Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
Date: Tue, 26 Feb 2019 19:04:11
Message-Id: 1551207837.8d3f825f4c0e8837f3f36bc8b974f2ce01726c1d.whissi@gentoo
1 commit: 8d3f825f4c0e8837f3f36bc8b974f2ce01726c1d
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Tue Feb 26 19:03:43 2019 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Tue Feb 26 19:03:57 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d3f825f
7
8 www-servers/nginx: drop old
9
10 Package-Manager: Portage-2.3.62, Repoman-2.3.12
11 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
12
13 www-servers/nginx/Manifest | 10 -
14 www-servers/nginx/nginx-1.14.1.ebuild | 1081 -----------------------------
15 www-servers/nginx/nginx-1.14.2-r1.ebuild | 1087 ------------------------------
16 www-servers/nginx/nginx-1.14.2-r2.ebuild | 1087 ------------------------------
17 www-servers/nginx/nginx-1.15.6.ebuild | 1081 -----------------------------
18 www-servers/nginx/nginx-1.15.7-r1.ebuild | 1087 ------------------------------
19 www-servers/nginx/nginx-1.15.8-r1.ebuild | 1087 ------------------------------
20 7 files changed, 6520 deletions(-)
21
22 diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
23 index b7303ac6757..02b3cd98366 100644
24 --- a/www-servers/nginx/Manifest
25 +++ b/www-servers/nginx/Manifest
26 @@ -1,10 +1,5 @@
27 -DIST modsecurity-2.9.2.tar.gz 4298993 BLAKE2B 32a92148f0e1a1166cf888b8172fc55340c5712c9b770583703c74db450e77226629640c9db03f32e9f28397e6488669d06a89e4d31cb5ab5fff26b30ad843e0 SHA512 69c87ef6f7b6411f4803eb25af32969a1da59722121257c2edf345a3f5a4ab9ae8a49c886cbbfc722c5bda91c6d6ea55232f968c0a0407d7d7b3af53dc862c21
28 DIST modsecurity-2.9.3.tar.gz 4307670 BLAKE2B 337ea15cc8805af7ab43aed8aecf4c72ccc586d0d7e9d9b91f036a61baa70d1ac8b4ad8045a2bb7a13515912a15fba7d3cdb9670ae6730de43b1e44ee90ded6d SHA512 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd
29 -DIST nginx-1.14.1.tar.gz 1014040 BLAKE2B ce69cc693599be2c36b8b5f9ce4174be72b9fdc01c0cdd237725815cd8dc68fc3d04f93c38eed78b8d144aa88e1e916b54cd95a948b6272fbb7c74e75613c1f8 SHA512 906c9f44462c0a6b3d9d968641038511012de2662d8490bdb863e540988c2fb15f5cf8a8172e65267dab525e5edf2e9945d7da42a0aa2de5ac81de33fadcd9f3
30 DIST nginx-1.14.2.tar.gz 1015384 BLAKE2B 0d41b078215ca3996f434cf3d43c99a52dd43f8b1b798a4566d3f9509fa35c74c139a3e0dca8b0350ee3eb1064dacc8e76bb2fc3ffc78873eec8fff80e53214d SHA512 d8362dbd86435657d6b13156bd6ad1b251d2ab10bc11cdda959b142dd6120b087e4b314f0025d9bbcc88529cb4b9407fb4df1cfae5d081b7ea1db51ccfc2dbe7
31 -DIST nginx-1.15.6.tar.gz 1025761 BLAKE2B 0d8a76a04f830e85d6022faaea6a27f6d80382bfbfa067f29c6d62e34f4d6a35c315a71727a1c12dd3cd804a4e84eccde8a1cbd42be95c06143817ebdde00951 SHA512 89c1b7df7ed0722a930a977edfb94a8278e51ebd7d5a0d0959ac09515374f976283e945c283b704447f7b57fd302bdbbea0d0d11c48aa282f2d53230eb3e63be
32 -DIST nginx-1.15.7.tar.gz 1026732 BLAKE2B daa4ee39b63e67bcf84e673a3f69ae9c522534584ae5e9e93052f3468fe7a0167e20d855c3b09f6f0b9397b175468d8706bd9e764453c735209f503457b8a747 SHA512 93c5ae89bfabd4c984835517ec6ae739b660c7c28da253378ab602d518dffbd22ce73202fdba0e48fd4d231f7e44d040ff2808b80ada3a6a71936482d20cca18
33 -DIST nginx-1.15.8.tar.gz 1027862 BLAKE2B 6330a4fe4ccd4f1def7e086ac1028515323d011dab5609af6a12b548795da14a1fa6b6ab180eef1b1f4085fa5d52f60bda984dd1145e0d9152db14d0335b5304 SHA512 4509f0a0adf189bbdfa068adb120d0c26e594283b84c75f7df256b46e505aab5adda50b845abbbe07ab36f54c5ebefac4660fa315546856fb5114067e70394d3
34 DIST nginx-1.15.9.tar.gz 1031760 BLAKE2B 899b86f16ee9ba3795085e8e901750c767dc8f040c36e372146dcef3995cf0168020179a3dfce6cfd6516e063105aa2d8fb59661f176920a718db394b0f174c7 SHA512 24dcd5b9bae966244663ff71a625ca90fbe1b29b5717e88aca96ac0c4772108a234647a8c7456154f34ef34d27ebffdce82ad30d2900f24ef5536af6080a6ba8
35 DIST nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c.tar.gz 18457 BLAKE2B 22225ca9e5299b20ab5a93a001cac48e446bd86b3a24ac49e716bc975b128890bdb4b0dbbf5730fbaaeadfd958160093c7a6af798dd0e6de27062f149a760333 SHA512 ec59637fda5acac053e815cb1d04b545fc6b765e5ec63d8c2c9c301abad87afaa2698145acac08e9e14c91e1423ebff7aff0cca2b940b19ccccbf4cf53973269
36 DIST nginx_http_sticky_module_ng-1.2.6-10-g08a395c66e42.tar.bz2 124047 BLAKE2B d37ef9a15c91abe3c6258e420d1f99fa452f9d9966a0e13102174973314a3bac5413957a5fe632a9dcb1163b3be5df8116e05cc053ee061e19319ec25f341570 SHA512 6c1bfdcf89884b2855d51ae7da0f6e53a4ca3629e1aaf58433b70c07dcb2af797ba6e87d9b3eb4fe2fb6d4d697e862f2b4c2f8d8b3fdaea201740c97ec936529
37 @@ -12,13 +7,11 @@ DIST ngx_brotli-8104036af9cff4b1d34f22d00ba857e2a93a243c.tar.gz 12672 BLAKE2B fa
38 DIST ngx_devel_kit-0.3.0-r1.tar.gz 66455 BLAKE2B e4e987a85b2283ba540b4b894382e65dac7fbca23e233b1031b38828908088370cdb1a9bded4d4ee1ceb1c2e1d506dc2b6f4ba5f6ee94248e863def5a1c8dd1a SHA512 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614
39 DIST ngx_http_auth_pam-1.5.1.tar.gz 6863 BLAKE2B 00807cc3db8f6c007c968b8a30d7f6094b7d9db4eaa60d211fcb3ac60aeb28c5f8193578a7e1ca67acbbf57a319c8442fe44efc1e193927c3bce5961539f9c16 SHA512 973b94874d8a58c0df0ac2d31571eafc1e80b11179cba33ec88421a826207fbf7e99b0387e135a1ca48d82daacb78f19a4c21d3a27b49b16dc86b4748bb72261
40 DIST ngx_http_cache_purge-2.3.tar.gz 12248 BLAKE2B f83b267f4c19a9d4af5964522695814c164d200ecd4108bf8f6b5c21388eba8af989bdda646dee18a03174211e8c090a04736bbeb44043cb0e19fbccdc66278e SHA512 50a31dbf2216a6fae74a186af56dec4600cf55777e76a10ac0075f609e7737135aab063a64f2590dddcd0369ebebd4a523027f3d9ebcca74f7b4355be1c5dcc0
41 -DIST ngx_http_dav_ext-0.1.0.tar.gz 6614 BLAKE2B 3951b573e80e8f02199680fb1ba23baa9ed0845002bf5c78fec291f3a2c01017bcf90f969e924d2e1e03db2aef364af6eaa19398478dfc22fc5bdd57508a9cbd SHA512 47b1686b483640a7fdcbf8081aae2e9f83fb0072ef0940b1cd7f8ddf4932317740b38f0dd4a8f3dd8da074c11c70038ac6758c0feafd3851331acdc85f3e0ee1
42 DIST ngx_http_dav_ext-3.0.0.tar.gz 14558 BLAKE2B 0d370bfe34600d43a540dd19a386aa52ce135b2eae14e4e108a359d5ff3405939130d1c802062c7523057ec35d38322d3fbed8c13deb58ce7a08ebf9e3f106d4 SHA512 d0193ba90f1ef46c4e470630c4394bdf99d94fd2e3bd8be6cb2ba1655ec59944b1269025f032b79dc2c6dad366e54389ef6a6da2ddeb91d535a4027f2162fbde
43 DIST ngx_http_echo-0.61.tar.gz 53155 BLAKE2B 72565b5d79598b5dcd1c10fa0f718e749894ca5f1232d5aae60c61e268b5904af35fdcd35afcf72de93852af9e0ca58805d77cbc37919fba9012158b5545baab SHA512 c90b81a4e85a8e9beeb5ff591dc91adb25fa4e0b6cb47086b577e5fa36db2368442dd011187675e358781956c364b949bc4d920ca2b534481b21c9987d2a9a3b
44 DIST ngx_http_fancyindex-0.4.3.tar.gz 25274 BLAKE2B 5ce3102326f6b8cc2b333ed08f7a66476842d2c70089175e577a3ba958317ed702f24ece002506007eb45e9e50b8f6ecb137cde222566308986cba2682b70f7d SHA512 fe5f6afc29c99f66151c1a06e27b5749b0a16227638583d9c961adc94b2942b981184382f95e70d927f00b09b43f597b963a85a41bde5903b10e42f86bc321f1
45 DIST ngx_http_geoip2_module-2.0.tar.gz 6766 BLAKE2B 338c9503530ebba6076a2222fe9d164fdfe39ac603c4ecc7ad5b5d1482c1e21d0f1bc52be585d6a88968b29edfd8b1b63ce572e9ee8d8efb4d88889ef4cbb65b SHA512 32a23ba20e4ef3885b09baf938ef57405a6f23e86a7dbecbe5285be74c0433fc33eee70742113706e66ee105909deb1ec844ce36a6f33108597f736341d8c230
46 DIST ngx_http_headers_more-0.33.tar.gz 28130 BLAKE2B fe3097a7700ce5da087058f7bb44c95164b75137031187400473f6833bf0e33e5c4920807225a6ff94174fe7dbd6186cca176a33a629ca0911faab6804bdd12a SHA512 13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37
47 -DIST ngx_http_lua-0.10.13.tar.gz 624102 BLAKE2B 009506e4cd505a2e383e2c6344b62b541b3bbb28410d4ae2e88139227e22e19dd14372a902f172fadaf82a76c5875936caff4a8c98ff740456488e5ac6ff8c53 SHA512 8c316b9d12dc35779fcddc6bb90942c096f19fd8c2e090b8397e1e1ca6f0ebd7a4edddc03fddb31310147ba4e9db9fc4b3749cfd2323046d88045b3b3333f07d
48 DIST ngx_http_lua-0.10.14.tar.gz 654097 BLAKE2B ee38aca7d981be5bfd7af52521c51d43bc7a8fed38c97cab29498535875380dd50407cce367e60ab3608baa2bc05556a1d92530a8b4542ce1ef0319e35f9457d SHA512 f2c4241ff52130cd116220e48a1032b9cbc8ff70f0ed0fbb918e18bb7681f0b1e07a2108b2ba5bc551a6557d87971ae4c8bda30e255acff1f7d72dd9232132ba
49 DIST ngx_http_naxsi-0.56.tar.gz 192120 BLAKE2B cdbfc278f346ccdc0d5407d70ddd4740816d9fe786d3d65189d47e6f3b030c02352a30ed86bf1650139a21a8408e74c1ec7d7aa3512df1428870279ab384dd15 SHA512 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd
50 DIST ngx_http_push_stream-0.5.4.tar.gz 183493 BLAKE2B ccae3113071cee38fa6a7accd580922dc2fc9fa22af737f400c2c5f59352d93ca6cceb47f2aee70dfc111afdf98d27aeb64ddc5a4dbf617359ea4da09486ac7f SHA512 467ae49409adb675979ff591f98df8c96d71ab5ebc2ef9b3c9430e38e7e84d311b4a98c2b1cb1886d895735223dd2a43370aab61b57b34adb1427c184e6b8c86
51 @@ -30,7 +23,4 @@ DIST ngx_memc_module-0.19.tar.gz 34654 BLAKE2B 536384c264d88535179634d459d3a47b1
52 DIST ngx_metrics-0.1.1.tar.gz 2964 BLAKE2B 95d71ea26c949c345b83e353bd66a20df18cc8b2b93f692615a1b39c1f327393647f80e7a27e6929799a6e7e3469b61e1cd72f7821f7a820da4dd7cd9a96d85c SHA512 d36a8fb0104c83b6b564e03b351aa750cab08650264c74d6f786af357bfb7006b531a93270dd961896ea8dafe27e5db8548ede714c5f52c4742876bc73af4b5e
53 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 BLAKE2B e0729b66554c8890727190a624d4c9aef6499dfc2e301541a9bfc15690caf6d3155c8a4b8f7a1555a7655b47aa0cd1b797aeb8ba82efa92ab80808218a0bdcff SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1
54 DIST ngx_rtmp-1.2.1.tar.gz 519919 BLAKE2B 744ccb8031eb9653f158f9eceba64fc9c8af7b9a42e64ef996ab3bbbe1402e5ffd3efcc8e4aaca437eb5e208e4b6f2d8643fcca953b32f32543eaa1ae4d9505c SHA512 4a0af5e9afa4deb0b53de8de7ddb2cfa6430d372e1ef9e421f01b509548bd134d427345442ac1ce667338cc2a1484dc2ab732e316e878ac7d3537dc527d5f922
55 -DIST njs-0.2.5.tar.gz 281821 BLAKE2B 58eaa778b3c6977344e9ca5076b06336d51640d032ca08d36b07ec3fe5eb95d5501bd2f90e2f4f73670fc5b733d4baf3655207c319029fa5529ab989c9f0b577 SHA512 d434ba6bafbe591cbf8a7c1c003d98e2e675e634c5756d7d110d1347d4c9b984ccd4acceeab9021260ef14f795c2e2384b97609bd4abce534106a6b7dfb85092
56 -DIST njs-0.2.6.tar.gz 284635 BLAKE2B 1735e5db87c031a841173507660aacaa6f3b4731e82d6ca47b0d9bd727c4bfdcc175741a67c70d83c231601236d419d16df1702e50a784a7aa574d926ed45be5 SHA512 a6991678a85641d4d733de2e64eaa32a2320bf60d0e4b9e9a991f70af061698d10a23f00b8d45d7ae6eb4c46d75a4f9fb4f1ed20291a2cda764b29b74d8c0455
57 -DIST njs-0.2.7.tar.gz 287458 BLAKE2B 7c8e1bc2bdf7bd9fb01c27cd734cfcd8184e73d98e49e0a9a4a57dd07b8c5bd84c06af76d9c87876ee963658efbf27a2795b0baf114bc80d22aa2e0f2019508b SHA512 4e148905c098cbb902743d71bfd78360a68eeff4477240faa3f05f33fc66d68964d90d010e8f406d1eb9b34e01a15dc23e5cef1b91207f0c4ca0371373d4d5c9
58 DIST njs-0.2.8.tar.gz 300750 BLAKE2B 180770c9e56bb7a9c2e3c33c5c4ca87ce56eb16fc1fca483c952ecf9885ae45734bdd7f794d0fc316fd6191d7a6a8c093fd49dc80985ab07b0880f3500aaa1be SHA512 f4ab5dc0b807df443c9edb01020eb78979d4747111e3a529a6303100b922f9acc9e281cde6d88a920c30b4780b2cd85ca2f5abd3518488b75f6ed1b12cf8d616
59
60 diff --git a/www-servers/nginx/nginx-1.14.1.ebuild b/www-servers/nginx/nginx-1.14.1.ebuild
61 deleted file mode 100644
62 index ba2b07dc015..00000000000
63 --- a/www-servers/nginx/nginx-1.14.1.ebuild
64 +++ /dev/null
65 @@ -1,1081 +0,0 @@
66 -# Copyright 1999-2018 Gentoo Authors
67 -# Distributed under the terms of the GNU General Public License v2
68 -
69 -EAPI="6"
70 -
71 -# Maintainer notes:
72 -# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
73 -# - any http-module activates the main http-functionality and overrides USE=-http
74 -# - keep the following requirements in mind before adding external modules:
75 -# * alive upstream
76 -# * sane packaging
77 -# * builds cleanly
78 -# * does not need a patch for nginx core
79 -# - TODO: test the google-perftools module (included in vanilla tarball)
80 -
81 -# prevent perl-module from adding automagic perl DEPENDs
82 -GENTOO_DEPEND_ON_PERL="no"
83 -
84 -# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
85 -DEVEL_KIT_MODULE_PV="0.3.0"
86 -DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
87 -DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
88 -DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
89 -
90 -# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
91 -HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
92 -HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
93 -HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
94 -HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
95 -
96 -# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
97 -HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
98 -HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
99 -HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
100 -HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
101 -
102 -# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
103 -HTTP_HEADERS_MORE_MODULE_PV="0.33"
104 -HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
105 -HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
106 -HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
107 -
108 -# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
109 -HTTP_CACHE_PURGE_MODULE_PV="2.3"
110 -HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
111 -HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
112 -HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
113 -
114 -# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
115 -HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
116 -HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
117 -HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
118 -HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
119 -
120 -# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
121 -HTTP_FANCYINDEX_MODULE_PV="0.4.3"
122 -HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
123 -HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
124 -HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
125 -
126 -# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
127 -HTTP_LUA_MODULE_PV="0.10.13"
128 -HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
129 -HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
130 -HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
131 -
132 -# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
133 -HTTP_AUTH_PAM_MODULE_PV="1.5.1"
134 -HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
135 -HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
136 -HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
137 -
138 -# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
139 -HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
140 -HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
141 -HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
142 -HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
143 -
144 -# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
145 -HTTP_METRICS_MODULE_PV="0.1.1"
146 -HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
147 -HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
148 -HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
149 -
150 -# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
151 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
152 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
153 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
154 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
155 -
156 -# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
157 -HTTP_NAXSI_MODULE_PV="0.56"
158 -HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
159 -HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
160 -HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
161 -
162 -# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
163 -RTMP_MODULE_PV="1.2.1"
164 -RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
165 -RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
166 -RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
167 -
168 -# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
169 -HTTP_DAV_EXT_MODULE_PV="0.1.0"
170 -HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
171 -HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
172 -HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
173 -
174 -# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
175 -HTTP_ECHO_MODULE_PV="0.61"
176 -HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
177 -HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
178 -HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
179 -
180 -# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
181 -# keep the MODULE_P here consistent with upstream to avoid tarball duplication
182 -HTTP_SECURITY_MODULE_PV="2.9.2"
183 -HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
184 -HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
185 -HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
186 -
187 -# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
188 -HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
189 -HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
190 -HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
191 -HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
192 -
193 -# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
194 -HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
195 -HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
196 -HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
197 -HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
198 -
199 -# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
200 -HTTP_MOGILEFS_MODULE_PV="1.0.4"
201 -HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
202 -HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
203 -HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
204 -
205 -# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
206 -HTTP_MEMC_MODULE_PV="0.19"
207 -HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
208 -HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
209 -HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
210 -
211 -# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
212 -HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
213 -HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
214 -HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
215 -HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
216 -
217 -# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
218 -GEOIP2_MODULE_PV="2.0"
219 -GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
220 -GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
221 -GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
222 -
223 -# njs-module (https://github.com/nginx/njs, as-is)
224 -NJS_MODULE_PV="0.2.5"
225 -NJS_MODULE_P="njs-${NJS_MODULE_PV}"
226 -NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
227 -NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
228 -
229 -# We handle deps below ourselves
230 -SSL_DEPS_SKIP=1
231 -AUTOTOOLS_AUTO_DEPEND="no"
232 -
233 -inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
234 -
235 -DESCRIPTION="Robust, small and high performance http and reverse proxy server"
236 -HOMEPAGE="https://nginx.org"
237 -SRC_URI="https://nginx.org/download/${P}.tar.gz
238 - ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
239 - nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
240 - nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
241 - nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
242 - nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
243 - nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
244 - nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
245 - nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
246 - nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
247 - nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
248 - nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
249 - nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
250 - nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
251 - nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
252 - nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
253 - nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
254 - nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
255 - nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
256 - nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
257 - nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
258 - nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
259 - nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
260 - nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
261 - nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
262 - nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
263 - rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
264 -
265 -LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
266 - nginx_modules_http_security? ( Apache-2.0 )
267 - nginx_modules_http_push_stream? ( GPL-3 )"
268 -
269 -SLOT="0"
270 -KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd ~amd64-linux ~x86-linux"
271 -
272 -# Package doesn't provide a real test suite
273 -RESTRICT="test"
274 -
275 -NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
276 - fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
277 - proxy referer rewrite scgi ssi split_clients upstream_hash
278 - upstream_ip_hash upstream_keepalive upstream_least_conn
279 - upstream_zone userid uwsgi"
280 -NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
281 - gzip_static image_filter mp4 perl random_index realip secure_link
282 - slice stub_status sub xslt"
283 -NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
284 - upstream_hash upstream_least_conn upstream_zone"
285 -NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
286 -NGINX_MODULES_MAIL="imap pop3 smtp"
287 -NGINX_MODULES_3RD="
288 - http_auth_ldap
289 - http_auth_pam
290 - http_brotli
291 - http_cache_purge
292 - http_dav_ext
293 - http_echo
294 - http_fancyindex
295 - http_geoip2
296 - http_headers_more
297 - http_javascript
298 - http_lua
299 - http_memc
300 - http_metrics
301 - http_mogilefs
302 - http_naxsi
303 - http_push_stream
304 - http_security
305 - http_slowfs_cache
306 - http_sticky
307 - http_upload_progress
308 - http_upstream_check
309 - http_vhost_traffic_status
310 - stream_geoip2
311 - stream_javascript
312 -"
313 -
314 -IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
315 - pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
316 -
317 -for mod in $NGINX_MODULES_STD; do
318 - IUSE="${IUSE} +nginx_modules_http_${mod}"
319 -done
320 -
321 -for mod in $NGINX_MODULES_OPT; do
322 - IUSE="${IUSE} nginx_modules_http_${mod}"
323 -done
324 -
325 -for mod in $NGINX_MODULES_STREAM_STD; do
326 - IUSE="${IUSE} nginx_modules_stream_${mod}"
327 -done
328 -
329 -for mod in $NGINX_MODULES_STREAM_OPT; do
330 - IUSE="${IUSE} nginx_modules_stream_${mod}"
331 -done
332 -
333 -for mod in $NGINX_MODULES_MAIL; do
334 - IUSE="${IUSE} nginx_modules_mail_${mod}"
335 -done
336 -
337 -for mod in $NGINX_MODULES_3RD; do
338 - IUSE="${IUSE} nginx_modules_${mod}"
339 -done
340 -
341 -# Add so we can warn users updating about config changes
342 -# @TODO: jbergstroem: remove on next release series
343 -IUSE="${IUSE} nginx_modules_http_spdy"
344 -
345 -CDEPEND="
346 - pcre? ( dev-libs/libpcre:= )
347 - pcre-jit? ( dev-libs/libpcre:=[jit] )
348 - ssl? (
349 - !libressl? ( dev-libs/openssl:0= )
350 - libressl? ( dev-libs/libressl:= )
351 - )
352 - http2? (
353 - !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
354 - libressl? ( dev-libs/libressl:= )
355 - )
356 - http-cache? (
357 - userland_GNU? (
358 - !libressl? ( dev-libs/openssl:0= )
359 - libressl? ( dev-libs/libressl:= )
360 - )
361 - )
362 - nginx_modules_http_brotli? ( app-arch/brotli:= )
363 - nginx_modules_http_geoip? ( dev-libs/geoip )
364 - nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
365 - nginx_modules_http_gunzip? ( sys-libs/zlib )
366 - nginx_modules_http_gzip? ( sys-libs/zlib )
367 - nginx_modules_http_gzip_static? ( sys-libs/zlib )
368 - nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
369 - nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
370 - nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
371 - nginx_modules_http_secure_link? (
372 - userland_GNU? (
373 - !libressl? ( dev-libs/openssl:0= )
374 - libressl? ( dev-libs/libressl:= )
375 - )
376 - )
377 - nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
378 - nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
379 - nginx_modules_http_auth_pam? ( virtual/pam )
380 - nginx_modules_http_metrics? ( dev-libs/yajl:= )
381 - nginx_modules_http_dav_ext? ( dev-libs/expat )
382 - nginx_modules_http_security? (
383 - dev-libs/apr:=
384 - dev-libs/apr-util:=
385 - dev-libs/libxml2:=
386 - net-misc/curl
387 - www-servers/apache
388 - )
389 - nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
390 - nginx_modules_stream_geoip? ( dev-libs/geoip )
391 - nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
392 -RDEPEND="${CDEPEND}
393 - selinux? ( sec-policy/selinux-nginx )
394 - !www-servers/nginx:mainline"
395 -DEPEND="${CDEPEND}
396 - nginx_modules_http_brotli? ( virtual/pkgconfig )
397 - nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
398 - arm? ( dev-libs/libatomic_ops )
399 - libatomic? ( dev-libs/libatomic_ops )"
400 -PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
401 -
402 -REQUIRED_USE="pcre-jit? ( pcre )
403 - nginx_modules_http_grpc? ( http2 )
404 - nginx_modules_http_lua? ( nginx_modules_http_rewrite )
405 - nginx_modules_http_naxsi? ( pcre )
406 - nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
407 - nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
408 - nginx_modules_http_security? ( pcre )
409 - nginx_modules_http_push_stream? ( ssl )"
410 -
411 -pkg_setup() {
412 - NGINX_HOME="/var/lib/nginx"
413 - NGINX_HOME_TMP="${NGINX_HOME}/tmp"
414 -
415 - ebegin "Creating nginx user and group"
416 - enewgroup ${PN}
417 - enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
418 - eend $?
419 -
420 - if use libatomic; then
421 - ewarn "GCC 4.1+ features built-in atomic operations."
422 - ewarn "Using libatomic_ops is only needed if using"
423 - ewarn "a different compiler or a GCC prior to 4.1"
424 - fi
425 -
426 - if [[ -n $NGINX_ADD_MODULES ]]; then
427 - ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
428 - ewarn "This nginx installation is not supported!"
429 - ewarn "Make sure you can reproduce the bug without those modules"
430 - ewarn "_before_ reporting bugs."
431 - fi
432 -
433 - if use !http; then
434 - ewarn "To actually disable all http-functionality you also have to disable"
435 - ewarn "all nginx http modules."
436 - fi
437 -
438 - if use nginx_modules_http_mogilefs && use threads; then
439 - eerror "mogilefs won't compile with threads support."
440 - eerror "Please disable either flag and try again."
