Mail archive
alpine-aports

Re: [alpine-aports] [PATCH] rename: testing/nginx-naxsi -> testing/nginx-current

From: Valery Kartel <valery.kartel_at_gmail.com>
Date: Fri, 17 Mar 2017 14:45:04 +0200

I just looked at nginx and nginx-naxsi APKBUILD and decided that they are
similar and differ only in release (stable and current).
But not payed attention to lua and paxmark.
Sorry.

I revoke this patch.

2017-03-17 14:28 GMT+02:00 Stuart Cardall <developer_at_it-offshore.co.uk>:

> I don't agree to the name change & adding lua / disabling the PaX memory
> protections.
>
> I keep nginx-naxsi as light & secure as possible so it's harder to
> exploit. The memory protections help stop attacks & lower ram usage.
>
> Valery - why don't you create a completely new nginx-current ?
>
> Stuart Cardall.
>
> On 03/17/2017 11:31 AM, Valery Kartel wrote:
>
> - upgrade to 1.11.10
> - sync with /main/nginx APKBUILD
> ---
> testing/nginx-current/APKBUILD | 225 +++++++++++++++++++++
> testing/{nginx-naxsi => nginx-current}/ipv6.patch | 0
> .../{nginx-naxsi => nginx-current}/sysguard.patch | 0
> testing/nginx-naxsi/APKBUILD | 204 -------------------
> testing/nginx-naxsi/anonymise.patch | 76 -------
> testing/nginx-naxsi/default.conf | 18 --
> testing/nginx-naxsi/nginx-naxsi.pre-install | 9 -
> testing/nginx-naxsi/nginx-naxsi.pre-upgrade | 1 -
> testing/nginx-naxsi/nginx.conf | 92 ---------
> testing/nginx-naxsi/nginx.initd | 67 ------
> testing/nginx-naxsi/nginx.logrotate | 12 --
> 11 files changed, 225 insertions(+), 479 deletions(-)
> create mode 100644 testing/nginx-current/APKBUILD
> rename testing/{nginx-naxsi => nginx-current}/ipv6.patch (100%)
> rename testing/{nginx-naxsi => nginx-current}/sysguard.patch (100%)
> delete mode 100644 testing/nginx-naxsi/APKBUILD
> delete mode 100644 testing/nginx-naxsi/anonymise.patch
> delete mode 100644 testing/nginx-naxsi/default.conf
> delete mode 100644 testing/nginx-naxsi/nginx-naxsi.pre-install
> delete mode 120000 testing/nginx-naxsi/nginx-naxsi.pre-upgrade
> delete mode 100644 testing/nginx-naxsi/nginx.conf
> delete mode 100644 testing/nginx-naxsi/nginx.initd
> delete mode 100644 testing/nginx-naxsi/nginx.logrotate
>
> diff --git a/testing/nginx-current/APKBUILD b/testing/nginx-current/APKBUILD
> new file mode 100644
> index 0000000000..383f6e48c1
> --- /dev/null
> +++ b/testing/nginx-current/APKBUILD
> _at__at_ -0,0 +1,225 @@
> +# Maintainer: Stuart Cardall <developer_at_it-offshore.co.uk> <developer_at_it-offshore.co.uk>
> +# Contributor: Cameron Banta <cbanta_at_gmail.com> <cbanta_at_gmail.com>
> +# Contributor: Jeff Bilyk <jbilyk_at_gmail.com> <jbilyk_at_gmail.com>
> +# Contributor: Bartłomiej Piotrowski <nospam_at_bpiotrowski.pl> <nospam_at_bpiotrowski.pl>
> +# Contributor: Valery Kartel <valery.kartel_at_gmail.com> <valery.kartel_at_gmail.com>
> +
> +pkgname=nginx-current
> +_pkgreal=nginx
> +pkgver=1.11.10
> +pkgrel=0
> +pkgdesc="HTTP and reverse proxy server (current release)"
> +url="http://www.nginx.org/en" <http://www.nginx.org/en>
> +arch="all"
> +options="!check"
> +license="custom"
> +depends=""
> +replaces="$_pkgreal"
> +provides="$_pkgreal-$pkgver-r$pkgrel"
> +[ "$CARCH" = "s390x" ] && _lua_dep="lua5.1-dev" || _lua_dep="luajit-dev"
> +makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev $_lua_dep
> + libressl-dev paxmark pcre-dev perl-dev pkgconf zlib-dev"
> +subpackages="$pkgname-doc $pkgname-mod-http-perl:_perl"
> +
> +# Modules with external sources
> +_dkmod=ngx_devel_kit
> +_dkver=0.3.0
> +_modsub="$_modsub devel-kit:ndk_http_module"
> +_modcfg="$_modcfg --add-dynamic-module=${_dksrc:=$srcdir/$_dkmod-$_dkver}"
> +_modsrc="$_modsrc $_dkmod-$_dkver.tar.gz::https://github.com/simpl/$_dkmod/archive/v$_dkver.tar.gz"
> +
> +_ecmod=echo-nginx-module
> +_ecver=0.60
> +_modsub="$_modsub http-echo"
> +_modcfg="$_modcfg --add-dynamic-module=${_ecsrc:=$srcdir/$_ecmod-$_ecver}"
> +_modsrc="$_modsrc $_ecmod-$_ecver.tar.gz::https://github.com/openresty/$_ecmod/archive/v$_ecver.tar.gz"
