README
679 -
680 - # just keepdir. do not copy the default htdocs files (bug #449136)
681 - keepdir /var/www/localhost
682 - rm -rf "${D}"usr/html || die
683 -
684 - # set up a list of directories to keep
685 - local keepdir_list="${NGINX_HOME_TMP}"/client
686 - local module
687 - for module in proxy fastcgi scgi uwsgi; do
688 - use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
689 - done
690 -
691 - keepdir /var/log/nginx ${keepdir_list}
692 -
693 - # this solves a problem with SELinux where nginx doesn't see the directories
694 - # as root and tries to create them as nginx
695 - fperms 0750 "${NGINX_HOME_TMP}"
696 - fowners ${PN}:0 "${NGINX_HOME_TMP}"
697 -
698 - fperms 0700 ${keepdir_list}
699 - fowners ${PN}:${PN} ${keepdir_list}
700 -
701 - fperms 0710 /var/log/nginx
702 - fowners 0:${PN} /var/log/nginx
703 -
704 - # logrotate
705 - insinto /etc/logrotate.d
706 - newins "${FILESDIR}"/nginx.logrotate-r1 nginx
707 -
708 - if use nginx_modules_http_perl; then
709 - cd "${S}"/objs/src/http/modules/perl/ || die
710 - emake DESTDIR="${D}" INSTALLDIRS=vendor
711 - perl_delete_localpod
712 - cd "${S}" || die
713 - fi
714 -
715 - if use nginx_modules_http_cache_purge; then
716 - docinto ${HTTP_CACHE_PURGE_MODULE_P}
717 - dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
718 - fi
719 -
720 - if use nginx_modules_http_slowfs_cache; then
721 - docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
722 - dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
723 - fi
724 -
725 - if use nginx_modules_http_fancyindex; then
726 - docinto ${HTTP_FANCYINDEX_MODULE_P}
727 - dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
728 - fi
729 -
730 - if use nginx_modules_http_lua; then
731 - docinto ${HTTP_LUA_MODULE_P}
732 - dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
733 - fi
734 -
735 - if use nginx_modules_http_auth_pam; then
736 - docinto ${HTTP_AUTH_PAM_MODULE_P}
737 - dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
738 - fi
739 -
740 - if use nginx_modules_http_upstream_check; then
741 - docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
742 - dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
743 - fi
744 -
745 - if use nginx_modules_http_naxsi; then
746 - insinto /etc/nginx
747 - doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
748 - fi
749 -
750 - if use rtmp; then
751 - docinto ${RTMP_MODULE_P}
752 - dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
753 - fi
754 -
755 - if use nginx_modules_http_dav_ext; then
756 - docinto ${HTTP_DAV_EXT_MODULE_P}
757 - dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
758 - fi
759 -
760 - if use nginx_modules_http_echo; then
761 - docinto ${HTTP_ECHO_MODULE_P}
762 - dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
763 - fi
764 -
765 - if use nginx_modules_http_security; then
766 - docinto ${HTTP_SECURITY_MODULE_P}
767 - dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
768 - fi
769 -
770 - if use nginx_modules_http_push_stream; then
771 - docinto ${HTTP_PUSH_STREAM_MODULE_P}
772 - dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
773 - fi
774 -
775 - if use nginx_modules_http_sticky; then
776 - docinto ${HTTP_STICKY_MODULE_P}
777 - dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
778 - fi
779 -
780 - if use nginx_modules_http_memc; then
781 - docinto ${HTTP_MEMC_MODULE_P}
782 - dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
783 - fi
784 -
785 - if use nginx_modules_http_auth_ldap; then
786 - docinto ${HTTP_LDAP_MODULE_P}
787 - dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
788 - fi
789 -}
790 -
791 -pkg_postinst() {
792 - if use ssl; then
793 - if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
794 - install_cert /etc/ssl/${PN}/${PN}
795 - use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
796 - fi
797 - fi
798 -
799 - if use nginx_modules_http_spdy; then
800 - ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
801 - ewarn "Update your configs and package.use accordingly."
802 - fi
803 -
804 - if use nginx_modules_http_lua && use http2; then
805 - ewarn "Lua 3rd party module author warns against using ${P} with"
806 - ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
807 - fi
808 -
809 - local _n_permission_layout_checks=0
810 - local _has_to_adjust_permissions=0
811 - local _has_to_show_permission_warning=0
812 -
813 - # Defaults to 1 to inform people doing a fresh installation
814 - # that we ship modified {scgi,uwsgi,fastcgi}_params files
815 - local _has_to_show_httpoxy_mitigation_notice=1
816 -
817 - local _replacing_version=
818 - for _replacing_version in ${REPLACING_VERSIONS}; do
819 - _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
820 -
821 - if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
822 - # Should never happen:
823 - # Package is abusing slots but doesn't allow multiple parallel installations.
824 - # If we run into this situation it is unsafe to automatically adjust any
825 - # permission...
826 - _has_to_show_permission_warning=1
827 -
828 - ewarn "Replacing multiple ${PN}' versions is unsupported! " \
829 - "You will have to adjust permissions on your own."
830 -
831 - break
832 - fi
833 -
834 - local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
835 - debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
836 -
837 - # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
838 - # This was before we introduced multiple nginx versions so we
839 - # do not need to distinguish between stable and mainline
840 - local _need_to_fix_CVE2013_0337=1
841 -
842 - if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
843 - # We are updating an installation which should already be fixed
844 - _need_to_fix_CVE2013_0337=0
845 - debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
846 - else
847 - _has_to_adjust_permissions=1
848 - debug-print "Need to adjust permissions to fix CVE-2013-0337!"
849 - fi
850 -
851 - # Do we need to inform about HTTPoxy mitigation?
852 - # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
853 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
854 - # Updating from <1.10
855 - _has_to_show_httpoxy_mitigation_notice=1
856 - debug-print "Need to inform about HTTPoxy mitigation!"
857 - else
858 - # Updating from >=1.10
859 - local _fixed_in_pvr=
860 - case "${_replacing_version_branch}" in
861 - "1.10")
862 - _fixed_in_pvr="1.10.1-r2"
863 - ;;
864 - "1.11")
865 - _fixed_in_pvr="1.11.3-r1"
866 - ;;
867 - *)
868 - # This should be any future branch.
869 - # If we run this code it is safe to assume that the user has
870 - # already seen the HTTPoxy mitigation notice because he/she is doing
871 - # an update from previous version where we have already shown
872 - # the warning. Otherwise, we wouldn't hit this code path ...
873 - _fixed_in_pvr=
874 - esac
875 -
876 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
877 - # We are updating an installation where we already informed
878 - # that we are mitigating HTTPoxy per default
879 - _has_to_show_httpoxy_mitigation_notice=0
880 - debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
881 - else
882 - _has_to_show_httpoxy_mitigation_notice=1
883 - debug-print "Need to inform about HTTPoxy mitigation!"
884 - fi
885 - fi
886 -
887 - # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
888 - # All branches up to 1.11 are affected
889 - local _need_to_fix_CVE2016_1247=1
890 -
891 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
892 - # Updating from <1.10
893 - _has_to_adjust_permissions=1
894 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
895 - else
896 - # Updating from >=1.10
897 - local _fixed_in_pvr=
898 - case "${_replacing_version_branch}" in
899 - "1.10")
900 - _fixed_in_pvr="1.10.2-r3"
901 - ;;
902 - "1.11")
903 - _fixed_in_pvr="1.11.6-r1"
904 - ;;
905 - *)
906 - # This should be any future branch.
907 - # If we run this code it is safe to assume that we have already
908 - # adjusted permissions or were never affected because user is
909 - # doing an update from previous version which was safe or did
910 - # the adjustments. Otherwise, we wouldn't hit this code path ...
911 - _fixed_in_pvr=
912 - esac
913 -
914 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
915 - # We are updating an installation which should already be adjusted
916 - # or which was never affected
917 - _need_to_fix_CVE2016_1247=0
918 - debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
919 - else
920 - _has_to_adjust_permissions=1
921 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
922 - fi
923 - fi
924 - done
925 -
926 - if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
927 - # We do not DIE when chmod/chown commands are failing because
928 - # package is already merged on user's system at this stage
929 - # and we cannot retry without losing the information that
930 - # the existing installation needs to adjust permissions.
931 - # Instead we are going to a show a big warning ...
932 -
933 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
934 - ewarn ""
935 - ewarn "The world-readable bit (if set) has been removed from the"
936 - ewarn "following directories to mitigate a security bug"
937 - ewarn "(CVE-2013-0337, bug #458726):"
938 - ewarn ""
939 - ewarn " ${EPREFIX%/}/var/log/nginx"
940 - ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
941 - ewarn ""
942 - ewarn "Check if this is correct for your setup before restarting nginx!"
943 - ewarn "This is a one-time change and will not happen on subsequent updates."
944 - ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
945 - chmod o-rwx \
946 - "${EPREFIX%/}"/var/log/nginx \
947 - "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
948 - _has_to_show_permission_warning=1
949 - fi
950 -
951 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
952 - ewarn ""
953 - ewarn "The permissions on the following directory have been reset in"
954 - ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
955 - ewarn ""
956 - ewarn " ${EPREFIX%/}/var/log/nginx"
957 - ewarn ""
958 - ewarn "Check if this is correct for your setup before restarting nginx!"
959 - ewarn "Also ensure that no other log directory used by any of your"
960 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
961 - ewarn "used by nginx can be abused to escalate privileges!"
962 - ewarn "This is a one-time change and will not happen on subsequent updates."
963 - chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
964 - chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
965 - fi
966 -
967 - if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
968 - # Should never happen ...
969 - ewarn ""
970 - ewarn "*************************************************************"
971 - ewarn "*************** W A R N I N G ***************"
972 - ewarn "*************************************************************"
973 - ewarn "The one-time only attempt to adjust permissions of the"
974 - ewarn "existing nginx installation failed. Be aware that we will not"
975 - ewarn "try to adjust the same permissions again because now you are"
976 - ewarn "using a nginx version where we expect that the permissions"
977 - ewarn "are already adjusted or that you know what you are doing and"
978 - ewarn "want to keep custom permissions."
979 - ewarn ""
980 - fi
981 - fi
982 -
983 - # Sanity check for CVE-2016-1247
984 - # Required to warn users who received the warning above and thought
985 - # they could fix it by unmerging and re-merging the package or have
986 - # unmerged a affected installation on purpose in the past leaving
987 - # /var/log/nginx on their system due to keepdir/non-empty folder
988 - # and are now installing the package again.
989 - local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
990 - su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
991 - if [ $? -eq 0 ] ; then
992 - # Cleanup -- no reason to die here!
993 - rm -f "${_sanity_check_testfile}"
994 -
995 - ewarn ""
996 - ewarn "*************************************************************"
997 - ewarn "*************** W A R N I N G ***************"
998 - ewarn "*************************************************************"
999 - ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
1000 - ewarn "(bug #605008) because nginx user is able to create files in"
1001 - ewarn ""
1002 - ewarn " ${EPREFIX%/}/var/log/nginx"
1003 - ewarn ""
1004 - ewarn "Also ensure that no other log directory used by any of your"
1005 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
1006 - ewarn "used by nginx can be abused to escalate privileges!"
1007 - fi
1008 -
1009 - if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
1010 - # HTTPoxy mitigation
1011 - ewarn ""
1012 - ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
1013 - ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
1014 - ewarn "the HTTP_PROXY parameter to an empty string per default when you"
1015 - ewarn "are sourcing one of the default"
1016 - ewarn ""
1017 - ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
1018 - ewarn " - 'scgi_params'"
1019 - ewarn " - 'uwsgi_params'"
1020 - ewarn ""
1021 - ewarn "files in your server block(s)."
1022 - ewarn ""
1023 - ewarn "If this is causing any problems for you make sure that you are sourcing the"
1024 - ewarn "default parameters _before_ you set your own values."
1025 - ewarn "If you are relying on user-supplied proxy values you have to remove the"
1026 - ewarn "correlating lines from the file(s) mentioned above."