441 - die "Can't compile mogilefs with threads support"
442 - fi
443 -}
444 -
445 -src_prepare() {
446 - eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
447 - eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
448 -
449 - if use nginx_modules_http_brotli; then
450 - cd "${HTTP_BROTLI_MODULE_WD}" || die
451 - eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
452 - cd "${S}" || die
453 - fi
454 -
455 - if use nginx_modules_http_upstream_check; then
456 - eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
457 - fi
458 -
459 - if use nginx_modules_http_cache_purge; then
460 - cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
461 - eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
462 - cd "${S}" || die
463 - fi
464 -
465 - if use nginx_modules_http_security; then
466 - cd "${HTTP_SECURITY_MODULE_WD}" || die
467 -
468 - eautoreconf
469 -
470 - if use luajit ; then
471 - sed -i \
472 - -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
473 - configure || die
474 - fi
475 -
476 - cd "${S}" || die
477 - fi
478 -
479 - if use nginx_modules_http_upload_progress; then
480 - cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
481 - eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
482 - cd "${S}" || die
483 - fi
484 -
485 - find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
486 - # We have config protection, don't rename etc files
487 - sed -i 's:.default::' auto/install || die
488 - # remove useless files
489 - sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
490 -
491 - # don't install to /etc/nginx/ if not in use
492 - local module
493 - for module in fastcgi scgi uwsgi ; do
494 - if ! use nginx_modules_http_${module}; then
495 - sed -i -e "/${module}/d" auto/install || die
496 - fi
497 - done
498 -
499 - eapply_user
500 -}
501 -
502 -src_configure() {
503 - # mod_security needs to generate nginx/modsecurity/config before including it
504 - if use nginx_modules_http_security; then
505 - cd "${HTTP_SECURITY_MODULE_WD}" || die
506 -
507 - ./configure \
508 - --enable-standalone-module \
509 - --disable-mlogc \
510 - --with-ssdeep=no \
511 - $(use_enable pcre-jit) \
512 - $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
513 -
514 - cd "${S}" || die
515 - fi
516 -
517 - local myconf=() http_enabled= mail_enabled= stream_enabled=
518 -
519 - use aio && myconf+=( --with-file-aio )
520 - use debug && myconf+=( --with-debug )
521 - use http2 && myconf+=( --with-http_v2_module )
522 - use libatomic && myconf+=( --with-libatomic )
523 - use pcre && myconf+=( --with-pcre )
524 - use pcre-jit && myconf+=( --with-pcre-jit )
525 - use threads && myconf+=( --with-threads )
526 -
527 - # HTTP modules
528 - for mod in $NGINX_MODULES_STD; do
529 - if use nginx_modules_http_${mod}; then
530 - http_enabled=1
531 - else
532 - myconf+=( --without-http_${mod}_module )
533 - fi
534 - done
535 -
536 - for mod in $NGINX_MODULES_OPT; do
537 - if use nginx_modules_http_${mod}; then
538 - http_enabled=1
539 - myconf+=( --with-http_${mod}_module )
540 - fi
541 - done
542 -
543 - if use nginx_modules_http_fastcgi; then
544 - myconf+=( --with-http_realip_module )
545 - fi
546 -
547 - # third-party modules
548 - if use nginx_modules_http_upload_progress; then
549 - http_enabled=1
550 - myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
551 - fi
552 -
553 - if use nginx_modules_http_headers_more; then
554 - http_enabled=1
555 - myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
556 - fi
557 -
558 - if use nginx_modules_http_cache_purge; then
559 - http_enabled=1
560 - myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
561 - fi
562 -
563 - if use nginx_modules_http_slowfs_cache; then
564 - http_enabled=1
565 - myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
566 - fi
567 -
568 - if use nginx_modules_http_fancyindex; then
569 - http_enabled=1
570 - myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
571 - fi
572 -
573 - if use nginx_modules_http_lua; then
574 - http_enabled=1
575 - if use luajit; then
576 - export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
577 - export LUAJIT_INC=$(pkg-config --variable includedir luajit)
578 - else
579 - export LUA_LIB=$(pkg-config --variable libdir lua)
580 - export LUA_INC=$(pkg-config --variable includedir lua)
581 - fi
582 - myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
583 - myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
584 - fi
585 -
586 - if use nginx_modules_http_auth_pam; then
587 - http_enabled=1
588 - myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
589 - fi
590 -
591 - if use nginx_modules_http_upstream_check; then
592 - http_enabled=1
593 - myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
594 - fi
595 -
596 - if use nginx_modules_http_metrics; then
597 - http_enabled=1
598 - myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
599 - fi
600 -
601 - if use nginx_modules_http_naxsi ; then
602 - http_enabled=1
603 - myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
604 - fi
605 -
606 - if use rtmp ; then
607 - http_enabled=1
608 - myconf+=( --add-module=${RTMP_MODULE_WD} )
609 - fi
610 -
611 - if use nginx_modules_http_dav_ext ; then
612 - http_enabled=1
613 - myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
614 - fi
615 -
616 - if use nginx_modules_http_echo ; then
617 - http_enabled=1
618 - myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
619 - fi
620 -
621 - if use nginx_modules_http_security ; then
622 - http_enabled=1
623 - myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
624 - fi
625 -
626 - if use nginx_modules_http_push_stream ; then
627 - http_enabled=1
628 - myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
629 - fi
630 -
631 - if use nginx_modules_http_sticky ; then
632 - http_enabled=1
633 - myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
634 - fi
635 -
636 - if use nginx_modules_http_mogilefs ; then
637 - http_enabled=1
638 - myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
639 - fi
640 -
641 - if use nginx_modules_http_memc ; then
642 - http_enabled=1
643 - myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
644 - fi
645 -
646 - if use nginx_modules_http_auth_ldap; then
647 - http_enabled=1
648 - myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
649 - fi
650 -
651 - if use nginx_modules_http_vhost_traffic_status; then
652 - http_enabled=1
653 - myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
654 - fi
655 -
656 - if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
657 - myconf+=( --add-module=${GEOIP2_MODULE_WD} )
658 - fi
659 -
660 - if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
661 - myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
662 - fi
663 -
664 - if use nginx_modules_http_brotli; then
665 - http_enabled=1
666 - myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
667 - fi
668 -
669 - if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
670 - http_enabled=1
671 - fi
672 -
673 - if [ $http_enabled ]; then
674 - use http-cache || myconf+=( --without-http-cache )
675 - use ssl && myconf+=( --with-http_ssl_module )
676 - else
677 - myconf+=( --without-http --without-http-cache )
678 - fi
679 -
680 - # Stream modules
681 - for mod in $NGINX_MODULES_STREAM_STD; do
682 - if use nginx_modules_stream_${mod}; then
683 - stream_enabled=1
684 - else
685 - myconf+=( --without-stream_${mod}_module )
686 - fi
687 - done
688 -
689 - for mod in $NGINX_MODULES_STREAM_OPT; do
690 - if use nginx_modules_stream_${mod}; then
691 - stream_enabled=1
692 - myconf+=( --with-stream_${mod}_module )
693 - fi
694 - done
695 -
696 - if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
697 - stream_enabled=1
698 - fi
699 -
700 - if [ $stream_enabled ]; then
701 - myconf+=( --with-stream )
702 - use ssl && myconf+=( --with-stream_ssl_module )
703 - fi
704 -
705 - # MAIL modules
706 - for mod in $NGINX_MODULES_MAIL; do
707 - if use nginx_modules_mail_${mod}; then
708 - mail_enabled=1
709 - else
710 - myconf+=( --without-mail_${mod}_module )
711 - fi
712 - done
713 -
714 - if [ $mail_enabled ]; then
715 - myconf+=( --with-mail )
716 - use ssl && myconf+=( --with-mail_ssl_module )
717 - fi
718 -
719 - # custom modules
720 - for mod in $NGINX_ADD_MODULES; do
721 - myconf+=( --add-module=${mod} )
722 - done
723 -
724 - # https://bugs.gentoo.org/286772
725 - export LANG=C LC_ALL=C
726 - tc-export CC
727 -
728 - if ! use prefix; then
729 - myconf+=( --user=${PN} )
730 - myconf+=( --group=${PN} )
731 - fi
732 -
733 - local WITHOUT_IPV6=
734 - if ! use ipv6; then
735 - WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
736 - fi
737 -
738 - if [[ -n "${EXTRA_ECONF}" ]]; then
739 - myconf+=( ${EXTRA_ECONF} )
740 - ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
741 - fi
742 -
743 - ./configure \
744 - --prefix="${EPREFIX}"/usr \
745 - --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
746 - --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
747 - --pid-path="${EPREFIX}"/run/${PN}.pid \
748 - --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
749 - --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
750 - --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
751 - --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
752 - --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
753 - --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
754 - --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
755 - --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
756 - --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
757 - --with-compat \
758 - "${myconf[@]}" || die "configure failed"
759 -
760 - # A purely cosmetic change that makes nginx -V more readable. This can be
761 - # good if people outside the gentoo community would troubleshoot and
762 - # question the users setup.
763 - sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
764 -}
765 -
766 -src_compile() {
767 - use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
768 -
769 - # https://bugs.gentoo.org/286772
770 - export LANG=C LC_ALL=C
771 - emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
772 -}
773 -
774 -src_install() {
775 - emake DESTDIR="${D%/}" install
776 -
777 - cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
778 -
779 - newinitd "${FILESDIR}"/nginx.initd-r4 nginx
780 - newconfd "${FILESDIR}"/nginx.confd nginx
781 -
782 - systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
783 -
784 - doman man/nginx.8
785 - dodoc CHANGES* README
786 -
787 - # just keepdir. do not copy the default htdocs files (bug #449136)
788 - keepdir /var/www/localhost
789 - rm -rf "${D}"usr/html || die
790 -
791 - # set up a list of directories to keep
792 - local keepdir_list="${NGINX_HOME_TMP}"/client
793 - local module
794 - for module in proxy fastcgi scgi uwsgi; do
795 - use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
796 - done
797 -
798 - keepdir /var/log/nginx ${keepdir_list}
799 -
800 - # this solves a problem with SELinux where nginx doesn't see the directories
801 - # as root and tries to create them as nginx
802 - fperms 0750 "${NGINX_HOME_TMP}"
803 - fowners ${PN}:0 "${NGINX_HOME_TMP}"
804 -
805 - fperms 0700 ${keepdir_list}
806 - fowners ${PN}:${PN} ${keepdir_list}
807 -
808 - fperms 0710 /var/log/nginx
809 - fowners 0:${PN} /var/log/nginx
810 -
811 - # logrotate
812 - insinto /etc/logrotate.d
813 - newins "${FILESDIR}"/nginx.logrotate-r1 nginx
814 -
815 - if use nginx_modules_http_perl; then
816 - cd "${S}"/objs/src/http/modules/perl/ || die
817 - emake DESTDIR="${D}" INSTALLDIRS=vendor
818 - perl_delete_localpod
819 - cd "${S}" || die
820 - fi
821 -
822 - if use nginx_modules_http_cache_purge; then
823 - docinto ${HTTP_CACHE_PURGE_MODULE_P}
824 - dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
825 - fi
826 -
827 - if use nginx_modules_http_slowfs_cache; then
828 - docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
829 - dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
830 - fi
831 -
832 - if use nginx_modules_http_fancyindex; then
833 - docinto ${HTTP_FANCYINDEX_MODULE_P}
834 - dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
835 - fi
836 -
837 - if use nginx_modules_http_lua; then
838 - docinto ${HTTP_LUA_MODULE_P}
839 - dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
840 - fi
841 -
842 - if use nginx_modules_http_auth_pam; then
843 - docinto ${HTTP_AUTH_PAM_MODULE_P}
844 - dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
845 - fi
846 -
847 - if use nginx_modules_http_upstream_check; then
848 - docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
849 - dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
850 - fi
851 -
852 - if use nginx_modules_http_naxsi; then
853 - insinto /etc/nginx
854 - doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
855 - fi
856 -
857 - if use rtmp; then
858 - docinto ${RTMP_MODULE_P}
859 - dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
860 - fi
861 -
862 - if use nginx_modules_http_dav_ext; then
863 - docinto ${HTTP_DAV_EXT_MODULE_P}
864 - dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
865 - fi
866 -
867 - if use nginx_modules_http_echo; then
868 - docinto ${HTTP_ECHO_MODULE_P}
869 - dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
870 - fi
871 -
872 - if use nginx_modules_http_security; then
873 - docinto ${HTTP_SECURITY_MODULE_P}
874 - dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
875 - fi
876 -
877 - if use nginx_modules_http_push_stream; then
878 - docinto ${HTTP_PUSH_STREAM_MODULE_P}
879 - dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
880 - fi
881 -
882 - if use nginx_modules_http_sticky; then
883 - docinto ${HTTP_STICKY_MODULE_P}
884 - dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
885 - fi
886 -
887 - if use nginx_modules_http_memc; then
888 - docinto ${HTTP_MEMC_MODULE_P}
889 - dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
890 - fi
891 -
892 - if use nginx_modules_http_auth_ldap; then
893 - docinto ${HTTP_LDAP_MODULE_P}
894 - dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
895 - fi
896 -}
897 -
898 -pkg_postinst() {
899 - if use ssl; then
900 - if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
901 - install_cert /etc/ssl/${PN}/${PN}
902 - use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
903 - fi
904 - fi
905 -
906 - if use nginx_modules_http_spdy; then
907 - ewarn ""
908 - ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
909 - ewarn "Update your configs and package.use accordingly."
910 - fi
911 -
912 - if use nginx_modules_http_lua; then
913 - ewarn ""
914 - ewarn "While you can build lua 3rd party module against ${P}"
915 - ewarn "the author warns that >=${PN}-1.11.11 is still not an"
916 - ewarn "officially supported target yet. You are on your own."
917 - ewarn "Expect runtime failures, memory leaks and other problems!"
918 - fi
919 -
920 - if use nginx_modules_http_lua && use http2; then
921 - ewarn ""
922 - ewarn "Lua 3rd party module author warns against using ${P} with"
923 - ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
924 - fi
925 -
926 - local _n_permission_layout_checks=0
927 - local _has_to_adjust_permissions=0
928 - local _has_to_show_permission_warning=0
929 -
930 - # Defaults to 1 to inform people doing a fresh installation
931 - # that we ship modified {scgi,uwsgi,fastcgi}_params files
932 - local _has_to_show_httpoxy_mitigation_notice=1
933 -
934 - local _replacing_version=
935 - for _replacing_version in ${REPLACING_VERSIONS}; do
936 - _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
937 -
938 - if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
939 - # Should never happen:
940 - # Package is abusing slots but doesn't allow multiple parallel installations.
941 - # If we run into this situation it is unsafe to automatically adjust any
942 - # permission...
943 - _has_to_show_permission_warning=1
944 -
945 - ewarn "Replacing multiple ${PN}' versions is unsupported! " \
946 - "You will have to adjust permissions on your own."
947 -
948 - break
949 - fi
950 -
951 - local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
952 - debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
953 -
954 - # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
955 - # This was before we introduced multiple nginx versions so we
956 - # do not need to distinguish between stable and mainline
957 - local _need_to_fix_CVE2013_0337=1
958 -
959 - if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
960 - # We are updating an installation which should already be fixed
961 - _need_to_fix_CVE2013_0337=0
962 - debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
963 - else
964 - _has_to_adjust_permissions=1
965 - debug-print "Need to adjust permissions to fix CVE-2013-0337!"
966 - fi
967 -
968 - # Do we need to inform about HTTPoxy mitigation?
969 - # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
970 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
971 - # Updating from <1.10
972 - _has_to_show_httpoxy_mitigation_notice=1
973 - debug-print "Need to inform about HTTPoxy mitigation!"
974 - else
975 - # Updating from >=1.10
976 - local _fixed_in_pvr=
977 - case "${_replacing_version_branch}" in
978 - "1.10")
979 - _fixed_in_pvr="1.10.1-r2"
980 - ;;
981 - "1.11")
982 - _fixed_in_pvr="1.11.3-r1"
983 - ;;
984 - *)
985 - # This should be any future branch.
986 - # If we run this code it is safe to assume that the user has
987 - # already seen the HTTPoxy mitigation notice because he/she is doing
988 - # an update from previous version where we have already shown
989 - # the warning. Otherwise, we wouldn't hit this code path ...
990 - _fixed_in_pvr=
991 - esac
992 -
993 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
994 - # We are updating an installation where we already informed
995 - # that we are mitigating HTTPoxy per default
996 - _has_to_show_httpoxy_mitigation_notice=0
997 - debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
998 - else
999 - _has_to_show_httpoxy_mitigation_notice=1
1000 - debug-print "Need to inform about HTTPoxy mitigation!"
1001 - fi
1002 - fi
1003 -
1004 - # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
1005 - # All branches up to 1.11 are affected
1006 - local _need_to_fix_CVE2016_1247=1
1007 -
1008 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
1009 - # Updating from <1.10
1010 - _has_to_adjust_permissions=1
1011 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
1012 - else
1013 - # Updating from >=1.10
1014 - local _fixed_in_pvr=
1015 - case "${_replacing_version_branch}" in
1016 - "1.10")
1017 - _fixed_in_pvr="1.10.2-r3"
1018 - ;;
1019 - "1.11")
1020 - _fixed_in_pvr="1.11.6-r1"
1021 - ;;
1022 - *)
1023 - # This should be any future branch.
1024 - # If we run this code it is safe to assume that we have already
1025 - # adjusted permissions or were never affected because user is
1026 - # doing an update from previous version which was safe or did
1027 - # the adjustments. Otherwise, we wouldn't hit this code path ...
1028 - _fixed_in_pvr=
1029 - esac
1030 -
1031 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
1032 - # We are updating an installation which should already be adjusted
1033 - # or which was never affected
1034 - _need_to_fix_CVE2016_1247=0
1035 - debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
1036 - else
1037 - _has_to_adjust_permissions=1
1038 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
1039 - fi
1040 - fi
1041 - done
1042 -
1043 - if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
1044 - # We do not DIE when chmod/chown commands are failing because
1045 - # package is already merged on user's system at this stage
1046 - # and we cannot retry without losing the information that
1047 - # the existing installation needs to adjust permissions.
1048 - # Instead we are going to a show a big warning ...
1049 -
1050 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
1051 - ewarn ""
1052 - ewarn "The world-readable bit (if set) has been removed from the"
1053 - ewarn "following directories to mitigate a security bug"
1054 - ewarn "(CVE-2013-0337, bug #458726):"
1055 - ewarn ""
1056 - ewarn " ${EPREFIX%/}/var/log/nginx"
1057 - ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
1058 - ewarn ""
1059 - ewarn "Check if this is correct for your setup before restarting nginx!"
1060 - ewarn "This is a one-time change and will not happen on subsequent updates."
1061 - ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
1062 - chmod o-rwx \
1063 - "${EPREFIX%/}"/var/log/nginx \
1064 - "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
1065 - _has_to_show_permission_warning=1
1066 - fi
1067 -
1068 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
1069 - ewarn ""
1070 - ewarn "The permissions on the following directory have been reset in"
1071 - ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
1072 - ewarn ""
1073 - ewarn " ${EPREFIX%/}/var/log/nginx"
1074 - ewarn ""
1075 - ewarn "Check if this is correct for your setup before restarting nginx!"
1076 - ewarn "Also ensure that no other log directory used by any of your"
1077 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
1078 - ewarn "used by nginx can be abused to escalate privileges!"
1079 - ewarn "This is a one-time change and will not happen on subsequent updates."
1080 - chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
1081 - chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
1082 - fi
1083 -
1084 - if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
1085 - # Should never happen ...
1086 - ewarn ""
1087 - ewarn "*************************************************************"
1088 - ewarn "*************** W A R N I N G ***************"
1089 - ewarn "*************************************************************"
1090 - ewarn "The one-time only attempt to adjust permissions of the"
1091 - ewarn "existing nginx installation failed. Be aware that we will not"
1092 - ewarn "try to adjust the same permissions again because now you are"
1093 - ewarn "using a nginx version where we expect that the permissions"
1094 - ewarn "are already adjusted or that you know what you are doing and"
1095 - ewarn "want to keep custom permissions."
1096 - ewarn ""
1097 - fi
1098 - fi
1099 -
1100 - # Sanity check for CVE-2016-1247
1101 - # Required to warn users who received the warning above and thought
1102 - # they could fix it by unmerging and re-merging the package or have
1103 - # unmerged a affected installation on purpose in the past leaving
1104 - # /var/log/nginx on their system due to keepdir/non-empty folder
1105 - # and are now installing the package again.
1106 - local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
1107 - su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
1108 - if [ $? -eq 0 ] ; then
1109 - # Cleanup -- no reason to die here!
1110 - rm -f "${_sanity_check_testfile}"
1111 -
1112 - ewarn ""
1113 - ewarn "*************************************************************"
1114 - ewarn "*************** W A R N I N G ***************"
1115 - ewarn "*************************************************************"
1116 - ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
1117 - ewarn "(bug #605008) because nginx user is able to create files in"
1118 - ewarn ""
1119 - ewarn " ${EPREFIX%/}/var/log/nginx"
1120 - ewarn ""
1121 - ewarn "Also ensure that no other log directory used by any of your"
1122 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
1123 - ewarn "used by nginx can be abused to escalate privileges!"
1124 - fi
1125 -
1126 - if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
1127 - # HTTPoxy mitigation
1128 - ewarn ""
1129 - ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
1130 - ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
1131 - ewarn "the HTTP_PROXY parameter to an empty string per default when you"
1132 - ewarn "are sourcing one of the default"
1133 - ewarn ""
1134 - ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
1135 - ewarn " - 'scgi_params'"
1136 - ewarn " - 'uwsgi_params'"
1137 - ewarn ""
1138 - ewarn "files in your server block(s)."
1139 - ewarn ""
1140 - ewarn "If this is causing any problems for you make sure that you are sourcing the"
1141 - ewarn "default parameters _before_ you set your own values."
1142 - ewarn "If you are relying on user-supplied proxy values you have to remove the"
1143 - ewarn "correlating lines from the file(s) mentioned above."
1144 - ewarn ""
1145 - fi
1146 -}
1147
1148 diff --git a/www-servers/nginx/nginx-1.14.2-r1.ebuild b/www-servers/nginx/nginx-1.14.2-r1.ebuild
1149 deleted file mode 100644
1150 index 08100e45578..00000000000
1151 --- a/www-servers/nginx/nginx-1.14.2-r1.ebuild
1152 +++ /dev/null
1153 @@ -1,1087 +0,0 @@
1154 -# Copyright 1999-2018 Gentoo Authors
1155 -# Distributed under the terms of the GNU General Public License v2
1156 -
1157 -EAPI="6"
1158 -
1159 -# Maintainer notes:
1160 -# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
1161 -# - any http-module activates the main http-functionality and overrides USE=-http
1162 -# - keep the following requirements in mind before adding external modules:
1163 -# * alive upstream
1164 -# * sane packaging
1165 -# * builds cleanly
1166 -# * does not need a patch for nginx core
1167 -# - TODO: test the google-perftools module (included in vanilla tarball)
1168 -
1169 -# prevent perl-module from adding automagic perl DEPENDs
1170 -GENTOO_DEPEND_ON_PERL="no"
1171 -
1172 -# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
1173 -DEVEL_KIT_MODULE_PV="0.3.0"
1174 -DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
1175 -DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
1176 -DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
1177 -
1178 -# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
1179 -HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
1180 -HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
1181 -HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
1182 -HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
1183 -
1184 -# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
1185 -HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
1186 -HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
1187 -HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
1188 -HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
1189 -
1190 -# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
1191 -HTTP_HEADERS_MORE_MODULE_PV="0.33"
1192 -HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
1193 -HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
1194 -HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
1195 -
1196 -# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
1197 -HTTP_CACHE_PURGE_MODULE_PV="2.3"
1198 -HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
1199 -HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
1200 -HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
1201 -
1202 -# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
1203 -HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
1204 -HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
1205 -HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
1206 -HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
1207 -
1208 -# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
1209 -HTTP_FANCYINDEX_MODULE_PV="0.4.3"
1210 -HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
1211 -HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
1212 -HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
1213 -
1214 -# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
1215 -HTTP_LUA_MODULE_PV="0.10.13"
1216 -HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
1217 -HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
1218 -HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
1219 -
1220 -# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
1221 -HTTP_AUTH_PAM_MODULE_PV="1.5.1"
1222 -HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
1223 -HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
1224 -HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
1225 -
1226 -# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
1227 -HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
1228 -HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
1229 -HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
1230 -HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
1231 -
1232 -# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
1233 -HTTP_METRICS_MODULE_PV="0.1.1"
1234 -HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
1235 -HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
1236 -HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
1237 -
1238 -# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
1239 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
1240 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
1241 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
1242 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
1243 -
1244 -# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
1245 -HTTP_NAXSI_MODULE_PV="0.56"
1246 -HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
1247 -HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
1248 -HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
1249 -
1250 -# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
1251 -RTMP_MODULE_PV="1.2.1"
1252 -RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
1253 -RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
1254 -RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
1255 -
1256 -# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
1257 -HTTP_DAV_EXT_MODULE_PV="0.1.0"
1258 -HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
1259 -HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
1260 -HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
1261 -
1262 -# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
1263 -HTTP_ECHO_MODULE_PV="0.61"
1264 -HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
1265 -HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
1266 -HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
1267 -
1268 -# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
1269 -# keep the MODULE_P here consistent with upstream to avoid tarball duplication
1270 -HTTP_SECURITY_MODULE_PV="2.9.2"
1271 -HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
1272 -HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
1273 -HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
1274 -
1275 -# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
1276 -HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
1277 -HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
1278 -HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
1279 -HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
1280 -
1281 -# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
1282 -HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
1283 -HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
1284 -HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
1285 -HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
1286 -
1287 -# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
1288 -HTTP_MOGILEFS_MODULE_PV="1.0.4"
1289 -HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
1290 -HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
1291 -HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
1292 -
1293 -# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
1294 -HTTP_MEMC_MODULE_PV="0.19"
1295 -HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
1296 -HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
1297 -HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
1298 -
1299 -# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
1300 -HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
1301 -HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
1302 -HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
1303 -HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
1304 -
1305 -# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
1306 -GEOIP2_MODULE_PV="2.0"
1307 -GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
1308 -GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
1309 -GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
1310 -
1311 -# njs-module (https://github.com/nginx/njs, as-is)
1312 -NJS_MODULE_PV="0.2.6"
1313 -NJS_MODULE_P="njs-${NJS_MODULE_PV}"
1314 -NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
1315 -NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
1316 -
1317 -# We handle deps below ourselves
1318 -SSL_DEPS_SKIP=1
1319 -AUTOTOOLS_AUTO_DEPEND="no"
1320 -
1321 -inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
1322 -
1323 -DESCRIPTION="Robust, small and high performance http and reverse proxy server"
1324 -HOMEPAGE="https://nginx.org"
1325 -SRC_URI="https://nginx.org/download/${P}.tar.gz
1326 - ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
1327 - nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
1328 - nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
1329 - nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
1330 - nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
1331 - nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
1332 - nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
1333 - nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
1334 - nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
1335 - nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
1336 - nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
1337 - nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
1338 - nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
1339 - nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
1340 - nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
1341 - nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
1342 - nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
1343 - nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
1344 - nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
1345 - nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
1346 - nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
1347 - nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
1348 - nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
1349 - nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
1350 - nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
1351 - rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
1352 -
1353 -LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
1354 - nginx_modules_http_security? ( Apache-2.0 )
1355 - nginx_modules_http_push_stream? ( GPL-3 )"
1356 -
1357 -SLOT="0"
1358 -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
1359 -
1360 -# Package doesn't provide a real test suite
1361 -RESTRICT="test"
1362 -
1363 -NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
1364 - fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
1365 - proxy referer rewrite scgi ssi split_clients upstream_hash
1366 - upstream_ip_hash upstream_keepalive upstream_least_conn
1367 - upstream_zone userid uwsgi"
1368 -NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
1369 - gzip_static image_filter mp4 perl random_index realip secure_link
1370 - slice stub_status sub xslt"
1371 -NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
1372 - upstream_hash upstream_least_conn upstream_zone"
1373 -NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
1374 -NGINX_MODULES_MAIL="imap pop3 smtp"
1375 -NGINX_MODULES_3RD="
1376 - http_auth_ldap
1377 - http_auth_pam
1378 - http_brotli
1379 - http_cache_purge
1380 - http_dav_ext
1381 - http_echo
1382 - http_fancyindex
1383 - http_geoip2
1384 - http_headers_more
1385 - http_javascript
1386 - http_lua
1387 - http_memc
1388 - http_metrics
1389 - http_mogilefs
1390 - http_naxsi
1391 - http_push_stream
1392 - http_security
1393 - http_slowfs_cache
1394 - http_sticky
1395 - http_upload_progress
1396 - http_upstream_check
1397 - http_vhost_traffic_status
1398 - stream_geoip2
1399 - stream_javascript
1400 -"
1401 -
1402 -IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
1403 - pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
1404 -
1405 -for mod in $NGINX_MODULES_STD; do
1406 - IUSE="${IUSE} +nginx_modules_http_${mod}"
1407 -done
1408 -
1409 -for mod in $NGINX_MODULES_OPT; do
1410 - IUSE="${IUSE} nginx_modules_http_${mod}"
1411 -done
1412 -
1413 -for mod in $NGINX_MODULES_STREAM_STD; do
1414 - IUSE="${IUSE} nginx_modules_stream_${mod}"
1415 -done
1416 -
1417 -for mod in $NGINX_MODULES_STREAM_OPT; do
1418 - IUSE="${IUSE} nginx_modules_stream_${mod}"
1419 -done
1420 -
1421 -for mod in $NGINX_MODULES_MAIL; do
1422 - IUSE="${IUSE} nginx_modules_mail_${mod}"
1423 -done
1424 -
1425 -for mod in $NGINX_MODULES_3RD; do
1426 - IUSE="${IUSE} nginx_modules_${mod}"
1427 -done
1428 -
1429 -# Add so we can warn users updating about config changes
1430 -# @TODO: jbergstroem: remove on next release series
1431 -IUSE="${IUSE} nginx_modules_http_spdy"
1432 -
1433 -CDEPEND="
1434 - pcre? ( dev-libs/libpcre:= )
1435 - pcre-jit? ( dev-libs/libpcre:=[jit] )
1436 - ssl? (
1437 - !libressl? ( dev-libs/openssl:0= )
1438 - libressl? ( dev-libs/libressl:= )
1439 - )
1440 - http2? (
1441 - !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
1442 - libressl? ( dev-libs/libressl:= )
1443 - )
1444 - http-cache? (
1445 - userland_GNU? (
1446 - !libressl? ( dev-libs/openssl:0= )
1447 - libressl? ( dev-libs/libressl:= )
1448 - )
1449 - )
1450 - nginx_modules_http_brotli? ( app-arch/brotli:= )
1451 - nginx_modules_http_geoip? ( dev-libs/geoip )
1452 - nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
1453 - nginx_modules_http_gunzip? ( sys-libs/zlib )
1454 - nginx_modules_http_gzip? ( sys-libs/zlib )
1455 - nginx_modules_http_gzip_static? ( sys-libs/zlib )
1456 - nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
1457 - nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
1458 - nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
1459 - nginx_modules_http_secure_link? (
1460 - userland_GNU? (
1461 - !libressl? ( dev-libs/openssl:0= )
1462 - libressl? ( dev-libs/libressl:= )
1463 - )
1464 - )
1465 - nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
1466 - nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
1467 - nginx_modules_http_auth_pam? ( virtual/pam )
1468 - nginx_modules_http_metrics? ( dev-libs/yajl:= )
1469 - nginx_modules_http_dav_ext? ( dev-libs/expat )
1470 - nginx_modules_http_security? (
1471 - dev-libs/apr:=
1472 - dev-libs/apr-util:=
1473 - dev-libs/libxml2:=
1474 - net-misc/curl
1475 - www-servers/apache
1476 - )
1477 - nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
1478 - nginx_modules_stream_geoip? ( dev-libs/geoip )
1479 - nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
1480 -RDEPEND="${CDEPEND}
1481 - selinux? ( sec-policy/selinux-nginx )
1482 - !www-servers/nginx:mainline"
1483 -DEPEND="${CDEPEND}
1484 - nginx_modules_http_brotli? ( virtual/pkgconfig )
1485 - nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
1486 - arm? ( dev-libs/libatomic_ops )
1487 - libatomic? ( dev-libs/libatomic_ops )"
1488 -PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
1489 -
1490 -REQUIRED_USE="pcre-jit? ( pcre )
1491 - nginx_modules_http_grpc? ( http2 )
1492 - nginx_modules_http_lua? ( nginx_modules_http_rewrite )
1493 - nginx_modules_http_naxsi? ( pcre )
1494 - nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
1495 - nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
1496 - nginx_modules_http_security? ( pcre )
1497 - nginx_modules_http_push_stream? ( ssl )"
1498 -
1499 -pkg_setup() {
1500 - NGINX_HOME="/var/lib/nginx"
1501 - NGINX_HOME_TMP="${NGINX_HOME}/tmp"
1502 -
1503 - ebegin "Creating nginx user and group"
1504 - enewgroup ${PN}
1505 - enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
1506 - eend $?
