Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
Date: Tue, 13 Aug 2019 20:12:36
Message-Id: 1565727144.7b4720c48a142776f4448d6dbfc0c55a10116442.whissi@gentoo
1 commit: 7b4720c48a142776f4448d6dbfc0c55a10116442
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Tue Aug 13 20:12:06 2019 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Tue Aug 13 20:12:24 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b4720c4
7
8 www-servers/nginx: security cleanup
9
10 Package-Manager: Portage-2.3.71, Repoman-2.3.17
11 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
12
13 www-servers/nginx/Manifest | 7 -
14 www-servers/nginx/nginx-1.16.0-r1.ebuild | 1089 ------------------------------
15 www-servers/nginx/nginx-1.17.0.ebuild | 1089 ------------------------------
16 www-servers/nginx/nginx-1.17.1.ebuild | 1089 ------------------------------
17 www-servers/nginx/nginx-1.17.2.ebuild | 1089 ------------------------------
18 5 files changed, 4363 deletions(-)
19
20 diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
21 index 36eb160861a..d3e48d2187c 100644
22 --- a/www-servers/nginx/Manifest
23 +++ b/www-servers/nginx/Manifest
24 @@ -1,14 +1,9 @@
25 DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
26 -DIST nginx-1.16.0.tar.gz 1032345 BLAKE2B 187a07e7bde2dc6d7dd476372fa5e880a085f06bba321177428a4064e75bb1012950fdc31125344dab36b8c5d78c60d9f9ca963279cfa46741478c250221c199 SHA512 e99cfaa4538f209c096ea2f93c04b5019756617f3bcd3305c273e98ddc89fed5bf90d65fb9b493149bc47d55ff79e73850bfcac20505fab74930d0102075df3d
27 DIST nginx-1.16.1.tar.gz 1032630 BLAKE2B 838c5f08b56378dd3ef3940a979eb1449c4ed7ef5b4b112da2531c0996d121ae32ae4e94d3b4ba198fefcdc1b06683e4b0cfa0087db82fcab13bffb5f67f8aa4 SHA512 17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437
28 -DIST nginx-1.17.0.tar.gz 1032978 BLAKE2B 791e4d309ef1a62db2c135313edc85fe3fdb0c7b42b39a2a1f56059b1128199fcbcd4f24a1929ad3b4b57506f104afd5943229a8b6273d6e2ccb103fa0405476 SHA512 fcba692355c79169672c32796981bc178d42d9cf6880e8f03c99d5f518b7aca5c0414688e17b9c54f307214a64e766e1b022604e725aa4d40784f471d770f061
29 -DIST nginx-1.17.1.tar.gz 1033452 BLAKE2B ec6fb0637e6396cf8a2eae3cf5eeca8127674a9c2ad43ac18b4206c1280d34109761993fdcc96e3e766c5c3cc246740016c2de7a54caae4e9fb5577d6fe9ab50 SHA512 67ccd14f57316cc68c511efc9f3f3eb7181f3893f1261aba094ed169630089062aacf552e6dbe083dd6c7390e7943ee457c3edb688aae1daaea0e5ba93a5eac6
30 -DIST nginx-1.17.2.tar.gz 1034136 BLAKE2B 8d757ec5820b2ce625214a86490d49be1a9931199d615d55360c442598900dd8ce9176871c320ac90b5214d9a8e19cfa8c2c5e0eca0c02f850343e0e792f7645 SHA512 9bb48b7b271f30cfb4d35c86a57eae2a5aeece6be755c1f55b7d4cded73d1dbb8dc89087cac279144c8c25a2624e7fbd71cc55ada4aef932143e3a16c601452b
31 DIST nginx-1.17.3.tar.gz 1034586 BLAKE2B 48d1c34cf345794bc345bedb96a6a194f175695b93ee5114095742d67384e81fe87cc1ec10553566a33dbabc2a784158bc1461e2001d67dda71af4a1f540a88d SHA512 b81e75c4c8c03ca2f0b40b9c2a1812cf168cb2319d7246b9b0cce838ef7dba81f3cd57a213ec8d58e457a0fa6b912adff2e5597e5ada7258cfe27f55b05205e2
32 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
33 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
34 DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa2febfa63b98303f8890c6774de6ccb09475ccd639d3b74493a4ffd97c90febdc22755c5928018bdac24a537bd13cde165f97e5d2b50bebf598c3fb22ec0206 SHA512 169566b8764bb2b82e029f954a99063a9c61e2cbf982861c5f6818b389a5f37bf5389afb1b5627de9bd3f7af7b3c404be0230f943d47ab621c2a2bd825cc8203
35 -DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
36 DIST ngx_devel_kit-0.3.1.tar.gz 66542 BLAKE2B 8242d884464d99a131a48f599f9d0c2b546610f73f646e7eb0dcfdb98220810d949189cffa721360ddbe3b7b8adc8b678a848b9d1a56db6c62fd4439ecb63d24 SHA512 de1e3349d8dd08e5982279b2219dc8a8006739f0409b8e0f5c50d93434beff1fbafba43e9c5ac85a5fab90afc5c0a7244a340610339c36f82f2cba7233e72de9
37 DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
38 DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
39 @@ -28,6 +23,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
40 DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
41 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
42 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
43 -DIST njs-0.3.2.tar.gz 325183 BLAKE2B 6c02d260bcb968480eb02a3dbee8464b2f7dd26a0ca4e4539ed2a4ce7bf494d32b815c742034b92132d5fef3e8eb12132d0ab214b1ffa450ce11273d70d96f57 SHA512 74abf48f2e23714fcce1b87b4dbe354a8a716b1cab825591878a6fd5175400a7f3b74c3968291ace19b2f6a2620df959d572fbcf1868dc4e0f44636e8ea35aaa
44 -DIST njs-0.3.3.tar.gz 333026 BLAKE2B 0ccf8978fefd2f70a615fc3f8bc583754c81201aea2ebae2d451c8cc379d510a7ed91d432c86d261656a20c444b3032b93d4fa7bff90f3dc6cbd023f2cf82228 SHA512 c84cb5aed0abfc54843249e18f21d193927d92213bdff2744d0a96d6fd3131c89284c7822f6d4d456ba809931b220d891939b4a1c6e0d07ddad67d9e4437ddf5
45 DIST njs-0.3.4.tar.gz 338783 BLAKE2B a68e0f85b9a2ac792ed33ccfb4d801b8f64272cd11e0174a9ed1f27a1dee609721fc8ff86f2844584a6aa583fda84a729baecf104e80e852776525d05b6f3c47 SHA512 bf0100d62c89a2594c95e803c06a375bcfcc65e337b0b0e43906abef6020070ec95a7eff24837b14c139f9a568b099847a7942a3f4012a3d9abaffdc12915385
46
47 diff --git a/www-servers/nginx/nginx-1.16.0-r1.ebuild b/www-servers/nginx/nginx-1.16.0-r1.ebuild
48 deleted file mode 100644
49 index 75a7cb6a7bb..00000000000
50 --- a/www-servers/nginx/nginx-1.16.0-r1.ebuild
51 +++ /dev/null
52 @@ -1,1089 +0,0 @@
53 -# Copyright 1999-2019 Gentoo Authors
54 -# Distributed under the terms of the GNU General Public License v2
55 -
56 -EAPI="6"
57 -
58 -# Maintainer notes:
59 -# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
60 -# - any http-module activates the main http-functionality and overrides USE=-http
61 -# - keep the following requirements in mind before adding external modules:
62 -# * alive upstream
63 -# * sane packaging
64 -# * builds cleanly
65 -# * does not need a patch for nginx core
66 -# - TODO: test the google-perftools module (included in vanilla tarball)
67 -
68 -# prevent perl-module from adding automagic perl DEPENDs
69 -GENTOO_DEPEND_ON_PERL="no"
70 -
71 -# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
72 -DEVEL_KIT_MODULE_PV="0.3.0"
73 -DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
74 -DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
75 -DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
76 -
77 -# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
78 -HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
79 -HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
80 -HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
81 -HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
82 -
83 -# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
84 -HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
85 -HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
86 -HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
87 -HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
88 -
89 -# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
90 -HTTP_HEADERS_MORE_MODULE_PV="0.33"
91 -HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
92 -HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
93 -HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
94 -
95 -# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
96 -HTTP_CACHE_PURGE_MODULE_PV="2.3"
97 -HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
98 -HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
99 -HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
100 -
101 -# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
102 -HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
103 -HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
104 -HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
105 -HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
106 -
107 -# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
108 -HTTP_FANCYINDEX_MODULE_PV="0.4.3"
109 -HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
110 -HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
111 -HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
112 -
113 -# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
114 -HTTP_LUA_MODULE_PV="0.10.15"
115 -HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
116 -HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
117 -HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
118 -
119 -# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
120 -HTTP_AUTH_PAM_MODULE_PV="1.5.1"
121 -HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
122 -HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
123 -HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
124 -
125 -# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
126 -HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
127 -HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
128 -HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
129 -HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
130 -
131 -# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
132 -HTTP_METRICS_MODULE_PV="0.1.1"
133 -HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
134 -HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
135 -HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
136 -
137 -# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
138 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
139 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
140 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
141 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
142 -
143 -# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
144 -HTTP_NAXSI_MODULE_PV="0.56"
145 -HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
146 -HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
147 -HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
148 -
149 -# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
150 -RTMP_MODULE_PV="1.2.1"
151 -RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
152 -RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
153 -RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
154 -
155 -# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
156 -HTTP_DAV_EXT_MODULE_PV="3.0.0"
157 -HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
158 -HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
159 -HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
160 -
161 -# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
162 -HTTP_ECHO_MODULE_PV="0.61"
163 -HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
164 -HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
165 -HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
166 -
167 -# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
168 -# keep the MODULE_P here consistent with upstream to avoid tarball duplication
169 -HTTP_SECURITY_MODULE_PV="2.9.3"
170 -HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
171 -HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
172 -HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
173 -
174 -# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
175 -HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
176 -HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
177 -HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
178 -HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
179 -
180 -# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
181 -HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
182 -HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
183 -HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
184 -HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
185 -
186 -# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
187 -HTTP_MOGILEFS_MODULE_PV="1.0.4"
188 -HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
189 -HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
190 -HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
191 -
192 -# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
193 -HTTP_MEMC_MODULE_PV="0.19"
194 -HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
195 -HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
196 -HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
197 -
198 -# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
199 -HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
200 -HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
201 -HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
202 -HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
203 -
204 -# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
205 -GEOIP2_MODULE_PV="3.2"
206 -GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
207 -GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
208 -GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
209 -
210 -# njs-module (https://github.com/nginx/njs, as-is)
211 -NJS_MODULE_PV="0.3.2"
212 -NJS_MODULE_P="njs-${NJS_MODULE_PV}"
213 -NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
214 -NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
215 -
216 -# We handle deps below ourselves
217 -SSL_DEPS_SKIP=1
218 -AUTOTOOLS_AUTO_DEPEND="no"
219 -
220 -inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
221 -
222 -DESCRIPTION="Robust, small and high performance http and reverse proxy server"
223 -HOMEPAGE="https://nginx.org"
224 -SRC_URI="https://nginx.org/download/${P}.tar.gz
225 - ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
226 - nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
227 - nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
228 - nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
229 - nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
230 - nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
231 - nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
232 - nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
233 - nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
234 - nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
235 - nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
236 - nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
237 - nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
238 - nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
239 - nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
240 - nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
241 - nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
242 - nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
243 - nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
244 - nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
245 - nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
246 - nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
247 - nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
248 - nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
249 - nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
250 - rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
251 -
252 -LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
253 - nginx_modules_http_security? ( Apache-2.0 )
254 - nginx_modules_http_push_stream? ( GPL-3 )"
255 -
256 -SLOT="0"
257 -KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
258 -
259 -# Package doesn't provide a real test suite
260 -RESTRICT="test"
261 -
262 -NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
263 - fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
264 - proxy referer rewrite scgi ssi split_clients upstream_hash
265 - upstream_ip_hash upstream_keepalive upstream_least_conn
266 - upstream_zone userid uwsgi"
267 -NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
268 - gzip_static image_filter mp4 perl random_index realip secure_link
269 - slice stub_status sub xslt"
270 -NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
271 - upstream_hash upstream_least_conn upstream_zone"
272 -NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
273 -NGINX_MODULES_MAIL="imap pop3 smtp"
274 -NGINX_MODULES_3RD="
275 - http_auth_ldap
276 - http_auth_pam
277 - http_brotli
278 - http_cache_purge
279 - http_dav_ext
280 - http_echo
281 - http_fancyindex
282 - http_geoip2
283 - http_headers_more
284 - http_javascript
285 - http_lua
286 - http_memc
287 - http_metrics
288 - http_mogilefs
289 - http_naxsi
290 - http_push_stream
291 - http_security
292 - http_slowfs_cache
293 - http_sticky
294 - http_upload_progress
295 - http_upstream_check
296 - http_vhost_traffic_status
297 - stream_geoip2
298 - stream_javascript
299 -"
300 -
301 -IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
302 - pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
303 -
304 -for mod in $NGINX_MODULES_STD; do
305 - IUSE="${IUSE} +nginx_modules_http_${mod}"
306 -done
307 -
308 -for mod in $NGINX_MODULES_OPT; do
309 - IUSE="${IUSE} nginx_modules_http_${mod}"
310 -done
311 -
312 -for mod in $NGINX_MODULES_STREAM_STD; do
313 - IUSE="${IUSE} nginx_modules_stream_${mod}"
314 -done
315 -
316 -for mod in $NGINX_MODULES_STREAM_OPT; do
317 - IUSE="${IUSE} nginx_modules_stream_${mod}"
318 -done
319 -
320 -for mod in $NGINX_MODULES_MAIL; do
321 - IUSE="${IUSE} nginx_modules_mail_${mod}"
322 -done
323 -
324 -for mod in $NGINX_MODULES_3RD; do
325 - IUSE="${IUSE} nginx_modules_${mod}"
326 -done
327 -
328 -# Add so we can warn users updating about config changes
329 -# @TODO: jbergstroem: remove on next release series
330 -IUSE="${IUSE} nginx_modules_http_spdy"
331 -
332 -CDEPEND="
333 - pcre? ( dev-libs/libpcre:= )
334 - pcre-jit? ( dev-libs/libpcre:=[jit] )
335 - ssl? (
336 - !libressl? ( dev-libs/openssl:0= )
337 - libressl? ( dev-libs/libressl:= )
338 - )
339 - http2? (
340 - !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
341 - libressl? ( dev-libs/libressl:= )
342 - )
343 - http-cache? (
344 - userland_GNU? (
345 - !libressl? ( dev-libs/openssl:0= )
346 - libressl? ( dev-libs/libressl:= )
347 - )
348 - )
349 - nginx_modules_http_brotli? ( app-arch/brotli:= )
350 - nginx_modules_http_geoip? ( dev-libs/geoip )
351 - nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
352 - nginx_modules_http_gunzip? ( sys-libs/zlib )
353 - nginx_modules_http_gzip? ( sys-libs/zlib )
354 - nginx_modules_http_gzip_static? ( sys-libs/zlib )
355 - nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
356 - nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
357 - nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
358 - nginx_modules_http_secure_link? (
359 - userland_GNU? (
360 - !libressl? ( dev-libs/openssl:0= )
361 - libressl? ( dev-libs/libressl:= )
362 - )
363 - )
364 - nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
365 - nginx_modules_http_lua? ( dev-lang/luajit:2= )
366 - nginx_modules_http_auth_pam? ( virtual/pam )
367 - nginx_modules_http_metrics? ( dev-libs/yajl:= )
368 - nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
369 - nginx_modules_http_security? (
370 - dev-libs/apr:=
371 - dev-libs/apr-util:=
372 - dev-libs/libxml2:=
373 - net-misc/curl
374 - www-servers/apache
375 - )
376 - nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
377 - nginx_modules_stream_geoip? ( dev-libs/geoip )
378 - nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
379 -RDEPEND="${CDEPEND}
380 - selinux? ( sec-policy/selinux-nginx )
381 - !www-servers/nginx:mainline"
382 -DEPEND="${CDEPEND}
383 - nginx_modules_http_brotli? ( virtual/pkgconfig )
384 - nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
385 - arm? ( dev-libs/libatomic_ops )
386 - libatomic? ( dev-libs/libatomic_ops )"
387 -PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
388 -
389 -REQUIRED_USE="pcre-jit? ( pcre )
390 - nginx_modules_http_grpc? ( http2 )
391 - nginx_modules_http_lua? (
392 - luajit
393 - nginx_modules_http_rewrite
394 - )
395 - nginx_modules_http_naxsi? ( pcre )
396 - nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
397 - nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
398 - nginx_modules_http_security? ( pcre )
399 - nginx_modules_http_push_stream? ( ssl )"
400 -
401 -pkg_setup() {
402 - NGINX_HOME="/var/lib/nginx"
403 - NGINX_HOME_TMP="${NGINX_HOME}/tmp"
404 -
405 - ebegin "Creating nginx user and group"
406 - enewgroup ${PN}
407 - enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
408 - eend $?
409 -
410 - if use libatomic; then
411 - ewarn "GCC 4.1+ features built-in atomic operations."
412 - ewarn "Using libatomic_ops is only needed if using"
413 - ewarn "a different compiler or a GCC prior to 4.1"
414 - fi
415 -
416 - if [[ -n $NGINX_ADD_MODULES ]]; then
417 - ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
418 - ewarn "This nginx installation is not supported!"
419 - ewarn "Make sure you can reproduce the bug without those modules"
420 - ewarn "_before_ reporting bugs."
421 - fi
422 -
423 - if use !http; then
424 - ewarn "To actually disable all http-functionality you also have to disable"
425 - ewarn "all nginx http modules."
426 - fi
427 -
428 - if use nginx_modules_http_mogilefs && use threads; then
429 - eerror "mogilefs won't compile with threads support."
430 - eerror "Please disable either flag and try again."