1027 - ewarn ""
1028 - fi
1029 -}
1030
1031 diff --git a/www-servers/nginx/nginx-1.11.6-r1.ebuild b/www-servers/nginx/nginx-1.11.6-r1.ebuild
1032 deleted file mode 100644
1033 index 688728d104b..00000000000
1034 --- a/www-servers/nginx/nginx-1.11.6-r1.ebuild
1035 +++ /dev/null
1036 @@ -1,1001 +0,0 @@
1037 -# Copyright 1999-2017 Gentoo Foundation
1038 -# Distributed under the terms of the GNU General Public License v2
1039 -
1040 -EAPI=6
1041 -
1042 -# Maintainer notes:
1043 -# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
1044 -# - any http-module activates the main http-functionality and overrides USE=-http
1045 -# - keep the following requirements in mind before adding external modules:
1046 -# * alive upstream
1047 -# * sane packaging
1048 -# * builds cleanly
1049 -# * does not need a patch for nginx core
1050 -# - TODO: test the google-perftools module (included in vanilla tarball)
1051 -
1052 -# prevent perl-module from adding automagic perl DEPENDs
1053 -GENTOO_DEPEND_ON_PERL="no"
1054 -
1055 -# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
1056 -DEVEL_KIT_MODULE_PV="0.3.0"
1057 -DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
1058 -DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
1059 -DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
1060 -
1061 -# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
1062 -HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
1063 -HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
1064 -HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
1065 -HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
1066 -
1067 -# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
1068 -HTTP_HEADERS_MORE_MODULE_PV="0.32"
1069 -HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
1070 -HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
1071 -HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
1072 -
1073 -# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
1074 -HTTP_CACHE_PURGE_MODULE_PV="2.3"
1075 -HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
1076 -HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
1077 -HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
1078 -
1079 -# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
1080 -HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
1081 -HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
1082 -HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
1083 -HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
1084 -
1085 -# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
1086 -HTTP_FANCYINDEX_MODULE_PV="0.4.1"
1087 -HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
1088 -HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
1089 -HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
1090 -
1091 -# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
1092 -HTTP_LUA_MODULE_PV="0.10.7"
1093 -HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
1094 -HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
1095 -HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
1096 -
1097 -# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
1098 -HTTP_AUTH_PAM_MODULE_PV="1.5.1"
1099 -HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
1100 -HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
1101 -HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
1102 -
1103 -# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
1104 -HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
1105 -HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
1106 -HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
1107 -HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
1108 -
1109 -# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
1110 -HTTP_METRICS_MODULE_PV="0.1.1"
1111 -HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
1112 -HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
1113 -HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
1114 -
1115 -# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
1116 -HTTP_NAXSI_MODULE_PV="0.55.1"
1117 -HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
1118 -HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
1119 -HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
1120 -
1121 -# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
1122 -RTMP_MODULE_PV="1.1.10"
1123 -RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
1124 -RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
1125 -RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
1126 -
1127 -# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
1128 -HTTP_DAV_EXT_MODULE_PV="0.0.3"
1129 -HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
1130 -HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
1131 -HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
1132 -
1133 -# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
1134 -HTTP_ECHO_MODULE_PV="0.60"
1135 -HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
1136 -HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
1137 -HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
1138 -
1139 -# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
1140 -# keep the MODULE_P here consistent with upstream to avoid tarball duplication
1141 -HTTP_SECURITY_MODULE_PV="2.9.1"
1142 -HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
1143 -HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
1144 -HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
1145 -
1146 -# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
1147 -HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
1148 -HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
1149 -HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
1150 -HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
1151 -
1152 -# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
1153 -HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
1154 -HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
1155 -HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
1156 -HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
1157 -
1158 -# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
1159 -HTTP_MOGILEFS_MODULE_PV="1.0.4"
1160 -HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
1161 -HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
1162 -HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
1163 -
1164 -# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
1165 -HTTP_MEMC_MODULE_PV="0.17"
1166 -HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
1167 -HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
1168 -HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
1169 -
1170 -# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
1171 -HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
1172 -HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
1173 -HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
1174 -HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
1175 -
1176 -# We handle deps below ourselves
1177 -SSL_DEPS_SKIP=1
1178 -AUTOTOOLS_AUTO_DEPEND="no"
1179 -
1180 -inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
1181 -
1182 -DESCRIPTION="Robust, small and high performance http and reverse proxy server"
1183 -HOMEPAGE="https://nginx.org"
1184 -SRC_URI="https://nginx.org/download/${P}.tar.gz
1185 - ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
1186 - nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
1187 - nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
1188 - nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
1189 - nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
1190 - nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
1191 - nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
1192 - nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
1193 - nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
1194 - nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
1195 - nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
1196 - rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
1197 - nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
1198 - nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
1199 - nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
1200 - nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
1201 - nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
1202 - nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
1203 - nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
1204 - nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
1205 -
1206 -LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
1207 - nginx_modules_http_security? ( Apache-2.0 )
1208 - nginx_modules_http_push_stream? ( GPL-3 )"
1209 -
1210 -SLOT="mainline"
1211 -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
1212 -
1213 -# Package doesn't provide a real test suite
1214 -RESTRICT="test"
1215 -
1216 -NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
1217 - fastcgi geo gzip limit_req limit_conn map memcached proxy referer
1218 - rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
1219 - upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
1220 -NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
1221 - gzip_static image_filter mp4 perl random_index realip secure_link
1222 - slice stub_status sub xslt"
1223 -NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
1224 - upstream_hash upstream_least_conn upstream_zone"
1225 -NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
1226 -NGINX_MODULES_MAIL="imap pop3 smtp"
1227 -NGINX_MODULES_3RD="
1228 - http_upload_progress
1229 - http_headers_more
1230 - http_cache_purge
1231 - http_slowfs_cache
1232 - http_fancyindex
1233 - http_lua
1234 - http_auth_pam
1235 - http_upstream_check
1236 - http_metrics
1237 - http_naxsi
1238 - http_dav_ext
1239 - http_echo
1240 - http_security
1241 - http_push_stream
1242 - http_sticky
1243 - http_mogilefs
1244 - http_memc
1245 - http_auth_ldap"
1246 -
1247 -IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
1248 - pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
1249 -
1250 -for mod in $NGINX_MODULES_STD; do
1251 - IUSE="${IUSE} +nginx_modules_http_${mod}"
1252 -done
1253 -
1254 -for mod in $NGINX_MODULES_OPT; do
1255 - IUSE="${IUSE} nginx_modules_http_${mod}"
1256 -done
1257 -
1258 -for mod in $NGINX_MODULES_STREAM_STD; do
1259 - IUSE="${IUSE} nginx_modules_stream_${mod}"
1260 -done
1261 -
1262 -for mod in $NGINX_MODULES_STREAM_OPT; do
1263 - IUSE="${IUSE} nginx_modules_stream_${mod}"
1264 -done
1265 -
1266 -for mod in $NGINX_MODULES_MAIL; do
1267 - IUSE="${IUSE} nginx_modules_mail_${mod}"
1268 -done
1269 -
1270 -for mod in $NGINX_MODULES_3RD; do
1271 - IUSE="${IUSE} nginx_modules_${mod}"
1272 -done
1273 -
1274 -# Add so we can warn users updating about config changes
1275 -# @TODO: jbergstroem: remove on next release series
1276 -IUSE="${IUSE} nginx_modules_http_spdy"
1277 -
1278 -CDEPEND="
1279 - pcre? ( dev-libs/libpcre:= )
1280 - pcre-jit? ( dev-libs/libpcre:=[jit] )
1281 - ssl? (
1282 - !libressl? ( dev-libs/openssl:0= )
1283 - libressl? ( dev-libs/libressl:= )
1284 - )
1285 - http2? (
1286 - !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
1287 - libressl? ( dev-libs/libressl:= )
1288 - )
1289 - http-cache? (
1290 - userland_GNU? (
1291 - !libressl? ( dev-libs/openssl:0= )
1292 - libressl? ( dev-libs/libressl:= )
1293 - )
1294 - )
1295 - nginx_modules_http_geoip? ( dev-libs/geoip )
1296 - nginx_modules_http_gunzip? ( sys-libs/zlib )
1297 - nginx_modules_http_gzip? ( sys-libs/zlib )
1298 - nginx_modules_http_gzip_static? ( sys-libs/zlib )
1299 - nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
1300 - nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
1301 - nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
1302 - nginx_modules_http_secure_link? (
1303 - userland_GNU? (
1304 - !libressl? ( dev-libs/openssl:0= )
1305 - libressl? ( dev-libs/libressl:= )
1306 - )
1307 - )
1308 - nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
1309 - nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
1310 - nginx_modules_http_auth_pam? ( virtual/pam )
1311 - nginx_modules_http_metrics? ( dev-libs/yajl:= )
1312 - nginx_modules_http_dav_ext? ( dev-libs/expat )
1313 - nginx_modules_http_security? (
1314 - dev-libs/apr:=
1315 - dev-libs/apr-util:=
1316 - dev-libs/libxml2:=
1317 - net-misc/curl
1318 - www-servers/apache
1319 - )
1320 - nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
1321 -RDEPEND="${CDEPEND}
1322 - selinux? ( sec-policy/selinux-nginx )
1323 - !www-servers/nginx:0"
1324 -DEPEND="${CDEPEND}
1325 - nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
1326 - arm? ( dev-libs/libatomic_ops )
1327 - libatomic? ( dev-libs/libatomic_ops )"
1328 -PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
1329 -
1330 -REQUIRED_USE="pcre-jit? ( pcre )
1331 - nginx_modules_http_lua? ( nginx_modules_http_rewrite )
1332 - nginx_modules_http_naxsi? ( pcre )
1333 - nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
1334 - nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
1335 - nginx_modules_http_security? ( pcre )
1336 - nginx_modules_http_push_stream? ( ssl )"
1337 -
1338 -pkg_setup() {
1339 - NGINX_HOME="/var/lib/nginx"
1340 - NGINX_HOME_TMP="${NGINX_HOME}/tmp"
1341 -
1342 - ebegin "Creating nginx user and group"
1343 - enewgroup ${PN}
1344 - enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
1345 - eend $?
1346 -
1347 - if use libatomic; then
1348 - ewarn "GCC 4.1+ features built-in atomic operations."
1349 - ewarn "Using libatomic_ops is only needed if using"
1350 - ewarn "a different compiler or a GCC prior to 4.1"
1351 - fi
1352 -
1353 - if [[ -n $NGINX_ADD_MODULES ]]; then
1354 - ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
1355 - ewarn "This nginx installation is not supported!"
1356 - ewarn "Make sure you can reproduce the bug without those modules"
1357 - ewarn "_before_ reporting bugs."
1358 - fi
1359 -
1360 - if use !http; then
1361 - ewarn "To actually disable all http-functionality you also have to disable"
1362 - ewarn "all nginx http modules."
1363 - fi
1364 -
1365 - if use nginx_modules_http_mogilefs && use threads; then
1366 - eerror "mogilefs won't compile with threads support."
1367 - eerror "Please disable either flag and try again."
1368 - die "Can't compile mogilefs with threads support"
1369 - fi
1370 -}
1371 -
1372 -src_prepare() {
1373 - eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
1374 - eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
1375 -
1376 - if use nginx_modules_http_upstream_check; then
1377 - #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
1378 - eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
1379 - fi
1380 -
1381 - if use nginx_modules_http_lua; then
1382 - sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
1383 - fi
1384 -
1385 - if use nginx_modules_http_security; then
1386 - cd "${HTTP_SECURITY_MODULE_WD}" || die
1387 -
1388 - eapply "${FILESDIR}"/http_security-pr_1158.patch
1389 -
1390 - eautoreconf
1391 -
1392 - if use luajit ; then
1393 - sed -i \
1394 - -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
1395 - configure || die
1396 - fi
1397 -
1398 - cd "${S}" || die
1399 - fi
1400 -
1401 - if use nginx_modules_http_upload_progress; then
1402 - cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
1403 - eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
1404 - cd "${S}" || die
1405 - fi
1406 -
1407 - if use nginx_modules_http_memc; then
1408 - cd "${HTTP_MEMC_MODULE_WD}" || die
1409 - eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
1410 - cd "${S}" || die
1411 - fi
1412 -
1413 - find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
1414 - # We have config protection, don't rename etc files
1415 - sed -i 's:.default::' auto/install || die
1416 - # remove useless files
1417 - sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
1418 -
1419 - # don't install to /etc/nginx/ if not in use
1420 - local module
1421 - for module in fastcgi scgi uwsgi ; do
1422 - if ! use nginx_modules_http_${module}; then
1423 - sed -i -e "/${module}/d" auto/install || die
1424 - fi
1425 - done
1426 -
1427 - eapply_user
1428 -}
1429 -
1430 -src_configure() {
1431 - # mod_security needs to generate nginx/modsecurity/config before including it
1432 - if use nginx_modules_http_security; then
1433 - cd "${HTTP_SECURITY_MODULE_WD}" || die
1434 -
1435 - ./configure \
1436 - --enable-standalone-module \
1437 - --disable-mlogc \
1438 - --with-ssdeep=no \
1439 - $(use_enable pcre-jit) \
1440 - $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
1441 -
1442 - cd "${S}" || die
1443 - fi
1444 -
1445 - local myconf=() http_enabled= mail_enabled= stream_enabled=
1446 -
1447 - use aio && myconf+=( --with-file-aio )
1448 - use debug && myconf+=( --with-debug )
1449 - use http2 && myconf+=( --with-http_v2_module )
1450 - use libatomic && myconf+=( --with-libatomic )
1451 - use pcre && myconf+=( --with-pcre )
1452 - use pcre-jit && myconf+=( --with-pcre-jit )
1453 - use threads && myconf+=( --with-threads )
1454 -
1455 - # HTTP modules
1456 - for mod in $NGINX_MODULES_STD; do
1457 - if use nginx_modules_http_${mod}; then
1458 - http_enabled=1
1459 - else
1460 - myconf+=( --without-http_${mod}_module )
1461 - fi
1462 - done
1463 -
1464 - for mod in $NGINX_MODULES_OPT; do
1465 - if use nginx_modules_http_${mod}; then
1466 - http_enabled=1
1467 - myconf+=( --with-http_${mod}_module )
1468 - fi
1469 - done
1470 -
1471 - if use nginx_modules_http_fastcgi; then
1472 - myconf+=( --with-http_realip_module )
1473 - fi
1474 -
1475 - # third-party modules
1476 - if use nginx_modules_http_upload_progress; then
1477 - http_enabled=1
1478 - myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
1479 - fi
1480 -
1481 - if use nginx_modules_http_headers_more; then
1482 - http_enabled=1
1483 - myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
1484 - fi
1485 -
1486 - if use nginx_modules_http_cache_purge; then
1487 - http_enabled=1
1488 - myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
1489 - fi
1490 -
1491 - if use nginx_modules_http_slowfs_cache; then
1492 - http_enabled=1
1493 - myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
1494 - fi
1495 -
1496 - if use nginx_modules_http_fancyindex; then
1497 - http_enabled=1
1498 - myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
1499 - fi
1500 -
1501 - if use nginx_modules_http_lua; then
1502 - http_enabled=1
1503 - if use luajit; then
1504 - export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
1505 - export LUAJIT_INC=$(pkg-config --variable includedir luajit)
1506 - else
1507 - export LUA_LIB=$(pkg-config --variable libdir lua)
1508 - export LUA_INC=$(pkg-config --variable includedir lua)
1509 - fi
1510 - myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
1511 - myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
1512 - fi
1513 -
1514 - if use nginx_modules_http_auth_pam; then
1515 - http_enabled=1
1516 - myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
1517 - fi
1518 -
1519 - if use nginx_modules_http_upstream_check; then
1520 - http_enabled=1
1521 - myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
1522 - fi
1523 -
1524 - if use nginx_modules_http_metrics; then
1525 - http_enabled=1
1526 - myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
1527 - fi
1528 -
1529 - if use nginx_modules_http_naxsi ; then
1530 - http_enabled=1
1531 - myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
1532 - fi
1533 -
1534 - if use rtmp ; then
1535 - http_enabled=1
1536 - myconf+=( --add-module=${RTMP_MODULE_WD} )
1537 - fi
1538 -
1539 - if use nginx_modules_http_dav_ext ; then
1540 - http_enabled=1
1541 - myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
1542 - fi
1543 -
1544 - if use nginx_modules_http_echo ; then
1545 - http_enabled=1
1546 - myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
1547 - fi
1548 -
1549 - if use nginx_modules_http_security ; then
1550 - http_enabled=1
1551 - myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
1552 - fi
1553 -
1554 - if use nginx_modules_http_push_stream ; then
1555 - http_enabled=1
1556 - myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
1557 - fi
1558 -
1559 - if use nginx_modules_http_sticky ; then
1560 - http_enabled=1
1561 - myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
1562 - fi
1563 -
1564 - if use nginx_modules_http_mogilefs ; then
1565 - http_enabled=1
1566 - myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
1567 - fi
1568 -
1569 - if use nginx_modules_http_memc ; then
1570 - http_enabled=1
1571 - myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
1572 - fi
1573 -
1574 - if use nginx_modules_http_auth_ldap; then
1575 - http_enabled=1
1576 - myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
1577 - fi
1578 -
1579 - if use http || use http-cache || use http2; then
1580 - http_enabled=1
1581 - fi
1582 -
1583 - if [ $http_enabled ]; then
1584 - use http-cache || myconf+=( --without-http-cache )
1585 - use ssl && myconf+=( --with-http_ssl_module )
1586 - else
1587 - myconf+=( --without-http --without-http-cache )
1588 - fi
1589 -
1590 - # Stream modules
1591 - for mod in $NGINX_MODULES_STREAM_STD; do
1592 - if use nginx_modules_stream_${mod}; then
1593 - stream_enabled=1
1594 - else
1595 - myconf+=( --without-stream_${mod}_module )
1596 - fi
1597 - done
1598 -
1599 - for mod in $NGINX_MODULES_STREAM_OPT; do
1600 - if use nginx_modules_stream_${mod}; then
1601 - stream_enabled=1
1602 - myconf+=( --with-stream_${mod}_module )
1603 - fi
1604 - done
1605 -
1606 - if [ $stream_enabled ]; then
1607 - myconf+=( --with-stream )
1608 - use ssl && myconf+=( --with-stream_ssl_module )
1609 - fi
1610 -
1611 - # MAIL modules
1612 - for mod in $NGINX_MODULES_MAIL; do
1613 - if use nginx_modules_mail_${mod}; then
1614 - mail_enabled=1
1615 - else
1616 - myconf+=( --without-mail_${mod}_module )
1617 - fi
1618 - done
1619 -
1620 - if [ $mail_enabled ]; then
1621 - myconf+=( --with-mail )
1622 - use ssl && myconf+=( --with-mail_ssl_module )
1623 - fi
1624 -
1625 - # custom modules
1626 - for mod in $NGINX_ADD_MODULES; do
1627 - myconf+=( --add-module=${mod} )
1628 - done
1629 -
1630 - # https://bugs.gentoo.org/286772
1631 - export LANG=C LC_ALL=C
1632 - tc-export CC
1633 -
1634 - if ! use prefix; then
1635 - myconf+=( --user=${PN} )
1636 - myconf+=( --group=${PN} )
1637 - fi
1638 -
1639 - local WITHOUT_IPV6=
1640 - if ! use ipv6; then
1641 - WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
1642 - fi
1643 -
1644 - ./configure \
1645 - --prefix="${EPREFIX}"/usr \
1646 - --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
1647 - --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
1648 - --pid-path="${EPREFIX}"/run/${PN}.pid \
1649 - --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
1650 - --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
1651 - --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
1652 - --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
1653 - --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
1654 - --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
1655 - --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
1656 - --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
1657 - --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
1658 - --with-compat \
1659 - "${myconf[@]}" || die "configure failed"
1660 -
1661 - # A purely cosmetic change that makes nginx -V more readable. This can be
1662 - # good if people outside the gentoo community would troubleshoot and
1663 - # question the users setup.
