[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: www-servers/nginx/
Date:	Tue, 14 Feb 2017 17:06:45
Message-Id:	`1487091991.e24779f56dba1a33bab8b9218eae43f72aaae4f6.whissi@gentoo`

1

commit:     e24779f56dba1a33bab8b9218eae43f72aaae4f6

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Tue Feb 14 16:59:20 2017 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Tue Feb 14 17:06:31 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e24779f5

7

8

www-servers/nginx: Bump to v1.11.10 mainline

9

10

Ebuild changes:

11

===============

12

- NAXSI updated to v0.55.3

13

14

Package-Manager: Portage-2.3.3, Repoman-2.3.1

15

16

 www-servers/nginx/Manifest             |    2 +

17

 www-servers/nginx/nginx-1.11.10.ebuild | 1002 ++++++++++++++++++++++++++++++++

18

 2 files changed, 1004 insertions(+)

19

20

diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest

21

index 6f1c342550..b435401f20 100644

22

--- a/www-servers/nginx/Manifest

23

+++ b/www-servers/nginx/Manifest

24

@@ -1,6 +1,7 @@

25

 DIST modsecurity-2.9.1.tar.gz 4261212 SHA256 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 WHIRLPOOL 5f41bebf032f8a269412d104b7632a06af4d4c495658c9cd1ebf69b82c10ce1bbcb34b9dd159a7b00e57348714a5e93ad3db19701dda51479accd3a9dc79a9cb

26

 DIST nginx-1.10.2.tar.gz 910812 SHA256 1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2 SHA512 f2d5a4fbabaf9333bae46461bcbe3dbcc5ff7e8f8c7a5dead3063e3d59c9ec15dc85262a23ca7d693db45a50ec98a70fb216b3da9872ee23d57b6bfaf064876e WHIRLPOOL 7e819f43a68de49d3cceb3e5ec81eef6872859df0abca2be00fb73c8779c2716b6997ea5f8cadb93af195d9f4d07a4404f51e0752dd881628de93a0c0289aea7

27

 DIST nginx-1.10.3.tar.gz 911509 SHA256 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 SHA512 25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf WHIRLPOOL 1ebf540d49d28a853a9221a558b53d28e2e7dfddf345e433baa4c2b819f6e1fe34528b4680387147c73271d3837529a4452e53b863dff5d29772c2b0a75e0ba6

28

+DIST nginx-1.11.10.tar.gz 967773 SHA256 778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d SHA512 b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 WHIRLPOOL f9535d4fabad7603cc384dda13aca51be77c7901d099190f9d5a187e517128a56a28cb851408b93091f8d99ce118678857ec08fba16bec4c2e2ed2d75ab543bd

29

 DIST nginx-1.11.6.tar.gz 960331 SHA256 3153abbb518e2d9c032e1b127da3dc0028ad36cd4679e5f3be0b8afa33bc85bd SHA512 1969f527d4554a976d14e82c2297c519a0d0d82a9fbd3cc703ab42a23067c7fcf101ddf16f1abff374c71f37969fd7c58d2a344c57566538b821acc32cd3d979 WHIRLPOOL 67ed24c25b20f6d94f3a0602946f750b4efafd79d3a093a35fdf370a20377abcc2a54c00fcd5e7bc54305515da9234fb2f192c744a7fb59c4bbdee2ba0c0f626

30

 DIST nginx-1.11.8.tar.gz 964918 SHA256 53aef3715d79015314c2dcb18f2b185a0c64368cc01b30bdf0737a215f666b34 SHA512 4bbecf17579022cc925af8808554983c57e4f438edc8f987751413f0a023267a4766edc8321cbbe8a8b675f7e86d8a2cba76bd52236c8d9509b2b301ab349ffa WHIRLPOOL a30ad4cdc0b74e0f860938942caeee961759ceabae8735725a989db29702b366fb285079a992cbc681ec3fd157ef6f8907f6a3eac13a8af302daad94ca867738

31

 DIST nginx-1.11.9.tar.gz 965463 SHA256 dc22b71f16b551705930544dc042f1ad1af2f9715f565187ec22c7a4b2625748 SHA512 95247d5db3e23a0ea22686cc3fe4295f8854948a6f168a783082fdbb2acbecdad61cd9c8cadd84c1f74c1e87becdca8d6664622ff9cebc72687f20b29cc09fd0 WHIRLPOOL 39a56073e359aac716e0a9ff672ee89b97205c281b53be97920c098aea9b25635e59a5ea0e3a7cb4ba79d43afc8ed3942cd34840773dd1e472101c9ab6ac72a4

32

@@ -15,6 +16,7 @@ DIST ngx_http_fancyindex-0.4.1.tar.gz 21130 SHA256 2b00d8e0ad2a67152a9cee7b7ee67

33

 DIST ngx_http_headers_more-0.32.tar.gz 28033 SHA256 c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 SHA512 e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 WHIRLPOOL 2b95ea8e2933e83082b9dfd7aaa8f57dd38b0ec12fb452a4aa38a215ca76b6572fe35b79c8afe8cf3097bf89ced0e81c33e07ee6913c99966b87b8e610df3121

