X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-ua0-f175.google.com (mail-ua0-f175.google.com [209.85.217.175]) by lists.alpinelinux.org (Postfix) with ESMTP id 805E25C055C for ; Fri, 17 Mar 2017 12:45:05 +0000 (GMT) Received: by mail-ua0-f175.google.com with SMTP id 72so43220706uaf.3 for ; Fri, 17 Mar 2017 05:45:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=j26GG4mWsdvD+lHuckdp0f0zhWmbwiOCl8vi4atSHcY=; b=kSauGT2mvzusvW/vE/k8g43LGzLQAExMhfpyj2++t3mWC7Tq+MPa9rv4P6GuJQBf7B qdXL6D+Q0aIG/nBd9DjLAA+R9wQG1UiCpOB+9IxDtODyLSM1AqzS43cjU0sWR7WjhSfj ls8TBGjkOKRcSkH/pAGIFqAh/zLxNj65Getj4Ox9lq9L0zwPj/47beEd1BQo75vmQqFi NIoNqjc9olVws9ffw+FYvdhT48+H/Ac33V18rRm36aOn2PfDSe+xiS++8DnXb7P/wpMg eM3I62+F7ZQ2eA1ve+rMw48gAT238qUSrCAcWUFkwn26kiSid2uWRrlmnhXTWUwaCujV xvAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=j26GG4mWsdvD+lHuckdp0f0zhWmbwiOCl8vi4atSHcY=; b=PC+E/l7xOo4YyKWWdLoZmU+4hiBNAVpOSX2raCmqBBpbIHYL0mAInLe80DWFiZzd4g GhVjizLzUC1VA2ZjHNjSyJtPZawyWFeKE0I66xbxeTmqD38y5zbPzGwND3gjM+PL/rd8 uLzHLTKbYIG9G/+sWvC3SQ3AKrTnK7NhazAcVhKK9Eg7K7Twe8tkrQ28KuI1hDBMUE6+ HKn5FR4HUGYo7X8x6zhM22b9+25iakhSyN47a4EG+YxaUVTFwxcpfF/YsgzFLdeiQaiA pY6ZErewpb4VbTn7vBcUh2Flke/p2yNxjRcnNZODlyt0z3Zhev5sxnxmDUFTBhnYr9AJ Aw0w== X-Gm-Message-State: AFeK/H3zcEapVvzNdVO2S3j/4KV3ZoeStXVjYsDbpcsvcl88EEvsvSNUJKVuU/CoHGQ4YYKQVfat2MBlvKG8rw== X-Received: by 10.159.48.193 with SMTP id k1mr5159500uab.49.1489754704637; Fri, 17 Mar 2017 05:45:04 -0700 (PDT) X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Received: by 10.103.104.66 with HTTP; Fri, 17 Mar 2017 05:45:04 -0700 (PDT) In-Reply-To: References: <20170317113156.2367-1-valery.kartel@gmail.com> From: Valery Kartel Date: Fri, 17 Mar 2017 14:45:04 +0200 Message-ID: Subject: Re: [alpine-aports] [PATCH] rename: testing/nginx-naxsi -> testing/nginx-current To: Stuart Cardall Cc: alpine-aports Content-Type: multipart/alternative; boundary=f403045e19c0f8f490054aec8bb3 --f403045e19c0f8f490054aec8bb3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I just looked at nginx and nginx-naxsi APKBUILD and decided that they are similar and differ only in release (stable and current). But not payed attention to lua and paxmark. Sorry. I revoke this patch. 2017-03-17 14:28 GMT+02:00 Stuart Cardall : > I don't agree to the name change & adding lua / disabling the PaX memory > protections. > > I keep nginx-naxsi as light & secure as possible so it's harder to > exploit. The memory protections help stop attacks & lower ram usage. > > Valery - why don't you create a completely new nginx-current ? > > Stuart Cardall. > > On 03/17/2017 11:31 AM, Valery Kartel wrote: > > - upgrade to 1.11.10 > - sync with /main/nginx APKBUILD > --- > testing/nginx-current/APKBUILD | 225 +++++++++++++++= ++++++ > testing/{nginx-naxsi =3D> nginx-current}/ipv6.patch | 0 > .../{nginx-naxsi =3D> nginx-current}/sysguard.patch | 0 > testing/nginx-naxsi/APKBUILD | 204 ---------------= ---- > testing/nginx-naxsi/anonymise.patch | 76 ------- > testing/nginx-naxsi/default.conf | 18 -- > testing/nginx-naxsi/nginx-naxsi.pre-install | 9 - > testing/nginx-naxsi/nginx-naxsi.pre-upgrade | 1 - > testing/nginx-naxsi/nginx.conf | 92 --------- > testing/nginx-naxsi/nginx.initd | 67 ------ > testing/nginx-naxsi/nginx.logrotate | 12 -- > 11 files changed, 225 insertions(+), 479 deletions(-) > create mode 100644 testing/nginx-current/APKBUILD > rename testing/{nginx-naxsi =3D> nginx-current}/ipv6.patch (100%) > rename testing/{nginx-naxsi =3D> nginx-current}/sysguard.patch (100%) > delete mode 100644 testing/nginx-naxsi/APKBUILD > delete mode 100644 testing/nginx-naxsi/anonymise.patch > delete mode 100644 testing/nginx-naxsi/default.conf > delete mode 100644 testing/nginx-naxsi/nginx-naxsi.pre-install > delete mode 120000 testing/nginx-naxsi/nginx-naxsi.pre-upgrade > delete mode 100644 testing/nginx-naxsi/nginx.conf > delete mode 100644 testing/nginx-naxsi/nginx.initd > delete mode 100644 testing/nginx-naxsi/nginx.logrotate > > diff --git a/testing/nginx-current/APKBUILD b/testing/nginx-current/APKBU= ILD > new file mode 100644 > index 0000000000..383f6e48c1 > --- /dev/null > +++ b/testing/nginx-current/APKBUILD > @@ -0,0 +1,225 @@ > +# Maintainer: Stuart Cardall > +# Contributor: Cameron Banta > +# Contributor: Jeff Bilyk > +# Contributor: Bart=C5=82omiej Piotrowski > +# Contributor: Valery Kartel > + > +pkgname=3Dnginx-current > +_pkgreal=3Dnginx > +pkgver=3D1.11.10 > +pkgrel=3D0 > +pkgdesc=3D"HTTP and reverse proxy server (current release)" > +url=3D"http://www.nginx.org/en" > +arch=3D"all" > +options=3D"!check" > +license=3D"custom" > +depends=3D"" > +replaces=3D"$_pkgreal" > +provides=3D"$_pkgreal-$pkgver-r$pkgrel" > +[ "$CARCH" =3D "s390x" ] && _lua_dep=3D"lua5.1-dev" || _lua_dep=3D"luaji= t-dev" > +makedepends=3D"linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev $_= lua_dep > + libressl-dev paxmark pcre-dev perl-dev pkgconf zlib-dev" > +subpackages=3D"$pkgname-doc $pkgname-mod-http-perl:_perl" > + > +# Modules with external sources > +_dkmod=3Dngx_devel_kit > +_dkver=3D0.3.0 > +_modsub=3D"$_modsub devel-kit:ndk_http_module" > +_modcfg=3D"$_modcfg --add-dynamic-module=3D${_dksrc:=3D$srcdir/$_dkmod-$= _dkver}" > +_modsrc=3D"$_modsrc $_dkmod-$_dkver.tar.gz::https://github.com/simpl/$_d= kmod/archive/v$_dkver.tar.gz" > + > +_ecmod=3Decho-nginx-module > +_ecver=3D0.60 > +_modsub=3D"$_modsub http-echo" > +_modcfg=3D"$_modcfg --add-dynamic-module=3D${_ecsrc:=3D$srcdir/$_ecmod-$= _ecver}" > +_modsrc=3D"$_modsrc $_ecmod-$_ecver.tar.gz::https://github.com/openresty= /$_ecmod/archive/v$_ecver.tar.gz" > + > +_fimod=3Dngx-fancyindex > +_fiver=3D0.4.1 > +_modsub=3D"$_modsub http-fancyindex" > +_modcfg=3D"$_modcfg --add-dynamic-module=3D${_fisrc:=3D$srcdir/$_fimod-$= _fiver}" > +_modsrc=3D"$_modsrc $_fimod-$_fiver.tar.gz::https://github.com/aperezdc/= $_fimod/archive/v$_fiver.tar.gz" > + > +_hmmod=3Dheaders-more-nginx-module > +_hmver=3D0.32 > +_modsub=3D"$_modsub http-headers-more:ngx_http_headers_more_filter_modul= e" > +_modcfg=3D"$_modcfg --add-dynamic-module=3D${_hmsrc:=3D$srcdir/$_hmmod-$= _hmver}" > +_modsrc=3D"$_modsrc $_hmmod-$_hmver.tar.gz::https://github.com/openresty= /$_hmmod/archive/v$_hmver.tar.gz" > + > +_lumod=3Dlua-nginx-module > +_luver=3D0.10.7 > +_modsub=3D"$_modsub http-lua" > +_modcfg=3D"$_modcfg --add-dynamic-module=3D${_lusrc:=3D$srcdir/$_lumod-$= _luver}" > +_modsrc=3D"$_modsrc $_lumod-$_luver.tar.gz::https://github.com/openresty= /$_lumod/archive/v$_luver.tar.gz" > +_http_lua_depends=3D"$pkgname-mod-devel-kit" > + > +_ncmod=3Dnchan > +_ncver=3D1.1.2 > +_modsub=3D"$_modsub http-nchan:ngx_nchan_module" > +_modcfg=3D"$_modcfg --add-dynamic-module=3D${_ncsrc:=3D$srcdir/$_ncmod-$= _ncver}" > +_modsrc=3D"$_modsrc $_ncmod-$_ncver.tar.gz::https://github.com/slact/$_n= cmod/archive/v$_ncver.tar.gz" > + > +_upmod=3Dnginx-upload-progress-module > +_upver=3D0.9.2 > +_modsub=3D"$_modsub http-upload-progress:ngx_http_uploadprogress_module" > +_modcfg=3D"$_modcfg --add-dynamic-module=3D${_upsrc:=3D$srcdir/$_upmod-$= _upver}" > +_modsrc=3D"$_modsrc $_upmod-$_upver.tar.gz::https://github.com/masterzen= /$_upmod/archive/v$_upver.tar.gz" > + > +_rtmod=3Dnginx-rtmp-module > +_rtver=3D1.1.11 > +_modsub=3D"$_modsub rtmp" > +_modcfg=3D"$_modcfg --add-dynamic-module=3D${_rtsrc:=3D$srcdir/$_rtmod-$= _rtver}" > +_modsrc=3D"$_modsrc $_rtmod-$_rtver.tar.gz::https://github.com/arut/$_rt= mod/archive/v$_rtver.tar.gz" > + > +_nxmod=3Dnaxsi > +_nxver=3D0.55.3 > +_modsub=3D"$_modsub http-naxsi" > +_modcfg=3D"$_modcfg --add-dynamic-module=3D${_nxsrc:=3D$srcdir/$_nxmod-$= _nxver/naxsi_src}" > +_modsrc=3D"$_modsrc $_nxmod-$_nxver.tar.gz::https://github.com/nbs-syste= m/$_nxmod/archive/$_nxver.tar.gz" > + > +_cpmod=3Dngx_cache_purge > +_cpver=3D2.3.0.1 > +_modsub=3D"$_modsub http-cache-purge" > +_modcfg=3D"$_modcfg --add-dynamic-module=3D${_cpsrc:=3D$srcdir/$_cpmod-$= _cpver}" > +_modsrc=3D"$_modsrc $_cpmod-$_cpver.tar.gz::https://github.com/itoffshor= e/$_cpmod/archive/v$_cpver.tar.gz" > + > +_ufmod=3Dnginx-upstream-fair > +_ufver=3D0.1.1 > +_modsub=3D"$_modsub http-upstream-fair" > +_modcfg=3D"$_modcfg --add-dynamic-module=3D${_ufsrc:=3D$srcdir/$_ufmod-$= _ufver}" > +_modsrc=3D"$_modsrc $_ufmod-$_ufver.tar.gz::https://github.com/itoffshor= e/$_ufmod/archive/v$_ufver.tar.gz" > + > +_sgmod=3Dtengine-http-sysguard > +_sgver=3D2.2.0 > +_modsub=3D"$_modsub http-sysguard" > +_modcfg=3D"$_modcfg --add-dynamic-module=3D${_sgsrc:=3D$srcdir/$_sgmod-$= _sgver}" > +_modsrc=3D"$_modsrc $_sgmod-$_sgver.tar.gz::https://github.com/itoffshor= e/$_sgmod/archive/v$_sgver.tar.gz > + sysguard.patch" > + > +source=3D"http://nginx.org/download/$_pkgreal-$pkgver.tar.gz > + ipv6.patch > + $_modsrc > + " > + > +_module_dir=3Dusr/lib/$_pkgreal > +for _module in http-geoip http-image-filter http-xslt-filter mail stream= $_modsub; do > + _modvar=3D${_module//-/_} > + [ -z "${_module##*:*}" ] && eval _so_${_modvar%:*}=3D${_module#*:} > + subpackages=3D"$subpackages $pkgname-mod-${_module%:*}:_module" > +done > + > +builddir=3D"$srcdir/$_pkgreal-$pkgver" > + > +build() { > + cd "$builddir" > + > + export LUAJIT_LIB=3D"$(pkgconf --variable=3Dlibdir luajit)" > + export LUAJIT_INC=3D"$(pkgconf --variable=3Dincludedir luajit)" > + ./configure \ > + --prefix=3D/var/lib/$_pkgreal \ > + --sbin-path=3D/usr/sbin/$_pkgreal \ > + --modules-path=3D/$_module_dir \ > + --conf-path=3D/etc/$_pkgreal/$_pkgreal.conf \ > + --pid-path=3D/run/$_pkgreal/$_pkgreal.pid \ > + --lock-path=3D/run/$_pkgreal/$_pkgreal.lock \ > + --http-client-body-temp-path=3D/var/lib/$_pkgreal/tmp/client_body \ > + --http-proxy-temp-path=3D/var/lib/$_pkgreal/tmp/proxy \ > + --http-fastcgi-temp-path=3D/var/lib/$_pkgreal/tmp/fastcgi \ > + --http-uwsgi-temp-path=3D/var/lib/$_pkgreal/tmp/uwsgi \ > + --http-scgi-temp-path=3D/var/lib/$_pkgreal/tmp/scgi \ > + --with-perl_modules_path=3D/usr/lib/perl5/vendor_perl \ > + \ > + --user=3D$_pkgreal \ > + --group=3D$_pkgreal \ > + --with-threads \ > + --with-file-aio \ > + --with-ipv6 \ > + \ > + --with-http_ssl_module \ > + --with-http_v2_module \ > + --with-http_realip_module \ > + --with-http_addition_module \ > + --with-http_xslt_module=3Ddynamic \ > + --with-http_image_filter_module=3Ddynamic \ > + --with-http_geoip_module=3Ddynamic \ > + --with-http_sub_module \ > + --with-http_dav_module \ > + --with-http_flv_module \ > + --with-http_mp4_module \ > + --with-http_gunzip_module \ > + --with-http_gzip_static_module \ > + --with-http_auth_request_module \ > + --with-http_random_index_module \ > + --with-http_secure_link_module \ > + --with-http_slice_module \ > + --with-http_stub_status_module \ > + --with-http_perl_module=3Ddynamic \ > + --with-http_realip_module \ > + --with-mail=3Ddynamic \ > + --with-mail_ssl_module \ > + --with-stream=3Ddynamic \ > + --with-stream_ssl_module \ > + $_modcfg || return 1 > + make > +} > + > +package() { > + depends=3D"$_pkgreal" > + make -C "$builddir" DESTDIR=3D"$pkgdir" install || return 1 > + > + # Disable some PaX protections; this is needed for Lua module. > + local paxflags=3D"-m" > + [ "$CARCH" =3D "x86" ] && paxflags=3D"-msp" > + paxmark $paxflags "$pkgdir"/usr/sbin/nginx || return 1 > + > + install -Dm644 "$builddir"/LICENSE \ > + "$pkgdir"/usr/share/licenses/$_pkgreal/LICENSE || return 1 > + install -Dm644 "$builddir"/README \ > + "$pkgdir"/usr/share/doc/$_pkgreal/README || return 1 > + > + rm -rf "$pkgdir"/run "$pkgdir"/var "$pkgdir"/etc > +} > + > +doc() { > + default_doc || return 1 > + depends=3D"$_pkgreal-doc" > + replaces=3D"$_pkgreal-doc" > +} > + > +_module() { > + local name=3D${subpkgname#$pkgname-mod-} > + replaces=3D"$_pkgreal-mod-$name" > + provides=3D"$replaces-$pkgver-r$pkgrel" > + install_if=3D"$pkgname=3D$pkgver-r$pkgrel $replaces" > + name=3D${name//-/_} > + local soname=3D$(eval echo \${_so_$name:-ngx_${name}_module}.so) > + pkgdesc=3D"$pkgdesc (module $name)" > + depends=3D$(eval echo \${_${name}_depends:-$pkgname $replaces}) > + > + mkdir -p "$subpkgdir"/$_module_dir || return 1 > + > + mv "$pkgdir"/$_module_dir/$soname \ > + "$subpkgdir"/$_module_dir/$soname > +} > + > + > +_perl() { > + _module || return 1 > + mv "$pkgdir"/usr/lib/perl5 "$subpkgdir"/usr/lib/ > +} > + > +sha512sums=3D"b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa961= 8e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9 ngi= nx-1.11.10.tar.gz > +cae9f842c3d1188730d4355440476ad2338b19c027c4b329efe88d4487e90d96bf60dea6= feb4be6a6f96d4b356fc154345e32c2bb643d70f68e428df26330a49 ipv6.patch > +558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a= 8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 ngx_devel_kit-0.3= .0.tar.gz > +c455bee73cebd0752449472452d15614b9587ddd199263d366484ede890c4d108eacbbea= ef31adc9dc7732b56ef2bfc73c0fef3366366db03a8ec3fdc27a985c echo-nginx-module= -0.60.tar.gz > +ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4= dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1 ngx-fancyindex-0.= 4.1.tar.gz > +e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013= f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 headers-more-ngin= x-module-0.32.tar.gz > +d060a13de4d01d77e6d6cd1635ecbb405330e4326b71b89341c1c128ee4182978a51d533= 55bc07c350e3c3a7df15325e3df380d9c3a98b2ff7d7efa18fa09b32 lua-nginx-module-= 0.10.7.tar.gz > +14af65d57325afa961bc6606f2c938acff0206914248b8ca810293113fdab859c1db9c9a= bce9263b9da5c2371b299770682d9ec49fbf7a356da9fbfb3e15c3c7 nchan-1.1.2.tar.g= z > +c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f2= 8df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c nginx-upload-prog= ress-module-0.9.2.tar.gz > +e7c897265d1e93b06f7e46a653b113e24d2451e2112a7a6da415f130928437444a034683= 2fd9c10042397fea6120e4e44acc2bccf649ec30ca5bffbf985672e2 nginx-rtmp-module= -1.1.11.tar.gz > +9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889= d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0 naxsi-0.55.3.tar.= gz > +c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11e= cf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0db7e3 ngx_cache_purge-2= .3.0.1.tar.gz > +fd305b859c868ef55171b05f64071a2836c12073bcd89d6197af4946a3d1177f77c6708d= 4d589d460c84967273dee87ca9de97ab0f0d47e6d65f86b465d70316 nginx-upstream-fa= ir-0.1.1.tar.gz > +2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba= 79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e07e1 tengine-http-sysg= uard-2.2.0.tar.gz > +2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229= d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce sysguard.patch" > diff --git a/testing/nginx-naxsi/ipv6.patch b/testing/nginx-current/ipv6.= patch > similarity index 100% > rename from testing/nginx-naxsi/ipv6.patch > rename to testing/nginx-current/ipv6.patch > diff --git a/testing/nginx-naxsi/sysguard.patch b/testing/nginx-current/s= ysguard.patch > similarity index 100% > rename from testing/nginx-naxsi/sysguard.patch > rename to testing/nginx-current/sysguard.patch > diff --git a/testing/nginx-naxsi/APKBUILD b/testing/nginx-naxsi/APKBUILD > deleted file mode 100644 > index c020427da8..0000000000 > --- a/testing/nginx-naxsi/APKBUILD > +++ /dev/null > @@ -1,204 +0,0 @@ > -# Maintainer: Stuart Cardall > -# Contributor: Cameron Banta > -# Contributor: Jeff Bilyk > -# Contributor: Bart=C5=82omiej Piotrowski > - > -pkgname=3Dnginx-naxsi > -_pkgname=3Dnginx > -pkgver=3D1.11.9 > -pkgrel=3D0 > -pkgdesc=3D"Lightweight HTTP and reverse proxy server with Naxsi WAF supp= ort, see also 'nxapi'" > -url=3D"http://www.nginx.org | https://github.com/nbs-system/naxsi" > -arch=3D"all" > -license=3D"custom" > - > -# Modules > -_ngx_naxsi_name=3Dnaxsi > -_ngx_naxsi_ver=3D0.55.1 > -_ngx_naxsi_dir=3D"$srcdir/$_ngx_naxsi_name-$_ngx_naxsi_ver/naxsi_src" > - > -_ngx_cache_purge_name=3Dngx_cache_purge > -_ngx_cache_purge_ver=3D2.3.0.1 > -_ngx_cache_purge_dir=3D"$srcdir/$_ngx_cache_purge_name-$_ngx_cache_purge= _ver" > - > -_ngx_upstream_fair_name=3Dnginx-upstream-fair > -_ngx_upstream_fair_ver=3D0.1.1 > -_ngx_upstream_fair_dir=3D"$srcdir/$_ngx_upstream_fair_name-$_ngx_upstrea= m_fair_ver" > - > -_ngx_http_sysguard_name=3Dtengine-http-sysguard > -_ngx_http_sysguard_ver=3D2.2.0 > -_ngx_http_sysguard_dir=3D"$srcdir/$_ngx_http_sysguard_name-$_ngx_http_sy= sguard_ver" > - > -depends=3D"!nginx" > -makedepends=3D"linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev li= bressl-dev > - pcre-dev perl-dev pkgconf zlib-dev" > -pkgusers=3D"nginx" > -_grp_ngx=3D"nginx" > -_grp_www=3D"www-data" > -pkggroups=3D"$_grp_ngx $_grp_www" > -install=3D"$pkgname.pre-install $pkgname.pre-upgrade" > -subpackages=3D"$pkgname-doc" > -source=3D"http://nginx.org/download/$_pkgname-$pkgver.tar.gz > - naxsi-$_ngx_naxsi_ver.tar.gz::https://github.com/nbs-system/$_ngx_naxsi= _name/archive/$_ngx_naxsi_ver.tar.gz > - ngx_cache_purge-$_ngx_cache_purge_ver.tar.gz::https://github.com/itoffs= hore/$_ngx_cache_purge_name/archive/v$_ngx_cache_purge_ver.tar.gz > - upstream-fair-$_ngx_upstream_fair_ver.tar.gz::https://github.com/itoffs= hore/$_ngx_upstream_fair_name/archive/v$_ngx_upstream_fair_ver.tar.gz > - sysguard-$_ngx_http_sysguard_ver.tar.gz::https://github.com/itoffshore/= $_ngx_http_sysguard_name/archive/v$_ngx_http_sysguard_ver.tar.gz > - > - anonymise.patch > - ipv6.patch > - sysguard.patch > - > - nginx.initd > - nginx.logrotate > - " > -builddir=3D"$srcdir"/$_pkgname-$pkgver > - > -_modules_dir=3D"usr/lib/nginx/modules" > -_modules=3D" > - http-geoip > - http-image-filter > - http-perl > - http-xslt-filter > - mail > - stream > - http-naxsi > - http-cache-purge > - http-upstream-fair > - http-sysguard > - " > - > -for _m in $_modules; do > - subpackages=3D"$subpackages $pkgname-mod-$_m:_module" > -done > - > - > -build() { > - cd "$builddir" > - ./configure \ > - --prefix=3D/var/lib/$_pkgname \ > - --sbin-path=3D/usr/sbin/$_pkgname \ > - --modules-path=3D/$_modules_dir \ > - --conf-path=3D/etc/$_pkgname/$_pkgname.conf \ > - --pid-path=3D/run/$_pkgname/$_pkgname.pid \ > - --lock-path=3D/run/$_pkgname/$_pkgname.lock \ > - --error-log-path=3D/var/log/$_pkgname/error.log \ > - --http-log-path=3D/var/log/$_pkgname/access.log \ > - --http-client-body-temp-path=3D/var/lib/$_pkgname/tmp/client_body \ > - --http-proxy-temp-path=3D/var/lib/$_pkgname/tmp/proxy \ > - --http-fastcgi-temp-path=3D/var/lib/$_pkgname/tmp/fastcgi \ > - --with-perl_modules_path=3D/usr/lib/perl5/vendor_perl \ > - \ > - --user=3D$pkgusers \ > - --group=3D$_grp_ngx \ > - --with-threads \ > - --with-file-aio \ > - --without-http_uwsgi_module \ > - --without-http_scgi_module \ > - \ > - --with-http_ssl_module \ > - --with-http_v2_module \ > - --with-http_realip_module \ > - --with-http_addition_module \ > - --with-http_sub_module \ > - --with-http_dav_module \ > - --with-http_flv_module \ > - --with-http_mp4_module \ > - --with-http_gunzip_module \ > - --with-http_gzip_static_module \ > - --with-http_auth_request_module \ > - --with-http_random_index_module \ > - --with-http_secure_link_module \ > - --with-http_slice_module \ > - --with-http_stub_status_module \ > - --with-http_realip_module \ > - --with-http_xslt_module=3Ddynamic \ > - --with-http_image_filter_module=3Ddynamic \ > - --with-http_geoip_module=3Ddynamic \ > - --with-http_perl_module=3Ddynamic \ > - --with-mail=3Ddynamic \ > - --with-mail_ssl_module \ > - --with-stream=3Ddynamic \ > - --with-stream_ssl_module \ > - \ > - --add-dynamic-module=3D"$_ngx_naxsi_dir" \ > - --add-dynamic-module=3D"$_ngx_cache_purge_dir" \ > - --add-dynamic-module=3D"$_ngx_upstream_fair_dir" \ > - --add-dynamic-module=3D"$_ngx_http_sysguard_dir" \ > - || return 1 > - make || return 1 > -} > - > -package() { > - cd "$builddir" > - > - make DESTDIR=3D"$pkgdir" install > - > - install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE > - install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README > - > - cd "$pkgdir" > - > - install -Dm644 "$srcdir"/nginx.conf ./etc/$_pkgname/nginx.conf > - install -Dm644 "$srcdir"/default.conf ./etc/$_pkgname/conf.d/default.co= nf > - install -m755 -D "$srcdir"/$_pkgname.initd ./etc/init.d/$_pkgname > - install -m644 -D "$srcdir"/$_pkgname.logrotate ./etc/logrotate.d/$_pkgn= ame > - install -m644 -D "$srcdir"/naxsi-$_ngx_naxsi_ver/naxsi_config/naxsi_cor= e.rules ./etc/nginx/naxsi_core.rules > - > - install -dm755 ./etc/$_pkgname/modules > - install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname > - install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname/tmp > - > - ln -sf /$_modules_dir ./var/lib/$_pkgname/modules > - ln -sf /var/log/$_pkgname ./var/lib/$_pkgname/logs > - ln -sf /run/$_pkgname ./var/lib/$_pkgname/run > - > - rm -rf ./run ./etc/$_pkgname/*.default > -} > - > -_module() { > - local name=3D"${subpkgname#$pkgname-mod-}" > - name=3D"${name//-/_}" > - soname=3D"ngx_${name}_module.so" > - > - pkgdesc=3D"$pkgdesc (module $name)" > - depends=3D"!nginx-mod-$name" > - provides=3D"$name" > - > - mkdir -p "$subpkgdir"/$_modules_dir > - cd "$subpkgdir" > - > - mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname || return 1 > - mkdir -p "$subpkgdir"/etc/nginx/modules > - echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.con= f > -} > - > -md5sums=3D"7aeca793819c2b8df134c0b1cfe98361 nginx-1.11.9.tar.gz > -b894ea5327a3d102a56aeddb79d2e047 naxsi-0.55.1.tar.gz > -dedef1e47a26500993a88c96112d5d0f ngx_cache_purge-2.3.0.1.tar.gz > -233861df4dc0872f727fc4c7e5c72dca upstream-fair-0.1.1.tar.gz > -3a72f075bb114f1a97976c088a81c7f7 sysguard-2.2.0.tar.gz > -31d29937da95b31714faa399aeb07407 anonymise.patch > -f478d8391dafa32a8b0b3a9f21d7a080 ipv6.patch > -50357b75049d878c0bcce10d0c60f9ed sysguard.patch > -2e56b3f21f19aecc5500c9efc9222782 nginx.initd > -8823274a834332d3db4f62bf7dd1fb7d nginx.logrotate" > -sha256sums=3D"dc22b71f16b551705930544dc042f1ad1af2f9715f565187ec22c7a4b2= 625748 nginx-1.11.9.tar.gz > -45dd0df7a6b0b6aa9c64eb8c39a8e294d659d87fb18e192cf58f1402f3cdb0a8 naxsi-= 0.55.1.tar.gz > -5da9360cd805a432ea7a08832ec3dd3a5d9f1574f71b3acdd53210610aee94e5 ngx_ca= che_purge-2.3.0.1.tar.gz > -e8aec578f03259c6f457575360f70d57aea385a1864562b0ba6e57d6a75d52c7 upstre= am-fair-0.1.1.tar.gz > -6051eb52361d602011b4c7e88b63384bcc8ebc4b004bd4b12eec3e5dce953f1d sysgua= rd-2.2.0.tar.gz > -28adf3605875197d5822fa382f5fd3c9c80f7d3a561e904fee223fa051f98810 anonym= ise.patch > -4a1a24a92657432012f08c52e8099c7abae390c9c4cb76483cacd012e26a57ac ipv6.p= atch > -18090329435c32d91621a5943acc5b8bbe89aaa3c2fa334c3a4cdeb00efb6226 sysgua= rd.patch > -decb084e29b584fb54b57a199f5a480dd77a4c1b3ef3da515c2eb76bd32172c5 nginx.= initd > -cea0c6f8de55a4c3a3eccc57910de1c3116634082c8e5b660630fb927a29f38d nginx.= logrotate" > -sha512sums=3D"95247d5db3e23a0ea22686cc3fe4295f8854948a6f168a783082fdbb2a= cbecdad61cd9c8cadd84c1f74c1e87becdca8d6664622ff9cebc72687f20b29cc09fd0 ngi= nx-1.11.9.tar.gz > -aebda20e5b78e9111b7bac1e15829258e6b85b80e4ce333e4dba8caead36287b3f0fcb45= 3c51d7c59f07d637fa62f5c6b23aecd3bf6a3c3da4abebf1a6689f14 naxsi-0.55.1.tar.= gz > -c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11e= cf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0db7e3 ngx_cache_purge-2= .3.0.1.tar.gz > -fd305b859c868ef55171b05f64071a2836c12073bcd89d6197af4946a3d1177f77c6708d= 4d589d460c84967273dee87ca9de97ab0f0d47e6d65f86b465d70316 upstream-fair-0.1= .1.tar.gz > -2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba= 79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e07e1 sysguard-2.2.0.ta= r.gz > -f8e46dafcf553edd35699dc2a47a54756e0a4c690fc13f81436ad9db1026739ba331ad99= d3d05d8a7c089a5c067bf45f4aca3a98fdd9483b7b0123a837e695be anonymise.patch > -cae9f842c3d1188730d4355440476ad2338b19c027c4b329efe88d4487e90d96bf60dea6= feb4be6a6f96d4b356fc154345e32c2bb643d70f68e428df26330a49 ipv6.patch > -2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229= d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce sysguard.patch > -6c27d605536a31159b65776098926ede0b5045210b190e803681a10c06a10556283d873e= 772fd635642b18846549ec3a18989ca9fe6466f120ce9e1327dcacd5 nginx.initd > -01b77cff16f6e8bfd7fa1d4d20f625bbcddd08f0509173452d060c342c93dc315a7b0560= f4734323a5d29ea294de0491f2e3f32e5337574e1a28ebc005eceea8 nginx.logrotate" > diff --git a/testing/nginx-naxsi/anonymise.patch b/testing/nginx-naxsi/an= onymise.patch > deleted file mode 100644 > index 17bca99b51..0000000000 > --- a/testing/nginx-naxsi/anonymise.patch > +++ /dev/null > @@ -1,76 +0,0 @@ > ---- nginx-1.6.1/src/http/ngx_http_header_filter_module.c > -+++ nginx-1.6.1/src/http/ngx_http_header_filter_module.c > -@@ -46,8 +46,8 @@ > - }; > - > - > --static char ngx_http_server_string[] =3D "Server: nginx" CRLF; > --static char ngx_http_server_full_string[] =3D "Server: " NGINX_VER CRLF= ; > -+static char ngx_http_server_string[] =3D ""; > -+static char ngx_http_server_full_string[] =3D ""; > - > - > - static ngx_str_t ngx_http_status_lines[] =3D { > -@@ -278,8 +278,8 @@ > - clcf =3D ngx_http_get_module_loc_conf(r, ngx_http_core_module); > - > - if (r->headers_out.server =3D=3D NULL) { > -- len +=3D clcf->server_tokens ? sizeof(ngx_http_server_full_stri= ng) - 1: > -- sizeof(ngx_http_server_string) - 1= ; > -+ len +=3D clcf->server_tokens ? sizeof(ngx_http_server_full_stri= ng) - 0: > -+ sizeof(ngx_http_server_string) - 0= ; > - } > - > - if (r->headers_out.date =3D=3D NULL) { > ---- nginx-1.6.1/src/http/ngx_http_special_response.c > -+++ nginx-1.6.1/src/http/ngx_http_special_response.c > -@@ -19,14 +19,14 @@ > - > - > - static u_char ngx_http_error_full_tail[] =3D > --"