1664 - sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
1665 -}
1666 -
1667 -src_compile() {
1668 - use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
1669 -
1670 - # https://bugs.gentoo.org/286772
1671 - export LANG=C LC_ALL=C
1672 - emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
1673 -}
1674 -
1675 -src_install() {
1676 - emake DESTDIR="${D%/}" install
1677 -
1678 - cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
1679 -
1680 - newinitd "${FILESDIR}"/nginx.initd-r4 nginx
1681 - newconfd "${FILESDIR}"/nginx.confd nginx
1682 -
1683 - systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
1684 -
1685 - doman man/nginx.8
1686 - dodoc CHANGES* README
1687 -
1688 - # just keepdir. do not copy the default htdocs files (bug #449136)
1689 - keepdir /var/www/localhost
1690 - rm -rf "${D}"usr/html || die
1691 -
1692 - # set up a list of directories to keep
1693 - local keepdir_list="${NGINX_HOME_TMP}"/client
1694 - local module
1695 - for module in proxy fastcgi scgi uwsgi; do
1696 - use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
1697 - done
1698 -
1699 - keepdir /var/log/nginx ${keepdir_list}
1700 -
1701 - # this solves a problem with SELinux where nginx doesn't see the directories
1702 - # as root and tries to create them as nginx
1703 - fperms 0750 "${NGINX_HOME_TMP}"
1704 - fowners ${PN}:0 "${NGINX_HOME_TMP}"
1705 -
1706 - fperms 0700 ${keepdir_list}
1707 - fowners ${PN}:${PN} ${keepdir_list}
1708 -
1709 - fperms 0710 /var/log/nginx
1710 - fowners 0:${PN} /var/log/nginx
1711 -
1712 - # logrotate
1713 - insinto /etc/logrotate.d
1714 - newins "${FILESDIR}"/nginx.logrotate-r1 nginx
1715 -
1716 - if use nginx_modules_http_perl; then
1717 - cd "${S}"/objs/src/http/modules/perl/ || die
1718 - emake DESTDIR="${D}" INSTALLDIRS=vendor
1719 - perl_delete_localpod
1720 - cd "${S}" || die
1721 - fi
1722 -
1723 - if use nginx_modules_http_cache_purge; then
1724 - docinto ${HTTP_CACHE_PURGE_MODULE_P}
1725 - dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
1726 - fi
1727 -
1728 - if use nginx_modules_http_slowfs_cache; then
1729 - docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
1730 - dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
1731 - fi
1732 -
1733 - if use nginx_modules_http_fancyindex; then
1734 - docinto ${HTTP_FANCYINDEX_MODULE_P}
1735 - dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
1736 - fi
1737 -
1738 - if use nginx_modules_http_lua; then
1739 - docinto ${HTTP_LUA_MODULE_P}
1740 - dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
1741 - fi
1742 -
1743 - if use nginx_modules_http_auth_pam; then
1744 - docinto ${HTTP_AUTH_PAM_MODULE_P}
1745 - dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
1746 - fi
1747 -
1748 - if use nginx_modules_http_upstream_check; then
1749 - docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
1750 - dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
1751 - fi
1752 -
1753 - if use nginx_modules_http_naxsi; then
1754 - insinto /etc/nginx
1755 - doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
1756 - fi
1757 -
1758 - if use rtmp; then
1759 - docinto ${RTMP_MODULE_P}
1760 - dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
1761 - fi
1762 -
1763 - if use nginx_modules_http_dav_ext; then
1764 - docinto ${HTTP_DAV_EXT_MODULE_P}
1765 - dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
1766 - fi
1767 -
1768 - if use nginx_modules_http_echo; then
1769 - docinto ${HTTP_ECHO_MODULE_P}
1770 - dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
1771 - fi
1772 -
1773 - if use nginx_modules_http_security; then
1774 - docinto ${HTTP_SECURITY_MODULE_P}
1775 - dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
1776 - fi
1777 -
1778 - if use nginx_modules_http_push_stream; then
1779 - docinto ${HTTP_PUSH_STREAM_MODULE_P}
1780 - dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
1781 - fi
1782 -
1783 - if use nginx_modules_http_sticky; then
1784 - docinto ${HTTP_STICKY_MODULE_P}
1785 - dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
1786 - fi
1787 -
1788 - if use nginx_modules_http_memc; then
1789 - docinto ${HTTP_MEMC_MODULE_P}
1790 - dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
1791 - fi
1792 -
1793 - if use nginx_modules_http_auth_ldap; then
1794 - docinto ${HTTP_LDAP_MODULE_P}
1795 - dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
1796 - fi
1797 -}
1798 -
1799 -pkg_postinst() {
1800 - if use ssl; then
1801 - if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
1802 - install_cert /etc/ssl/${PN}/${PN}
1803 - use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
1804 - fi
1805 - fi
1806 -
1807 - if use nginx_modules_http_spdy; then
1808 - ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
1809 - ewarn "Update your configs and package.use accordingly."
1810 - fi
1811 -
1812 - if use nginx_modules_http_lua && use http2; then
1813 - ewarn "Lua 3rd party module author warns against using ${P} with"
1814 - ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
1815 - fi
1816 -
1817 - local _n_permission_layout_checks=0
1818 - local _has_to_adjust_permissions=0
1819 - local _has_to_show_permission_warning=0
1820 -
1821 - # Defaults to 1 to inform people doing a fresh installation
1822 - # that we ship modified {scgi,uwsgi,fastcgi}_params files
1823 - local _has_to_show_httpoxy_mitigation_notice=1
1824 -
1825 - local _replacing_version=
1826 - for _replacing_version in ${REPLACING_VERSIONS}; do
1827 - _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
1828 -
1829 - if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
1830 - # Should never happen:
1831 - # Package is abusing slots but doesn't allow multiple parallel installations.
1832 - # If we run into this situation it is unsafe to automatically adjust any
1833 - # permission...
1834 - _has_to_show_permission_warning=1
1835 -
1836 - ewarn "Replacing multiple ${PN}' versions is unsupported! " \
1837 - "You will have to adjust permissions on your own."
1838 -
1839 - break
1840 - fi
1841 -
1842 - local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
1843 - debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
1844 -
1845 - # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
1846 - # This was before we introduced multiple nginx versions so we
1847 - # do not need to distinguish between stable and mainline
1848 - local _need_to_fix_CVE2013_0337=1
1849 -
1850 - if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
1851 - # We are updating an installation which should already be fixed
1852 - _need_to_fix_CVE2013_0337=0
1853 - debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
1854 - else
1855 - _has_to_adjust_permissions=1
1856 - debug-print "Need to adjust permissions to fix CVE-2013-0337!"
1857 - fi
1858 -
1859 - # Do we need to inform about HTTPoxy mitigation?
1860 - # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
1861 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
1862 - # Updating from <1.10
1863 - _has_to_show_httpoxy_mitigation_notice=1
1864 - debug-print "Need to inform about HTTPoxy mitigation!"
1865 - else
1866 - # Updating from >=1.10
1867 - local _fixed_in_pvr=
1868 - case "${_replacing_version_branch}" in
1869 - "1.10")
1870 - _fixed_in_pvr="1.10.1-r2"
1871 - ;;
1872 - "1.11")
1873 - _fixed_in_pvr="1.11.3-r1"
1874 - ;;
1875 - *)
1876 - # This should be any future branch.
1877 - # If we run this code it is safe to assume that the user has
1878 - # already seen the HTTPoxy mitigation notice because he/she is doing
1879 - # an update from previous version where we have already shown
1880 - # the warning. Otherwise, we wouldn't hit this code path ...
1881 - _fixed_in_pvr=
1882 - esac
1883 -
1884 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
1885 - # We are updating an installation where we already informed
1886 - # that we are mitigating HTTPoxy per default
1887 - _has_to_show_httpoxy_mitigation_notice=0
1888 - debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
1889 - else
1890 - _has_to_show_httpoxy_mitigation_notice=1
1891 - debug-print "Need to inform about HTTPoxy mitigation!"
1892 - fi
1893 - fi
1894 -
1895 - # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
1896 - # All branches up to 1.11 are affected
1897 - local _need_to_fix_CVE2016_1247=1
1898 -
1899 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
1900 - # Updating from <1.10
1901 - _has_to_adjust_permissions=1
1902 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
1903 - else
1904 - # Updating from >=1.10
1905 - local _fixed_in_pvr=
1906 - case "${_replacing_version_branch}" in
1907 - "1.10")
1908 - _fixed_in_pvr="1.10.2-r3"
1909 - ;;
1910 - "1.11")
1911 - _fixed_in_pvr="1.11.6-r1"
1912 - ;;
1913 - *)
1914 - # This should be any future branch.
1915 - # If we run this code it is safe to assume that we have already
1916 - # adjusted permissions or were never affected because user is
1917 - # doing an update from previous version which was safe or did
1918 - # the adjustments. Otherwise, we wouldn't hit this code path ...
1919 - _fixed_in_pvr=
1920 - esac
1921 -
1922 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
1923 - # We are updating an installation which should already be adjusted
1924 - # or which was never affected
1925 - _need_to_fix_CVE2016_1247=0
1926 - debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
1927 - else
1928 - _has_to_adjust_permissions=1
1929 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
1930 - fi
1931 - fi
1932 - done
1933 -
1934 - if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
1935 - # We do not DIE when chmod/chown commands are failing because
1936 - # package is already merged on user's system at this stage
1937 - # and we cannot retry without losing the information that
1938 - # the existing installation needs to adjust permissions.
1939 - # Instead we are going to a show a big warning ...
1940 -
1941 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
1942 - ewarn ""
1943 - ewarn "The world-readable bit (if set) has been removed from the"
1944 - ewarn "following directories to mitigate a security bug"
1945 - ewarn "(CVE-2013-0337, bug #458726):"
1946 - ewarn ""
1947 - ewarn " ${EPREFIX%/}/var/log/nginx"
1948 - ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
1949 - ewarn ""
1950 - ewarn "Check if this is correct for your setup before restarting nginx!"
1951 - ewarn "This is a one-time change and will not happen on subsequent updates."