34

 DIST ngx_http_lua-0.10.7.tar.gz 605171 SHA256 c21c8937dcdd6fc2b6a955f929e3f4d1388610f47180e60126e6dcab06786f77 SHA512 d060a13de4d01d77e6d6cd1635ecbb405330e4326b71b89341c1c128ee4182978a51d53355bc07c350e3c3a7df15325e3df380d9c3a98b2ff7d7efa18fa09b32 WHIRLPOOL 7b64f75aae2ab74f51b3b2d07a59262a2c8ab2b863698b93b1184c003049641b45eded8fa5cc6301887c80d5fc34e9f22365da7765b3d5594ad838dacfceddd7

35

 DIST ngx_http_naxsi-0.55.1.tar.gz 185997 SHA256 45dd0df7a6b0b6aa9c64eb8c39a8e294d659d87fb18e192cf58f1402f3cdb0a8 SHA512 aebda20e5b78e9111b7bac1e15829258e6b85b80e4ce333e4dba8caead36287b3f0fcb453c51d7c59f07d637fa62f5c6b23aecd3bf6a3c3da4abebf1a6689f14 WHIRLPOOL 36830d10a35b724b7ea15e3884e96e2e4dd84f2b81fc1c7122d3e2e83a1942227321b1a7141d829423788bc52a3e199a95ca2637369e17f84ea16eb0cb2e5e37

36

+DIST ngx_http_naxsi-0.55.3.tar.gz 187416 SHA256 0b3c95d250772dc89ad8b49e47c1e024c5ae2c76c0cffa445e9fe05c4dd13495 SHA512 9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0 WHIRLPOOL 0a1bbe06730730944a882d86ffa378c4a3c759366208913603ffd18fcd7b18e65b6b1a89e9a07dc82e360dfe7ef4a6430391f6e52de35023d33ca19e80a3b693

37

 DIST ngx_http_push_stream-0.5.2.tar.gz 182008 SHA256 1d07f38acdb8194bd49344b0ba21de101070de9b8731d27a8d22e928850bc199 SHA512 ee8bf9ece652da6aa5a39879298bba70d1842696545259f3f5e302cc61397b35f016364805805f9ab1914fc39ed2f07c015e042155789073e3d1fdc02a0783de WHIRLPOOL d309cecbb1bb5b6c4f64712d44889e3ecca59140d845a31a3f605dc3cc2aa01622b0deadb8f6852baea3c211bebbe6ed7d7868399447ac1249c1b1b740fa3c27

38

 DIST ngx_http_slowfs_cache-1.10.tar.gz 11809 SHA256 1e81453942e5b0877de1f1f06c56ae82918ea9818255cb935bcb673c95a758a1 SHA512 fbc9609a8d6913aeefe535f206b9e53477503f131934ead2ae5a6169e395af2f5fb54778704824d5eeb22a4ef40a11ebbcde580db62a631f70edcc2cfc06b15d WHIRLPOOL a02ed77422c47d9e476f8746186d19d632ddb953635d8d9dd51ff076225a78044286ee7e114478bc02e4b2a422e4fdc207154fc287629dd2cd7c3f9a634dad18

39

 DIST ngx_http_upload_progress-0.9.2-r1.tar.gz 17268 SHA256 b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497 SHA512 c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c WHIRLPOOL e847603f1445c7e1471a5570e2774a448be880eb71eeb21e27361586bcee9aae31cb0a8a80cd5abfc8d14e2c356fabfa7293e6a4d5f6782d41521a7bdc124066

40

41

diff --git a/www-servers/nginx/nginx-1.11.10.ebuild b/www-servers/nginx/nginx-1.11.10.ebuild

42

new file mode 100644

43

index 0000000000..2662158ecd

44

--- /dev/null

45

+++ b/www-servers/nginx/nginx-1.11.10.ebuild

46

@@ -0,0 +1,1002 @@

47

+# Copyright 1999-2017 Gentoo Foundation

48

+# Distributed under the terms of the GNU General Public License v2

49

+# $Id$

50

+

51

+EAPI=6

52

+

53

+# Maintainer notes:

54

+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite

55

+# - any http-module activates the main http-functionality and overrides USE=-http

56

+# - keep the following requirements in mind before adding external modules:

57

+#	* alive upstream

58

+#	* sane packaging

59

+#	* builds cleanly

60

+#	* does not need a patch for nginx core

61

+# - TODO: test the google-perftools module (included in vanilla tarball)

62

+

63

+# prevent perl-module from adding automagic perl DEPENDs

64

+GENTOO_DEPEND_ON_PERL="no"

65

+

66

+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)

67

+DEVEL_KIT_MODULE_PV="0.3.0"

68

+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"

69

+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"

70

+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"

71

+

72

+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)

73

+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"

74

+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"

75

+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"

76

+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"

77

+

78

+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)

79

+HTTP_HEADERS_MORE_MODULE_PV="0.32"

80

+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"

81

+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"

82

+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"

83

+

84

+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)

85

+HTTP_CACHE_PURGE_MODULE_PV="2.3"

86

+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"

87

+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"

88

+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"

89

+

90

+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)

91

+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"

92

+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"

93

+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"

94

+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"

95

+

96

+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)

97

+HTTP_FANCYINDEX_MODULE_PV="0.4.1"