> +
> +_fimod=ngx-fancyindex
> +_fiver=0.4.1
> +_modsub="$_modsub http-fancyindex"
> +_modcfg="$_modcfg --add-dynamic-module=${_fisrc:=$srcdir/$_fimod-$_fiver}"
> +_modsrc="$_modsrc $_fimod-$_fiver.tar.gz::https://github.com/aperezdc/$_fimod/archive/v$_fiver.tar.gz"
> +
> +_hmmod=headers-more-nginx-module
> +_hmver=0.32
> +_modsub="$_modsub http-headers-more:ngx_http_headers_more_filter_module"
> +_modcfg="$_modcfg --add-dynamic-module=${_hmsrc:=$srcdir/$_hmmod-$_hmver}"
> +_modsrc="$_modsrc $_hmmod-$_hmver.tar.gz::https://github.com/openresty/$_hmmod/archive/v$_hmver.tar.gz"
> +
> +_lumod=lua-nginx-module
> +_luver=0.10.7
> +_modsub="$_modsub http-lua"
> +_modcfg="$_modcfg --add-dynamic-module=${_lusrc:=$srcdir/$_lumod-$_luver}"
> +_modsrc="$_modsrc $_lumod-$_luver.tar.gz::https://github.com/openresty/$_lumod/archive/v$_luver.tar.gz"
> +_http_lua_depends="$pkgname-mod-devel-kit"
> +
> +_ncmod=nchan
> +_ncver=1.1.2
> +_modsub="$_modsub http-nchan:ngx_nchan_module"
> +_modcfg="$_modcfg --add-dynamic-module=${_ncsrc:=$srcdir/$_ncmod-$_ncver}"
> +_modsrc="$_modsrc $_ncmod-$_ncver.tar.gz::https://github.com/slact/$_ncmod/archive/v$_ncver.tar.gz"
> +
> +_upmod=nginx-upload-progress-module
> +_upver=0.9.2
> +_modsub="$_modsub http-upload-progress:ngx_http_uploadprogress_module"
> +_modcfg="$_modcfg --add-dynamic-module=${_upsrc:=$srcdir/$_upmod-$_upver}"
> +_modsrc="$_modsrc $_upmod-$_upver.tar.gz::https://github.com/masterzen/$_upmod/archive/v$_upver.tar.gz"
> +
> +_rtmod=nginx-rtmp-module
> +_rtver=1.1.11
> +_modsub="$_modsub rtmp"
> +_modcfg="$_modcfg --add-dynamic-module=${_rtsrc:=$srcdir/$_rtmod-$_rtver}"
> +_modsrc="$_modsrc $_rtmod-$_rtver.tar.gz::https://github.com/arut/$_rtmod/archive/v$_rtver.tar.gz"
> +
> +_nxmod=naxsi
> +_nxver=0.55.3
> +_modsub="$_modsub http-naxsi"
> +_modcfg="$_modcfg --add-dynamic-module=${_nxsrc:=$srcdir/$_nxmod-$_nxver/naxsi_src}"
> +_modsrc="$_modsrc $_nxmod-$_nxver.tar.gz::https://github.com/nbs-system/$_nxmod/archive/$_nxver.tar.gz"
> +
> +_cpmod=ngx_cache_purge
> +_cpver=2.3.0.1
> +_modsub="$_modsub http-cache-purge"
> +_modcfg="$_modcfg --add-dynamic-module=${_cpsrc:=$srcdir/$_cpmod-$_cpver}"
> +_modsrc="$_modsrc $_cpmod-$_cpver.tar.gz::https://github.com/itoffshore/$_cpmod/archive/v$_cpver.tar.gz"
> +
> +_ufmod=nginx-upstream-fair
> +_ufver=0.1.1
> +_modsub="$_modsub http-upstream-fair"
> +_modcfg="$_modcfg --add-dynamic-module=${_ufsrc:=$srcdir/$_ufmod-$_ufver}"
> +_modsrc="$_modsrc $_ufmod-$_ufver.tar.gz::https://github.com/itoffshore/$_ufmod/archive/v$_ufver.tar.gz"
> +
> +_sgmod=tengine-http-sysguard
> +_sgver=2.2.0
> +_modsub="$_modsub http-sysguard"
> +_modcfg="$_modcfg --add-dynamic-module=${_sgsrc:=$srcdir/$_sgmod-$_sgver}"
> +_modsrc="$_modsrc $_sgmod-$_sgver.tar.gz::https://github.com/itoffshore/$_sgmod/archive/v$_sgver.tar.gz
> + sysguard.patch"
> +
> +source="http://nginx.org/download/$_pkgreal-$pkgver.tar.gz
> + ipv6.patch
> + $_modsrc
> + " <http://nginx.org/download/$_pkgreal-$pkgver.tar.gz+ipv6.patch+$_modsrc+>
> +
> +_module_dir=usr/lib/$_pkgreal
> +for _module in http-geoip http-image-filter http-xslt-filter mail stream $_modsub; do
> + _modvar=${_module//-/_}
> + [ -z "${_module##*:*}" ] && eval _so_${_modvar%:*}=${_module#*:}
> + subpackages="$subpackages $pkgname-mod-${_module%:*}:_module"
> +done
> +
> +builddir="$srcdir/$_pkgreal-$pkgver"
> +
> +build() {
> + cd "$builddir"
> +
> + export LUAJIT_LIB="$(pkgconf --variable=libdir luajit)"
> + export LUAJIT_INC="$(pkgconf --variable=includedir luajit)"
> + ./configure \
> + --prefix=/var/lib/$_pkgreal \
> + --sbin-path=/usr/sbin/$_pkgreal \
> + --modules-path=/$_module_dir \
> + --conf-path=/etc/$_pkgreal/$_pkgreal.conf \
> + --pid-path=/run/$_pkgreal/$_pkgreal.pid \
> + --lock-path=/run/$_pkgreal/$_pkgreal.lock \
> + --http-client-body-temp-path=/var/lib/$_pkgreal/tmp/client_body \
> + --http-proxy-temp-path=/var/lib/$_pkgreal/tmp/proxy \