1952 - ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
1953 - chmod o-rwx \
1954 - "${EPREFIX%/}"/var/log/nginx \
1955 - "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
1956 - _has_to_show_permission_warning=1
1957 - fi
1958 -
1959 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
1960 - ewarn ""
1961 - ewarn "The permissions on the following directory have been reset in"
1962 - ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
1963 - ewarn ""
1964 - ewarn " ${EPREFIX%/}/var/log/nginx"
1965 - ewarn ""
1966 - ewarn "Check if this is correct for your setup before restarting nginx!"
1967 - ewarn "Also ensure that no other log directory used by any of your"
1968 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
1969 - ewarn "used by nginx can be abused to escalate privileges!"
1970 - ewarn "This is a one-time change and will not happen on subsequent updates."
1971 - chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
1972 - chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
1973 - fi
1974 -
1975 - if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
1976 - # Should never happen ...
1977 - ewarn ""
1978 - ewarn "*************************************************************"
1979 - ewarn "*************** W A R N I N G ***************"
1980 - ewarn "*************************************************************"
1981 - ewarn "The one-time only attempt to adjust permissions of the"
1982 - ewarn "existing nginx installation failed. Be aware that we will not"
1983 - ewarn "try to adjust the same permissions again because now you are"
1984 - ewarn "using a nginx version where we expect that the permissions"
1985 - ewarn "are already adjusted or that you know what you are doing and"
1986 - ewarn "want to keep custom permissions."
1987 - ewarn ""
1988 - fi
1989 - fi
1990 -
1991 - # Sanity check for CVE-2016-1247
1992 - # Required to warn users who received the warning above and thought
1993 - # they could fix it by unmerging and re-merging the package or have
1994 - # unmerged a affected installation on purpose in the past leaving
1995 - # /var/log/nginx on their system due to keepdir/non-empty folder
1996 - # and are now installing the package again.
1997 - local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
1998 - su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
1999 - if [ $? -eq 0 ] ; then
2000 - # Cleanup -- no reason to die here!
2001 - rm -f "${_sanity_check_testfile}"
2002 -
2003 - ewarn ""
2004 - ewarn "*************************************************************"
2005 - ewarn "*************** W A R N I N G ***************"
2006 - ewarn "*************************************************************"
2007 - ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
2008 - ewarn "(bug #605008) because nginx user is able to create files in"
2009 - ewarn ""
2010 - ewarn " ${EPREFIX%/}/var/log/nginx"
2011 - ewarn ""
2012 - ewarn "Also ensure that no other log directory used by any of your"
2013 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
2014 - ewarn "used by nginx can be abused to escalate privileges!"
2015 - fi
2016 -
2017 - if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
2018 - # HTTPoxy mitigation
2019 - ewarn ""
2020 - ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
2021 - ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
2022 - ewarn "the HTTP_PROXY parameter to an empty string per default when you"
2023 - ewarn "are sourcing one of the default"
2024 - ewarn ""
2025 - ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
2026 - ewarn " - 'scgi_params'"
2027 - ewarn " - 'uwsgi_params'"
2028 - ewarn ""
2029 - ewarn "files in your server block(s)."
2030 - ewarn ""
2031 - ewarn "If this is causing any problems for you make sure that you are sourcing the"
2032 - ewarn "default parameters _before_ you set your own values."
2033 - ewarn "If you are relying on user-supplied proxy values you have to remove the"
2034 - ewarn "correlating lines from the file(s) mentioned above."
2035 - ewarn ""
2036 - fi
2037 -}
2038
2039 diff --git a/www-servers/nginx/nginx-1.11.8.ebuild b/www-servers/nginx/nginx-1.11.8.ebuild
2040 deleted file mode 100644
2041 index 688728d104b..00000000000
2042 --- a/www-servers/nginx/nginx-1.11.8.ebuild
2043 +++ /dev/null
2044 @@ -1,1001 +0,0 @@
2045 -# Copyright 1999-2017 Gentoo Foundation
2046 -# Distributed under the terms of the GNU General Public License v2
2047 -
2048 -EAPI=6
2049 -
2050 -# Maintainer notes:
2051 -# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
2052 -# - any http-module activates the main http-functionality and overrides USE=-http
2053 -# - keep the following requirements in mind before adding external modules:
2054 -# * alive upstream
2055 -# * sane packaging
2056 -# * builds cleanly
2057 -# * does not need a patch for nginx core
2058 -# - TODO: test the google-perftools module (included in vanilla tarball)
2059 -
2060 -# prevent perl-module from adding automagic perl DEPENDs
2061 -GENTOO_DEPEND_ON_PERL="no"
2062 -
2063 -# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
2064 -DEVEL_KIT_MODULE_PV="0.3.0"
2065 -DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
2066 -DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
2067 -DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
2068 -
2069 -# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
2070 -HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
2071 -HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
2072 -HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
2073 -HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
2074 -
2075 -# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
2076 -HTTP_HEADERS_MORE_MODULE_PV="0.32"
2077 -HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
2078 -HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
2079 -HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
2080 -
2081 -# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
2082 -HTTP_CACHE_PURGE_MODULE_PV="2.3"
2083 -HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
2084 -HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
2085 -HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
2086 -
2087 -# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
2088 -HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
2089 -HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
2090 -HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
2091 -HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
2092 -
2093 -# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
2094 -HTTP_FANCYINDEX_MODULE_PV="0.4.1"
2095 -HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
2096 -HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
2097 -HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
2098 -
2099 -# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
2100 -HTTP_LUA_MODULE_PV="0.10.7"
2101 -HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
2102 -HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
2103 -HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
2104 -
2105 -# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
2106 -HTTP_AUTH_PAM_MODULE_PV="1.5.1"
2107 -HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
2108 -HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
2109 -HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
2110 -
2111 -# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
2112 -HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
2113 -HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
2114 -HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
2115 -HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
2116 -
2117 -# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
2118 -HTTP_METRICS_MODULE_PV="0.1.1"
2119 -HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
2120 -HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
2121 -HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
2122 -
2123 -# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
2124 -HTTP_NAXSI_MODULE_PV="0.55.1"
2125 -HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
2126 -HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
2127 -HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
2128 -
2129 -# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
2130 -RTMP_MODULE_PV="1.1.10"
2131 -RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
2132 -RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
2133 -RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
2134 -
2135 -# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
2136 -HTTP_DAV_EXT_MODULE_PV="0.0.3"
2137 -HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
2138 -HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
2139 -HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
2140 -
2141 -# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
2142 -HTTP_ECHO_MODULE_PV="0.60"
2143 -HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
2144 -HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
2145 -HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
2146 -
2147 -# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
2148 -# keep the MODULE_P here consistent with upstream to avoid tarball duplication
2149 -HTTP_SECURITY_MODULE_PV="2.9.1"
2150 -HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
2151 -HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
2152 -HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
2153 -
2154 -# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
2155 -HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
2156 -HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
2157 -HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
2158 -HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
2159 -
2160 -# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
2161 -HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
2162 -HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
2163 -HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
2164 -HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
2165 -
2166 -# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
2167 -HTTP_MOGILEFS_MODULE_PV="1.0.4"
2168 -HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
2169 -HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
2170 -HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
2171 -
2172 -# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
2173 -HTTP_MEMC_MODULE_PV="0.17"
2174 -HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
2175 -HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
2176 -HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
2177 -
2178 -# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
2179 -HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
2180 -HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
2181 -HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
2182 -HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
2183 -
2184 -# We handle deps below ourselves
2185 -SSL_DEPS_SKIP=1
2186 -AUTOTOOLS_AUTO_DEPEND="no"
2187 -
2188 -inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
2189 -
2190 -DESCRIPTION="Robust, small and high performance http and reverse proxy server"
2191 -HOMEPAGE="https://nginx.org"
2192 -SRC_URI="https://nginx.org/download/${P}.tar.gz
2193 - ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
2194 - nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
2195 - nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
2196 - nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
2197 - nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
2198 - nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
2199 - nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
2200 - nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
2201 - nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
2202 - nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
2203 - nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
2204 - rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
2205 - nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
2206 - nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
2207 - nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
2208 - nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
2209 - nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
2210 - nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
2211 - nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
2212 - nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
2213 -
2214 -LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
2215 - nginx_modules_http_security? ( Apache-2.0 )
2216 - nginx_modules_http_push_stream? ( GPL-3 )"
2217 -
2218 -SLOT="mainline"
2219 -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
2220 -
2221 -# Package doesn't provide a real test suite
2222 -RESTRICT="test"
2223 -
2224 -NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
2225 - fastcgi geo gzip limit_req limit_conn map memcached proxy referer
2226 - rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
2227 - upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
2228 -NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
2229 - gzip_static image_filter mp4 perl random_index realip secure_link
2230 - slice stub_status sub xslt"
2231 -NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
2232 - upstream_hash upstream_least_conn upstream_zone"
2233 -NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
2234 -NGINX_MODULES_MAIL="imap pop3 smtp"
2235 -NGINX_MODULES_3RD="
2236 - http_upload_progress
2237 - http_headers_more
2238 - http_cache_purge
2239 - http_slowfs_cache
2240 - http_fancyindex
2241 - http_lua
2242 - http_auth_pam
2243 - http_upstream_check
2244 - http_metrics
2245 - http_naxsi
2246 - http_dav_ext
2247 - http_echo
2248 - http_security
2249 - http_push_stream
2250 - http_sticky
2251 - http_mogilefs
2252 - http_memc
2253 - http_auth_ldap"
2254 -
2255 -IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
2256 - pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
2257 -
2258 -for mod in $NGINX_MODULES_STD; do
2259 - IUSE="${IUSE} +nginx_modules_http_${mod}"
2260 -done
2261 -
2262 -for mod in $NGINX_MODULES_OPT; do
2263 - IUSE="${IUSE} nginx_modules_http_${mod}"
2264 -done
2265 -
2266 -for mod in $NGINX_MODULES_STREAM_STD; do
2267 - IUSE="${IUSE} nginx_modules_stream_${mod}"
2268 -done
2269 -
2270 -for mod in $NGINX_MODULES_STREAM_OPT; do
2271 - IUSE="${IUSE} nginx_modules_stream_${mod}"
2272 -done
2273 -
2274 -for mod in $NGINX_MODULES_MAIL; do
2275 - IUSE="${IUSE} nginx_modules_mail_${mod}"
2276 -done
2277 -
2278 -for mod in $NGINX_MODULES_3RD; do
2279 - IUSE="${IUSE} nginx_modules_${mod}"
2280 -done
2281 -
2282 -# Add so we can warn users updating about config changes
2283 -# @TODO: jbergstroem: remove on next release series
2284 -IUSE="${IUSE} nginx_modules_http_spdy"
2285 -
2286 -CDEPEND="
2287 - pcre? ( dev-libs/libpcre:= )
2288 - pcre-jit? ( dev-libs/libpcre:=[jit] )
2289 - ssl? (
2290 - !libressl? ( dev-libs/openssl:0= )
2291 - libressl? ( dev-libs/libressl:= )
2292 - )
2293 - http2? (
2294 - !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
2295 - libressl? ( dev-libs/libressl:= )
2296 - )
2297 - http-cache? (
2298 - userland_GNU? (
2299 - !libressl? ( dev-libs/openssl:0= )
2300 - libressl? ( dev-libs/libressl:= )
2301 - )
2302 - )
2303 - nginx_modules_http_geoip? ( dev-libs/geoip )
2304 - nginx_modules_http_gunzip? ( sys-libs/zlib )
2305 - nginx_modules_http_gzip? ( sys-libs/zlib )
2306 - nginx_modules_http_gzip_static? ( sys-libs/zlib )
2307 - nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
2308 - nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
2309 - nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
2310 - nginx_modules_http_secure_link? (
2311 - userland_GNU? (
2312 - !libressl? ( dev-libs/openssl:0= )
2313 - libressl? ( dev-libs/libressl:= )
2314 - )
2315 - )
2316 - nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
2317 - nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
2318 - nginx_modules_http_auth_pam? ( virtual/pam )
2319 - nginx_modules_http_metrics? ( dev-libs/yajl:= )
2320 - nginx_modules_http_dav_ext? ( dev-libs/expat )
2321 - nginx_modules_http_security? (
2322 - dev-libs/apr:=
2323 - dev-libs/apr-util:=
2324 - dev-libs/libxml2:=
2325 - net-misc/curl
2326 - www-servers/apache
2327 - )
2328 - nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
2329 -RDEPEND="${CDEPEND}
2330 - selinux? ( sec-policy/selinux-nginx )
2331 - !www-servers/nginx:0"
2332 -DEPEND="${CDEPEND}
2333 - nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
2334 - arm? ( dev-libs/libatomic_ops )
2335 - libatomic? ( dev-libs/libatomic_ops )"
2336 -PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
2337 -
2338 -REQUIRED_USE="pcre-jit? ( pcre )
2339 - nginx_modules_http_lua? ( nginx_modules_http_rewrite )
2340 - nginx_modules_http_naxsi? ( pcre )
2341 - nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
2342 - nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
2343 - nginx_modules_http_security? ( pcre )
2344 - nginx_modules_http_push_stream? ( ssl )"
2345 -
2346 -pkg_setup() {
2347 - NGINX_HOME="/var/lib/nginx"
2348 - NGINX_HOME_TMP="${NGINX_HOME}/tmp"
2349 -
2350 - ebegin "Creating nginx user and group"
2351 - enewgroup ${PN}
2352 - enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
2353 - eend $?
2354 -
2355 - if use libatomic; then
2356 - ewarn "GCC 4.1+ features built-in atomic operations."
2357 - ewarn "Using libatomic_ops is only needed if using"
2358 - ewarn "a different compiler or a GCC prior to 4.1"
2359 - fi
2360 -
2361 - if [[ -n $NGINX_ADD_MODULES ]]; then
2362 - ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
2363 - ewarn "This nginx installation is not supported!"
2364 - ewarn "Make sure you can reproduce the bug without those modules"
2365 - ewarn "_before_ reporting bugs."
2366 - fi
2367 -
2368 - if use !http; then
2369 - ewarn "To actually disable all http-functionality you also have to disable"
2370 - ewarn "all nginx http modules."