431 - die "Can't compile mogilefs with threads support"
432 - fi
433 -}
434 -
435 -src_prepare() {
436 - eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
437 - eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
438 -
439 - if use nginx_modules_http_auth_pam; then
440 - cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
441 - eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
442 - cd "${S}" || die
443 - fi
444 -
445 - if use nginx_modules_http_brotli; then
446 - cd "${HTTP_BROTLI_MODULE_WD}" || die
447 - eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
448 - cd "${S}" || die
449 - fi
450 -
451 - if use nginx_modules_http_upstream_check; then
452 - eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
453 - fi
454 -
455 - if use nginx_modules_http_cache_purge; then
456 - cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
457 - eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
458 - cd "${S}" || die
459 - fi
460 -
461 - if use nginx_modules_http_security; then
462 - cd "${HTTP_SECURITY_MODULE_WD}" || die
463 -
464 - eautoreconf
465 -
466 - if use luajit ; then
467 - sed -i \
468 - -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
469 - configure || die
470 - fi
471 -
472 - cd "${S}" || die
473 - fi
474 -
475 - if use nginx_modules_http_upload_progress; then
476 - cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
477 - eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
478 - cd "${S}" || die
479 - fi
480 -
481 - find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
482 - # We have config protection, don't rename etc files
483 - sed -i 's:.default::' auto/install || die
484 - # remove useless files
485 - sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
486 -
487 - # don't install to /etc/nginx/ if not in use
488 - local module
489 - for module in fastcgi scgi uwsgi ; do
490 - if ! use nginx_modules_http_${module}; then
491 - sed -i -e "/${module}/d" auto/install || die
492 - fi
493 - done
494 -
495 - eapply_user
496 -}
497 -
498 -src_configure() {
499 - # mod_security needs to generate nginx/modsecurity/config before including it
500 - if use nginx_modules_http_security; then
501 - cd "${HTTP_SECURITY_MODULE_WD}" || die
502 -
503 - ./configure \
504 - --enable-standalone-module \
505 - --disable-mlogc \
506 - --with-ssdeep=no \
507 - $(use_enable pcre-jit) \
508 - $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
509 -
510 - cd "${S}" || die
511 - fi
512 -
513 - local myconf=() http_enabled= mail_enabled= stream_enabled=
514 -
515 - use aio && myconf+=( --with-file-aio )
516 - use debug && myconf+=( --with-debug )
517 - use http2 && myconf+=( --with-http_v2_module )
518 - use libatomic && myconf+=( --with-libatomic )
519 - use pcre && myconf+=( --with-pcre )
520 - use pcre-jit && myconf+=( --with-pcre-jit )
521 - use threads && myconf+=( --with-threads )
522 -
523 - # HTTP modules
524 - for mod in $NGINX_MODULES_STD; do
525 - if use nginx_modules_http_${mod}; then
526 - http_enabled=1
527 - else
528 - myconf+=( --without-http_${mod}_module )
529 - fi
530 - done
531 -
532 - for mod in $NGINX_MODULES_OPT; do
533 - if use nginx_modules_http_${mod}; then
534 - http_enabled=1
535 - myconf+=( --with-http_${mod}_module )
536 - fi
537 - done
538 -
539 - if use nginx_modules_http_fastcgi; then
540 - myconf+=( --with-http_realip_module )
541 - fi
542 -
543 - # third-party modules
544 - if use nginx_modules_http_upload_progress; then
545 - http_enabled=1
546 - myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
547 - fi
548 -
549 - if use nginx_modules_http_headers_more; then
550 - http_enabled=1
551 - myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
552 - fi
553 -
554 - if use nginx_modules_http_cache_purge; then
555 - http_enabled=1
556 - myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
557 - fi
558 -
559 - if use nginx_modules_http_slowfs_cache; then
560 - http_enabled=1
561 - myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
562 - fi
563 -
564 - if use nginx_modules_http_fancyindex; then
565 - http_enabled=1
566 - myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
567 - fi
568 -
569 - if use nginx_modules_http_lua; then
570 - http_enabled=1
571 - export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
572 - export LUAJIT_INC=$(pkg-config --variable includedir luajit)
573 - myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
574 - myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
575 - fi
576 -
577 - if use nginx_modules_http_auth_pam; then
578 - http_enabled=1
579 - myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
580 - fi
581 -
582 - if use nginx_modules_http_upstream_check; then
583 - http_enabled=1
584 - myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
585 - fi
586 -
587 - if use nginx_modules_http_metrics; then
588 - http_enabled=1
589 - myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
590 - fi
591 -
592 - if use nginx_modules_http_naxsi ; then
593 - http_enabled=1
594 - myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
595 - fi
596 -
597 - if use rtmp ; then
598 - http_enabled=1
599 - myconf+=( --add-module=${RTMP_MODULE_WD} )
600 - fi
601 -
602 - if use nginx_modules_http_dav_ext ; then
603 - http_enabled=1
604 - myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
605 - fi
606 -
607 - if use nginx_modules_http_echo ; then
608 - http_enabled=1
609 - myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
610 - fi
611 -
612 - if use nginx_modules_http_security ; then
613 - http_enabled=1
614 - myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
615 - fi
616 -
617 - if use nginx_modules_http_push_stream ; then
618 - http_enabled=1
619 - myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
620 - fi
621 -
622 - if use nginx_modules_http_sticky ; then
623 - http_enabled=1
624 - myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
625 - fi
626 -
627 - if use nginx_modules_http_mogilefs ; then
628 - http_enabled=1
629 - myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
630 - fi
631 -
632 - if use nginx_modules_http_memc ; then
633 - http_enabled=1
634 - myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
635 - fi
636 -
637 - if use nginx_modules_http_auth_ldap; then
638 - http_enabled=1
639 - myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
640 - fi
641 -
642 - if use nginx_modules_http_vhost_traffic_status; then
643 - http_enabled=1
644 - myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
645 - fi
646 -
647 - if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
648 - myconf+=( --add-module=${GEOIP2_MODULE_WD} )
649 - fi
650 -
651 - if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
652 - myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
653 - fi
654 -
655 - if use nginx_modules_http_brotli; then
656 - http_enabled=1
657 - myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
658 - fi
659 -
660 - if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
661 - http_enabled=1
662 - fi
663 -
664 - if [ $http_enabled ]; then
665 - use http-cache || myconf+=( --without-http-cache )
666 - use ssl && myconf+=( --with-http_ssl_module )
667 - else
668 - myconf+=( --without-http --without-http-cache )
669 - fi
670 -
671 - # Stream modules
672 - for mod in $NGINX_MODULES_STREAM_STD; do
673 - if use nginx_modules_stream_${mod}; then
674 - stream_enabled=1
675 - else
676 - myconf+=( --without-stream_${mod}_module )
677 - fi
678 - done
679 -
680 - for mod in $NGINX_MODULES_STREAM_OPT; do
681 - if use nginx_modules_stream_${mod}; then
682 - stream_enabled=1
683 - myconf+=( --with-stream_${mod}_module )
684 - fi
685 - done
686 -
687 - if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
688 - stream_enabled=1
689 - fi
690 -
691 - if [ $stream_enabled ]; then
692 - myconf+=( --with-stream )
693 - use ssl && myconf+=( --with-stream_ssl_module )
694 - fi
695 -
696 - # MAIL modules
697 - for mod in $NGINX_MODULES_MAIL; do
698 - if use nginx_modules_mail_${mod}; then
699 - mail_enabled=1
700 - else
701 - myconf+=( --without-mail_${mod}_module )
702 - fi
703 - done
704 -
705 - if [ $mail_enabled ]; then
706 - myconf+=( --with-mail )
707 - use ssl && myconf+=( --with-mail_ssl_module )
708 - fi
709 -
710 - # custom modules
711 - for mod in $NGINX_ADD_MODULES; do
712 - myconf+=( --add-module=${mod} )
713 - done
714 -
715 - # https://bugs.gentoo.org/286772
716 - export LANG=C LC_ALL=C
717 - tc-export CC
718 -
719 - if ! use prefix; then
720 - myconf+=( --user=${PN} )
721 - myconf+=( --group=${PN} )
722 - fi
723 -
724 - local WITHOUT_IPV6=
725 - if ! use ipv6; then
726 - WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
727 - fi
728 -
729 - if [[ -n "${EXTRA_ECONF}" ]]; then
730 - myconf+=( ${EXTRA_ECONF} )
731 - ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
732 - fi
733 -
734 - ./configure \
735 - --prefix="${EPREFIX}"/usr \
736 - --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
737 - --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
738 - --pid-path="${EPREFIX}"/run/${PN}.pid \
739 - --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
740 - --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
741 - --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
742 - --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
743 - --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
744 - --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
745 - --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
746 - --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
747 - --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
748 - --with-compat \
749 - "${myconf[@]}" || die "configure failed"
750 -
751 - # A purely cosmetic change that makes nginx -V more readable. This can be
752 - # good if people outside the gentoo community would troubleshoot and
753 - # question the users setup.
754 - sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
755 -}
756 -
757 -src_compile() {
758 - use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
759 -
760 - # https://bugs.gentoo.org/286772
761 - export LANG=C LC_ALL=C
762 - emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
763 -}
764 -
765 -src_install() {
766 - emake DESTDIR="${D%/}" install
767 -
768 - cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
769 -
770 - newinitd "${FILESDIR}"/nginx.initd-r4 nginx
771 - newconfd "${FILESDIR}"/nginx.confd nginx
772 -
773 - systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
774 -
775 - doman man/nginx.8
776 - dodoc CHANGES* README
777 -
778 - # just keepdir. do not copy the default htdocs files (bug #449136)
779 - keepdir /var/www/localhost
780 - rm -rf "${D}"usr/html || die
781 -
782 - # set up a list of directories to keep
783 - local keepdir_list="${NGINX_HOME_TMP}"/client
784 - local module
785 - for module in proxy fastcgi scgi uwsgi; do
786 - use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
787 - done
788 -
789 - keepdir /var/log/nginx ${keepdir_list}
790 -
791 - # this solves a problem with SELinux where nginx doesn't see the directories
792 - # as root and tries to create them as nginx
793 - fperms 0750 "${NGINX_HOME_TMP}"
794 - fowners ${PN}:0 "${NGINX_HOME_TMP}"
795 -
796 - fperms 0700 ${keepdir_list}
797 - fowners ${PN}:${PN} ${keepdir_list}
798 -
799 - fperms 0710 /var/log/nginx
800 - fowners 0:${PN} /var/log/nginx
801 -
802 - # logrotate
803 - insinto /etc/logrotate.d
804 - newins "${FILESDIR}"/nginx.logrotate-r1 nginx
805 -
806 - if use luajit; then
807 - pax-mark m "${ED%/}/usr/sbin/nginx"
808 - fi
809 -
810 - if use nginx_modules_http_perl; then
811 - cd "${S}"/objs/src/http/modules/perl/ || die
812 - emake DESTDIR="${D}" INSTALLDIRS=vendor
813 - perl_delete_localpod
814 - cd "${S}" || die
815 - fi
816 -
817 - if use nginx_modules_http_cache_purge; then
818 - docinto ${HTTP_CACHE_PURGE_MODULE_P}
819 - dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
820 - fi
821 -
822 - if use nginx_modules_http_slowfs_cache; then
823 - docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
824 - dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
825 - fi
826 -
827 - if use nginx_modules_http_fancyindex; then
828 - docinto ${HTTP_FANCYINDEX_MODULE_P}
829 - dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
830 - fi
831 -
832 - if use nginx_modules_http_lua; then
833 - docinto ${HTTP_LUA_MODULE_P}
834 - dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
835 - fi
836 -
837 - if use nginx_modules_http_auth_pam; then
838 - docinto ${HTTP_AUTH_PAM_MODULE_P}
839 - dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
840 - fi
841 -
842 - if use nginx_modules_http_upstream_check; then
843 - docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
844 - dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
845 - fi
846 -
847 - if use nginx_modules_http_naxsi; then
848 - insinto /etc/nginx
849 - doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
850 - fi
851 -
852 - if use rtmp; then
853 - docinto ${RTMP_MODULE_P}
854 - dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
855 - fi
856 -
857 - if use nginx_modules_http_dav_ext; then
858 - docinto ${HTTP_DAV_EXT_MODULE_P}
859 - dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
860 - fi
861 -
862 - if use nginx_modules_http_echo; then
863 - docinto ${HTTP_ECHO_MODULE_P}
864 - dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
865 - fi
866 -
867 - if use nginx_modules_http_security; then
868 - docinto ${HTTP_SECURITY_MODULE_P}
869 - dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
870 - fi
871 -
872 - if use nginx_modules_http_push_stream; then
873 - docinto ${HTTP_PUSH_STREAM_MODULE_P}
874 - dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
875 - fi
876 -
877 - if use nginx_modules_http_sticky; then
878 - docinto ${HTTP_STICKY_MODULE_P}
879 - dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
880 - fi
881 -
882 - if use nginx_modules_http_memc; then
883 - docinto ${HTTP_MEMC_MODULE_P}
884 - dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
885 - fi
886 -
887 - if use nginx_modules_http_auth_ldap; then
888 - docinto ${HTTP_LDAP_MODULE_P}
889 - dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
890 - fi
891 -}
892 -
893 -pkg_postinst() {
894 - if use ssl; then
895 - if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
896 - install_cert /etc/ssl/${PN}/${PN}
897 - use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
898 - fi
899 - fi
900 -
901 - if use nginx_modules_http_spdy; then
902 - ewarn ""
903 - ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
904 - ewarn "Update your configs and package.use accordingly."
905 - fi
906 -
907 - if use nginx_modules_http_lua; then
908 - ewarn ""
909 - ewarn "While you can build lua 3rd party module against ${P}"
910 - ewarn "the author warns that >=${PN}-1.11.11 is still not an"
911 - ewarn "officially supported target yet. You are on your own."
912 - ewarn "Expect runtime failures, memory leaks and other problems!"
913 - fi
914 -
915 - if use nginx_modules_http_lua && use http2; then
916 - ewarn ""
917 - ewarn "Lua 3rd party module author warns against using ${P} with"
918 - ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
919 - fi
920 -
921 - local _n_permission_layout_checks=0
922 - local _has_to_adjust_permissions=0
923 - local _has_to_show_permission_warning=0
924 -
925 - # Defaults to 1 to inform people doing a fresh installation
926 - # that we ship modified {scgi,uwsgi,fastcgi}_params files
927 - local _has_to_show_httpoxy_mitigation_notice=1
928 -
929 - local _replacing_version=
930 - for _replacing_version in ${REPLACING_VERSIONS}; do
931 - _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
932 -
933 - if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
934 - # Should never happen:
935 - # Package is abusing slots but doesn't allow multiple parallel installations.
936 - # If we run into this situation it is unsafe to automatically adjust any
937 - # permission...
938 - _has_to_show_permission_warning=1
939 -
940 - ewarn "Replacing multiple ${PN}' versions is unsupported! " \
941 - "You will have to adjust permissions on your own."
942 -
943 - break
944 - fi
945 -
946 - local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
947 - debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
948 -
949 - # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
950 - # This was before we introduced multiple nginx versions so we
951 - # do not need to distinguish between stable and mainline
952 - local _need_to_fix_CVE2013_0337=1
953 -
954 - if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
955 - # We are updating an installation which should already be fixed
956 - _need_to_fix_CVE2013_0337=0
957 - debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
958 - else
959 - _has_to_adjust_permissions=1
960 - debug-print "Need to adjust permissions to fix CVE-2013-0337!"
961 - fi
962 -
963 - # Do we need to inform about HTTPoxy mitigation?
964 - # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
965 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
966 - # Updating from <1.10
967 - _has_to_show_httpoxy_mitigation_notice=1
968 - debug-print "Need to inform about HTTPoxy mitigation!"
969 - else
970 - # Updating from >=1.10
971 - local _fixed_in_pvr=
972 - case "${_replacing_version_branch}" in
973 - "1.10")
974 - _fixed_in_pvr="1.10.1-r2"
975 - ;;
976 - "1.11")
977 - _fixed_in_pvr="1.11.3-r1"
978 - ;;
979 - *)
980 - # This should be any future branch.
981 - # If we run this code it is safe to assume that the user has
982 - # already seen the HTTPoxy mitigation notice because he/she is doing
983 - # an update from previous version where we have already shown
984 - # the warning. Otherwise, we wouldn't hit this code path ...
985 - _fixed_in_pvr=
986 - esac
987 -
988 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
989 - # We are updating an installation where we already informed
990 - # that we are mitigating HTTPoxy per default
991 - _has_to_show_httpoxy_mitigation_notice=0
992 - debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
993 - else
994 - _has_to_show_httpoxy_mitigation_notice=1
995 - debug-print "Need to inform about HTTPoxy mitigation!"
996 - fi
997 - fi
998 -
999 - # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
1000 - # All branches up to 1.11 are affected
1001 - local _need_to_fix_CVE2016_1247=1
1002 -
1003 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
1004 - # Updating from <1.10
1005 - _has_to_adjust_permissions=1
1006 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
1007 - else
1008 - # Updating from >=1.10
1009 - local _fixed_in_pvr=
1010 - case "${_replacing_version_branch}" in
1011 - "1.10")
1012 - _fixed_in_pvr="1.10.2-r3"
1013 - ;;
1014 - "1.11")
1015 - _fixed_in_pvr="1.11.6-r1"
1016 - ;;
1017 - *)
1018 - # This should be any future branch.
1019 - # If we run this code it is safe to assume that we have already
1020 - # adjusted permissions or were never affected because user is
1021 - # doing an update from previous version which was safe or did
1022 - # the adjustments. Otherwise, we wouldn't hit this code path ...
1023 - _fixed_in_pvr=
1024 - esac
1025 -
1026 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
1027 - # We are updating an installation which should already be adjusted
1028 - # or which was never affected
1029 - _need_to_fix_CVE2016_1247=0
1030 - debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
1031 - else
1032 - _has_to_adjust_permissions=1
1033 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
1034 - fi
1035 - fi
1036 - done
1037 -
1038 - if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
1039 - # We do not DIE when chmod/chown commands are failing because
1040 - # package is already merged on user's system at this stage
1041 - # and we cannot retry without losing the information that
1042 - # the existing installation needs to adjust permissions.
1043 - # Instead we are going to a show a big warning ...
1044 -
1045 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
1046 - ewarn ""
1047 - ewarn "The world-readable bit (if set) has been removed from the"
1048 - ewarn "following directories to mitigate a security bug"
1049 - ewarn "(CVE-2013-0337, bug #458726):"
1050 - ewarn ""
1051 - ewarn " ${EPREFIX%/}/var/log/nginx"
1052 - ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
1053 - ewarn ""
1054 - ewarn "Check if this is correct for your setup before restarting nginx!"
1055 - ewarn "This is a one-time change and will not happen on subsequent updates."