1507 -
1508 - if use libatomic; then
1509 - ewarn "GCC 4.1+ features built-in atomic operations."
1510 - ewarn "Using libatomic_ops is only needed if using"
1511 - ewarn "a different compiler or a GCC prior to 4.1"
1512 - fi
1513 -
1514 - if [[ -n $NGINX_ADD_MODULES ]]; then
1515 - ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
1516 - ewarn "This nginx installation is not supported!"
1517 - ewarn "Make sure you can reproduce the bug without those modules"
1518 - ewarn "_before_ reporting bugs."
1519 - fi
1520 -
1521 - if use !http; then
1522 - ewarn "To actually disable all http-functionality you also have to disable"
1523 - ewarn "all nginx http modules."
1524 - fi
1525 -
1526 - if use nginx_modules_http_mogilefs && use threads; then
1527 - eerror "mogilefs won't compile with threads support."
1528 - eerror "Please disable either flag and try again."
1529 - die "Can't compile mogilefs with threads support"
1530 - fi
1531 -}
1532 -
1533 -src_prepare() {
1534 - eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
1535 - eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
1536 -
1537 - if use nginx_modules_http_auth_pam; then
1538 - cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
1539 - eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
1540 - cd "${S}" || die
1541 - fi
1542 -
1543 - if use nginx_modules_http_brotli; then
1544 - cd "${HTTP_BROTLI_MODULE_WD}" || die
1545 - eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
1546 - cd "${S}" || die
1547 - fi
1548 -
1549 - if use nginx_modules_http_upstream_check; then
1550 - eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
1551 - fi
1552 -
1553 - if use nginx_modules_http_cache_purge; then
1554 - cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
1555 - eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
1556 - cd "${S}" || die
1557 - fi
1558 -
1559 - if use nginx_modules_http_security; then
1560 - cd "${HTTP_SECURITY_MODULE_WD}" || die
1561 -
1562 - eautoreconf
1563 -
1564 - if use luajit ; then
1565 - sed -i \
1566 - -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
1567 - configure || die
1568 - fi
1569 -
1570 - cd "${S}" || die
1571 - fi
1572 -
1573 - if use nginx_modules_http_upload_progress; then
1574 - cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
1575 - eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
1576 - cd "${S}" || die
1577 - fi
1578 -
1579 - find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
1580 - # We have config protection, don't rename etc files
1581 - sed -i 's:.default::' auto/install || die
1582 - # remove useless files
1583 - sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
1584 -
1585 - # don't install to /etc/nginx/ if not in use
1586 - local module
1587 - for module in fastcgi scgi uwsgi ; do
1588 - if ! use nginx_modules_http_${module}; then
1589 - sed -i -e "/${module}/d" auto/install || die
1590 - fi
1591 - done
1592 -
1593 - eapply_user
1594 -}
1595 -
1596 -src_configure() {
1597 - # mod_security needs to generate nginx/modsecurity/config before including it
1598 - if use nginx_modules_http_security; then
1599 - cd "${HTTP_SECURITY_MODULE_WD}" || die
1600 -
1601 - ./configure \
1602 - --enable-standalone-module \
1603 - --disable-mlogc \
1604 - --with-ssdeep=no \
1605 - $(use_enable pcre-jit) \
1606 - $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
1607 -
1608 - cd "${S}" || die
1609 - fi
1610 -
1611 - local myconf=() http_enabled= mail_enabled= stream_enabled=
1612 -
1613 - use aio && myconf+=( --with-file-aio )
1614 - use debug && myconf+=( --with-debug )
1615 - use http2 && myconf+=( --with-http_v2_module )
1616 - use libatomic && myconf+=( --with-libatomic )
1617 - use pcre && myconf+=( --with-pcre )
1618 - use pcre-jit && myconf+=( --with-pcre-jit )
1619 - use threads && myconf+=( --with-threads )
1620 -
1621 - # HTTP modules
1622 - for mod in $NGINX_MODULES_STD; do
1623 - if use nginx_modules_http_${mod}; then
1624 - http_enabled=1
1625 - else
1626 - myconf+=( --without-http_${mod}_module )
1627 - fi
1628 - done
1629 -
1630 - for mod in $NGINX_MODULES_OPT; do
1631 - if use nginx_modules_http_${mod}; then
1632 - http_enabled=1
1633 - myconf+=( --with-http_${mod}_module )
1634 - fi
1635 - done
1636 -
1637 - if use nginx_modules_http_fastcgi; then
1638 - myconf+=( --with-http_realip_module )
1639 - fi
1640 -
1641 - # third-party modules
1642 - if use nginx_modules_http_upload_progress; then
1643 - http_enabled=1
1644 - myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
1645 - fi
1646 -
1647 - if use nginx_modules_http_headers_more; then
1648 - http_enabled=1
1649 - myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
1650 - fi
1651 -
1652 - if use nginx_modules_http_cache_purge; then
1653 - http_enabled=1
1654 - myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
1655 - fi
1656 -
1657 - if use nginx_modules_http_slowfs_cache; then
1658 - http_enabled=1
1659 - myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
1660 - fi
1661 -
1662 - if use nginx_modules_http_fancyindex; then
1663 - http_enabled=1
1664 - myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
1665 - fi
1666 -
1667 - if use nginx_modules_http_lua; then
1668 - http_enabled=1
1669 - if use luajit; then
1670 - export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
1671 - export LUAJIT_INC=$(pkg-config --variable includedir luajit)
1672 - else
1673 - export LUA_LIB=$(pkg-config --variable libdir lua)
1674 - export LUA_INC=$(pkg-config --variable includedir lua)
1675 - fi
1676 - myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
1677 - myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
1678 - fi
1679 -
1680 - if use nginx_modules_http_auth_pam; then
1681 - http_enabled=1
1682 - myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
1683 - fi
1684 -
1685 - if use nginx_modules_http_upstream_check; then
1686 - http_enabled=1
1687 - myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
1688 - fi
1689 -
1690 - if use nginx_modules_http_metrics; then
1691 - http_enabled=1
1692 - myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
1693 - fi
1694 -
1695 - if use nginx_modules_http_naxsi ; then
1696 - http_enabled=1
1697 - myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
1698 - fi
1699 -
1700 - if use rtmp ; then
1701 - http_enabled=1
1702 - myconf+=( --add-module=${RTMP_MODULE_WD} )
1703 - fi
1704 -
1705 - if use nginx_modules_http_dav_ext ; then
1706 - http_enabled=1
1707 - myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
1708 - fi
1709 -
1710 - if use nginx_modules_http_echo ; then
1711 - http_enabled=1
1712 - myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
1713 - fi
1714 -
1715 - if use nginx_modules_http_security ; then
1716 - http_enabled=1
1717 - myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
1718 - fi
1719 -
1720 - if use nginx_modules_http_push_stream ; then
1721 - http_enabled=1
1722 - myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
1723 - fi
1724 -
1725 - if use nginx_modules_http_sticky ; then
1726 - http_enabled=1
1727 - myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
1728 - fi
1729 -
1730 - if use nginx_modules_http_mogilefs ; then
1731 - http_enabled=1
1732 - myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
1733 - fi
1734 -
1735 - if use nginx_modules_http_memc ; then
1736 - http_enabled=1
1737 - myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
1738 - fi
1739 -
1740 - if use nginx_modules_http_auth_ldap; then
1741 - http_enabled=1
1742 - myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
1743 - fi
1744 -
1745 - if use nginx_modules_http_vhost_traffic_status; then
1746 - http_enabled=1
1747 - myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
1748 - fi
1749 -
1750 - if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
1751 - myconf+=( --add-module=${GEOIP2_MODULE_WD} )
1752 - fi
1753 -
1754 - if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
1755 - myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
1756 - fi
1757 -
1758 - if use nginx_modules_http_brotli; then
1759 - http_enabled=1
1760 - myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
1761 - fi
1762 -
1763 - if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
1764 - http_enabled=1
1765 - fi
1766 -
1767 - if [ $http_enabled ]; then
1768 - use http-cache || myconf+=( --without-http-cache )
1769 - use ssl && myconf+=( --with-http_ssl_module )
1770 - else
1771 - myconf+=( --without-http --without-http-cache )
1772 - fi
1773 -
1774 - # Stream modules
1775 - for mod in $NGINX_MODULES_STREAM_STD; do
1776 - if use nginx_modules_stream_${mod}; then
1777 - stream_enabled=1
1778 - else
1779 - myconf+=( --without-stream_${mod}_module )
1780 - fi
1781 - done
1782 -
1783 - for mod in $NGINX_MODULES_STREAM_OPT; do
1784 - if use nginx_modules_stream_${mod}; then
1785 - stream_enabled=1
1786 - myconf+=( --with-stream_${mod}_module )
1787 - fi
1788 - done
1789 -
1790 - if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
1791 - stream_enabled=1
1792 - fi
1793 -
1794 - if [ $stream_enabled ]; then
1795 - myconf+=( --with-stream )
1796 - use ssl && myconf+=( --with-stream_ssl_module )
1797 - fi
1798 -
1799 - # MAIL modules
1800 - for mod in $NGINX_MODULES_MAIL; do
1801 - if use nginx_modules_mail_${mod}; then
1802 - mail_enabled=1
1803 - else
1804 - myconf+=( --without-mail_${mod}_module )
1805 - fi
1806 - done
1807 -
1808 - if [ $mail_enabled ]; then
1809 - myconf+=( --with-mail )
1810 - use ssl && myconf+=( --with-mail_ssl_module )
1811 - fi
1812 -
1813 - # custom modules
1814 - for mod in $NGINX_ADD_MODULES; do
1815 - myconf+=( --add-module=${mod} )
1816 - done
1817 -
1818 - # https://bugs.gentoo.org/286772
1819 - export LANG=C LC_ALL=C
1820 - tc-export CC
1821 -
1822 - if ! use prefix; then
1823 - myconf+=( --user=${PN} )
1824 - myconf+=( --group=${PN} )
1825 - fi
1826 -
1827 - local WITHOUT_IPV6=
1828 - if ! use ipv6; then
1829 - WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
1830 - fi
1831 -
1832 - if [[ -n "${EXTRA_ECONF}" ]]; then
1833 - myconf+=( ${EXTRA_ECONF} )
1834 - ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
1835 - fi
1836 -
1837 - ./configure \
1838 - --prefix="${EPREFIX}"/usr \
1839 - --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
1840 - --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
1841 - --pid-path="${EPREFIX}"/run/${PN}.pid \
1842 - --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
1843 - --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
1844 - --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
1845 - --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
1846 - --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
1847 - --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
1848 - --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
1849 - --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
1850 - --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
1851 - --with-compat \
1852 - "${myconf[@]}" || die "configure failed"
1853 -
1854 - # A purely cosmetic change that makes nginx -V more readable. This can be
1855 - # good if people outside the gentoo community would troubleshoot and
1856 - # question the users setup.
1857 - sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
1858 -}
1859 -
1860 -src_compile() {
1861 - use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
1862 -
1863 - # https://bugs.gentoo.org/286772
1864 - export LANG=C LC_ALL=C
1865 - emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
1866 -}
1867 -
1868 -src_install() {
1869 - emake DESTDIR="${D%/}" install
1870 -
1871 - cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
1872 -
1873 - newinitd "${FILESDIR}"/nginx.initd-r4 nginx
1874 - newconfd "${FILESDIR}"/nginx.confd nginx
1875 -
1876 - systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
1877 -
1878 - doman man/nginx.8
1879 - dodoc CHANGES* README
1880 -
1881 - # just keepdir. do not copy the default htdocs files (bug #449136)
1882 - keepdir /var/www/localhost
1883 - rm -rf "${D}"usr/html || die
1884 -
1885 - # set up a list of directories to keep
1886 - local keepdir_list="${NGINX_HOME_TMP}"/client
1887 - local module
1888 - for module in proxy fastcgi scgi uwsgi; do
1889 - use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
1890 - done
1891 -
1892 - keepdir /var/log/nginx ${keepdir_list}
1893 -
1894 - # this solves a problem with SELinux where nginx doesn't see the directories
1895 - # as root and tries to create them as nginx
1896 - fperms 0750 "${NGINX_HOME_TMP}"
1897 - fowners ${PN}:0 "${NGINX_HOME_TMP}"
1898 -
1899 - fperms 0700 ${keepdir_list}
1900 - fowners ${PN}:${PN} ${keepdir_list}
1901 -
1902 - fperms 0710 /var/log/nginx
1903 - fowners 0:${PN} /var/log/nginx
1904 -
1905 - # logrotate
1906 - insinto /etc/logrotate.d
1907 - newins "${FILESDIR}"/nginx.logrotate-r1 nginx
1908 -
1909 - if use nginx_modules_http_perl; then
1910 - cd "${S}"/objs/src/http/modules/perl/ || die
1911 - emake DESTDIR="${D}" INSTALLDIRS=vendor
1912 - perl_delete_localpod
1913 - cd "${S}" || die
1914 - fi
1915 -
1916 - if use nginx_modules_http_cache_purge; then
1917 - docinto ${HTTP_CACHE_PURGE_MODULE_P}
1918 - dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
1919 - fi
1920 -
1921 - if use nginx_modules_http_slowfs_cache; then
1922 - docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
1923 - dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
1924 - fi
1925 -
1926 - if use nginx_modules_http_fancyindex; then
1927 - docinto ${HTTP_FANCYINDEX_MODULE_P}
1928 - dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
1929 - fi
1930 -
1931 - if use nginx_modules_http_lua; then
1932 - docinto ${HTTP_LUA_MODULE_P}
1933 - dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
1934 - fi
1935 -
1936 - if use nginx_modules_http_auth_pam; then
1937 - docinto ${HTTP_AUTH_PAM_MODULE_P}
1938 - dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
1939 - fi
1940 -
1941 - if use nginx_modules_http_upstream_check; then
1942 - docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
1943 - dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
1944 - fi
1945 -
1946 - if use nginx_modules_http_naxsi; then
1947 - insinto /etc/nginx
1948 - doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
1949 - fi
1950 -
1951 - if use rtmp; then
1952 - docinto ${RTMP_MODULE_P}
1953 - dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
1954 - fi
1955 -
1956 - if use nginx_modules_http_dav_ext; then
1957 - docinto ${HTTP_DAV_EXT_MODULE_P}
1958 - dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
1959 - fi
1960 -
1961 - if use nginx_modules_http_echo; then
1962 - docinto ${HTTP_ECHO_MODULE_P}
1963 - dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
1964 - fi
1965 -
1966 - if use nginx_modules_http_security; then
1967 - docinto ${HTTP_SECURITY_MODULE_P}
1968 - dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
1969 - fi
1970 -
1971 - if use nginx_modules_http_push_stream; then
1972 - docinto ${HTTP_PUSH_STREAM_MODULE_P}
1973 - dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
1974 - fi
1975 -
1976 - if use nginx_modules_http_sticky; then
1977 - docinto ${HTTP_STICKY_MODULE_P}
1978 - dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
1979 - fi
1980 -
1981 - if use nginx_modules_http_memc; then
1982 - docinto ${HTTP_MEMC_MODULE_P}
1983 - dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
1984 - fi
1985 -
1986 - if use nginx_modules_http_auth_ldap; then
1987 - docinto ${HTTP_LDAP_MODULE_P}
1988 - dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
1989 - fi
1990 -}
1991 -
1992 -pkg_postinst() {
1993 - if use ssl; then
1994 - if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
1995 - install_cert /etc/ssl/${PN}/${PN}
1996 - use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
1997 - fi
1998 - fi
1999 -
2000 - if use nginx_modules_http_spdy; then
2001 - ewarn ""
2002 - ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
2003 - ewarn "Update your configs and package.use accordingly."
2004 - fi
2005 -
2006 - if use nginx_modules_http_lua; then
2007 - ewarn ""
2008 - ewarn "While you can build lua 3rd party module against ${P}"
2009 - ewarn "the author warns that >=${PN}-1.11.11 is still not an"
2010 - ewarn "officially supported target yet. You are on your own."
2011 - ewarn "Expect runtime failures, memory leaks and other problems!"
2012 - fi
2013 -
2014 - if use nginx_modules_http_lua && use http2; then
2015 - ewarn ""
2016 - ewarn "Lua 3rd party module author warns against using ${P} with"
2017 - ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
2018 - fi
2019 -
2020 - local _n_permission_layout_checks=0
2021 - local _has_to_adjust_permissions=0
2022 - local _has_to_show_permission_warning=0
2023 -
2024 - # Defaults to 1 to inform people doing a fresh installation
2025 - # that we ship modified {scgi,uwsgi,fastcgi}_params files
2026 - local _has_to_show_httpoxy_mitigation_notice=1
2027 -
2028 - local _replacing_version=
2029 - for _replacing_version in ${REPLACING_VERSIONS}; do
2030 - _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
2031 -
2032 - if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
2033 - # Should never happen:
2034 - # Package is abusing slots but doesn't allow multiple parallel installations.
2035 - # If we run into this situation it is unsafe to automatically adjust any
2036 - # permission...
2037 - _has_to_show_permission_warning=1
2038 -
2039 - ewarn "Replacing multiple ${PN}' versions is unsupported! " \
2040 - "You will have to adjust permissions on your own."
2041 -
2042 - break
2043 - fi
2044 -
2045 - local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
2046 - debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
2047 -
2048 - # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
2049 - # This was before we introduced multiple nginx versions so we
2050 - # do not need to distinguish between stable and mainline
2051 - local _need_to_fix_CVE2013_0337=1
2052 -
2053 - if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
2054 - # We are updating an installation which should already be fixed
2055 - _need_to_fix_CVE2013_0337=0
2056 - debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
2057 - else
2058 - _has_to_adjust_permissions=1
2059 - debug-print "Need to adjust permissions to fix CVE-2013-0337!"
2060 - fi
2061 -
2062 - # Do we need to inform about HTTPoxy mitigation?
2063 - # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
2064 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
2065 - # Updating from <1.10
2066 - _has_to_show_httpoxy_mitigation_notice=1
2067 - debug-print "Need to inform about HTTPoxy mitigation!"
2068 - else
2069 - # Updating from >=1.10
2070 - local _fixed_in_pvr=
2071 - case "${_replacing_version_branch}" in
2072 - "1.10")
2073 - _fixed_in_pvr="1.10.1-r2"
2074 - ;;
2075 - "1.11")
2076 - _fixed_in_pvr="1.11.3-r1"
2077 - ;;
2078 - *)
2079 - # This should be any future branch.
2080 - # If we run this code it is safe to assume that the user has
2081 - # already seen the HTTPoxy mitigation notice because he/she is doing
2082 - # an update from previous version where we have already shown
2083 - # the warning. Otherwise, we wouldn't hit this code path ...
2084 - _fixed_in_pvr=
2085 - esac
2086 -
2087 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
2088 - # We are updating an installation where we already informed
2089 - # that we are mitigating HTTPoxy per default
2090 - _has_to_show_httpoxy_mitigation_notice=0
2091 - debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
2092 - else
2093 - _has_to_show_httpoxy_mitigation_notice=1
2094 - debug-print "Need to inform about HTTPoxy mitigation!"
2095 - fi
2096 - fi
2097 -
2098 - # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
2099 - # All branches up to 1.11 are affected
2100 - local _need_to_fix_CVE2016_1247=1
2101 -
2102 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
2103 - # Updating from <1.10
2104 - _has_to_adjust_permissions=1
2105 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
2106 - else
2107 - # Updating from >=1.10
2108 - local _fixed_in_pvr=
2109 - case "${_replacing_version_branch}" in
2110 - "1.10")
2111 - _fixed_in_pvr="1.10.2-r3"
2112 - ;;
2113 - "1.11")
2114 - _fixed_in_pvr="1.11.6-r1"
2115 - ;;
2116 - *)
2117 - # This should be any future branch.
2118 - # If we run this code it is safe to assume that we have already
2119 - # adjusted permissions or were never affected because user is
2120 - # doing an update from previous version which was safe or did
2121 - # the adjustments. Otherwise, we wouldn't hit this code path ...
2122 - _fixed_in_pvr=
2123 - esac
2124 -
2125 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
2126 - # We are updating an installation which should already be adjusted
2127 - # or which was never affected
2128 - _need_to_fix_CVE2016_1247=0
2129 - debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
2130 - else
2131 - _has_to_adjust_permissions=1
2132 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
2133 - fi
2134 - fi
2135 - done
2136 -
2137 - if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
2138 - # We do not DIE when chmod/chown commands are failing because
2139 - # package is already merged on user's system at this stage
2140 - # and we cannot retry without losing the information that
2141 - # the existing installation needs to adjust permissions.
2142 - # Instead we are going to a show a big warning ...
2143 -
2144 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
2145 - ewarn ""
2146 - ewarn "The world-readable bit (if set) has been removed from the"
2147 - ewarn "following directories to mitigate a security bug"
2148 - ewarn "(CVE-2013-0337, bug #458726):"
2149 - ewarn ""
2150 - ewarn " ${EPREFIX%/}/var/log/nginx"
2151 - ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
2152 - ewarn ""
2153 - ewarn "Check if this is correct for your setup before restarting nginx!"
2154 - ewarn "This is a one-time change and will not happen on subsequent updates."
2155 - ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
2156 - chmod o-rwx \
2157 - "${EPREFIX%/}"/var/log/nginx \
2158 - "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
2159 - _has_to_show_permission_warning=1
2160 - fi
2161 -
2162 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
2163 - ewarn ""
2164 - ewarn "The permissions on the following directory have been reset in"
2165 - ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
2166 - ewarn ""
2167 - ewarn " ${EPREFIX%/}/var/log/nginx"
2168 - ewarn ""
2169 - ewarn "Check if this is correct for your setup before restarting nginx!"
2170 - ewarn "Also ensure that no other log directory used by any of your"
2171 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
2172 - ewarn "used by nginx can be abused to escalate privileges!"
2173 - ewarn "This is a one-time change and will not happen on subsequent updates."
2174 - chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
2175 - chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
2176 - fi
2177 -
2178 - if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
2179 - # Should never happen ...
2180 - ewarn ""
2181 - ewarn "*************************************************************"
2182 - ewarn "*************** W A R N I N G ***************"
2183 - ewarn "*************************************************************"
2184 - ewarn "The one-time only attempt to adjust permissions of the"
2185 - ewarn "existing nginx installation failed. Be aware that we will not"
2186 - ewarn "try to adjust the same permissions again because now you are"
2187 - ewarn "using a nginx version where we expect that the permissions"
2188 - ewarn "are already adjusted or that you know what you are doing and"
2189 - ewarn "want to keep custom permissions."
2190 - ewarn ""
2191 - fi
2192 - fi
2193 -
2194 - # Sanity check for CVE-2016-1247
2195 - # Required to warn users who received the warning above and thought
2196 - # they could fix it by unmerging and re-merging the package or have
2197 - # unmerged a affected installation on purpose in the past leaving
2198 - # /var/log/nginx on their system due to keepdir/non-empty folder
2199 - # and are now installing the package again.
2200 - local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
2201 - su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
2202 - if [ $? -eq 0 ] ; then
2203 - # Cleanup -- no reason to die here!
2204 - rm -f "${_sanity_check_testfile}"
2205 -
2206 - ewarn ""
2207 - ewarn "*************************************************************"
2208 - ewarn "*************** W A R N I N G ***************"
2209 - ewarn "*************************************************************"
2210 - ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
2211 - ewarn "(bug #605008) because nginx user is able to create files in"
2212 - ewarn ""
2213 - ewarn " ${EPREFIX%/}/var/log/nginx"
2214 - ewarn ""
2215 - ewarn "Also ensure that no other log directory used by any of your"
2216 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
2217 - ewarn "used by nginx can be abused to escalate privileges!"
2218 - fi
2219 -
2220 - if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
2221 - # HTTPoxy mitigation
2222 - ewarn ""
2223 - ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
2224 - ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
2225 - ewarn "the HTTP_PROXY parameter to an empty string per default when you"
2226 - ewarn "are sourcing one of the default"
2227 - ewarn ""
2228 - ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
2229 - ewarn " - 'scgi_params'"
2230 - ewarn " - 'uwsgi_params'"
2231 - ewarn ""
2232 - ewarn "files in your server block(s)."
2233 - ewarn ""
2234 - ewarn "If this is causing any problems for you make sure that you are sourcing the"
2235 - ewarn "default parameters _before_ you set your own values."
2236 - ewarn "If you are relying on user-supplied proxy values you have to remove the"
2237 - ewarn "correlating lines from the file(s) mentioned above."