2371 - fi
2372 -
2373 - if use nginx_modules_http_mogilefs && use threads; then
2374 - eerror "mogilefs won't compile with threads support."
2375 - eerror "Please disable either flag and try again."
2376 - die "Can't compile mogilefs with threads support"
2377 - fi
2378 -}
2379 -
2380 -src_prepare() {
2381 - eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
2382 - eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
2383 -
2384 - if use nginx_modules_http_upstream_check; then
2385 - #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
2386 - eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
2387 - fi
2388 -
2389 - if use nginx_modules_http_lua; then
2390 - sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
2391 - fi
2392 -
2393 - if use nginx_modules_http_security; then
2394 - cd "${HTTP_SECURITY_MODULE_WD}" || die
2395 -
2396 - eapply "${FILESDIR}"/http_security-pr_1158.patch
2397 -
2398 - eautoreconf
2399 -
2400 - if use luajit ; then
2401 - sed -i \
2402 - -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
2403 - configure || die
2404 - fi
2405 -
2406 - cd "${S}" || die
2407 - fi
2408 -
2409 - if use nginx_modules_http_upload_progress; then
2410 - cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
2411 - eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
2412 - cd "${S}" || die
2413 - fi
2414 -
2415 - if use nginx_modules_http_memc; then
2416 - cd "${HTTP_MEMC_MODULE_WD}" || die
2417 - eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
2418 - cd "${S}" || die
2419 - fi
2420 -
2421 - find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
2422 - # We have config protection, don't rename etc files
2423 - sed -i 's:.default::' auto/install || die
2424 - # remove useless files
2425 - sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
2426 -
2427 - # don't install to /etc/nginx/ if not in use
2428 - local module
2429 - for module in fastcgi scgi uwsgi ; do
2430 - if ! use nginx_modules_http_${module}; then
2431 - sed -i -e "/${module}/d" auto/install || die
2432 - fi
2433 - done
2434 -
2435 - eapply_user
2436 -}
2437 -
2438 -src_configure() {
2439 - # mod_security needs to generate nginx/modsecurity/config before including it
2440 - if use nginx_modules_http_security; then
2441 - cd "${HTTP_SECURITY_MODULE_WD}" || die
2442 -
2443 - ./configure \
2444 - --enable-standalone-module \
2445 - --disable-mlogc \
2446 - --with-ssdeep=no \
2447 - $(use_enable pcre-jit) \
2448 - $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
2449 -
2450 - cd "${S}" || die
2451 - fi
2452 -
2453 - local myconf=() http_enabled= mail_enabled= stream_enabled=
2454 -
2455 - use aio && myconf+=( --with-file-aio )
2456 - use debug && myconf+=( --with-debug )
2457 - use http2 && myconf+=( --with-http_v2_module )
2458 - use libatomic && myconf+=( --with-libatomic )
2459 - use pcre && myconf+=( --with-pcre )
2460 - use pcre-jit && myconf+=( --with-pcre-jit )
2461 - use threads && myconf+=( --with-threads )
2462 -
2463 - # HTTP modules
2464 - for mod in $NGINX_MODULES_STD; do
2465 - if use nginx_modules_http_${mod}; then
2466 - http_enabled=1
2467 - else
2468 - myconf+=( --without-http_${mod}_module )
2469 - fi
2470 - done
2471 -
2472 - for mod in $NGINX_MODULES_OPT; do
2473 - if use nginx_modules_http_${mod}; then
2474 - http_enabled=1
2475 - myconf+=( --with-http_${mod}_module )
2476 - fi
2477 - done
2478 -
2479 - if use nginx_modules_http_fastcgi; then
2480 - myconf+=( --with-http_realip_module )
2481 - fi
2482 -
2483 - # third-party modules
2484 - if use nginx_modules_http_upload_progress; then
2485 - http_enabled=1
2486 - myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
2487 - fi
2488 -
2489 - if use nginx_modules_http_headers_more; then
2490 - http_enabled=1
2491 - myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
2492 - fi
2493 -
2494 - if use nginx_modules_http_cache_purge; then
2495 - http_enabled=1
2496 - myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
2497 - fi
2498 -
2499 - if use nginx_modules_http_slowfs_cache; then
2500 - http_enabled=1
2501 - myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
2502 - fi
2503 -
2504 - if use nginx_modules_http_fancyindex; then
2505 - http_enabled=1
2506 - myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
2507 - fi
2508 -
2509 - if use nginx_modules_http_lua; then
2510 - http_enabled=1
2511 - if use luajit; then
2512 - export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
2513 - export LUAJIT_INC=$(pkg-config --variable includedir luajit)
2514 - else
2515 - export LUA_LIB=$(pkg-config --variable libdir lua)
2516 - export LUA_INC=$(pkg-config --variable includedir lua)
2517 - fi
2518 - myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
2519 - myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
2520 - fi
2521 -
2522 - if use nginx_modules_http_auth_pam; then
2523 - http_enabled=1
2524 - myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
2525 - fi
2526 -
2527 - if use nginx_modules_http_upstream_check; then
2528 - http_enabled=1
2529 - myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
2530 - fi
2531 -
2532 - if use nginx_modules_http_metrics; then
2533 - http_enabled=1
2534 - myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
2535 - fi
2536 -
2537 - if use nginx_modules_http_naxsi ; then
2538 - http_enabled=1
2539 - myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
2540 - fi
2541 -
2542 - if use rtmp ; then
2543 - http_enabled=1
2544 - myconf+=( --add-module=${RTMP_MODULE_WD} )
2545 - fi
2546 -
2547 - if use nginx_modules_http_dav_ext ; then
2548 - http_enabled=1
2549 - myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
2550 - fi
2551 -
2552 - if use nginx_modules_http_echo ; then
2553 - http_enabled=1
2554 - myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
2555 - fi
2556 -
2557 - if use nginx_modules_http_security ; then
2558 - http_enabled=1
2559 - myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
2560 - fi
2561 -
2562 - if use nginx_modules_http_push_stream ; then
2563 - http_enabled=1
2564 - myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
2565 - fi
2566 -
2567 - if use nginx_modules_http_sticky ; then
2568 - http_enabled=1
2569 - myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
2570 - fi
2571 -
2572 - if use nginx_modules_http_mogilefs ; then
2573 - http_enabled=1
2574 - myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
2575 - fi
2576 -
2577 - if use nginx_modules_http_memc ; then
2578 - http_enabled=1
2579 - myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
2580 - fi
2581 -
2582 - if use nginx_modules_http_auth_ldap; then
2583 - http_enabled=1
2584 - myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
2585 - fi
2586 -
2587 - if use http || use http-cache || use http2; then
2588 - http_enabled=1
2589 - fi
2590 -
2591 - if [ $http_enabled ]; then
2592 - use http-cache || myconf+=( --without-http-cache )
2593 - use ssl && myconf+=( --with-http_ssl_module )
2594 - else
2595 - myconf+=( --without-http --without-http-cache )
2596 - fi
2597 -
2598 - # Stream modules
2599 - for mod in $NGINX_MODULES_STREAM_STD; do
2600 - if use nginx_modules_stream_${mod}; then
2601 - stream_enabled=1
2602 - else
2603 - myconf+=( --without-stream_${mod}_module )
2604 - fi
2605 - done
2606 -
2607 - for mod in $NGINX_MODULES_STREAM_OPT; do
2608 - if use nginx_modules_stream_${mod}; then
2609 - stream_enabled=1
2610 - myconf+=( --with-stream_${mod}_module )
2611 - fi
2612 - done
2613 -
2614 - if [ $stream_enabled ]; then
2615 - myconf+=( --with-stream )
2616 - use ssl && myconf+=( --with-stream_ssl_module )
2617 - fi
2618 -
2619 - # MAIL modules
2620 - for mod in $NGINX_MODULES_MAIL; do
2621 - if use nginx_modules_mail_${mod}; then
2622 - mail_enabled=1
2623 - else
2624 - myconf+=( --without-mail_${mod}_module )
2625 - fi
2626 - done
2627 -
2628 - if [ $mail_enabled ]; then
2629 - myconf+=( --with-mail )
2630 - use ssl && myconf+=( --with-mail_ssl_module )
2631 - fi
2632 -
2633 - # custom modules
2634 - for mod in $NGINX_ADD_MODULES; do
2635 - myconf+=( --add-module=${mod} )
2636 - done
2637 -
2638 - # https://bugs.gentoo.org/286772
2639 - export LANG=C LC_ALL=C
2640 - tc-export CC
2641 -
2642 - if ! use prefix; then
2643 - myconf+=( --user=${PN} )
2644 - myconf+=( --group=${PN} )
2645 - fi
2646 -
2647 - local WITHOUT_IPV6=
2648 - if ! use ipv6; then
2649 - WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
2650 - fi
2651 -
2652 - ./configure \
2653 - --prefix="${EPREFIX}"/usr \
2654 - --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
2655 - --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
2656 - --pid-path="${EPREFIX}"/run/${PN}.pid \
2657 - --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
2658 - --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
2659 - --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
2660 - --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
2661 - --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
2662 - --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
2663 - --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
2664 - --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
2665 - --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
2666 - --with-compat \
2667 - "${myconf[@]}" || die "configure failed"
2668 -
2669 - # A purely cosmetic change that makes nginx -V more readable. This can be
2670 - # good if people outside the gentoo community would troubleshoot and
2671 - # question the users setup.
2672 - sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
2673 -}
2674 -
2675 -src_compile() {
2676 - use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
2677 -
2678 - # https://bugs.gentoo.org/286772
2679 - export LANG=C LC_ALL=C
2680 - emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
2681 -}
2682 -
2683 -src_install() {
2684 - emake DESTDIR="${D%/}" install
2685 -
2686 - cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
2687 -
2688 - newinitd "${FILESDIR}"/nginx.initd-r4 nginx
2689 - newconfd "${FILESDIR}"/nginx.confd nginx
2690 -
2691 - systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
2692 -
2693 - doman man/nginx.8
2694 - dodoc CHANGES* README
2695 -
2696 - # just keepdir. do not copy the default htdocs files (bug #449136)
2697 - keepdir /var/www/localhost
2698 - rm -rf "${D}"usr/html || die
2699 -
2700 - # set up a list of directories to keep
2701 - local keepdir_list="${NGINX_HOME_TMP}"/client
2702 - local module
2703 - for module in proxy fastcgi scgi uwsgi; do
2704 - use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
2705 - done
2706 -
2707 - keepdir /var/log/nginx ${keepdir_list}
2708 -
2709 - # this solves a problem with SELinux where nginx doesn't see the directories
2710 - # as root and tries to create them as nginx
2711 - fperms 0750 "${NGINX_HOME_TMP}"
2712 - fowners ${PN}:0 "${NGINX_HOME_TMP}"
2713 -
2714 - fperms 0700 ${keepdir_list}
2715 - fowners ${PN}:${PN} ${keepdir_list}
2716 -
2717 - fperms 0710 /var/log/nginx
2718 - fowners 0:${PN} /var/log/nginx
2719 -
2720 - # logrotate
2721 - insinto /etc/logrotate.d
2722 - newins "${FILESDIR}"/nginx.logrotate-r1 nginx
2723 -
2724 - if use nginx_modules_http_perl; then
2725 - cd "${S}"/objs/src/http/modules/perl/ || die
2726 - emake DESTDIR="${D}" INSTALLDIRS=vendor
2727 - perl_delete_localpod
2728 - cd "${S}" || die
2729 - fi
2730 -
2731 - if use nginx_modules_http_cache_purge; then
2732 - docinto ${HTTP_CACHE_PURGE_MODULE_P}
2733 - dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
2734 - fi
2735 -
2736 - if use nginx_modules_http_slowfs_cache; then
2737 - docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
2738 - dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
2739 - fi
2740 -
2741 - if use nginx_modules_http_fancyindex; then
2742 - docinto ${HTTP_FANCYINDEX_MODULE_P}
2743 - dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
2744 - fi
2745 -
2746 - if use nginx_modules_http_lua; then
2747 - docinto ${HTTP_LUA_MODULE_P}
2748 - dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
2749 - fi
2750 -
2751 - if use nginx_modules_http_auth_pam; then
2752 - docinto ${HTTP_AUTH_PAM_MODULE_P}
2753 - dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
2754 - fi
2755 -
2756 - if use nginx_modules_http_upstream_check; then
2757 - docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
2758 - dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
2759 - fi
2760 -
2761 - if use nginx_modules_http_naxsi; then
2762 - insinto /etc/nginx
2763 - doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
2764 - fi
2765 -
2766 - if use rtmp; then
2767 - docinto ${RTMP_MODULE_P}
2768 - dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
2769 - fi
2770 -
2771 - if use nginx_modules_http_dav_ext; then
2772 - docinto ${HTTP_DAV_EXT_MODULE_P}
2773 - dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
2774 - fi
2775 -
2776 - if use nginx_modules_http_echo; then
2777 - docinto ${HTTP_ECHO_MODULE_P}
2778 - dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
2779 - fi
2780 -
2781 - if use nginx_modules_http_security; then
2782 - docinto ${HTTP_SECURITY_MODULE_P}
2783 - dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
2784 - fi
2785 -
2786 - if use nginx_modules_http_push_stream; then
2787 - docinto ${HTTP_PUSH_STREAM_MODULE_P}
2788 - dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
2789 - fi
2790 -
2791 - if use nginx_modules_http_sticky; then
2792 - docinto ${HTTP_STICKY_MODULE_P}
2793 - dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
2794 - fi
2795 -
2796 - if use nginx_modules_http_memc; then
2797 - docinto ${HTTP_MEMC_MODULE_P}
2798 - dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
2799 - fi
2800 -
2801 - if use nginx_modules_http_auth_ldap; then
2802 - docinto ${HTTP_LDAP_MODULE_P}
2803 - dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
2804 - fi
2805 -}
2806 -
2807 -pkg_postinst() {
2808 - if use ssl; then
2809 - if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
2810 - install_cert /etc/ssl/${PN}/${PN}
2811 - use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
2812 - fi
2813 - fi
2814 -
2815 - if use nginx_modules_http_spdy; then
2816 - ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
2817 - ewarn "Update your configs and package.use accordingly."