> + --http-fastcgi-temp-path=/var/lib/$_pkgreal/tmp/fastcgi \
> + --http-uwsgi-temp-path=/var/lib/$_pkgreal/tmp/uwsgi \
> + --http-scgi-temp-path=/var/lib/$_pkgreal/tmp/scgi \
> + --with-perl_modules_path=/usr/lib/perl5/vendor_perl \
> + \
> + --user=$_pkgreal \
> + --group=$_pkgreal \
> + --with-threads \
> + --with-file-aio \
> + --with-ipv6 \
> + \
> + --with-http_ssl_module \
> + --with-http_v2_module \
> + --with-http_realip_module \
> + --with-http_addition_module \
> + --with-http_xslt_module=dynamic \
> + --with-http_image_filter_module=dynamic \
> + --with-http_geoip_module=dynamic \
> + --with-http_sub_module \
> + --with-http_dav_module \
> + --with-http_flv_module \
> + --with-http_mp4_module \
> + --with-http_gunzip_module \
> + --with-http_gzip_static_module \
> + --with-http_auth_request_module \
> + --with-http_random_index_module \
> + --with-http_secure_link_module \
> + --with-http_slice_module \
> + --with-http_stub_status_module \
> + --with-http_perl_module=dynamic \
> + --with-http_realip_module \
> + --with-mail=dynamic \
> + --with-mail_ssl_module \
> + --with-stream=dynamic \
> + --with-stream_ssl_module \
> + $_modcfg || return 1
> + make
> +}
> +
> +package() {
> + depends="$_pkgreal"
> + make -C "$builddir" DESTDIR="$pkgdir" install || return 1
> +
> + # Disable some PaX protections; this is needed for Lua module.
> + local paxflags="-m"
> + [ "$CARCH" = "x86" ] && paxflags="-msp"
> + paxmark $paxflags "$pkgdir"/usr/sbin/nginx || return 1
> +
> + install -Dm644 "$builddir"/LICENSE \
> + "$pkgdir"/usr/share/licenses/$_pkgreal/LICENSE || return 1
> + install -Dm644 "$builddir"/README \
> + "$pkgdir"/usr/share/doc/$_pkgreal/README || return 1
> +
> + rm -rf "$pkgdir"/run "$pkgdir"/var "$pkgdir"/etc
> +}
> +
> +doc() {
> + default_doc || return 1
> + depends="$_pkgreal-doc"
> + replaces="$_pkgreal-doc"
> +}
> +
> +_module() {
> + local name=${subpkgname#$pkgname-mod-}
> + replaces="$_pkgreal-mod-$name"
> + provides="$replaces-$pkgver-r$pkgrel"
> + install_if="$pkgname=$pkgver-r$pkgrel $replaces"
> + name=${name//-/_}
> + local soname=$(eval echo \${_so_$name:-ngx_${name}_module}.so)
> + pkgdesc="$pkgdesc (module $name)"
> + depends=$(eval echo \${_${name}_depends:-$pkgname $replaces})
> +
> + mkdir -p "$subpkgdir"/$_module_dir || return 1
> +
> + mv "$pkgdir"/$_module_dir/$soname \
> + "$subpkgdir"/$_module_dir/$soname
> +}
> +
> +
> +_perl() {
> + _module || return 1
> + mv "$pkgdir"/usr/lib/perl5 "$subpkgdir"/usr/lib/
> +}
> +
> +sha512sums="b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 nginx-1.11.10.tar.gz
> +cae9f842c3d1188730d4355440476ad2338b19c027c4b329efe88d4487e90d96bf60dea6feb4be6a6f96d4b356fc154345e32c2bb643d70f68e428df26330a49 ipv6.patch
> +558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 ngx_devel_kit-0.3.0.tar.gz
> +c455bee73cebd0752449472452d15614b9587ddd199263d366484ede890c4d108eacbbeaef31adc9dc7732b56ef2bfc73c0fef3366366db03a8ec3fdc27a985c echo-nginx-module-0.60.tar.gz
> +ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1 ngx-fancyindex-0.4.1.tar.gz
> +e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 headers-more-nginx-module-0.32.tar.gz
> +d060a13de4d01d77e6d6cd1635ecbb405330e4326b71b89341c1c128ee4182978a51d53355bc07c350e3c3a7df15325e3df380d9c3a98b2ff7d7efa18fa09b32 lua-nginx-module-0.10.7.tar.gz
> +14af65d57325afa961bc6606f2c938acff0206914248b8ca810293113fdab859c1db9c9abce9263b9da5c2371b299770682d9ec49fbf7a356da9fbfb3e15c3c7 nchan-1.1.2.tar.gz
> +c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c nginx-upload-progress-module-0.9.2.tar.gz
> +e7c897265d1e93b06f7e46a653b113e24d2451e2112a7a6da415f130928437444a0346832fd9c10042397fea6120e4e44acc2bccf649ec30ca5bffbf985672e2 nginx-rtmp-module-1.1.11.tar.gz
> +9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0 naxsi-0.55.3.tar.gz
> +c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11ecf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0db7e3 ngx_cache_purge-2.3.0.1.tar.gz