2238 - ewarn ""
2239 - fi
2240 -}
2241
2242 diff --git a/www-servers/nginx/nginx-1.14.2-r2.ebuild b/www-servers/nginx/nginx-1.14.2-r2.ebuild
2243 deleted file mode 100644
2244 index aecbc46ff6f..00000000000
2245 --- a/www-servers/nginx/nginx-1.14.2-r2.ebuild
2246 +++ /dev/null
2247 @@ -1,1087 +0,0 @@
2248 -# Copyright 1999-2018 Gentoo Authors
2249 -# Distributed under the terms of the GNU General Public License v2
2250 -
2251 -EAPI="6"
2252 -
2253 -# Maintainer notes:
2254 -# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
2255 -# - any http-module activates the main http-functionality and overrides USE=-http
2256 -# - keep the following requirements in mind before adding external modules:
2257 -# * alive upstream
2258 -# * sane packaging
2259 -# * builds cleanly
2260 -# * does not need a patch for nginx core
2261 -# - TODO: test the google-perftools module (included in vanilla tarball)
2262 -
2263 -# prevent perl-module from adding automagic perl DEPENDs
2264 -GENTOO_DEPEND_ON_PERL="no"
2265 -
2266 -# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
2267 -DEVEL_KIT_MODULE_PV="0.3.0"
2268 -DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
2269 -DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
2270 -DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
2271 -
2272 -# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
2273 -HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
2274 -HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
2275 -HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
2276 -HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
2277 -
2278 -# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
2279 -HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
2280 -HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
2281 -HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
2282 -HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
2283 -
2284 -# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
2285 -HTTP_HEADERS_MORE_MODULE_PV="0.33"
2286 -HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
2287 -HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
2288 -HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
2289 -
2290 -# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
2291 -HTTP_CACHE_PURGE_MODULE_PV="2.3"
2292 -HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
2293 -HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
2294 -HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
2295 -
2296 -# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
2297 -HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
2298 -HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
2299 -HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
2300 -HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
2301 -
2302 -# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
2303 -HTTP_FANCYINDEX_MODULE_PV="0.4.3"
2304 -HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
2305 -HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
2306 -HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
2307 -
2308 -# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
2309 -HTTP_LUA_MODULE_PV="0.10.13"
2310 -HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
2311 -HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
2312 -HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
2313 -
2314 -# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
2315 -HTTP_AUTH_PAM_MODULE_PV="1.5.1"
2316 -HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
2317 -HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
2318 -HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
2319 -
2320 -# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
2321 -HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
2322 -HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
2323 -HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
2324 -HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
2325 -
2326 -# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
2327 -HTTP_METRICS_MODULE_PV="0.1.1"
2328 -HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
2329 -HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
2330 -HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
2331 -
2332 -# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
2333 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
2334 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
2335 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
2336 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
2337 -
2338 -# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
2339 -HTTP_NAXSI_MODULE_PV="0.56"
2340 -HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
2341 -HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
2342 -HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
2343 -
2344 -# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
2345 -RTMP_MODULE_PV="1.2.1"
2346 -RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
2347 -RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
2348 -RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
2349 -
2350 -# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
2351 -HTTP_DAV_EXT_MODULE_PV="3.0.0"
2352 -HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
2353 -HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
2354 -HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
2355 -
2356 -# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
2357 -HTTP_ECHO_MODULE_PV="0.61"
2358 -HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
2359 -HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
2360 -HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
2361 -
2362 -# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
2363 -# keep the MODULE_P here consistent with upstream to avoid tarball duplication
2364 -HTTP_SECURITY_MODULE_PV="2.9.3"
2365 -HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
2366 -HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
2367 -HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
2368 -
2369 -# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
2370 -HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
2371 -HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
2372 -HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
2373 -HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
2374 -
2375 -# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
2376 -HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
2377 -HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
2378 -HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
2379 -HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
2380 -
2381 -# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
2382 -HTTP_MOGILEFS_MODULE_PV="1.0.4"
2383 -HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
2384 -HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
2385 -HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
2386 -
2387 -# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
2388 -HTTP_MEMC_MODULE_PV="0.19"
2389 -HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
2390 -HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
2391 -HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
2392 -
2393 -# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
2394 -HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
2395 -HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
2396 -HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
2397 -HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
2398 -
2399 -# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
2400 -GEOIP2_MODULE_PV="2.0"
2401 -GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
2402 -GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
2403 -GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
2404 -
2405 -# njs-module (https://github.com/nginx/njs, as-is)
2406 -NJS_MODULE_PV="0.2.7"
2407 -NJS_MODULE_P="njs-${NJS_MODULE_PV}"
2408 -NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
2409 -NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
2410 -
2411 -# We handle deps below ourselves
2412 -SSL_DEPS_SKIP=1
2413 -AUTOTOOLS_AUTO_DEPEND="no"
2414 -
2415 -inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
2416 -
2417 -DESCRIPTION="Robust, small and high performance http and reverse proxy server"
2418 -HOMEPAGE="https://nginx.org"
2419 -SRC_URI="https://nginx.org/download/${P}.tar.gz
2420 - ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
2421 - nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
2422 - nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
2423 - nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
2424 - nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
2425 - nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
2426 - nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
2427 - nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
2428 - nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
2429 - nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
2430 - nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
2431 - nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
2432 - nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
2433 - nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
2434 - nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
2435 - nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
2436 - nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
2437 - nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
2438 - nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
2439 - nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
2440 - nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
2441 - nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
2442 - nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
2443 - nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
2444 - nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
2445 - rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
2446 -
2447 -LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
2448 - nginx_modules_http_security? ( Apache-2.0 )
2449 - nginx_modules_http_push_stream? ( GPL-3 )"
2450 -
2451 -SLOT="0"
2452 -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
2453 -
2454 -# Package doesn't provide a real test suite
2455 -RESTRICT="test"
2456 -
2457 -NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
2458 - fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
2459 - proxy referer rewrite scgi ssi split_clients upstream_hash
2460 - upstream_ip_hash upstream_keepalive upstream_least_conn
2461 - upstream_zone userid uwsgi"
2462 -NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
2463 - gzip_static image_filter mp4 perl random_index realip secure_link
2464 - slice stub_status sub xslt"
2465 -NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
2466 - upstream_hash upstream_least_conn upstream_zone"
2467 -NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
2468 -NGINX_MODULES_MAIL="imap pop3 smtp"
2469 -NGINX_MODULES_3RD="
2470 - http_auth_ldap
2471 - http_auth_pam
2472 - http_brotli
2473 - http_cache_purge
2474 - http_dav_ext
2475 - http_echo
2476 - http_fancyindex
2477 - http_geoip2
2478 - http_headers_more
2479 - http_javascript
2480 - http_lua
2481 - http_memc
2482 - http_metrics
2483 - http_mogilefs
2484 - http_naxsi
2485 - http_push_stream
2486 - http_security
2487 - http_slowfs_cache
2488 - http_sticky
2489 - http_upload_progress
2490 - http_upstream_check
2491 - http_vhost_traffic_status
2492 - stream_geoip2
2493 - stream_javascript
2494 -"
2495 -
2496 -IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
2497 - pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
2498 -
2499 -for mod in $NGINX_MODULES_STD; do
2500 - IUSE="${IUSE} +nginx_modules_http_${mod}"
2501 -done
2502 -
2503 -for mod in $NGINX_MODULES_OPT; do
2504 - IUSE="${IUSE} nginx_modules_http_${mod}"
2505 -done
2506 -
2507 -for mod in $NGINX_MODULES_STREAM_STD; do
2508 - IUSE="${IUSE} nginx_modules_stream_${mod}"
2509 -done
2510 -
2511 -for mod in $NGINX_MODULES_STREAM_OPT; do
2512 - IUSE="${IUSE} nginx_modules_stream_${mod}"
2513 -done
2514 -
2515 -for mod in $NGINX_MODULES_MAIL; do
2516 - IUSE="${IUSE} nginx_modules_mail_${mod}"
2517 -done
2518 -
2519 -for mod in $NGINX_MODULES_3RD; do
2520 - IUSE="${IUSE} nginx_modules_${mod}"
2521 -done
2522 -
2523 -# Add so we can warn users updating about config changes
2524 -# @TODO: jbergstroem: remove on next release series
2525 -IUSE="${IUSE} nginx_modules_http_spdy"
2526 -
2527 -CDEPEND="
2528 - pcre? ( dev-libs/libpcre:= )
2529 - pcre-jit? ( dev-libs/libpcre:=[jit] )
2530 - ssl? (
2531 - !libressl? ( dev-libs/openssl:0= )
2532 - libressl? ( dev-libs/libressl:= )
2533 - )
2534 - http2? (
2535 - !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
2536 - libressl? ( dev-libs/libressl:= )
2537 - )
2538 - http-cache? (
2539 - userland_GNU? (
2540 - !libressl? ( dev-libs/openssl:0= )
2541 - libressl? ( dev-libs/libressl:= )
2542 - )
2543 - )
2544 - nginx_modules_http_brotli? ( app-arch/brotli:= )
2545 - nginx_modules_http_geoip? ( dev-libs/geoip )
2546 - nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
2547 - nginx_modules_http_gunzip? ( sys-libs/zlib )
2548 - nginx_modules_http_gzip? ( sys-libs/zlib )
2549 - nginx_modules_http_gzip_static? ( sys-libs/zlib )
2550 - nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
2551 - nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
2552 - nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
2553 - nginx_modules_http_secure_link? (
2554 - userland_GNU? (
2555 - !libressl? ( dev-libs/openssl:0= )
2556 - libressl? ( dev-libs/libressl:= )
2557 - )
2558 - )
2559 - nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
2560 - nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
2561 - nginx_modules_http_auth_pam? ( virtual/pam )
2562 - nginx_modules_http_metrics? ( dev-libs/yajl:= )
2563 - nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
2564 - nginx_modules_http_security? (
2565 - dev-libs/apr:=
2566 - dev-libs/apr-util:=
2567 - dev-libs/libxml2:=
2568 - net-misc/curl
2569 - www-servers/apache
2570 - )
2571 - nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
2572 - nginx_modules_stream_geoip? ( dev-libs/geoip )
2573 - nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
2574 -RDEPEND="${CDEPEND}
2575 - selinux? ( sec-policy/selinux-nginx )
2576 - !www-servers/nginx:mainline"
2577 -DEPEND="${CDEPEND}
2578 - nginx_modules_http_brotli? ( virtual/pkgconfig )
2579 - nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
2580 - arm? ( dev-libs/libatomic_ops )
2581 - libatomic? ( dev-libs/libatomic_ops )"
2582 -PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
2583 -
2584 -REQUIRED_USE="pcre-jit? ( pcre )
2585 - nginx_modules_http_grpc? ( http2 )
2586 - nginx_modules_http_lua? ( nginx_modules_http_rewrite )
2587 - nginx_modules_http_naxsi? ( pcre )
2588 - nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
2589 - nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
2590 - nginx_modules_http_security? ( pcre )
2591 - nginx_modules_http_push_stream? ( ssl )"
2592 -
2593 -pkg_setup() {
2594 - NGINX_HOME="/var/lib/nginx"
2595 - NGINX_HOME_TMP="${NGINX_HOME}/tmp"
2596 -
2597 - ebegin "Creating nginx user and group"
2598 - enewgroup ${PN}
2599 - enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
2600 - eend $?
2601 -
2602 - if use libatomic; then
2603 - ewarn "GCC 4.1+ features built-in atomic operations."
2604 - ewarn "Using libatomic_ops is only needed if using"
2605 - ewarn "a different compiler or a GCC prior to 4.1"
2606 - fi
2607 -
2608 - if [[ -n $NGINX_ADD_MODULES ]]; then
2609 - ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
2610 - ewarn "This nginx installation is not supported!"
2611 - ewarn "Make sure you can reproduce the bug without those modules"
2612 - ewarn "_before_ reporting bugs."
2613 - fi
2614 -
2615 - if use !http; then
2616 - ewarn "To actually disable all http-functionality you also have to disable"
2617 - ewarn "all nginx http modules."
2618 - fi
2619 -
2620 - if use nginx_modules_http_mogilefs && use threads; then
2621 - eerror "mogilefs won't compile with threads support."
2622 - eerror "Please disable either flag and try again."
2623 - die "Can't compile mogilefs with threads support"
2624 - fi
2625 -}
2626 -
2627 -src_prepare() {
2628 - eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
2629 - eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
2630 -
2631 - if use nginx_modules_http_auth_pam; then
2632 - cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
2633 - eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
2634 - cd "${S}" || die
2635 - fi
2636 -
2637 - if use nginx_modules_http_brotli; then
2638 - cd "${HTTP_BROTLI_MODULE_WD}" || die
2639 - eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
2640 - cd "${S}" || die
2641 - fi
2642 -
2643 - if use nginx_modules_http_upstream_check; then
2644 - eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
2645 - fi
2646 -
2647 - if use nginx_modules_http_cache_purge; then
2648 - cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
2649 - eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
2650 - cd "${S}" || die
2651 - fi
2652 -
2653 - if use nginx_modules_http_security; then
2654 - cd "${HTTP_SECURITY_MODULE_WD}" || die
2655 -
2656 - eautoreconf
2657 -
2658 - if use luajit ; then
2659 - sed -i \
2660 - -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
2661 - configure || die
2662 - fi
2663 -
2664 - cd "${S}" || die
2665 - fi
2666 -
2667 - if use nginx_modules_http_upload_progress; then
2668 - cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
2669 - eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
2670 - cd "${S}" || die
2671 - fi
2672 -
2673 - find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
2674 - # We have config protection, don't rename etc files
2675 - sed -i 's:.default::' auto/install || die
2676 - # remove useless files
2677 - sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
2678 -
2679 - # don't install to /etc/nginx/ if not in use
2680 - local module
2681 - for module in fastcgi scgi uwsgi ; do
2682 - if ! use nginx_modules_http_${module}; then
2683 - sed -i -e "/${module}/d" auto/install || die
2684 - fi
2685 - done
2686 -
2687 - eapply_user
2688 -}
2689 -
2690 -src_configure() {
2691 - # mod_security needs to generate nginx/modsecurity/config before including it
2692 - if use nginx_modules_http_security; then
2693 - cd "${HTTP_SECURITY_MODULE_WD}" || die
2694 -
2695 - ./configure \
2696 - --enable-standalone-module \
2697 - --disable-mlogc \
2698 - --with-ssdeep=no \
2699 - $(use_enable pcre-jit) \
2700 - $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
2701 -
2702 - cd "${S}" || die
2703 - fi
2704 -
2705 - local myconf=() http_enabled= mail_enabled= stream_enabled=
2706 -
2707 - use aio && myconf+=( --with-file-aio )
2708 - use debug && myconf+=( --with-debug )
2709 - use http2 && myconf+=( --with-http_v2_module )
2710 - use libatomic && myconf+=( --with-libatomic )
2711 - use pcre && myconf+=( --with-pcre )
2712 - use pcre-jit && myconf+=( --with-pcre-jit )
2713 - use threads && myconf+=( --with-threads )
2714 -
2715 - # HTTP modules
2716 - for mod in $NGINX_MODULES_STD; do
2717 - if use nginx_modules_http_${mod}; then
2718 - http_enabled=1
2719 - else
2720 - myconf+=( --without-http_${mod}_module )
2721 - fi
2722 - done
2723 -
2724 - for mod in $NGINX_MODULES_OPT; do
2725 - if use nginx_modules_http_${mod}; then
2726 - http_enabled=1
2727 - myconf+=( --with-http_${mod}_module )
2728 - fi
2729 - done
2730 -
2731 - if use nginx_modules_http_fastcgi; then
2732 - myconf+=( --with-http_realip_module )
2733 - fi
2734 -
2735 - # third-party modules
2736 - if use nginx_modules_http_upload_progress; then
2737 - http_enabled=1
2738 - myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
2739 - fi
2740 -
2741 - if use nginx_modules_http_headers_more; then
2742 - http_enabled=1
2743 - myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
2744 - fi
2745 -
2746 - if use nginx_modules_http_cache_purge; then
2747 - http_enabled=1
2748 - myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
2749 - fi
2750 -
2751 - if use nginx_modules_http_slowfs_cache; then
2752 - http_enabled=1
2753 - myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
2754 - fi
2755 -
2756 - if use nginx_modules_http_fancyindex; then
2757 - http_enabled=1
2758 - myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
2759 - fi
2760 -
2761 - if use nginx_modules_http_lua; then
2762 - http_enabled=1
2763 - if use luajit; then
2764 - export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
2765 - export LUAJIT_INC=$(pkg-config --variable includedir luajit)
2766 - else
2767 - export LUA_LIB=$(pkg-config --variable libdir lua)
2768 - export LUA_INC=$(pkg-config --variable includedir lua)
2769 - fi
2770 - myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
2771 - myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
2772 - fi
2773 -
2774 - if use nginx_modules_http_auth_pam; then
2775 - http_enabled=1
2776 - myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
2777 - fi
2778 -
2779 - if use nginx_modules_http_upstream_check; then
2780 - http_enabled=1
2781 - myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
2782 - fi
2783 -
2784 - if use nginx_modules_http_metrics; then
2785 - http_enabled=1
2786 - myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
2787 - fi
2788 -
2789 - if use nginx_modules_http_naxsi ; then
2790 - http_enabled=1
2791 - myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
2792 - fi
2793 -
2794 - if use rtmp ; then
2795 - http_enabled=1
2796 - myconf+=( --add-module=${RTMP_MODULE_WD} )
2797 - fi
2798 -
2799 - if use nginx_modules_http_dav_ext ; then
2800 - http_enabled=1
2801 - myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
2802 - fi
2803 -
2804 - if use nginx_modules_http_echo ; then
2805 - http_enabled=1
2806 - myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
2807 - fi
2808 -
2809 - if use nginx_modules_http_security ; then
2810 - http_enabled=1
2811 - myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
2812 - fi
2813 -
2814 - if use nginx_modules_http_push_stream ; then
2815 - http_enabled=1
2816 - myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
2817 - fi
2818 -
2819 - if use nginx_modules_http_sticky ; then
2820 - http_enabled=1
2821 - myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
2822 - fi
2823 -
2824 - if use nginx_modules_http_mogilefs ; then
2825 - http_enabled=1
2826 - myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
2827 - fi
2828 -
2829 - if use nginx_modules_http_memc ; then
2830 - http_enabled=1
2831 - myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
2832 - fi
2833 -
2834 - if use nginx_modules_http_auth_ldap; then
2835 - http_enabled=1
2836 - myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
2837 - fi
2838 -
2839 - if use nginx_modules_http_vhost_traffic_status; then
2840 - http_enabled=1
2841 - myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
2842 - fi
2843 -
2844 - if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
2845 - myconf+=( --add-module=${GEOIP2_MODULE_WD} )
2846 - fi
2847 -
2848 - if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
2849 - myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
2850 - fi
2851 -
2852 - if use nginx_modules_http_brotli; then
2853 - http_enabled=1
2854 - myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
2855 - fi
2856 -
2857 - if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
2858 - http_enabled=1
2859 - fi
2860 -
2861 - if [ $http_enabled ]; then
2862 - use http-cache || myconf+=( --without-http-cache )
2863 - use ssl && myconf+=( --with-http_ssl_module )
2864 - else
2865 - myconf+=( --without-http --without-http-cache )
2866 - fi
2867 -
2868 - # Stream modules
2869 - for mod in $NGINX_MODULES_STREAM_STD; do
2870 - if use nginx_modules_stream_${mod}; then
2871 - stream_enabled=1
2872 - else
2873 - myconf+=( --without-stream_${mod}_module )
2874 - fi
2875 - done
2876 -
2877 - for mod in $NGINX_MODULES_STREAM_OPT; do
2878 - if use nginx_modules_stream_${mod}; then
2879 - stream_enabled=1
2880 - myconf+=( --with-stream_${mod}_module )
2881 - fi
2882 - done
2883 -
2884 - if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
2885 - stream_enabled=1
2886 - fi
2887 -
2888 - if [ $stream_enabled ]; then
2889 - myconf+=( --with-stream )
2890 - use ssl && myconf+=( --with-stream_ssl_module )
2891 - fi
2892 -
2893 - # MAIL modules
2894 - for mod in $NGINX_MODULES_MAIL; do
2895 - if use nginx_modules_mail_${mod}; then
2896 - mail_enabled=1
2897 - else
2898 - myconf+=( --without-mail_${mod}_module )
2899 - fi
2900 - done
2901 -
2902 - if [ $mail_enabled ]; then
2903 - myconf+=( --with-mail )
2904 - use ssl && myconf+=( --with-mail_ssl_module )
2905 - fi
2906 -
2907 - # custom modules
2908 - for mod in $NGINX_ADD_MODULES; do
2909 - myconf+=( --add-module=${mod} )
2910 - done
2911 -
2912 - # https://bugs.gentoo.org/286772
2913 - export LANG=C LC_ALL=C
2914 - tc-export CC
2915 -
2916 - if ! use prefix; then
2917 - myconf+=( --user=${PN} )
2918 - myconf+=( --group=${PN} )
2919 - fi
2920 -
2921 - local WITHOUT_IPV6=
2922 - if ! use ipv6; then
2923 - WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
2924 - fi
2925 -
2926 - if [[ -n "${EXTRA_ECONF}" ]]; then
2927 - myconf+=( ${EXTRA_ECONF} )
2928 - ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
2929 - fi
2930 -
2931 - ./configure \
2932 - --prefix="${EPREFIX}"/usr \
2933 - --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
2934 - --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
2935 - --pid-path="${EPREFIX}"/run/${PN}.pid \
2936 - --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
2937 - --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
2938 - --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
2939 - --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
2940 - --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
2941 - --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
2942 - --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
2943 - --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
2944 - --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
2945 - --with-compat \
2946 - "${myconf[@]}" || die "configure failed"
2947 -
2948 - # A purely cosmetic change that makes nginx -V more readable. This can be
2949 - # good if people outside the gentoo community would troubleshoot and
2950 - # question the users setup.
2951 - sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
2952 -}
2953 -
2954 -src_compile() {
2955 - use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
2956 -
2957 - # https://bugs.gentoo.org/286772
2958 - export LANG=C LC_ALL=C
2959 - emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
2960 -}
2961 -
2962 -src_install() {
2963 - emake DESTDIR="${D%/}" install
2964 -
2965 - cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
2966 -
2967 - newinitd "${FILESDIR}"/nginx.initd-r4 nginx
2968 - newconfd "${FILESDIR}"/nginx.confd nginx
2969 -
2970 - systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
2971 -
2972 - doman man/nginx.8
2973 - dodoc CHANGES* README
2974 -
2975 - # just keepdir. do not copy the default htdocs files (bug #449136)
2976 - keepdir /var/www/localhost
2977 - rm -rf "${D}"usr/html || die
2978 -
2979 - # set up a list of directories to keep
2980 - local keepdir_list="${NGINX_HOME_TMP}"/client
2981 - local module
2982 - for module in proxy fastcgi scgi uwsgi; do
2983 - use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
2984 - done
2985 -
2986 - keepdir /var/log/nginx ${keepdir_list}
2987 -
2988 - # this solves a problem with SELinux where nginx doesn't see the directories
2989 - # as root and tries to create them as nginx
2990 - fperms 0750 "${NGINX_HOME_TMP}"
2991 - fowners ${PN}:0 "${NGINX_HOME_TMP}"
2992 -
2993 - fperms 0700 ${keepdir_list}
2994 - fowners ${PN}:${PN} ${keepdir_list}
2995 -
2996 - fperms 0710 /var/log/nginx
2997 - fowners 0:${PN} /var/log/nginx
2998 -
2999 - # logrotate
3000 - insinto /etc/logrotate.d
3001 - newins "${FILESDIR}"/nginx.logrotate-r1 nginx
3002 -
3003 - if use nginx_modules_http_perl; then
3004 - cd "${S}"/objs/src/http/modules/perl/ || die
3005 - emake DESTDIR="${D}" INSTALLDIRS=vendor
3006 - perl_delete_localpod
3007 - cd "${S}" || die
3008 - fi
3009 -
3010 - if use nginx_modules_http_cache_purge; then
3011 - docinto ${HTTP_CACHE_PURGE_MODULE_P}
3012 - dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
3013 - fi
3014 -
3015 - if use nginx_modules_http_slowfs_cache; then
3016 - docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
3017 - dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
3018 - fi
3019 -
3020 - if use nginx_modules_http_fancyindex; then
3021 - docinto ${HTTP_FANCYINDEX_MODULE_P}
3022 - dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
3023 - fi
3024 -
3025 - if use nginx_modules_http_lua; then
3026 - docinto ${HTTP_LUA_MODULE_P}
3027 - dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
3028 - fi
3029 -
3030 - if use nginx_modules_http_auth_pam; then
3031 - docinto ${HTTP_AUTH_PAM_MODULE_P}
3032 - dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
3033 - fi
3034 -
3035 - if use nginx_modules_http_upstream_check; then
3036 - docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
3037 - dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
3038 - fi
3039 -
3040 - if use nginx_modules_http_naxsi; then
3041 - insinto /etc/nginx
3042 - doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
3043 - fi
3044 -
3045 - if use rtmp; then
3046 - docinto ${RTMP_MODULE_P}
3047 - dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
3048 - fi
3049 -
3050 - if use nginx_modules_http_dav_ext; then
3051 - docinto ${HTTP_DAV_EXT_MODULE_P}
3052 - dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
3053 - fi
3054 -
3055 - if use nginx_modules_http_echo; then
3056 - docinto ${HTTP_ECHO_MODULE_P}
3057 - dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
3058 - fi
3059 -
3060 - if use nginx_modules_http_security; then
3061 - docinto ${HTTP_SECURITY_MODULE_P}
3062 - dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
3063 - fi
3064 -
3065 - if use nginx_modules_http_push_stream; then
3066 - docinto ${HTTP_PUSH_STREAM_MODULE_P}
3067 - dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
3068 - fi
3069 -
3070 - if use nginx_modules_http_sticky; then
3071 - docinto ${HTTP_STICKY_MODULE_P}
3072 - dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
3073 - fi
3074 -
3075 - if use nginx_modules_http_memc; then
3076 - docinto ${HTTP_MEMC_MODULE_P}
3077 - dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
3078 - fi
3079 -
3080 - if use nginx_modules_http_auth_ldap; then
3081 - docinto ${HTTP_LDAP_MODULE_P}
3082 - dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
3083 - fi
3084 -}
3085 -
3086 -pkg_postinst() {
3087 - if use ssl; then
3088 - if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
3089 - install_cert /etc/ssl/${PN}/${PN}
3090 - use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
3091 - fi
3092 - fi
3093 -
3094 - if use nginx_modules_http_spdy; then
3095 - ewarn ""
3096 - ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
3097 - ewarn "Update your configs and package.use accordingly."
3098 - fi
3099 -
3100 - if use nginx_modules_http_lua; then
3101 - ewarn ""
3102 - ewarn "While you can build lua 3rd party module against ${P}"
3103 - ewarn "the author warns that >=${PN}-1.11.11 is still not an"
3104 - ewarn "officially supported target yet. You are on your own."
3105 - ewarn "Expect runtime failures, memory leaks and other problems!"
3106 - fi
3107 -
3108 - if use nginx_modules_http_lua && use http2; then
3109 - ewarn ""
3110 - ewarn "Lua 3rd party module author warns against using ${P} with"
3111 - ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
3112 - fi
3113 -
3114 - local _n_permission_layout_checks=0
3115 - local _has_to_adjust_permissions=0
3116 - local _has_to_show_permission_warning=0
3117 -
3118 - # Defaults to 1 to inform people doing a fresh installation
3119 - # that we ship modified {scgi,uwsgi,fastcgi}_params files
3120 - local _has_to_show_httpoxy_mitigation_notice=1
3121 -
3122 - local _replacing_version=
3123 - for _replacing_version in ${REPLACING_VERSIONS}; do
3124 - _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
3125 -
3126 - if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
3127 - # Should never happen:
3128 - # Package is abusing slots but doesn't allow multiple parallel installations.
3129 - # If we run into this situation it is unsafe to automatically adjust any
3130 - # permission...
3131 - _has_to_show_permission_warning=1
3132 -
3133 - ewarn "Replacing multiple ${PN}' versions is unsupported! " \
3134 - "You will have to adjust permissions on your own."
3135 -
3136 - break
3137 - fi
3138 -
3139 - local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
3140 - debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
3141 -
3142 - # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
3143 - # This was before we introduced multiple nginx versions so we
3144 - # do not need to distinguish between stable and mainline
3145 - local _need_to_fix_CVE2013_0337=1
3146 -
3147 - if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
3148 - # We are updating an installation which should already be fixed
3149 - _need_to_fix_CVE2013_0337=0
3150 - debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
3151 - else
3152 - _has_to_adjust_permissions=1
3153 - debug-print "Need to adjust permissions to fix CVE-2013-0337!"
3154 - fi
3155 -
3156 - # Do we need to inform about HTTPoxy mitigation?
3157 - # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
3158 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
3159 - # Updating from <1.10
3160 - _has_to_show_httpoxy_mitigation_notice=1
3161 - debug-print "Need to inform about HTTPoxy mitigation!"
3162 - else
3163 - # Updating from >=1.10
3164 - local _fixed_in_pvr=
3165 - case "${_replacing_version_branch}" in
3166 - "1.10")
3167 - _fixed_in_pvr="1.10.1-r2"
3168 - ;;
3169 - "1.11")
3170 - _fixed_in_pvr="1.11.3-r1"
3171 - ;;
3172 - *)
3173 - # This should be any future branch.
3174 - # If we run this code it is safe to assume that the user has
3175 - # already seen the HTTPoxy mitigation notice because he/she is doing
3176 - # an update from previous version where we have already shown
3177 - # the warning. Otherwise, we wouldn't hit this code path ...
3178 - _fixed_in_pvr=
3179 - esac
3180 -
3181 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
3182 - # We are updating an installation where we already informed
3183 - # that we are mitigating HTTPoxy per default
3184 - _has_to_show_httpoxy_mitigation_notice=0
3185 - debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
3186 - else
3187 - _has_to_show_httpoxy_mitigation_notice=1
3188 - debug-print "Need to inform about HTTPoxy mitigation!"