2818 - fi
2819 -
2820 - if use nginx_modules_http_lua && use http2; then
2821 - ewarn "Lua 3rd party module author warns against using ${P} with"
2822 - ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
2823 - fi
2824 -
2825 - local _n_permission_layout_checks=0
2826 - local _has_to_adjust_permissions=0
2827 - local _has_to_show_permission_warning=0
2828 -
2829 - # Defaults to 1 to inform people doing a fresh installation
2830 - # that we ship modified {scgi,uwsgi,fastcgi}_params files
2831 - local _has_to_show_httpoxy_mitigation_notice=1
2832 -
2833 - local _replacing_version=
2834 - for _replacing_version in ${REPLACING_VERSIONS}; do
2835 - _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
2836 -
2837 - if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
2838 - # Should never happen:
2839 - # Package is abusing slots but doesn't allow multiple parallel installations.
2840 - # If we run into this situation it is unsafe to automatically adjust any
2841 - # permission...
2842 - _has_to_show_permission_warning=1
2843 -
2844 - ewarn "Replacing multiple ${PN}' versions is unsupported! " \
2845 - "You will have to adjust permissions on your own."
2846 -
2847 - break
2848 - fi
2849 -
2850 - local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
2851 - debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
2852 -
2853 - # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
2854 - # This was before we introduced multiple nginx versions so we
2855 - # do not need to distinguish between stable and mainline
2856 - local _need_to_fix_CVE2013_0337=1
2857 -
2858 - if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
2859 - # We are updating an installation which should already be fixed
2860 - _need_to_fix_CVE2013_0337=0
2861 - debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
2862 - else
2863 - _has_to_adjust_permissions=1
2864 - debug-print "Need to adjust permissions to fix CVE-2013-0337!"
2865 - fi
2866 -
2867 - # Do we need to inform about HTTPoxy mitigation?
2868 - # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
2869 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
2870 - # Updating from <1.10
2871 - _has_to_show_httpoxy_mitigation_notice=1
2872 - debug-print "Need to inform about HTTPoxy mitigation!"
2873 - else
2874 - # Updating from >=1.10
2875 - local _fixed_in_pvr=
2876 - case "${_replacing_version_branch}" in
2877 - "1.10")
2878 - _fixed_in_pvr="1.10.1-r2"
2879 - ;;
2880 - "1.11")
2881 - _fixed_in_pvr="1.11.3-r1"
2882 - ;;
2883 - *)
2884 - # This should be any future branch.
2885 - # If we run this code it is safe to assume that the user has
2886 - # already seen the HTTPoxy mitigation notice because he/she is doing
2887 - # an update from previous version where we have already shown
2888 - # the warning. Otherwise, we wouldn't hit this code path ...
2889 - _fixed_in_pvr=
2890 - esac
2891 -
2892 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
2893 - # We are updating an installation where we already informed
2894 - # that we are mitigating HTTPoxy per default
2895 - _has_to_show_httpoxy_mitigation_notice=0
2896 - debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
2897 - else
2898 - _has_to_show_httpoxy_mitigation_notice=1
2899 - debug-print "Need to inform about HTTPoxy mitigation!"
2900 - fi
2901 - fi
2902 -
2903 - # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
2904 - # All branches up to 1.11 are affected
2905 - local _need_to_fix_CVE2016_1247=1
2906 -
2907 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
2908 - # Updating from <1.10
2909 - _has_to_adjust_permissions=1
2910 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
2911 - else
2912 - # Updating from >=1.10
2913 - local _fixed_in_pvr=
2914 - case "${_replacing_version_branch}" in
2915 - "1.10")
2916 - _fixed_in_pvr="1.10.2-r3"
2917 - ;;
2918 - "1.11")
2919 - _fixed_in_pvr="1.11.6-r1"
2920 - ;;
2921 - *)
2922 - # This should be any future branch.
2923 - # If we run this code it is safe to assume that we have already
2924 - # adjusted permissions or were never affected because user is
2925 - # doing an update from previous version which was safe or did
2926 - # the adjustments. Otherwise, we wouldn't hit this code path ...
2927 - _fixed_in_pvr=
2928 - esac
2929 -
2930 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
2931 - # We are updating an installation which should already be adjusted
2932 - # or which was never affected
2933 - _need_to_fix_CVE2016_1247=0
2934 - debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
2935 - else
2936 - _has_to_adjust_permissions=1
2937 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
2938 - fi
2939 - fi
2940 - done
2941 -
2942 - if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
2943 - # We do not DIE when chmod/chown commands are failing because
2944 - # package is already merged on user's system at this stage
2945 - # and we cannot retry without losing the information that
2946 - # the existing installation needs to adjust permissions.
2947 - # Instead we are going to a show a big warning ...
2948 -
2949 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
2950 - ewarn ""
2951 - ewarn "The world-readable bit (if set) has been removed from the"
2952 - ewarn "following directories to mitigate a security bug"
2953 - ewarn "(CVE-2013-0337, bug #458726):"
2954 - ewarn ""
2955 - ewarn " ${EPREFIX%/}/var/log/nginx"
2956 - ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
2957 - ewarn ""
2958 - ewarn "Check if this is correct for your setup before restarting nginx!"
2959 - ewarn "This is a one-time change and will not happen on subsequent updates."
2960 - ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
2961 - chmod o-rwx \
2962 - "${EPREFIX%/}"/var/log/nginx \
2963 - "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
2964 - _has_to_show_permission_warning=1
2965 - fi
2966 -
2967 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
2968 - ewarn ""
2969 - ewarn "The permissions on the following directory have been reset in"
2970 - ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
2971 - ewarn ""
2972 - ewarn " ${EPREFIX%/}/var/log/nginx"
2973 - ewarn ""
2974 - ewarn "Check if this is correct for your setup before restarting nginx!"
2975 - ewarn "Also ensure that no other log directory used by any of your"
2976 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
2977 - ewarn "used by nginx can be abused to escalate privileges!"
2978 - ewarn "This is a one-time change and will not happen on subsequent updates."
2979 - chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
2980 - chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
2981 - fi
2982 -
2983 - if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
2984 - # Should never happen ...
2985 - ewarn ""
2986 - ewarn "*************************************************************"
2987 - ewarn "*************** W A R N I N G ***************"
2988 - ewarn "*************************************************************"
2989 - ewarn "The one-time only attempt to adjust permissions of the"
2990 - ewarn "existing nginx installation failed. Be aware that we will not"
2991 - ewarn "try to adjust the same permissions again because now you are"
2992 - ewarn "using a nginx version where we expect that the permissions"
2993 - ewarn "are already adjusted or that you know what you are doing and"
2994 - ewarn "want to keep custom permissions."
2995 - ewarn ""
2996 - fi
2997 - fi
2998 -
2999 - # Sanity check for CVE-2016-1247
3000 - # Required to warn users who received the warning above and thought
3001 - # they could fix it by unmerging and re-merging the package or have
3002 - # unmerged a affected installation on purpose in the past leaving
3003 - # /var/log/nginx on their system due to keepdir/non-empty folder
3004 - # and are now installing the package again.
3005 - local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
3006 - su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
3007 - if [ $? -eq 0 ] ; then
3008 - # Cleanup -- no reason to die here!
3009 - rm -f "${_sanity_check_testfile}"
3010 -
3011 - ewarn ""
3012 - ewarn "*************************************************************"
3013 - ewarn "*************** W A R N I N G ***************"
3014 - ewarn "*************************************************************"
3015 - ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
3016 - ewarn "(bug #605008) because nginx user is able to create files in"
3017 - ewarn ""
3018 - ewarn " ${EPREFIX%/}/var/log/nginx"
3019 - ewarn ""
3020 - ewarn "Also ensure that no other log directory used by any of your"
3021 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
3022 - ewarn "used by nginx can be abused to escalate privileges!"
3023 - fi
3024 -
3025 - if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
3026 - # HTTPoxy mitigation
3027 - ewarn ""
3028 - ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
3029 - ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
3030 - ewarn "the HTTP_PROXY parameter to an empty string per default when you"
3031 - ewarn "are sourcing one of the default"
3032 - ewarn ""
3033 - ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
3034 - ewarn " - 'scgi_params'"
3035 - ewarn " - 'uwsgi_params'"
3036 - ewarn ""
3037 - ewarn "files in your server block(s)."
3038 - ewarn ""
3039 - ewarn "If this is causing any problems for you make sure that you are sourcing the"
3040 - ewarn "default parameters _before_ you set your own values."
3041 - ewarn "If you are relying on user-supplied proxy values you have to remove the"
3042 - ewarn "correlating lines from the file(s) mentioned above."
3043 - ewarn ""
3044 - fi
3045 -}
3046
3047 diff --git a/www-servers/nginx/nginx-1.11.9.ebuild b/www-servers/nginx/nginx-1.11.9.ebuild
3048 deleted file mode 100644
3049 index 688728d104b..00000000000
3050 --- a/www-servers/nginx/nginx-1.11.9.ebuild
3051 +++ /dev/null
3052 @@ -1,1001 +0,0 @@
3053 -# Copyright 1999-2017 Gentoo Foundation
3054 -# Distributed under the terms of the GNU General Public License v2
3055 -
3056 -EAPI=6
3057 -
3058 -# Maintainer notes:
3059 -# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
3060 -# - any http-module activates the main http-functionality and overrides USE=-http
3061 -# - keep the following requirements in mind before adding external modules:
3062 -# * alive upstream
3063 -# * sane packaging
3064 -# * builds cleanly
3065 -# * does not need a patch for nginx core
3066 -# - TODO: test the google-perftools module (included in vanilla tarball)
3067 -
3068 -# prevent perl-module from adding automagic perl DEPENDs
3069 -GENTOO_DEPEND_ON_PERL="no"
3070 -
3071 -# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
3072 -DEVEL_KIT_MODULE_PV="0.3.0"
3073 -DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
3074 -DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
3075 -DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
3076 -
3077 -# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
3078 -HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
3079 -HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
3080 -HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
3081 -HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
3082 -
3083 -# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
3084 -HTTP_HEADERS_MORE_MODULE_PV="0.32"
3085 -HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
3086 -HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
3087 -HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
3088 -
3089 -# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
3090 -HTTP_CACHE_PURGE_MODULE_PV="2.3"
3091 -HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
3092 -HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
3093 -HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
3094 -
3095 -# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
3096 -HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
3097 -HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
3098 -HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
3099 -HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
3100 -
3101 -# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
3102 -HTTP_FANCYINDEX_MODULE_PV="0.4.1"
3103 -HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
3104 -HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
3105 -HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
3106 -
3107 -# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
3108 -HTTP_LUA_MODULE_PV="0.10.7"
3109 -HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
3110 -HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
3111 -HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
3112 -
3113 -# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
3114 -HTTP_AUTH_PAM_MODULE_PV="1.5.1"
3115 -HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
3116 -HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
3117 -HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
3118 -
3119 -# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
3120 -HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"
3121 -HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
3122 -HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
3123 -HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"
3124 -
3125 -# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
3126 -HTTP_METRICS_MODULE_PV="0.1.1"
3127 -HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
3128 -HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
3129 -HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
3130 -
3131 -# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
3132 -HTTP_NAXSI_MODULE_PV="0.55.1"
3133 -HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
3134 -HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
3135 -HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
3136 -
3137 -# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
3138 -RTMP_MODULE_PV="1.1.10"
3139 -RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
3140 -RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
3141 -RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
3142 -
3143 -# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
3144 -HTTP_DAV_EXT_MODULE_PV="0.0.3"
3145 -HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
3146 -HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
3147 -HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
3148 -
3149 -# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
3150 -HTTP_ECHO_MODULE_PV="0.60"
3151 -HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
3152 -HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
3153 -HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
3154 -
3155 -# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
3156 -# keep the MODULE_P here consistent with upstream to avoid tarball duplication
3157 -HTTP_SECURITY_MODULE_PV="2.9.1"
3158 -HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
3159 -HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
3160 -HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
3161 -
3162 -# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
3163 -HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
3164 -HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
3165 -HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
3166 -HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
3167 -
3168 -# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
3169 -HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
3170 -HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
3171 -HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
3172 -HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
3173 -
3174 -# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
3175 -HTTP_MOGILEFS_MODULE_PV="1.0.4"
3176 -HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
3177 -HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
3178 -HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
3179 -
3180 -# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
3181 -HTTP_MEMC_MODULE_PV="0.17"
3182 -HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
3183 -HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
3184 -HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
3185 -
3186 -# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
3187 -HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
3188 -HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
3189 -HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
3190 -HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
3191 -