98

+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"

99

+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"

100

+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"

101

+

102

+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)

103

+HTTP_LUA_MODULE_PV="0.10.7"

104

+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"

105

+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"

106

+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"

107

+

108

+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)

109

+HTTP_AUTH_PAM_MODULE_PV="1.5.1"

110

+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"

111

+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"

112

+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"

113

+

114

+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)

115

+HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0-10-gf3bdb7b"

116

+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"

117

+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"

118

+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-f3bdb7b85a194e2ad58e3c306c1d021ee76da2f5"

119

+

120

+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)

121

+HTTP_METRICS_MODULE_PV="0.1.1"

122

+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"

123

+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"

124

+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"

125

+

126

+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)

127

+HTTP_NAXSI_MODULE_PV="0.55.3"

128

+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"

129

+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"

130

+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"

131

+

132

+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)

133

+RTMP_MODULE_PV="1.1.10"

134

+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"

135

+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"

136

+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"

137

+

138

+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)

139

+HTTP_DAV_EXT_MODULE_PV="0.0.3"

140

+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"

141

+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"

142

+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"

143

+

144

+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)

145

+HTTP_ECHO_MODULE_PV="0.60"

146

+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"

147

+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"

148

+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"

149

+

150

+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)

151

+# keep the MODULE_P here consistent with upstream to avoid tarball duplication

152

+HTTP_SECURITY_MODULE_PV="2.9.1"

153

+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"

154

+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"

155

+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"

156

+

157

+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)

158

+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"

159

+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"

160

+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"

161

+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"

162

+

163

+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)

164

+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"

165

+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"

166

+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"

167

+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"

168

+

169

+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)

170

+HTTP_MOGILEFS_MODULE_PV="1.0.4"

171

+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"

172

+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"

173

+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"

174

+

175

+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)

176

+HTTP_MEMC_MODULE_PV="0.17"

177

+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"

178

+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"

179

+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"

180

+

181

+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)

182

+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"

183

+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"

184

+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"

185

+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"

186

+

187

+# We handle deps below ourselves

188

+SSL_DEPS_SKIP=1

189

+AUTOTOOLS_AUTO_DEPEND="no"

190

+

191

+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib

192

+

193

+DESCRIPTION="Robust, small and high performance http and reverse proxy server"

194

+HOMEPAGE="https://nginx.org"

195

+SRC_URI="https://nginx.org/download/${P}.tar.gz

196

+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz

197

+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )

198

+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )

199

+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )

200

+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )

201

+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )

202

+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )

203

+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )

204

+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )

205

+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )

206

+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )

207

+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )

208

+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )

209

+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )

210

+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )

211

+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )

212

+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )

213

+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )

214

+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )

215

+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"

216

+

217

+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+

218

+	nginx_modules_http_security? ( Apache-2.0 )

219

+	nginx_modules_http_push_stream? ( GPL-3 )"

220

+

221

+SLOT="mainline"

222

+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"

223

+

224

+# Package doesn't provide a real test suite

225

+RESTRICT="test"

226

+

227

+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif

228

+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer

229

+	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash

230

+	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"

231

+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip

232

+	gzip_static image_filter mp4 perl random_index realip secure_link

233

+	slice stub_status sub xslt"

234

+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients

235

+	upstream_hash upstream_least_conn upstream_zone"

236

+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"

237

+NGINX_MODULES_MAIL="imap pop3 smtp"

238

+NGINX_MODULES_3RD="

239

+	http_upload_progress

240

+	http_headers_more

241

+	http_cache_purge

242

+	http_slowfs_cache

243

+	http_fancyindex

244

+	http_lua

245

+	http_auth_pam

246

+	http_upstream_check

247

+	http_metrics

248

+	http_naxsi

249

+	http_dav_ext

250

+	http_echo

251

+	http_security

252

+	http_push_stream

253

+	http_sticky

254

+	http_mogilefs

255

+	http_memc

256

+	http_auth_ldap"

257

+

258

+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre

259

+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"

260

+

261

+for mod in $NGINX_MODULES_STD; do

262

+	IUSE="${IUSE} +nginx_modules_http_${mod}"

263

+done

264

+

265

+for mod in $NGINX_MODULES_OPT; do

266

+	IUSE="${IUSE} nginx_modules_http_${mod}"

267

+done

268

+

269

+for mod in $NGINX_MODULES_STREAM_STD; do

270

+	IUSE="${IUSE} nginx_modules_stream_${mod}"

271

+done

272

+

273

+for mod in $NGINX_MODULES_STREAM_OPT; do

274

+	IUSE="${IUSE} nginx_modules_stream_${mod}"

275

+done

276

+

277

+for mod in $NGINX_MODULES_MAIL; do

278

+	IUSE="${IUSE} nginx_modules_mail_${mod}"

279

+done

280

+

281

+for mod in $NGINX_MODULES_3RD; do

282

+	IUSE="${IUSE} nginx_modules_${mod}"

283

+done

284

+

285

+# Add so we can warn users updating about config changes

286

+# @TODO: jbergstroem: remove on next release series

287

+IUSE="${IUSE} nginx_modules_http_spdy"

288

+

289

+CDEPEND="