" NGINX_VER "
" CRLF > -+"
127.0.0.1
" CRLF > - "" CRLF > - "" CRLF > - ; > - > - > - static u_char ngx_http_error_tail[] =3D > --"
nginx
" CRLF > -+"
localhost
" CRLF > - "" CRLF > - "" CRLF > - ; > ---- nginx-1.9.12/src/http/v2/ngx_http_v2_filter_module.c > -+++ nginx-1.9.12/src/http/v2/ngx_http_v2_filter_module.c.new > -@@ -229,9 +229,9 @@ > - > - clcf =3D ngx_http_get_module_loc_conf(r, ngx_http_core_module); > - > -- if (r->headers_out.server =3D=3D NULL) { > -+/* if (r->headers_out.server =3D=3D NULL) { > - len +=3D 1 + (clcf->server_tokens ? nginx_ver_len : sizeof(ngin= x)); > -- } > -+ } */ > - > - if (r->headers_out.date =3D=3D NULL) { > - len +=3D 1 + ngx_http_v2_literal_size("Wed, 31 Dec 1986 18:00:0= 0 GMT"); > -@@ -434,7 +434,7 @@ > - pos =3D ngx_sprintf(pos, "%03ui", r->headers_out.status); > - } > - > -- if (r->headers_out.server =3D=3D NULL) { > -+/* if (r->headers_out.server =3D=3D NULL) { > - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0, > - "http2 output header: \"server: %s\"", > - clcf->server_tokens ? NGINX_VER : "nginx"); > -@@ -453,7 +453,7 @@ > - } else { > - pos =3D ngx_cpymem(pos, nginx, sizeof(nginx)); > - } > -- } > -+ } */ > - > - if (r->headers_out.date =3D=3D NULL) { > - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0, > - > diff --git a/testing/nginx-naxsi/default.conf b/testing/nginx-naxsi/defau= lt.conf > deleted file mode 100644 > index 9ae25d8fca..0000000000 > --- a/testing/nginx-naxsi/default.conf > +++ /dev/null > @@ -1,18 +0,0 @@ > -# This is a default site configuration which will simply return 404, pre= venting > -# chance access to any other virtualhost. > - > -server { > - listen 80 default_server; > - listen [::]:80 default_server; > - > - # Everything is a 404 > - location / { > - return 404; > - } > - > - # You may need this to prevent return 404 recursion. > - location =3D /404.html { > - internal; > - } > -} > - > diff --git a/testing/nginx-naxsi/nginx-naxsi.pre-install b/testing/nginx-= naxsi/nginx-naxsi.pre-install > deleted file mode 100644 > index 8512f43dda..0000000000 > --- a/testing/nginx-naxsi/nginx-naxsi.pre-install > +++ /dev/null > @@ -1,9 +0,0 @@ > -#!/bin/sh > - > -addgroup -S -g 82 www-data 2>/dev/null > -addgroup -S nginx 2>/dev/null > -adduser -S -D -H -h /var/www/localhost/htdocs -s /sbin/nologin -G nginx = \ > - -g nginx nginx 2>/dev/null > -addgroup nginx www-data 2>/dev/null > - > -exit 0 > diff --git a/testing/nginx-naxsi/nginx-naxsi.pre-upgrade b/testing/nginx-= naxsi/nginx-naxsi.pre-upgrade > deleted file mode 120000 > index 364e0b943c..0000000000 > --- a/testing/nginx-naxsi/nginx-naxsi.pre-upgrade > +++ /dev/null > @@ -1 +0,0 @@ > -nginx-naxsi.pre-install > \ No newline at end of file > diff --git a/testing/nginx-naxsi/nginx.conf b/testing/nginx-naxsi/nginx.c= onf > deleted file mode 100644 > index c637b92e32..0000000000 > --- a/testing/nginx-naxsi/nginx.conf > +++ /dev/null > @@ -1,92 +0,0 @@ > -# /etc/nginx/nginx.conf > - > -user nginx; > - > -# Set number of worker processes automatically based on number of CPU co= res. > -worker_processes auto; > - > -# Enables the use of JIT for regular expressions to speed-up their proce= ssing. > -pcre_jit on; > - > -# Configures default error logger. > -error_log /var/log/nginx/error.log warn; > - > -# Includes files with directives to load dynamic modules. > -include /etc/nginx/modules/*.conf; > - > - > -events { > - # The maximum number of simultaneous connections that can be opened by > - # a worker process. > - worker_connections 1024; > -} > - > -http { > - # Includes mapping of file name extensions to MIME types of responses > - # and defines the default type. > - include /etc/nginx/mime.types; > - default_type application/octet-stream; > - > - # Name servers used to resolve names of upstream servers into addresses= . > - # It's also needed when using tcpsocket and udpsocket in Lua modules. > - #resolver 208.67.222.222 208.67.220.220; > - > - # Don't tell nginx version to clients. > - server_tokens off; > - > - # Specifies the maximum accepted body size of a client request, as > - # indicated by the request header Content-Length. If the stated content > - # length is greater than this size, then the client receives the HTTP > - # error code 413. Set to 0 to disable. > - client_max_body_size 1m; > - > - # Timeout for keep-alive connections. Server will close connections aft= er > - # this time. > - keepalive_timeout 65; > - > - # Sendfile copies data between one FD and other from within the kernel, > - # which is more efficient than read() + write(). > - sendfile on; > - > - # Don't buffer data-sends (disable Nagle algorithm). > - # Good for sending frequent small bursts of data in real time. > - tcp_nodelay on; > - > - # Causes nginx to attempt to send its HTTP response head in one packet, > - # instead of using partial frames. > - #tcp_nopush on; > - > - > - # Path of the file with Diffie-Hellman parameters for EDH ciphers. > - #ssl_dhparam /etc/ssl/nginx/dh2048.pem; > - > - # Specifies that our cipher suits should be preferred over client ciphe= rs. > - ssl_prefer_server_ciphers on; > - > - # Enables a shared SSL cache with size that can hold around 8000 sessio= ns. > - ssl_session_cache shared:SSL:2m; > - > - > - # Enable gzipping of responses. > - #gzip on; > - > - # Set the Vary HTTP header as defined in the RFC 2616. > - gzip_vary on; > - > - # Enable checking the existence of precompressed files. > - #gzip_static on; > - > - > - # Specifies the main log format. > - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' > - '$status $body_bytes_sent "$http_referer" ' > - '"$http_user_agent" "$http_x_forwarded_for"'; > - > - # Sets the path, format, and configuration for a buffered log write. > - access_log /var/log/nginx/access.log main; > - > - > - # Includes virtual hosts configs. > - include /etc/nginx/conf.d/*.conf; > -} > - > diff --git a/testing/nginx-naxsi/nginx.initd b/testing/nginx-naxsi/nginx.= initd > deleted file mode 100644 > index 9e51e7dfa3..0000000000 > --- a/testing/nginx-naxsi/nginx.initd > +++ /dev/null > @@ -1,67 +0,0 @@ > -#!/sbin/openrc-run > - > -description=3D"Nginx http and reverse proxy server" > -extra_started_commands=3D"reload reopen upgrade" > - > -cfgfile=3D${cfgfile:-/etc/nginx/nginx.conf} > -pidfile=3D/run/nginx/nginx.pid > -command=3D/usr/sbin/nginx > -command_args=3D"-c $cfgfile" > -required_files=3D"$cfgfile" > - > -depend() { > - need net > - use dns logger netmount > -} > - > -start_pre() { > - ebegin > - checkpath --directory --owner nginx:nginx ${pidfile%/*} > - $command $command_args -t -q > - eend $? > -} > - > -reload() { > - ebegin "Reloading ${SVCNAME} configuration" > - start_pre && start-stop-daemon --signal HUP --pidfile $pidfile > - eend $? > -} > - > -reopen() { > - ebegin "Reopening ${SVCNAME} log files" > - start-stop-daemon --signal USR1 --pidfile $pidfile > - eend $? > -} > - > -upgrade() { > - start_pre || return 1 > - > - ebegin "Upgrading ${SVCNAME} binary" > - > - einfo "Sending USR2 to old binary" > - start-stop-daemon --signal USR2 --pidfile $pidfile > - > - einfo "Sleeping 3 seconds before pid-files checking" > - sleep 3 > - > - if [ ! -f $pidfile.oldbin ]; then > - eerror "File with old pid ($pidfile.oldbin) not found" > - return 1 > - fi > - > - if [ ! -f $pidfile ]; then > - eerror "New binary failed to start" > - return 1 > - fi > - > - einfo "Sleeping 3 seconds before WINCH" > - sleep 3 ; start-stop-daemon --signal 28 --pidfile $pidfile.oldbin > - > - einfo "Sending QUIT to old binary" > - start-stop-daemon --signal QUIT --pidfile $pidfile.oldbin > - > - einfo "Upgrade completed" > - > - eend $? "Upgrade failed" > -} > - > diff --git a/testing/nginx-naxsi/nginx.logrotate b/testing/nginx-naxsi/ng= inx.logrotate > deleted file mode 100644 > index 7778b1108b..0000000000 > --- a/testing/nginx-naxsi/nginx.logrotate > +++ /dev/null > @@ -1,12 +0,0 @@ > -# Copyright 1999-2010 Gentoo Foundation > -# Distributed under the terms of the GNU General Public License v2 > -# $Header: /var/cvsroot/gentoo-x86/www-servers/nginx/files/nginx.logrota= te,v 1.1 2010/01/03 20:29:40 djc Exp $ > - > -/var/log/nginx/*.log { > - missingok > - sharedscripts > - postrotate > - kill -USR1 `cat /var/run/nginx.pid` > - endscript > -} > - > > > --f403045e19c0f8f490054aec8bb3 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I just looked at nginx and nginx-naxsi AP= KBUILD and decided that they are similar and differ only in release (stable= and current).