> +fd305b859c868ef55171b05f64071a2836c12073bcd89d6197af4946a3d1177f77c6708d4d589d460c84967273dee87ca9de97ab0f0d47e6d65f86b465d70316 nginx-upstream-fair-0.1.1.tar.gz
> +2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e07e1 tengine-http-sysguard-2.2.0.tar.gz
> +2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce sysguard.patch"
> diff --git a/testing/nginx-naxsi/ipv6.patch b/testing/nginx-current/ipv6.patch
> similarity index 100%
> rename from testing/nginx-naxsi/ipv6.patch
> rename to testing/nginx-current/ipv6.patch
> diff --git a/testing/nginx-naxsi/sysguard.patch b/testing/nginx-current/sysguard.patch
> similarity index 100%
> rename from testing/nginx-naxsi/sysguard.patch
> rename to testing/nginx-current/sysguard.patch
> diff --git a/testing/nginx-naxsi/APKBUILD b/testing/nginx-naxsi/APKBUILD
> deleted file mode 100644
> index c020427da8..0000000000
> --- a/testing/nginx-naxsi/APKBUILD
> +++ /dev/null
> _at__at_ -1,204 +0,0 @@
> -# Maintainer: Stuart Cardall <developer_at_it-offshore.co.uk> <developer_at_it-offshore.co.uk>
> -# Contributor: Cameron Banta <cbanta_at_gmail.com> <cbanta_at_gmail.com>
> -# Contributor: Jeff Bilyk <jbilyk_at_gmail.com> <jbilyk_at_gmail.com>
> -# Contributor: Bartłomiej Piotrowski <nospam_at_bpiotrowski.pl> <nospam_at_bpiotrowski.pl>
> -
> -pkgname=nginx-naxsi
> -_pkgname=nginx
> -pkgver=1.11.9
> -pkgrel=0
> -pkgdesc="Lightweight HTTP and reverse proxy server with Naxsi WAF support, see also 'nxapi'"
> -url="http://www.nginx.org | https://github.com/nbs-system/naxsi" <http://www.nginx.org%7Chttps://github.com/nbs-system/naxsi>
> -arch="all"
> -license="custom"
> -
> -# Modules
> -_ngx_naxsi_name=naxsi
> -_ngx_naxsi_ver=0.55.1
> -_ngx_naxsi_dir="$srcdir/$_ngx_naxsi_name-$_ngx_naxsi_ver/naxsi_src"
> -
> -_ngx_cache_purge_name=ngx_cache_purge
> -_ngx_cache_purge_ver=2.3.0.1
> -_ngx_cache_purge_dir="$srcdir/$_ngx_cache_purge_name-$_ngx_cache_purge_ver"
> -
> -_ngx_upstream_fair_name=nginx-upstream-fair
> -_ngx_upstream_fair_ver=0.1.1
> -_ngx_upstream_fair_dir="$srcdir/$_ngx_upstream_fair_name-$_ngx_upstream_fair_ver"
> -
> -_ngx_http_sysguard_name=tengine-http-sysguard
> -_ngx_http_sysguard_ver=2.2.0
> -_ngx_http_sysguard_dir="$srcdir/$_ngx_http_sysguard_name-$_ngx_http_sysguard_ver"
> -
> -depends="!nginx"
> -makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev libressl-dev
> - pcre-dev perl-dev pkgconf zlib-dev"
> -pkgusers="nginx"
> -_grp_ngx="nginx"
> -_grp_www="www-data"
> -pkggroups="$_grp_ngx $_grp_www"
> -install="$pkgname.pre-install $pkgname.pre-upgrade"
> -subpackages="$pkgname-doc"
> -source="http://nginx.org/download/$_pkgname-$pkgver.tar.gz
> - naxsi-$_ngx_naxsi_ver.tar.gz::https://github.com/nbs-system/$_ngx_naxsi_name/archive/$_ngx_naxsi_ver.tar.gz
> - ngx_cache_purge-$_ngx_cache_purge_ver.tar.gz::https://github.com/itoffshore/$_ngx_cache_purge_name/archive/v$_ngx_cache_purge_ver.tar.gz
> - upstream-fair-$_ngx_upstream_fair_ver.tar.gz::https://github.com/itoffshore/$_ngx_upstream_fair_name/archive/v$_ngx_upstream_fair_ver.tar.gz
> - sysguard-$_ngx_http_sysguard_ver.tar.gz::https://github.com/itoffshore/$_ngx_http_sysguard_name/archive/v$_ngx_http_sysguard_ver.tar.gz
> -
> - anonymise.patch
> - ipv6.patch
> - sysguard.patch
> -
> - nginx.initd
> - nginx.logrotate
> - " <http://nginx.org/download/$_pkgname-$pkgver.tar.gz-naxsi-$_ngx_naxsi_ver.tar.gz::https://github.com/nbs-system/$_ngx_naxsi_name/archive/$_ngx_naxsi_ver.tar.gz-ngx_cache_purge-$_ngx_cache_purge_ver.tar.gz::https://github.com/itoffshore/$_ngx_cache_purge_name/archive/v$_ngx_cache_purge_ver.tar.gz-upstream-fair-$_ngx_upstream_fair_ver.tar.gz::https://github.com/itoffshore/$_ngx_upstream_fair_name/archive/v$_ngx_upstream_fair_ver.tar.gz-sysguard-$_ngx_http_sysguard_ver.tar.gz::https://github.com/itoffshore/$_ngx_http_sysguard_name/archive/v$_ngx_http_sysguard_ver.tar.gz--anonymise.patch-ipv6.patch-sysguard.patch--nginx.initd-nginx.logrotate->