3192 -# We handle deps below ourselves
3193 -SSL_DEPS_SKIP=1
3194 -AUTOTOOLS_AUTO_DEPEND="no"
3195 -
3196 -inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
3197 -
3198 -DESCRIPTION="Robust, small and high performance http and reverse proxy server"
3199 -HOMEPAGE="https://nginx.org"
3200 -SRC_URI="https://nginx.org/download/${P}.tar.gz
3201 - ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
3202 - nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
3203 - nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
3204 - nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
3205 - nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
3206 - nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
3207 - nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
3208 - nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
3209 - nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
3210 - nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
3211 - nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
3212 - rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
3213 - nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
3214 - nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
3215 - nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
3216 - nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
3217 - nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
3218 - nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
3219 - nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
3220 - nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
3221 -
3222 -LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
3223 - nginx_modules_http_security? ( Apache-2.0 )
3224 - nginx_modules_http_push_stream? ( GPL-3 )"
3225 -
3226 -SLOT="mainline"
3227 -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
3228 -
3229 -# Package doesn't provide a real test suite
3230 -RESTRICT="test"
3231 -
3232 -NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
3233 - fastcgi geo gzip limit_req limit_conn map memcached proxy referer
3234 - rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
3235 - upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
3236 -NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
3237 - gzip_static image_filter mp4 perl random_index realip secure_link
3238 - slice stub_status sub xslt"
3239 -NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
3240 - upstream_hash upstream_least_conn upstream_zone"
3241 -NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
3242 -NGINX_MODULES_MAIL="imap pop3 smtp"
3243 -NGINX_MODULES_3RD="
3244 - http_upload_progress
3245 - http_headers_more
3246 - http_cache_purge
3247 - http_slowfs_cache
3248 - http_fancyindex
3249 - http_lua
3250 - http_auth_pam
3251 - http_upstream_check
3252 - http_metrics
3253 - http_naxsi
3254 - http_dav_ext
3255 - http_echo
3256 - http_security
3257 - http_push_stream
3258 - http_sticky
3259 - http_mogilefs
3260 - http_memc
3261 - http_auth_ldap"
3262 -
3263 -IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
3264 - pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
3265 -
3266 -for mod in $NGINX_MODULES_STD; do
3267 - IUSE="${IUSE} +nginx_modules_http_${mod}"
3268 -done
3269 -
3270 -for mod in $NGINX_MODULES_OPT; do
3271 - IUSE="${IUSE} nginx_modules_http_${mod}"
3272 -done
3273 -
3274 -for mod in $NGINX_MODULES_STREAM_STD; do
3275 - IUSE="${IUSE} nginx_modules_stream_${mod}"
3276 -done
3277 -
3278 -for mod in $NGINX_MODULES_STREAM_OPT; do
3279 - IUSE="${IUSE} nginx_modules_stream_${mod}"
3280 -done
3281 -
3282 -for mod in $NGINX_MODULES_MAIL; do
3283 - IUSE="${IUSE} nginx_modules_mail_${mod}"
3284 -done
3285 -
3286 -for mod in $NGINX_MODULES_3RD; do
3287 - IUSE="${IUSE} nginx_modules_${mod}"
3288 -done
3289 -
3290 -# Add so we can warn users updating about config changes
3291 -# @TODO: jbergstroem: remove on next release series
3292 -IUSE="${IUSE} nginx_modules_http_spdy"
3293 -
3294 -CDEPEND="
3295 - pcre? ( dev-libs/libpcre:= )
3296 - pcre-jit? ( dev-libs/libpcre:=[jit] )
3297 - ssl? (
3298 - !libressl? ( dev-libs/openssl:0= )
3299 - libressl? ( dev-libs/libressl:= )
3300 - )
3301 - http2? (
3302 - !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
3303 - libressl? ( dev-libs/libressl:= )
3304 - )
3305 - http-cache? (
3306 - userland_GNU? (
3307 - !libressl? ( dev-libs/openssl:0= )
3308 - libressl? ( dev-libs/libressl:= )
3309 - )
3310 - )
3311 - nginx_modules_http_geoip? ( dev-libs/geoip )
3312 - nginx_modules_http_gunzip? ( sys-libs/zlib )
3313 - nginx_modules_http_gzip? ( sys-libs/zlib )
3314 - nginx_modules_http_gzip_static? ( sys-libs/zlib )
3315 - nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
3316 - nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
3317 - nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
3318 - nginx_modules_http_secure_link? (
3319 - userland_GNU? (
3320 - !libressl? ( dev-libs/openssl:0= )
3321 - libressl? ( dev-libs/libressl:= )
3322 - )
3323 - )
3324 - nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
3325 - nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
3326 - nginx_modules_http_auth_pam? ( virtual/pam )
3327 - nginx_modules_http_metrics? ( dev-libs/yajl:= )
3328 - nginx_modules_http_dav_ext? ( dev-libs/expat )
3329 - nginx_modules_http_security? (
3330 - dev-libs/apr:=
3331 - dev-libs/apr-util:=
3332 - dev-libs/libxml2:=
3333 - net-misc/curl
3334 - www-servers/apache
3335 - )
3336 - nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
3337 -RDEPEND="${CDEPEND}
3338 - selinux? ( sec-policy/selinux-nginx )
3339 - !www-servers/nginx:0"
3340 -DEPEND="${CDEPEND}
3341 - nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
3342 - arm? ( dev-libs/libatomic_ops )
3343 - libatomic? ( dev-libs/libatomic_ops )"
3344 -PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
3345 -
3346 -REQUIRED_USE="pcre-jit? ( pcre )
3347 - nginx_modules_http_lua? ( nginx_modules_http_rewrite )
3348 - nginx_modules_http_naxsi? ( pcre )
3349 - nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
3350 - nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
3351 - nginx_modules_http_security? ( pcre )
3352 - nginx_modules_http_push_stream? ( ssl )"
3353 -
3354 -pkg_setup() {
3355 - NGINX_HOME="/var/lib/nginx"
3356 - NGINX_HOME_TMP="${NGINX_HOME}/tmp"
3357 -
3358 - ebegin "Creating nginx user and group"
3359 - enewgroup ${PN}
3360 - enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
3361 - eend $?
3362 -
3363 - if use libatomic; then
3364 - ewarn "GCC 4.1+ features built-in atomic operations."
3365 - ewarn "Using libatomic_ops is only needed if using"
3366 - ewarn "a different compiler or a GCC prior to 4.1"
3367 - fi
3368 -
3369 - if [[ -n $NGINX_ADD_MODULES ]]; then
3370 - ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
3371 - ewarn "This nginx installation is not supported!"
3372 - ewarn "Make sure you can reproduce the bug without those modules"
3373 - ewarn "_before_ reporting bugs."
3374 - fi
3375 -
3376 - if use !http; then
3377 - ewarn "To actually disable all http-functionality you also have to disable"
3378 - ewarn "all nginx http modules."
3379 - fi
3380 -
3381 - if use nginx_modules_http_mogilefs && use threads; then
3382 - eerror "mogilefs won't compile with threads support."
3383 - eerror "Please disable either flag and try again."
3384 - die "Can't compile mogilefs with threads support"
3385 - fi
3386 -}
3387 -
3388 -src_prepare() {
3389 - eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
3390 - eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
3391 -
3392 - if use nginx_modules_http_upstream_check; then
3393 - #eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
3394 - eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
3395 - fi
3396 -
3397 - if use nginx_modules_http_lua; then
3398 - sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die
3399 - fi
3400 -
3401 - if use nginx_modules_http_security; then
3402 - cd "${HTTP_SECURITY_MODULE_WD}" || die
3403 -
3404 - eapply "${FILESDIR}"/http_security-pr_1158.patch
3405 -
3406 - eautoreconf
3407 -
3408 - if use luajit ; then
3409 - sed -i \
3410 - -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
3411 - configure || die
3412 - fi
3413 -
3414 - cd "${S}" || die
3415 - fi
3416 -
3417 - if use nginx_modules_http_upload_progress; then
3418 - cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
3419 - eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
3420 - cd "${S}" || die
3421 - fi
3422 -
3423 - if use nginx_modules_http_memc; then
3424 - cd "${HTTP_MEMC_MODULE_WD}" || die
3425 - eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch
3426 - cd "${S}" || die
3427 - fi
3428 -
3429 - find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
3430 - # We have config protection, don't rename etc files
3431 - sed -i 's:.default::' auto/install || die
3432 - # remove useless files
3433 - sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
3434 -
3435 - # don't install to /etc/nginx/ if not in use
3436 - local module
3437 - for module in fastcgi scgi uwsgi ; do
3438 - if ! use nginx_modules_http_${module}; then
3439 - sed -i -e "/${module}/d" auto/install || die
3440 - fi
3441 - done
3442 -
3443 - eapply_user
3444 -}
3445 -
3446 -src_configure() {
3447 - # mod_security needs to generate nginx/modsecurity/config before including it
3448 - if use nginx_modules_http_security; then
3449 - cd "${HTTP_SECURITY_MODULE_WD}" || die
3450 -
3451 - ./configure \
3452 - --enable-standalone-module \
3453 - --disable-mlogc \
3454 - --with-ssdeep=no \
3455 - $(use_enable pcre-jit) \
3456 - $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
3457 -
3458 - cd "${S}" || die
3459 - fi
3460 -
3461 - local myconf=() http_enabled= mail_enabled= stream_enabled=
3462 -
3463 - use aio && myconf+=( --with-file-aio )
3464 - use debug && myconf+=( --with-debug )
3465 - use http2 && myconf+=( --with-http_v2_module )
3466 - use libatomic && myconf+=( --with-libatomic )
3467 - use pcre && myconf+=( --with-pcre )
3468 - use pcre-jit && myconf+=( --with-pcre-jit )
3469 - use threads && myconf+=( --with-threads )
3470 -
3471 - # HTTP modules
3472 - for mod in $NGINX_MODULES_STD; do
3473 - if use nginx_modules_http_${mod}; then
3474 - http_enabled=1
3475 - else
3476 - myconf+=( --without-http_${mod}_module )
3477 - fi
3478 - done
3479 -
3480 - for mod in $NGINX_MODULES_OPT; do
3481 - if use nginx_modules_http_${mod}; then
3482 - http_enabled=1
3483 - myconf+=( --with-http_${mod}_module )
3484 - fi
3485 - done
3486 -
3487 - if use nginx_modules_http_fastcgi; then
3488 - myconf+=( --with-http_realip_module )
3489 - fi
3490 -
3491 - # third-party modules
3492 - if use nginx_modules_http_upload_progress; then
3493 - http_enabled=1
3494 - myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
3495 - fi
3496 -
3497 - if use nginx_modules_http_headers_more; then
3498 - http_enabled=1
3499 - myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
3500 - fi
3501 -
3502 - if use nginx_modules_http_cache_purge; then
3503 - http_enabled=1
3504 - myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
3505 - fi
3506 -
3507 - if use nginx_modules_http_slowfs_cache; then
3508 - http_enabled=1
3509 - myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
3510 - fi
3511 -
3512 - if use nginx_modules_http_fancyindex; then
3513 - http_enabled=1
3514 - myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
3515 - fi
3516 -
3517 - if use nginx_modules_http_lua; then
3518 - http_enabled=1
3519 - if use luajit; then
3520 - export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
3521 - export LUAJIT_INC=$(pkg-config --variable includedir luajit)
3522 - else
3523 - export LUA_LIB=$(pkg-config --variable libdir lua)
3524 - export LUA_INC=$(pkg-config --variable includedir lua)
3525 - fi
3526 - myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
3527 - myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
3528 - fi
3529 -
3530 - if use nginx_modules_http_auth_pam; then
3531 - http_enabled=1
3532 - myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
3533 - fi
3534 -
3535 - if use nginx_modules_http_upstream_check; then
3536 - http_enabled=1
3537 - myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
3538 - fi
3539 -
3540 - if use nginx_modules_http_metrics; then
3541 - http_enabled=1
3542 - myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
3543 - fi
3544 -
3545 - if use nginx_modules_http_naxsi ; then
3546 - http_enabled=1
3547 - myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
3548 - fi
3549 -
3550 - if use rtmp ; then
3551 - http_enabled=1
3552 - myconf+=( --add-module=${RTMP_MODULE_WD} )
3553 - fi
3554 -
3555 - if use nginx_modules_http_dav_ext ; then
3556 - http_enabled=1
3557 - myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
3558 - fi
3559 -
3560 - if use nginx_modules_http_echo ; then
3561 - http_enabled=1
3562 - myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
3563 - fi
3564 -
3565 - if use nginx_modules_http_security ; then
3566 - http_enabled=1
3567 - myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
3568 - fi
3569 -
3570 - if use nginx_modules_http_push_stream ; then
3571 - http_enabled=1
3572 - myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
3573 - fi
3574 -
3575 - if use nginx_modules_http_sticky ; then
3576 - http_enabled=1
3577 - myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
3578 - fi
3579 -
3580 - if use nginx_modules_http_mogilefs ; then
3581 - http_enabled=1
3582 - myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
3583 - fi
3584 -
3585 - if use nginx_modules_http_memc ; then
3586 - http_enabled=1
3587 - myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
3588 - fi
3589 -
3590 - if use nginx_modules_http_auth_ldap; then
3591 - http_enabled=1
3592 - myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
3593 - fi
3594 -
3595 - if use http || use http-cache || use http2; then
3596 - http_enabled=1
3597 - fi
3598 -
3599 - if [ $http_enabled ]; then
3600 - use http-cache || myconf+=( --without-http-cache )
3601 - use ssl && myconf+=( --with-http_ssl_module )
3602 - else
3603 - myconf+=( --without-http --without-http-cache )
3604 - fi
3605 -
3606 - # Stream modules
3607 - for mod in $NGINX_MODULES_STREAM_STD; do
3608 - if use nginx_modules_stream_${mod}; then
3609 - stream_enabled=1
3610 - else
3611 - myconf+=( --without-stream_${mod}_module )
3612 - fi
3613 - done
3614 -
3615 - for mod in $NGINX_MODULES_STREAM_OPT; do
3616 - if use nginx_modules_stream_${mod}; then
3617 - stream_enabled=1
3618 - myconf+=( --with-stream_${mod}_module )
3619 - fi
3620 - done
3621 -
3622 - if [ $stream_enabled ]; then
3623 - myconf+=( --with-stream )
3624 - use ssl && myconf+=( --with-stream_ssl_module )
3625 - fi
3626 -
3627 - # MAIL modules
3628 - for mod in $NGINX_MODULES_MAIL; do
3629 - if use nginx_modules_mail_${mod}; then
3630 - mail_enabled=1
3631 - else
3632 - myconf+=( --without-mail_${mod}_module )
3633 - fi
3634 - done
3635 -
3636 - if [ $mail_enabled ]; then
3637 - myconf+=( --with-mail )
3638 - use ssl && myconf+=( --with-mail_ssl_module )
3639 - fi
3640 -
3641 - # custom modules
3642 - for mod in $NGINX_ADD_MODULES; do
3643 - myconf+=( --add-module=${mod} )
3644 - done
3645 -
3646 - # https://bugs.gentoo.org/286772
3647 - export LANG=C LC_ALL=C
3648 - tc-export CC
3649 -
3650 - if ! use prefix; then
3651 - myconf+=( --user=${PN} )
3652 - myconf+=( --group=${PN} )
3653 - fi
3654 -
3655 - local WITHOUT_IPV6=
3656 - if ! use ipv6; then
3657 - WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
3658 - fi
3659 -
3660 - ./configure \
3661 - --prefix="${EPREFIX}"/usr \
3662 - --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
3663 - --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
3664 - --pid-path="${EPREFIX}"/run/${PN}.pid \
3665 - --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
3666 - --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
3667 - --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
3668 - --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
3669 - --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
3670 - --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
3671 - --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
3672 - --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
3673 - --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
3674 - --with-compat \
3675 - "${myconf[@]}" || die "configure failed"
3676 -
3677 - # A purely cosmetic change that makes nginx -V more readable. This can be
3678 - # good if people outside the gentoo community would troubleshoot and
3679 - # question the users setup.