But not payed attention to lua and paxmark.
Sorry.
=
I revoke this patch.
=
2017-03-17 14:28 GMT+02:00 Stuart Cardall <developer@it-offshore.co.uk>:
=20 =20 =20

I don't agree to the name change & adding lua / disabling the PaX memory protections.

I keep nginx-naxsi as light & secure as possible so it's harder to exploit. The memory protections help stop attacks & lower ram usage.

Valery - why don't y= ou create a completely new nginx-current ?

Stuart Cardall.


On 03/17/2017 11:31= AM, Valery Kartel wrote:
- upgrade to 1.11.10
- sync with /main/nginx APKBUILD
---
 testing/nginx-current/APKBUILD                     | 225 +++++++++++++++++=
++++
 testing/{nginx-naxsi =3D> nginx-current}/ipv6.patch  |   0
 .../{nginx-naxsi =3D> nginx-current}/sysguard.patch  |   0
 testing/nginx-naxsi/APKBUILD                       | 204 -----------------=
--
 testing/nginx-naxsi/anonymise.patch                |  76 -------
 testing/nginx-naxsi/default.conf                   |  18 --
 testing/nginx-naxsi/nginx-naxsi.pre-install        |   9 -
 testing/nginx-naxsi/nginx-naxsi.pre-upgrade        |   1 -
 testing/nginx-naxsi/nginx.conf                     |  92 ---------
 testing/nginx-naxsi/nginx.initd                    |  67 ------
 testing/nginx-naxsi/nginx.logrotate                |  12 --
 11 files changed, 225 insertions(+), 479 deletions(-)
 create mode 100644 testing/nginx-current/APKBUILD
 rename testing/{nginx-naxsi =3D> nginx-current}/ipv6.patch (100%)
 rename testing/{nginx-naxsi =3D> nginx-current}/sysguard.patch (100%)
 delete mode 100644 testing/nginx-naxsi/APKBUILD
 delete mode 100644 testing/nginx-naxsi/anonymise.patch
 delete mode 100644 testing/nginx-naxsi/default.conf
 delete mode 100644 testing/nginx-naxsi/nginx-naxsi.pre-install
 delete mode 120000 testing/nginx-naxsi/nginx-naxsi.pre-upgrade
 delete mode 100644 testing/nginx-naxsi/nginx.conf
 delete mode 100644 testing/nginx-naxsi/nginx.initd
 delete mode 100644 testing/nginx-naxsi/nginx.logrotate

diff --git a/testing/nginx-current/APKBUILD b/testing/nginx-current/APKBUILD
new file mode 100644
index 0000000000..383f6e48c1
--- /dev/null
+++ b/testing/nginx-current/APKBUILD
@@ -0,0 +1,225 @@
+# Maintainer: Stuart Cardall &l=
t;developer@it-offshore.co.uk>
+# Contributor: Cameron Banta <cbanta@gm=
ail.com>
+# Contributor: Jeff Bilyk <jbilyk@gmail=
.com>
+# Contributor: Bart=C5=82omiej Piotrowski <nospam@bpiotrowski.pl>
+# Contributor: Valery Kartel <va=
lery.kartel@gmail.com>
+
+pkgname=3Dnginx-current
+_pkgreal=3Dnginx
+pkgver=3D1.11.10
+pkgrel=3D0
+pkgdesc=3D"HTTP and reverse proxy server (current release)"
+url=3D"http://www.nginx.org/en"<=
/a>
+arch=3D"all"
+options=3D"!check"
+license=3D"custom"
+depends=3D""
+replaces=3D"$_pkgreal"
+provides=3D"$_pkgreal-$pkgver-r$pkgrel"
+[ "$CARCH" =3D "s390x" ] && _lua_dep=3D"l=
ua5.1-dev" || _lua_dep=3D"luajit-dev"
+makedepends=3D"linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev=
 $_lua_dep
+	libressl-dev paxmark pcre-dev perl-dev pkgconf zlib-dev"
+subpackages=3D"$pkgname-doc $pkgname-mod-http-perl:_perl"
+
+# Modules with external sources
+_dkmod=3Dngx_devel_kit
+_dkver=3D0.3.0
+_modsub=3D"$_modsub devel-kit:ndk_http_module"
+_modcfg=3D"$_modcfg --add-dynamic-module=3D${_dksrc:=3D$srcdir/$=
_dkmod-$_dkver}"
+_modsrc=3D"$_modsrc $_dkmod-$_dkver.tar.gz::https://github.com/simpl/$_dkm=
od/archive/v$_dkver.tar.gz"
+
+_ecmod=3Decho-nginx-module
+_ecver=3D0.60
+_modsub=3D"$_modsub http-echo"
+_modcfg=3D"$_modcfg --add-dynamic-module=3D${_ecsrc:=3D$srcdir/$=
_ecmod-$_ecver}"
+_modsrc=3D"$_modsrc $_ecmod-$_ecver.tar.gz::https://github.com/openres=
ty/$_ecmod/archive/v$_ecver.tar.gz"
+
+_fimod=3Dngx-fancyindex
+_fiver=3D0.4.1
+_modsub=3D"$_modsub http-fancyindex"
+_modcfg=3D"$_modcfg --add-dynamic-module=3D${_fisrc:=3D$srcdir/$=
_fimod-$_fiver}"
+_modsrc=3D"$_modsrc $_fimod-$_fiver.tar.gz::https://github.com/aperezdc=
/$_fimod/archive/v$_fiver.tar.gz"
+
+_hmmod=3Dheaders-more-nginx-module
+_hmver=3D0.32
+_modsub=3D"$_modsub http-headers-more:ngx_http_headers_more_filt=
er_module"
+_modcfg=3D"$_modcfg --add-dynamic-module=3D${_hmsrc:=3D$srcdir/$=
_hmmod-$_hmver}"
+_modsrc=3D"$_modsrc $_hmmod-$_hmver.tar.gz::https://github.com/openres=
ty/$_hmmod/archive/v$_hmver.tar.gz"
+
+_lumod=3Dlua-nginx-module
+_luver=3D0.10.7
+_modsub=3D"$_modsub http-lua"
+_modcfg=3D"$_modcfg --add-dynamic-module=3D${_lusrc:=3D$srcdir/$=
_lumod-$_luver}"
+_modsrc=3D"$_modsrc $_lumod-$_luver.tar.gz::https://github.com/openres=
ty/$_lumod/archive/v$_luver.tar.gz"
+_http_lua_depends=3D"$pkgname-mod-devel-kit"
+
+_ncmod=3Dnchan
+_ncver=3D1.1.2
+_modsub=3D"$_modsub http-nchan:ngx_nchan_module"
+_modcfg=3D"$_modcfg --add-dynamic-module=3D${_ncsrc:=3D$srcdir/$=
_ncmod-$_ncver}"
+_modsrc=3D"$_modsrc $_ncmod-$_ncver.tar.gz::https://github.com/slact/$_ncm=
od/archive/v$_ncver.tar.gz"
+
+_upmod=3Dnginx-upload-progress-module
+_upver=3D0.9.2
+_modsub=3D"$_modsub http-upload-progress:ngx_http_uploadprogress=
_module"
+_modcfg=3D"$_modcfg --add-dynamic-module=3D${_upsrc:=3D$srcdir/$=
_upmod-$_upver}"
+_modsrc=3D"$_modsrc $_upmod-$_upver.tar.gz::https://github.com/masterz=
en/$_upmod/archive/v$_upver.tar.gz"
+
+_rtmod=3Dnginx-rtmp-module
+_rtver=3D1.1.11
+_modsub=3D"$_modsub rtmp"
+_modcfg=3D"$_modcfg --add-dynamic-module=3D${_rtsrc:=3D$srcdir/$=
_rtmod-$_rtver}"
+_modsrc=3D"$_modsrc $_rtmod-$_rtver.tar.gz::https://github.com/arut/$_rtmod=
/archive/v$_rtver.tar.gz"
+
+_nxmod=3Dnaxsi
+_nxver=3D0.55.3
+_modsub=3D"$_modsub http-naxsi"
+_modcfg=3D"$_modcfg --add-dynamic-module=3D${_nxsrc:=3D$srcdir/$=
_nxmod-$_nxver/naxsi_src}"
+_modsrc=3D"$_modsrc $_nxmod-$_nxver.tar.gz::https://github.com/nbs-sys=
tem/$_nxmod/archive/$_nxver.tar.gz"
+
+_cpmod=3Dngx_cache_purge
+_cpver=3D2.3.0.1
+_modsub=3D"$_modsub http-cache-purge"
+_modcfg=3D"$_modcfg --add-dynamic-module=3D${_cpsrc:=3D$srcdir/$=
_cpmod-$_cpver}"
+_modsrc=3D"$_modsrc $_cpmod-$_cpver.tar.gz::https://github.com/itoffs=
hore/$_cpmod/archive/v$_cpver.tar.gz"
+
+_ufmod=3Dnginx-upstream-fair
+_ufver=3D0.1.1
+_modsub=3D"$_modsub http-upstream-fair"
+_modcfg=3D"$_modcfg --add-dynamic-module=3D${_ufsrc:=3D$srcdir/$=
_ufmod-$_ufver}"
+_modsrc=3D"$_modsrc $_ufmod-$_ufver.tar.gz::https://github.com/itoffs=
hore/$_ufmod/archive/v$_ufver.tar.gz"
+
+_sgmod=3Dtengine-http-sysguard
+_sgver=3D2.2.0
+_modsub=3D"$_modsub http-sysguard"
+_modcfg=3D"$_modcfg --add-dynamic-module=3D${_sgsrc:=3D$srcdir/$=
_sgmod-$_sgver}"
+_modsrc=3D"$_modsrc $_sgmod-$_sgver.tar.gz::https://github.com/itoffs=
hore/$_sgmod/archive/v$_sgver.tar.gz
+	sysguard.patch"
+
+source=3D"http://nginx.org/download/$_pkgreal-$pkgver.=
tar.gz
+	ipv6.patch
+	$_modsrc
+	"
+
+_module_dir=3Dusr/lib/$_pkgreal
+for _module in http-geoip http-image-filter http-xslt-filter mail stream $=
_modsub; do
+	_modvar=3D${_module//-/_}
+	[ -z "${_module##*:*}" ] && eval _so_${_modvar%:*}=3D${=
_module#*:}
+	subpackages=3D"$subpackages $pkgname-mod-${_module%:*}:_module&=
quot;
+done
+
+builddir=3D"$srcdir/$_pkgreal-$pkgver"
+
+build() {
+	cd "$builddir"
+
+	export LUAJIT_LIB=3D"$(pkgconf --variable=3Dlibdir luajit)"
+	export LUAJIT_INC=3D"$(pkgconf --variable=3Dincludedir luajit)"
+	./configure \
+		--prefix=3D/var/lib/$_pkgreal \
+		--sbin-path=3D/usr/sbin/$_pkgreal \
+		--modules-path=3D/$_module_dir \
+		--conf-path=3D/etc/$_pkgreal/$_pkgreal.conf \
+		--pid-path=3D/run/$_pkgreal/$_pkgreal.pid \
+		--lock-path=3D/run/$_pkgreal/$_pkgreal.lock \
+		--http-client-body-temp-path=3D/var/lib/$_pkgreal/tmp/client_b=
ody \
+		--http-proxy-temp-path=3D/var/lib/$_pkgreal/tmp/proxy \
+		--http-fastcgi-temp-path=3D/var/lib/$_pkgreal/tmp/fastcgi \
+		--http-uwsgi-temp-path=3D/var/lib/$_pkgreal/tmp/uwsgi \