> -builddir="$srcdir"/$_pkgname-$pkgver
> -
> -_modules_dir="usr/lib/nginx/modules"
> -_modules="
> - http-geoip
> - http-image-filter
> - http-perl
> - http-xslt-filter
> - mail
> - stream
> - http-naxsi
> - http-cache-purge
> - http-upstream-fair
> - http-sysguard
> - "
> -
> -for _m in $_modules; do
> - subpackages="$subpackages $pkgname-mod-$_m:_module"
> -done
> -
> -
> -build() {
> - cd "$builddir"
> - ./configure \
> - --prefix=/var/lib/$_pkgname \
> - --sbin-path=/usr/sbin/$_pkgname \
> - --modules-path=/$_modules_dir \
> - --conf-path=/etc/$_pkgname/$_pkgname.conf \
> - --pid-path=/run/$_pkgname/$_pkgname.pid \
> - --lock-path=/run/$_pkgname/$_pkgname.lock \
> - --error-log-path=/var/log/$_pkgname/error.log \
> - --http-log-path=/var/log/$_pkgname/access.log \
> - --http-client-body-temp-path=/var/lib/$_pkgname/tmp/client_body \
> - --http-proxy-temp-path=/var/lib/$_pkgname/tmp/proxy \
> - --http-fastcgi-temp-path=/var/lib/$_pkgname/tmp/fastcgi \
> - --with-perl_modules_path=/usr/lib/perl5/vendor_perl \
> - \
> - --user=$pkgusers \
> - --group=$_grp_ngx \
> - --with-threads \
> - --with-file-aio \
> - --without-http_uwsgi_module \
> - --without-http_scgi_module \
> - \
> - --with-http_ssl_module \
> - --with-http_v2_module \
> - --with-http_realip_module \
> - --with-http_addition_module \
> - --with-http_sub_module \
> - --with-http_dav_module \
> - --with-http_flv_module \
> - --with-http_mp4_module \
> - --with-http_gunzip_module \
> - --with-http_gzip_static_module \
> - --with-http_auth_request_module \
> - --with-http_random_index_module \
> - --with-http_secure_link_module \
> - --with-http_slice_module \
> - --with-http_stub_status_module \
> - --with-http_realip_module \
> - --with-http_xslt_module=dynamic \
> - --with-http_image_filter_module=dynamic \
> - --with-http_geoip_module=dynamic \
> - --with-http_perl_module=dynamic \
> - --with-mail=dynamic \
> - --with-mail_ssl_module \
> - --with-stream=dynamic \
> - --with-stream_ssl_module \
> - \
> - --add-dynamic-module="$_ngx_naxsi_dir" \
> - --add-dynamic-module="$_ngx_cache_purge_dir" \
> - --add-dynamic-module="$_ngx_upstream_fair_dir" \
> - --add-dynamic-module="$_ngx_http_sysguard_dir" \
> - || return 1
> - make || return 1
> -}
> -
> -package() {
> - cd "$builddir"
> -
> - make DESTDIR="$pkgdir" install
> -
> - install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
> - install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README
> -
> - cd "$pkgdir"
> -
> - install -Dm644 "$srcdir"/nginx.conf ./etc/$_pkgname/nginx.conf
> - install -Dm644 "$srcdir"/default.conf ./etc/$_pkgname/conf.d/default.conf
> - install -m755 -D "$srcdir"/$_pkgname.initd ./etc/init.d/$_pkgname
> - install -m644 -D "$srcdir"/$_pkgname.logrotate ./etc/logrotate.d/$_pkgname
> - install -m644 -D "$srcdir"/naxsi-$_ngx_naxsi_ver/naxsi_config/naxsi_core.rules ./etc/nginx/naxsi_core.rules
> -
> - install -dm755 ./etc/$_pkgname/modules
> - install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname
> - install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname/tmp
> -
> - ln -sf /$_modules_dir ./var/lib/$_pkgname/modules
> - ln -sf /var/log/$_pkgname ./var/lib/$_pkgname/logs
> - ln -sf /run/$_pkgname ./var/lib/$_pkgname/run
> -
> - rm -rf ./run ./etc/$_pkgname/*.default
> -}
> -
> -_module() {
> - local name="${subpkgname#$pkgname-mod-}"
> - name="${name//-/_}"
> - soname="ngx_${name}_module.so"
> -
> - pkgdesc="$pkgdesc (module $name)"
> - depends="!nginx-mod-$name"
> - provides="$name"
> -
> - mkdir -p "$subpkgdir"/$_modules_dir
> - cd "$subpkgdir"
> -
> - mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname || return 1
> - mkdir -p "$subpkgdir"/etc/nginx/modules
> - echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf
> -}
> -
> -md5sums="7aeca793819c2b8df134c0b1cfe98361 nginx-1.11.9.tar.gz
> -b894ea5327a3d102a56aeddb79d2e047 naxsi-0.55.1.tar.gz
> -dedef1e47a26500993a88c96112d5d0f ngx_cache_purge-2.3.0.1.tar.gz