290

+	pcre? ( dev-libs/libpcre:= )

291

+	pcre-jit? ( dev-libs/libpcre:=[jit] )

292

+	ssl? (

293

+		!libressl? ( dev-libs/openssl:0= )

294

+		libressl? ( dev-libs/libressl:= )

295

+	)

296

+	http2? (

297

+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )

298

+		libressl? ( dev-libs/libressl:= )

299

+	)

300

+	http-cache? (

301

+		userland_GNU? (

302

+			!libressl? ( dev-libs/openssl:0= )

303

+			libressl? ( dev-libs/libressl:= )

304

+		)

305

+	)

306

+	nginx_modules_http_geoip? ( dev-libs/geoip )

307

+	nginx_modules_http_gunzip? ( sys-libs/zlib )

308

+	nginx_modules_http_gzip? ( sys-libs/zlib )

309

+	nginx_modules_http_gzip_static? ( sys-libs/zlib )

310

+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )

311

+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )

312

+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )

313

+	nginx_modules_http_secure_link? (

314

+		userland_GNU? (

315

+			!libressl? ( dev-libs/openssl:0= )

316

+			libressl? ( dev-libs/libressl:= )

317

+		)

318

+	)

319

+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )

320

+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )

321

+	nginx_modules_http_auth_pam? ( virtual/pam )

322

+	nginx_modules_http_metrics? ( dev-libs/yajl:= )

323

+	nginx_modules_http_dav_ext? ( dev-libs/expat )

324

+	nginx_modules_http_security? (

325

+		dev-libs/apr:=

326

+		dev-libs/apr-util:=

327

+		dev-libs/libxml2:=

328

+		net-misc/curl

329

+		www-servers/apache

330

+	)

331

+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"

332

+RDEPEND="${CDEPEND}

333

+	selinux? ( sec-policy/selinux-nginx )

334

+	!www-servers/nginx:0"

335

+DEPEND="${CDEPEND}

336

+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )

337

+	arm? ( dev-libs/libatomic_ops )

338

+	libatomic? ( dev-libs/libatomic_ops )"

339

+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"

340

+

341

+REQUIRED_USE="pcre-jit? ( pcre )

342

+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )

343

+	nginx_modules_http_naxsi? ( pcre )

344

+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )

345

+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )

346

+	nginx_modules_http_security? ( pcre )

347

+	nginx_modules_http_push_stream? ( ssl )"

348

+

349

+pkg_setup() {

350

+	NGINX_HOME="/var/lib/nginx"

351

+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"

352

+

353

+	ebegin "Creating nginx user and group"

354

+	enewgroup ${PN}

355

+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}

356

+	eend $?

357

+

358

+	if use libatomic; then

359

+		ewarn "GCC 4.1+ features built-in atomic operations."

360

+		ewarn "Using libatomic_ops is only needed if using"

361

+		ewarn "a different compiler or a GCC prior to 4.1"

362

+	fi

363

+

364

+	if [[ -n $NGINX_ADD_MODULES ]]; then

365

+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"

366

+		ewarn "This nginx installation is not supported!"

367

+		ewarn "Make sure you can reproduce the bug without those modules"

368

+		ewarn "_before_ reporting bugs."

369

+	fi

370

+

371

+	if use !http; then

372

+		ewarn "To actually disable all http-functionality you also have to disable"

373

+		ewarn "all nginx http modules."

374

+	fi

375

+

376

+	if use nginx_modules_http_mogilefs && use threads; then

377

+		eerror "mogilefs won't compile with threads support."

378

+		eerror "Please disable either flag and try again."

379

+		die "Can't compile mogilefs with threads support"

380

+	fi

381

+}

382

+

383

+src_prepare() {

384

+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"

385

+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"

386

+

387

+	if use nginx_modules_http_upstream_check; then

388

+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch

389

+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch

390

+	fi

391

+

392

+	if use nginx_modules_http_lua; then

393

+		sed -i -e 's/-llua5.1/-llua/' "${HTTP_LUA_MODULE_WD}/config" || die

394

+	fi

395

+

396

+	if use nginx_modules_http_security; then

397

+		cd "${HTTP_SECURITY_MODULE_WD}" || die

398

+

399

+		eapply "${FILESDIR}"/http_security-pr_1158.patch

400

+

401

+		eautoreconf

402

+

403

+		if use luajit ; then

404

+			sed -i \

405

+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \

406

+				configure || die

407

+		fi

408

+

409

+		cd "${S}" || die

410

+	fi

411

+

412

+	if use nginx_modules_http_upload_progress; then

413

+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die

414

+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch

415

+		cd "${S}" || die

416

+	fi

417

+

418

+	if use nginx_modules_http_memc; then

419

+		cd "${HTTP_MEMC_MODULE_WD}" || die

420

+		eapply "${FILESDIR}"/http_memc-0.17-issue_26.patch

421

+		cd "${S}" || die

422

+	fi

423

+

424

+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die

425

+	# We have config protection, don't rename etc files

426

+	sed -i 's:.default::' auto/install || die

427

+	# remove useless files

428

+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die

429

+

430

+	# don't install to /etc/nginx/ if not in use

431

+	local module

432

+	for module in fastcgi scgi uwsgi ; do

433

+		if ! use nginx_modules_http_${module}; then

434

+			sed -i -e "/${module}/d" auto/install || die

435

+		fi

436

+	done

437

+

438

+	eapply_user

439

+}

440

+

441

+src_configure() {

442

+	# mod_security needs to generate nginx/modsecurity/config before including it

443

+	if use nginx_modules_http_security; then

444

+		cd "${HTTP_SECURITY_MODULE_WD}" || die

445

+

446

+		./configure \

447

+			--enable-standalone-module \

448

+			--disable-mlogc \

449

+			--with-ssdeep=no \

450

+			$(use_enable pcre-jit) \

451

+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"