3680 - sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
3681 -}
3682 -
3683 -src_compile() {
3684 - use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
3685 -
3686 - # https://bugs.gentoo.org/286772
3687 - export LANG=C LC_ALL=C
3688 - emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
3689 -}
3690 -
3691 -src_install() {
3692 - emake DESTDIR="${D%/}" install
3693 -
3694 - cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
3695 -
3696 - newinitd "${FILESDIR}"/nginx.initd-r4 nginx
3697 - newconfd "${FILESDIR}"/nginx.confd nginx
3698 -
3699 - systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
3700 -
3701 - doman man/nginx.8
3702 - dodoc CHANGES* README
3703 -
3704 - # just keepdir. do not copy the default htdocs files (bug #449136)
3705 - keepdir /var/www/localhost
3706 - rm -rf "${D}"usr/html || die
3707 -
3708 - # set up a list of directories to keep
3709 - local keepdir_list="${NGINX_HOME_TMP}"/client
3710 - local module
3711 - for module in proxy fastcgi scgi uwsgi; do
3712 - use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
3713 - done
3714 -
3715 - keepdir /var/log/nginx ${keepdir_list}
3716 -
3717 - # this solves a problem with SELinux where nginx doesn't see the directories
3718 - # as root and tries to create them as nginx
3719 - fperms 0750 "${NGINX_HOME_TMP}"
3720 - fowners ${PN}:0 "${NGINX_HOME_TMP}"
3721 -
3722 - fperms 0700 ${keepdir_list}
3723 - fowners ${PN}:${PN} ${keepdir_list}
3724 -
3725 - fperms 0710 /var/log/nginx
3726 - fowners 0:${PN} /var/log/nginx
3727 -
3728 - # logrotate
3729 - insinto /etc/logrotate.d
3730 - newins "${FILESDIR}"/nginx.logrotate-r1 nginx
3731 -
3732 - if use nginx_modules_http_perl; then
3733 - cd "${S}"/objs/src/http/modules/perl/ || die
3734 - emake DESTDIR="${D}" INSTALLDIRS=vendor
3735 - perl_delete_localpod
3736 - cd "${S}" || die
3737 - fi
3738 -
3739 - if use nginx_modules_http_cache_purge; then
3740 - docinto ${HTTP_CACHE_PURGE_MODULE_P}
3741 - dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
3742 - fi
3743 -
3744 - if use nginx_modules_http_slowfs_cache; then
3745 - docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
3746 - dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
3747 - fi
3748 -
3749 - if use nginx_modules_http_fancyindex; then
3750 - docinto ${HTTP_FANCYINDEX_MODULE_P}
3751 - dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
3752 - fi
3753 -
3754 - if use nginx_modules_http_lua; then
3755 - docinto ${HTTP_LUA_MODULE_P}
3756 - dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
3757 - fi
3758 -
3759 - if use nginx_modules_http_auth_pam; then
3760 - docinto ${HTTP_AUTH_PAM_MODULE_P}
3761 - dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
3762 - fi
3763 -
3764 - if use nginx_modules_http_upstream_check; then
3765 - docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
3766 - dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
3767 - fi
3768 -
3769 - if use nginx_modules_http_naxsi; then
3770 - insinto /etc/nginx
3771 - doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
3772 - fi
3773 -
3774 - if use rtmp; then
3775 - docinto ${RTMP_MODULE_P}
3776 - dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
3777 - fi
3778 -
3779 - if use nginx_modules_http_dav_ext; then
3780 - docinto ${HTTP_DAV_EXT_MODULE_P}
3781 - dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
3782 - fi
3783 -
3784 - if use nginx_modules_http_echo; then
3785 - docinto ${HTTP_ECHO_MODULE_P}
3786 - dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
3787 - fi
3788 -
3789 - if use nginx_modules_http_security; then
3790 - docinto ${HTTP_SECURITY_MODULE_P}
3791 - dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
3792 - fi
3793 -
3794 - if use nginx_modules_http_push_stream; then
3795 - docinto ${HTTP_PUSH_STREAM_MODULE_P}
3796 - dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
3797 - fi
3798 -
3799 - if use nginx_modules_http_sticky; then
3800 - docinto ${HTTP_STICKY_MODULE_P}
3801 - dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
3802 - fi
3803 -
3804 - if use nginx_modules_http_memc; then
3805 - docinto ${HTTP_MEMC_MODULE_P}
3806 - dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
3807 - fi
3808 -
3809 - if use nginx_modules_http_auth_ldap; then
3810 - docinto ${HTTP_LDAP_MODULE_P}
3811 - dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
3812 - fi
3813 -}
3814 -
3815 -pkg_postinst() {
3816 - if use ssl; then
3817 - if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
3818 - install_cert /etc/ssl/${PN}/${PN}
3819 - use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
3820 - fi
3821 - fi
3822 -
3823 - if use nginx_modules_http_spdy; then
3824 - ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
3825 - ewarn "Update your configs and package.use accordingly."
3826 - fi
3827 -
3828 - if use nginx_modules_http_lua && use http2; then
3829 - ewarn "Lua 3rd party module author warns against using ${P} with"
3830 - ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
3831 - fi
3832 -
3833 - local _n_permission_layout_checks=0
3834 - local _has_to_adjust_permissions=0
3835 - local _has_to_show_permission_warning=0
3836 -
3837 - # Defaults to 1 to inform people doing a fresh installation
3838 - # that we ship modified {scgi,uwsgi,fastcgi}_params files
3839 - local _has_to_show_httpoxy_mitigation_notice=1
3840 -
3841 - local _replacing_version=
3842 - for _replacing_version in ${REPLACING_VERSIONS}; do
3843 - _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
3844 -
3845 - if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
3846 - # Should never happen:
3847 - # Package is abusing slots but doesn't allow multiple parallel installations.
3848 - # If we run into this situation it is unsafe to automatically adjust any
3849 - # permission...
3850 - _has_to_show_permission_warning=1
3851 -
3852 - ewarn "Replacing multiple ${PN}' versions is unsupported! " \
3853 - "You will have to adjust permissions on your own."
3854 -
3855 - break
3856 - fi
3857 -
3858 - local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
3859 - debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
3860 -
3861 - # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
3862 - # This was before we introduced multiple nginx versions so we
3863 - # do not need to distinguish between stable and mainline
3864 - local _need_to_fix_CVE2013_0337=1
3865 -
3866 - if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
3867 - # We are updating an installation which should already be fixed
3868 - _need_to_fix_CVE2013_0337=0
3869 - debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
3870 - else
3871 - _has_to_adjust_permissions=1
3872 - debug-print "Need to adjust permissions to fix CVE-2013-0337!"
3873 - fi
3874 -
3875 - # Do we need to inform about HTTPoxy mitigation?
3876 - # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
3877 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
3878 - # Updating from <1.10
3879 - _has_to_show_httpoxy_mitigation_notice=1
3880 - debug-print "Need to inform about HTTPoxy mitigation!"
3881 - else
3882 - # Updating from >=1.10
3883 - local _fixed_in_pvr=
3884 - case "${_replacing_version_branch}" in
3885 - "1.10")
3886 - _fixed_in_pvr="1.10.1-r2"
3887 - ;;
3888 - "1.11")
3889 - _fixed_in_pvr="1.11.3-r1"
3890 - ;;
3891 - *)
3892 - # This should be any future branch.
3893 - # If we run this code it is safe to assume that the user has
3894 - # already seen the HTTPoxy mitigation notice because he/she is doing
3895 - # an update from previous version where we have already shown
3896 - # the warning. Otherwise, we wouldn't hit this code path ...
3897 - _fixed_in_pvr=
3898 - esac
3899 -
3900 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
3901 - # We are updating an installation where we already informed
3902 - # that we are mitigating HTTPoxy per default
3903 - _has_to_show_httpoxy_mitigation_notice=0
3904 - debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
3905 - else
3906 - _has_to_show_httpoxy_mitigation_notice=1
3907 - debug-print "Need to inform about HTTPoxy mitigation!"
3908 - fi
3909 - fi
3910 -
3911 - # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
3912 - # All branches up to 1.11 are affected
3913 - local _need_to_fix_CVE2016_1247=1
3914 -
3915 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
3916 - # Updating from <1.10
3917 - _has_to_adjust_permissions=1
3918 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
3919 - else
3920 - # Updating from >=1.10
3921 - local _fixed_in_pvr=
3922 - case "${_replacing_version_branch}" in
3923 - "1.10")
3924 - _fixed_in_pvr="1.10.2-r3"
3925 - ;;
3926 - "1.11")
3927 - _fixed_in_pvr="1.11.6-r1"
3928 - ;;
3929 - *)
3930 - # This should be any future branch.
3931 - # If we run this code it is safe to assume that we have already
3932 - # adjusted permissions or were never affected because user is
3933 - # doing an update from previous version which was safe or did
3934 - # the adjustments. Otherwise, we wouldn't hit this code path ...
3935 - _fixed_in_pvr=
3936 - esac
3937 -
3938 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
3939 - # We are updating an installation which should already be adjusted
3940 - # or which was never affected
3941 - _need_to_fix_CVE2016_1247=0
3942 - debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
3943 - else
3944 - _has_to_adjust_permissions=1
3945 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
3946 - fi
3947 - fi
3948 - done
3949 -
3950 - if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
3951 - # We do not DIE when chmod/chown commands are failing because
3952 - # package is already merged on user's system at this stage
3953 - # and we cannot retry without losing the information that
3954 - # the existing installation needs to adjust permissions.
3955 - # Instead we are going to a show a big warning ...
3956 -
3957 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
3958 - ewarn ""
3959 - ewarn "The world-readable bit (if set) has been removed from the"
3960 - ewarn "following directories to mitigate a security bug"
3961 - ewarn "(CVE-2013-0337, bug #458726):"
3962 - ewarn ""
3963 - ewarn " ${EPREFIX%/}/var/log/nginx"
3964 - ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
3965 - ewarn ""
3966 - ewarn "Check if this is correct for your setup before restarting nginx!"
3967 - ewarn "This is a one-time change and will not happen on subsequent updates."
3968 - ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
3969 - chmod o-rwx \
3970 - "${EPREFIX%/}"/var/log/nginx \
3971 - "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
3972 - _has_to_show_permission_warning=1
3973 - fi
3974 -
3975 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
3976 - ewarn ""
3977 - ewarn "The permissions on the following directory have been reset in"
3978 - ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
3979 - ewarn ""
3980 - ewarn " ${EPREFIX%/}/var/log/nginx"
3981 - ewarn ""
3982 - ewarn "Check if this is correct for your setup before restarting nginx!"
3983 - ewarn "Also ensure that no other log directory used by any of your"
3984 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
3985 - ewarn "used by nginx can be abused to escalate privileges!"
3986 - ewarn "This is a one-time change and will not happen on subsequent updates."
3987 - chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
3988 - chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
3989 - fi
3990 -
3991 - if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
3992 - # Should never happen ...
3993 - ewarn ""
3994 - ewarn "*************************************************************"
3995 - ewarn "*************** W A R N I N G ***************"
3996 - ewarn "*************************************************************"
3997 - ewarn "The one-time only attempt to adjust permissions of the"
3998 - ewarn "existing nginx installation failed. Be aware that we will not"
3999 - ewarn "try to adjust the same permissions again because now you are"
4000 - ewarn "using a nginx version where we expect that the permissions"
4001 - ewarn "are already adjusted or that you know what you are doing and"
4002 - ewarn "want to keep custom permissions."
4003 - ewarn ""
4004 - fi
4005 - fi
4006 -
4007 - # Sanity check for CVE-2016-1247
4008 - # Required to warn users who received the warning above and thought
4009 - # they could fix it by unmerging and re-merging the package or have
4010 - # unmerged a affected installation on purpose in the past leaving
4011 - # /var/log/nginx on their system due to keepdir/non-empty folder
4012 - # and are now installing the package again.
4013 - local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
4014 - su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
4015 - if [ $? -eq 0 ] ; then
4016 - # Cleanup -- no reason to die here!
4017 - rm -f "${_sanity_check_testfile}"
4018 -
4019 - ewarn ""
4020 - ewarn "*************************************************************"
4021 - ewarn "*************** W A R N I N G ***************"
4022 - ewarn "*************************************************************"
4023 - ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
4024 - ewarn "(bug #605008) because nginx user is able to create files in"
4025 - ewarn ""
4026 - ewarn " ${EPREFIX%/}/var/log/nginx"
4027 - ewarn ""
4028 - ewarn "Also ensure that no other log directory used by any of your"
4029 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
4030 - ewarn "used by nginx can be abused to escalate privileges!"
4031 - fi
4032 -
4033 - if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
4034 - # HTTPoxy mitigation
4035 - ewarn ""
4036 - ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
4037 - ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
4038 - ewarn "the HTTP_PROXY parameter to an empty string per default when you"
4039 - ewarn "are sourcing one of the default"
4040 - ewarn ""
4041 - ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
4042 - ewarn " - 'scgi_params'"
4043 - ewarn " - 'uwsgi_params'"
4044 - ewarn ""
4045 - ewarn "files in your server block(s)."
4046 - ewarn ""
4047 - ewarn "If this is causing any problems for you make sure that you are sourcing the"
4048 - ewarn "default parameters _before_ you set your own values."
4049 - ewarn "If you are relying on user-supplied proxy values you have to remove the"
4050 - ewarn "correlating lines from the file(s) mentioned above."
4051 - ewarn ""
4052 - fi
4053 -}
Report Message
Find on MARC Find on Google Groups