1056 - ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
1057 - chmod o-rwx \
1058 - "${EPREFIX%/}"/var/log/nginx \
1059 - "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
1060 - _has_to_show_permission_warning=1
1061 - fi
1062 -
1063 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
1064 - ewarn ""
1065 - ewarn "The permissions on the following directory have been reset in"
1066 - ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
1067 - ewarn ""
1068 - ewarn " ${EPREFIX%/}/var/log/nginx"
1069 - ewarn ""
1070 - ewarn "Check if this is correct for your setup before restarting nginx!"
1071 - ewarn "Also ensure that no other log directory used by any of your"
1072 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
1073 - ewarn "used by nginx can be abused to escalate privileges!"
1074 - ewarn "This is a one-time change and will not happen on subsequent updates."
1075 - chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
1076 - chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
1077 - fi
1078 -
1079 - if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
1080 - # Should never happen ...
1081 - ewarn ""
1082 - ewarn "*************************************************************"
1083 - ewarn "*************** W A R N I N G ***************"
1084 - ewarn "*************************************************************"
1085 - ewarn "The one-time only attempt to adjust permissions of the"
1086 - ewarn "existing nginx installation failed. Be aware that we will not"
1087 - ewarn "try to adjust the same permissions again because now you are"
1088 - ewarn "using a nginx version where we expect that the permissions"
1089 - ewarn "are already adjusted or that you know what you are doing and"
1090 - ewarn "want to keep custom permissions."
1091 - ewarn ""
1092 - fi
1093 - fi
1094 -
1095 - # Sanity check for CVE-2016-1247
1096 - # Required to warn users who received the warning above and thought
1097 - # they could fix it by unmerging and re-merging the package or have
1098 - # unmerged a affected installation on purpose in the past leaving
1099 - # /var/log/nginx on their system due to keepdir/non-empty folder
1100 - # and are now installing the package again.
1101 - local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
1102 - su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
1103 - if [ $? -eq 0 ] ; then
1104 - # Cleanup -- no reason to die here!
1105 - rm -f "${_sanity_check_testfile}"
1106 -
1107 - ewarn ""
1108 - ewarn "*************************************************************"
1109 - ewarn "*************** W A R N I N G ***************"
1110 - ewarn "*************************************************************"
1111 - ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
1112 - ewarn "(bug #605008) because nginx user is able to create files in"
1113 - ewarn ""
1114 - ewarn " ${EPREFIX%/}/var/log/nginx"
1115 - ewarn ""
1116 - ewarn "Also ensure that no other log directory used by any of your"
1117 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
1118 - ewarn "used by nginx can be abused to escalate privileges!"
1119 - fi
1120 -
1121 - if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
1122 - # HTTPoxy mitigation
1123 - ewarn ""
1124 - ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
1125 - ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
1126 - ewarn "the HTTP_PROXY parameter to an empty string per default when you"
1127 - ewarn "are sourcing one of the default"
1128 - ewarn ""
1129 - ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
1130 - ewarn " - 'scgi_params'"
1131 - ewarn " - 'uwsgi_params'"
1132 - ewarn ""
1133 - ewarn "files in your server block(s)."
1134 - ewarn ""
1135 - ewarn "If this is causing any problems for you make sure that you are sourcing the"
1136 - ewarn "default parameters _before_ you set your own values."
1137 - ewarn "If you are relying on user-supplied proxy values you have to remove the"
1138 - ewarn "correlating lines from the file(s) mentioned above."
1139 - ewarn ""
1140 - fi
1141 -}
1142
1143 diff --git a/www-servers/nginx/nginx-1.17.0.ebuild b/www-servers/nginx/nginx-1.17.0.ebuild
1144 deleted file mode 100644
1145 index 2985eb0886b..00000000000
1146 --- a/www-servers/nginx/nginx-1.17.0.ebuild
1147 +++ /dev/null
1148 @@ -1,1089 +0,0 @@
1149 -# Copyright 1999-2019 Gentoo Authors
1150 -# Distributed under the terms of the GNU General Public License v2
1151 -
1152 -EAPI="6"
1153 -
1154 -# Maintainer notes:
1155 -# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
1156 -# - any http-module activates the main http-functionality and overrides USE=-http
1157 -# - keep the following requirements in mind before adding external modules:
1158 -# * alive upstream
1159 -# * sane packaging
1160 -# * builds cleanly
1161 -# * does not need a patch for nginx core
1162 -# - TODO: test the google-perftools module (included in vanilla tarball)
1163 -
1164 -# prevent perl-module from adding automagic perl DEPENDs
1165 -GENTOO_DEPEND_ON_PERL="no"
1166 -
1167 -# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
1168 -DEVEL_KIT_MODULE_PV="0.3.0"
1169 -DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
1170 -DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
1171 -DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
1172 -
1173 -# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
1174 -HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
1175 -HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
1176 -HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
1177 -HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
1178 -
1179 -# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
1180 -HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
1181 -HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
1182 -HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
1183 -HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
1184 -
1185 -# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
1186 -HTTP_HEADERS_MORE_MODULE_PV="0.33"
1187 -HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
1188 -HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
1189 -HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
1190 -
1191 -# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
1192 -HTTP_CACHE_PURGE_MODULE_PV="2.3"
1193 -HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
1194 -HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
1195 -HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
1196 -
1197 -# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
1198 -HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
1199 -HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
1200 -HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
1201 -HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
1202 -
1203 -# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
1204 -HTTP_FANCYINDEX_MODULE_PV="0.4.3"
1205 -HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
1206 -HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
1207 -HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
1208 -
1209 -# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
1210 -HTTP_LUA_MODULE_PV="0.10.15"
1211 -HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
1212 -HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
1213 -HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
1214 -
1215 -# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
1216 -HTTP_AUTH_PAM_MODULE_PV="1.5.1"
1217 -HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
1218 -HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
1219 -HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
1220 -
1221 -# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
1222 -HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
1223 -HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
1224 -HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
1225 -HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
1226 -
1227 -# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
1228 -HTTP_METRICS_MODULE_PV="0.1.1"
1229 -HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
1230 -HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
1231 -HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
1232 -
1233 -# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
1234 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
1235 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
1236 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
1237 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
1238 -
1239 -# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
1240 -HTTP_NAXSI_MODULE_PV="0.56"
1241 -HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
1242 -HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
1243 -HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
1244 -
1245 -# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
1246 -RTMP_MODULE_PV="1.2.1"
1247 -RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
1248 -RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
1249 -RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
1250 -
1251 -# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
1252 -HTTP_DAV_EXT_MODULE_PV="3.0.0"
1253 -HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
1254 -HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
1255 -HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
1256 -
1257 -# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
1258 -HTTP_ECHO_MODULE_PV="0.61"
1259 -HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
1260 -HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
1261 -HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
1262 -
1263 -# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
1264 -# keep the MODULE_P here consistent with upstream to avoid tarball duplication
1265 -HTTP_SECURITY_MODULE_PV="2.9.3"
1266 -HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
1267 -HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
1268 -HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
1269 -
1270 -# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
1271 -HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
1272 -HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
1273 -HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
1274 -HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
1275 -
1276 -# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
1277 -HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
1278 -HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
1279 -HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
1280 -HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
1281 -
1282 -# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
1283 -HTTP_MOGILEFS_MODULE_PV="1.0.4"
1284 -HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
1285 -HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
1286 -HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
1287 -
1288 -# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
1289 -HTTP_MEMC_MODULE_PV="0.19"
1290 -HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
1291 -HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
1292 -HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
1293 -
1294 -# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
1295 -HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
1296 -HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
1297 -HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
1298 -HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
1299 -
1300 -# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
1301 -GEOIP2_MODULE_PV="3.2"
1302 -GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
1303 -GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
1304 -GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
1305 -
1306 -# njs-module (https://github.com/nginx/njs, as-is)
1307 -NJS_MODULE_PV="0.3.2"
1308 -NJS_MODULE_P="njs-${NJS_MODULE_PV}"
1309 -NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
1310 -NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
1311 -
1312 -# We handle deps below ourselves
1313 -SSL_DEPS_SKIP=1
1314 -AUTOTOOLS_AUTO_DEPEND="no"
1315 -
1316 -inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
1317 -
1318 -DESCRIPTION="Robust, small and high performance http and reverse proxy server"
1319 -HOMEPAGE="https://nginx.org"
1320 -SRC_URI="https://nginx.org/download/${P}.tar.gz
1321 - ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
1322 - nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
1323 - nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
1324 - nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
1325 - nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
1326 - nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
1327 - nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
1328 - nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
1329 - nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
1330 - nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
1331 - nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
1332 - nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
1333 - nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
1334 - nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
1335 - nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
1336 - nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
1337 - nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
1338 - nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
1339 - nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
1340 - nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
1341 - nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
1342 - nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
1343 - nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
1344 - nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
1345 - nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
1346 - rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
1347 -
1348 -LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
1349 - nginx_modules_http_security? ( Apache-2.0 )
1350 - nginx_modules_http_push_stream? ( GPL-3 )"
1351 -
1352 -SLOT="mainline"
1353 -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
1354 -
1355 -# Package doesn't provide a real test suite
1356 -RESTRICT="test"
1357 -
1358 -NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
1359 - fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
1360 - proxy referer rewrite scgi ssi split_clients upstream_hash
1361 - upstream_ip_hash upstream_keepalive upstream_least_conn
1362 - upstream_zone userid uwsgi"
1363 -NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
1364 - gzip_static image_filter mp4 perl random_index realip secure_link
1365 - slice stub_status sub xslt"
1366 -NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
1367 - upstream_hash upstream_least_conn upstream_zone"
1368 -NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
1369 -NGINX_MODULES_MAIL="imap pop3 smtp"
1370 -NGINX_MODULES_3RD="
1371 - http_auth_ldap
1372 - http_auth_pam
1373 - http_brotli
1374 - http_cache_purge
1375 - http_dav_ext
1376 - http_echo
1377 - http_fancyindex
1378 - http_geoip2
1379 - http_headers_more
1380 - http_javascript
1381 - http_lua
1382 - http_memc
1383 - http_metrics
1384 - http_mogilefs
1385 - http_naxsi
1386 - http_push_stream
1387 - http_security
1388 - http_slowfs_cache
1389 - http_sticky
1390 - http_upload_progress
1391 - http_upstream_check
1392 - http_vhost_traffic_status
1393 - stream_geoip2
1394 - stream_javascript
1395 -"
1396 -
1397 -IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
1398 - pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
1399 -
1400 -for mod in $NGINX_MODULES_STD; do
1401 - IUSE="${IUSE} +nginx_modules_http_${mod}"
1402 -done
1403 -
1404 -for mod in $NGINX_MODULES_OPT; do
1405 - IUSE="${IUSE} nginx_modules_http_${mod}"
1406 -done
1407 -
1408 -for mod in $NGINX_MODULES_STREAM_STD; do
1409 - IUSE="${IUSE} nginx_modules_stream_${mod}"
1410 -done
1411 -
1412 -for mod in $NGINX_MODULES_STREAM_OPT; do
1413 - IUSE="${IUSE} nginx_modules_stream_${mod}"
1414 -done
1415 -
1416 -for mod in $NGINX_MODULES_MAIL; do
1417 - IUSE="${IUSE} nginx_modules_mail_${mod}"
1418 -done
1419 -
1420 -for mod in $NGINX_MODULES_3RD; do
1421 - IUSE="${IUSE} nginx_modules_${mod}"
1422 -done
1423 -
1424 -# Add so we can warn users updating about config changes
1425 -# @TODO: jbergstroem: remove on next release series
1426 -IUSE="${IUSE} nginx_modules_http_spdy"
1427 -
1428 -CDEPEND="
1429 - pcre? ( dev-libs/libpcre:= )
1430 - pcre-jit? ( dev-libs/libpcre:=[jit] )
1431 - ssl? (
1432 - !libressl? ( dev-libs/openssl:0= )
1433 - libressl? ( dev-libs/libressl:= )
1434 - )
1435 - http2? (
1436 - !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
1437 - libressl? ( dev-libs/libressl:= )
1438 - )
1439 - http-cache? (
1440 - userland_GNU? (
1441 - !libressl? ( dev-libs/openssl:0= )
1442 - libressl? ( dev-libs/libressl:= )
1443 - )
1444 - )
1445 - nginx_modules_http_brotli? ( app-arch/brotli:= )
1446 - nginx_modules_http_geoip? ( dev-libs/geoip )
1447 - nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
1448 - nginx_modules_http_gunzip? ( sys-libs/zlib )
1449 - nginx_modules_http_gzip? ( sys-libs/zlib )
1450 - nginx_modules_http_gzip_static? ( sys-libs/zlib )
1451 - nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
1452 - nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
1453 - nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
1454 - nginx_modules_http_secure_link? (
1455 - userland_GNU? (
1456 - !libressl? ( dev-libs/openssl:0= )
1457 - libressl? ( dev-libs/libressl:= )
1458 - )
1459 - )
1460 - nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
1461 - nginx_modules_http_lua? ( dev-lang/luajit:2= )
1462 - nginx_modules_http_auth_pam? ( virtual/pam )
1463 - nginx_modules_http_metrics? ( dev-libs/yajl:= )
1464 - nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
1465 - nginx_modules_http_security? (
1466 - dev-libs/apr:=
1467 - dev-libs/apr-util:=
1468 - dev-libs/libxml2:=
1469 - net-misc/curl
1470 - www-servers/apache
1471 - )
1472 - nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
1473 - nginx_modules_stream_geoip? ( dev-libs/geoip )
1474 - nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
1475 -RDEPEND="${CDEPEND}
1476 - selinux? ( sec-policy/selinux-nginx )
1477 - !www-servers/nginx:0"
1478 -DEPEND="${CDEPEND}
1479 - nginx_modules_http_brotli? ( virtual/pkgconfig )
1480 - nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
1481 - arm? ( dev-libs/libatomic_ops )
1482 - libatomic? ( dev-libs/libatomic_ops )"
1483 -PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
1484 -
1485 -REQUIRED_USE="pcre-jit? ( pcre )
1486 - nginx_modules_http_grpc? ( http2 )
1487 - nginx_modules_http_lua? (
1488 - luajit
1489 - nginx_modules_http_rewrite
1490 - )
1491 - nginx_modules_http_naxsi? ( pcre )
1492 - nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
1493 - nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
1494 - nginx_modules_http_security? ( pcre )
1495 - nginx_modules_http_push_stream? ( ssl )"
1496 -
1497 -pkg_setup() {
1498 - NGINX_HOME="/var/lib/nginx"
1499 - NGINX_HOME_TMP="${NGINX_HOME}/tmp"
1500 -
1501 - ebegin "Creating nginx user and group"
1502 - enewgroup ${PN}
1503 - enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
1504 - eend $?
1505 -
1506 - if use libatomic; then
1507 - ewarn "GCC 4.1+ features built-in atomic operations."
1508 - ewarn "Using libatomic_ops is only needed if using"
1509 - ewarn "a different compiler or a GCC prior to 4.1"
1510 - fi
1511 -
1512 - if [[ -n $NGINX_ADD_MODULES ]]; then
1513 - ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
1514 - ewarn "This nginx installation is not supported!"
1515 - ewarn "Make sure you can reproduce the bug without those modules"
1516 - ewarn "_before_ reporting bugs."
1517 - fi
1518 -
1519 - if use !http; then
1520 - ewarn "To actually disable all http-functionality you also have to disable"
1521 - ewarn "all nginx http modules."
1522 - fi
1523 -
1524 - if use nginx_modules_http_mogilefs && use threads; then
1525 - eerror "mogilefs won't compile with threads support."
1526 - eerror "Please disable either flag and try again."