452

+

453

+		cd "${S}" || die

454

+	fi

455

+

456

+	local myconf=() http_enabled= mail_enabled= stream_enabled=

457

+

458

+	use aio       && myconf+=( --with-file-aio )

459

+	use debug     && myconf+=( --with-debug )

460

+	use http2     && myconf+=( --with-http_v2_module )

461

+	use libatomic && myconf+=( --with-libatomic )

462

+	use pcre      && myconf+=( --with-pcre )

463

+	use pcre-jit  && myconf+=( --with-pcre-jit )

464

+	use threads   && myconf+=( --with-threads )

465

+

466

+	# HTTP modules

467

+	for mod in $NGINX_MODULES_STD; do

468

+		if use nginx_modules_http_${mod}; then

469

+			http_enabled=1

470

+		else

471

+			myconf+=( --without-http_${mod}_module )

472

+		fi

473

+	done

474

+

475

+	for mod in $NGINX_MODULES_OPT; do

476

+		if use nginx_modules_http_${mod}; then

477

+			http_enabled=1

478

+			myconf+=( --with-http_${mod}_module )

479

+		fi

480

+	done

481

+

482

+	if use nginx_modules_http_fastcgi; then

483

+		myconf+=( --with-http_realip_module )

484

+	fi

485

+

486

+	# third-party modules

487

+	if use nginx_modules_http_upload_progress; then

488

+		http_enabled=1

489

+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )

490

+	fi

491

+

492

+	if use nginx_modules_http_headers_more; then

493

+		http_enabled=1

494

+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )

495

+	fi

496

+

497

+	if use nginx_modules_http_cache_purge; then

498

+		http_enabled=1

499

+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )

500

+	fi

501

+

502

+	if use nginx_modules_http_slowfs_cache; then

503

+		http_enabled=1

504

+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )

505

+	fi

506

+

507

+	if use nginx_modules_http_fancyindex; then

508

+		http_enabled=1

509

+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )

510

+	fi

511

+

512

+	if use nginx_modules_http_lua; then

513

+		http_enabled=1

514

+		if use luajit; then

515

+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)

516

+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)

517

+		else

518

+			export LUA_LIB=$(pkg-config --variable libdir lua)

519

+			export LUA_INC=$(pkg-config --variable includedir lua)

520

+		fi

521

+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )

522

+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )

523

+	fi

524

+

525

+	if use nginx_modules_http_auth_pam; then

526

+		http_enabled=1

527

+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )

528

+	fi

529

+

530

+	if use nginx_modules_http_upstream_check; then

531

+		http_enabled=1

532

+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )

533

+	fi

534

+

535

+	if use nginx_modules_http_metrics; then

536

+		http_enabled=1

537

+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )

538

+	fi

539

+

540

+	if use nginx_modules_http_naxsi ; then

541

+		http_enabled=1

542

+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )

543

+	fi

544

+

545

+	if use rtmp ; then

546

+		http_enabled=1

547

+		myconf+=( --add-module=${RTMP_MODULE_WD} )

548

+	fi

549

+

550

+	if use nginx_modules_http_dav_ext ; then

551

+		http_enabled=1

552

+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )

553

+	fi

554

+

555

+	if use nginx_modules_http_echo ; then

556

+		http_enabled=1

557

+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )

558

+	fi

559

+

560

+	if use nginx_modules_http_security ; then

561

+		http_enabled=1

562

+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )

563

+	fi

564

+

565

+	if use nginx_modules_http_push_stream ; then

566

+		http_enabled=1

567

+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )

568

+	fi

569

+

570

+	if use nginx_modules_http_sticky ; then

571

+		http_enabled=1

572

+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )

573

+	fi

574

+

575

+	if use nginx_modules_http_mogilefs ; then

576

+		http_enabled=1

577

+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )

578

+	fi

579

+

580

+	if use nginx_modules_http_memc ; then

581

+		http_enabled=1

582

+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )

583

+	fi

584

+

585

+	if use nginx_modules_http_auth_ldap; then

586

+		http_enabled=1

587

+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )

588

+	fi

589

+

590

+	if use http || use http-cache || use http2; then

591

+		http_enabled=1

592

+	fi

593

+

594

+	if [ $http_enabled ]; then

595

+		use http-cache || myconf+=( --without-http-cache )

596

+		use ssl && myconf+=( --with-http_ssl_module )

597

+	else

598

+		myconf+=( --without-http --without-http-cache )

599

+	fi

600

+

601

+	# Stream modules

602

+	for mod in $NGINX_MODULES_STREAM_STD; do

603

+		if use nginx_modules_stream_${mod}; then

604

+			stream_enabled=1

605

+		else

606

+			myconf+=( --without-stream_${mod}_module )