> -233861df4dc0872f727fc4c7e5c72dca upstream-fair-0.1.1.tar.gz
> -3a72f075bb114f1a97976c088a81c7f7 sysguard-2.2.0.tar.gz
> -31d29937da95b31714faa399aeb07407 anonymise.patch
> -f478d8391dafa32a8b0b3a9f21d7a080 ipv6.patch
> -50357b75049d878c0bcce10d0c60f9ed sysguard.patch
> -2e56b3f21f19aecc5500c9efc9222782 nginx.initd
> -8823274a834332d3db4f62bf7dd1fb7d nginx.logrotate"
> -sha256sums="dc22b71f16b551705930544dc042f1ad1af2f9715f565187ec22c7a4b2625748 nginx-1.11.9.tar.gz
> -45dd0df7a6b0b6aa9c64eb8c39a8e294d659d87fb18e192cf58f1402f3cdb0a8 naxsi-0.55.1.tar.gz
> -5da9360cd805a432ea7a08832ec3dd3a5d9f1574f71b3acdd53210610aee94e5 ngx_cache_purge-2.3.0.1.tar.gz
> -e8aec578f03259c6f457575360f70d57aea385a1864562b0ba6e57d6a75d52c7 upstream-fair-0.1.1.tar.gz
> -6051eb52361d602011b4c7e88b63384bcc8ebc4b004bd4b12eec3e5dce953f1d sysguard-2.2.0.tar.gz
> -28adf3605875197d5822fa382f5fd3c9c80f7d3a561e904fee223fa051f98810 anonymise.patch
> -4a1a24a92657432012f08c52e8099c7abae390c9c4cb76483cacd012e26a57ac ipv6.patch
> -18090329435c32d91621a5943acc5b8bbe89aaa3c2fa334c3a4cdeb00efb6226 sysguard.patch
> -decb084e29b584fb54b57a199f5a480dd77a4c1b3ef3da515c2eb76bd32172c5 nginx.initd
> -cea0c6f8de55a4c3a3eccc57910de1c3116634082c8e5b660630fb927a29f38d nginx.logrotate"
> -sha512sums="95247d5db3e23a0ea22686cc3fe4295f8854948a6f168a783082fdbb2acbecdad61cd9c8cadd84c1f74c1e87becdca8d6664622ff9cebc72687f20b29cc09fd0 nginx-1.11.9.tar.gz
> -aebda20e5b78e9111b7bac1e15829258e6b85b80e4ce333e4dba8caead36287b3f0fcb453c51d7c59f07d637fa62f5c6b23aecd3bf6a3c3da4abebf1a6689f14 naxsi-0.55.1.tar.gz
> -c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11ecf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0db7e3 ngx_cache_purge-2.3.0.1.tar.gz
> -fd305b859c868ef55171b05f64071a2836c12073bcd89d6197af4946a3d1177f77c6708d4d589d460c84967273dee87ca9de97ab0f0d47e6d65f86b465d70316 upstream-fair-0.1.1.tar.gz
> -2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e07e1 sysguard-2.2.0.tar.gz
> -f8e46dafcf553edd35699dc2a47a54756e0a4c690fc13f81436ad9db1026739ba331ad99d3d05d8a7c089a5c067bf45f4aca3a98fdd9483b7b0123a837e695be anonymise.patch
> -cae9f842c3d1188730d4355440476ad2338b19c027c4b329efe88d4487e90d96bf60dea6feb4be6a6f96d4b356fc154345e32c2bb643d70f68e428df26330a49 ipv6.patch
> -2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce sysguard.patch
> -6c27d605536a31159b65776098926ede0b5045210b190e803681a10c06a10556283d873e772fd635642b18846549ec3a18989ca9fe6466f120ce9e1327dcacd5 nginx.initd
> -01b77cff16f6e8bfd7fa1d4d20f625bbcddd08f0509173452d060c342c93dc315a7b0560f4734323a5d29ea294de0491f2e3f32e5337574e1a28ebc005eceea8 nginx.logrotate"
> diff --git a/testing/nginx-naxsi/anonymise.patch b/testing/nginx-naxsi/anonymise.patch
> deleted file mode 100644
> index 17bca99b51..0000000000
> --- a/testing/nginx-naxsi/anonymise.patch
> +++ /dev/null
> _at__at_ -1,76 +0,0 @@
> ---- nginx-1.6.1/src/http/ngx_http_header_filter_module.c
> -+++ nginx-1.6.1/src/http/ngx_http_header_filter_module.c
> -_at__at_ -46,8 +46,8 @@
> - };
> -
> -
> --static char ngx_http_server_string[] = "Server: nginx" CRLF;
> --static char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;
> -+static char ngx_http_server_string[] = "";
> -+static char ngx_http_server_full_string[] = "";
> -
> -
> - static ngx_str_t ngx_http_status_lines[] = {
> -_at__at_ -278,8 +278,8 @@
> - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
> -
> - if (r->headers_out.server == NULL) {
> -- len += clcf->server_tokens ? sizeof(ngx_http_server_full_string) - 1:
> -- sizeof(ngx_http_server_string) - 1;
> -+ len += clcf->server_tokens ? sizeof(ngx_http_server_full_string) - 0:
> -+ sizeof(ngx_http_server_string) - 0;
> - }
> -
> - if (r->headers_out.date == NULL) {
> ---- nginx-1.6.1/src/http/ngx_http_special_response.c
> -+++ nginx-1.6.1/src/http/ngx_http_special_response.c
> -_at__at_ -19,14 +19,14 @@
> -
> -
> - static u_char ngx_http_error_full_tail[] =
> --"<hr><center>" NGINX_VER "</center>" CRLF