1527 - die "Can't compile mogilefs with threads support"
1528 - fi
1529 -}
1530 -
1531 -src_prepare() {
1532 - eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
1533 - eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
1534 -
1535 - if use nginx_modules_http_auth_pam; then
1536 - cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
1537 - eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
1538 - cd "${S}" || die
1539 - fi
1540 -
1541 - if use nginx_modules_http_brotli; then
1542 - cd "${HTTP_BROTLI_MODULE_WD}" || die
1543 - eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
1544 - cd "${S}" || die
1545 - fi
1546 -
1547 - if use nginx_modules_http_upstream_check; then
1548 - eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
1549 - fi
1550 -
1551 - if use nginx_modules_http_cache_purge; then
1552 - cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
1553 - eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
1554 - cd "${S}" || die
1555 - fi
1556 -
1557 - if use nginx_modules_http_security; then
1558 - cd "${HTTP_SECURITY_MODULE_WD}" || die
1559 -
1560 - eautoreconf
1561 -
1562 - if use luajit ; then
1563 - sed -i \
1564 - -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
1565 - configure || die
1566 - fi
1567 -
1568 - cd "${S}" || die
1569 - fi
1570 -
1571 - if use nginx_modules_http_upload_progress; then
1572 - cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
1573 - eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
1574 - cd "${S}" || die
1575 - fi
1576 -
1577 - find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
1578 - # We have config protection, don't rename etc files
1579 - sed -i 's:.default::' auto/install || die
1580 - # remove useless files
1581 - sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
1582 -
1583 - # don't install to /etc/nginx/ if not in use
1584 - local module
1585 - for module in fastcgi scgi uwsgi ; do
1586 - if ! use nginx_modules_http_${module}; then
1587 - sed -i -e "/${module}/d" auto/install || die
1588 - fi
1589 - done
1590 -
1591 - eapply_user
1592 -}
1593 -
1594 -src_configure() {
1595 - # mod_security needs to generate nginx/modsecurity/config before including it
1596 - if use nginx_modules_http_security; then
1597 - cd "${HTTP_SECURITY_MODULE_WD}" || die
1598 -
1599 - ./configure \
1600 - --enable-standalone-module \
1601 - --disable-mlogc \
1602 - --with-ssdeep=no \
1603 - $(use_enable pcre-jit) \
1604 - $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
1605 -
1606 - cd "${S}" || die
1607 - fi
1608 -
1609 - local myconf=() http_enabled= mail_enabled= stream_enabled=
1610 -
1611 - use aio && myconf+=( --with-file-aio )
1612 - use debug && myconf+=( --with-debug )
1613 - use http2 && myconf+=( --with-http_v2_module )
1614 - use libatomic && myconf+=( --with-libatomic )
1615 - use pcre && myconf+=( --with-pcre )
1616 - use pcre-jit && myconf+=( --with-pcre-jit )
1617 - use threads && myconf+=( --with-threads )
1618 -
1619 - # HTTP modules
1620 - for mod in $NGINX_MODULES_STD; do
1621 - if use nginx_modules_http_${mod}; then
1622 - http_enabled=1
1623 - else
1624 - myconf+=( --without-http_${mod}_module )
1625 - fi
1626 - done
1627 -
1628 - for mod in $NGINX_MODULES_OPT; do
1629 - if use nginx_modules_http_${mod}; then
1630 - http_enabled=1
1631 - myconf+=( --with-http_${mod}_module )
1632 - fi
1633 - done
1634 -
1635 - if use nginx_modules_http_fastcgi; then
1636 - myconf+=( --with-http_realip_module )
1637 - fi
1638 -
1639 - # third-party modules
1640 - if use nginx_modules_http_upload_progress; then
1641 - http_enabled=1
1642 - myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
1643 - fi
1644 -
1645 - if use nginx_modules_http_headers_more; then
1646 - http_enabled=1
1647 - myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
1648 - fi
1649 -
1650 - if use nginx_modules_http_cache_purge; then
1651 - http_enabled=1
1652 - myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
1653 - fi
1654 -
1655 - if use nginx_modules_http_slowfs_cache; then
1656 - http_enabled=1
1657 - myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
1658 - fi
1659 -
1660 - if use nginx_modules_http_fancyindex; then
1661 - http_enabled=1
1662 - myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
1663 - fi
1664 -
1665 - if use nginx_modules_http_lua; then
1666 - http_enabled=1
1667 - export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
1668 - export LUAJIT_INC=$(pkg-config --variable includedir luajit)
1669 - myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
1670 - myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
1671 - fi
1672 -
1673 - if use nginx_modules_http_auth_pam; then
1674 - http_enabled=1
1675 - myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
1676 - fi
1677 -
1678 - if use nginx_modules_http_upstream_check; then
1679 - http_enabled=1
1680 - myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
1681 - fi
1682 -
1683 - if use nginx_modules_http_metrics; then
1684 - http_enabled=1
1685 - myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
1686 - fi
1687 -
1688 - if use nginx_modules_http_naxsi ; then
1689 - http_enabled=1
1690 - myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
1691 - fi
1692 -
1693 - if use rtmp ; then
1694 - http_enabled=1
1695 - myconf+=( --add-module=${RTMP_MODULE_WD} )
1696 - fi
1697 -
1698 - if use nginx_modules_http_dav_ext ; then
1699 - http_enabled=1
1700 - myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
1701 - fi
1702 -
1703 - if use nginx_modules_http_echo ; then
1704 - http_enabled=1
1705 - myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
1706 - fi
1707 -
1708 - if use nginx_modules_http_security ; then
1709 - http_enabled=1
1710 - myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
1711 - fi
1712 -
1713 - if use nginx_modules_http_push_stream ; then
1714 - http_enabled=1
1715 - myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
1716 - fi
1717 -
1718 - if use nginx_modules_http_sticky ; then
1719 - http_enabled=1
1720 - myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
1721 - fi
1722 -
1723 - if use nginx_modules_http_mogilefs ; then
1724 - http_enabled=1
1725 - myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
1726 - fi
1727 -
1728 - if use nginx_modules_http_memc ; then
1729 - http_enabled=1
1730 - myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
1731 - fi
1732 -
1733 - if use nginx_modules_http_auth_ldap; then
1734 - http_enabled=1
1735 - myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
1736 - fi
1737 -
1738 - if use nginx_modules_http_vhost_traffic_status; then
1739 - http_enabled=1
1740 - myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
1741 - fi
1742 -
1743 - if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
1744 - myconf+=( --add-module=${GEOIP2_MODULE_WD} )
1745 - fi
1746 -
1747 - if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
1748 - myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
1749 - fi
1750 -
1751 - if use nginx_modules_http_brotli; then
1752 - http_enabled=1
1753 - myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
1754 - fi
1755 -
1756 - if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
1757 - http_enabled=1
1758 - fi
1759 -
1760 - if [ $http_enabled ]; then
1761 - use http-cache || myconf+=( --without-http-cache )
1762 - use ssl && myconf+=( --with-http_ssl_module )
1763 - else
1764 - myconf+=( --without-http --without-http-cache )
1765 - fi
1766 -
1767 - # Stream modules
1768 - for mod in $NGINX_MODULES_STREAM_STD; do
1769 - if use nginx_modules_stream_${mod}; then
1770 - stream_enabled=1
1771 - else
1772 - myconf+=( --without-stream_${mod}_module )
1773 - fi
1774 - done
1775 -
1776 - for mod in $NGINX_MODULES_STREAM_OPT; do
1777 - if use nginx_modules_stream_${mod}; then
1778 - stream_enabled=1
1779 - myconf+=( --with-stream_${mod}_module )
1780 - fi
1781 - done
1782 -
1783 - if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
1784 - stream_enabled=1
1785 - fi
1786 -
1787 - if [ $stream_enabled ]; then
1788 - myconf+=( --with-stream )
1789 - use ssl && myconf+=( --with-stream_ssl_module )
1790 - fi
1791 -
1792 - # MAIL modules
1793 - for mod in $NGINX_MODULES_MAIL; do
1794 - if use nginx_modules_mail_${mod}; then
1795 - mail_enabled=1
1796 - else
1797 - myconf+=( --without-mail_${mod}_module )
1798 - fi
1799 - done
1800 -
1801 - if [ $mail_enabled ]; then
1802 - myconf+=( --with-mail )
1803 - use ssl && myconf+=( --with-mail_ssl_module )
1804 - fi
1805 -
1806 - # custom modules
1807 - for mod in $NGINX_ADD_MODULES; do
1808 - myconf+=( --add-module=${mod} )
1809 - done
1810 -
1811 - # https://bugs.gentoo.org/286772
1812 - export LANG=C LC_ALL=C
1813 - tc-export CC
1814 -
1815 - if ! use prefix; then
1816 - myconf+=( --user=${PN} )
1817 - myconf+=( --group=${PN} )
1818 - fi
1819 -
1820 - local WITHOUT_IPV6=
1821 - if ! use ipv6; then
1822 - WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
1823 - fi
1824 -
1825 - if [[ -n "${EXTRA_ECONF}" ]]; then
1826 - myconf+=( ${EXTRA_ECONF} )
1827 - ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
1828 - fi
1829 -
1830 - ./configure \
1831 - --prefix="${EPREFIX}"/usr \
1832 - --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
1833 - --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
1834 - --pid-path="${EPREFIX}"/run/${PN}.pid \
1835 - --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
1836 - --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
1837 - --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
1838 - --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
1839 - --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
1840 - --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
1841 - --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
1842 - --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
1843 - --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
1844 - --with-compat \
1845 - "${myconf[@]}" || die "configure failed"
1846 -
1847 - # A purely cosmetic change that makes nginx -V more readable. This can be
1848 - # good if people outside the gentoo community would troubleshoot and
1849 - # question the users setup.
1850 - sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
1851 -}
1852 -
1853 -src_compile() {
1854 - use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
1855 -
1856 - # https://bugs.gentoo.org/286772
1857 - export LANG=C LC_ALL=C
1858 - emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
1859 -}
1860 -
1861 -src_install() {
1862 - emake DESTDIR="${D%/}" install
1863 -
1864 - cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
1865 -
1866 - newinitd "${FILESDIR}"/nginx.initd-r4 nginx
1867 - newconfd "${FILESDIR}"/nginx.confd nginx
1868 -
1869 - systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
1870 -
1871 - doman man/nginx.8
1872 - dodoc CHANGES* README
1873 -
1874 - # just keepdir. do not copy the default htdocs files (bug #449136)
1875 - keepdir /var/www/localhost
1876 - rm -rf "${D}"usr/html || die
1877 -
1878 - # set up a list of directories to keep
1879 - local keepdir_list="${NGINX_HOME_TMP}"/client
1880 - local module
1881 - for module in proxy fastcgi scgi uwsgi; do
1882 - use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
1883 - done
1884 -
1885 - keepdir /var/log/nginx ${keepdir_list}
1886 -
1887 - # this solves a problem with SELinux where nginx doesn't see the directories
1888 - # as root and tries to create them as nginx
1889 - fperms 0750 "${NGINX_HOME_TMP}"
1890 - fowners ${PN}:0 "${NGINX_HOME_TMP}"
1891 -
1892 - fperms 0700 ${keepdir_list}
1893 - fowners ${PN}:${PN} ${keepdir_list}
1894 -
1895 - fperms 0710 /var/log/nginx
1896 - fowners 0:${PN} /var/log/nginx
1897 -
1898 - # logrotate
1899 - insinto /etc/logrotate.d
1900 - newins "${FILESDIR}"/nginx.logrotate-r1 nginx
1901 -
1902 - if use luajit; then
1903 - pax-mark m "${ED%/}/usr/sbin/nginx"
1904 - fi
1905 -
1906 - if use nginx_modules_http_perl; then
1907 - cd "${S}"/objs/src/http/modules/perl/ || die
1908 - emake DESTDIR="${D}" INSTALLDIRS=vendor
1909 - perl_delete_localpod
1910 - cd "${S}" || die
1911 - fi
1912 -
1913 - if use nginx_modules_http_cache_purge; then
1914 - docinto ${HTTP_CACHE_PURGE_MODULE_P}
1915 - dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
1916 - fi
1917 -
1918 - if use nginx_modules_http_slowfs_cache; then
1919 - docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
1920 - dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
1921 - fi
1922 -
1923 - if use nginx_modules_http_fancyindex; then
1924 - docinto ${HTTP_FANCYINDEX_MODULE_P}
1925 - dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
1926 - fi
1927 -
1928 - if use nginx_modules_http_lua; then
1929 - docinto ${HTTP_LUA_MODULE_P}
1930 - dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
1931 - fi
1932 -
1933 - if use nginx_modules_http_auth_pam; then
1934 - docinto ${HTTP_AUTH_PAM_MODULE_P}
1935 - dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
1936 - fi
1937 -
1938 - if use nginx_modules_http_upstream_check; then
1939 - docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
1940 - dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
1941 - fi
1942 -
1943 - if use nginx_modules_http_naxsi; then
1944 - insinto /etc/nginx
1945 - doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
1946 - fi
1947 -
1948 - if use rtmp; then
1949 - docinto ${RTMP_MODULE_P}
1950 - dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
1951 - fi
1952 -
1953 - if use nginx_modules_http_dav_ext; then
1954 - docinto ${HTTP_DAV_EXT_MODULE_P}
1955 - dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
1956 - fi
1957 -
1958 - if use nginx_modules_http_echo; then
1959 - docinto ${HTTP_ECHO_MODULE_P}
1960 - dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
1961 - fi
1962 -
1963 - if use nginx_modules_http_security; then
1964 - docinto ${HTTP_SECURITY_MODULE_P}
1965 - dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
1966 - fi
1967 -
1968 - if use nginx_modules_http_push_stream; then
1969 - docinto ${HTTP_PUSH_STREAM_MODULE_P}
1970 - dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
1971 - fi
1972 -
1973 - if use nginx_modules_http_sticky; then
1974 - docinto ${HTTP_STICKY_MODULE_P}
1975 - dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
1976 - fi
1977 -
1978 - if use nginx_modules_http_memc; then
1979 - docinto ${HTTP_MEMC_MODULE_P}
1980 - dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
1981 - fi
1982 -
1983 - if use nginx_modules_http_auth_ldap; then
1984 - docinto ${HTTP_LDAP_MODULE_P}
1985 - dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
1986 - fi
1987 -}
1988 -
1989 -pkg_postinst() {
1990 - if use ssl; then
1991 - if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
1992 - install_cert /etc/ssl/${PN}/${PN}
1993 - use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
1994 - fi
1995 - fi
1996 -
1997 - if use nginx_modules_http_spdy; then
1998 - ewarn ""
1999 - ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
2000 - ewarn "Update your configs and package.use accordingly."
2001 - fi
2002 -
2003 - if use nginx_modules_http_lua; then
2004 - ewarn ""
2005 - ewarn "While you can build lua 3rd party module against ${P}"
2006 - ewarn "the author warns that >=${PN}-1.11.11 is still not an"
2007 - ewarn "officially supported target yet. You are on your own."
2008 - ewarn "Expect runtime failures, memory leaks and other problems!"
2009 - fi
2010 -
2011 - if use nginx_modules_http_lua && use http2; then
2012 - ewarn ""
2013 - ewarn "Lua 3rd party module author warns against using ${P} with"
2014 - ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
2015 - fi
2016 -
2017 - local _n_permission_layout_checks=0
2018 - local _has_to_adjust_permissions=0
2019 - local _has_to_show_permission_warning=0
2020 -
2021 - # Defaults to 1 to inform people doing a fresh installation
2022 - # that we ship modified {scgi,uwsgi,fastcgi}_params files
2023 - local _has_to_show_httpoxy_mitigation_notice=1
2024 -
2025 - local _replacing_version=
2026 - for _replacing_version in ${REPLACING_VERSIONS}; do
2027 - _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
2028 -
2029 - if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
2030 - # Should never happen:
2031 - # Package is abusing slots but doesn't allow multiple parallel installations.
2032 - # If we run into this situation it is unsafe to automatically adjust any
2033 - # permission...
2034 - _has_to_show_permission_warning=1
2035 -
2036 - ewarn "Replacing multiple ${PN}' versions is unsupported! " \
2037 - "You will have to adjust permissions on your own."
2038 -
2039 - break
2040 - fi
2041 -
2042 - local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
2043 - debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
2044 -
2045 - # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
2046 - # This was before we introduced multiple nginx versions so we
2047 - # do not need to distinguish between stable and mainline
2048 - local _need_to_fix_CVE2013_0337=1
2049 -
2050 - if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
2051 - # We are updating an installation which should already be fixed
2052 - _need_to_fix_CVE2013_0337=0
2053 - debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
2054 - else
2055 - _has_to_adjust_permissions=1
2056 - debug-print "Need to adjust permissions to fix CVE-2013-0337!"
2057 - fi
2058 -
2059 - # Do we need to inform about HTTPoxy mitigation?
2060 - # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
2061 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
2062 - # Updating from <1.10
2063 - _has_to_show_httpoxy_mitigation_notice=1
2064 - debug-print "Need to inform about HTTPoxy mitigation!"
2065 - else
2066 - # Updating from >=1.10
2067 - local _fixed_in_pvr=
2068 - case "${_replacing_version_branch}" in
2069 - "1.10")
2070 - _fixed_in_pvr="1.10.1-r2"
2071 - ;;
2072 - "1.11")
2073 - _fixed_in_pvr="1.11.3-r1"
2074 - ;;
2075 - *)
2076 - # This should be any future branch.
2077 - # If we run this code it is safe to assume that the user has
2078 - # already seen the HTTPoxy mitigation notice because he/she is doing
2079 - # an update from previous version where we have already shown
2080 - # the warning. Otherwise, we wouldn't hit this code path ...
2081 - _fixed_in_pvr=
2082 - esac
2083 -
2084 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
2085 - # We are updating an installation where we already informed
2086 - # that we are mitigating HTTPoxy per default
2087 - _has_to_show_httpoxy_mitigation_notice=0
2088 - debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
2089 - else
2090 - _has_to_show_httpoxy_mitigation_notice=1
2091 - debug-print "Need to inform about HTTPoxy mitigation!"
2092 - fi
2093 - fi
2094 -
2095 - # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
2096 - # All branches up to 1.11 are affected
2097 - local _need_to_fix_CVE2016_1247=1
2098 -
2099 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
2100 - # Updating from <1.10
2101 - _has_to_adjust_permissions=1
2102 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
2103 - else
2104 - # Updating from >=1.10
2105 - local _fixed_in_pvr=
2106 - case "${_replacing_version_branch}" in
2107 - "1.10")
2108 - _fixed_in_pvr="1.10.2-r3"
2109 - ;;
2110 - "1.11")
2111 - _fixed_in_pvr="1.11.6-r1"
2112 - ;;
2113 - *)
2114 - # This should be any future branch.
2115 - # If we run this code it is safe to assume that we have already
2116 - # adjusted permissions or were never affected because user is
2117 - # doing an update from previous version which was safe or did
2118 - # the adjustments. Otherwise, we wouldn't hit this code path ...
2119 - _fixed_in_pvr=
2120 - esac
2121 -
2122 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
2123 - # We are updating an installation which should already be adjusted
2124 - # or which was never affected
2125 - _need_to_fix_CVE2016_1247=0
2126 - debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
2127 - else
2128 - _has_to_adjust_permissions=1
2129 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
2130 - fi
2131 - fi
2132 - done
2133 -
2134 - if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
2135 - # We do not DIE when chmod/chown commands are failing because
2136 - # package is already merged on user's system at this stage
2137 - # and we cannot retry without losing the information that
2138 - # the existing installation needs to adjust permissions.
2139 - # Instead we are going to a show a big warning ...
2140 -
2141 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
2142 - ewarn ""
2143 - ewarn "The world-readable bit (if set) has been removed from the"
2144 - ewarn "following directories to mitigate a security bug"
2145 - ewarn "(CVE-2013-0337, bug #458726):"
2146 - ewarn ""
2147 - ewarn " ${EPREFIX%/}/var/log/nginx"
2148 - ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
2149 - ewarn ""
2150 - ewarn "Check if this is correct for your setup before restarting nginx!"
2151 - ewarn "This is a one-time change and will not happen on subsequent updates."
2152 - ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
2153 - chmod o-rwx \
2154 - "${EPREFIX%/}"/var/log/nginx \
2155 - "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
2156 - _has_to_show_permission_warning=1
2157 - fi
2158 -
2159 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
2160 - ewarn ""
2161 - ewarn "The permissions on the following directory have been reset in"
2162 - ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
2163 - ewarn ""
2164 - ewarn " ${EPREFIX%/}/var/log/nginx"
2165 - ewarn ""
2166 - ewarn "Check if this is correct for your setup before restarting nginx!"
2167 - ewarn "Also ensure that no other log directory used by any of your"
2168 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
2169 - ewarn "used by nginx can be abused to escalate privileges!"
2170 - ewarn "This is a one-time change and will not happen on subsequent updates."
2171 - chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
2172 - chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
2173 - fi
2174 -
2175 - if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
2176 - # Should never happen ...
2177 - ewarn ""
2178 - ewarn "*************************************************************"
2179 - ewarn "*************** W A R N I N G ***************"
2180 - ewarn "*************************************************************"
2181 - ewarn "The one-time only attempt to adjust permissions of the"
2182 - ewarn "existing nginx installation failed. Be aware that we will not"
2183 - ewarn "try to adjust the same permissions again because now you are"
2184 - ewarn "using a nginx version where we expect that the permissions"
2185 - ewarn "are already adjusted or that you know what you are doing and"
2186 - ewarn "want to keep custom permissions."