+		--http-scgi-temp-path=3D/var/lib/$_pkgreal/tmp/scgi \
+		--with-perl_modules_path=3D/usr/lib/perl5/vendor_perl \
+		\
+		--user=3D$_pkgreal \
+		--group=3D$_pkgreal \
+		--with-threads \
+		--with-file-aio \
+		--with-ipv6 \
+		\
+		--with-http_ssl_module \
+		--with-http_v2_module \
+		--with-http_realip_module \
+		--with-http_addition_module \
+		--with-http_xslt_module=3Ddynamic \
+		--with-http_image_filter_module=3Ddynamic \
+		--with-http_geoip_module=3Ddynamic \
+		--with-http_sub_module \
+		--with-http_dav_module \
+		--with-http_flv_module \
+		--with-http_mp4_module \
+		--with-http_gunzip_module \
+		--with-http_gzip_static_module \
+		--with-http_auth_request_module \
+		--with-http_random_index_module \
+		--with-http_secure_link_module \
+		--with-http_slice_module \
+		--with-http_stub_status_module \
+		--with-http_perl_module=3Ddynamic \
+		--with-http_realip_module \
+		--with-mail=3Ddynamic \
+		--with-mail_ssl_module \
+		--with-stream=3Ddynamic \
+		--with-stream_ssl_module \
+		$_modcfg || return 1
+	make
+}
+
+package() {
+	depends=3D"$_pkgreal"
+	make -C "$builddir" DESTDIR=3D"$pkgdir" install || re=
turn 1
+
+	# Disable some PaX protections; this is needed for Lua module.
+	local paxflags=3D"-m"
+	[ "$CARCH" =3D "x86" ] && paxflags=3D"-m=
sp"
+	paxmark $paxflags "$pkgdir"/usr/sbin/nginx || return 1
+
+	install -Dm644 "$builddir"/LICENSE \
+		"$pkgdir"/usr/share/licenses/$_pkgreal/LICENSE || return =
1
+	install -Dm644 "$builddir"/README \
+		"$pkgdir"/usr/share/doc/$_pkgreal/README || return 1
+
+	rm -rf "$pkgdir"/run "$pkgdir"/var "$pkgdir"=
;/etc
+}
+
+doc() {
+	default_doc || return 1
+	depends=3D"$_pkgreal-doc"
+	replaces=3D"$_pkgreal-doc"
+}
+
+_module() {
+	local name=3D${subpkgname#$pkgname-mod-}
+	replaces=3D"$_pkgreal-mod-$name"
+	provides=3D"$replaces-$pkgver-r$pkgrel"
+	install_if=3D"$pkgname=3D$pkgver-r$pkgrel $replaces"
+	name=3D${name//-/_}
+	local soname=3D$(eval echo \${_so_$name:-ngx_${name}_module}.so)
+	pkgdesc=3D"$pkgdesc (module $name)"
+	depends=3D$(eval echo \${_${name}_depends:-$pkgname $replaces})
+
+	mkdir -p "$subpkgdir"/$_module_dir || return 1
+
+	mv "$pkgdir"/$_module_dir/$soname \
+		"$subpkgdir"/$_module_dir/$soname
+}
+
+
+_perl() {
+	_module || return 1
+	mv "$pkgdir"/usr/lib/perl5 "$subpkgdir"/usr/lib/
+}
+
+sha512sums=3D"b6437d8305547a834a0f3ad076ac591b90189eb922f48=
759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7b=
acd35224c34df1bbc9  nginx-1.11.10.tar.gz
+cae9f842c3d1188730d4355440476ad2338b19c027c4b329efe88d4487e90d96bf60dea6feb4be6a6f96d4b356fc154345e32c2bb643d70f68e428df2633=
0a49  ipv6.patch
+558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7=
d614  ngx_devel_kit-0.3.0.tar.gz
+c455bee73cebd0752449472452d15614b9587ddd199263d366484ede890c4d108eacbbeaef31adc9dc7732b56ef2bfc73c0fef3366366db03a8ec3fdc27a=
985c  echo-nginx-module-0.60.tar.gz
+ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73b=
ffe1  ngx-fancyindex-0.4.1.tar.gz
+e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad38=
2bd1  headers-more-nginx-module-0.32.tar.gz
+d060a13de4d01d77e6d6cd1635ecbb405330e4326b71b89341c1c128ee4182978a51d53355bc07c350e3c3a7df15325e3df380d9c3a98b2ff7d7efa18fa0=
9b32  lua-nginx-module-0.10.7.tar.gz
+14af65d57325afa961bc6606f2c938acff0206914248b8ca810293113fdab859c1db9c9abce9263b9da5c2371b299770682d9ec49fbf7a356da9fbfb3e15=
c3c7  nchan-1.1.2.tar.gz
+c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd=
9d8c  nginx-upload-progress-module-0.9.2.tar.gz
+e7c897265d1e93b06f7e46a653b113e24d2451e2112a7a6da415f130928437444a0346832fd9c10042397fea6120e4e44acc2bccf649ec30ca5bffbf9856=
72e2  nginx-rtmp-module-1.1.11.tar.gz
+9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59=
c8a0  naxsi-0.55.3.tar.gz
+c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11ecf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0d=
b7e3  ngx_cache_purge-2.3.0.1.tar.gz
+fd305b859c868ef55171b05f64071a2836c12073bcd89d6197af4946a3d1177f77c6708d4d589d460c84967273dee87ca9de97ab0f0d47e6d65f86b465d7=
0316  nginx-upstream-fair-0.1.1.tar.gz
+2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e=
07e1  tengine-http-sysguard-2.2.0.tar.gz
+2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231=
ddce  sysguard.patch"
diff --git a/testing/nginx-naxsi/ipv6.patch b/testing/nginx-current/ip=
v6.patch
similarity index 100%
rename from testing/nginx-naxsi/ipv6.patch
rename to testing/nginx-current/ipv6.patch
diff --git a/testing/nginx-naxsi/sysguard.patch b/testing/nginx-curren=
t/sysguard.patch
similarity index 100%
rename from testing/nginx-naxsi/sysguard.patch
rename to testing/nginx-current/sysguard.patch
diff --git a/testing/nginx-naxsi/APKBUILD b/testing/nginx-naxsi/APKBUILD
deleted file mode 100644
index c020427da8..0000000000
--- a/testing/nginx-naxsi/APKBUILD
+++ /dev/null
@@ -1,204 +0,0 @@
-# Maintainer: Stuart Cardall &l=
t;developer@it-offshore.co.uk>
-# Contributor: Cameron Banta <cbanta@gm=
ail.com>
-# Contributor: Jeff Bilyk <jbilyk@gmail=
.com>
-# Contributor: Bart=C5=82omiej Piotrowski <nospam@bpiotrowski.pl>
-
-pkgname=3Dnginx-naxsi
-_pkgname=3Dnginx
-pkgver=3D1.11.9
-pkgrel=3D0
-pkgdesc=3D"Lightweight HTTP and reverse proxy server with Naxsi WAF s=
upport, see also 'nxapi'"
-url=3D&=
quot;http://www.nginx.org | https://github.com/nbs-system/naxsi"<=
/a>
-arch=3D"all"
-license=3D"custom"
-
-# Modules
-_ngx_naxsi_name=3Dnaxsi
-_ngx_naxsi_ver=3D0.55.1
-_ngx_naxsi_dir=3D"$srcdir/$_ngx_naxsi_name-$_ngx_naxsi_ver/=
naxsi_src"
-
-_ngx_cache_purge_name=3Dngx_cache_purge
-_ngx_cache_purge_ver=3D2.3.0.1
-_ngx_cache_purge_dir=3D"$srcdir/$_ngx_cache_purge_name-$_ng=
x_cache_purge_ver"
-
-_ngx_upstream_fair_name=3Dnginx-upstream-fair
-_ngx_upstream_fair_ver=3D0.1.1
-_ngx_upstream_fair_dir=3D"$srcdir/$_ngx_upstream_fair_name-=
$_ngx_upstream_fair_ver"
-
-_ngx_http_sysguard_name=3Dtengine-http-sysguard
-_ngx_http_sysguard_ver=3D2.2.0
-_ngx_http_sysguard_dir=3D"$srcdir/$_ngx_http_sysguard_name-=
$_ngx_http_sysguard_ver"
-
-depends=3D"!nginx"
-makedepends=3D"linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev=
 libressl-dev
-	pcre-dev perl-dev pkgconf zlib-dev"
-pkgusers=3D"nginx"
-_grp_ngx=3D"nginx"
-_grp_www=3D"www-data"
-pkggroups=3D"$_grp_ngx $_grp_www"
-install=3D"$pkgname.pre-install $pkgname.pre-upgrade"
-subpackages=3D"$pkgname-doc"
-source=3D"http:=
//nginx.org/download/$_pkgname-$pkgver.tar.gz
-	naxsi-$_ngx_naxsi_ver.tar.gz::https://github.com/nbs-system/$_n=
gx_naxsi_name/archive/$_ngx_naxsi_ver.tar.gz
-	ngx_cache_purge-$_ngx_cache_purge_ver.tar.gz::https://github.co=
m/itoffshore/$_ngx_cache_purge_name/archive/v$_ngx_cache_purge_ve=
r.tar.gz
-	upstream-fair-$_ngx_upstream_fair_ver.tar.gz::https://github.co=
m/itoffshore/$_ngx_upstream_fair_name/archive/v$_ngx_upstream_fai=
r_ver.tar.gz
-	sysguard-$_ngx_http_sysguard_ver.tar.gz::https://github.com/ito=
ffshore/$_ngx_http_sysguard_name/archive/v$_ngx_http_sysguard_ver=
.tar.gz
-
-	anonymise.patch
-	ipv6.patch
-	sysguard.patch
-
-	nginx.initd
-	nginx.logrotate
-	"
-builddir=3D"$srcdir"/$_pkgname-$pkgver
-
-_modules_dir=3D"usr/lib/nginx/modules"
-_modules=3D"
-	http-geoip
-	http-image-filter
-	http-perl
-	http-xslt-filter
-	mail
-	stream
-	http-naxsi
-	http-cache-purge
-	http-upstream-fair
-	http-sysguard
-	"
-
-for _m in $_modules; do
-	subpackages=3D"$subpackages $pkgname-mod-$_m:_module"
-done
-
-
-build() {
-	cd "$builddir"
-	./configure \
-		--prefix=3D/var/lib/$_pkgname \
-		--sbin-path=3D/usr/sbin/$_pkgname \
-		--modules-path=3D/$_modules_dir \
-		--conf-path=3D/etc/$_pkgname/$_pkgname.conf \
-		--pid-path=3D/run/$_pkgname/$_pkgname.pid \
-		--lock-path=3D/run/$_pkgname/$_pkgname.lock \