3189 - fi
3190 - fi
3191 -
3192 - # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
3193 - # All branches up to 1.11 are affected
3194 - local _need_to_fix_CVE2016_1247=1
3195 -
3196 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
3197 - # Updating from <1.10
3198 - _has_to_adjust_permissions=1
3199 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
3200 - else
3201 - # Updating from >=1.10
3202 - local _fixed_in_pvr=
3203 - case "${_replacing_version_branch}" in
3204 - "1.10")
3205 - _fixed_in_pvr="1.10.2-r3"
3206 - ;;
3207 - "1.11")
3208 - _fixed_in_pvr="1.11.6-r1"
3209 - ;;
3210 - *)
3211 - # This should be any future branch.
3212 - # If we run this code it is safe to assume that we have already
3213 - # adjusted permissions or were never affected because user is
3214 - # doing an update from previous version which was safe or did
3215 - # the adjustments. Otherwise, we wouldn't hit this code path ...
3216 - _fixed_in_pvr=
3217 - esac
3218 -
3219 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
3220 - # We are updating an installation which should already be adjusted
3221 - # or which was never affected
3222 - _need_to_fix_CVE2016_1247=0
3223 - debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
3224 - else
3225 - _has_to_adjust_permissions=1
3226 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
3227 - fi
3228 - fi
3229 - done
3230 -
3231 - if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
3232 - # We do not DIE when chmod/chown commands are failing because
3233 - # package is already merged on user's system at this stage
3234 - # and we cannot retry without losing the information that
3235 - # the existing installation needs to adjust permissions.
3236 - # Instead we are going to a show a big warning ...
3237 -
3238 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
3239 - ewarn ""
3240 - ewarn "The world-readable bit (if set) has been removed from the"
3241 - ewarn "following directories to mitigate a security bug"
3242 - ewarn "(CVE-2013-0337, bug #458726):"
3243 - ewarn ""
3244 - ewarn " ${EPREFIX%/}/var/log/nginx"
3245 - ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
3246 - ewarn ""
3247 - ewarn "Check if this is correct for your setup before restarting nginx!"
3248 - ewarn "This is a one-time change and will not happen on subsequent updates."
3249 - ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
3250 - chmod o-rwx \
3251 - "${EPREFIX%/}"/var/log/nginx \
3252 - "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
3253 - _has_to_show_permission_warning=1
3254 - fi
3255 -
3256 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
3257 - ewarn ""
3258 - ewarn "The permissions on the following directory have been reset in"
3259 - ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
3260 - ewarn ""
3261 - ewarn " ${EPREFIX%/}/var/log/nginx"
3262 - ewarn ""
3263 - ewarn "Check if this is correct for your setup before restarting nginx!"
3264 - ewarn "Also ensure that no other log directory used by any of your"
3265 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
3266 - ewarn "used by nginx can be abused to escalate privileges!"
3267 - ewarn "This is a one-time change and will not happen on subsequent updates."
3268 - chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
3269 - chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
3270 - fi
3271 -
3272 - if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
3273 - # Should never happen ...
3274 - ewarn ""
3275 - ewarn "*************************************************************"
3276 - ewarn "*************** W A R N I N G ***************"
3277 - ewarn "*************************************************************"
3278 - ewarn "The one-time only attempt to adjust permissions of the"
3279 - ewarn "existing nginx installation failed. Be aware that we will not"
3280 - ewarn "try to adjust the same permissions again because now you are"
3281 - ewarn "using a nginx version where we expect that the permissions"
3282 - ewarn "are already adjusted or that you know what you are doing and"
3283 - ewarn "want to keep custom permissions."
3284 - ewarn ""
3285 - fi
3286 - fi
3287 -
3288 - # Sanity check for CVE-2016-1247
3289 - # Required to warn users who received the warning above and thought
3290 - # they could fix it by unmerging and re-merging the package or have
3291 - # unmerged a affected installation on purpose in the past leaving
3292 - # /var/log/nginx on their system due to keepdir/non-empty folder
3293 - # and are now installing the package again.
3294 - local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
3295 - su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
3296 - if [ $? -eq 0 ] ; then
3297 - # Cleanup -- no reason to die here!
3298 - rm -f "${_sanity_check_testfile}"
3299 -
3300 - ewarn ""
3301 - ewarn "*************************************************************"
3302 - ewarn "*************** W A R N I N G ***************"
3303 - ewarn "*************************************************************"
3304 - ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
3305 - ewarn "(bug #605008) because nginx user is able to create files in"
3306 - ewarn ""
3307 - ewarn " ${EPREFIX%/}/var/log/nginx"
3308 - ewarn ""
3309 - ewarn "Also ensure that no other log directory used by any of your"
3310 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
3311 - ewarn "used by nginx can be abused to escalate privileges!"
3312 - fi
3313 -
3314 - if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
3315 - # HTTPoxy mitigation
3316 - ewarn ""
3317 - ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
3318 - ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
3319 - ewarn "the HTTP_PROXY parameter to an empty string per default when you"
3320 - ewarn "are sourcing one of the default"
3321 - ewarn ""
3322 - ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
3323 - ewarn " - 'scgi_params'"
3324 - ewarn " - 'uwsgi_params'"
3325 - ewarn ""
3326 - ewarn "files in your server block(s)."
3327 - ewarn ""
3328 - ewarn "If this is causing any problems for you make sure that you are sourcing the"
3329 - ewarn "default parameters _before_ you set your own values."
3330 - ewarn "If you are relying on user-supplied proxy values you have to remove the"
3331 - ewarn "correlating lines from the file(s) mentioned above."
3332 - ewarn ""
3333 - fi
3334 -}
3335
3336 diff --git a/www-servers/nginx/nginx-1.15.6.ebuild b/www-servers/nginx/nginx-1.15.6.ebuild
3337 deleted file mode 100644
3338 index 0c5b2a38c67..00000000000
3339 --- a/www-servers/nginx/nginx-1.15.6.ebuild
3340 +++ /dev/null
3341 @@ -1,1081 +0,0 @@
3342 -# Copyright 1999-2018 Gentoo Authors
3343 -# Distributed under the terms of the GNU General Public License v2
3344 -
3345 -EAPI="6"
3346 -
3347 -# Maintainer notes:
3348 -# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
3349 -# - any http-module activates the main http-functionality and overrides USE=-http
3350 -# - keep the following requirements in mind before adding external modules:
3351 -# * alive upstream
3352 -# * sane packaging
3353 -# * builds cleanly
3354 -# * does not need a patch for nginx core
3355 -# - TODO: test the google-perftools module (included in vanilla tarball)
3356 -
3357 -# prevent perl-module from adding automagic perl DEPENDs
3358 -GENTOO_DEPEND_ON_PERL="no"
3359 -
3360 -# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
3361 -DEVEL_KIT_MODULE_PV="0.3.0"
3362 -DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
3363 -DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
3364 -DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
3365 -
3366 -# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
3367 -HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
3368 -HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
3369 -HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
3370 -HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
3371 -
3372 -# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
3373 -HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
3374 -HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
3375 -HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
3376 -HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
3377 -
3378 -# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
3379 -HTTP_HEADERS_MORE_MODULE_PV="0.33"
3380 -HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
3381 -HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
3382 -HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
3383 -
3384 -# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
3385 -HTTP_CACHE_PURGE_MODULE_PV="2.3"
3386 -HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
3387 -HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
3388 -HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
3389 -
3390 -# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
3391 -HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
3392 -HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
3393 -HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
3394 -HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
3395 -
3396 -# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
3397 -HTTP_FANCYINDEX_MODULE_PV="0.4.3"
3398 -HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
3399 -HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
3400 -HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
3401 -
3402 -# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
3403 -HTTP_LUA_MODULE_PV="0.10.13"
3404 -HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
3405 -HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
3406 -HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
3407 -
3408 -# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
3409 -HTTP_AUTH_PAM_MODULE_PV="1.5.1"
3410 -HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
3411 -HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
3412 -HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
3413 -
3414 -# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
3415 -HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
3416 -HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
3417 -HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
3418 -HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
3419 -
3420 -# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
3421 -HTTP_METRICS_MODULE_PV="0.1.1"
3422 -HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
3423 -HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
3424 -HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
3425 -
3426 -# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
3427 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
3428 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
3429 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
3430 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
3431 -
3432 -# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
3433 -HTTP_NAXSI_MODULE_PV="0.56"
3434 -HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
3435 -HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
3436 -HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
3437 -
3438 -# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
3439 -RTMP_MODULE_PV="1.2.1"
3440 -RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
3441 -RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
3442 -RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
3443 -
3444 -# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
3445 -HTTP_DAV_EXT_MODULE_PV="0.1.0"
3446 -HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
3447 -HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
3448 -HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
3449 -
3450 -# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
3451 -HTTP_ECHO_MODULE_PV="0.61"
3452 -HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
3453 -HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
3454 -HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
3455 -
3456 -# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
3457 -# keep the MODULE_P here consistent with upstream to avoid tarball duplication
3458 -HTTP_SECURITY_MODULE_PV="2.9.2"
3459 -HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
3460 -HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
3461 -HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
3462 -
3463 -# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
3464 -HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
3465 -HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
3466 -HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
3467 -HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
3468 -
3469 -# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
3470 -HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
3471 -HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
3472 -HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
3473 -HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
3474 -
3475 -# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
3476 -HTTP_MOGILEFS_MODULE_PV="1.0.4"
3477 -HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
3478 -HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
3479 -HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
3480 -
3481 -# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
3482 -HTTP_MEMC_MODULE_PV="0.19"
3483 -HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
3484 -HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
3485 -HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
3486 -
3487 -# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
3488 -HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
3489 -HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
3490 -HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
3491 -HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
3492 -
3493 -# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
3494 -GEOIP2_MODULE_PV="2.0"
3495 -GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
3496 -GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
3497 -GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
3498 -
3499 -# njs-module (https://github.com/nginx/njs, as-is)
3500 -NJS_MODULE_PV="0.2.5"
3501 -NJS_MODULE_P="njs-${NJS_MODULE_PV}"
3502 -NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
3503 -NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
3504 -
3505 -# We handle deps below ourselves
3506 -SSL_DEPS_SKIP=1
3507 -AUTOTOOLS_AUTO_DEPEND="no"
3508 -
3509 -inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
3510 -
3511 -DESCRIPTION="Robust, small and high performance http and reverse proxy server"
3512 -HOMEPAGE="https://nginx.org"
3513 -SRC_URI="https://nginx.org/download/${P}.tar.gz
3514 - ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
3515 - nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
3516 - nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
3517 - nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
3518 - nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
3519 - nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
3520 - nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
3521 - nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
3522 - nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
3523 - nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
3524 - nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
3525 - nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
3526 - nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
3527 - nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
3528 - nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
3529 - nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
3530 - nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
3531 - nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
3532 - nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
3533 - nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
3534 - nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
3535 - nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
3536 - nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
3537 - nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
3538 - nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
3539 - rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
3540 -
3541 -LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
3542 - nginx_modules_http_security? ( Apache-2.0 )
3543 - nginx_modules_http_push_stream? ( GPL-3 )"
3544 -
3545 -SLOT="mainline"
3546 -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
3547 -
3548 -# Package doesn't provide a real test suite
3549 -RESTRICT="test"
3550 -
3551 -NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
3552 - fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
3553 - proxy referer rewrite scgi ssi split_clients upstream_hash
3554 - upstream_ip_hash upstream_keepalive upstream_least_conn
3555 - upstream_zone userid uwsgi"
3556 -NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
3557 - gzip_static image_filter mp4 perl random_index realip secure_link
3558 - slice stub_status sub xslt"
3559 -NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
3560 - upstream_hash upstream_least_conn upstream_zone"
3561 -NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
3562 -NGINX_MODULES_MAIL="imap pop3 smtp"
3563 -NGINX_MODULES_3RD="
3564 - http_auth_ldap
3565 - http_auth_pam
3566 - http_brotli
3567 - http_cache_purge
3568 - http_dav_ext
3569 - http_echo
3570 - http_fancyindex
3571 - http_geoip2
3572 - http_headers_more
3573 - http_javascript
3574 - http_lua
3575 - http_memc
3576 - http_metrics
3577 - http_mogilefs
3578 - http_naxsi
3579 - http_push_stream
3580 - http_security
3581 - http_slowfs_cache
3582 - http_sticky
3583 - http_upload_progress
3584 - http_upstream_check
3585 - http_vhost_traffic_status
3586 - stream_geoip2
3587 - stream_javascript
3588 -"
3589 -
3590 -IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
3591 - pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
3592 -
3593 -for mod in $NGINX_MODULES_STD; do
3594 - IUSE="${IUSE} +nginx_modules_http_${mod}"
3595 -done
3596 -
3597 -for mod in $NGINX_MODULES_OPT; do
3598 - IUSE="${IUSE} nginx_modules_http_${mod}"
3599 -done
3600 -
3601 -for mod in $NGINX_MODULES_STREAM_STD; do
3602 - IUSE="${IUSE} nginx_modules_stream_${mod}"
3603 -done
3604 -
3605 -for mod in $NGINX_MODULES_STREAM_OPT; do
3606 - IUSE="${IUSE} nginx_modules_stream_${mod}"
3607 -done
3608 -
3609 -for mod in $NGINX_MODULES_MAIL; do
3610 - IUSE="${IUSE} nginx_modules_mail_${mod}"
3611 -done
3612 -
3613 -for mod in $NGINX_MODULES_3RD; do
3614 - IUSE="${IUSE} nginx_modules_${mod}"
3615 -done
3616 -
3617 -# Add so we can warn users updating about config changes
3618 -# @TODO: jbergstroem: remove on next release series
3619 -IUSE="${IUSE} nginx_modules_http_spdy"
3620 -
3621 -CDEPEND="
3622 - pcre? ( dev-libs/libpcre:= )
3623 - pcre-jit? ( dev-libs/libpcre:=[jit] )
3624 - ssl? (
3625 - !libressl? ( dev-libs/openssl:0= )
3626 - libressl? ( dev-libs/libressl:= )
3627 - )
3628 - http2? (
3629 - !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
3630 - libressl? ( dev-libs/libressl:= )
3631 - )
3632 - http-cache? (
3633 - userland_GNU? (
3634 - !libressl? ( dev-libs/openssl:0= )
3635 - libressl? ( dev-libs/libressl:= )
3636 - )
3637 - )
3638 - nginx_modules_http_brotli? ( app-arch/brotli:= )
3639 - nginx_modules_http_geoip? ( dev-libs/geoip )
3640 - nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
3641 - nginx_modules_http_gunzip? ( sys-libs/zlib )
3642 - nginx_modules_http_gzip? ( sys-libs/zlib )
3643 - nginx_modules_http_gzip_static? ( sys-libs/zlib )
3644 - nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
3645 - nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
3646 - nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
3647 - nginx_modules_http_secure_link? (
3648 - userland_GNU? (
3649 - !libressl? ( dev-libs/openssl:0= )
3650 - libressl? ( dev-libs/libressl:= )
3651 - )
3652 - )
3653 - nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
3654 - nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
3655 - nginx_modules_http_auth_pam? ( virtual/pam )
3656 - nginx_modules_http_metrics? ( dev-libs/yajl:= )
3657 - nginx_modules_http_dav_ext? ( dev-libs/expat )
3658 - nginx_modules_http_security? (
3659 - dev-libs/apr:=
3660 - dev-libs/apr-util:=
3661 - dev-libs/libxml2:=
3662 - net-misc/curl
3663 - www-servers/apache
3664 - )
3665 - nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
3666 - nginx_modules_stream_geoip? ( dev-libs/geoip )
3667 - nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
3668 -RDEPEND="${CDEPEND}
3669 - selinux? ( sec-policy/selinux-nginx )
3670 - !www-servers/nginx:0"
3671 -DEPEND="${CDEPEND}
3672 - nginx_modules_http_brotli? ( virtual/pkgconfig )
3673 - nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
3674 - arm? ( dev-libs/libatomic_ops )
3675 - libatomic? ( dev-libs/libatomic_ops )"
3676 -PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
3677 -
3678 -REQUIRED_USE="pcre-jit? ( pcre )
3679 - nginx_modules_http_grpc? ( http2 )
3680 - nginx_modules_http_lua? ( nginx_modules_http_rewrite )
3681 - nginx_modules_http_naxsi? ( pcre )
3682 - nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
3683 - nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
3684 - nginx_modules_http_security? ( pcre )
3685 - nginx_modules_http_push_stream? ( ssl )"
3686 -
3687 -pkg_setup() {
3688 - NGINX_HOME="/var/lib/nginx"
3689 - NGINX_HOME_TMP="${NGINX_HOME}/tmp"
3690 -
3691 - ebegin "Creating nginx user and group"
3692 - enewgroup ${PN}
3693 - enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
3694 - eend $?
3695 -
3696 - if use libatomic; then
3697 - ewarn "GCC 4.1+ features built-in atomic operations."
3698 - ewarn "Using libatomic_ops is only needed if using"
3699 - ewarn "a different compiler or a GCC prior to 4.1"
3700 - fi
3701 -
3702 - if [[ -n $NGINX_ADD_MODULES ]]; then
3703 - ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
3704 - ewarn "This nginx installation is not supported!"
3705 - ewarn "Make sure you can reproduce the bug without those modules"
3706 - ewarn "_before_ reporting bugs."
3707 - fi
3708 -
3709 - if use !http; then
3710 - ewarn "To actually disable all http-functionality you also have to disable"
3711 - ewarn "all nginx http modules."
3712 - fi
3713 -
3714 - if use nginx_modules_http_mogilefs && use threads; then
3715 - eerror "mogilefs won't compile with threads support."
3716 - eerror "Please disable either flag and try again."
3717 - die "Can't compile mogilefs with threads support"
3718 - fi
3719 -}
3720 -
3721 -src_prepare() {
3722 - eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
3723 - eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
3724 -
3725 - if use nginx_modules_http_brotli; then
3726 - cd "${HTTP_BROTLI_MODULE_WD}" || die
3727 - eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
3728 - cd "${S}" || die
3729 - fi
3730 -
3731 - if use nginx_modules_http_upstream_check; then
3732 - eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
3733 - fi
3734 -
3735 - if use nginx_modules_http_cache_purge; then
3736 - cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
3737 - eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
3738 - cd "${S}" || die
3739 - fi
3740 -
3741 - if use nginx_modules_http_security; then
3742 - cd "${HTTP_SECURITY_MODULE_WD}" || die
3743 -
3744 - eautoreconf
3745 -
3746 - if use luajit ; then
3747 - sed -i \
3748 - -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
3749 - configure || die
3750 - fi
3751 -
3752 - cd "${S}" || die
3753 - fi
3754 -
3755 - if use nginx_modules_http_upload_progress; then
3756 - cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
3757 - eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
3758 - cd "${S}" || die
3759 - fi
3760 -
3761 - find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
3762 - # We have config protection, don't rename etc files
3763 - sed -i 's:.default::' auto/install || die
3764 - # remove useless files
3765 - sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
3766 -
3767 - # don't install to /etc/nginx/ if not in use
3768 - local module
3769 - for module in fastcgi scgi uwsgi ; do
3770 - if ! use nginx_modules_http_${module}; then
3771 - sed -i -e "/${module}/d" auto/install || die
3772 - fi
3773 - done
3774 -
3775 - eapply_user
3776 -}
3777 -
3778 -src_configure() {
3779 - # mod_security needs to generate nginx/modsecurity/config before including it
3780 - if use nginx_modules_http_security; then
3781 - cd "${HTTP_SECURITY_MODULE_WD}" || die
3782 -
3783 - ./configure \
3784 - --enable-standalone-module \
3785 - --disable-mlogc \
3786 - --with-ssdeep=no \
3787 - $(use_enable pcre-jit) \
3788 - $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
3789 -
3790 - cd "${S}" || die
3791 - fi
3792 -
3793 - local myconf=() http_enabled= mail_enabled= stream_enabled=
3794 -
3795 - use aio && myconf+=( --with-file-aio )
3796 - use debug && myconf+=( --with-debug )
3797 - use http2 && myconf+=( --with-http_v2_module )
3798 - use libatomic && myconf+=( --with-libatomic )
3799 - use pcre && myconf+=( --with-pcre )
3800 - use pcre-jit && myconf+=( --with-pcre-jit )
3801 - use threads && myconf+=( --with-threads )
3802 -
3803 - # HTTP modules
3804 - for mod in $NGINX_MODULES_STD; do
3805 - if use nginx_modules_http_${mod}; then
3806 - http_enabled=1
3807 - else
3808 - myconf+=( --without-http_${mod}_module )
3809 - fi
3810 - done
3811 -
3812 - for mod in $NGINX_MODULES_OPT; do
3813 - if use nginx_modules_http_${mod}; then
3814 - http_enabled=1
3815 - myconf+=( --with-http_${mod}_module )
3816 - fi
3817 - done
3818 -
3819 - if use nginx_modules_http_fastcgi; then
3820 - myconf+=( --with-http_realip_module )
3821 - fi
3822 -
3823 - # third-party modules
3824 - if use nginx_modules_http_upload_progress; then
3825 - http_enabled=1
3826 - myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
3827 - fi
3828 -
3829 - if use nginx_modules_http_headers_more; then
3830 - http_enabled=1
3831 - myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
3832 - fi
3833 -
3834 - if use nginx_modules_http_cache_purge; then
3835 - http_enabled=1
3836 - myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
3837 - fi
3838 -
3839 - if use nginx_modules_http_slowfs_cache; then
3840 - http_enabled=1
3841 - myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
3842 - fi
3843 -
3844 - if use nginx_modules_http_fancyindex; then
3845 - http_enabled=1
3846 - myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
3847 - fi
3848 -
3849 - if use nginx_modules_http_lua; then
3850 - http_enabled=1
3851 - if use luajit; then
3852 - export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
3853 - export LUAJIT_INC=$(pkg-config --variable includedir luajit)
3854 - else
3855 - export LUA_LIB=$(pkg-config --variable libdir lua)
3856 - export LUA_INC=$(pkg-config --variable includedir lua)
3857 - fi
3858 - myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
3859 - myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
3860 - fi
3861 -
3862 - if use nginx_modules_http_auth_pam; then
3863 - http_enabled=1
3864 - myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
3865 - fi
3866 -
3867 - if use nginx_modules_http_upstream_check; then
3868 - http_enabled=1
3869 - myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
3870 - fi
3871 -
3872 - if use nginx_modules_http_metrics; then
3873 - http_enabled=1
3874 - myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
3875 - fi
3876 -
3877 - if use nginx_modules_http_naxsi ; then
3878 - http_enabled=1
3879 - myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
3880 - fi
3881 -
3882 - if use rtmp ; then
3883 - http_enabled=1
3884 - myconf+=( --add-module=${RTMP_MODULE_WD} )
3885 - fi
3886 -
3887 - if use nginx_modules_http_dav_ext ; then
3888 - http_enabled=1
3889 - myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
3890 - fi
3891 -
3892 - if use nginx_modules_http_echo ; then
3893 - http_enabled=1
3894 - myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
3895 - fi
3896 -
3897 - if use nginx_modules_http_security ; then
3898 - http_enabled=1
3899 - myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
3900 - fi
3901 -
3902 - if use nginx_modules_http_push_stream ; then
3903 - http_enabled=1
3904 - myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
3905 - fi
3906 -
3907 - if use nginx_modules_http_sticky ; then
3908 - http_enabled=1
3909 - myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
3910 - fi
3911 -
3912 - if use nginx_modules_http_mogilefs ; then
3913 - http_enabled=1
3914 - myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
3915 - fi
3916 -
3917 - if use nginx_modules_http_memc ; then
3918 - http_enabled=1
3919 - myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
3920 - fi
3921 -
3922 - if use nginx_modules_http_auth_ldap; then
3923 - http_enabled=1
3924 - myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
3925 - fi
3926 -
3927 - if use nginx_modules_http_vhost_traffic_status; then
3928 - http_enabled=1
3929 - myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
3930 - fi
3931 -
3932 - if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
3933 - myconf+=( --add-module=${GEOIP2_MODULE_WD} )
3934 - fi
3935 -
3936 - if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
3937 - myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
3938 - fi
3939 -
3940 - if use nginx_modules_http_brotli; then
3941 - http_enabled=1
3942 - myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
3943 - fi
3944 -
3945 - if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
3946 - http_enabled=1
3947 - fi
3948 -
3949 - if [ $http_enabled ]; then
3950 - use http-cache || myconf+=( --without-http-cache )
3951 - use ssl && myconf+=( --with-http_ssl_module )
3952 - else
3953 - myconf+=( --without-http --without-http-cache )
3954 - fi
3955 -
3956 - # Stream modules
3957 - for mod in $NGINX_MODULES_STREAM_STD; do
3958 - if use nginx_modules_stream_${mod}; then
3959 - stream_enabled=1
3960 - else
3961 - myconf+=( --without-stream_${mod}_module )
3962 - fi
3963 - done
3964 -
3965 - for mod in $NGINX_MODULES_STREAM_OPT; do
3966 - if use nginx_modules_stream_${mod}; then
3967 - stream_enabled=1
3968 - myconf+=( --with-stream_${mod}_module )
3969 - fi
3970 - done
3971 -
3972 - if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
3973 - stream_enabled=1
3974 - fi
3975 -
3976 - if [ $stream_enabled ]; then
3977 - myconf+=( --with-stream )
3978 - use ssl && myconf+=( --with-stream_ssl_module )
3979 - fi
3980 -
3981 - # MAIL modules
3982 - for mod in $NGINX_MODULES_MAIL; do
3983 - if use nginx_modules_mail_${mod}; then
3984 - mail_enabled=1
3985 - else
3986 - myconf+=( --without-mail_${mod}_module )
3987 - fi
3988 - done
3989 -
3990 - if [ $mail_enabled ]; then
3991 - myconf+=( --with-mail )
3992 - use ssl && myconf+=( --with-mail_ssl_module )
3993 - fi
3994 -
3995 - # custom modules
3996 - for mod in $NGINX_ADD_MODULES; do
3997 - myconf+=( --add-module=${mod} )
3998 - done
3999 -
4000 - # https://bugs.gentoo.org/286772
4001 - export LANG=C LC_ALL=C
4002 - tc-export CC
4003 -
4004 - if ! use prefix; then
4005 - myconf+=( --user=${PN} )
4006 - myconf+=( --group=${PN} )
4007 - fi
4008 -
4009 - local WITHOUT_IPV6=
4010 - if ! use ipv6; then
4011 - WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
4012 - fi
4013 -
4014 - if [[ -n "${EXTRA_ECONF}" ]]; then
4015 - myconf+=( ${EXTRA_ECONF} )
4016 - ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
4017 - fi
4018 -
4019 - ./configure \
4020 - --prefix="${EPREFIX}"/usr \
4021 - --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
4022 - --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
4023 - --pid-path="${EPREFIX}"/run/${PN}.pid \
4024 - --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
4025 - --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
4026 - --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
4027 - --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
4028 - --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
4029 - --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
4030 - --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
4031 - --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
4032 - --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
4033 - --with-compat \
4034 - "${myconf[@]}" || die "configure failed"
4035 -
4036 - # A purely cosmetic change that makes nginx -V more readable. This can be
4037 - # good if people outside the gentoo community would troubleshoot and
4038 - # question the users setup.