> -+"<hr><center>127.0.0.1</center>" CRLF
> - "</body>" CRLF
> - "</html>" CRLF
> - ;
> -
> -
> - static u_char ngx_http_error_tail[] =
> --"<hr><center>nginx</center>" CRLF
> -+"<hr><center>localhost</center>" CRLF
> - "</body>" CRLF
> - "</html>" CRLF
> - ;
> ---- nginx-1.9.12/src/http/v2/ngx_http_v2_filter_module.c
> -+++ nginx-1.9.12/src/http/v2/ngx_http_v2_filter_module.c.new
> -_at__at_ -229,9 +229,9 @@
> -
> - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
> -
> -- if (r->headers_out.server == NULL) {
> -+/* if (r->headers_out.server == NULL) {
> - len += 1 + (clcf->server_tokens ? nginx_ver_len : sizeof(nginx));
> -- }
> -+ } */
> -
> - if (r->headers_out.date == NULL) {
> - len += 1 + ngx_http_v2_literal_size("Wed, 31 Dec 1986 18:00:00 GMT");
> -_at__at_ -434,7 +434,7 @@
> - pos = ngx_sprintf(pos, "%03ui", r->headers_out.status);
> - }
> -
> -- if (r->headers_out.server == NULL) {
> -+/* if (r->headers_out.server == NULL) {
> - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0,
> - "http2 output header: \"server: %s\"",
> - clcf->server_tokens ? NGINX_VER : "nginx");
> -_at__at_ -453,7 +453,7 @@
> - } else {
> - pos = ngx_cpymem(pos, nginx, sizeof(nginx));
> - }
> -- }
> -+ } */
> -
> - if (r->headers_out.date == NULL) {
> - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0,
> -
> diff --git a/testing/nginx-naxsi/default.conf b/testing/nginx-naxsi/default.conf
> deleted file mode 100644
> index 9ae25d8fca..0000000000
> --- a/testing/nginx-naxsi/default.conf
> +++ /dev/null
> _at__at_ -1,18 +0,0 @@
> -# This is a default site configuration which will simply return 404, preventing
> -# chance access to any other virtualhost.
> -
> -server {
> - listen 80 default_server;
> - listen [::]:80 default_server;
> -
> - # Everything is a 404
> - location / {
> - return 404;
> - }
> -
> - # You may need this to prevent return 404 recursion.
> - location = /404.html {
> - internal;
> - }
> -}
> -
> diff --git a/testing/nginx-naxsi/nginx-naxsi.pre-install b/testing/nginx-naxsi/nginx-naxsi.pre-install
> deleted file mode 100644
> index 8512f43dda..0000000000
> --- a/testing/nginx-naxsi/nginx-naxsi.pre-install
> +++ /dev/null
> _at__at_ -1,9 +0,0 @@
> -#!/bin/sh
> -
> -addgroup -S -g 82 www-data 2>/dev/null
> -addgroup -S nginx 2>/dev/null
> -adduser -S -D -H -h /var/www/localhost/htdocs -s /sbin/nologin -G nginx \
> - -g nginx nginx 2>/dev/null
> -addgroup nginx www-data 2>/dev/null
> -
> -exit 0
> diff --git a/testing/nginx-naxsi/nginx-naxsi.pre-upgrade b/testing/nginx-naxsi/nginx-naxsi.pre-upgrade
> deleted file mode 120000
> index 364e0b943c..0000000000
> --- a/testing/nginx-naxsi/nginx-naxsi.pre-upgrade
> +++ /dev/null
> _at__at_ -1 +0,0 @@
> -nginx-naxsi.pre-install
> \ No newline at end of file
> diff --git a/testing/nginx-naxsi/nginx.conf b/testing/nginx-naxsi/nginx.conf
> deleted file mode 100644
> index c637b92e32..0000000000
> --- a/testing/nginx-naxsi/nginx.conf
> +++ /dev/null
> _at__at_ -1,92 +0,0 @@
> -# /etc/nginx/nginx.conf
> -
> -user nginx;
> -
> -# Set number of worker processes automatically based on number of CPU cores.
> -worker_processes auto;
> -
> -# Enables the use of JIT for regular expressions to speed-up their processing.
> -pcre_jit on;
> -
> -# Configures default error logger.
> -error_log /var/log/nginx/error.log warn;
> -
> -# Includes files with directives to load dynamic modules.
> -include /etc/nginx/modules/*.conf;
> -
> -
> -events {
> - # The maximum number of simultaneous connections that can be opened by
> - # a worker process.
> - worker_connections 1024;
> -}
> -
> -http {
> - # Includes mapping of file name extensions to MIME types of responses
> - # and defines the default type.
> - include /etc/nginx/mime.types;
> - default_type application/octet-stream;
> -
> - # Name servers used to resolve names of upstream servers into addresses.
> - # It's also needed when using tcpsocket and udpsocket in Lua modules.