-		--error-log-path=3D/var/log/$_pkgname/error.log \
-		--http-log-path=3D/var/log/$_pkgname/access.log \
-		--http-client-body-temp-path=3D/var/lib/$_pkgname/tmp/client_b=
ody \
-		--http-proxy-temp-path=3D/var/lib/$_pkgname/tmp/proxy \
-		--http-fastcgi-temp-path=3D/var/lib/$_pkgname/tmp/fastcgi \
-		--with-perl_modules_path=3D/usr/lib/perl5/vendor_perl \
-		\
-		--user=3D$pkgusers \
-		--group=3D$_grp_ngx \
-		--with-threads \
-		--with-file-aio \
-		--without-http_uwsgi_module \
-		--without-http_scgi_module \
-		\
-		--with-http_ssl_module \
-		--with-http_v2_module \
-		--with-http_realip_module \
-		--with-http_addition_module \
-		--with-http_sub_module \
-		--with-http_dav_module \
-		--with-http_flv_module \
-		--with-http_mp4_module \
-		--with-http_gunzip_module \
-		--with-http_gzip_static_module \
-		--with-http_auth_request_module \
-		--with-http_random_index_module \
-		--with-http_secure_link_module \
-		--with-http_slice_module \
-		--with-http_stub_status_module \
-		--with-http_realip_module \
-		--with-http_xslt_module=3Ddynamic \
-		--with-http_image_filter_module=3Ddynamic \
-		--with-http_geoip_module=3Ddynamic \
-		--with-http_perl_module=3Ddynamic \
-		--with-mail=3Ddynamic \
-		--with-mail_ssl_module \
-		--with-stream=3Ddynamic \
-		--with-stream_ssl_module \
-		\
-		--add-dynamic-module=3D"$_ngx_naxsi_dir" \
-		--add-dynamic-module=3D"$_ngx_cache_purge_dir" \
-		--add-dynamic-module=3D"$_ngx_upstream_fair_dir" \
-		--add-dynamic-module=3D"$_ngx_http_sysguard_dir" \
-		|| return 1
-	make || return 1
-}
-
-package() {
-	cd "$builddir"
-
-	make DESTDIR=3D"$pkgdir" install
-
-	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgna=
me/LICENSE
-	install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/REA=
DME
-
-	cd "$pkgdir"
-
-	install -Dm644 "$srcdir"/nginx.conf ./etc/$_pkgname/nginx.conf
-	install -Dm644 "$srcdir"/default.conf ./etc/$_pkgname/conf.d/default.conf
-	install -m755 -D "$srcdir"/$_pkgname.initd ./etc/init.d/$_pkgna=
me
-	install -m644 -D "$srcdir"/$_pkgname.logrotate ./etc/logrotate.=
d/$_pkgname
-	install -m644 -D "$srcdir"/naxsi-$_ngx_naxsi_ver/naxsi_con=
fig/naxsi_core.rules ./etc/nginx/naxsi_core.rules
-
-	install -dm755 ./etc/$_pkgname/modules
-	install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname
-	install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname/tmp
-
-	ln -sf /$_modules_dir ./var/lib/$_pkgname/modules
-	ln -sf /var/log/$_pkgname ./var/lib/$_pkgname/logs
-	ln -sf /run/$_pkgname ./var/lib/$_pkgname/run
-
-	rm -rf ./run ./etc/$_pkgname/*.default
-}
-
-_module() {
-	local name=3D"${subpkgname#$pkgname-mod-}"
-	name=3D"${name//-/_}"
-	soname=3D"ngx_${name}_module.so"
-
-	pkgdesc=3D"$pkgdesc (module $name)"
-	depends=3D"!nginx-mod-$name"
-	provides=3D"$name"
-
-	mkdir -p "$subpkgdir"/$_modules_dir
-	cd "$subpkgdir"
-
-	mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname=
 || return 1
-	mkdir -p "$subpkgdir"/etc/nginx/modules
-	echo "load_module \"modules/$soname\";" > ./etc/ng=
inx/modules/$name.conf
-}
-
-md5sums=3D"7aeca793819c2b8df134c0b1cfe98361  nginx-1.11.9.t=
ar.gz
-b894ea5327a3d102a56aeddb79d2e047  naxsi-0.55.1.tar.gz
-dedef1e47a26500993a88c96112d5d0f  ngx_cache_purge-2.3.0.1.tar.gz
-233861df4dc0872f727fc4c7e5c72dca  upstream-fair-0.1.1.tar.gz
-3a72f075bb114f1a97976c088a81c7f7  sysguard-2.2.0.tar.gz
-31d29937da95b31714faa399aeb07407  anonymise.patch
-f478d8391dafa32a8b0b3a9f21d7a080  ipv6.patch
-50357b75049d878c0bcce10d0c60f9ed  sysguard.patch
-2e56b3f21f19aecc5500c9efc9222782  nginx.initd
-8823274a834332d3db4f62bf7dd1fb7d  nginx.logrotate"
-sha256sums=3D"dc22b71f16b551705930544dc042f1ad1af2f9715f565=
187ec22c7a4b2625748  nginx-1.11.9.tar.gz
-45dd0df7a6b0b6aa9c64eb8c39a8e294d659d87fb18e192cf58f1402f3cdb0a8  naxsi-0.55.1.tar.gz
-5da9360cd805a432ea7a08832ec3dd3a5d9f1574f71b3acdd53210610aee94e5  ngx_cache_purge-2.3.0.1.tar.gz
-e8aec578f03259c6f457575360f70d57aea385a1864562b0ba6e57d6a75d52c7  upstream-fair-0.1.1.tar.gz
-6051eb52361d602011b4c7e88b63384bcc8ebc4b004bd4b12eec3e5dce953f1d  sysguard-2.2.0.tar.gz
-28adf3605875197d5822fa382f5fd3c9c80f7d3a561e904fee223fa051f98810  anonymise.patch
-4a1a24a92657432012f08c52e8099c7abae390c9c4cb76483cacd012e26a57ac  ipv6.patch
-18090329435c32d91621a5943acc5b8bbe89aaa3c2fa334c3a4cdeb00efb6226  sysguard.patch
-decb084e29b584fb54b57a199f5a480dd77a4c1b3ef3da515c2eb76bd32172c5  nginx.initd
-cea0c6f8de55a4c3a3eccc57910de1c3116634082c8e5b660630fb927a29f38d  nginx.logrotate"
-sha512sums=3D"95247d5db3e23a0ea22686cc3fe4295f8854948a6f168=
a783082fdbb2acbecdad61cd9c8cadd84c1f74c1e87becdca8d6664622ff9cebc=
72687f20b29cc09fd0  nginx-1.11.9.tar.gz
-aebda20e5b78e9111b7bac1e15829258e6b85b80e4ce333e4dba8caead36287b3f0fcb453c51d7c59f07d637fa62f5c6b23aecd3bf6a3c3da4abebf1a668=
9f14  naxsi-0.55.1.tar.gz
-c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11ecf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0d=
b7e3  ngx_cache_purge-2.3.0.1.tar.gz
-fd305b859c868ef55171b05f64071a2836c12073bcd89d6197af4946a3d1177f77c6708d4d589d460c84967273dee87ca9de97ab0f0d47e6d65f86b465d7=
0316  upstream-fair-0.1.1.tar.gz
-2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e=
07e1  sysguard-2.2.0.tar.gz
-f8e46dafcf553edd35699dc2a47a54756e0a4c690fc13f81436ad9db1026739ba331ad99d3d05d8a7c089a5c067bf45f4aca3a98fdd9483b7b0123a837e6=
95be  anonymise.patch
-cae9f842c3d1188730d4355440476ad2338b19c027c4b329efe88d4487e90d96bf60dea6feb4be6a6f96d4b356fc154345e32c2bb643d70f68e428df2633=
0a49  ipv6.patch
-2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231=
ddce  sysguard.patch
-6c27d605536a31159b65776098926ede0b5045210b190e803681a10c06a10556283d873e772fd635642b18846549ec3a18989ca9fe6466f120ce9e1327dc=
acd5  nginx.initd
-01b77cff16f6e8bfd7fa1d4d20f625bbcddd08f0509173452d060c342c93dc315a7b0560f4734323a5d29ea294de0491f2e3f32e5337574e1a28ebc005ec=
eea8  nginx.logrotate"
diff --git a/testing/nginx-naxsi/anonymise.patch b/testing/nginx-naxsi=
/anonymise.patch
deleted file mode 100644
index 17bca99b51..0000000000
--- a/testing/nginx-naxsi/anonymise.patch
+++ /dev/null
@@ -1,76 +0,0 @@
---- nginx-1.6.1/src/http/ngx_http_header_filter_module.c
-+++ nginx-1.6.1/src/http/ngx_http_header_filter_module.c
-@@ -46,8 +46,8 @@
- };
-=20
-=20
--static char ngx_http_server_string[] =3D "Server: nginx" CRLF;
--static char ngx_http_server_full_string[] =3D "Server: " NGINX_=
VER CRLF;
-+static char ngx_http_server_string[] =3D "";
-+static char ngx_http_server_full_string[] =3D "";
-=20
-=20
- static ngx_str_t ngx_http_status_lines[] =3D {
-@@ -278,8 +278,8 @@
-     clcf =3D ngx_http_get_module_loc_conf(r, ngx_http_core_module);
-=20
-     if (r->headers_out.server =3D=3D NULL) {
--        len +=3D clcf->server_tokens ? sizeof(ngx_http_server_full_string) - 1:
--                                     sizeof(ngx_http_server_string) - 1;
-+        len +=3D clcf->server_tokens ? sizeof(ngx_http_server_full_string) - 0:
-+                                     sizeof(ngx_http_server_string) - 0;
-     }
-=20
-     if (r->headers_out.date =3D=3D NULL) {
---- nginx-1.6.1/src/http/ngx_http_special_response.c
-+++ nginx-1.6.1/src/http/ngx_http_special_response.c
-@@ -19,14 +19,14 @@
-=20
-=20
- static u_char ngx_http_error_full_tail[] =3D
--"<hr><center>" NGINX_VER "</center>"=
; CRLF
-+"<hr><center>127.0.0.1</center>" CRLF
- "</body>" CRLF
- "</html>" CRLF
- ;
-=20
-=20
- static u_char ngx_http_error_tail[] =3D
--"<hr><center>nginx</center>" CRLF
-+"<hr><center>localhost</center>" CRLF
- "</body>" CRLF
- "</html>" CRLF
- ;
---- nginx-1.9.12/src/http/v2/ngx_http_v2_filter_module.c
-+++ nginx-1.9.12/src/http/v2/ngx_http_v2_filter_module.c.new