607

+		fi

608

+	done

609

+

610

+	for mod in $NGINX_MODULES_STREAM_OPT; do

611

+		if use nginx_modules_stream_${mod}; then

612

+			stream_enabled=1

613

+			myconf+=( --with-stream_${mod}_module )

614

+		fi

615

+	done

616

+

617

+	if [ $stream_enabled ]; then

618

+		myconf+=( --with-stream )

619

+		use ssl && myconf+=( --with-stream_ssl_module )

620

+	fi

621

+

622

+	# MAIL modules

623

+	for mod in $NGINX_MODULES_MAIL; do

624

+		if use nginx_modules_mail_${mod}; then

625

+			mail_enabled=1

626

+		else

627

+			myconf+=( --without-mail_${mod}_module )

628

+		fi

629

+	done

630

+

631

+	if [ $mail_enabled ]; then

632

+		myconf+=( --with-mail )

633

+		use ssl && myconf+=( --with-mail_ssl_module )

634

+	fi

635

+

636

+	# custom modules

637

+	for mod in $NGINX_ADD_MODULES; do

638

+		myconf+=(  --add-module=${mod} )

639

+	done

640

+

641

+	# https://bugs.gentoo.org/286772

642

+	export LANG=C LC_ALL=C

643

+	tc-export CC

644

+

645

+	if ! use prefix; then

646

+		myconf+=( --user=${PN} )

647

+		myconf+=( --group=${PN} )

648

+	fi

649

+

650

+	local WITHOUT_IPV6=

651

+	if ! use ipv6; then

652

+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"

653

+	fi

654

+

655

+	./configure \

656

+		--prefix="${EPREFIX}"/usr \

657

+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \

658

+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \

659

+		--pid-path="${EPREFIX}"/run/${PN}.pid \

660

+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \

661

+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \

662

+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \

663

+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \

664

+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \

665

+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \

666

+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \

667

+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \

668

+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \

669

+		--with-compat \

670

+		"${myconf[@]}" || die "configure failed"

671

+

672

+	# A purely cosmetic change that makes nginx -V more readable. This can be

673

+	# good if people outside the gentoo community would troubleshoot and

674

+	# question the users setup.

675

+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die

676

+}

677

+

678

+src_compile() {

679

+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"

680

+

681

+	# https://bugs.gentoo.org/286772

682

+	export LANG=C LC_ALL=C

683

+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"

684

+}

685

+

686

+src_install() {

687

+	emake DESTDIR="${D%/}" install

688

+

689

+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die

690

+

691

+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx

692

+	newconfd "${FILESDIR}"/nginx.confd nginx

693

+

694

+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service

695

+

696

+	doman man/nginx.8

697

+	dodoc CHANGES* README

698

+

699

+	# just keepdir. do not copy the default htdocs files (bug #449136)

700

+	keepdir /var/www/localhost

701

+	rm -rf "${D}"usr/html || die

702

+

703

+	# set up a list of directories to keep

704

+	local keepdir_list="${NGINX_HOME_TMP}"/client

705

+	local module

706

+	for module in proxy fastcgi scgi uwsgi; do

707

+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"

708

+	done

709

+

710

+	keepdir /var/log/nginx ${keepdir_list}

711

+

712

+	# this solves a problem with SELinux where nginx doesn't see the directories

713

+	# as root and tries to create them as nginx

714

+	fperms 0750 "${NGINX_HOME_TMP}"

715

+	fowners ${PN}:0 "${NGINX_HOME_TMP}"