2187 - ewarn ""
2188 - fi
2189 - fi
2190 -
2191 - # Sanity check for CVE-2016-1247
2192 - # Required to warn users who received the warning above and thought
2193 - # they could fix it by unmerging and re-merging the package or have
2194 - # unmerged a affected installation on purpose in the past leaving
2195 - # /var/log/nginx on their system due to keepdir/non-empty folder
2196 - # and are now installing the package again.
2197 - local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
2198 - su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
2199 - if [ $? -eq 0 ] ; then
2200 - # Cleanup -- no reason to die here!
2201 - rm -f "${_sanity_check_testfile}"
2202 -
2203 - ewarn ""
2204 - ewarn "*************************************************************"
2205 - ewarn "*************** W A R N I N G ***************"
2206 - ewarn "*************************************************************"
2207 - ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
2208 - ewarn "(bug #605008) because nginx user is able to create files in"
2209 - ewarn ""
2210 - ewarn " ${EPREFIX%/}/var/log/nginx"
2211 - ewarn ""
2212 - ewarn "Also ensure that no other log directory used by any of your"
2213 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
2214 - ewarn "used by nginx can be abused to escalate privileges!"
2215 - fi
2216 -
2217 - if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
2218 - # HTTPoxy mitigation
2219 - ewarn ""
2220 - ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
2221 - ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
2222 - ewarn "the HTTP_PROXY parameter to an empty string per default when you"
2223 - ewarn "are sourcing one of the default"
2224 - ewarn ""
2225 - ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
2226 - ewarn " - 'scgi_params'"
2227 - ewarn " - 'uwsgi_params'"
2228 - ewarn ""
2229 - ewarn "files in your server block(s)."
2230 - ewarn ""
2231 - ewarn "If this is causing any problems for you make sure that you are sourcing the"
2232 - ewarn "default parameters _before_ you set your own values."
2233 - ewarn "If you are relying on user-supplied proxy values you have to remove the"
2234 - ewarn "correlating lines from the file(s) mentioned above."
2235 - ewarn ""
2236 - fi
2237 -}
2238
2239 diff --git a/www-servers/nginx/nginx-1.17.1.ebuild b/www-servers/nginx/nginx-1.17.1.ebuild
2240 deleted file mode 100644
2241 index 57e48d2bc60..00000000000
2242 --- a/www-servers/nginx/nginx-1.17.1.ebuild
2243 +++ /dev/null
2244 @@ -1,1089 +0,0 @@
2245 -# Copyright 1999-2019 Gentoo Authors
2246 -# Distributed under the terms of the GNU General Public License v2
2247 -
2248 -EAPI="6"
2249 -
2250 -# Maintainer notes:
2251 -# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
2252 -# - any http-module activates the main http-functionality and overrides USE=-http
2253 -# - keep the following requirements in mind before adding external modules:
2254 -# * alive upstream
2255 -# * sane packaging
2256 -# * builds cleanly
2257 -# * does not need a patch for nginx core
2258 -# - TODO: test the google-perftools module (included in vanilla tarball)
2259 -
2260 -# prevent perl-module from adding automagic perl DEPENDs
2261 -GENTOO_DEPEND_ON_PERL="no"
2262 -
2263 -# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
2264 -DEVEL_KIT_MODULE_PV="0.3.0"
2265 -DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
2266 -DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
2267 -DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
2268 -
2269 -# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
2270 -HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
2271 -HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
2272 -HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
2273 -HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
2274 -
2275 -# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
2276 -HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
2277 -HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
2278 -HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
2279 -HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
2280 -
2281 -# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
2282 -HTTP_HEADERS_MORE_MODULE_PV="0.33"
2283 -HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
2284 -HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
2285 -HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
2286 -
2287 -# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
2288 -HTTP_CACHE_PURGE_MODULE_PV="2.3"
2289 -HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
2290 -HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
2291 -HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
2292 -
2293 -# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
2294 -HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
2295 -HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
2296 -HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
2297 -HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
2298 -
2299 -# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
2300 -HTTP_FANCYINDEX_MODULE_PV="0.4.3"
2301 -HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
2302 -HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
2303 -HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
2304 -
2305 -# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
2306 -HTTP_LUA_MODULE_PV="0.10.15"
2307 -HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
2308 -HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
2309 -HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
2310 -
2311 -# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
2312 -HTTP_AUTH_PAM_MODULE_PV="1.5.1"
2313 -HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
2314 -HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
2315 -HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
2316 -
2317 -# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
2318 -HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
2319 -HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
2320 -HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
2321 -HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
2322 -
2323 -# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
2324 -HTTP_METRICS_MODULE_PV="0.1.1"
2325 -HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
2326 -HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
2327 -HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
2328 -
2329 -# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
2330 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
2331 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
2332 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
2333 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
2334 -
2335 -# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
2336 -HTTP_NAXSI_MODULE_PV="0.56"
2337 -HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
2338 -HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
2339 -HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
2340 -
2341 -# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
2342 -RTMP_MODULE_PV="1.2.1"
2343 -RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
2344 -RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
2345 -RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
2346 -
2347 -# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
2348 -HTTP_DAV_EXT_MODULE_PV="3.0.0"
2349 -HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
2350 -HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
2351 -HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
2352 -
2353 -# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
2354 -HTTP_ECHO_MODULE_PV="0.61"
2355 -HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
2356 -HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
2357 -HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
2358 -
2359 -# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
2360 -# keep the MODULE_P here consistent with upstream to avoid tarball duplication
2361 -HTTP_SECURITY_MODULE_PV="2.9.3"
2362 -HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
2363 -HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
2364 -HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
2365 -
2366 -# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
2367 -HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
2368 -HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
2369 -HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
2370 -HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
2371 -
2372 -# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
2373 -HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
2374 -HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
2375 -HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
2376 -HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
2377 -
2378 -# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
2379 -HTTP_MOGILEFS_MODULE_PV="1.0.4"
2380 -HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
2381 -HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
2382 -HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
2383 -
2384 -# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
2385 -HTTP_MEMC_MODULE_PV="0.19"
2386 -HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
2387 -HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
2388 -HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
2389 -
2390 -# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
2391 -HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
2392 -HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
2393 -HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
2394 -HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
2395 -
2396 -# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
2397 -GEOIP2_MODULE_PV="3.2"
2398 -GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
2399 -GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
2400 -GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
2401 -
2402 -# njs-module (https://github.com/nginx/njs, as-is)
2403 -NJS_MODULE_PV="0.3.3"
2404 -NJS_MODULE_P="njs-${NJS_MODULE_PV}"
2405 -NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
2406 -NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
2407 -
2408 -# We handle deps below ourselves
2409 -SSL_DEPS_SKIP=1
2410 -AUTOTOOLS_AUTO_DEPEND="no"
2411 -
2412 -inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
2413 -
2414 -DESCRIPTION="Robust, small and high performance http and reverse proxy server"
2415 -HOMEPAGE="https://nginx.org"
2416 -SRC_URI="https://nginx.org/download/${P}.tar.gz
2417 - ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
2418 - nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
2419 - nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
2420 - nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
2421 - nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
2422 - nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
2423 - nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
2424 - nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
2425 - nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
2426 - nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
2427 - nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
2428 - nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
2429 - nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
2430 - nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
2431 - nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
2432 - nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
2433 - nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
2434 - nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
2435 - nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
2436 - nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
2437 - nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
2438 - nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
2439 - nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
2440 - nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
2441 - nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
2442 - rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
2443 -
2444 -LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
2445 - nginx_modules_http_security? ( Apache-2.0 )
2446 - nginx_modules_http_push_stream? ( GPL-3 )"
2447 -
2448 -SLOT="mainline"
2449 -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
2450 -
2451 -# Package doesn't provide a real test suite
2452 -RESTRICT="test"
2453 -
2454 -NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
2455 - fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
2456 - proxy referer rewrite scgi ssi split_clients upstream_hash
2457 - upstream_ip_hash upstream_keepalive upstream_least_conn
2458 - upstream_zone userid uwsgi"
2459 -NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
2460 - gzip_static image_filter mp4 perl random_index realip secure_link
2461 - slice stub_status sub xslt"
2462 -NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
2463 - upstream_hash upstream_least_conn upstream_zone"
2464 -NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
2465 -NGINX_MODULES_MAIL="imap pop3 smtp"
2466 -NGINX_MODULES_3RD="
2467 - http_auth_ldap
2468 - http_auth_pam
2469 - http_brotli
2470 - http_cache_purge
2471 - http_dav_ext
2472 - http_echo
2473 - http_fancyindex
2474 - http_geoip2
2475 - http_headers_more
2476 - http_javascript
2477 - http_lua
2478 - http_memc
2479 - http_metrics
2480 - http_mogilefs
2481 - http_naxsi
2482 - http_push_stream
2483 - http_security
2484 - http_slowfs_cache
2485 - http_sticky
2486 - http_upload_progress
2487 - http_upstream_check
2488 - http_vhost_traffic_status
2489 - stream_geoip2
2490 - stream_javascript
2491 -"
2492 -
2493 -IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
2494 - pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
2495 -
2496 -for mod in $NGINX_MODULES_STD; do
2497 - IUSE="${IUSE} +nginx_modules_http_${mod}"
2498 -done
2499 -
2500 -for mod in $NGINX_MODULES_OPT; do
2501 - IUSE="${IUSE} nginx_modules_http_${mod}"
2502 -done
2503 -
2504 -for mod in $NGINX_MODULES_STREAM_STD; do
2505 - IUSE="${IUSE} nginx_modules_stream_${mod}"
2506 -done
2507 -
2508 -for mod in $NGINX_MODULES_STREAM_OPT; do
2509 - IUSE="${IUSE} nginx_modules_stream_${mod}"
2510 -done
2511 -
2512 -for mod in $NGINX_MODULES_MAIL; do
2513 - IUSE="${IUSE} nginx_modules_mail_${mod}"
2514 -done
2515 -
2516 -for mod in $NGINX_MODULES_3RD; do
2517 - IUSE="${IUSE} nginx_modules_${mod}"
2518 -done
2519 -
2520 -# Add so we can warn users updating about config changes
2521 -# @TODO: jbergstroem: remove on next release series
2522 -IUSE="${IUSE} nginx_modules_http_spdy"
2523 -
2524 -CDEPEND="
2525 - pcre? ( dev-libs/libpcre:= )
2526 - pcre-jit? ( dev-libs/libpcre:=[jit] )
2527 - ssl? (
2528 - !libressl? ( dev-libs/openssl:0= )
2529 - libressl? ( dev-libs/libressl:= )
2530 - )
2531 - http2? (
2532 - !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
2533 - libressl? ( dev-libs/libressl:= )
2534 - )
2535 - http-cache? (
2536 - userland_GNU? (
2537 - !libressl? ( dev-libs/openssl:0= )
2538 - libressl? ( dev-libs/libressl:= )
2539 - )
2540 - )
2541 - nginx_modules_http_brotli? ( app-arch/brotli:= )
2542 - nginx_modules_http_geoip? ( dev-libs/geoip )
2543 - nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
2544 - nginx_modules_http_gunzip? ( sys-libs/zlib )
2545 - nginx_modules_http_gzip? ( sys-libs/zlib )
2546 - nginx_modules_http_gzip_static? ( sys-libs/zlib )
2547 - nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
2548 - nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
2549 - nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
2550 - nginx_modules_http_secure_link? (
2551 - userland_GNU? (
2552 - !libressl? ( dev-libs/openssl:0= )
2553 - libressl? ( dev-libs/libressl:= )
2554 - )
2555 - )
2556 - nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
2557 - nginx_modules_http_lua? ( dev-lang/luajit:2= )
2558 - nginx_modules_http_auth_pam? ( virtual/pam )
2559 - nginx_modules_http_metrics? ( dev-libs/yajl:= )
2560 - nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
2561 - nginx_modules_http_security? (
2562 - dev-libs/apr:=
2563 - dev-libs/apr-util:=
2564 - dev-libs/libxml2:=
2565 - net-misc/curl
2566 - www-servers/apache
2567 - )
2568 - nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
2569 - nginx_modules_stream_geoip? ( dev-libs/geoip )
2570 - nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
2571 -RDEPEND="${CDEPEND}
2572 - selinux? ( sec-policy/selinux-nginx )
2573 - !www-servers/nginx:0"
2574 -DEPEND="${CDEPEND}
2575 - nginx_modules_http_brotli? ( virtual/pkgconfig )
2576 - nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
2577 - arm? ( dev-libs/libatomic_ops )
2578 - libatomic? ( dev-libs/libatomic_ops )"
2579 -PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
2580 -
2581 -REQUIRED_USE="pcre-jit? ( pcre )
2582 - nginx_modules_http_grpc? ( http2 )
2583 - nginx_modules_http_lua? (
2584 - luajit
2585 - nginx_modules_http_rewrite
2586 - )
2587 - nginx_modules_http_naxsi? ( pcre )
2588 - nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
2589 - nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
2590 - nginx_modules_http_security? ( pcre )
2591 - nginx_modules_http_push_stream? ( ssl )"
2592 -
2593 -pkg_setup() {
2594 - NGINX_HOME="/var/lib/nginx"
2595 - NGINX_HOME_TMP="${NGINX_HOME}/tmp"
2596 -
2597 - ebegin "Creating nginx user and group"
2598 - enewgroup ${PN}
2599 - enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
2600 - eend $?
2601 -
2602 - if use libatomic; then
2603 - ewarn "GCC 4.1+ features built-in atomic operations."
2604 - ewarn "Using libatomic_ops is only needed if using"
2605 - ewarn "a different compiler or a GCC prior to 4.1"
2606 - fi
2607 -
2608 - if [[ -n $NGINX_ADD_MODULES ]]; then
2609 - ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
2610 - ewarn "This nginx installation is not supported!"
2611 - ewarn "Make sure you can reproduce the bug without those modules"
2612 - ewarn "_before_ reporting bugs."
2613 - fi
2614 -
2615 - if use !http; then
2616 - ewarn "To actually disable all http-functionality you also have to disable"
2617 - ewarn "all nginx http modules."
2618 - fi
2619 -
2620 - if use nginx_modules_http_mogilefs && use threads; then
2621 - eerror "mogilefs won't compile with threads support."
2622 - eerror "Please disable either flag and try again."