-@@ -229,9 +229,9 @@
-=20
-     clcf =3D ngx_http_get_module_loc_conf(r, ngx_http_core_module);
-=20
--    if (r->headers_out.server =3D=3D NULL) {
-+/*  if (r->headers_out.server =3D=3D NULL) {
-         len +=3D 1 + (clcf->server_tokens ? nginx_ver_len : sizeof(ngi=
nx));
--    }
-+    } */
-=20
-     if (r->headers_out.date =3D=3D NULL) {
-         len +=3D 1 + ngx_http_v2_literal_size("Wed, 31 Dec 1986 18:0=
0:00 GMT");
-@@ -434,7 +434,7 @@
-         pos =3D ngx_sprintf(pos, "%03ui", r->headers_out.sta=
tus);
-     }
-=20
--    if (r->headers_out.server =3D=3D NULL) {
-+/*  if (r->headers_out.server =3D=3D NULL) {
-         ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0,
-                        "http2 output header: \"server: %s\"=
;",
-                        clcf->server_tokens ? NGINX_VER : "nginx&q=
uot;);
-@@ -453,7 +453,7 @@
-         } else {
-             pos =3D ngx_cpymem(pos, nginx, sizeof(nginx));
-         }
--    }
-+    } */
-=20
-     if (r->headers_out.date =3D=3D NULL) {
-         ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0,
-
diff --git a/testing/nginx-naxsi/default.conf b/testing/nginx-naxsi/de=
fault.conf
deleted file mode 100644
index 9ae25d8fca..0000000000
--- a/testing/nginx-naxsi/default.conf
+++ /dev/null
@@ -1,18 +0,0 @@
-# This is a default site configuration which will simply return 404, preve=
nting
-# chance access to any other virtualhost.
-
-server {
-	listen 80 default_server;
-	listen [::]:80 default_server;
-
-	# Everything is a 404
-	location / {
-		return 404;
-	}
-
-	# You may need this to prevent return 404 recursion.
-	location =3D /404.html {
-		internal;
-	}
-}
-
diff --git a/testing/nginx-naxsi/nginx-naxsi.pre-install b/testing/ngi=
nx-naxsi/nginx-naxsi.pre-install
deleted file mode 100644
index 8512f43dda..0000000000
--- a/testing/nginx-naxsi/nginx-naxsi.pre-install
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-
-addgroup -S -g 82 www-data 2>/dev/null
-addgroup -S nginx 2>/dev/null
-adduser -S -D -H -h /var/www/localhost/htdocs -s /sbin/nologin -G nginx \
-	-g nginx nginx 2>/dev/null
-addgroup nginx www-data 2>/dev/null
-
-exit 0
diff --git a/testing/nginx-naxsi/nginx-naxsi.pre-upgrade b/testing/ngi=
nx-naxsi/nginx-naxsi.pre-upgrade
deleted file mode 120000
index 364e0b943c..0000000000
--- a/testing/nginx-naxsi/nginx-naxsi.pre-upgrade
+++ /dev/null
@@ -1 +0,0 @@
-nginx-naxsi.pre-install
\ No newline at end of file
diff --git a/testing/nginx-naxsi/nginx.conf b/testing/nginx-naxsi/ngin=
x.conf
deleted file mode 100644
index c637b92e32..0000000000
--- a/testing/nginx-naxsi/nginx.conf
+++ /dev/null
@@ -1,92 +0,0 @@
-# /etc/nginx/nginx.conf
-
-user nginx;
-
-# Set number of worker processes automatically based on number of CPU core=
s.
-worker_processes auto;
-
-# Enables the use of JIT for regular expressions to speed-up their process=
ing.
-pcre_jit on;
-
-# Configures default error logger.
-error_log /var/log/nginx/error.log warn;
-
-# Includes files with directives to load dynamic modules.
-include /etc/nginx/modules/*.conf;
-
-
-events {
-	# The maximum number of simultaneous connections that can be opened by
-	# a worker process.
-	worker_connections 1024;
-}
-
-http {
-	# Includes mapping of file name extensions to MIME types of responses
-	# and defines the default type.
-	include /etc/nginx/mime.types;
-	default_type application/octet-stream;
-
-	# Name servers used to resolve names of upstream servers into addresses.
-	# It's also needed when using tcpsocket and udpsocket in Lua modules.
-	#resolver 208.67.222.222 208.67.220.220;
-
-	# Don't tell nginx version to clients.
-	server_tokens off;
-
-	# Specifies the maximum accepted body size of a client request, as
-	# indicated by the request header Content-Length. If the stated content
-	# length is greater than this size, then the client receives the HTTP
-	# error code 413. Set to 0 to disable.
-	client_max_body_size 1m;
-
-	# Timeout for keep-alive connections. Server will close connections after
-	# this time.
-	keepalive_timeout 65;
-
-	# Sendfile copies data between one FD and other from within the kernel,
-	# which is more efficient than read() + write().
-	sendfile on;
-
-	# Don't buffer data-sends (disable Nagle algorithm).
-	# Good for sending frequent small bursts of data in real time.
-	tcp_nodelay on;
-
-	# Causes nginx to attempt to send its HTTP response head in one packet,
-	# instead of using partial frames.
-	#tcp_nopush on;
-
-
-	# Path of the file with Diffie-Hellman parameters for EDH ciphers.
-	#ssl_dhparam /etc/ssl/nginx/dh2048.pem;
-
-	# Specifies that our cipher suits should be preferred over client ciphers=
.
-	ssl_prefer_server_ciphers on;
-
-	# Enables a shared SSL cache with size that can hold around 8000 sessions=
.
-	ssl_session_cache shared:SSL:2m;
-
-
-	# Enable gzipping of responses.
-	#gzip on;
-
-	# Set the Vary HTTP header as defined in the RFC 2616.
-	gzip_vary on;
-
-	# Enable checking the existence of precompressed files.
-	#gzip_static on;
-
-
-	# Specifies the main log format.
-	log_format main '$remote_addr - $remote_user [$time_local] "$req=
uest" '
-			'$status $body_bytes_sent "$http_referer" '
-			'"$http_user_agent" "$http_x_forwarded_for"'=
;;
-
-	# Sets the path, format, and configuration for a buffered log write.
-	access_log /var/log/nginx/access.log main;
-
-
-	# Includes virtual hosts configs.
-	include /etc/nginx/conf.d/*.conf;
-}
-
diff --git a/testing/nginx-naxsi/nginx.initd b/testing/nginx-naxsi/ngi=
nx.initd
deleted file mode 100644
index 9e51e7dfa3..0000000000
--- a/testing/nginx-naxsi/nginx.initd
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/sbin/openrc-run
-
-description=3D"Nginx http and reverse proxy server"
-extra_started_commands=3D"reload reopen upgrade"
-
-cfgfile=3D${cfgfile:-/etc/nginx/nginx.conf}
-pidfile=3D/run/nginx/nginx.pid
-command=3D/usr/sbin/nginx
-command_args=3D"-c $cfgfile"
-required_files=3D"$cfgfile"
-
-depend() {
-	need net
-	use dns logger netmount
-}
-
-start_pre() {
-	ebegin
-	checkpath --directory --owner nginx:nginx ${pidfile%/*}
-	$command $command_args -t -q
-	eend $?
-}
-
-reload() {
-	ebegin "Reloading ${SVCNAME} configuration"
-	start_pre && start-stop-daemon --signal HUP --pidfile $pidfile
-	eend $?
-}
-
-reopen() {
-	ebegin "Reopening ${SVCNAME} log files"
-	start-stop-daemon --signal USR1 --pidfile $pidfile
-	eend $?
-}
-
-upgrade() {
-	start_pre || return 1
-
-	ebegin "Upgrading ${SVCNAME} binary"
-
-	einfo "Sending USR2 to old binary"
-	start-stop-daemon --signal USR2 --pidfile $pidfile
-
-	einfo "Sleeping 3 seconds before pid-files checking"
-	sleep 3
-
-	if [ ! -f $pidfile.oldbin ]; then
-		eerror "File with old pid ($pidfile.oldbin) not found"
-		return 1
-	fi
-
-	if [ ! -f $pidfile ]; then
-		eerror "New binary failed to start"
-		return 1
-	fi
-
-	einfo "Sleeping 3 seconds before WINCH"
-	sleep 3 ; start-stop-daemon --signal 28 --pidfile $pidfile.oldbin
-
-	einfo "Sending QUIT to old binary"
-	start-stop-daemon --signal QUIT --pidfile $pidfile.oldbin
-
-	einfo "Upgrade completed"
-
-	eend $? "Upgrade failed"
-}
-
diff --git a/testing/nginx-naxsi/nginx.logrotate b/testing/nginx-naxsi=
/nginx.logrotate
deleted file mode 100644
index 7778b1108b..0000000000
--- a/testing/nginx-naxsi/nginx.logrotate
+++ /dev/null
@@ -1,12 +0,0 @@
-# Copyright 1999-2010 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-servers/nginx/files/nginx.logrotate,v 1.1 2010/01/03 20:29:40 djc Exp $
-
-/var/log/nginx/*.log {
-	missingok
-	sharedscripts
-	postrotate
-		kill -USR1 `cat /var/run/nginx.pid`
-	endscript
-}
-


--f403045e19c0f8f490054aec8bb3-- --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---