716

+

717

+	fperms 0700 ${keepdir_list}

718

+	fowners ${PN}:${PN} ${keepdir_list}

719

+

720

+	fperms 0710 /var/log/nginx

721

+	fowners 0:${PN} /var/log/nginx

722

+

723

+	# logrotate

724

+	insinto /etc/logrotate.d

725

+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx

726

+

727

+	if use nginx_modules_http_perl; then

728

+		cd "${S}"/objs/src/http/modules/perl/ || die

729

+		emake DESTDIR="${D}" INSTALLDIRS=vendor

730

+		perl_delete_localpod

731

+		cd "${S}" || die

732

+	fi

733

+

734

+	if use nginx_modules_http_cache_purge; then

735

+		docinto ${HTTP_CACHE_PURGE_MODULE_P}

736

+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}

737

+	fi

738

+

739

+	if use nginx_modules_http_slowfs_cache; then

740

+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}

741

+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}

742

+	fi

743

+

744

+	if use nginx_modules_http_fancyindex; then

745

+		docinto ${HTTP_FANCYINDEX_MODULE_P}

746

+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst

747

+	fi

748

+

749

+	if use nginx_modules_http_lua; then

750

+		docinto ${HTTP_LUA_MODULE_P}

751

+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown

752

+	fi

753

+

754

+	if use nginx_modules_http_auth_pam; then

755

+		docinto ${HTTP_AUTH_PAM_MODULE_P}

756

+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}

757

+	fi

758

+

759

+	if use nginx_modules_http_upstream_check; then

760

+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}

761

+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}

762

+	fi

763

+

764

+	if use nginx_modules_http_naxsi; then

765

+		insinto /etc/nginx

766

+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules

767

+	fi

768

+

769

+	if use rtmp; then

770

+		docinto ${RTMP_MODULE_P}

771

+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}

772

+	fi

773

+

774

+	if use nginx_modules_http_dav_ext; then

775

+		docinto ${HTTP_DAV_EXT_MODULE_P}

776

+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README

777

+	fi

778

+

779

+	if use nginx_modules_http_echo; then

780

+		docinto ${HTTP_ECHO_MODULE_P}

781

+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown

782

+	fi

783

+

784

+	if use nginx_modules_http_security; then

785

+		docinto ${HTTP_SECURITY_MODULE_P}

786

+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}

787

+	fi

788

+

789

+	if use nginx_modules_http_push_stream; then

790

+		docinto ${HTTP_PUSH_STREAM_MODULE_P}

791

+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}

792

+	fi

793

+

794

+	if use nginx_modules_http_sticky; then

795

+		docinto ${HTTP_STICKY_MODULE_P}

796

+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}

797

+	fi

798

+

799

+	if use nginx_modules_http_memc; then

800

+		docinto ${HTTP_MEMC_MODULE_P}

801

+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown

802

+	fi

803

+

804

+	if use nginx_modules_http_auth_ldap; then

805

+		docinto ${HTTP_LDAP_MODULE_P}

806

+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf

807

+	fi

808

+}

809

+

810

+pkg_postinst() {

811

+	if use ssl; then

812

+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then

813

+			install_cert /etc/ssl/${PN}/${PN}

814

+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}

815

+		fi

816

+	fi

817

+

818

+	if use nginx_modules_http_spdy; then

819

+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."

820

+		ewarn "Update your configs and package.use accordingly."

821

+	fi

822

+

823

+	if use nginx_modules_http_lua && use http2; then

824

+		ewarn "Lua 3rd party module author warns against using ${P} with"

825

+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"

826

+	fi

827

+

828

+	local _n_permission_layout_checks=0

829

+	local _has_to_adjust_permissions=0

830

+	local _has_to_show_permission_warning=0

831

+

832

+	# Defaults to 1 to inform people doing a fresh installation

833

+	# that we ship modified {scgi,uwsgi,fastcgi}_params files

834

+	local _has_to_show_httpoxy_mitigation_notice=1

835

+

836

+	local _replacing_version=

837

+	for _replacing_version in ${REPLACING_VERSIONS}; do

838

+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))

839

+

840

+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then

841

+			# Should never happen:

842

+			# Package is abusing slots but doesn't allow multiple parallel installations.

843

+			# If we run into this situation it is unsafe to automatically adjust any

844

+			# permission...

845

+			_has_to_show_permission_warning=1

846

+

847

+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \

848

+				"You will have to adjust permissions on your own."

849

+

850

+			break

851

+		fi

852

+

853

+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")

854

+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."

855

+

856

+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?

857

+		# This was before we introduced multiple nginx versions so we

858

+		# do not need to distinguish between stable and mainline

859

+		local _need_to_fix_CVE2013_0337=1

860

+

861

+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then

862

+			# We are updating an installation which should already be fixed

863

+			_need_to_fix_CVE2013_0337=0

864

+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"

865

+		else

866

+			_has_to_adjust_permissions=1

867

+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"

868

+		fi

869

+

870

+		# Do we need to inform about HTTPoxy mitigation?

871

+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f

872

+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then

873

+			# Updating from <1.10

874

+			_has_to_show_httpoxy_mitigation_notice=1

875

+			debug-print "Need to inform about HTTPoxy mitigation!"

876

+		else

877

+			# Updating from >=1.10

878

+			local _fixed_in_pvr=

879

+			case "${_replacing_version_branch}" in

880

+				"1.10")

881

+					_fixed_in_pvr="1.10.1-r2"

882

+					;;

883

+				"1.11")

884

+					_fixed_in_pvr="1.11.3-r1"

885

+					;;

886

+				*)

887

+					# This should be any future branch.

888

+					# If we run this code it is safe to assume that the user has

889

+					# already seen the HTTPoxy mitigation notice because he/she is doing

890

+					# an update from previous version where we have already shown

891

+					# the warning. Otherwise, we wouldn't hit this code path ...

892

+					_fixed_in_pvr=

893

+			esac

894

+

895

+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then

896

+				# We are updating an installation where we already informed

897

+				# that we are mitigating HTTPoxy per default

898

+				_has_to_show_httpoxy_mitigation_notice=0

899

+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"

900

+			else

901

+				_has_to_show_httpoxy_mitigation_notice=1

902

+				debug-print "Need to inform about HTTPoxy mitigation!"

903

+			fi

904

+		fi

905

+

906

+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?

907

+		# All branches up to 1.11 are affected

908

+		local _need_to_fix_CVE2016_1247=1

909

+

910

+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then

911

+			# Updating from <1.10

912

+			_has_to_adjust_permissions=1

913

+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"

914

+		else

915

+			# Updating from >=1.10

916

+			local _fixed_in_pvr=

917

+			case "${_replacing_version_branch}" in

918

+				"1.10")

919

+					_fixed_in_pvr="1.10.2-r3"

920

+					;;

921

+				"1.11")

922

+					_fixed_in_pvr="1.11.6-r1"

923

+					;;

924

+				*)

925

+					# This should be any future branch.