4039 - sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
4040 -}
4041 -
4042 -src_compile() {
4043 - use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
4044 -
4045 - # https://bugs.gentoo.org/286772
4046 - export LANG=C LC_ALL=C
4047 - emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
4048 -}
4049 -
4050 -src_install() {
4051 - emake DESTDIR="${D%/}" install
4052 -
4053 - cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
4054 -
4055 - newinitd "${FILESDIR}"/nginx.initd-r4 nginx
4056 - newconfd "${FILESDIR}"/nginx.confd nginx
4057 -
4058 - systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
4059 -
4060 - doman man/nginx.8
4061 - dodoc CHANGES* README
4062 -
4063 - # just keepdir. do not copy the default htdocs files (bug #449136)
4064 - keepdir /var/www/localhost
4065 - rm -rf "${D}"usr/html || die
4066 -
4067 - # set up a list of directories to keep
4068 - local keepdir_list="${NGINX_HOME_TMP}"/client
4069 - local module
4070 - for module in proxy fastcgi scgi uwsgi; do
4071 - use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
4072 - done
4073 -
4074 - keepdir /var/log/nginx ${keepdir_list}
4075 -
4076 - # this solves a problem with SELinux where nginx doesn't see the directories
4077 - # as root and tries to create them as nginx
4078 - fperms 0750 "${NGINX_HOME_TMP}"
4079 - fowners ${PN}:0 "${NGINX_HOME_TMP}"
4080 -
4081 - fperms 0700 ${keepdir_list}
4082 - fowners ${PN}:${PN} ${keepdir_list}
4083 -
4084 - fperms 0710 /var/log/nginx
4085 - fowners 0:${PN} /var/log/nginx
4086 -
4087 - # logrotate
4088 - insinto /etc/logrotate.d
4089 - newins "${FILESDIR}"/nginx.logrotate-r1 nginx
4090 -
4091 - if use nginx_modules_http_perl; then
4092 - cd "${S}"/objs/src/http/modules/perl/ || die
4093 - emake DESTDIR="${D}" INSTALLDIRS=vendor
4094 - perl_delete_localpod
4095 - cd "${S}" || die
4096 - fi
4097 -
4098 - if use nginx_modules_http_cache_purge; then
4099 - docinto ${HTTP_CACHE_PURGE_MODULE_P}
4100 - dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
4101 - fi
4102 -
4103 - if use nginx_modules_http_slowfs_cache; then
4104 - docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
4105 - dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
4106 - fi
4107 -
4108 - if use nginx_modules_http_fancyindex; then
4109 - docinto ${HTTP_FANCYINDEX_MODULE_P}
4110 - dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
4111 - fi
4112 -
4113 - if use nginx_modules_http_lua; then
4114 - docinto ${HTTP_LUA_MODULE_P}
4115 - dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
4116 - fi
4117 -
4118 - if use nginx_modules_http_auth_pam; then
4119 - docinto ${HTTP_AUTH_PAM_MODULE_P}
4120 - dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
4121 - fi
4122 -
4123 - if use nginx_modules_http_upstream_check; then
4124 - docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
4125 - dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
4126 - fi
4127 -
4128 - if use nginx_modules_http_naxsi; then
4129 - insinto /etc/nginx
4130 - doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
4131 - fi
4132 -
4133 - if use rtmp; then
4134 - docinto ${RTMP_MODULE_P}
4135 - dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
4136 - fi
4137 -
4138 - if use nginx_modules_http_dav_ext; then
4139 - docinto ${HTTP_DAV_EXT_MODULE_P}
4140 - dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
4141 - fi
4142 -
4143 - if use nginx_modules_http_echo; then
4144 - docinto ${HTTP_ECHO_MODULE_P}
4145 - dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
4146 - fi
4147 -
4148 - if use nginx_modules_http_security; then
4149 - docinto ${HTTP_SECURITY_MODULE_P}
4150 - dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
4151 - fi
4152 -
4153 - if use nginx_modules_http_push_stream; then
4154 - docinto ${HTTP_PUSH_STREAM_MODULE_P}
4155 - dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
4156 - fi
4157 -
4158 - if use nginx_modules_http_sticky; then
4159 - docinto ${HTTP_STICKY_MODULE_P}
4160 - dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
4161 - fi
4162 -
4163 - if use nginx_modules_http_memc; then
4164 - docinto ${HTTP_MEMC_MODULE_P}
4165 - dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
4166 - fi
4167 -
4168 - if use nginx_modules_http_auth_ldap; then
4169 - docinto ${HTTP_LDAP_MODULE_P}
4170 - dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
4171 - fi
4172 -}
4173 -
4174 -pkg_postinst() {
4175 - if use ssl; then
4176 - if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
4177 - install_cert /etc/ssl/${PN}/${PN}
4178 - use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
4179 - fi
4180 - fi
4181 -
4182 - if use nginx_modules_http_spdy; then
4183 - ewarn ""
4184 - ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
4185 - ewarn "Update your configs and package.use accordingly."
4186 - fi
4187 -
4188 - if use nginx_modules_http_lua; then
4189 - ewarn ""
4190 - ewarn "While you can build lua 3rd party module against ${P}"
4191 - ewarn "the author warns that >=${PN}-1.11.11 is still not an"
4192 - ewarn "officially supported target yet. You are on your own."
4193 - ewarn "Expect runtime failures, memory leaks and other problems!"
4194 - fi
4195 -
4196 - if use nginx_modules_http_lua && use http2; then
4197 - ewarn ""
4198 - ewarn "Lua 3rd party module author warns against using ${P} with"
4199 - ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
4200 - fi
4201 -
4202 - local _n_permission_layout_checks=0
4203 - local _has_to_adjust_permissions=0
4204 - local _has_to_show_permission_warning=0
4205 -
4206 - # Defaults to 1 to inform people doing a fresh installation
4207 - # that we ship modified {scgi,uwsgi,fastcgi}_params files
4208 - local _has_to_show_httpoxy_mitigation_notice=1
4209 -
4210 - local _replacing_version=
4211 - for _replacing_version in ${REPLACING_VERSIONS}; do
4212 - _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
4213 -
4214 - if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
4215 - # Should never happen:
4216 - # Package is abusing slots but doesn't allow multiple parallel installations.
4217 - # If we run into this situation it is unsafe to automatically adjust any
4218 - # permission...
4219 - _has_to_show_permission_warning=1
4220 -
4221 - ewarn "Replacing multiple ${PN}' versions is unsupported! " \
4222 - "You will have to adjust permissions on your own."
4223 -
4224 - break
4225 - fi
4226 -
4227 - local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
4228 - debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
4229 -
4230 - # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
4231 - # This was before we introduced multiple nginx versions so we
4232 - # do not need to distinguish between stable and mainline
4233 - local _need_to_fix_CVE2013_0337=1
4234 -
4235 - if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
4236 - # We are updating an installation which should already be fixed
4237 - _need_to_fix_CVE2013_0337=0
4238 - debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
4239 - else
4240 - _has_to_adjust_permissions=1
4241 - debug-print "Need to adjust permissions to fix CVE-2013-0337!"
4242 - fi
4243 -
4244 - # Do we need to inform about HTTPoxy mitigation?
4245 - # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
4246 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
4247 - # Updating from <1.10
4248 - _has_to_show_httpoxy_mitigation_notice=1
4249 - debug-print "Need to inform about HTTPoxy mitigation!"
4250 - else
4251 - # Updating from >=1.10
4252 - local _fixed_in_pvr=
4253 - case "${_replacing_version_branch}" in
4254 - "1.10")
4255 - _fixed_in_pvr="1.10.1-r2"
4256 - ;;
4257 - "1.11")
4258 - _fixed_in_pvr="1.11.3-r1"
4259 - ;;
4260 - *)
4261 - # This should be any future branch.
4262 - # If we run this code it is safe to assume that the user has
4263 - # already seen the HTTPoxy mitigation notice because he/she is doing
4264 - # an update from previous version where we have already shown
4265 - # the warning. Otherwise, we wouldn't hit this code path ...
4266 - _fixed_in_pvr=
4267 - esac
4268 -
4269 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
4270 - # We are updating an installation where we already informed
4271 - # that we are mitigating HTTPoxy per default
4272 - _has_to_show_httpoxy_mitigation_notice=0
4273 - debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
4274 - else
4275 - _has_to_show_httpoxy_mitigation_notice=1
4276 - debug-print "Need to inform about HTTPoxy mitigation!"
4277 - fi
4278 - fi
4279 -
4280 - # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
4281 - # All branches up to 1.11 are affected
4282 - local _need_to_fix_CVE2016_1247=1
4283 -
4284 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
4285 - # Updating from <1.10
4286 - _has_to_adjust_permissions=1
4287 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
4288 - else
4289 - # Updating from >=1.10
4290 - local _fixed_in_pvr=
4291 - case "${_replacing_version_branch}" in
4292 - "1.10")
4293 - _fixed_in_pvr="1.10.2-r3"
4294 - ;;
4295 - "1.11")
4296 - _fixed_in_pvr="1.11.6-r1"
4297 - ;;
4298 - *)
4299 - # This should be any future branch.
4300 - # If we run this code it is safe to assume that we have already
4301 - # adjusted permissions or were never affected because user is
4302 - # doing an update from previous version which was safe or did
4303 - # the adjustments. Otherwise, we wouldn't hit this code path ...
4304 - _fixed_in_pvr=
4305 - esac
4306 -
4307 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
4308 - # We are updating an installation which should already be adjusted
4309 - # or which was never affected
4310 - _need_to_fix_CVE2016_1247=0
4311 - debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
4312 - else
4313 - _has_to_adjust_permissions=1
4314 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
4315 - fi
4316 - fi
4317 - done
4318 -
4319 - if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
4320 - # We do not DIE when chmod/chown commands are failing because
4321 - # package is already merged on user's system at this stage
4322 - # and we cannot retry without losing the information that
4323 - # the existing installation needs to adjust permissions.
4324 - # Instead we are going to a show a big warning ...
4325 -
4326 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
4327 - ewarn ""
4328 - ewarn "The world-readable bit (if set) has been removed from the"
4329 - ewarn "following directories to mitigate a security bug"
4330 - ewarn "(CVE-2013-0337, bug #458726):"
4331 - ewarn ""
4332 - ewarn " ${EPREFIX%/}/var/log/nginx"
4333 - ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
4334 - ewarn ""
4335 - ewarn "Check if this is correct for your setup before restarting nginx!"
4336 - ewarn "This is a one-time change and will not happen on subsequent updates."
4337 - ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
4338 - chmod o-rwx \
4339 - "${EPREFIX%/}"/var/log/nginx \
4340 - "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
4341 - _has_to_show_permission_warning=1
4342 - fi
4343 -
4344 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
4345 - ewarn ""
4346 - ewarn "The permissions on the following directory have been reset in"
4347 - ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
4348 - ewarn ""
4349 - ewarn " ${EPREFIX%/}/var/log/nginx"
4350 - ewarn ""
4351 - ewarn "Check if this is correct for your setup before restarting nginx!"
4352 - ewarn "Also ensure that no other log directory used by any of your"
4353 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
4354 - ewarn "used by nginx can be abused to escalate privileges!"
4355 - ewarn "This is a one-time change and will not happen on subsequent updates."
4356 - chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
4357 - chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
4358 - fi
4359 -
4360 - if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
4361 - # Should never happen ...
4362 - ewarn ""
4363 - ewarn "*************************************************************"
4364 - ewarn "*************** W A R N I N G ***************"
4365 - ewarn "*************************************************************"
4366 - ewarn "The one-time only attempt to adjust permissions of the"
4367 - ewarn "existing nginx installation failed. Be aware that we will not"
4368 - ewarn "try to adjust the same permissions again because now you are"
4369 - ewarn "using a nginx version where we expect that the permissions"
4370 - ewarn "are already adjusted or that you know what you are doing and"
4371 - ewarn "want to keep custom permissions."
4372 - ewarn ""
4373 - fi
4374 - fi
4375 -
4376 - # Sanity check for CVE-2016-1247
4377 - # Required to warn users who received the warning above and thought
4378 - # they could fix it by unmerging and re-merging the package or have
4379 - # unmerged a affected installation on purpose in the past leaving
4380 - # /var/log/nginx on their system due to keepdir/non-empty folder
4381 - # and are now installing the package again.
4382 - local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
4383 - su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
4384 - if [ $? -eq 0 ] ; then
4385 - # Cleanup -- no reason to die here!
4386 - rm -f "${_sanity_check_testfile}"
4387 -
4388 - ewarn ""
4389 - ewarn "*************************************************************"
4390 - ewarn "*************** W A R N I N G ***************"
4391 - ewarn "*************************************************************"
4392 - ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
4393 - ewarn "(bug #605008) because nginx user is able to create files in"
4394 - ewarn ""
4395 - ewarn " ${EPREFIX%/}/var/log/nginx"
4396 - ewarn ""
4397 - ewarn "Also ensure that no other log directory used by any of your"
4398 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
4399 - ewarn "used by nginx can be abused to escalate privileges!"
4400 - fi
4401 -
4402 - if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
4403 - # HTTPoxy mitigation
4404 - ewarn ""
4405 - ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
4406 - ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
4407 - ewarn "the HTTP_PROXY parameter to an empty string per default when you"
4408 - ewarn "are sourcing one of the default"
4409 - ewarn ""
4410 - ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
4411 - ewarn " - 'scgi_params'"
4412 - ewarn " - 'uwsgi_params'"
4413 - ewarn ""
4414 - ewarn "files in your server block(s)."
4415 - ewarn ""
4416 - ewarn "If this is causing any problems for you make sure that you are sourcing the"
4417 - ewarn "default parameters _before_ you set your own values."
4418 - ewarn "If you are relying on user-supplied proxy values you have to remove the"
4419 - ewarn "correlating lines from the file(s) mentioned above."
4420 - ewarn ""
4421 - fi
4422 -}
4423
4424 diff --git a/www-servers/nginx/nginx-1.15.7-r1.ebuild b/www-servers/nginx/nginx-1.15.7-r1.ebuild
4425 deleted file mode 100644
4426 index 6fbcd2eaad4..00000000000
4427 --- a/www-servers/nginx/nginx-1.15.7-r1.ebuild
4428 +++ /dev/null
4429 @@ -1,1087 +0,0 @@
4430 -# Copyright 1999-2018 Gentoo Authors
4431 -# Distributed under the terms of the GNU General Public License v2
4432 -
4433 -EAPI="6"
4434 -
4435 -# Maintainer notes:
4436 -# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
4437 -# - any http-module activates the main http-functionality and overrides USE=-http
4438 -# - keep the following requirements in mind before adding external modules:
4439 -# * alive upstream
4440 -# * sane packaging
4441 -# * builds cleanly
4442 -# * does not need a patch for nginx core
4443 -# - TODO: test the google-perftools module (included in vanilla tarball)
4444 -
4445 -# prevent perl-module from adding automagic perl DEPENDs
4446 -GENTOO_DEPEND_ON_PERL="no"
4447 -
4448 -# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
4449 -DEVEL_KIT_MODULE_PV="0.3.0"
4450 -DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
4451 -DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
4452 -DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
4453 -
4454 -# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
4455 -HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
4456 -HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
4457 -HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
4458 -HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
4459 -
4460 -# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
4461 -HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
4462 -HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
4463 -HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
4464 -HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
4465 -
4466 -# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
4467 -HTTP_HEADERS_MORE_MODULE_PV="0.33"
4468 -HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
4469 -HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
4470 -HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
4471 -
4472 -# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
4473 -HTTP_CACHE_PURGE_MODULE_PV="2.3"
4474 -HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
4475 -HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
4476 -HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
4477 -
4478 -# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
4479 -HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
4480 -HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
4481 -HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
4482 -HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
4483 -
4484 -# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
4485 -HTTP_FANCYINDEX_MODULE_PV="0.4.3"
4486 -HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
4487 -HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
4488 -HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
4489 -
4490 -# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
4491 -HTTP_LUA_MODULE_PV="0.10.13"
4492 -HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
4493 -HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
4494 -HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
4495 -
4496 -# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
4497 -HTTP_AUTH_PAM_MODULE_PV="1.5.1"
4498 -HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
4499 -HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
4500 -HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
4501 -
4502 -# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
4503 -HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
4504 -HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
4505 -HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
4506 -HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
4507 -
4508 -# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
4509 -HTTP_METRICS_MODULE_PV="0.1.1"
4510 -HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
4511 -HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
4512 -HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
4513 -
4514 -# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
4515 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
4516 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
4517 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
4518 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
4519 -
4520 -# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
4521 -HTTP_NAXSI_MODULE_PV="0.56"
4522 -HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
4523 -HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
4524 -HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
4525 -
4526 -# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
4527 -RTMP_MODULE_PV="1.2.1"
4528 -RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
4529 -RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
4530 -RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
4531 -
4532 -# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
4533 -HTTP_DAV_EXT_MODULE_PV="0.1.0"
4534 -HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
4535 -HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
4536 -HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
4537 -
4538 -# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
4539 -HTTP_ECHO_MODULE_PV="0.61"
4540 -HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
4541 -HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
4542 -HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
4543 -
4544 -# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
4545 -# keep the MODULE_P here consistent with upstream to avoid tarball duplication
4546 -HTTP_SECURITY_MODULE_PV="2.9.2"
4547 -HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
4548 -HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
4549 -HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
4550 -
4551 -# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
4552 -HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
4553 -HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
4554 -HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
4555 -HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
4556 -
4557 -# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
4558 -HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
4559 -HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
4560 -HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
4561 -HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
4562 -
4563 -# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
4564 -HTTP_MOGILEFS_MODULE_PV="1.0.4"
4565 -HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
4566 -HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
4567 -HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
4568 -
4569 -# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
4570 -HTTP_MEMC_MODULE_PV="0.19"
4571 -HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
4572 -HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
4573 -HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
4574 -
4575 -# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
4576 -HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
4577 -HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
4578 -HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
4579 -HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
4580 -
4581 -# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
4582 -GEOIP2_MODULE_PV="2.0"
4583 -GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
4584 -GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
4585 -GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
4586 -
4587 -# njs-module (https://github.com/nginx/njs, as-is)
4588 -NJS_MODULE_PV="0.2.6"
4589 -NJS_MODULE_P="njs-${NJS_MODULE_PV}"
4590 -NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
4591 -NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
4592 -
4593 -# We handle deps below ourselves
4594 -SSL_DEPS_SKIP=1
4595 -AUTOTOOLS_AUTO_DEPEND="no"
4596 -
4597 -inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
4598 -
4599 -DESCRIPTION="Robust, small and high performance http and reverse proxy server"
4600 -HOMEPAGE="https://nginx.org"
4601 -SRC_URI="https://nginx.org/download/${P}.tar.gz
4602 - ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
4603 - nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
4604 - nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
4605 - nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
4606 - nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
4607 - nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
4608 - nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
4609 - nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
4610 - nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
4611 - nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
4612 - nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
4613 - nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
4614 - nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
4615 - nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
4616 - nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
4617 - nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
4618 - nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
4619 - nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
4620 - nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
4621 - nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
4622 - nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
4623 - nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
4624 - nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
4625 - nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
4626 - nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
4627 - rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
4628 -
4629 -LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
4630 - nginx_modules_http_security? ( Apache-2.0 )
4631 - nginx_modules_http_push_stream? ( GPL-3 )"
4632 -
4633 -SLOT="mainline"
4634 -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
4635 -
4636 -# Package doesn't provide a real test suite
4637 -RESTRICT="test"
4638 -
4639 -NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
4640 - fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
4641 - proxy referer rewrite scgi ssi split_clients upstream_hash
4642 - upstream_ip_hash upstream_keepalive upstream_least_conn
4643 - upstream_zone userid uwsgi"
4644 -NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
4645 - gzip_static image_filter mp4 perl random_index realip secure_link
4646 - slice stub_status sub xslt"
4647 -NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
4648 - upstream_hash upstream_least_conn upstream_zone"
4649 -NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
4650 -NGINX_MODULES_MAIL="imap pop3 smtp"
4651 -NGINX_MODULES_3RD="
4652 - http_auth_ldap
4653 - http_auth_pam
4654 - http_brotli
4655 - http_cache_purge
4656 - http_dav_ext
4657 - http_echo
4658 - http_fancyindex
4659 - http_geoip2
4660 - http_headers_more
4661 - http_javascript
4662 - http_lua
4663 - http_memc
4664 - http_metrics
4665 - http_mogilefs
4666 - http_naxsi
4667 - http_push_stream
4668 - http_security
4669 - http_slowfs_cache
4670 - http_sticky
4671 - http_upload_progress
4672 - http_upstream_check
4673 - http_vhost_traffic_status
4674 - stream_geoip2
4675 - stream_javascript
4676 -"
4677 -
4678 -IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
4679 - pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
4680 -
4681 -for mod in $NGINX_MODULES_STD; do
4682 - IUSE="${IUSE} +nginx_modules_http_${mod}"
4683 -done
4684 -
4685 -for mod in $NGINX_MODULES_OPT; do
4686 - IUSE="${IUSE} nginx_modules_http_${mod}"
4687 -done
4688 -
4689 -for mod in $NGINX_MODULES_STREAM_STD; do
4690 - IUSE="${IUSE} nginx_modules_stream_${mod}"
4691 -done
4692 -
4693 -for mod in $NGINX_MODULES_STREAM_OPT; do
4694 - IUSE="${IUSE} nginx_modules_stream_${mod}"
4695 -done
4696 -
4697 -for mod in $NGINX_MODULES_MAIL; do
4698 - IUSE="${IUSE} nginx_modules_mail_${mod}"
4699 -done
4700 -
4701 -for mod in $NGINX_MODULES_3RD; do
4702 - IUSE="${IUSE} nginx_modules_${mod}"
4703 -done
4704 -
4705 -# Add so we can warn users updating about config changes
4706 -# @TODO: jbergstroem: remove on next release series
4707 -IUSE="${IUSE} nginx_modules_http_spdy"
4708 -
4709 -CDEPEND="
4710 - pcre? ( dev-libs/libpcre:= )
4711 - pcre-jit? ( dev-libs/libpcre:=[jit] )
4712 - ssl? (
4713 - !libressl? ( dev-libs/openssl:0= )
4714 - libressl? ( dev-libs/libressl:= )
4715 - )
4716 - http2? (
4717 - !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
4718 - libressl? ( dev-libs/libressl:= )
4719 - )
4720 - http-cache? (
4721 - userland_GNU? (
4722 - !libressl? ( dev-libs/openssl:0= )
4723 - libressl? ( dev-libs/libressl:= )
4724 - )
4725 - )
4726 - nginx_modules_http_brotli? ( app-arch/brotli:= )
4727 - nginx_modules_http_geoip? ( dev-libs/geoip )
4728 - nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
4729 - nginx_modules_http_gunzip? ( sys-libs/zlib )
4730 - nginx_modules_http_gzip? ( sys-libs/zlib )
4731 - nginx_modules_http_gzip_static? ( sys-libs/zlib )
4732 - nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
4733 - nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
4734 - nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
4735 - nginx_modules_http_secure_link? (
4736 - userland_GNU? (
4737 - !libressl? ( dev-libs/openssl:0= )
4738 - libressl? ( dev-libs/libressl:= )
4739 - )
4740 - )
4741 - nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
4742 - nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
4743 - nginx_modules_http_auth_pam? ( virtual/pam )
4744 - nginx_modules_http_metrics? ( dev-libs/yajl:= )
4745 - nginx_modules_http_dav_ext? ( dev-libs/expat )
4746 - nginx_modules_http_security? (
4747 - dev-libs/apr:=
4748 - dev-libs/apr-util:=
4749 - dev-libs/libxml2:=
4750 - net-misc/curl
4751 - www-servers/apache
4752 - )
4753 - nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
4754 - nginx_modules_stream_geoip? ( dev-libs/geoip )
4755 - nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
4756 -RDEPEND="${CDEPEND}
4757 - selinux? ( sec-policy/selinux-nginx )
4758 - !www-servers/nginx:0"
4759 -DEPEND="${CDEPEND}
4760 - nginx_modules_http_brotli? ( virtual/pkgconfig )
4761 - nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
4762 - arm? ( dev-libs/libatomic_ops )
4763 - libatomic? ( dev-libs/libatomic_ops )"
4764 -PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
4765 -
4766 -REQUIRED_USE="pcre-jit? ( pcre )
4767 - nginx_modules_http_grpc? ( http2 )
4768 - nginx_modules_http_lua? ( nginx_modules_http_rewrite )
4769 - nginx_modules_http_naxsi? ( pcre )
4770 - nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
4771 - nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
4772 - nginx_modules_http_security? ( pcre )
4773 - nginx_modules_http_push_stream? ( ssl )"
4774 -
4775 -pkg_setup() {
4776 - NGINX_HOME="/var/lib/nginx"
4777 - NGINX_HOME_TMP="${NGINX_HOME}/tmp"
4778 -
4779 - ebegin "Creating nginx user and group"
4780 - enewgroup ${PN}
4781 - enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
4782 - eend $?
4783 -
4784 - if use libatomic; then
4785 - ewarn "GCC 4.1+ features built-in atomic operations."
4786 - ewarn "Using libatomic_ops is only needed if using"
4787 - ewarn "a different compiler or a GCC prior to 4.1"
4788 - fi
4789 -
4790 - if [[ -n $NGINX_ADD_MODULES ]]; then
4791 - ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
4792 - ewarn "This nginx installation is not supported!"
4793 - ewarn "Make sure you can reproduce the bug without those modules"
4794 - ewarn "_before_ reporting bugs."
4795 - fi
4796 -
4797 - if use !http; then
4798 - ewarn "To actually disable all http-functionality you also have to disable"
4799 - ewarn "all nginx http modules."
4800 - fi
4801 -
4802 - if use nginx_modules_http_mogilefs && use threads; then
4803 - eerror "mogilefs won't compile with threads support."
4804 - eerror "Please disable either flag and try again."