> - #resolver 208.67.222.222 208.67.220.220;
> -
> - # Don't tell nginx version to clients.
> - server_tokens off;
> -
> - # Specifies the maximum accepted body size of a client request, as
> - # indicated by the request header Content-Length. If the stated content
> - # length is greater than this size, then the client receives the HTTP
> - # error code 413. Set to 0 to disable.
> - client_max_body_size 1m;
> -
> - # Timeout for keep-alive connections. Server will close connections after
> - # this time.
> - keepalive_timeout 65;
> -
> - # Sendfile copies data between one FD and other from within the kernel,
> - # which is more efficient than read() + write().
> - sendfile on;
> -
> - # Don't buffer data-sends (disable Nagle algorithm).
> - # Good for sending frequent small bursts of data in real time.
> - tcp_nodelay on;
> -
> - # Causes nginx to attempt to send its HTTP response head in one packet,
> - # instead of using partial frames.
> - #tcp_nopush on;
> -
> -
> - # Path of the file with Diffie-Hellman parameters for EDH ciphers.
> - #ssl_dhparam /etc/ssl/nginx/dh2048.pem;
> -
> - # Specifies that our cipher suits should be preferred over client ciphers.
> - ssl_prefer_server_ciphers on;
> -
> - # Enables a shared SSL cache with size that can hold around 8000 sessions.
> - ssl_session_cache shared:SSL:2m;
> -
> -
> - # Enable gzipping of responses.
> - #gzip on;
> -
> - # Set the Vary HTTP header as defined in the RFC 2616.
> - gzip_vary on;
> -
> - # Enable checking the existence of precompressed files.
> - #gzip_static on;
> -
> -
> - # Specifies the main log format.
> - log_format main '$remote_addr - $remote_user [$time_local] "$request" '
> - '$status $body_bytes_sent "$http_referer" '
> - '"$http_user_agent" "$http_x_forwarded_for"';
> -
> - # Sets the path, format, and configuration for a buffered log write.
> - access_log /var/log/nginx/access.log main;
> -
> -
> - # Includes virtual hosts configs.
> - include /etc/nginx/conf.d/*.conf;
> -}
> -
> diff --git a/testing/nginx-naxsi/nginx.initd b/testing/nginx-naxsi/nginx.initd
> deleted file mode 100644
> index 9e51e7dfa3..0000000000
> --- a/testing/nginx-naxsi/nginx.initd
> +++ /dev/null
> _at__at_ -1,67 +0,0 @@
> -#!/sbin/openrc-run
> -
> -description="Nginx http and reverse proxy server"
> -extra_started_commands="reload reopen upgrade"
> -
> -cfgfile=${cfgfile:-/etc/nginx/nginx.conf}
> -pidfile=/run/nginx/nginx.pid
> -command=/usr/sbin/nginx
> -command_args="-c $cfgfile"
> -required_files="$cfgfile"
> -
> -depend() {
> - need net
> - use dns logger netmount
> -}
> -
> -start_pre() {
> - ebegin
> - checkpath --directory --owner nginx:nginx ${pidfile%/*}
> - $command $command_args -t -q
> - eend $?
> -}
> -
> -reload() {
> - ebegin "Reloading ${SVCNAME} configuration"
> - start_pre && start-stop-daemon --signal HUP --pidfile $pidfile
> - eend $?
> -}
> -
> -reopen() {
> - ebegin "Reopening ${SVCNAME} log files"
> - start-stop-daemon --signal USR1 --pidfile $pidfile
> - eend $?
> -}
> -
> -upgrade() {
> - start_pre || return 1
> -
> - ebegin "Upgrading ${SVCNAME} binary"
> -
> - einfo "Sending USR2 to old binary"
> - start-stop-daemon --signal USR2 --pidfile $pidfile
> -
> - einfo "Sleeping 3 seconds before pid-files checking"
> - sleep 3
> -
> - if [ ! -f $pidfile.oldbin ]; then
> - eerror "File with old pid ($pidfile.oldbin) not found"
> - return 1
> - fi
> -
> - if [ ! -f $pidfile ]; then
> - eerror "New binary failed to start"
> - return 1
> - fi
> -
> - einfo "Sleeping 3 seconds before WINCH"
> - sleep 3 ; start-stop-daemon --signal 28 --pidfile $pidfile.oldbin
> -
> - einfo "Sending QUIT to old binary"
> - start-stop-daemon --signal QUIT --pidfile $pidfile.oldbin
> -
> - einfo "Upgrade completed"
> -
> - eend $? "Upgrade failed"
> -}
> -
> diff --git a/testing/nginx-naxsi/nginx.logrotate b/testing/nginx-naxsi/nginx.logrotate
> deleted file mode 100644
> index 7778b1108b..0000000000
> --- a/testing/nginx-naxsi/nginx.logrotate
> +++ /dev/null
> _at__at_ -1,12 +0,0 @@
> -# Copyright 1999-2010 Gentoo Foundation
> -# Distributed under the terms of the GNU General Public License v2
> -# $Header: /var/cvsroot/gentoo-x86/www-servers/nginx/files/nginx.logrotate,v 1.1 2010/01/03 20:29:40 djc Exp $
> -
> -/var/log/nginx/*.log {
> - missingok
> - sharedscripts
> - postrotate
> - kill -USR1 `cat /var/run/nginx.pid`
> - endscript
> -}
> -
>
>
>



---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Fri Mar 17 2017 - 14:45:04 GMT