2623 - die "Can't compile mogilefs with threads support"
2624 - fi
2625 -}
2626 -
2627 -src_prepare() {
2628 - eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
2629 - eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
2630 -
2631 - if use nginx_modules_http_auth_pam; then
2632 - cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
2633 - eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
2634 - cd "${S}" || die
2635 - fi
2636 -
2637 - if use nginx_modules_http_brotli; then
2638 - cd "${HTTP_BROTLI_MODULE_WD}" || die
2639 - eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
2640 - cd "${S}" || die
2641 - fi
2642 -
2643 - if use nginx_modules_http_upstream_check; then
2644 - eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
2645 - fi
2646 -
2647 - if use nginx_modules_http_cache_purge; then
2648 - cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
2649 - eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
2650 - cd "${S}" || die
2651 - fi
2652 -
2653 - if use nginx_modules_http_security; then
2654 - cd "${HTTP_SECURITY_MODULE_WD}" || die
2655 -
2656 - eautoreconf
2657 -
2658 - if use luajit ; then
2659 - sed -i \
2660 - -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
2661 - configure || die
2662 - fi
2663 -
2664 - cd "${S}" || die
2665 - fi
2666 -
2667 - if use nginx_modules_http_upload_progress; then
2668 - cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
2669 - eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
2670 - cd "${S}" || die
2671 - fi
2672 -
2673 - find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
2674 - # We have config protection, don't rename etc files
2675 - sed -i 's:.default::' auto/install || die
2676 - # remove useless files
2677 - sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
2678 -
2679 - # don't install to /etc/nginx/ if not in use
2680 - local module
2681 - for module in fastcgi scgi uwsgi ; do
2682 - if ! use nginx_modules_http_${module}; then
2683 - sed -i -e "/${module}/d" auto/install || die
2684 - fi
2685 - done
2686 -
2687 - eapply_user
2688 -}
2689 -
2690 -src_configure() {
2691 - # mod_security needs to generate nginx/modsecurity/config before including it
2692 - if use nginx_modules_http_security; then
2693 - cd "${HTTP_SECURITY_MODULE_WD}" || die
2694 -
2695 - ./configure \
2696 - --enable-standalone-module \
2697 - --disable-mlogc \
2698 - --with-ssdeep=no \
2699 - $(use_enable pcre-jit) \
2700 - $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
2701 -
2702 - cd "${S}" || die
2703 - fi
2704 -
2705 - local myconf=() http_enabled= mail_enabled= stream_enabled=
2706 -
2707 - use aio && myconf+=( --with-file-aio )
2708 - use debug && myconf+=( --with-debug )
2709 - use http2 && myconf+=( --with-http_v2_module )
2710 - use libatomic && myconf+=( --with-libatomic )
2711 - use pcre && myconf+=( --with-pcre )
2712 - use pcre-jit && myconf+=( --with-pcre-jit )
2713 - use threads && myconf+=( --with-threads )
2714 -
2715 - # HTTP modules
2716 - for mod in $NGINX_MODULES_STD; do
2717 - if use nginx_modules_http_${mod}; then
2718 - http_enabled=1
2719 - else
2720 - myconf+=( --without-http_${mod}_module )
2721 - fi
2722 - done
2723 -
2724 - for mod in $NGINX_MODULES_OPT; do
2725 - if use nginx_modules_http_${mod}; then
2726 - http_enabled=1
2727 - myconf+=( --with-http_${mod}_module )
2728 - fi
2729 - done
2730 -
2731 - if use nginx_modules_http_fastcgi; then
2732 - myconf+=( --with-http_realip_module )
2733 - fi
2734 -
2735 - # third-party modules
2736 - if use nginx_modules_http_upload_progress; then
2737 - http_enabled=1
2738 - myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
2739 - fi
2740 -
2741 - if use nginx_modules_http_headers_more; then
2742 - http_enabled=1
2743 - myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
2744 - fi
2745 -
2746 - if use nginx_modules_http_cache_purge; then
2747 - http_enabled=1
2748 - myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
2749 - fi
2750 -
2751 - if use nginx_modules_http_slowfs_cache; then
2752 - http_enabled=1
2753 - myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
2754 - fi
2755 -
2756 - if use nginx_modules_http_fancyindex; then
2757 - http_enabled=1
2758 - myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
2759 - fi
2760 -
2761 - if use nginx_modules_http_lua; then
2762 - http_enabled=1
2763 - export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
2764 - export LUAJIT_INC=$(pkg-config --variable includedir luajit)
2765 - myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
2766 - myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
2767 - fi
2768 -
2769 - if use nginx_modules_http_auth_pam; then
2770 - http_enabled=1
2771 - myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
2772 - fi
2773 -
2774 - if use nginx_modules_http_upstream_check; then
2775 - http_enabled=1
2776 - myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
2777 - fi
2778 -
2779 - if use nginx_modules_http_metrics; then
2780 - http_enabled=1
2781 - myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
2782 - fi
2783 -
2784 - if use nginx_modules_http_naxsi ; then
2785 - http_enabled=1
2786 - myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
2787 - fi
2788 -
2789 - if use rtmp ; then
2790 - http_enabled=1
2791 - myconf+=( --add-module=${RTMP_MODULE_WD} )
2792 - fi
2793 -
2794 - if use nginx_modules_http_dav_ext ; then
2795 - http_enabled=1
2796 - myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
2797 - fi
2798 -
2799 - if use nginx_modules_http_echo ; then
2800 - http_enabled=1
2801 - myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
2802 - fi
2803 -
2804 - if use nginx_modules_http_security ; then
2805 - http_enabled=1
2806 - myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
2807 - fi
2808 -
2809 - if use nginx_modules_http_push_stream ; then
2810 - http_enabled=1
2811 - myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
2812 - fi
2813 -
2814 - if use nginx_modules_http_sticky ; then
2815 - http_enabled=1
2816 - myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
2817 - fi
2818 -
2819 - if use nginx_modules_http_mogilefs ; then
2820 - http_enabled=1
2821 - myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
2822 - fi
2823 -
2824 - if use nginx_modules_http_memc ; then
2825 - http_enabled=1
2826 - myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
2827 - fi
2828 -
2829 - if use nginx_modules_http_auth_ldap; then
2830 - http_enabled=1
2831 - myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
2832 - fi
2833 -
2834 - if use nginx_modules_http_vhost_traffic_status; then
2835 - http_enabled=1
2836 - myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
2837 - fi
2838 -
2839 - if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
2840 - myconf+=( --add-module=${GEOIP2_MODULE_WD} )
2841 - fi
2842 -
2843 - if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
2844 - myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
2845 - fi
2846 -
2847 - if use nginx_modules_http_brotli; then
2848 - http_enabled=1
2849 - myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
2850 - fi
2851 -
2852 - if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
2853 - http_enabled=1
2854 - fi
2855 -
2856 - if [ $http_enabled ]; then
2857 - use http-cache || myconf+=( --without-http-cache )
2858 - use ssl && myconf+=( --with-http_ssl_module )
2859 - else
2860 - myconf+=( --without-http --without-http-cache )
2861 - fi
2862 -
2863 - # Stream modules
2864 - for mod in $NGINX_MODULES_STREAM_STD; do
2865 - if use nginx_modules_stream_${mod}; then
2866 - stream_enabled=1
2867 - else
2868 - myconf+=( --without-stream_${mod}_module )
2869 - fi
2870 - done
2871 -
2872 - for mod in $NGINX_MODULES_STREAM_OPT; do
2873 - if use nginx_modules_stream_${mod}; then
2874 - stream_enabled=1
2875 - myconf+=( --with-stream_${mod}_module )
2876 - fi
2877 - done
2878 -
2879 - if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
2880 - stream_enabled=1
2881 - fi
2882 -
2883 - if [ $stream_enabled ]; then
2884 - myconf+=( --with-stream )
2885 - use ssl && myconf+=( --with-stream_ssl_module )
2886 - fi
2887 -
2888 - # MAIL modules
2889 - for mod in $NGINX_MODULES_MAIL; do
2890 - if use nginx_modules_mail_${mod}; then
2891 - mail_enabled=1
2892 - else
2893 - myconf+=( --without-mail_${mod}_module )
2894 - fi
2895 - done
2896 -
2897 - if [ $mail_enabled ]; then
2898 - myconf+=( --with-mail )
2899 - use ssl && myconf+=( --with-mail_ssl_module )
2900 - fi
2901 -
2902 - # custom modules
2903 - for mod in $NGINX_ADD_MODULES; do
2904 - myconf+=( --add-module=${mod} )
2905 - done
2906 -
2907 - # https://bugs.gentoo.org/286772
2908 - export LANG=C LC_ALL=C
2909 - tc-export CC
2910 -
2911 - if ! use prefix; then
2912 - myconf+=( --user=${PN} )
2913 - myconf+=( --group=${PN} )
2914 - fi
2915 -
2916 - local WITHOUT_IPV6=
2917 - if ! use ipv6; then
2918 - WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
2919 - fi
2920 -
2921 - if [[ -n "${EXTRA_ECONF}" ]]; then
2922 - myconf+=( ${EXTRA_ECONF} )
2923 - ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
2924 - fi
2925 -
2926 - ./configure \
2927 - --prefix="${EPREFIX}"/usr \
2928 - --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
2929 - --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
2930 - --pid-path="${EPREFIX}"/run/${PN}.pid \
2931 - --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
2932 - --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
2933 - --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
2934 - --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
2935 - --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
2936 - --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
2937 - --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
2938 - --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
2939 - --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
2940 - --with-compat \
2941 - "${myconf[@]}" || die "configure failed"
2942 -
2943 - # A purely cosmetic change that makes nginx -V more readable. This can be
2944 - # good if people outside the gentoo community would troubleshoot and
2945 - # question the users setup.
2946 - sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
2947 -}
2948 -
2949 -src_compile() {
2950 - use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
2951 -
2952 - # https://bugs.gentoo.org/286772
2953 - export LANG=C LC_ALL=C
2954 - emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
2955 -}
2956 -
2957 -src_install() {
2958 - emake DESTDIR="${D%/}" install
2959 -
2960 - cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
2961 -
2962 - newinitd "${FILESDIR}"/nginx.initd-r4 nginx
2963 - newconfd "${FILESDIR}"/nginx.confd nginx
2964 -
2965 - systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
2966 -
2967 - doman man/nginx.8
2968 - dodoc CHANGES* README
2969 -
2970 - # just keepdir. do not copy the default htdocs files (bug #449136)
2971 - keepdir /var/www/localhost
2972 - rm -rf "${D}"usr/html || die
2973 -
2974 - # set up a list of directories to keep
2975 - local keepdir_list="${NGINX_HOME_TMP}"/client
2976 - local module
2977 - for module in proxy fastcgi scgi uwsgi; do
2978 - use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
2979 - done
2980 -
2981 - keepdir /var/log/nginx ${keepdir_list}
2982 -
2983 - # this solves a problem with SELinux where nginx doesn't see the directories
2984 - # as root and tries to create them as nginx
2985 - fperms 0750 "${NGINX_HOME_TMP}"
2986 - fowners ${PN}:0 "${NGINX_HOME_TMP}"
2987 -
2988 - fperms 0700 ${keepdir_list}
2989 - fowners ${PN}:${PN} ${keepdir_list}
2990 -
2991 - fperms 0710 /var/log/nginx
2992 - fowners 0:${PN} /var/log/nginx
2993 -
2994 - # logrotate
2995 - insinto /etc/logrotate.d
2996 - newins "${FILESDIR}"/nginx.logrotate-r1 nginx
2997 -
2998 - if use luajit; then
2999 - pax-mark m "${ED%/}/usr/sbin/nginx"
3000 - fi
3001 -
3002 - if use nginx_modules_http_perl; then
3003 - cd "${S}"/objs/src/http/modules/perl/ || die
3004 - emake DESTDIR="${D}" INSTALLDIRS=vendor
3005 - perl_delete_localpod
3006 - cd "${S}" || die
3007 - fi
3008 -
3009 - if use nginx_modules_http_cache_purge; then
3010 - docinto ${HTTP_CACHE_PURGE_MODULE_P}
3011 - dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
3012 - fi
3013 -
3014 - if use nginx_modules_http_slowfs_cache; then
3015 - docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
3016 - dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
3017 - fi
3018 -
3019 - if use nginx_modules_http_fancyindex; then
3020 - docinto ${HTTP_FANCYINDEX_MODULE_P}
3021 - dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
3022 - fi
3023 -
3024 - if use nginx_modules_http_lua; then
3025 - docinto ${HTTP_LUA_MODULE_P}
3026 - dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
3027 - fi
3028 -
3029 - if use nginx_modules_http_auth_pam; then
3030 - docinto ${HTTP_AUTH_PAM_MODULE_P}
3031 - dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
3032 - fi
3033 -
3034 - if use nginx_modules_http_upstream_check; then
3035 - docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
3036 - dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
3037 - fi
3038 -
3039 - if use nginx_modules_http_naxsi; then
3040 - insinto /etc/nginx
3041 - doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
3042 - fi
3043 -
3044 - if use rtmp; then
3045 - docinto ${RTMP_MODULE_P}
3046 - dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
3047 - fi
3048 -
3049 - if use nginx_modules_http_dav_ext; then
3050 - docinto ${HTTP_DAV_EXT_MODULE_P}
3051 - dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
3052 - fi
3053 -
3054 - if use nginx_modules_http_echo; then
3055 - docinto ${HTTP_ECHO_MODULE_P}
3056 - dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
3057 - fi
3058 -
3059 - if use nginx_modules_http_security; then
3060 - docinto ${HTTP_SECURITY_MODULE_P}
3061 - dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
3062 - fi
3063 -
3064 - if use nginx_modules_http_push_stream; then
3065 - docinto ${HTTP_PUSH_STREAM_MODULE_P}
3066 - dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
3067 - fi
3068 -
3069 - if use nginx_modules_http_sticky; then
3070 - docinto ${HTTP_STICKY_MODULE_P}
3071 - dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
3072 - fi
3073 -
3074 - if use nginx_modules_http_memc; then
3075 - docinto ${HTTP_MEMC_MODULE_P}
3076 - dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
3077 - fi
3078 -
3079 - if use nginx_modules_http_auth_ldap; then
3080 - docinto ${HTTP_LDAP_MODULE_P}
3081 - dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
3082 - fi
3083 -}
3084 -
3085 -pkg_postinst() {
3086 - if use ssl; then
3087 - if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
3088 - install_cert /etc/ssl/${PN}/${PN}
3089 - use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
3090 - fi
3091 - fi
3092 -
3093 - if use nginx_modules_http_spdy; then
3094 - ewarn ""
3095 - ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
3096 - ewarn "Update your configs and package.use accordingly."
3097 - fi
3098 -
3099 - if use nginx_modules_http_lua; then
3100 - ewarn ""
3101 - ewarn "While you can build lua 3rd party module against ${P}"
3102 - ewarn "the author warns that >=${PN}-1.11.11 is still not an"
3103 - ewarn "officially supported target yet. You are on your own."
3104 - ewarn "Expect runtime failures, memory leaks and other problems!"
3105 - fi
3106 -
3107 - if use nginx_modules_http_lua && use http2; then
3108 - ewarn ""
3109 - ewarn "Lua 3rd party module author warns against using ${P} with"
3110 - ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
3111 - fi
3112 -
3113 - local _n_permission_layout_checks=0
3114 - local _has_to_adjust_permissions=0
3115 - local _has_to_show_permission_warning=0
3116 -
3117 - # Defaults to 1 to inform people doing a fresh installation
3118 - # that we ship modified {scgi,uwsgi,fastcgi}_params files
3119 - local _has_to_show_httpoxy_mitigation_notice=1
3120 -
3121 - local _replacing_version=
3122 - for _replacing_version in ${REPLACING_VERSIONS}; do
3123 - _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
3124 -
3125 - if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
3126 - # Should never happen:
3127 - # Package is abusing slots but doesn't allow multiple parallel installations.
3128 - # If we run into this situation it is unsafe to automatically adjust any
3129 - # permission...
3130 - _has_to_show_permission_warning=1
3131 -
3132 - ewarn "Replacing multiple ${PN}' versions is unsupported! " \
3133 - "You will have to adjust permissions on your own."
3134 -
3135 - break
3136 - fi
3137 -
3138 - local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
3139 - debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
3140 -
3141 - # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
3142 - # This was before we introduced multiple nginx versions so we
3143 - # do not need to distinguish between stable and mainline
3144 - local _need_to_fix_CVE2013_0337=1
3145 -
3146 - if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
3147 - # We are updating an installation which should already be fixed
3148 - _need_to_fix_CVE2013_0337=0
3149 - debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
3150 - else
3151 - _has_to_adjust_permissions=1
3152 - debug-print "Need to adjust permissions to fix CVE-2013-0337!"
3153 - fi
3154 -
3155 - # Do we need to inform about HTTPoxy mitigation?
3156 - # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
3157 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
3158 - # Updating from <1.10
3159 - _has_to_show_httpoxy_mitigation_notice=1
3160 - debug-print "Need to inform about HTTPoxy mitigation!"
3161 - else
3162 - # Updating from >=1.10
3163 - local _fixed_in_pvr=
3164 - case "${_replacing_version_branch}" in
3165 - "1.10")
3166 - _fixed_in_pvr="1.10.1-r2"
3167 - ;;
3168 - "1.11")
3169 - _fixed_in_pvr="1.11.3-r1"
3170 - ;;
3171 - *)
3172 - # This should be any future branch.
3173 - # If we run this code it is safe to assume that the user has
3174 - # already seen the HTTPoxy mitigation notice because he/she is doing
3175 - # an update from previous version where we have already shown
3176 - # the warning. Otherwise, we wouldn't hit this code path ...
3177 - _fixed_in_pvr=
3178 - esac
3179 -
3180 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
3181 - # We are updating an installation where we already informed
3182 - # that we are mitigating HTTPoxy per default
3183 - _has_to_show_httpoxy_mitigation_notice=0
3184 - debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
3185 - else
3186 - _has_to_show_httpoxy_mitigation_notice=1
3187 - debug-print "Need to inform about HTTPoxy mitigation!"
3188 - fi
3189 - fi
3190 -
3191 - # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
3192 - # All branches up to 1.11 are affected
3193 - local _need_to_fix_CVE2016_1247=1
3194 -
3195 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
3196 - # Updating from <1.10
3197 - _has_to_adjust_permissions=1
3198 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
3199 - else
3200 - # Updating from >=1.10
3201 - local _fixed_in_pvr=
3202 - case "${_replacing_version_branch}" in
3203 - "1.10")
3204 - _fixed_in_pvr="1.10.2-r3"
3205 - ;;
3206 - "1.11")
3207 - _fixed_in_pvr="1.11.6-r1"
3208 - ;;
3209 - *)
3210 - # This should be any future branch.
3211 - # If we run this code it is safe to assume that we have already
3212 - # adjusted permissions or were never affected because user is
3213 - # doing an update from previous version which was safe or did
3214 - # the adjustments. Otherwise, we wouldn't hit this code path ...
3215 - _fixed_in_pvr=
3216 - esac
3217 -
3218 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
3219 - # We are updating an installation which should already be adjusted
3220 - # or which was never affected
3221 - _need_to_fix_CVE2016_1247=0
3222 - debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
3223 - else
3224 - _has_to_adjust_permissions=1
3225 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
3226 - fi
3227 - fi
3228 - done
3229 -
3230 - if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
3231 - # We do not DIE when chmod/chown commands are failing because
3232 - # package is already merged on user's system at this stage
3233 - # and we cannot retry without losing the information that
3234 - # the existing installation needs to adjust permissions.
3235 - # Instead we are going to a show a big warning ...
3236 -
3237 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
3238 - ewarn ""
3239 - ewarn "The world-readable bit (if set) has been removed from the"
3240 - ewarn "following directories to mitigate a security bug"
3241 - ewarn "(CVE-2013-0337, bug #458726):"
3242 - ewarn ""
3243 - ewarn " ${EPREFIX%/}/var/log/nginx"
3244 - ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
3245 - ewarn ""
3246 - ewarn "Check if this is correct for your setup before restarting nginx!"
3247 - ewarn "This is a one-time change and will not happen on subsequent updates."
3248 - ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
3249 - chmod o-rwx \
3250 - "${EPREFIX%/}"/var/log/nginx \
3251 - "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
3252 - _has_to_show_permission_warning=1
3253 - fi
3254 -
3255 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
3256 - ewarn ""
3257 - ewarn "The permissions on the following directory have been reset in"
3258 - ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
3259 - ewarn ""
3260 - ewarn " ${EPREFIX%/}/var/log/nginx"
3261 - ewarn ""
3262 - ewarn "Check if this is correct for your setup before restarting nginx!"
3263 - ewarn "Also ensure that no other log directory used by any of your"
3264 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
3265 - ewarn "used by nginx can be abused to escalate privileges!"
3266 - ewarn "This is a one-time change and will not happen on subsequent updates."
3267 - chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
3268 - chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
3269 - fi
3270 -
3271 - if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
3272 - # Should never happen ...
3273 - ewarn ""
3274 - ewarn "*************************************************************"
3275 - ewarn "*************** W A R N I N G ***************"
3276 - ewarn "*************************************************************"
3277 - ewarn "The one-time only attempt to adjust permissions of the"
3278 - ewarn "existing nginx installation failed. Be aware that we will not"
3279 - ewarn "try to adjust the same permissions again because now you are"
3280 - ewarn "using a nginx version where we expect that the permissions"
3281 - ewarn "are already adjusted or that you know what you are doing and"
3282 - ewarn "want to keep custom permissions."
3283 - ewarn ""
3284 - fi
3285 - fi
3286 -
3287 - # Sanity check for CVE-2016-1247
3288 - # Required to warn users who received the warning above and thought
3289 - # they could fix it by unmerging and re-merging the package or have
3290 - # unmerged a affected installation on purpose in the past leaving
3291 - # /var/log/nginx on their system due to keepdir/non-empty folder
3292 - # and are now installing the package again.
3293 - local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
3294 - su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
3295 - if [ $? -eq 0 ] ; then
3296 - # Cleanup -- no reason to die here!
3297 - rm -f "${_sanity_check_testfile}"
3298 -
3299 - ewarn ""
3300 - ewarn "*************************************************************"
3301 - ewarn "*************** W A R N I N G ***************"
3302 - ewarn "*************************************************************"
3303 - ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
3304 - ewarn "(bug #605008) because nginx user is able to create files in"
3305 - ewarn ""
3306 - ewarn " ${EPREFIX%/}/var/log/nginx"
3307 - ewarn ""
3308 - ewarn "Also ensure that no other log directory used by any of your"
3309 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
3310 - ewarn "used by nginx can be abused to escalate privileges!"