4805 - die "Can't compile mogilefs with threads support"
4806 - fi
4807 -}
4808 -
4809 -src_prepare() {
4810 - eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
4811 - eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
4812 -
4813 - if use nginx_modules_http_auth_pam; then
4814 - cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
4815 - eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
4816 - cd "${S}" || die
4817 - fi
4818 -
4819 - if use nginx_modules_http_brotli; then
4820 - cd "${HTTP_BROTLI_MODULE_WD}" || die
4821 - eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
4822 - cd "${S}" || die
4823 - fi
4824 -
4825 - if use nginx_modules_http_upstream_check; then
4826 - eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
4827 - fi
4828 -
4829 - if use nginx_modules_http_cache_purge; then
4830 - cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
4831 - eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
4832 - cd "${S}" || die
4833 - fi
4834 -
4835 - if use nginx_modules_http_security; then
4836 - cd "${HTTP_SECURITY_MODULE_WD}" || die
4837 -
4838 - eautoreconf
4839 -
4840 - if use luajit ; then
4841 - sed -i \
4842 - -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
4843 - configure || die
4844 - fi
4845 -
4846 - cd "${S}" || die
4847 - fi
4848 -
4849 - if use nginx_modules_http_upload_progress; then
4850 - cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
4851 - eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
4852 - cd "${S}" || die
4853 - fi
4854 -
4855 - find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
4856 - # We have config protection, don't rename etc files
4857 - sed -i 's:.default::' auto/install || die
4858 - # remove useless files
4859 - sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
4860 -
4861 - # don't install to /etc/nginx/ if not in use
4862 - local module
4863 - for module in fastcgi scgi uwsgi ; do
4864 - if ! use nginx_modules_http_${module}; then
4865 - sed -i -e "/${module}/d" auto/install || die
4866 - fi
4867 - done
4868 -
4869 - eapply_user
4870 -}
4871 -
4872 -src_configure() {
4873 - # mod_security needs to generate nginx/modsecurity/config before including it
4874 - if use nginx_modules_http_security; then
4875 - cd "${HTTP_SECURITY_MODULE_WD}" || die
4876 -
4877 - ./configure \
4878 - --enable-standalone-module \
4879 - --disable-mlogc \
4880 - --with-ssdeep=no \
4881 - $(use_enable pcre-jit) \
4882 - $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
4883 -
4884 - cd "${S}" || die
4885 - fi
4886 -
4887 - local myconf=() http_enabled= mail_enabled= stream_enabled=
4888 -
4889 - use aio && myconf+=( --with-file-aio )
4890 - use debug && myconf+=( --with-debug )
4891 - use http2 && myconf+=( --with-http_v2_module )
4892 - use libatomic && myconf+=( --with-libatomic )
4893 - use pcre && myconf+=( --with-pcre )
4894 - use pcre-jit && myconf+=( --with-pcre-jit )
4895 - use threads && myconf+=( --with-threads )
4896 -
4897 - # HTTP modules
4898 - for mod in $NGINX_MODULES_STD; do
4899 - if use nginx_modules_http_${mod}; then
4900 - http_enabled=1
4901 - else
4902 - myconf+=( --without-http_${mod}_module )
4903 - fi
4904 - done
4905 -
4906 - for mod in $NGINX_MODULES_OPT; do
4907 - if use nginx_modules_http_${mod}; then
4908 - http_enabled=1
4909 - myconf+=( --with-http_${mod}_module )
4910 - fi
4911 - done
4912 -
4913 - if use nginx_modules_http_fastcgi; then
4914 - myconf+=( --with-http_realip_module )
4915 - fi
4916 -
4917 - # third-party modules
4918 - if use nginx_modules_http_upload_progress; then
4919 - http_enabled=1
4920 - myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
4921 - fi
4922 -
4923 - if use nginx_modules_http_headers_more; then
4924 - http_enabled=1
4925 - myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
4926 - fi
4927 -
4928 - if use nginx_modules_http_cache_purge; then
4929 - http_enabled=1
4930 - myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
4931 - fi
4932 -
4933 - if use nginx_modules_http_slowfs_cache; then
4934 - http_enabled=1
4935 - myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
4936 - fi
4937 -
4938 - if use nginx_modules_http_fancyindex; then
4939 - http_enabled=1
4940 - myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
4941 - fi
4942 -
4943 - if use nginx_modules_http_lua; then
4944 - http_enabled=1
4945 - if use luajit; then
4946 - export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
4947 - export LUAJIT_INC=$(pkg-config --variable includedir luajit)
4948 - else
4949 - export LUA_LIB=$(pkg-config --variable libdir lua)
4950 - export LUA_INC=$(pkg-config --variable includedir lua)
4951 - fi
4952 - myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
4953 - myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
4954 - fi
4955 -
4956 - if use nginx_modules_http_auth_pam; then
4957 - http_enabled=1
4958 - myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
4959 - fi
4960 -
4961 - if use nginx_modules_http_upstream_check; then
4962 - http_enabled=1
4963 - myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
4964 - fi
4965 -
4966 - if use nginx_modules_http_metrics; then
4967 - http_enabled=1
4968 - myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
4969 - fi
4970 -
4971 - if use nginx_modules_http_naxsi ; then
4972 - http_enabled=1
4973 - myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
4974 - fi
4975 -
4976 - if use rtmp ; then
4977 - http_enabled=1
4978 - myconf+=( --add-module=${RTMP_MODULE_WD} )
4979 - fi
4980 -
4981 - if use nginx_modules_http_dav_ext ; then
4982 - http_enabled=1
4983 - myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
4984 - fi
4985 -
4986 - if use nginx_modules_http_echo ; then
4987 - http_enabled=1
4988 - myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
4989 - fi
4990 -
4991 - if use nginx_modules_http_security ; then
4992 - http_enabled=1
4993 - myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
4994 - fi
4995 -
4996 - if use nginx_modules_http_push_stream ; then
4997 - http_enabled=1
4998 - myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
4999 - fi
5000 -
5001 - if use nginx_modules_http_sticky ; then
5002 - http_enabled=1
5003 - myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
5004 - fi
5005 -
5006 - if use nginx_modules_http_mogilefs ; then
5007 - http_enabled=1
5008 - myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
5009 - fi
5010 -
5011 - if use nginx_modules_http_memc ; then
5012 - http_enabled=1
5013 - myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
5014 - fi
5015 -
5016 - if use nginx_modules_http_auth_ldap; then
5017 - http_enabled=1
5018 - myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
5019 - fi
5020 -
5021 - if use nginx_modules_http_vhost_traffic_status; then
5022 - http_enabled=1
5023 - myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
5024 - fi
5025 -
5026 - if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
5027 - myconf+=( --add-module=${GEOIP2_MODULE_WD} )
5028 - fi
5029 -
5030 - if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
5031 - myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
5032 - fi
5033 -
5034 - if use nginx_modules_http_brotli; then
5035 - http_enabled=1
5036 - myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
5037 - fi
5038 -
5039 - if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
5040 - http_enabled=1
5041 - fi
5042 -
5043 - if [ $http_enabled ]; then
5044 - use http-cache || myconf+=( --without-http-cache )
5045 - use ssl && myconf+=( --with-http_ssl_module )
5046 - else
5047 - myconf+=( --without-http --without-http-cache )
5048 - fi
5049 -
5050 - # Stream modules
5051 - for mod in $NGINX_MODULES_STREAM_STD; do
5052 - if use nginx_modules_stream_${mod}; then
5053 - stream_enabled=1
5054 - else
5055 - myconf+=( --without-stream_${mod}_module )
5056 - fi
5057 - done
5058 -
5059 - for mod in $NGINX_MODULES_STREAM_OPT; do
5060 - if use nginx_modules_stream_${mod}; then
5061 - stream_enabled=1
5062 - myconf+=( --with-stream_${mod}_module )
5063 - fi
5064 - done
5065 -
5066 - if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
5067 - stream_enabled=1
5068 - fi
5069 -
5070 - if [ $stream_enabled ]; then
5071 - myconf+=( --with-stream )
5072 - use ssl && myconf+=( --with-stream_ssl_module )
5073 - fi
5074 -
5075 - # MAIL modules
5076 - for mod in $NGINX_MODULES_MAIL; do
5077 - if use nginx_modules_mail_${mod}; then
5078 - mail_enabled=1
5079 - else
5080 - myconf+=( --without-mail_${mod}_module )
5081 - fi
5082 - done
5083 -
5084 - if [ $mail_enabled ]; then
5085 - myconf+=( --with-mail )
5086 - use ssl && myconf+=( --with-mail_ssl_module )
5087 - fi
5088 -
5089 - # custom modules
5090 - for mod in $NGINX_ADD_MODULES; do
5091 - myconf+=( --add-module=${mod} )
5092 - done
5093 -
5094 - # https://bugs.gentoo.org/286772
5095 - export LANG=C LC_ALL=C
5096 - tc-export CC
5097 -
5098 - if ! use prefix; then
5099 - myconf+=( --user=${PN} )
5100 - myconf+=( --group=${PN} )
5101 - fi
5102 -
5103 - local WITHOUT_IPV6=
5104 - if ! use ipv6; then
5105 - WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
5106 - fi
5107 -
5108 - if [[ -n "${EXTRA_ECONF}" ]]; then
5109 - myconf+=( ${EXTRA_ECONF} )
5110 - ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
5111 - fi
5112 -
5113 - ./configure \
5114 - --prefix="${EPREFIX}"/usr \
5115 - --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
5116 - --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
5117 - --pid-path="${EPREFIX}"/run/${PN}.pid \
5118 - --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
5119 - --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
5120 - --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
5121 - --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
5122 - --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
5123 - --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
5124 - --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
5125 - --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
5126 - --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
5127 - --with-compat \
5128 - "${myconf[@]}" || die "configure failed"
5129 -
5130 - # A purely cosmetic change that makes nginx -V more readable. This can be
5131 - # good if people outside the gentoo community would troubleshoot and
5132 - # question the users setup.
5133 - sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
5134 -}
5135 -
5136 -src_compile() {
5137 - use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
5138 -
5139 - # https://bugs.gentoo.org/286772
5140 - export LANG=C LC_ALL=C
5141 - emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
5142 -}
5143 -
5144 -src_install() {
5145 - emake DESTDIR="${D%/}" install
5146 -
5147 - cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
5148 -
5149 - newinitd "${FILESDIR}"/nginx.initd-r4 nginx
5150 - newconfd "${FILESDIR}"/nginx.confd nginx
5151 -
5152 - systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
5153 -
5154 - doman man/nginx.8
5155 - dodoc CHANGES* README
5156 -
5157 - # just keepdir. do not copy the default htdocs files (bug #449136)
5158 - keepdir /var/www/localhost
5159 - rm -rf "${D}"usr/html || die
5160 -
5161 - # set up a list of directories to keep
5162 - local keepdir_list="${NGINX_HOME_TMP}"/client
5163 - local module
5164 - for module in proxy fastcgi scgi uwsgi; do
5165 - use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
5166 - done
5167 -
5168 - keepdir /var/log/nginx ${keepdir_list}
5169 -
5170 - # this solves a problem with SELinux where nginx doesn't see the directories
5171 - # as root and tries to create them as nginx
5172 - fperms 0750 "${NGINX_HOME_TMP}"
5173 - fowners ${PN}:0 "${NGINX_HOME_TMP}"
5174 -
5175 - fperms 0700 ${keepdir_list}
5176 - fowners ${PN}:${PN} ${keepdir_list}
5177 -
5178 - fperms 0710 /var/log/nginx
5179 - fowners 0:${PN} /var/log/nginx
5180 -
5181 - # logrotate
5182 - insinto /etc/logrotate.d
5183 - newins "${FILESDIR}"/nginx.logrotate-r1 nginx
5184 -
5185 - if use nginx_modules_http_perl; then
5186 - cd "${S}"/objs/src/http/modules/perl/ || die
5187 - emake DESTDIR="${D}" INSTALLDIRS=vendor
5188 - perl_delete_localpod
5189 - cd "${S}" || die
5190 - fi
5191 -
5192 - if use nginx_modules_http_cache_purge; then
5193 - docinto ${HTTP_CACHE_PURGE_MODULE_P}
5194 - dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
5195 - fi
5196 -
5197 - if use nginx_modules_http_slowfs_cache; then
5198 - docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
5199 - dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
5200 - fi
5201 -
5202 - if use nginx_modules_http_fancyindex; then
5203 - docinto ${HTTP_FANCYINDEX_MODULE_P}
5204 - dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
5205 - fi
5206 -
5207 - if use nginx_modules_http_lua; then
5208 - docinto ${HTTP_LUA_MODULE_P}
5209 - dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
5210 - fi
5211 -
5212 - if use nginx_modules_http_auth_pam; then
5213 - docinto ${HTTP_AUTH_PAM_MODULE_P}
5214 - dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
5215 - fi
5216 -
5217 - if use nginx_modules_http_upstream_check; then
5218 - docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
5219 - dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
5220 - fi
5221 -
5222 - if use nginx_modules_http_naxsi; then
5223 - insinto /etc/nginx
5224 - doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
5225 - fi
5226 -
5227 - if use rtmp; then
5228 - docinto ${RTMP_MODULE_P}
5229 - dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
5230 - fi
5231 -
5232 - if use nginx_modules_http_dav_ext; then
5233 - docinto ${HTTP_DAV_EXT_MODULE_P}
5234 - dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
5235 - fi
5236 -
5237 - if use nginx_modules_http_echo; then
5238 - docinto ${HTTP_ECHO_MODULE_P}
5239 - dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
5240 - fi
5241 -
5242 - if use nginx_modules_http_security; then
5243 - docinto ${HTTP_SECURITY_MODULE_P}
5244 - dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
5245 - fi
5246 -
5247 - if use nginx_modules_http_push_stream; then
5248 - docinto ${HTTP_PUSH_STREAM_MODULE_P}
5249 - dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
5250 - fi
5251 -
5252 - if use nginx_modules_http_sticky; then
5253 - docinto ${HTTP_STICKY_MODULE_P}
5254 - dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
5255 - fi
5256 -
5257 - if use nginx_modules_http_memc; then
5258 - docinto ${HTTP_MEMC_MODULE_P}
5259 - dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
5260 - fi
5261 -
5262 - if use nginx_modules_http_auth_ldap; then
5263 - docinto ${HTTP_LDAP_MODULE_P}
5264 - dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
5265 - fi
5266 -}
5267 -
5268 -pkg_postinst() {
5269 - if use ssl; then
5270 - if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
5271 - install_cert /etc/ssl/${PN}/${PN}
5272 - use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
5273 - fi
5274 - fi
5275 -
5276 - if use nginx_modules_http_spdy; then
5277 - ewarn ""
5278 - ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
5279 - ewarn "Update your configs and package.use accordingly."
5280 - fi
5281 -
5282 - if use nginx_modules_http_lua; then
5283 - ewarn ""
5284 - ewarn "While you can build lua 3rd party module against ${P}"
5285 - ewarn "the author warns that >=${PN}-1.11.11 is still not an"
5286 - ewarn "officially supported target yet. You are on your own."
5287 - ewarn "Expect runtime failures, memory leaks and other problems!"
5288 - fi
5289 -
5290 - if use nginx_modules_http_lua && use http2; then
5291 - ewarn ""
5292 - ewarn "Lua 3rd party module author warns against using ${P} with"
5293 - ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
5294 - fi
5295 -
5296 - local _n_permission_layout_checks=0
5297 - local _has_to_adjust_permissions=0
5298 - local _has_to_show_permission_warning=0
5299 -
5300 - # Defaults to 1 to inform people doing a fresh installation
5301 - # that we ship modified {scgi,uwsgi,fastcgi}_params files
5302 - local _has_to_show_httpoxy_mitigation_notice=1
5303 -
5304 - local _replacing_version=
5305 - for _replacing_version in ${REPLACING_VERSIONS}; do
5306 - _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
5307 -
5308 - if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
5309 - # Should never happen:
5310 - # Package is abusing slots but doesn't allow multiple parallel installations.
5311 - # If we run into this situation it is unsafe to automatically adjust any
5312 - # permission...
5313 - _has_to_show_permission_warning=1
5314 -
5315 - ewarn "Replacing multiple ${PN}' versions is unsupported! " \
5316 - "You will have to adjust permissions on your own."
5317 -
5318 - break
5319 - fi
5320 -
5321 - local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
5322 - debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
5323 -
5324 - # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
5325 - # This was before we introduced multiple nginx versions so we
5326 - # do not need to distinguish between stable and mainline
5327 - local _need_to_fix_CVE2013_0337=1
5328 -
5329 - if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
5330 - # We are updating an installation which should already be fixed
5331 - _need_to_fix_CVE2013_0337=0
5332 - debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
5333 - else
5334 - _has_to_adjust_permissions=1
5335 - debug-print "Need to adjust permissions to fix CVE-2013-0337!"
5336 - fi
5337 -
5338 - # Do we need to inform about HTTPoxy mitigation?
5339 - # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
5340 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
5341 - # Updating from <1.10
5342 - _has_to_show_httpoxy_mitigation_notice=1
5343 - debug-print "Need to inform about HTTPoxy mitigation!"
5344 - else
5345 - # Updating from >=1.10
5346 - local _fixed_in_pvr=
5347 - case "${_replacing_version_branch}" in
5348 - "1.10")
5349 - _fixed_in_pvr="1.10.1-r2"
5350 - ;;
5351 - "1.11")
5352 - _fixed_in_pvr="1.11.3-r1"
5353 - ;;
5354 - *)
5355 - # This should be any future branch.
5356 - # If we run this code it is safe to assume that the user has
5357 - # already seen the HTTPoxy mitigation notice because he/she is doing
5358 - # an update from previous version where we have already shown
5359 - # the warning. Otherwise, we wouldn't hit this code path ...
5360 - _fixed_in_pvr=
5361 - esac
5362 -
5363 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
5364 - # We are updating an installation where we already informed
5365 - # that we are mitigating HTTPoxy per default
5366 - _has_to_show_httpoxy_mitigation_notice=0
5367 - debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
5368 - else
5369 - _has_to_show_httpoxy_mitigation_notice=1
5370 - debug-print "Need to inform about HTTPoxy mitigation!"
5371 - fi
5372 - fi
5373 -
5374 - # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
5375 - # All branches up to 1.11 are affected
5376 - local _need_to_fix_CVE2016_1247=1
5377 -
5378 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
5379 - # Updating from <1.10
5380 - _has_to_adjust_permissions=1
5381 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
5382 - else
5383 - # Updating from >=1.10
5384 - local _fixed_in_pvr=
5385 - case "${_replacing_version_branch}" in
5386 - "1.10")
5387 - _fixed_in_pvr="1.10.2-r3"
5388 - ;;
5389 - "1.11")
5390 - _fixed_in_pvr="1.11.6-r1"
5391 - ;;
5392 - *)
5393 - # This should be any future branch.
5394 - # If we run this code it is safe to assume that we have already
5395 - # adjusted permissions or were never affected because user is
5396 - # doing an update from previous version which was safe or did
5397 - # the adjustments. Otherwise, we wouldn't hit this code path ...
5398 - _fixed_in_pvr=
5399 - esac
5400 -
5401 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
5402 - # We are updating an installation which should already be adjusted
5403 - # or which was never affected
5404 - _need_to_fix_CVE2016_1247=0
5405 - debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
5406 - else
5407 - _has_to_adjust_permissions=1
5408 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
5409 - fi
5410 - fi
5411 - done
5412 -
5413 - if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
5414 - # We do not DIE when chmod/chown commands are failing because
5415 - # package is already merged on user's system at this stage
5416 - # and we cannot retry without losing the information that
5417 - # the existing installation needs to adjust permissions.
5418 - # Instead we are going to a show a big warning ...
5419 -
5420 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
5421 - ewarn ""
5422 - ewarn "The world-readable bit (if set) has been removed from the"
5423 - ewarn "following directories to mitigate a security bug"
5424 - ewarn "(CVE-2013-0337, bug #458726):"
5425 - ewarn ""
5426 - ewarn " ${EPREFIX%/}/var/log/nginx"
5427 - ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
5428 - ewarn ""
5429 - ewarn "Check if this is correct for your setup before restarting nginx!"
5430 - ewarn "This is a one-time change and will not happen on subsequent updates."
5431 - ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
5432 - chmod o-rwx \
5433 - "${EPREFIX%/}"/var/log/nginx \
5434 - "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
5435 - _has_to_show_permission_warning=1
5436 - fi
5437 -
5438 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
5439 - ewarn ""
5440 - ewarn "The permissions on the following directory have been reset in"
5441 - ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
5442 - ewarn ""
5443 - ewarn " ${EPREFIX%/}/var/log/nginx"
5444 - ewarn ""
5445 - ewarn "Check if this is correct for your setup before restarting nginx!"
5446 - ewarn "Also ensure that no other log directory used by any of your"
5447 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
5448 - ewarn "used by nginx can be abused to escalate privileges!"
5449 - ewarn "This is a one-time change and will not happen on subsequent updates."
5450 - chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
5451 - chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
5452 - fi
5453 -
5454 - if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
5455 - # Should never happen ...
5456 - ewarn ""
5457 - ewarn "*************************************************************"
5458 - ewarn "*************** W A R N I N G ***************"
5459 - ewarn "*************************************************************"
5460 - ewarn "The one-time only attempt to adjust permissions of the"
5461 - ewarn "existing nginx installation failed. Be aware that we will not"
5462 - ewarn "try to adjust the same permissions again because now you are"
5463 - ewarn "using a nginx version where we expect that the permissions"
5464 - ewarn "are already adjusted or that you know what you are doing and"
5465 - ewarn "want to keep custom permissions."
5466 - ewarn ""
5467 - fi
5468 - fi
5469 -
5470 - # Sanity check for CVE-2016-1247
5471 - # Required to warn users who received the warning above and thought
5472 - # they could fix it by unmerging and re-merging the package or have
5473 - # unmerged a affected installation on purpose in the past leaving
5474 - # /var/log/nginx on their system due to keepdir/non-empty folder
5475 - # and are now installing the package again.
5476 - local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
5477 - su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
5478 - if [ $? -eq 0 ] ; then
5479 - # Cleanup -- no reason to die here!
5480 - rm -f "${_sanity_check_testfile}"
5481 -
5482 - ewarn ""
5483 - ewarn "*************************************************************"
5484 - ewarn "*************** W A R N I N G ***************"
5485 - ewarn "*************************************************************"
5486 - ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
5487 - ewarn "(bug #605008) because nginx user is able to create files in"
5488 - ewarn ""
5489 - ewarn " ${EPREFIX%/}/var/log/nginx"
5490 - ewarn ""
5491 - ewarn "Also ensure that no other log directory used by any of your"
5492 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
5493 - ewarn "used by nginx can be abused to escalate privileges!"
5494 - fi
5495 -
5496 - if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
5497 - # HTTPoxy mitigation
5498 - ewarn ""
5499 - ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
5500 - ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
5501 - ewarn "the HTTP_PROXY parameter to an empty string per default when you"
5502 - ewarn "are sourcing one of the default"
5503 - ewarn ""
5504 - ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
5505 - ewarn " - 'scgi_params'"
5506 - ewarn " - 'uwsgi_params'"
5507 - ewarn ""
5508 - ewarn "files in your server block(s)."
5509 - ewarn ""
5510 - ewarn "If this is causing any problems for you make sure that you are sourcing the"
5511 - ewarn "default parameters _before_ you set your own values."
5512 - ewarn "If you are relying on user-supplied proxy values you have to remove the"
5513 - ewarn "correlating lines from the file(s) mentioned above."
5514 - ewarn ""
5515 - fi
5516 -}
5517
5518 diff --git a/www-servers/nginx/nginx-1.15.8-r1.ebuild b/www-servers/nginx/nginx-1.15.8-r1.ebuild
5519 deleted file mode 100644
5520 index 7a4dcf18e15..00000000000
5521 --- a/www-servers/nginx/nginx-1.15.8-r1.ebuild
5522 +++ /dev/null
5523 @@ -1,1087 +0,0 @@
5524 -# Copyright 1999-2018 Gentoo Authors
5525 -# Distributed under the terms of the GNU General Public License v2
5526 -
5527 -EAPI="6"
5528 -
5529 -# Maintainer notes:
5530 -# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
5531 -# - any http-module activates the main http-functionality and overrides USE=-http
5532 -# - keep the following requirements in mind before adding external modules:
5533 -# * alive upstream
5534 -# * sane packaging
5535 -# * builds cleanly
5536 -# * does not need a patch for nginx core
5537 -# - TODO: test the google-perftools module (included in vanilla tarball)
5538 -
5539 -# prevent perl-module from adding automagic perl DEPENDs
5540 -GENTOO_DEPEND_ON_PERL="no"
5541 -
5542 -# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
5543 -DEVEL_KIT_MODULE_PV="0.3.0"
5544 -DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
5545 -DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
5546 -DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
5547 -
5548 -# ngx_brotli (https://github.com/eustas/ngx_brotli, BSD-2)
5549 -HTTP_BROTLI_MODULE_PV="8104036af9cff4b1d34f22d00ba857e2a93a243c"
5550 -HTTP_BROTLI_MODULE_P="ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
5551 -HTTP_BROTLI_MODULE_URI="https://github.com/eustas/ngx_brotli/archive/${HTTP_BROTLI_MODULE_PV}.tar.gz"
5552 -HTTP_BROTLI_MODULE_WD="${WORKDIR}/ngx_brotli-${HTTP_BROTLI_MODULE_PV}"
5553 -
5554 -# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
5555 -HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
5556 -HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
5557 -HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
5558 -HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
5559 -
5560 -# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
5561 -HTTP_HEADERS_MORE_MODULE_PV="0.33"
5562 -HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
5563 -HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
5564 -HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
5565 -
5566 -# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
5567 -HTTP_CACHE_PURGE_MODULE_PV="2.3"
5568 -HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
5569 -HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
5570 -HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
5571 -
5572 -# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
5573 -HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
5574 -HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
5575 -HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
5576 -HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
5577 -
5578 -# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
5579 -HTTP_FANCYINDEX_MODULE_PV="0.4.3"
5580 -HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
5581 -HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
5582 -HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
5583 -
5584 -# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
5585 -HTTP_LUA_MODULE_PV="0.10.13"
5586 -HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
5587 -HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
5588 -HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
5589 -
5590 -# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
5591 -HTTP_AUTH_PAM_MODULE_PV="1.5.1"
5592 -HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
5593 -HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
5594 -HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
5595 -
5596 -# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
5597 -HTTP_UPSTREAM_CHECK_MODULE_PV="9aecf15ec379fe98f62355c57b60c0bc83296f04"
5598 -HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
5599 -HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
5600 -HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
5601 -
5602 -# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
5603 -HTTP_METRICS_MODULE_PV="0.1.1"
5604 -HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
5605 -HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
5606 -HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
5607 -
5608 -# http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts, BSD license)
5609 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="46d85558e344dfe2b078ce757fd36c69a1ec2dd3"
5610 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="ngx_http_vhost_traffic_status-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
5611 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/vozlt/nginx-module-vts/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}.tar.gz"
5612 -HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/nginx-module-vts-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}"
5613 -
5614 -# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
5615 -HTTP_NAXSI_MODULE_PV="0.56"
5616 -HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
5617 -HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
5618 -HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
5619 -
5620 -# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
5621 -RTMP_MODULE_PV="1.2.1"
5622 -RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
5623 -RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
5624 -RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
5625 -
5626 -# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
5627 -HTTP_DAV_EXT_MODULE_PV="3.0.0"
5628 -HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
5629 -HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
5630 -HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
5631 -
5632 -# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
5633 -HTTP_ECHO_MODULE_PV="0.61"
5634 -HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
5635 -HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
5636 -HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
5637 -
5638 -# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
5639 -# keep the MODULE_P here consistent with upstream to avoid tarball duplication
5640 -HTTP_SECURITY_MODULE_PV="2.9.3"
5641 -HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
5642 -HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
5643 -HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
5644 -
5645 -# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
5646 -HTTP_PUSH_STREAM_MODULE_PV="0.5.4"
5647 -HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
5648 -HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
5649 -HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
5650 -
5651 -# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
5652 -HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
5653 -HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
5654 -HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
5655 -HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
5656 -
5657 -# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
5658 -HTTP_MOGILEFS_MODULE_PV="1.0.4"
5659 -HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
5660 -HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
5661 -HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
5662 -
5663 -# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
5664 -HTTP_MEMC_MODULE_PV="0.19"
5665 -HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
5666 -HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
5667 -HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
5668 -
5669 -# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
5670 -HTTP_LDAP_MODULE_PV="42d195d7a7575ebab1c369ad3fc5d78dc2c2669c"
5671 -HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
5672 -HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
5673 -HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
5674 -
5675 -# geoip2 (https://github.com/leev/ngx_http_geoip2_module, BSD-2)
5676 -GEOIP2_MODULE_PV="2.0"
5677 -GEOIP2_MODULE_P="ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
5678 -GEOIP2_MODULE_URI="https://github.com/leev/ngx_http_geoip2_module/archive/${GEOIP2_MODULE_PV}.tar.gz"
5679 -GEOIP2_MODULE_WD="${WORKDIR}/ngx_http_geoip2_module-${GEOIP2_MODULE_PV}"
5680 -
5681 -# njs-module (https://github.com/nginx/njs, as-is)
5682 -NJS_MODULE_PV="0.2.7"
5683 -NJS_MODULE_P="njs-${NJS_MODULE_PV}"
5684 -NJS_MODULE_URI="https://github.com/nginx/njs/archive/${NJS_MODULE_PV}.tar.gz"
5685 -NJS_MODULE_WD="${WORKDIR}/njs-${NJS_MODULE_PV}"
5686 -
5687 -# We handle deps below ourselves
5688 -SSL_DEPS_SKIP=1
5689 -AUTOTOOLS_AUTO_DEPEND="no"
5690 -
5691 -inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
5692 -
5693 -DESCRIPTION="Robust, small and high performance http and reverse proxy server"
5694 -HOMEPAGE="https://nginx.org"
5695 -SRC_URI="https://nginx.org/download/${P}.tar.gz
5696 - ${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
5697 - nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )
5698 - nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
5699 - nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz )
5700 - nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
5701 - nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
5702 - nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
5703 - nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
5704 - nginx_modules_http_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
5705 - nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
5706 - nginx_modules_http_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
5707 - nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
5708 - nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
5709 - nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
5710 - nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
5711 - nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
5712 - nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
5713 - nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
5714 - nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
5715 - nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
5716 - nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
5717 - nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
5718 - nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz )
5719 - nginx_modules_stream_geoip2? ( ${GEOIP2_MODULE_URI} -> ${GEOIP2_MODULE_P}.tar.gz )
5720 - nginx_modules_stream_javascript? ( ${NJS_MODULE_URI} -> ${NJS_MODULE_P}.tar.gz )
5721 - rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )"
5722 -
5723 -LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
5724 - nginx_modules_http_security? ( Apache-2.0 )
5725 - nginx_modules_http_push_stream? ( GPL-3 )"
5726 -
5727 -SLOT="mainline"
5728 -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
5729 -
5730 -# Package doesn't provide a real test suite
5731 -RESTRICT="test"
5732 -
5733 -NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
5734 - fastcgi geo grpc gzip limit_req limit_conn map memcached mirror
5735 - proxy referer rewrite scgi ssi split_clients upstream_hash
5736 - upstream_ip_hash upstream_keepalive upstream_least_conn
5737 - upstream_zone userid uwsgi"
5738 -NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
5739 - gzip_static image_filter mp4 perl random_index realip secure_link
5740 - slice stub_status sub xslt"
5741 -NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
5742 - upstream_hash upstream_least_conn upstream_zone"
5743 -NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
5744 -NGINX_MODULES_MAIL="imap pop3 smtp"
5745 -NGINX_MODULES_3RD="
5746 - http_auth_ldap
5747 - http_auth_pam
5748 - http_brotli
5749 - http_cache_purge
5750 - http_dav_ext
5751 - http_echo
5752 - http_fancyindex
5753 - http_geoip2
5754 - http_headers_more
5755 - http_javascript
5756 - http_lua
5757 - http_memc
5758 - http_metrics
5759 - http_mogilefs
5760 - http_naxsi
5761 - http_push_stream
5762 - http_security
5763 - http_slowfs_cache
5764 - http_sticky
5765 - http_upload_progress
5766 - http_upstream_check
5767 - http_vhost_traffic_status
5768 - stream_geoip2
5769 - stream_javascript
5770 -"
5771 -
5772 -IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
5773 - pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
5774 -
5775 -for mod in $NGINX_MODULES_STD; do
5776 - IUSE="${IUSE} +nginx_modules_http_${mod}"
5777 -done
5778 -
5779 -for mod in $NGINX_MODULES_OPT; do
5780 - IUSE="${IUSE} nginx_modules_http_${mod}"
5781 -done
5782 -
5783 -for mod in $NGINX_MODULES_STREAM_STD; do
5784 - IUSE="${IUSE} nginx_modules_stream_${mod}"
5785 -done
5786 -
5787 -for mod in $NGINX_MODULES_STREAM_OPT; do
5788 - IUSE="${IUSE} nginx_modules_stream_${mod}"
5789 -done
5790 -
5791 -for mod in $NGINX_MODULES_MAIL; do
5792 - IUSE="${IUSE} nginx_modules_mail_${mod}"
5793 -done
5794 -
5795 -for mod in $NGINX_MODULES_3RD; do
5796 - IUSE="${IUSE} nginx_modules_${mod}"
5797 -done
5798 -
5799 -# Add so we can warn users updating about config changes
5800 -# @TODO: jbergstroem: remove on next release series
5801 -IUSE="${IUSE} nginx_modules_http_spdy"
5802 -
5803 -CDEPEND="
5804 - pcre? ( dev-libs/libpcre:= )
5805 - pcre-jit? ( dev-libs/libpcre:=[jit] )
5806 - ssl? (
5807 - !libressl? ( dev-libs/openssl:0= )
5808 - libressl? ( dev-libs/libressl:= )
5809 - )
5810 - http2? (
5811 - !libressl? ( >=dev-libs/openssl-1.0.1c:0= )
5812 - libressl? ( dev-libs/libressl:= )
5813 - )
5814 - http-cache? (
5815 - userland_GNU? (
5816 - !libressl? ( dev-libs/openssl:0= )
5817 - libressl? ( dev-libs/libressl:= )
5818 - )
5819 - )
5820 - nginx_modules_http_brotli? ( app-arch/brotli:= )
5821 - nginx_modules_http_geoip? ( dev-libs/geoip )
5822 - nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
5823 - nginx_modules_http_gunzip? ( sys-libs/zlib )
5824 - nginx_modules_http_gzip? ( sys-libs/zlib )
5825 - nginx_modules_http_gzip_static? ( sys-libs/zlib )
5826 - nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
5827 - nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
5828 - nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
5829 - nginx_modules_http_secure_link? (
5830 - userland_GNU? (
5831 - !libressl? ( dev-libs/openssl:0= )
5832 - libressl? ( dev-libs/libressl:= )
5833 - )
5834 - )
5835 - nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
5836 - nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
5837 - nginx_modules_http_auth_pam? ( virtual/pam )
5838 - nginx_modules_http_metrics? ( dev-libs/yajl:= )
5839 - nginx_modules_http_dav_ext? ( dev-libs/libxml2 )
5840 - nginx_modules_http_security? (
5841 - dev-libs/apr:=
5842 - dev-libs/apr-util:=
5843 - dev-libs/libxml2:=
5844 - net-misc/curl
5845 - www-servers/apache
5846 - )
5847 - nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )
5848 - nginx_modules_stream_geoip? ( dev-libs/geoip )
5849 - nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= )"
5850 -RDEPEND="${CDEPEND}
5851 - selinux? ( sec-policy/selinux-nginx )
5852 - !www-servers/nginx:0"
5853 -DEPEND="${CDEPEND}
5854 - nginx_modules_http_brotli? ( virtual/pkgconfig )
5855 - nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
5856 - arm? ( dev-libs/libatomic_ops )
5857 - libatomic? ( dev-libs/libatomic_ops )"
5858 -PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
5859 -
5860 -REQUIRED_USE="pcre-jit? ( pcre )
5861 - nginx_modules_http_grpc? ( http2 )
5862 - nginx_modules_http_lua? ( nginx_modules_http_rewrite )
5863 - nginx_modules_http_naxsi? ( pcre )
5864 - nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
5865 - nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
5866 - nginx_modules_http_security? ( pcre )
5867 - nginx_modules_http_push_stream? ( ssl )"
5868 -
5869 -pkg_setup() {
5870 - NGINX_HOME="/var/lib/nginx"
5871 - NGINX_HOME_TMP="${NGINX_HOME}/tmp"
5872 -
5873 - ebegin "Creating nginx user and group"
5874 - enewgroup ${PN}
5875 - enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
5876 - eend $?