926

+					# If we run this code it is safe to assume that we have already

927

+					# adjusted permissions or were never affected because user is

928

+					# doing an update from previous version which was safe or did

929

+					# the adjustments. Otherwise, we wouldn't hit this code path ...

930

+					_fixed_in_pvr=

931

+			esac

932

+

933

+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then

934

+				# We are updating an installation which should already be adjusted

935

+				# or which was never affected

936

+				_need_to_fix_CVE2016_1247=0

937

+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"

938

+			else

939

+				_has_to_adjust_permissions=1

940

+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"

941

+			fi

942

+		fi

943

+	done

944

+

945

+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then

946

+		# We do not DIE when chmod/chown commands are failing because

947

+		# package is already merged on user's system at this stage

948

+		# and we cannot retry without losing the information that

949

+		# the existing installation needs to adjust permissions.

950

+		# Instead we are going to a show a big warning ...

951

+

952

+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then

953

+			ewarn ""

954

+			ewarn "The world-readable bit (if set) has been removed from the"

955

+			ewarn "following directories to mitigate a security bug"

956

+			ewarn "(CVE-2013-0337, bug #458726):"

957

+			ewarn ""

958

+			ewarn "  ${EPREFIX%/}/var/log/nginx"

959

+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"

960

+			ewarn ""

961

+			ewarn "Check if this is correct for your setup before restarting nginx!"

962

+			ewarn "This is a one-time change and will not happen on subsequent updates."

963

+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"

964

+			chmod o-rwx \

965

+				"${EPREFIX%/}"/var/log/nginx \

966

+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \

967

+				_has_to_show_permission_warning=1

968

+		fi

969

+

970

+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then

971

+			ewarn ""

972

+			ewarn "The permissions on the following directory have been reset in"

973

+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"

974

+			ewarn ""

975

+			ewarn "  ${EPREFIX%/}/var/log/nginx"

976

+			ewarn ""

977

+			ewarn "Check if this is correct for your setup before restarting nginx!"

978

+			ewarn "Also ensure that no other log directory used by any of your"

979

+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"

980

+			ewarn "used by nginx can be abused to escalate privileges!"

981

+			ewarn "This is a one-time change and will not happen on subsequent updates."

982

+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1

983

+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1

984

+		fi

985

+

986

+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then

987

+			# Should never happen ...

988

+			ewarn ""

989

+			ewarn "*************************************************************"

990

+			ewarn "***************         W A R N I N G         ***************"

991

+			ewarn "*************************************************************"

992

+			ewarn "The one-time only attempt to adjust permissions of the"

993

+			ewarn "existing nginx installation failed. Be aware that we will not"

994

+			ewarn "try to adjust the same permissions again because now you are"

995

+			ewarn "using a nginx version where we expect that the permissions"

996

+			ewarn "are already adjusted or that you know what you are doing and"

997

+			ewarn "want to keep custom permissions."

998

+			ewarn ""

999

+		fi

1000

+	fi

1001

+

1002

+	# Sanity check for CVE-2016-1247

1003

+	# Required to warn users who received the warning above and thought

1004

+	# they could fix it by unmerging and re-merging the package or have

1005

+	# unmerged a affected installation on purpose in the past leaving

1006

+	# /var/log/nginx on their system due to keepdir/non-empty folder

1007

+	# and are now installing the package again.

1008

+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)

1009

+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null

1010

+	if [ $? -eq 0 ] ; then

1011

+		# Cleanup -- no reason to die here!

1012

+		rm -f "${_sanity_check_testfile}"

1013

+

1014

+		ewarn ""

1015

+		ewarn "*************************************************************"

1016

+		ewarn "***************         W A R N I N G         ***************"

1017

+		ewarn "*************************************************************"

1018

+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"

1019

+		ewarn "(bug #605008) because nginx user is able to create files in"

1020

+		ewarn ""

1021

+		ewarn "  ${EPREFIX%/}/var/log/nginx"

1022

+		ewarn ""

1023

+		ewarn "Also ensure that no other log directory used by any of your"

1024

+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"

1025

+		ewarn "used by nginx can be abused to escalate privileges!"

1026

+	fi

1027

+

1028

+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then

1029

+		# HTTPoxy mitigation

1030

+		ewarn ""

1031

+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"

1032

+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"

1033

+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"

1034

+		ewarn "are sourcing one of the default"

1035

+		ewarn ""

1036

+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"

1037

+		ewarn "  - 'scgi_params'"

1038

+		ewarn "  - 'uwsgi_params'"

1039

+		ewarn ""

1040

+		ewarn "files in your server block(s)."

1041

+		ewarn ""

1042

+		ewarn "If this is causing any problems for you make sure that you are sourcing the"

1043

+		ewarn "default parameters _before_ you set your own values."

1044

+		ewarn "If you are relying on user-supplied proxy values you have to remove the"

1045

+		ewarn "correlating lines from the file(s) mentioned above."

1046

+		ewarn ""

1047

+	fi

1048

+}

Gentoo Archives: gentoo-commits