3311 - fi
3312 -
3313 - if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
3314 - # HTTPoxy mitigation
3315 - ewarn ""
3316 - ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
3317 - ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
3318 - ewarn "the HTTP_PROXY parameter to an empty string per default when you"
3319 - ewarn "are sourcing one of the default"
3320 - ewarn ""
3321 - ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
3322 - ewarn " - 'scgi_params'"
3323 - ewarn " - 'uwsgi_params'"
3324 - ewarn ""
3325 - ewarn "files in your server block(s)."
3326 - ewarn ""
3327 - ewarn "If this is causing any problems for you make sure that you are sourcing the"
3328 - ewarn "default parameters _before_ you set your own values."
3329 - ewarn "If you are relying on user-supplied proxy values you have to remove the"
3330 - ewarn "correlating lines from the file(s) mentioned above."
3331 - ewarn ""
3332 - fi
3333 -}
3334
3335 diff --git a/www-servers/nginx/nginx-1.17.2.ebuild b/www-servers/nginx/nginx-1.17.2.ebuild
3336 deleted file mode 100644
3337 index 57e48d2bc60..00000000000
3338 --- a/www-servers/nginx/nginx-1.17.2.ebuild
3339 +++ /dev/null
3340 @@ -1,1089 +0,0 @@
3341 -# Copyright 1999-2019 Gentoo Authors
3342 -# Distributed under the terms of the GNU General Public License v2
3343 -
3344 -EAPI="6"
3345 -
3346 -# Maintainer notes:
3347 -# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
3348 -# - any http-module activates the main http-functionality and overrides USE=-http
3349 -# - keep the following requirements in mind before adding external modules:
3350 -# * alive upstream
3351 -# * sane packaging
3352 -# * builds cleanly
3353 -# * does not need a patch for nginx core
3354 -# - TODO: test the google-perftools module (included in vanilla tarball)
3355 -
3356 -# prevent perl-module from adding automagic perl DEPENDs
3357 -GENTOO_DEPEND_ON_PERL="no"
3358 -
3359 -# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
3360 -DEVEL_KIT_MODULE_PV="0.3.0"
3361 -DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
3362 -DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
3363 -DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
3364 -
3365 -# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
3366 -HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
3367 -HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
3368 -HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
3369 -HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
3370 -
3371 -# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
3372 -HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
3373 -HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
3374 -HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
3375 -HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
3376 -
3377 -# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
3378 -HTTP_HEADERS_MORE_MODULE_PV="0.33"
3379 -HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
3380 -HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
3381 -HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
3382 -
3383 -# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
3384 -HTTP_CACHE_PURGE_MODULE_PV="2.3"
3385 -HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
3386 -HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
3387 -HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
3388 -
3389 -# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
3390 -HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
3391 -HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
3392 -HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
3393 -HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
3394 -
3395 -# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
3396 -HTTP_FANCYINDEX_MODULE_PV="0.4.3"
3397 -HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
3398 -HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
3399 -HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
3400 -
3401 -# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
3402 -HTTP_LUA_MODULE_PV="0.10.15"
3403 -HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
3404 -HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
3405 -HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
3406 -
3407 -# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
3408 -HTTP_AUTH_PAM_MODULE_PV="1.5.1"
3409 -HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
3410 -HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
3411 -HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
3412 -
3413 -# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
3414 -HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
3415 -HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
3416 -HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
3417 -HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
3418 -
3419 -# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
3420 -HTTP_METRICS_MODULE_PV="0.1.1"
3421 -HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
3422 -HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
3423 -HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
3424 -
3425 -# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
3426 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
3427 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
3428 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
3429 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
3430 -
3431 -# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
3432 -HTTP_NAXSI_MODULE_PV="0.56"
3433 -HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
3434 -HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
3435 -HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
3436 -
3437 -# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
3438 -RTMP_MODULE_PV="1.2.1"
3439 -RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
3440 -RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
3441 -RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
3442 -
3443 -# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
3444 -HTTP_DAV_EXT_MODULE_PV="3.0.0"
3445 -HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
3446 -HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
3447 -HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
3448 -
3449 -# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
3450 -HTTP_ECHO_MODULE_PV="0.61"
3451 -HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
3452 -HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
3453 -HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
3454 -
3455 -# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
3456 -# keep the MODULE_P here consistent with upstream to avoid tarball duplication
3457 -HTTP_SECURITY_MODULE_PV="2.9.3"
3458 -HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
3459 -HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
3460 -HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
3461 -
3462 -# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
3463 -HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
3464 -HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
3465 -HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
3466 -HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
3467 -
3468 -# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
3469 -HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
3470 -HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
3471 -HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
3472 -HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
3473 -
3474 -# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
3475 -HTTP_MOGILEFS_MODULE_PV="1.0.4"
3476 -HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
3477 -HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
3478 -HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
3479 -
3480 -# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
3481 -HTTP_MEMC_MODULE_PV="0.19"
3482 -HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
3483 -HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
3484 -HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
3485 -
3486 -# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
3487 -HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
3488 -HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
3489 -HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
3490 -HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
3491 -
3492 -# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
3493 -GEOIP2_MODULE_PV="3.2"
3494 -GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
3495 -GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
3496 -GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
3497 -
3498 -# njs-module (https://github.com/nginx/njs, as-is)
3499 -NJS_MODULE_PV="0.3.3"
3500 -NJS_MODULE_P="njs-${NJS_MODULE_PV}"
3501 -NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
3502 -NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
3503 -
3504 -# We handle deps below ourselves
3505 -SSL_DEPS_SKIP=1
3506 -AUTOTOOLS_AUTO_DEPEND="no"
3507 -
3508 -inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib pax-utils
3509 -
3510 -DESCRIPTION="Robust, small and high performance http and reverse proxy server"
3511 -HOMEPAGE="https://nginx.org"
3512 -SRC_URI="https://nginx.org/download/${P}.tar.gz
3513 - ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
3514 - nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
3515 - nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
3516 - nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
3517 - nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
3518 - nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
3519 - nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
3520 - nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
3521 - nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
3522 - nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
3523 - nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
3524 - nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
3525 - nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
3526 - nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
3527 - nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
3528 - nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
3529 - nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
3530 - nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
3531 - nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
3532 - nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
3533 - nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
3534 - nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
3535 - nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
3536 - nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
3537 - nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
3538 - rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
3539 -
3540 -LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
3541 - nginx_modules_http_security? ( Apache-2.0 )
3542 - nginx_modules_http_push_stream? ( GPL-3 )"
3543 -
3544 -SLOT="mainline"
3545 -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
3546 -
3547 -# Package doesn't provide a real test suite
3548 -RESTRICT="test"
3549 -
3550 -NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
3551 - fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
3552 - proxy referer rewrite scgi ssi split_clients upstream_hash
3553 - upstream_ip_hash upstream_keepalive upstream_least_conn
3554 - upstream_zone userid uwsgi"
3555 -NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
3556 - gzip_static image_filter mp4 perl random_index realip secure_link
3557 - slice stub_status sub xslt"
3558 -NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
3559 - upstream_hash upstream_least_conn upstream_zone"
3560 -NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
3561 -NGINX_MODULES_MAIL="imap pop3 smtp"
3562 -NGINX_MODULES_3RD="
3563 - http_auth_ldap
3564 - http_auth_pam
3565 - http_brotli
3566 - http_cache_purge
3567 - http_dav_ext
3568 - http_echo
3569 - http_fancyindex
3570 - http_geoip2
3571 - http_headers_more
3572 - http_javascript
3573 - http_lua
3574 - http_memc
3575 - http_metrics
3576 - http_mogilefs
3577 - http_naxsi
3578 - http_push_stream
3579 - http_security
3580 - http_slowfs_cache
3581 - http_sticky
3582 - http_upload_progress
3583 - http_upstream_check
3584 - http_vhost_traffic_status
3585 - stream_geoip2
3586 - stream_javascript
3587 -"
3588 -
3589 -IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
3590 - pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
3591 -
3592 -for mod in $NGINX_MODULES_STD; do
3593 - IUSE="${IUSE} +nginx_modules_http_${mod}"
3594 -done
3595 -
3596 -for mod in $NGINX_MODULES_OPT; do
3597 - IUSE="${IUSE} nginx_modules_http_${mod}"
3598 -done
3599 -
3600 -for mod in $NGINX_MODULES_STREAM_STD; do
3601 - IUSE="${IUSE} nginx_modules_stream_${mod}"
3602 -done
3603 -
3604 -for mod in $NGINX_MODULES_STREAM_OPT; do
3605 - IUSE="${IUSE} nginx_modules_stream_${mod}"
3606 -done
3607 -
3608 -for mod in $NGINX_MODULES_MAIL; do
3609 - IUSE="${IUSE} nginx_modules_mail_${mod}"
3610 -done
3611 -
3612 -for mod in $NGINX_MODULES_3RD; do
3613 - IUSE="${IUSE} nginx_modules_${mod}"
3614 -done
3615 -
3616 -# Add so we can warn users updating about config changes
3617 -# @TODO: jbergstroem: remove on next release series
3618 -IUSE="${IUSE} nginx_modules_http_spdy"
3619 -
3620 -CDEPEND="
3621 - pcre? ( dev-libs/libpcre:= )
3622 - pcre-jit? ( dev-libs/libpcre:=[jit] )
3623 - ssl? (
3624 - !libressl? ( dev-libs/openssl:0= )
3625 - libressl? ( dev-libs/libressl:= )
3626 - )
3627 - http2? (
3628 - !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
3629 - libressl? ( dev-libs/libressl:= )
3630 - )
3631 - http-cache? (
3632 - userland_GNU? (
3633 - !libressl? ( dev-libs/openssl:0= )
3634 - libressl? ( dev-libs/libressl:= )
3635 - )
3636 - )
3637 - nginx_modules_http_brotli? ( app-arch/brotli:= )
3638 - nginx_modules_http_geoip? ( dev-libs/geoip )
3639 - nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
3640 - nginx_modules_http_gunzip? ( sys-libs/zlib )
3641 - nginx_modules_http_gzip? ( sys-libs/zlib )
3642 - nginx_modules_http_gzip_static? ( sys-libs/zlib )
3643 - nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
3644 - nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
3645 - nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
3646 - nginx_modules_http_secure_link? (
3647 - userland_GNU? (
3648 - !libressl? ( dev-libs/openssl:0= )
3649 - libressl? ( dev-libs/libressl:= )
3650 - )
3651 - )
3652 - nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
3653 - nginx_modules_http_lua? ( dev-lang/luajit:2= )
3654 - nginx_modules_http_auth_pam? ( virtual/pam )
3655 - nginx_modules_http_metrics? ( dev-libs/yajl:= )
3656 - nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
3657 - nginx_modules_http_security? (
3658 - dev-libs/apr:=
3659 - dev-libs/apr-util:=
3660 - dev-libs/libxml2:=
3661 - net-misc/curl
3662 - www-servers/apache
3663 - )
3664 - nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
3665 - nginx_modules_stream_geoip? ( dev-libs/geoip )
3666 - nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
3667 -RDEPEND="${CDEPEND}
3668 - selinux? ( sec-policy/selinux-nginx )
3669 - !www-servers/nginx:0"
3670 -DEPEND="${CDEPEND}
3671 - nginx_modules_http_brotli? ( virtual/pkgconfig )
3672 - nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
3673 - arm? ( dev-libs/libatomic_ops )
3674 - libatomic? ( dev-libs/libatomic_ops )"
3675 -PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
3676 -
3677 -REQUIRED_USE="pcre-jit? ( pcre )
3678 - nginx_modules_http_grpc? ( http2 )
3679 - nginx_modules_http_lua? (
3680 - luajit
3681 - nginx_modules_http_rewrite
3682 - )
3683 - nginx_modules_http_naxsi? ( pcre )
3684 - nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
3685 - nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
3686 - nginx_modules_http_security? ( pcre )
3687 - nginx_modules_http_push_stream? ( ssl )"
3688 -
3689 -pkg_setup() {
3690 - NGINX_HOME="/var/lib/nginx"
3691 - NGINX_HOME_TMP="${NGINX_HOME}/tmp"
3692 -
3693 - ebegin "Creating nginx user and group"
3694 - enewgroup ${PN}
3695 - enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
3696 - eend $?
3697 -
3698 - if use libatomic; then
3699 - ewarn "GCC 4.1+ features built-in atomic operations."
3700 - ewarn "Using libatomic_ops is only needed if using"
3701 - ewarn "a different compiler or a GCC prior to 4.1"
3702 - fi
3703 -
3704 - if [[ -n $NGINX_ADD_MODULES ]]; then
3705 - ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
3706 - ewarn "This nginx installation is not supported!"
3707 - ewarn "Make sure you can reproduce the bug without those modules"
3708 - ewarn "_before_ reporting bugs."
3709 - fi
3710 -
3711 - if use !http; then
3712 - ewarn "To actually disable all http-functionality you also have to disable"
3713 - ewarn "all nginx http modules."
3714 - fi
3715 -
3716 - if use nginx_modules_http_mogilefs && use threads; then
3717 - eerror "mogilefs won't compile with threads support."
3718 - eerror "Please disable either flag and try again."
3719 - die "Can't compile mogilefs with threads support"
3720 - fi
3721 -}
3722 -
3723 -src_prepare() {
3724 - eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
3725 - eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
3726 -
3727 - if use nginx_modules_http_auth_pam; then
3728 - cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
3729 - eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
3730 - cd "${S}" || die
3731 - fi
3732 -
3733 - if use nginx_modules_http_brotli; then
3734 - cd "${HTTP_BROTLI_MODULE_WD}" || die
3735 - eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
3736 - cd "${S}" || die
3737 - fi
3738 -
3739 - if use nginx_modules_http_upstream_check; then
3740 - eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
3741 - fi
3742 -
3743 - if use nginx_modules_http_cache_purge; then
3744 - cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
3745 - eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
3746 - cd "${S}" || die
3747 - fi
3748 -
3749 - if use nginx_modules_http_security; then
3750 - cd "${HTTP_SECURITY_MODULE_WD}" || die
3751 -
3752 - eautoreconf
3753 -
3754 - if use luajit ; then
3755 - sed -i \
3756 - -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
3757 - configure || die
3758 - fi
3759 -
3760 - cd "${S}" || die
3761 - fi
3762 -
3763 - if use nginx_modules_http_upload_progress; then
3764 - cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
3765 - eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
3766 - cd "${S}" || die
3767 - fi
3768 -
3769 - find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
3770 - # We have config protection, don't rename etc files
3771 - sed -i 's:.default::' auto/install || die
3772 - # remove useless files
3773 - sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
3774 -
3775 - # don't install to /etc/nginx/ if not in use
3776 - local module
3777 - for module in fastcgi scgi uwsgi ; do
3778 - if ! use nginx_modules_http_${module}; then
3779 - sed -i -e "/${module}/d" auto/install || die
3780 - fi
3781 - done
3782 -
3783 - eapply_user
3784 -}
3785 -
3786 -src_configure() {
3787 - # mod_security needs to generate nginx/modsecurity/config before including it
3788 - if use nginx_modules_http_security; then
3789 - cd "${HTTP_SECURITY_MODULE_WD}" || die
3790 -
3791 - ./configure \
3792 - --enable-standalone-module \
3793 - --disable-mlogc \
3794 - --with-ssdeep=no \
3795 - $(use_enable pcre-jit) \
3796 - $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
3797 -
3798 - cd "${S}" || die
3799 - fi
3800 -
3801 - local myconf=() http_enabled= mail_enabled= stream_enabled=
3802 -
3803 - use aio && myconf+=( --with-file-aio )
3804 - use debug && myconf+=( --with-debug )
3805 - use http2 && myconf+=( --with-http_v2_module )
3806 - use libatomic && myconf+=( --with-libatomic )
3807 - use pcre && myconf+=( --with-pcre )
3808 - use pcre-jit && myconf+=( --with-pcre-jit )
3809 - use threads && myconf+=( --with-threads )
3810 -
3811 - # HTTP modules
3812 - for mod in $NGINX_MODULES_STD; do
3813 - if use nginx_modules_http_${mod}; then
3814 - http_enabled=1
3815 - else
3816 - myconf+=( --without-http_${mod}_module )
3817 - fi
3818 - done
3819 -
3820 - for mod in $NGINX_MODULES_OPT; do
3821 - if use nginx_modules_http_${mod}; then
3822 - http_enabled=1
3823 - myconf+=( --with-http_${mod}_module )
3824 - fi
3825 - done
3826 -
3827 - if use nginx_modules_http_fastcgi; then
3828 - myconf+=( --with-http_realip_module )
3829 - fi
3830 -
3831 - # third-party modules
3832 - if use nginx_modules_http_upload_progress; then
3833 - http_enabled=1
3834 - myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
3835 - fi
3836 -
3837 - if use nginx_modules_http_headers_more; then
3838 - http_enabled=1
3839 - myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
3840 - fi
3841 -
3842 - if use nginx_modules_http_cache_purge; then
3843 - http_enabled=1
3844 - myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
3845 - fi
3846 -
3847 - if use nginx_modules_http_slowfs_cache; then
3848 - http_enabled=1
3849 - myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
3850 - fi
3851 -
3852 - if use nginx_modules_http_fancyindex; then
3853 - http_enabled=1
3854 - myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
3855 - fi
3856 -
3857 - if use nginx_modules_http_lua; then
3858 - http_enabled=1
3859 - export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
3860 - export LUAJIT_INC=$(pkg-config --variable includedir luajit)
3861 - myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
3862 - myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
3863 - fi
3864 -
3865 - if use nginx_modules_http_auth_pam; then
3866 - http_enabled=1
3867 - myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
3868 - fi
3869 -
3870 - if use nginx_modules_http_upstream_check; then
3871 - http_enabled=1
3872 - myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
3873 - fi
3874 -
3875 - if use nginx_modules_http_metrics; then
3876 - http_enabled=1
3877 - myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
3878 - fi
3879 -
3880 - if use nginx_modules_http_naxsi ; then
3881 - http_enabled=1
3882 - myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
3883 - fi
3884 -
3885 - if use rtmp ; then
3886 - http_enabled=1
3887 - myconf+=( --add-module=${RTMP_MODULE_WD} )
3888 - fi
3889 -
3890 - if use nginx_modules_http_dav_ext ; then
3891 - http_enabled=1
3892 - myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
3893 - fi
3894 -
3895 - if use nginx_modules_http_echo ; then
3896 - http_enabled=1
3897 - myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
3898 - fi
3899 -
3900 - if use nginx_modules_http_security ; then
3901 - http_enabled=1
3902 - myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
3903 - fi
3904 -
3905 - if use nginx_modules_http_push_stream ; then
3906 - http_enabled=1
3907 - myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
3908 - fi
3909 -
3910 - if use nginx_modules_http_sticky ; then
3911 - http_enabled=1
3912 - myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
3913 - fi
3914 -
3915 - if use nginx_modules_http_mogilefs ; then
3916 - http_enabled=1
3917 - myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
3918 - fi
3919 -
3920 - if use nginx_modules_http_memc ; then
3921 - http_enabled=1
3922 - myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
3923 - fi
3924 -
3925 - if use nginx_modules_http_auth_ldap; then
3926 - http_enabled=1
3927 - myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
3928 - fi
3929 -
3930 - if use nginx_modules_http_vhost_traffic_status; then
3931 - http_enabled=1
3932 - myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
3933 - fi
3934 -
3935 - if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
3936 - myconf+=( --add-module=${GEOIP2_MODULE_WD} )
3937 - fi
3938 -
3939 - if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
3940 - myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
3941 - fi
3942 -
3943 - if use nginx_modules_http_brotli; then
3944 - http_enabled=1
3945 - myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
3946 - fi
3947 -
3948 - if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
3949 - http_enabled=1
3950 - fi
3951 -
3952 - if [ $http_enabled ]; then
3953 - use http-cache || myconf+=( --without-http-cache )
3954 - use ssl && myconf+=( --with-http_ssl_module )
3955 - else
3956 - myconf+=( --without-http --without-http-cache )
3957 - fi
3958 -
3959 - # Stream modules
3960 - for mod in $NGINX_MODULES_STREAM_STD; do
3961 - if use nginx_modules_stream_${mod}; then
3962 - stream_enabled=1
3963 - else
3964 - myconf+=( --without-stream_${mod}_module )
3965 - fi
3966 - done
3967 -
3968 - for mod in $NGINX_MODULES_STREAM_OPT; do
3969 - if use nginx_modules_stream_${mod}; then
3970 - stream_enabled=1
3971 - myconf+=( --with-stream_${mod}_module )
3972 - fi
3973 - done
3974 -
3975 - if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
3976 - stream_enabled=1
3977 - fi
3978 -
3979 - if [ $stream_enabled ]; then
3980 - myconf+=( --with-stream )
3981 - use ssl && myconf+=( --with-stream_ssl_module )
3982 - fi
3983 -
3984 - # MAIL modules
3985 - for mod in $NGINX_MODULES_MAIL; do
3986 - if use nginx_modules_mail_${mod}; then
3987 - mail_enabled=1
3988 - else
3989 - myconf+=( --without-mail_${mod}_module )
3990 - fi
3991 - done
3992 -
3993 - if [ $mail_enabled ]; then
3994 - myconf+=( --with-mail )
3995 - use ssl && myconf+=( --with-mail_ssl_module )
3996 - fi
3997 -
3998 - # custom modules
3999 - for mod in $NGINX_ADD_MODULES; do
4000 - myconf+=( --add-module=${mod} )
4001 - done
4002 -
4003 - # https://bugs.gentoo.org/286772
4004 - export LANG=C LC_ALL=C
4005 - tc-export CC
4006 -
4007 - if ! use prefix; then
4008 - myconf+=( --user=${PN} )
4009 - myconf+=( --group=${PN} )
4010 - fi
4011 -
4012 - local WITHOUT_IPV6=
4013 - if ! use ipv6; then
4014 - WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
4015 - fi
4016 -
4017 - if [[ -n "${EXTRA_ECONF}" ]]; then
4018 - myconf+=( ${EXTRA_ECONF} )
4019 - ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
4020 - fi
4021 -
4022 - ./configure \
4023 - --prefix="${EPREFIX}"/usr \
4024 - --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
4025 - --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
4026 - --pid-path="${EPREFIX}"/run/${PN}.pid \
4027 - --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
4028 - --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
4029 - --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
4030 - --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
4031 - --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
4032 - --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
4033 - --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
4034 - --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
4035 - --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
4036 - --with-compat \
4037 - "${myconf[@]}" || die "configure failed"
4038 -
4039 - # A purely cosmetic change that makes nginx -V more readable. This can be
4040 - # good if people outside the gentoo community would troubleshoot and
4041 - # question the users setup.