5877 -
5878 - if use libatomic; then
5879 - ewarn "GCC 4.1+ features built-in atomic operations."
5880 - ewarn "Using libatomic_ops is only needed if using"
5881 - ewarn "a different compiler or a GCC prior to 4.1"
5882 - fi
5883 -
5884 - if [[ -n $NGINX_ADD_MODULES ]]; then
5885 - ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
5886 - ewarn "This nginx installation is not supported!"
5887 - ewarn "Make sure you can reproduce the bug without those modules"
5888 - ewarn "_before_ reporting bugs."
5889 - fi
5890 -
5891 - if use !http; then
5892 - ewarn "To actually disable all http-functionality you also have to disable"
5893 - ewarn "all nginx http modules."
5894 - fi
5895 -
5896 - if use nginx_modules_http_mogilefs && use threads; then
5897 - eerror "mogilefs won't compile with threads support."
5898 - eerror "Please disable either flag and try again."
5899 - die "Can't compile mogilefs with threads support"
5900 - fi
5901 -}
5902 -
5903 -src_prepare() {
5904 - eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
5905 - eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
5906 -
5907 - if use nginx_modules_http_auth_pam; then
5908 - cd "${HTTP_AUTH_PAM_MODULE_WD}" || die
5909 - eapply "${FILESDIR}"/http_auth_pam-1.5.1-adjust-loglevel-for-authentication-failures.patch
5910 - cd "${S}" || die
5911 - fi
5912 -
5913 - if use nginx_modules_http_brotli; then
5914 - cd "${HTTP_BROTLI_MODULE_WD}" || die
5915 - eapply "${FILESDIR}"/http_brotli-detect-brotli-r2.patch
5916 - cd "${S}" || die
5917 - fi
5918 -
5919 - if use nginx_modules_http_upstream_check; then
5920 - eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
5921 - fi
5922 -
5923 - if use nginx_modules_http_cache_purge; then
5924 - cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
5925 - eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
5926 - cd "${S}" || die
5927 - fi
5928 -
5929 - if use nginx_modules_http_security; then
5930 - cd "${HTTP_SECURITY_MODULE_WD}" || die
5931 -
5932 - eautoreconf
5933 -
5934 - if use luajit ; then
5935 - sed -i \
5936 - -e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
5937 - configure || die
5938 - fi
5939 -
5940 - cd "${S}" || die
5941 - fi
5942 -
5943 - if use nginx_modules_http_upload_progress; then
5944 - cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
5945 - eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
5946 - cd "${S}" || die
5947 - fi
5948 -
5949 - find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
5950 - # We have config protection, don't rename etc files
5951 - sed -i 's:.default::' auto/install || die
5952 - # remove useless files
5953 - sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
5954 -
5955 - # don't install to /etc/nginx/ if not in use
5956 - local module
5957 - for module in fastcgi scgi uwsgi ; do
5958 - if ! use nginx_modules_http_${module}; then
5959 - sed -i -e "/${module}/d" auto/install || die
5960 - fi
5961 - done
5962 -
5963 - eapply_user
5964 -}
5965 -
5966 -src_configure() {
5967 - # mod_security needs to generate nginx/modsecurity/config before including it
5968 - if use nginx_modules_http_security; then
5969 - cd "${HTTP_SECURITY_MODULE_WD}" || die
5970 -
5971 - ./configure \
5972 - --enable-standalone-module \
5973 - --disable-mlogc \
5974 - --with-ssdeep=no \
5975 - $(use_enable pcre-jit) \
5976 - $(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
5977 -
5978 - cd "${S}" || die
5979 - fi
5980 -
5981 - local myconf=() http_enabled= mail_enabled= stream_enabled=
5982 -
5983 - use aio && myconf+=( --with-file-aio )
5984 - use debug && myconf+=( --with-debug )
5985 - use http2 && myconf+=( --with-http_v2_module )
5986 - use libatomic && myconf+=( --with-libatomic )
5987 - use pcre && myconf+=( --with-pcre )
5988 - use pcre-jit && myconf+=( --with-pcre-jit )
5989 - use threads && myconf+=( --with-threads )
5990 -
5991 - # HTTP modules
5992 - for mod in $NGINX_MODULES_STD; do
5993 - if use nginx_modules_http_${mod}; then
5994 - http_enabled=1
5995 - else
5996 - myconf+=( --without-http_${mod}_module )
5997 - fi
5998 - done
5999 -
6000 - for mod in $NGINX_MODULES_OPT; do
6001 - if use nginx_modules_http_${mod}; then
6002 - http_enabled=1
6003 - myconf+=( --with-http_${mod}_module )
6004 - fi
6005 - done
6006 -
6007 - if use nginx_modules_http_fastcgi; then
6008 - myconf+=( --with-http_realip_module )
6009 - fi
6010 -
6011 - # third-party modules
6012 - if use nginx_modules_http_upload_progress; then
6013 - http_enabled=1
6014 - myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
6015 - fi
6016 -
6017 - if use nginx_modules_http_headers_more; then
6018 - http_enabled=1
6019 - myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
6020 - fi
6021 -
6022 - if use nginx_modules_http_cache_purge; then
6023 - http_enabled=1
6024 - myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
6025 - fi
6026 -
6027 - if use nginx_modules_http_slowfs_cache; then
6028 - http_enabled=1
6029 - myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
6030 - fi
6031 -
6032 - if use nginx_modules_http_fancyindex; then
6033 - http_enabled=1
6034 - myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
6035 - fi
6036 -
6037 - if use nginx_modules_http_lua; then
6038 - http_enabled=1
6039 - if use luajit; then
6040 - export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
6041 - export LUAJIT_INC=$(pkg-config --variable includedir luajit)
6042 - else
6043 - export LUA_LIB=$(pkg-config --variable libdir lua)
6044 - export LUA_INC=$(pkg-config --variable includedir lua)
6045 - fi
6046 - myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
6047 - myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
6048 - fi
6049 -
6050 - if use nginx_modules_http_auth_pam; then
6051 - http_enabled=1
6052 - myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
6053 - fi
6054 -
6055 - if use nginx_modules_http_upstream_check; then
6056 - http_enabled=1
6057 - myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
6058 - fi
6059 -
6060 - if use nginx_modules_http_metrics; then
6061 - http_enabled=1
6062 - myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
6063 - fi
6064 -
6065 - if use nginx_modules_http_naxsi ; then
6066 - http_enabled=1
6067 - myconf+=( --add-module=${HTTP_NAXSI_MODULE_WD} )
6068 - fi
6069 -
6070 - if use rtmp ; then
6071 - http_enabled=1
6072 - myconf+=( --add-module=${RTMP_MODULE_WD} )
6073 - fi
6074 -
6075 - if use nginx_modules_http_dav_ext ; then
6076 - http_enabled=1
6077 - myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
6078 - fi
6079 -
6080 - if use nginx_modules_http_echo ; then
6081 - http_enabled=1
6082 - myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
6083 - fi
6084 -
6085 - if use nginx_modules_http_security ; then
6086 - http_enabled=1
6087 - myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
6088 - fi
6089 -
6090 - if use nginx_modules_http_push_stream ; then
6091 - http_enabled=1
6092 - myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
6093 - fi
6094 -
6095 - if use nginx_modules_http_sticky ; then
6096 - http_enabled=1
6097 - myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
6098 - fi
6099 -
6100 - if use nginx_modules_http_mogilefs ; then
6101 - http_enabled=1
6102 - myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
6103 - fi
6104 -
6105 - if use nginx_modules_http_memc ; then
6106 - http_enabled=1
6107 - myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
6108 - fi
6109 -
6110 - if use nginx_modules_http_auth_ldap; then
6111 - http_enabled=1
6112 - myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
6113 - fi
6114 -
6115 - if use nginx_modules_http_vhost_traffic_status; then
6116 - http_enabled=1
6117 - myconf+=( --add-module=${HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD} )
6118 - fi
6119 -
6120 - if use nginx_modules_http_geoip2 || use nginx_modules_stream_geoip2; then
6121 - myconf+=( --add-module=${GEOIP2_MODULE_WD} )
6122 - fi
6123 -
6124 - if use nginx_modules_http_javascript || use nginx_modules_stream_javascript; then
6125 - myconf+=( --add-module="${NJS_MODULE_WD}/nginx" )
6126 - fi
6127 -
6128 - if use nginx_modules_http_brotli; then
6129 - http_enabled=1
6130 - myconf+=( --add-module=${HTTP_BROTLI_MODULE_WD} )
6131 - fi
6132 -
6133 - if use http || use http-cache || use http2 || use nginx_modules_http_javascript; then
6134 - http_enabled=1
6135 - fi
6136 -
6137 - if [ $http_enabled ]; then
6138 - use http-cache || myconf+=( --without-http-cache )
6139 - use ssl && myconf+=( --with-http_ssl_module )
6140 - else
6141 - myconf+=( --without-http --without-http-cache )
6142 - fi
6143 -
6144 - # Stream modules
6145 - for mod in $NGINX_MODULES_STREAM_STD; do
6146 - if use nginx_modules_stream_${mod}; then
6147 - stream_enabled=1
6148 - else
6149 - myconf+=( --without-stream_${mod}_module )
6150 - fi
6151 - done
6152 -
6153 - for mod in $NGINX_MODULES_STREAM_OPT; do
6154 - if use nginx_modules_stream_${mod}; then
6155 - stream_enabled=1
6156 - myconf+=( --with-stream_${mod}_module )
6157 - fi
6158 - done
6159 -
6160 - if use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then
6161 - stream_enabled=1
6162 - fi
6163 -
6164 - if [ $stream_enabled ]; then
6165 - myconf+=( --with-stream )
6166 - use ssl && myconf+=( --with-stream_ssl_module )
6167 - fi
6168 -
6169 - # MAIL modules
6170 - for mod in $NGINX_MODULES_MAIL; do
6171 - if use nginx_modules_mail_${mod}; then
6172 - mail_enabled=1
6173 - else
6174 - myconf+=( --without-mail_${mod}_module )
6175 - fi
6176 - done
6177 -
6178 - if [ $mail_enabled ]; then
6179 - myconf+=( --with-mail )
6180 - use ssl && myconf+=( --with-mail_ssl_module )
6181 - fi
6182 -
6183 - # custom modules
6184 - for mod in $NGINX_ADD_MODULES; do
6185 - myconf+=( --add-module=${mod} )
6186 - done
6187 -
6188 - # https://bugs.gentoo.org/286772
6189 - export LANG=C LC_ALL=C
6190 - tc-export CC
6191 -
6192 - if ! use prefix; then
6193 - myconf+=( --user=${PN} )
6194 - myconf+=( --group=${PN} )
6195 - fi
6196 -
6197 - local WITHOUT_IPV6=
6198 - if ! use ipv6; then
6199 - WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
6200 - fi
6201 -
6202 - if [[ -n "${EXTRA_ECONF}" ]]; then
6203 - myconf+=( ${EXTRA_ECONF} )
6204 - ewarn "EXTRA_ECONF applied. Now you are on your own, good luck!"
6205 - fi
6206 -
6207 - ./configure \
6208 - --prefix="${EPREFIX}"/usr \
6209 - --conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
6210 - --error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
6211 - --pid-path="${EPREFIX}"/run/${PN}.pid \
6212 - --lock-path="${EPREFIX}"/run/lock/${PN}.lock \
6213 - --with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
6214 - --with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
6215 - --http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
6216 - --http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
6217 - --http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
6218 - --http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
6219 - --http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
6220 - --http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
6221 - --with-compat \
6222 - "${myconf[@]}" || die "configure failed"
6223 -
6224 - # A purely cosmetic change that makes nginx -V more readable. This can be
6225 - # good if people outside the gentoo community would troubleshoot and
6226 - # question the users setup.
6227 - sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
6228 -}
6229 -
6230 -src_compile() {
6231 - use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
6232 -
6233 - # https://bugs.gentoo.org/286772
6234 - export LANG=C LC_ALL=C
6235 - emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
6236 -}
6237 -
6238 -src_install() {
6239 - emake DESTDIR="${D%/}" install
6240 -
6241 - cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
6242 -
6243 - newinitd "${FILESDIR}"/nginx.initd-r4 nginx
6244 - newconfd "${FILESDIR}"/nginx.confd nginx
6245 -
6246 - systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
6247 -
6248 - doman man/nginx.8
6249 - dodoc CHANGES* README
6250 -
6251 - # just keepdir. do not copy the default htdocs files (bug #449136)
6252 - keepdir /var/www/localhost
6253 - rm -rf "${D}"usr/html || die
6254 -
6255 - # set up a list of directories to keep
6256 - local keepdir_list="${NGINX_HOME_TMP}"/client
6257 - local module
6258 - for module in proxy fastcgi scgi uwsgi; do
6259 - use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
6260 - done
6261 -
6262 - keepdir /var/log/nginx ${keepdir_list}
6263 -
6264 - # this solves a problem with SELinux where nginx doesn't see the directories
6265 - # as root and tries to create them as nginx
6266 - fperms 0750 "${NGINX_HOME_TMP}"
6267 - fowners ${PN}:0 "${NGINX_HOME_TMP}"
6268 -
6269 - fperms 0700 ${keepdir_list}
6270 - fowners ${PN}:${PN} ${keepdir_list}
6271 -
6272 - fperms 0710 /var/log/nginx
6273 - fowners 0:${PN} /var/log/nginx
6274 -
6275 - # logrotate
6276 - insinto /etc/logrotate.d
6277 - newins "${FILESDIR}"/nginx.logrotate-r1 nginx
6278 -
6279 - if use nginx_modules_http_perl; then
6280 - cd "${S}"/objs/src/http/modules/perl/ || die
6281 - emake DESTDIR="${D}" INSTALLDIRS=vendor
6282 - perl_delete_localpod
6283 - cd "${S}" || die
6284 - fi
6285 -
6286 - if use nginx_modules_http_cache_purge; then
6287 - docinto ${HTTP_CACHE_PURGE_MODULE_P}
6288 - dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
6289 - fi
6290 -
6291 - if use nginx_modules_http_slowfs_cache; then
6292 - docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
6293 - dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
6294 - fi
6295 -
6296 - if use nginx_modules_http_fancyindex; then
6297 - docinto ${HTTP_FANCYINDEX_MODULE_P}
6298 - dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
6299 - fi
6300 -
6301 - if use nginx_modules_http_lua; then
6302 - docinto ${HTTP_LUA_MODULE_P}
6303 - dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
6304 - fi
6305 -
6306 - if use nginx_modules_http_auth_pam; then
6307 - docinto ${HTTP_AUTH_PAM_MODULE_P}
6308 - dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
6309 - fi
6310 -
6311 - if use nginx_modules_http_upstream_check; then
6312 - docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
6313 - dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
6314 - fi
6315 -
6316 - if use nginx_modules_http_naxsi; then
6317 - insinto /etc/nginx
6318 - doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
6319 - fi
6320 -
6321 - if use rtmp; then
6322 - docinto ${RTMP_MODULE_P}
6323 - dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
6324 - fi
6325 -
6326 - if use nginx_modules_http_dav_ext; then
6327 - docinto ${HTTP_DAV_EXT_MODULE_P}
6328 - dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
6329 - fi
6330 -
6331 - if use nginx_modules_http_echo; then
6332 - docinto ${HTTP_ECHO_MODULE_P}
6333 - dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
6334 - fi
6335 -
6336 - if use nginx_modules_http_security; then
6337 - docinto ${HTTP_SECURITY_MODULE_P}
6338 - dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,authors.txt}
6339 - fi
6340 -
6341 - if use nginx_modules_http_push_stream; then
6342 - docinto ${HTTP_PUSH_STREAM_MODULE_P}
6343 - dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
6344 - fi
6345 -
6346 - if use nginx_modules_http_sticky; then
6347 - docinto ${HTTP_STICKY_MODULE_P}
6348 - dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
6349 - fi
6350 -
6351 - if use nginx_modules_http_memc; then
6352 - docinto ${HTTP_MEMC_MODULE_P}
6353 - dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
6354 - fi
6355 -
6356 - if use nginx_modules_http_auth_ldap; then
6357 - docinto ${HTTP_LDAP_MODULE_P}
6358 - dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
6359 - fi
6360 -}
6361 -
6362 -pkg_postinst() {
6363 - if use ssl; then
6364 - if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
6365 - install_cert /etc/ssl/${PN}/${PN}
6366 - use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
6367 - fi
6368 - fi
6369 -
6370 - if use nginx_modules_http_spdy; then
6371 - ewarn ""
6372 - ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
6373 - ewarn "Update your configs and package.use accordingly."
6374 - fi
6375 -
6376 - if use nginx_modules_http_lua; then
6377 - ewarn ""
6378 - ewarn "While you can build lua 3rd party module against ${P}"
6379 - ewarn "the author warns that >=${PN}-1.11.11 is still not an"
6380 - ewarn "officially supported target yet. You are on your own."
6381 - ewarn "Expect runtime failures, memory leaks and other problems!"
6382 - fi
6383 -
6384 - if use nginx_modules_http_lua && use http2; then
6385 - ewarn ""
6386 - ewarn "Lua 3rd party module author warns against using ${P} with"
6387 - ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see https://git.io/OldLsg"
6388 - fi
6389 -
6390 - local _n_permission_layout_checks=0
6391 - local _has_to_adjust_permissions=0
6392 - local _has_to_show_permission_warning=0
6393 -
6394 - # Defaults to 1 to inform people doing a fresh installation
6395 - # that we ship modified {scgi,uwsgi,fastcgi}_params files
6396 - local _has_to_show_httpoxy_mitigation_notice=1
6397 -
6398 - local _replacing_version=
6399 - for _replacing_version in ${REPLACING_VERSIONS}; do
6400 - _n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
6401 -
6402 - if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
6403 - # Should never happen:
6404 - # Package is abusing slots but doesn't allow multiple parallel installations.
6405 - # If we run into this situation it is unsafe to automatically adjust any
6406 - # permission...
6407 - _has_to_show_permission_warning=1
6408 -
6409 - ewarn "Replacing multiple ${PN}' versions is unsupported! " \
6410 - "You will have to adjust permissions on your own."
6411 -
6412 - break
6413 - fi
6414 -
6415 - local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
6416 - debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
6417 -
6418 - # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
6419 - # This was before we introduced multiple nginx versions so we
6420 - # do not need to distinguish between stable and mainline
6421 - local _need_to_fix_CVE2013_0337=1
6422 -
6423 - if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
6424 - # We are updating an installation which should already be fixed
6425 - _need_to_fix_CVE2013_0337=0
6426 - debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
6427 - else
6428 - _has_to_adjust_permissions=1
6429 - debug-print "Need to adjust permissions to fix CVE-2013-0337!"
6430 - fi
6431 -
6432 - # Do we need to inform about HTTPoxy mitigation?
6433 - # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
6434 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
6435 - # Updating from <1.10
6436 - _has_to_show_httpoxy_mitigation_notice=1
6437 - debug-print "Need to inform about HTTPoxy mitigation!"
6438 - else
6439 - # Updating from >=1.10
6440 - local _fixed_in_pvr=
6441 - case "${_replacing_version_branch}" in
6442 - "1.10")
6443 - _fixed_in_pvr="1.10.1-r2"
6444 - ;;
6445 - "1.11")
6446 - _fixed_in_pvr="1.11.3-r1"
6447 - ;;
6448 - *)
6449 - # This should be any future branch.
6450 - # If we run this code it is safe to assume that the user has
6451 - # already seen the HTTPoxy mitigation notice because he/she is doing
6452 - # an update from previous version where we have already shown
6453 - # the warning. Otherwise, we wouldn't hit this code path ...
6454 - _fixed_in_pvr=
6455 - esac
6456 -
6457 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
6458 - # We are updating an installation where we already informed
6459 - # that we are mitigating HTTPoxy per default
6460 - _has_to_show_httpoxy_mitigation_notice=0
6461 - debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
6462 - else
6463 - _has_to_show_httpoxy_mitigation_notice=1
6464 - debug-print "Need to inform about HTTPoxy mitigation!"
6465 - fi
6466 - fi
6467 -
6468 - # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
6469 - # All branches up to 1.11 are affected
6470 - local _need_to_fix_CVE2016_1247=1
6471 -
6472 - if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
6473 - # Updating from <1.10
6474 - _has_to_adjust_permissions=1
6475 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
6476 - else
6477 - # Updating from >=1.10
6478 - local _fixed_in_pvr=
6479 - case "${_replacing_version_branch}" in
6480 - "1.10")
6481 - _fixed_in_pvr="1.10.2-r3"
6482 - ;;
6483 - "1.11")
6484 - _fixed_in_pvr="1.11.6-r1"
6485 - ;;
6486 - *)
6487 - # This should be any future branch.
6488 - # If we run this code it is safe to assume that we have already
6489 - # adjusted permissions or were never affected because user is
6490 - # doing an update from previous version which was safe or did
6491 - # the adjustments. Otherwise, we wouldn't hit this code path ...
6492 - _fixed_in_pvr=
6493 - esac
6494 -
6495 - if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
6496 - # We are updating an installation which should already be adjusted
6497 - # or which was never affected
6498 - _need_to_fix_CVE2016_1247=0
6499 - debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
6500 - else
6501 - _has_to_adjust_permissions=1
6502 - debug-print "Need to adjust permissions to fix CVE-2016-1247!"
6503 - fi
6504 - fi
6505 - done
6506 -
6507 - if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
6508 - # We do not DIE when chmod/chown commands are failing because
6509 - # package is already merged on user's system at this stage
6510 - # and we cannot retry without losing the information that
6511 - # the existing installation needs to adjust permissions.
6512 - # Instead we are going to a show a big warning ...
6513 -
6514 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
6515 - ewarn ""
6516 - ewarn "The world-readable bit (if set) has been removed from the"
6517 - ewarn "following directories to mitigate a security bug"
6518 - ewarn "(CVE-2013-0337, bug #458726):"
6519 - ewarn ""
6520 - ewarn " ${EPREFIX%/}/var/log/nginx"
6521 - ewarn " ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
6522 - ewarn ""
6523 - ewarn "Check if this is correct for your setup before restarting nginx!"
6524 - ewarn "This is a one-time change and will not happen on subsequent updates."
6525 - ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
6526 - chmod o-rwx \
6527 - "${EPREFIX%/}"/var/log/nginx \
6528 - "${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
6529 - _has_to_show_permission_warning=1
6530 - fi
6531 -
6532 - if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
6533 - ewarn ""
6534 - ewarn "The permissions on the following directory have been reset in"
6535 - ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
6536 - ewarn ""
6537 - ewarn " ${EPREFIX%/}/var/log/nginx"
6538 - ewarn ""
6539 - ewarn "Check if this is correct for your setup before restarting nginx!"
6540 - ewarn "Also ensure that no other log directory used by any of your"
6541 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
6542 - ewarn "used by nginx can be abused to escalate privileges!"
6543 - ewarn "This is a one-time change and will not happen on subsequent updates."
6544 - chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
6545 - chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
6546 - fi
6547 -
6548 - if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
6549 - # Should never happen ...
6550 - ewarn ""
6551 - ewarn "*************************************************************"
6552 - ewarn "*************** W A R N I N G ***************"
6553 - ewarn "*************************************************************"
6554 - ewarn "The one-time only attempt to adjust permissions of the"
6555 - ewarn "existing nginx installation failed. Be aware that we will not"
6556 - ewarn "try to adjust the same permissions again because now you are"
6557 - ewarn "using a nginx version where we expect that the permissions"
6558 - ewarn "are already adjusted or that you know what you are doing and"
6559 - ewarn "want to keep custom permissions."
6560 - ewarn ""
6561 - fi
6562 - fi
6563 -
6564 - # Sanity check for CVE-2016-1247
6565 - # Required to warn users who received the warning above and thought
6566 - # they could fix it by unmerging and re-merging the package or have
6567 - # unmerged a affected installation on purpose in the past leaving
6568 - # /var/log/nginx on their system due to keepdir/non-empty folder
6569 - # and are now installing the package again.
6570 - local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
6571 - su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
6572 - if [ $? -eq 0 ] ; then
6573 - # Cleanup -- no reason to die here!
6574 - rm -f "${_sanity_check_testfile}"
6575 -
6576 - ewarn ""
6577 - ewarn "*************************************************************"
6578 - ewarn "*************** W A R N I N G ***************"
6579 - ewarn "*************************************************************"
6580 - ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
6581 - ewarn "(bug #605008) because nginx user is able to create files in"
6582 - ewarn ""
6583 - ewarn " ${EPREFIX%/}/var/log/nginx"
6584 - ewarn ""
6585 - ewarn "Also ensure that no other log directory used by any of your"
6586 - ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
6587 - ewarn "used by nginx can be abused to escalate privileges!"
6588 - fi
6589 -
6590 - if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
6591 - # HTTPoxy mitigation
6592 - ewarn ""
6593 - ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
6594 - ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
6595 - ewarn "the HTTP_PROXY parameter to an empty string per default when you"
6596 - ewarn "are sourcing one of the default"
6597 - ewarn ""
6598 - ewarn " - 'fastcgi_params' or 'fastcgi.conf'"
6599 - ewarn " - 'scgi_params'"
6600 - ewarn " - 'uwsgi_params'"
6601 - ewarn ""
6602 - ewarn "files in your server block(s)."
6603 - ewarn ""
6604 - ewarn "If this is causing any problems for you make sure that you are sourcing the"
6605 - ewarn "default parameters _before_ you set your own values."
6606 - ewarn "If you are relying on user-supplied proxy values you have to remove the"
6607 - ewarn "correlating lines from the file(s) mentioned above."
6608 - ewarn ""
6609 - fi
6610 -}
Report Message
Find on MARC Find on Google Groups