4042 - sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
4043 -}
4044 -
4045 -src_compile() {
4046 - use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
4047 -
4048 - # https://bugs.gentoo.org/286772
4049 - export LANG=C LC_ALL=C
4050 - emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
4051 -}
4052 -
4053 -src_install() {
4054 - emake DESTDIR="${D%/}" install
4055 -
4056 - cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
4057 -
4058 - newinitd "${FILESDIR}"/nginx.initd-r4 nginx
4059 - newconfd "${FILESDIR}"/nginx.confd nginx
4060 -
4061 - systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
4062 -
4063 - doman man/nginx.8
4064 - dodoc CHANGES* README
4065 -
4066 - # just keepdir. do not copy the default htdocs files (bug #449136)
4067 - keepdir /var/www/localhost
4068 - rm -rf "${D}"usr/html || die
4069 -
4070 - # set up a list of directories to keep
4071 - local keepdir_list="${NGINX_HOME_TMP}"/client
4072 - local module
4073 - for module in proxy fastcgi scgi uwsgi; do
4074 - use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
4075 - done
4076 -
4077 - keepdir /var/log/nginx ${keepdir_list}
4078 -
4079 - # this solves a problem with SELinux where nginx doesn't see the directories
4080 - # as root and tries to create them as nginx
4081 - fperms 0750 "${NGINX_HOME_TMP}"
4082 - fowners ${PN}:0 "${NGINX_HOME_TMP}"
4083 -
4084 - fperms 0700 ${keepdir_list}
4085 - fowners ${PN}:${PN} ${keepdir_list}
4086 -
4087 - fperms 0710 /var/log/nginx
4088 - fowners 0:${PN} /var/log/nginx
4089 -
4090 - # logrotate
4091 - insinto /etc/logrotate.d
4092 - newins "${FILESDIR}"/nginx.logrotate-r1 nginx
4093 -
4094 - if use luajit; then
4095 - pax-mark m "${ED%/}/usr/sbin/nginx"
4096 - fi
4097 -
4098 - if use nginx_modules_http_perl; then
4099 - cd "${S}"/objs/src/http/modules/perl/ || die
4100 - emake DESTDIR="${D}" INSTALLDIRS=vendor
4101 - perl_delete_localpod
4102 - cd "${S}" || die
4103 - fi
4104 -
4105 - if use nginx_modules_http_cache_purge; then
4106 - docinto ${HTTP_CACHE_PURGE_MODULE_P}
4107 - dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
4108 - fi
4109 -
4110 - if use nginx_modules_http_slowfs_cache; then
4111 - docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
4112 - dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
4113 - fi
4114 -
4115 - if use nginx_modules_http_fancyindex; then
4116 - docinto ${HTTP_FANCYINDEX_MODULE_P}
4117 - dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
4118 - fi
4119 -
4120 - if use nginx_modules_http_lua; then
4121 - docinto ${HTTP_LUA_MODULE_P}
4122 - dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
4123 - fi
4124 -
4125 - if use nginx_modules_http_auth_pam; then
4126 - docinto ${HTTP_AUTH_PAM_MODULE_P}
4127 - dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
4128 - fi
4129 -
4130 - if use nginx_modules_http_upstream_check; then
4131 - docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
4132 - dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
4133 - fi
4134 -
4135 - if use nginx_modules_http_naxsi; then
4136 - insinto /etc/nginx
4137 - doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
4138 - fi
4139 -
4140 - if use rtmp; then
4141 - docinto ${RTMP_MODULE_P}
4142 - dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
4143 - fi
4144 -
4145 - if use nginx_modules_http_dav_ext; then
4146 - docinto ${HTTP_DAV_EXT_MODULE_P}
4147 - dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
4148 - fi
4149 -
4150 - if use nginx_modules_http_echo; then
4151 - docinto ${HTTP_ECHO_MODULE_P}
4152 - dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
4153 - fi
4154 -
4155 - if use nginx_modules_http_security; then
4156 - docinto ${HTTP_SECURITY_MODULE_P}
4157 - dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
4158 - fi
4159 -
4160 - if use nginx_modules_http_push_stream; then
4161 - docinto ${HTTP_PUSH_STREAM_MODULE_P}
4162 - dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
4163 - fi
4164 -
4165 - if use nginx_modules_http_sticky; then
4166 - docinto ${HTTP_STICKY_MODULE_P}
4167 - dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
4168 - fi
4169 -
4170 - if use nginx_modules_http_memc; then
4171 - docinto ${HTTP_MEMC_MODULE_P}
4172 - dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
4173 - fi
4174 -
4175 - if use nginx_modules_http_auth_ldap; then
4176 - docinto ${HTTP_LDAP_MODULE_P}
4177 - dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
4178 - fi
4179 -}
4180 -
4181 -pkg_postinst() {
4182 - if use ssl; then
4183 - if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
4184 - install_cert /etc/ssl/${PN}/${PN}
4185 - use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
4186 - fi
4187 - fi
4188 -
4189 - if use nginx_modules_http_spdy; then
4190 - ewarn ""
4191 - ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
4192 - ewarn "Update your configs and package.use accordingly."
4193 - fi
4194 -
4195 - if use nginx_modules_http_lua; then
4196 - ewarn ""
4197 - ewarn "While you can build lua 3rd party module against ${P}"
4198 - ewarn "the author warns that >=${PN}-1.11.11 is still not an"
4199 - ewarn "officially supported target yet. You are on your own."
4200 - ewarn "Expect runtime failures, memory leaks and other problems!"
4201 - fi
4202 -
4203 - if use nginx_modules_http_lua && use http2; then
4204 - ewarn ""
4205 - ewarn "Lua 3rd party module author warns against using ${P} with"
4206 - ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
4207 - fi
4208 -
4209 - local _n_permission_layout_checks=0
4210 - local _has_to_adjust_permissions=0
4211 - local _has_to_show_permission_warning=0
4212 -
4213 - # Defaults to 1 to inform people doing a fresh installation
4214 - # that we ship modified {scgi,uwsgi,fastcgi}_params files
4215 - local _has_to_show_httpoxy_mitigation_notice=1
4216 -
4217 - local _replacing_version=
4218 - for _replacing_version in ${REPLACING_VERSIONS}; do
4219 - _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
4220 -
4221 - if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
4222 - # Should never happen:
4223 - # Package is abusing slots but doesn't allow multiple parallel installations.
4224 - # If we run into this situation it is unsafe to automatically adjust any
4225 - # permission...
4226 - _has_to_show_permission_warning=1
4227 -
4228 - ewarn "Replacing multiple ${PN}' versions is unsupported! " \
4229 - "You will have to adjust permissions on your own."
4230 -
4231 - break
4232 - fi
4233 -
4234 - local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
4235 - debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
4236 -
4237 - # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
4238 - # This was before we introduced multiple nginx versions so we
4239 - # do not need to distinguish between stable and mainline
4240 - local _need_to_fix_CVE2013_0337=1
4241 -
4242 - if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
4243 - # We are updating an installation which should already be fixed
4244 - _need_to_fix_CVE2013_0337=0
4245 - debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
4246 - else
4247 - _has_to_adjust_permissions=1
4248 - debug-print "Need to adjust permissions to fix CVE-2013-0337!"
4249 - fi
4250 -
4251 - # Do we need to inform about HTTPoxy mitigation?
4252 - # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
4253 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
4254 - # Updating from <1.10
4255 - _has_to_show_httpoxy_mitigation_notice=1
4256 - debug-print "Need to inform about HTTPoxy mitigation!"
4257 - else
4258 - # Updating from >=1.10
4259 - local _fixed_in_pvr=
4260 - case "${_replacing_version_branch}" in
4261 - "1.10")
4262 - _fixed_in_pvr="1.10.1-r2"
4263 - ;;
4264 - "1.11")
4265 - _fixed_in_pvr="1.11.3-r1"
4266 - ;;
4267 - *)
4268 - # This should be any future branch.
4269 - # If we run this code it is safe to assume that the user has
4270 - # already seen the HTTPoxy mitigation notice because he/she is doing
4271 - # an update from previous version where we have already shown
4272 - # the warning. Otherwise, we wouldn't hit this code path ...
4273 - _fixed_in_pvr=
4274 - esac
4275 -
4276 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
4277 - # We are updating an installation where we already informed
4278 - # that we are mitigating HTTPoxy per default
4279 - _has_to_show_httpoxy_mitigation_notice=0
4280 - debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
4281 - else
4282 - _has_to_show_httpoxy_mitigation_notice=1
4283 - debug-print "Need to inform about HTTPoxy mitigation!"
4284 - fi
4285 - fi
4286 -
4287 - # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
4288 - # All branches up to 1.11 are affected
4289 - local _need_to_fix_CVE2016_1247=1
4290 -
4291 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
4292 - # Updating from <1.10
4293 - _has_to_adjust_permissions=1
4294 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
4295 - else
4296 - # Updating from >=1.10
4297 - local _fixed_in_pvr=
4298 - case "${_replacing_version_branch}" in
4299 - "1.10")
4300 - _fixed_in_pvr="1.10.2-r3"
4301 - ;;
4302 - "1.11")
4303 - _fixed_in_pvr="1.11.6-r1"
4304 - ;;
4305 - *)
4306 - # This should be any future branch.
4307 - # If we run this code it is safe to assume that we have already
4308 - # adjusted permissions or were never affected because user is
4309 - # doing an update from previous version which was safe or did
4310 - # the adjustments. Otherwise, we wouldn't hit this code path ...
4311 - _fixed_in_pvr=
4312 - esac
4313 -
4314 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
4315 - # We are updating an installation which should already be adjusted
4316 - # or which was never affected
4317 - _need_to_fix_CVE2016_1247=0
4318 - debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
4319 - else
4320 - _has_to_adjust_permissions=1
4321 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
4322 - fi
4323 - fi
4324 - done
4325 -
4326 - if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
4327 - # We do not DIE when chmod/chown commands are failing because
4328 - # package is already merged on user's system at this stage
4329 - # and we cannot retry without losing the information that
4330 - # the existing installation needs to adjust permissions.
4331 - # Instead we are going to a show a big warning ...
4332 -
4333 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
4334 - ewarn ""
4335 - ewarn "The world-readable bit (if set) has been removed from the"
4336 - ewarn "following directories to mitigate a security bug"
4337 - ewarn "(CVE-2013-0337, bug #458726):"
4338 - ewarn ""
4339 - ewarn " ${EPREFIX%/}/var/log/nginx"
4340 - ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
4341 - ewarn ""
4342 - ewarn "Check if this is correct for your setup before restarting nginx!"
4343 - ewarn "This is a one-time change and will not happen on subsequent updates."
4344 - ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
4345 - chmod o-rwx \
4346 - "${EPREFIX%/}"/var/log/nginx \
4347 - "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
4348 - _has_to_show_permission_warning=1
4349 - fi
4350 -
4351 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
4352 - ewarn ""
4353 - ewarn "The permissions on the following directory have been reset in"
4354 - ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
4355 - ewarn ""
4356 - ewarn " ${EPREFIX%/}/var/log/nginx"
4357 - ewarn ""
4358 - ewarn "Check if this is correct for your setup before restarting nginx!"
4359 - ewarn "Also ensure that no other log directory used by any of your"
4360 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
4361 - ewarn "used by nginx can be abused to escalate privileges!"
4362 - ewarn "This is a one-time change and will not happen on subsequent updates."
4363 - chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
4364 - chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
4365 - fi
4366 -
4367 - if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
4368 - # Should never happen ...
4369 - ewarn ""
4370 - ewarn "*************************************************************"
4371 - ewarn "*************** W A R N I N G ***************"
4372 - ewarn "*************************************************************"
4373 - ewarn "The one-time only attempt to adjust permissions of the"
4374 - ewarn "existing nginx installation failed. Be aware that we will not"
4375 - ewarn "try to adjust the same permissions again because now you are"
4376 - ewarn "using a nginx version where we expect that the permissions"
4377 - ewarn "are already adjusted or that you know what you are doing and"
4378 - ewarn "want to keep custom permissions."
4379 - ewarn ""
4380 - fi
4381 - fi
4382 -
4383 - # Sanity check for CVE-2016-1247
4384 - # Required to warn users who received the warning above and thought
4385 - # they could fix it by unmerging and re-merging the package or have
4386 - # unmerged a affected installation on purpose in the past leaving
4387 - # /var/log/nginx on their system due to keepdir/non-empty folder
4388 - # and are now installing the package again.
4389 - local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
4390 - su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
4391 - if [ $? -eq 0 ] ; then
4392 - # Cleanup -- no reason to die here!
4393 - rm -f "${_sanity_check_testfile}"
4394 -
4395 - ewarn ""
4396 - ewarn "*************************************************************"
4397 - ewarn "*************** W A R N I N G ***************"
4398 - ewarn "*************************************************************"
4399 - ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
4400 - ewarn "(bug #605008) because nginx user is able to create files in"
4401 - ewarn ""
4402 - ewarn " ${EPREFIX%/}/var/log/nginx"
4403 - ewarn ""
4404 - ewarn "Also ensure that no other log directory used by any of your"
4405 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
4406 - ewarn "used by nginx can be abused to escalate privileges!"
4407 - fi
4408 -
4409 - if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
4410 - # HTTPoxy mitigation
4411 - ewarn ""
4412 - ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
4413 - ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
4414 - ewarn "the HTTP_PROXY parameter to an empty string per default when you"
4415 - ewarn "are sourcing one of the default"
4416 - ewarn ""
4417 - ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
4418 - ewarn " - 'scgi_params'"
4419 - ewarn " - 'uwsgi_params'"
4420 - ewarn ""
4421 - ewarn "files in your server block(s)."
4422 - ewarn ""
4423 - ewarn "If this is causing any problems for you make sure that you are sourcing the"
4424 - ewarn "default parameters _before_ you set your own values."
4425 - ewarn "If you are relying on user-supplied proxy values you have to remove the"
4426 - ewarn "correlating lines from the file(s) mentioned above."
4427 - ewarn ""
4428 - fi
4429 -}
Report Message
Find on MARC Find on Google Groups